Hide user name on invite status (#5110)

A possible user disclosure when you invite an user into an organization which already has an account on the same instance. This was because we always returned the user's name. To prevent this, this PR only returns the user's name if the status is accepted or higher, else we will return null. This is the same as Bitwarden does. Resolves a reported issue. Also resolved a new `nightly` reported clippy regarding a regex within a loop.
2025-06-16 08:45:14 +00:00 · 2024-10-19 18:22:21 +02:00
parent c967d0ddc1
commit 13f4b66e62
2 changed files with 10 additions and 2 deletions
--- a/src/main.rs
+++ b/src/main.rs
@ -516,10 +516,10 @@ async fn container_data_folder_is_persistent(data_folder: &str) -> bool {
            format!(" /{data_folder} ")
        };
        let mut lines = BufReader::new(mountinfo).lines();
+        let re = regex::Regex::new(r"/volumes/[a-z0-9]{64}/_data /").unwrap();
        while let Some(line) = lines.next_line().await.unwrap_or_default() {
            // Only execute a regex check if we find the base match
            if line.contains(&data_folder_match) {
-                let re = regex::Regex::new(r"/volumes/[a-z0-9]{64}/_data /").unwrap();
                if re.is_match(&line) {
                    return false;
                }