mirrored/vaultwarden
1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-10-23 01:44:51 +02:00
Code Issues Releases Aktivität

Fix iOS sync by converting field types to int (#5081)

Quellcode durchsuchen 
It seems the iOS clients are not able to handle the `type` key within the `fields` array when they are of the type string.
All other clients seem to handle this just fine though.

This PR fixes this by validating it is a number, if this is not the case, try to convert the string to a number, or return the default of `1`.
`1` is used as this is the type `hidden` and should prevent accidental data disclosure.

Fixes #5069

Possibly Fixes #5016
Possibly Fixes #5002

Signed-off-by: BlackDex <black.dex@gmail.com>
Dieser Commit ist enthalten in:
Mathijs van Veluw 2024-10-13 20:25:09 +02:00 committet von GitHub
Ursprung cd195ff243
Commit 49c5dec9b6
Es konnte kein GPG-Schlüssel zu dieser Signatur gefunden werden
GPG-Schlüssel-ID: B5690EEEBB952194
1 geänderte Dateien mit 22 neuen und 2 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Diff-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

24
src/db/models/cipher.rs
Datei anzeigen

@ -176,7 +176,27 @@ impl Cipher {
.inspect_err(|e| warn!("Error parsing fields {e:?} for {}", self.uuid)) .inspect_err(|e| warn!("Error parsing fields {e:?} for {}", self.uuid))
.ok() .ok()
}) })
.map(|d| d.into_iter().map(|d| d.data).collect()) .map(|d| {
d.into_iter()
.map(|mut f| {
// Check if the `type` key is a number, strings break some clients
// The fallback type is the hidden type `1`. this should prevent accidental data disclosure
// If not try to convert the string value to a number and fallback to `1`
// If it is both not a number and not a string, fallback to `1`
match f.data.get("type") {
Some(t) if t.is_number() => {}
Some(t) if t.is_string() => {
let type_num = &t.as_str().unwrap_or("0").parse::<u8>().unwrap_or(1);
f.data["type"] = json!(type_num);
}
_ => {
f.data["type"] = json!(1);
}
}
f.data
})
.collect()
})
.unwrap_or_default(); .unwrap_or_default();
let password_history_json: Vec<_> = self let password_history_json: Vec<_> = self
@ -244,7 +264,7 @@ impl Cipher {
// NOTE: This was marked as *Backwards Compatibility Code*, but as of January 2021 this is still being used by upstream // NOTE: This was marked as *Backwards Compatibility Code*, but as of January 2021 this is still being used by upstream
// data_json should always contain the following keys with every atype // data_json should always contain the following keys with every atype
data_json["fields"] = Value::Array(fields_json.clone()); data_json["fields"] = json!([fields_json]);
data_json["name"] = json!(self.name); data_json["name"] = json!(self.name);
data_json["notes"] = json!(self.notes); data_json["notes"] = json!(self.notes);
data_json["passwordHistory"] = Value::Array(password_history_json.clone()); data_json["passwordHistory"] = Value::Array(password_history_json.clone());