mirrored/vaultwarden
1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-22 05:10:29 +01:00
Code Issues Releases Aktivität

Apply rewording

Quellcode durchsuchen
Dieser Commit ist enthalten in:
Nils Mittler 2023-02-20 17:02:14 +01:00 committet von Daniel García
Ursprung 6fa1dc50be
Commit 0f656b4889
Es konnte kein GPG-Schlüssel zu dieser Signatur gefunden werden
GPG-Schlüssel-ID: FC8A7D14C3CD543A
4 geänderte Dateien mit 6 neuen und 6 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Diff-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

4
.env.template
Datei anzeigen

@ -335,8 +335,8 @@
## Allow a burst of requests of up to this size, while maintaining the average indicated by `ADMIN_RATELIMIT_SECONDS`. ## Allow a burst of requests of up to this size, while maintaining the average indicated by `ADMIN_RATELIMIT_SECONDS`.
# ADMIN_RATELIMIT_MAX_BURST=3 # ADMIN_RATELIMIT_MAX_BURST=3
## Set the lifetime of the cookie that is used to authorize admin requests to this value (in minutes). ## Set the lifetime of admin sessions to this value (in minutes).
# ADMIN_COOKIE_LIFETIME=20 # ADMIN_SESSION_LIFETIME=20
## Yubico (Yubikey) Settings ## Yubico (Yubikey) Settings
## Set your Client ID and Secret Key for Yubikey OTP ## Set your Client ID and Secret Key for Yubikey OTP

2
src/api/admin.rs
Datei anzeigen

@ -184,7 +184,7 @@ fn post_admin_login(data: Form<LoginForm>, cookies: &CookieJar<'_>, ip: ClientIp
let cookie = Cookie::build(COOKIE_NAME, jwt) let cookie = Cookie::build(COOKIE_NAME, jwt)
.path(admin_path()) .path(admin_path())
.max_age(rocket::time::Duration::minutes(CONFIG.admin_cookie_lifetime())) .max_age(rocket::time::Duration::minutes(CONFIG.admin_session_lifetime()))
.same_site(SameSite::Strict) .same_site(SameSite::Strict)
.http_only(true) .http_only(true)
.finish(); .finish();

2
src/auth.rs
Datei anzeigen

@ -241,7 +241,7 @@ pub fn generate_admin_claims() -> BasicJwtClaims {
let time_now = Utc::now().naive_utc(); let time_now = Utc::now().naive_utc();
BasicJwtClaims { BasicJwtClaims {
nbf: time_now.timestamp(), nbf: time_now.timestamp(),
exp: (time_now + Duration::minutes(CONFIG.admin_cookie_lifetime())).timestamp(), exp: (time_now + Duration::minutes(CONFIG.admin_session_lifetime())).timestamp(),
iss: JWT_ADMIN_ISSUER.to_string(), iss: JWT_ADMIN_ISSUER.to_string(),
sub: "admin_panel".to_string(), sub: "admin_panel".to_string(),
} }

4
src/config.rs
Datei anzeigen

@ -581,8 +581,8 @@ make_config! {
/// Max burst size for admin login requests |> Allow a burst of requests of up to this size, while maintaining the average indicated by `admin_ratelimit_seconds` /// Max burst size for admin login requests |> Allow a burst of requests of up to this size, while maintaining the average indicated by `admin_ratelimit_seconds`
admin_ratelimit_max_burst: u32, false, def, 3; admin_ratelimit_max_burst: u32, false, def, 3;
/// Admin cookie lifetime |> Set the lifetime of the cookie that is used to authorize admin requests to this value (in minutes). /// Admin session lifetime |> Set the lifetime of admin sessions to this value (in minutes).
admin_cookie_lifetime: i64, true, def, 20; admin_session_lifetime: i64, true, def, 20;
/// Enable groups (BETA!) (Know the risks!) |> Enables groups support for organizations (Currently contains known issues!). /// Enable groups (BETA!) (Know the risks!) |> Enables groups support for organizations (Currently contains known issues!).
org_groups_enabled: bool, false, def, false; org_groups_enabled: bool, false, def, false;