mirrored/vaultwarden
1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2025-03-12 16:47:03 +01:00
Code Issues Releases Aktivität

Merge remote-tracking branch 'dani/main' into sso-support

Quellcode durchsuchen
Dieser Commit ist enthalten in:
Timshel 2025-01-30 21:07:18 +01:00
Commit 59bfc13d8c
5 geänderte Dateien mit 32 neuen und 28 gelöschten Zeilen

13
src/api/core/organizations.rs
Datei anzeigen

@ -499,7 +499,7 @@ async fn post_organization_collections(
CollectionUser::save(&headers.membership.user_uuid, &collection.uuid, false, false, false, &mut conn).await?; CollectionUser::save(&headers.membership.user_uuid, &collection.uuid, false, false, false, &mut conn).await?;
} }
Ok(Json(collection.to_json())) Ok(Json(collection.to_json_details(&headers.membership.user_uuid, None, &mut conn).await))
} }
#[put("/organizations/<org_id>/collections/<col_id>", data = "<data>")] #[put("/organizations/<org_id>/collections/<col_id>", data = "<data>")]
@ -736,15 +736,16 @@ async fn get_org_collection_detail(
.map(|m| (m.uuid, m.atype)) .map(|m| (m.uuid, m.atype))
.collect(); .collect();
let users: Vec<Value> = let users: Vec<Value> = CollectionUser::find_by_org_and_coll_swap_user_uuid_with_member_uuid(
CollectionUser::find_by_collection_swap_user_uuid_with_member_uuid(&collection.uuid, &mut conn) &org_id,
&collection.uuid,
&mut conn,
)
.await .await
.iter() .iter()
.map(|collection_member| { .map(|collection_member| {
collection_member.to_json_details_for_member( collection_member.to_json_details_for_member(
*membership_type *membership_type.get(&collection_member.membership_uuid).unwrap_or(&(MembershipType::User as i32)),
.get(&collection_member.membership_uuid)
.unwrap_or(&(MembershipType::User as i32)),
) )
}) })
.collect(); .collect();

22
src/api/core/two_factor/duo.rs
Datei anzeigen

@ -26,8 +26,8 @@ pub fn routes() -> Vec<Route> {
#[derive(Serialize, Deserialize)] #[derive(Serialize, Deserialize)]
struct DuoData { struct DuoData {
host: String, // Duo API hostname host: String, // Duo API hostname
ik: String, // integration key ik: String, // client id
sk: String, // secret key sk: String, // client secret
} }
impl DuoData { impl DuoData {
@ -111,8 +111,8 @@ async fn get_duo(data: Json<PasswordOrOtpData>, headers: Headers, mut conn: DbCo
json!({ json!({
"enabled": enabled, "enabled": enabled,
"host": data.host, "host": data.host,
"secretKey": data.sk, "clientSecret": data.sk,
"integrationKey": data.ik, "clientId": data.ik,
"object": "twoFactorDuo" "object": "twoFactorDuo"
}) })
} else { } else {
@ -129,8 +129,8 @@ async fn get_duo(data: Json<PasswordOrOtpData>, headers: Headers, mut conn: DbCo
#[serde(rename_all = "camelCase")] #[serde(rename_all = "camelCase")]
struct EnableDuoData { struct EnableDuoData {
host: String, host: String,
secret_key: String, client_secret: String,
integration_key: String, client_id: String,
master_password_hash: Option<String>, master_password_hash: Option<String>,
otp: Option<String>, otp: Option<String>,
} }
@ -139,8 +139,8 @@ impl From<EnableDuoData> for DuoData {
fn from(d: EnableDuoData) -> Self { fn from(d: EnableDuoData) -> Self {
Self { Self {
host: d.host, host: d.host,
ik: d.integration_key, ik: d.client_id,
sk: d.secret_key, sk: d.client_secret,
} }
} }
} }
@ -151,7 +151,7 @@ fn check_duo_fields_custom(data: &EnableDuoData) -> bool {
st.is_empty() || s == DISABLED_MESSAGE_DEFAULT st.is_empty() || s == DISABLED_MESSAGE_DEFAULT
} }
!empty_or_default(&data.host) && !empty_or_default(&data.secret_key) && !empty_or_default(&data.integration_key) !empty_or_default(&data.host) && !empty_or_default(&data.client_secret) && !empty_or_default(&data.client_id)
} }
#[post("/two-factor/duo", data = "<data>")] #[post("/two-factor/duo", data = "<data>")]
@ -186,8 +186,8 @@ async fn activate_duo(data: Json<EnableDuoData>, headers: Headers, mut conn: DbC
Ok(Json(json!({ Ok(Json(json!({
"enabled": true, "enabled": true,
"host": data.host, "host": data.host,
"secretKey": data.sk, "clientSecret": data.sk,
"integrationKey": data.ik, "clientId": data.ik,
"object": "twoFactorDuo" "object": "twoFactorDuo"
}))) })))
} }

4
src/config.rs
Datei anzeigen

@ -709,9 +709,9 @@ make_config! {
_enable_duo: bool, true, def, true; _enable_duo: bool, true, def, true;
/// Attempt to use deprecated iframe-based Traditional Prompt (Duo WebSDK 2) /// Attempt to use deprecated iframe-based Traditional Prompt (Duo WebSDK 2)
duo_use_iframe: bool, false, def, false; duo_use_iframe: bool, false, def, false;
/// Integration Key /// Client Id
duo_ikey: String, true, option; duo_ikey: String, true, option;
/// Secret Key /// Client Secret
duo_skey: Pass, true, option; duo_skey: Pass, true, option;
/// Host /// Host
duo_host: String, true, option; duo_host: String, true, option;

5
src/db/models/collection.rs
Datei anzeigen

@ -589,6 +589,7 @@ impl CollectionUser {
.inner_join(collections::table.on(collections::uuid.eq(users_collections::collection_uuid))) .inner_join(collections::table.on(collections::uuid.eq(users_collections::collection_uuid)))
.filter(collections::org_uuid.eq(org_uuid)) .filter(collections::org_uuid.eq(org_uuid))
.inner_join(users_organizations::table.on(users_organizations::user_uuid.eq(users_collections::user_uuid))) .inner_join(users_organizations::table.on(users_organizations::user_uuid.eq(users_collections::user_uuid)))
.filter(users_organizations::org_uuid.eq(org_uuid))
.select((users_organizations::uuid, users_collections::collection_uuid, users_collections::read_only, users_collections::hide_passwords, users_collections::manage)) .select((users_organizations::uuid, users_collections::collection_uuid, users_collections::read_only, users_collections::hide_passwords, users_collections::manage))
.load::<CollectionUserDb>(conn) .load::<CollectionUserDb>(conn)
.expect("Error loading users_collections") .expect("Error loading users_collections")
@ -685,13 +686,15 @@ impl CollectionUser {
}} }}
} }
pub async fn find_by_collection_swap_user_uuid_with_member_uuid( pub async fn find_by_org_and_coll_swap_user_uuid_with_member_uuid(
org_uuid: &OrganizationId,
collection_uuid: &CollectionId, collection_uuid: &CollectionId,
conn: &mut DbConn, conn: &mut DbConn,
) -> Vec<CollectionMembership> { ) -> Vec<CollectionMembership> {
let col_users = db_run! { conn: { let col_users = db_run! { conn: {
users_collections::table users_collections::table
.filter(users_collections::collection_uuid.eq(collection_uuid)) .filter(users_collections::collection_uuid.eq(collection_uuid))
.filter(users_organizations::org_uuid.eq(org_uuid))
.inner_join(users_organizations::table.on(users_organizations::user_uuid.eq(users_collections::user_uuid))) .inner_join(users_organizations::table.on(users_organizations::user_uuid.eq(users_collections::user_uuid)))
.select((users_organizations::uuid, users_collections::collection_uuid, users_collections::read_only, users_collections::hide_passwords, users_collections::manage)) .select((users_organizations::uuid, users_collections::collection_uuid, users_collections::read_only, users_collections::hide_passwords, users_collections::manage))
.load::<CollectionUserDb>(conn) .load::<CollectionUserDb>(conn)

2
src/db/models/organization.rs
Datei anzeigen

@ -464,7 +464,7 @@ impl Membership {
"familySponsorshipValidUntil": null, "familySponsorshipValidUntil": null,
"familySponsorshipToDelete": null, "familySponsorshipToDelete": null,
"accessSecretsManager": false, "accessSecretsManager": false,
"limitCollectionCreation": true, "limitCollectionCreation": self.atype < MembershipType::Manager, // If less then a manager return true, to limit collection creations
"limitCollectionCreationDeletion": true, "limitCollectionCreationDeletion": true,
"limitCollectionDeletion": true, "limitCollectionDeletion": true,
"allowAdminAccessToAllCollectionItems": true, "allowAdminAccessToAllCollectionItems": true,