[PR #173] [MERGED] Implement poor man's invitation via Organization invitation #2651

New issue

Closed

opened 2026-03-03 02:20:12 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 02:20:12 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/173
Author: @mprasil
Created: 9/10/2018
Status: ✅ Merged
Merged: 9/11/2018
Merged by: @dani-garcia

Base: master ← Head: poormans_invites

📝 Commits (2)

ec05f14 Implement poor man's invitation via Organization invitation
c1cd4d9 Modify User::new to be keyless and paswordless

📊 Changes

10 files changed (+155 additions, -39 deletions)

View changed files

📝 README.md (+16 -1)
➕ migrations/2018-09-10-111213_add_invites/down.sql (+1 -0)
➕ migrations/2018-09-10-111213_add_invites/up.sql (+3 -0)
📝 src/api/core/accounts.rs (+26 -7)
📝 src/api/core/organizations.rs (+44 -24)
📝 src/db/models/mod.rs (+1 -1)
📝 src/db/models/organization.rs (+8 -1)
📝 src/db/models/user.rs (+48 -5)
📝 src/db/schema.rs (+6 -0)
📝 src/main.rs (+2 -0)

📄 Description

This should allow invitation-only registration via Organization invitations. The way it works follows the suggested approach outlined in #40. When Admin/Owner invites user with an email that is not found, a new record in invitations table is created. At the same time an User is created with random password and key generated just as a "placeholder".

When user tries to register, they will be allowed to do so even if SIGNUPS_ALLOWED is set to false if their email is in the invitations table.

This should also allow user to register without the placeholder User already being present, which would accommodate some external integration like the one suggested by @ViViDboarder. But we'd have to document that kind of usage.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/173 **Author:** [@mprasil](https://github.com/mprasil) **Created:** 9/10/2018 **Status:** ✅ Merged **Merged:** 9/11/2018 **Merged by:** [@dani-garcia](https://github.com/dani-garcia) **Base:** `master` ← **Head:** `poormans_invites` --- ### 📝 Commits (2) - [`ec05f14`](https://github.com/dani-garcia/vaultwarden/commit/ec05f14f5a6bfb598252744a27332dea3fae5944) Implement poor man's invitation via Organization invitation - [`c1cd4d9`](https://github.com/dani-garcia/vaultwarden/commit/c1cd4d9a6bfd1e588852e3ec48288efcbc77c71c) Modify User::new to be keyless and paswordless ### 📊 Changes **10 files changed** (+155 additions, -39 deletions) <details> <summary>View changed files</summary> 📝 `README.md` (+16 -1) ➕ `migrations/2018-09-10-111213_add_invites/down.sql` (+1 -0) ➕ `migrations/2018-09-10-111213_add_invites/up.sql` (+3 -0) 📝 `src/api/core/accounts.rs` (+26 -7) 📝 `src/api/core/organizations.rs` (+44 -24) 📝 `src/db/models/mod.rs` (+1 -1) 📝 `src/db/models/organization.rs` (+8 -1) 📝 `src/db/models/user.rs` (+48 -5) 📝 `src/db/schema.rs` (+6 -0) 📝 `src/main.rs` (+2 -0) </details> ### 📄 Description This should allow invitation-only registration via Organization invitations. The way it works follows the suggested approach [outlined](https://github.com/dani-garcia/bitwarden_rs/issues/40#issue-331759674) in #40. When Admin/Owner invites user with an email that is not found, a new record in `invitations` table is created. At the same time an `User` is created with random password and key generated just as a "placeholder". When user tries to register, they will be allowed to do so even if SIGNUPS_ALLOWED is set to false if their email is in the invitations table. This should also allow user to register without the placeholder `User` already being present, which would accommodate some external integration like the one [suggested](https://github.com/dani-garcia/bitwarden_rs/issues/40#issuecomment-405399443) by @ViViDboarder. But we'd have to document that kind of usage. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>