1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-30 06:21:11 +01:00
Commit-Graph

334 Commits

Autor SHA1 Nachricht Datum
Jeremy Lin
00d56d7295 Send access check fixes
Adjust checks for max access count, expiration date, and deletion date.
The date checks aren't that important, but the access count check
currently allows one more access than it should.
2021-03-14 23:20:49 -07:00
Daniel García
8da5b99482
Send API 2021-03-14 23:35:55 +01:00
Jeremy Lin
a75d050001 Fix custom org name in invitation confirmation email
The org name in the invitation email was made customizable in 8867626, but
the org name is still hardcoded as "bitwarden_rs" in the confirmation email.
2021-03-03 23:03:55 -08:00
Daniel García
9323c57f49
Remove debug print 2021-02-07 00:22:39 +01:00
Daniel García
85e3c73525
Basic experimental ldap import support with the official directory connector 2021-02-06 20:15:42 +01:00
BlackDex
7dff8c01dd JSON Response updates and small fixes
Updated several json response models.
Also fixed a few small bugs.

ciphers.rs:
  - post_ciphers_create:
    * Prevent cipher creation to organization without a collection.
  - update_cipher_from_data:
    * ~~Fixed removal of user_uuid which prevent user-owned shared-cipher to be not editable anymore when set to read-only.~~
    * Cleanup the json_data by removing the `Response` key/values from several objects.
  - delete_all:
    * Do not delete all Collections during the Purge of an Organization (same as upstream).

cipher.rs:
  - Cipher::to_json:
    * Updated json response to match upstream.
    * Return empty json object if there is no type_data instead of values which should not be set for the type_data.

organizations.rs:
  * Added two new endpoints to prevent Javascript errors regarding tax

organization.rs:
  - Organization::to_json:
    * Updated response model to match upstream
  - UserOrganization::to_json:
    * Updated response model to match upstream

collection.rs:
  - Collection::{to_json, to_json_details}:
    * Updated the json response model, and added a detailed version used during the sync
  - hide_passwords_for_user:
    * Added this function to return if the passwords should be hidden or not for the user at the specific collection (used by `to_json_details`)

Update 1: Some small changes after comments from @jjlin.
Update 2: Fixed vault purge by user to make sure the cipher is not part of an organization.

Resolves #971
Closes #990, Closes #991
2021-01-31 21:46:37 +01:00
Jeremy Lin
1d4f900e48 Add cipher response to restore operations
This matches changes in the upstream Bitwarden server and clients.

Upstream PR: https://github.com/bitwarden/server/pull/1072
2021-01-24 21:57:32 -08:00
Jeremy Lin
9f86196a9d Add support for the Personal Ownership policy
Upstream refs:

* https://github.com/bitwarden/server/pull/1013
* https://bitwarden.com/help/article/policies/#personal-ownership
2021-01-23 20:50:06 -08:00
BlackDex
235ff44736 Updated the admin interface
Mostly updated the admin interface, also some small other items.

- Added more diagnostic information to (hopefully) decrease issue
  reporting, or at least solve them quicker.
- Added an option to generate a support string which can be used to
  copy/paste on the forum or during the creation of an issue. It will
try to hide the sensitive information automatically.
- Changed the `Created At` and `Last Active` info to be in a column and
  able to sort them in the users overview.
- Some small layout changes.
- Updated javascript and css files to the latest versions available.
- Decreased the png file sizes using `oxipng`
- Updated target='_blank' links to have rel='noreferrer' to prevent
  javascript window.opener modifications.
2021-01-19 17:55:21 +01:00
BlackDex
de86aa671e Fix Key Rotation during password change
When ticking the 'Also rotate my account's encryption key' box, the key
rotated ciphers are posted after the change of password.

During the password change the security stamp was reseted which made
the posted key's return an invalid auth. This reset is needed to prevent other clients from still being able to read/write.

This fixes this by adding a new database column which stores a stamp exception which includes the allowed route and the current security stamp before it gets reseted.
When the security stamp check fails it will check if there is a stamp exception and tries to match the route and security stamp.

Currently it only allows for one exception. But if needed we could expand it by using a Vec<UserStampException> and change the functions accordingly.

fixes #1240
2020-12-14 19:58:23 +01:00
Jeremy Lin
4e60df7a08 Fix stale data check failure when cloning a cipher 2020-12-10 00:17:34 -08:00
Daniel García
d15d24f4ff
Merge pull request #1242 from BlackDex/allow-manager-role
Adding Manager Role support
2020-12-08 16:11:55 +01:00
Jeremy Lin
a9e9a397d8 Validate cipher updates with revision date
Prevent clients from updating a cipher if the local copy is stale.
Validation is only performed when the client provides its last known
revision date; this date isn't provided when using older clients,
or when the operation doesn't involve updating an existing cipher.

Upstream PR: https://github.com/bitwarden/server/pull/994
2020-12-07 19:34:00 -08:00
BlackDex
7cf8809d77 Adding Manager Role support
This has been requested a few times (#1136 & #246 & forum), and there already were two
(1:1 duplicate) PR's (#1222 & #1223) which needed some changes and no
followups or further comments unfortunally.

This PR adds two auth headers.
- ManagerHeaders
  Checks if the user-type is Manager or higher and if the manager is
part of that collection or not.
- ManagerHeadersLoose
  Check if the user-type is Manager or higher, but does not check if the
user is part of the collection, needed for a few features like
retreiving all the users of an org.

I think this is the safest way to implement this instead of having to
check this within every function which needs this manually.

Also some extra checks if a manager has access to all collections or
just a selection.

fixes #1136
2020-12-02 22:50:51 +01:00
Jeremy Lin
95caaf2a40 Add missing admin endpoints for deleting ciphers
This fixes the inability to bulk-delete ciphers from org vault views.
2020-10-23 03:42:22 -07:00
Fabian van Steen
b41a0d840c
Correction of verify_email error message 2020-10-23 10:30:25 +02:00
BlackDex
c64560016e Add /api/accounts/verify-password endpoint
If for some reason the hashed password is cleared from memory within a
bitwarden client it will try to verify the password at the server side.

This endpoint was missing.

Resolves #1156
2020-09-25 18:26:48 +02:00
BlackDex
9a47821642 Fixed creating a new organization
- The new web-vault needs a new api endpoint.
- Added this new endpoint.

Fixes #1139
2020-09-14 08:34:17 +02:00
Jeremy Lin
4c3b328aca Hide ciphers from non-selected collections for org owners/admins
If org owners/admins set their org access to only include selected
collections, then ciphers from non-selected collections shouldn't
appear in "My Vault". This matches the upstream behavior.
2020-09-01 02:20:25 -07:00
Jeremy Lin
f83a8a36d1 Track favorites on a per-user basis
Currently, favorites are tracked at the cipher level. For org-owned ciphers,
this means that if one user sets it as a favorite, it automatically becomes a
favorite for all other users that the cipher has been shared with.
2020-08-19 02:32:58 -07:00
Jeremy Lin
570d6c8bf9 Add support for restricting org creation to certain users 2020-08-05 22:35:29 -07:00
Jeremy Lin
a846f6c610 Fix soft delete notifications
A soft-deleted entry should now show up in the trash folder immediately
(previously, an extra sync was required).
2020-07-26 16:19:47 -07:00
Daniel García
668d5c23dc
Removed try_trait and some formatting, particularly around imports 2020-07-14 18:34:22 +02:00
Jeremy Lin
979d010dc2 Add support for hiding passwords in a collection
Ref: https://github.com/bitwarden/server/pull/743
2020-07-02 21:51:20 -07:00
BlackDex
24c914799d Fixes #1022 cloning with attachments
When a cipher has one or more attachments it wasn't able to be cloned.
This commit fixes that issue.
2020-06-07 17:57:04 +02:00
Jeremy Lin
a314933557 Allow email changes for existing accounts even when signups are disabled 2020-05-24 14:38:19 -07:00
Daniel García
0807783388
Add ip on totp miss 2020-05-14 00:19:50 +02:00
Daniel García
aee1ea032b
Merge pull request #989 from theycallmesteve/update_responses
Update responses
2020-05-13 22:34:16 +02:00
theycallmesteve
5571a5d8ed
Update post_keys to return a keys response model 2020-05-08 13:38:49 -04:00
theycallmesteve
6a8c65493f
Rename collection_user_details to collection_read_only to reflect the response model 2020-05-08 13:37:40 -04:00
theycallmesteve
dfdf4473ea
Rename to_json_list to to_json_provder to reflect the response model 2020-05-08 13:36:35 -04:00
theycallmesteve
632f4d5453
Whitespace fixes 2020-05-07 18:02:37 -04:00
Daniel García
9cca64003a
Remove unused dependency and simple feature, update dependencies and fix some clippy lints 2020-05-03 17:24:51 +02:00
Daniel García
0de52c6c99
Merge pull request #957 from jjlin/domain-whitelist
Domain whitelist cleanup and fixes
2020-04-18 12:08:48 +02:00
Daniel García
e3b00b59a7
Initial support for soft deletes 2020-04-17 22:35:27 +02:00
Jeremy Lin
e4d08836e2 Make org owner invitations respect the email domain whitelist
This closes a loophole where org owners can invite new users from any domain.
2020-04-09 01:51:05 -07:00
Jeremy Lin
c2a324e5da Clean up domain whitelist logic
* Make `SIGNUPS_DOMAINS_WHITELIST` override the `SIGNUPS_ALLOWED` setting.
  Otherwise, a common pitfall is to set `SIGNUPS_DOMAINS_WHITELIST` without
  realizing that `SIGNUPS_ALLOWED=false` must also be set.

* Whitespace is now accepted in `SIGNUPS_DOMAINS_WHITELIST`. That is,
  `foo.com, bar.com` is now equivalent to `foo.com,bar.com`.

* Add validation on `SIGNUPS_DOMAINS_WHITELIST`. For example, `foo.com,`
  is rejected as containing an empty token.
2020-04-09 01:42:27 -07:00
Jeremy Lin
6cd8512bbd Fix Duo auth failure with non-lowercased email addresses 2020-04-07 20:40:51 -07:00
Jeremy Lin
7407b8326a Fix attachment size limit calculation
The config values (in KB) need to be converted to bytes when comparing
against total attachment sizes.
2020-03-31 02:30:28 -07:00
Daniel García
94341f9f3f
Fix token error while accepting invite 2020-03-20 10:51:17 +01:00
Daniel García
2ee07ea1d8
Fix empty data when cloning cipher 2020-03-15 17:26:34 +01:00
BlackDex
1b4b40c95d Updated reqwest to the latest version.
- Use the blocking client (no async).
- Disabled gzip.
- use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
Daniel García
a30d5f4cf9
Fix cloning issues 2020-03-14 14:08:57 +01:00
Daniel García
3fa78e7bb1
Initial version of policies 2020-03-14 13:32:28 +01:00
Daniel García
70f3ab8ec3
Migrate lazy_static to once_cell, less macro magic and slightly faster 2020-03-09 22:04:03 +01:00
Jeremy Lin
29a0795219 Add backend support for alternate base dir (subdir/subpath) hosting
To use this, include a path in the `DOMAIN` URL, e.g.:

* `DOMAIN=https://example.com/custom-path`
* `DOMAIN=https://example.com/multiple/levels/are/ok`
2020-02-18 21:27:00 -08:00
Daniel García
325039c316
Attachment size limits, per-user and per-organization 2020-02-17 22:56:26 +01:00
Daniel García
f5916ec396
Fix backwards indices 2020-01-30 22:33:50 +01:00
Daniel García
def174a517
Convert email domains to punycode 2020-01-30 22:11:53 +01:00
Daniel García
84ed185579
Update u2f to 0.2, which requires OpenSSL but also might solve the problems we've had with certificates.
The rust image doesn't need installing curl or tar, so removed. Also collapsed ENV lines.
2020-01-19 21:34:13 +01:00