Validate note sizes on key-rotation.

We also need to validate the note sizes on key-rotation. If we do not validate them before we store them, that could lead to a partial or total loss of the password vault. Validating these restrictions before actually processing them to store/replace the existing ciphers should prevent this. There was also a small bug when using web-sockets. The client which is triggering the password/key-rotation change should not be forced to logout via a web-socket request. That is something the client will handle it self. Refactored the logout notification to either send the device uuid or not on specific actions. Fixes #3152
2025-06-12 05:07:40 +02:00 · 2023-01-20 15:43:45 +01:00
parent 9b7e86efc2
commit 34ac16e9d7
3 changed files with 30 additions and 8 deletions
--- a/src/api/notifications.rs
+++ b/src/api/notifications.rs
@ -170,6 +170,16 @@ impl WebSocketUsers {
        self.send_update(&user.uuid, &data).await;
    }

+    pub async fn send_logout(&self, user: &User, acting_device_uuid: Option<String>) {
+        let data = create_update(
+            vec![("UserId".into(), user.uuid.clone().into()), ("Date".into(), serialize_date(user.updated_at))],
+            UpdateType::LogOut,
+            acting_device_uuid,
+        );
+
+        self.send_update(&user.uuid, &data).await;
+    }
+
    pub async fn send_folder_update(&self, ut: UpdateType, folder: &Folder, acting_device_uuid: &String) {
        let data = create_update(
            vec![