Merge pull request #323 from njfox/invite_accepted_email

Send email notifications when invitations are accepted/confirmed

src/api/admin.rs

@@ -4,6 +4,7 @@ use serde_json::Value;
 use crate::api::{JsonResult, JsonUpcase};
 use crate::CONFIG;
 
+use crate::mail;
 use crate::db::models::*;
 use crate::db::DbConn;
 
@@ -31,7 +32,7 @@ fn get_users(_token: AdminToken, conn: DbConn) -> JsonResult {
 #[post("/invite", data = "<data>")]
 fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -> JsonResult {
     let data: InviteData = data.into_inner().data;
-
+    let email = data.Email.clone();
     if User::find_by_mail(&data.Email, &conn).is_some() {
         err!("User already exists")
     }
@@ -43,7 +44,12 @@ fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -
     let mut invitation = Invitation::new(data.Email);
     invitation.save(&conn)?;
 
-    // TODO: Might want to send an email?
+    if let Some(ref mail_config) = CONFIG.mail {
+        let mut user = User::new(email);
+        user.save(&conn)?;
+        let org_name = "bitwarden_rs";
+        mail::send_invite(&user.email, &user.uuid, None, None, &org_name, None, mail_config)?;
+    }
 
     Ok(Json(json!({})))
 }

src/api/core/organizations.rs

@@ -7,14 +7,12 @@ use crate::db::DbConn;
 use crate::CONFIG;
 
 use crate::api::{EmptyResult, JsonResult, JsonUpcase, Notify, NumberOrString, PasswordData, UpdateType};
-use crate::auth::{decode_invite_jwt, encode_jwt, AdminHeaders, Headers, InviteJWTClaims, OwnerHeaders, JWT_ISSUER};
+use crate::auth::{decode_invite_jwt, AdminHeaders, Headers, InviteJWTClaims, OwnerHeaders};
 
 use crate::mail;
 
 use serde::{Deserialize, Deserializer};
 
-use chrono::{Duration, Utc};
-
 use rocket::Route;
 
 pub fn routes() -> Vec<Route> {
@@ -508,14 +506,16 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
                 Some(org) => org.name,
                 None => err!("Error looking up organization"),
             };
-            let claims = generate_invite_claims(
-                user.uuid.to_string(),
-                user.email.clone(),
-                org_id.clone(),
-                Some(new_user.uuid.clone()),
-            );
-            let invite_token = encode_jwt(&claims);
-            mail::send_invite(&email, &org_id, &new_user.uuid, &invite_token, &org_name, mail_config)?;
+            
+            mail::send_invite(
+                &email, 
+                &user.uuid, 
+                Some(org_id.clone()), 
+                Some(new_user.uuid), 
+                &org_name, 
+                Some(headers.user.email.clone()), 
+                mail_config
+                )?;
         }
     }
 
@@ -523,7 +523,7 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
 }
 
 #[post("/organizations/<org_id>/users/<user_org>/reinvite")]
-fn reinvite_user(org_id: String, user_org: String, _headers: AdminHeaders, conn: DbConn) -> EmptyResult {
+fn reinvite_user(org_id: String, user_org: String, headers: AdminHeaders, conn: DbConn) -> EmptyResult {
     if !CONFIG.invitations_allowed {
         err!("Invitations are not allowed.")
     }
@@ -551,21 +551,15 @@ fn reinvite_user(org_id: String, user_org: String, _headers: AdminHeaders, conn:
         None => err!("Error looking up organization."),
     };
 
-    let claims = generate_invite_claims(
-        user.uuid.to_string(),
-        user.email.clone(),
-        org_id.clone(),
-        Some(user_org.uuid.clone()),
-    );
-    let invite_token = encode_jwt(&claims);
     if let Some(ref mail_config) = CONFIG.mail {
         mail::send_invite(
-            &user.email,
-            &org_id,
-            &user_org.uuid,
-            &invite_token,
-            &org_name,
-            mail_config,
+        &user.email,
+        &user.uuid,
+        Some(org_id),
+        Some(user_org.uuid),
+        &org_name,
+        Some(headers.user.email),
+        mail_config,
         )?;
     }
 
@@ -578,19 +572,6 @@ struct AcceptData {
     Token: String,
 }
 
-fn generate_invite_claims(uuid: String, email: String, org_id: String, org_user_id: Option<String>) -> InviteJWTClaims {
-    let time_now = Utc::now().naive_utc();
-    InviteJWTClaims {
-        nbf: time_now.timestamp(),
-        exp: (time_now + Duration::days(5)).timestamp(),
-        iss: JWT_ISSUER.to_string(),
-        sub: uuid.clone(),
-        email: email.clone(),
-        org_id: org_id.clone(),
-        user_org_id: org_user_id.clone(),
-    }
-}
-
 #[post("/organizations/<_org_id>/users/<_org_user_id>/accept", data = "<data>")]
 fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptData>, conn: DbConn) -> EmptyResult {
     // The web-vault passes org_id and org_user_id in the URL, but we are just reading them from the JWT instead
@@ -601,10 +582,10 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptD
     match User::find_by_mail(&claims.email, &conn) {
         Some(_) => {
             Invitation::take(&claims.email, &conn);
-            if claims.user_org_id.is_some() {
+            if claims.user_org_id.is_some() && claims.org_id.is_some() {
                 // If this isn't the virtual_org, mark userorg as accepted
                 let mut user_org =
-                    match UserOrganization::find_by_uuid_and_org(&claims.user_org_id.unwrap(), &claims.org_id, &conn) {
+                    match UserOrganization::find_by_uuid_and_org(&claims.user_org_id.unwrap(), &claims.org_id.clone().unwrap(), &conn) {
                         Some(user_org) => user_org,
                         None => err!("Error accepting the invitation"),
                     };
@@ -617,6 +598,23 @@ fn accept_invite(_org_id: String, _org_user_id: String, data: JsonUpcase<AcceptD
         None => err!("Invited user not found"),
     }
 
+    if let Some(ref mail_config) = CONFIG.mail {
+        let mut org_name = String::from("bitwarden_rs");
+        if let Some(org_id) = &claims.org_id {
+            org_name = match Organization::find_by_uuid(&org_id, &conn) {
+                Some(org) => org.name,
+                None => err!("Organization not found.")
+            };
+        };
+        if let Some(invited_by_email) = &claims.invited_by_email {
+            // User was invited to an organization, so they must be confirmed manually after acceptance
+            mail::send_invite_accepted(&claims.email, invited_by_email, &org_name, mail_config)?;
+        } else {
+            // User was invited from /admin, so they are automatically confirmed
+            mail::send_invite_confirmed(&claims.email, &org_name, mail_config)?;
+        }
+    }
+
     Ok(())
 }
 
@@ -649,6 +647,18 @@ fn confirm_invite(
         None => err!("Invalid key provided"),
     };
 
+    if let Some(ref mail_config) = CONFIG.mail {
+        let org_name = match Organization::find_by_uuid(&org_id, &conn) {
+            Some(org) => org.name,
+            None => err!("Error looking up organization."),
+        };
+        let address = match User::find_by_uuid(&user_to_confirm.user_uuid, &conn) {
+            Some(user) => user.email,
+            None => err!("Error looking up user."),
+        };
+        mail::send_invite_confirmed(&address, &org_name, mail_config)?;
+    }
+
     user_to_confirm.save(&conn)
 }
 

src/auth.rs

@@ -2,7 +2,7 @@
 // JWT Handling
 //
 use crate::util::read_file;
-use chrono::Duration;
+use chrono::{Duration, Utc};
 
 use jsonwebtoken::{self, Algorithm, Header};
 use serde::ser::Serialize;
@@ -116,8 +116,28 @@ pub struct InviteJWTClaims {
     pub sub: String,
 
     pub email: String,
-    pub org_id: String,
+    pub org_id: Option<String>,
     pub user_org_id: Option<String>,
+    pub invited_by_email: Option<String>,
+}
+
+pub fn generate_invite_claims(uuid: String, 
+                          email: String, 
+                          org_id: Option<String>, 
+                          org_user_id: Option<String>, 
+                          invited_by_email: Option<String>,
+) -> InviteJWTClaims {
+    let time_now = Utc::now().naive_utc();
+    InviteJWTClaims {
+        nbf: time_now.timestamp(),
+        exp: (time_now + Duration::days(5)).timestamp(),
+        iss: JWT_ISSUER.to_string(),
+        sub: uuid.clone(),
+        email: email.clone(),
+        org_id: org_id.clone(),
+        user_org_id: org_user_id.clone(),
+        invited_by_email: invited_by_email.clone(),
+    }
 }
 
 //

src/mail.rs

@@ -6,7 +6,7 @@ use native_tls::{Protocol, TlsConnector};
 
 use crate::MailConfig;
 use crate::CONFIG;
-
+use crate::auth::{generate_invite_claims, encode_jwt};
 use crate::api::EmptyResult;
 use crate::error::Error;
 
@@ -53,28 +53,26 @@ pub fn send_password_hint(address: &str, hint: Option<String>, config: &MailConf
         )
     };
 
-    let email = EmailBuilder::new()
-        .to(address)
-        .from((config.smtp_from.clone(), "Bitwarden-rs"))
-        .subject(subject)
-        .body(body)
-        .build()
-        .map_err(|e| Error::new("Error building hint email", e.to_string()))?;
-
-    mailer(config)
-        .send(email.into())
-        .map_err(|e| Error::new("Error sending hint email", e.to_string()))
-        .and(Ok(()))
+    send_email(&address, &subject, &body, &config)
 }
 
 pub fn send_invite(
     address: &str,
-    org_id: &str,
-    org_user_id: &str,
-    token: &str,
+    uuid: &str,
+    org_id: Option<String>,
+    org_user_id: Option<String>,
     org_name: &str,
+    invited_by_email: Option<String>,
     config: &MailConfig,
 ) -> EmptyResult {
+    let claims = generate_invite_claims(
+                uuid.to_string(),
+                String::from(address),
+                org_id.clone(),
+                org_user_id.clone(),
+                invited_by_email.clone(),
+            );
+    let invite_token = encode_jwt(&claims);
     let (subject, body) = {
         (format!("Join {}", &org_name),
         format!(
@@ -83,21 +81,58 @@ pub fn send_invite(
              <a href=\"{}/#/accept-organization/?organizationId={}&organizationUserId={}&email={}&organizationName={}&token={}\">Click here to join</a></p>
              <p>If you do not wish to join this organization, you can safely ignore this email.</p>
              </html>",
-            org_name, CONFIG.domain, org_id, org_user_id, address, org_name, token
+            org_name, CONFIG.domain, org_id.unwrap_or("_".to_string()), org_user_id.unwrap_or("_".to_string()), address, org_name, invite_token
         ))
     };
 
+    send_email(&address, &subject, &body, &config)
+}
+
+pub fn send_invite_accepted(
+    new_user_email: &str,
+    address: &str,
+    org_name: &str,
+    config: &MailConfig,
+) -> EmptyResult {
+    let (subject, body) = {
+        ("Invitation accepted",
+        format!(
+            "<html>
+             <p>Your invitation for <b>{}</b> to join <b>{}</b> was accepted. Please <a href=\"{}\">log in</a> to the bitwarden_rs server and confirm them from the organization management page.</p>
+             </html>", new_user_email, org_name, CONFIG.domain))
+    };
+
+    send_email(&address, &subject, &body, &config)
+}
+
+pub fn send_invite_confirmed(
+    address: &str,
+    org_name: &str,
+    config: &MailConfig,
+) -> EmptyResult {
+    let (subject, body) = {
+        (format!("Invitation to {} confirmed", org_name),
+        format!(
+            "<html>
+             <p>Your invitation to join <b>{}</b> was confirmed. It will now appear under the Organizations the next time you <a href=\"{}\">log in</a> to the web vault.</p>
+             </html>", org_name, CONFIG.domain))
+    };
+
+    send_email(&address, &subject, &body, &config)
+}
+
+fn send_email(address: &str, subject: &str, body: &str, config: &MailConfig) -> EmptyResult {
     let email = EmailBuilder::new()
-        .to(address)
-        .from((config.smtp_from.clone(), "Bitwarden-rs"))
-        .subject(subject)
-        .header(("Content-Type", "text/html"))
-        .body(body)
-        .build()
-        .map_err(|e| Error::new("Error building invite email", e.to_string()))?;
+    .to(address)
+    .from((config.smtp_from.clone(), "Bitwarden-rs"))
+    .subject(subject)
+    .header(("Content-Type", "text/html"))
+    .body(body)
+    .build()
+    .map_err(|e| Error::new("Error building email", e.to_string()))?;
 
     mailer(config)
         .send(email.into())
-        .map_err(|e| Error::new("Error sending invite email", e.to_string()))
+        .map_err(|e| Error::new("Error sending email", e.to_string()))
         .and(Ok(()))
-}
+}