From 32bd9b83a309d24c0fbeddf17240acd65f2e3650 Mon Sep 17 00:00:00 2001 From: BlackDex Date: Thu, 16 Feb 2023 17:29:12 +0100 Subject: [PATCH 1/3] Fix Organization delete when groups are configured With existing groups configured within an org, deleting that org would fail because of Foreign Key issues. This PR fixes this by making sure the groups get deleted before the org does. Fixes #3247 --- src/db/models/group.rs | 7 +++++++ src/db/models/organization.rs | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/db/models/group.rs b/src/db/models/group.rs index 1d2e6062..6f267c10 100644 --- a/src/db/models/group.rs +++ b/src/db/models/group.rs @@ -151,6 +151,13 @@ impl Group { } } + pub async fn delete_all_by_organization(org_uuid: &str, conn: &mut DbConn) -> EmptyResult { + for group in Self::find_by_organization(org_uuid, conn).await { + group.delete(conn).await?; + } + Ok(()) + } + pub async fn find_by_organization(organizations_uuid: &str, conn: &mut DbConn) -> Vec { db_run! { conn: { groups::table diff --git a/src/db/models/organization.rs b/src/db/models/organization.rs index a6e4be21..34325b78 100644 --- a/src/db/models/organization.rs +++ b/src/db/models/organization.rs @@ -2,7 +2,7 @@ use num_traits::FromPrimitive; use serde_json::Value; use std::cmp::Ordering; -use super::{CollectionUser, GroupUser, OrgPolicy, OrgPolicyType, TwoFactor, User}; +use super::{CollectionUser, Group, GroupUser, OrgPolicy, OrgPolicyType, TwoFactor, User}; use crate::CONFIG; db_object! { @@ -267,6 +267,7 @@ impl Organization { Collection::delete_all_by_organization(&self.uuid, conn).await?; UserOrganization::delete_all_by_organization(&self.uuid, conn).await?; OrgPolicy::delete_all_by_organization(&self.uuid, conn).await?; + Group::delete_all_by_organization(&self.uuid, conn).await?; db_run! { conn: { diesel::delete(organizations::table.filter(organizations::uuid.eq(self.uuid))) From 5c859e2e6ceeb4cd54e5e55841dd36576f526cd1 Mon Sep 17 00:00:00 2001 From: r3drun3 Date: Wed, 15 Feb 2023 10:15:42 +0100 Subject: [PATCH 2/3] docs: add build status badge in readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1201ab2b..2bec51ee 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ 📢 Note: This project was known as Bitwarden_RS and has been renamed to separate itself from the official Bitwarden server in the hopes of avoiding confusion and trademark/branding issues. Please see [#1642](https://github.com/dani-garcia/vaultwarden/discussions/1642) for more explanation. --- - +[![Build](https://github.com/dani-garcia/vaultwarden/actions/workflows/build.yml/badge.svg)](https://github.com/dani-garcia/vaultwarden/actions/workflows/build.yml) [![Docker Pulls](https://img.shields.io/docker/pulls/vaultwarden/server.svg)](https://hub.docker.com/r/vaultwarden/server) [![Dependency Status](https://deps.rs/repo/github/dani-garcia/vaultwarden/status.svg)](https://deps.rs/repo/github/dani-garcia/vaultwarden) [![GitHub Release](https://img.shields.io/github/release/dani-garcia/vaultwarden.svg)](https://github.com/dani-garcia/vaultwarden/releases/latest) From f95f40be15e35b90ef2b8685d12bccc3732d649f Mon Sep 17 00:00:00 2001 From: BlackDex Date: Thu, 16 Feb 2023 16:29:24 +0100 Subject: [PATCH 3/3] Validate all needed fields for client API login During the client API login we need to have a `device_identifier`, `device_name` and `device_type`. When these were not provided Vaultwarden would panic. This PR add checks for these fields and makes sure it returns a better error message instead of causing a panic. --- src/api/identity.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/api/identity.rs b/src/api/identity.rs index 039e61d5..bb575cca 100644 --- a/src/api/identity.rs +++ b/src/api/identity.rs @@ -52,6 +52,10 @@ async fn login(data: Form, client_header: ClientHeaders, mut conn: _check_is_some(&data.client_secret, "client_secret cannot be blank")?; _check_is_some(&data.scope, "scope cannot be blank")?; + _check_is_some(&data.device_identifier, "device_identifier cannot be blank")?; + _check_is_some(&data.device_name, "device_name cannot be blank")?; + _check_is_some(&data.device_type, "device_type cannot be blank")?; + _api_key_login(data, &mut user_uuid, &mut conn, &ip).await } t => err!("Invalid type", t),