nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-07 05:58:13 -05:00
Code

email checks should not be case sensitive

Browse Source
This commit is contained in:
Kyle Spearrin 2017-05-10 13:36:11 -04:00
parent 08943ed305
commit f632a7650e
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/Core/Services/Implementations/OrganizationService.cs
View File

@ -712,7 +712,7 @@ namespace Bit.Core.Services
{ {
OrganizationId = organizationId, OrganizationId = organizationId,
UserId = null, UserId = null,
Email = email, Email = email.ToLowerInvariant(),
Key = null, Key = null,
Type = type, Type = type,
Status = OrganizationUserStatusType.Invited, Status = OrganizationUserStatusType.Invited,
@ -755,7 +755,7 @@ namespace Bit.Core.Services
public async Task<OrganizationUser> AcceptUserAsync(Guid organizationUserId, User user, string token) public async Task<OrganizationUser> AcceptUserAsync(Guid organizationUserId, User user, string token)
{ {
var orgUser = await _organizationUserRepository.GetByIdAsync(organizationUserId); var orgUser = await _organizationUserRepository.GetByIdAsync(organizationUserId);
if(orgUser == null || orgUser.Email != user.Email) if(orgUser == null || !orgUser.Email.Equals(user.Email, StringComparison.InvariantCultureIgnoreCase))
{ {
throw new BadRequestException("User invalid."); throw new BadRequestException("User invalid.");
} }
@ -776,8 +776,10 @@ namespace Bit.Core.Services
{ {
var unprotectedData = _dataProtector.Unprotect(token); var unprotectedData = _dataProtector.Unprotect(token);
var dataParts = unprotectedData.Split(' '); var dataParts = unprotectedData.Split(' ');
if(dataParts.Length == 4 && dataParts[0] == "OrganizationUserInvite" && if(dataParts.Length == 4 &&
new Guid(dataParts[1]) == orgUser.Id && dataParts[2] == user.Email) dataParts[0] == "OrganizationUserInvite" &&
new Guid(dataParts[1]) == orgUser.Id &&
dataParts[2].Equals(user.Email, StringComparison.InvariantCultureIgnoreCase))
{ {
var creationTime = CoreHelpers.FromEpocMilliseconds(Convert.ToInt64(dataParts[3])); var creationTime = CoreHelpers.FromEpocMilliseconds(Convert.ToInt64(dataParts[3]));
tokenValidationFailed = creationTime.AddDays(5) < DateTime.UtcNow; tokenValidationFailed = creationTime.AddDays(5) < DateTime.UtcNow;