[PR #957] [MERGED] Domain whitelist cleanup and fixes #3583

New Issue

OVERLORD · 2025-10-09T18:26:07+03:00

OVERLORD commented

2025-10-09 18:26:07 +03:00

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/957
Author: @jjlin
Created: 4/9/2020
Status: ✅ Merged
Merged: 4/18/2020
Merged by: @dani-garcia

Base: master ← Head: domain-whitelist

📝 Commits (3)

c2a324e Clean up domain whitelist logic
e4d0883 Make org owner invitations respect the email domain whitelist
86685c1 Ensure email domain comparison is case-insensitive

📊 Changes

3 files changed (+40 additions, -15 deletions)

View changed files

📝 src/api/core/accounts.rs (+7 -4)
📝 src/api/core/organizations.rs (+6 -2)
📝 src/config.rs (+27 -9)

📄 Description

Make SIGNUPS_DOMAINS_WHITELIST override the SIGNUPS_ALLOWED setting.
Otherwise, a common pitfall is to set SIGNUPS_DOMAINS_WHITELIST without
realizing that SIGNUPS_ALLOWED=false must also be set.
Whitespace is now accepted in SIGNUPS_DOMAINS_WHITELIST. That is,
foo.com, bar.com is now equivalent to foo.com,bar.com.
Add validation on SIGNUPS_DOMAINS_WHITELIST. For example, foo.com,
is rejected as containing an empty token.
Make org owner invitations respect the email domain whitelist.
This closes a loophole where org owners can invite new users from any domain.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/957 **Author:** [@jjlin](https://github.com/jjlin) **Created:** 4/9/2020 **Status:** ✅ Merged **Merged:** 4/18/2020 **Merged by:** [@dani-garcia](https://github.com/dani-garcia) **Base:** `master` ← **Head:** `domain-whitelist` --- ### 📝 Commits (3) - [`c2a324e`](https://github.com/dani-garcia/vaultwarden/commit/c2a324e5da24bf2b59b5ccb745335783b4ea633f) Clean up domain whitelist logic - [`e4d0883`](https://github.com/dani-garcia/vaultwarden/commit/e4d08836e2ccc8bd4f1b926f306aa881f26a33d8) Make org owner invitations respect the email domain whitelist - [`86685c1`](https://github.com/dani-garcia/vaultwarden/commit/86685c1cd2f8d1d8771bcd97d5dd5aa3c3efd4b9) Ensure email domain comparison is case-insensitive ### 📊 Changes **3 files changed** (+40 additions, -15 deletions) <details> <summary>View changed files</summary> 📝 `src/api/core/accounts.rs` (+7 -4) 📝 `src/api/core/organizations.rs` (+6 -2) 📝 `src/config.rs` (+27 -9) </details> ### 📄 Description * Make `SIGNUPS_DOMAINS_WHITELIST` override the `SIGNUPS_ALLOWED` setting. Otherwise, a common pitfall is to set `SIGNUPS_DOMAINS_WHITELIST` without realizing that `SIGNUPS_ALLOWED=false` must also be set. * Whitespace is now accepted in `SIGNUPS_DOMAINS_WHITELIST`. That is, `foo.com, bar.com` is now equivalent to `foo.com,bar.com`. * Add validation on `SIGNUPS_DOMAINS_WHITELIST`. For example, `foo.com,` is rejected as containing an empty token. * Make org owner invitations respect the email domain whitelist. This closes a loophole where org owners can invite new users from any domain. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

OVERLORD added the pull-request label 2025-10-09 18:26:07 +03:00

OVERLORD closed this issue

2025-10-09 18:26:09 +03:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#3583