1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-12-04 07:01:10 +01:00
Commit-Graph

2756 Commits

Autor SHA1 Nachricht Datum
BlackDex
0f95bdc9bb
Fix issue with CSP and icon redirects
When using anything else but the `internal` icon service it would
trigger an CSP block because the redirects were not allowed.

This PR fixes #2623 by dynamically adding the needed CSP strings.
This should also work with custom services.

For Google i needed to add an extra check because that does a redirect
it self to there gstatic.com domain.
2022-07-17 16:21:03 +02:00
Daniel García
a0eab35768
Update web vault to 2022.6.2 2022-07-15 19:15:22 +02:00
Daniel García
027c87dd07
Merge branch 'BlackDex-update-dep-fix-issue-2516' into main 2022-07-15 19:14:21 +02:00
Daniel García
f2b31352fe
Merge branch 'update-dep-fix-issue-2516' of https://github.com/BlackDex/vaultwarden into BlackDex-update-dep-fix-issue-2516 2022-07-15 19:14:14 +02:00
Daniel García
c9376e3126
Remove read_file and read_file_string and replace them with the std alternatives 2022-07-15 19:13:26 +02:00
Daniel García
7cbcad0e38
Merge branch 'BlackDex-more-clippy-checks' into main 2022-07-15 19:06:09 +02:00
Daniel García
e167798449
Merge branch 'more-clippy-checks' of https://github.com/BlackDex/vaultwarden into BlackDex-more-clippy-checks 2022-07-15 19:05:54 +02:00
Daniel García
fc5928772b
Move around comments 2022-07-15 19:05:38 +02:00
Daniel García
8263bdd21d
Merge branch 'ruifung-main' into main 2022-07-15 19:03:49 +02:00
BlackDex
3c1d4254e7
Update deps and fix file-uploads
- Update deps. One of them is multer-rs which fixes #2516
- Changed MSRV to `1.59.0`, since that is the correct MSRV currently.
  It could be lower, but that would mean removing the `strip` option.
2022-07-15 16:03:57 +02:00
BlackDex
55d7c48b1d
Add more clippy checks for better code/readability
A bit inspired by @paolobarbolini from this commit at lettre https://github.com/lettre/lettre/pull/784 .
I added a few more clippy lints here, and fixed the resulted issues.

Overall i think this could help in preventing future issues, and maybe
even peformance problems. It also makes some code a bit more clear.

We could always add more if we want to, i left a few out which i think
arn't that huge of an issue. Some like the `unused_async` are nice,
which resulted in a few `async` removals.

Some others are maybe a bit more estatic, like `string_to_string`, but i
think it looks better to use `clone` in those cases instead of `to_string` while they already are a string.
2022-07-10 16:39:38 +02:00
Yip Rui Fung
bf623eed7f Use if let instead of a match with empty block. 2022-07-09 11:43:00 +08:00
Yip Rui Fung
84bcac0112 Apply rustfmt.
Because apparently CLion's default formatting is not the same as rustfmt for some reason.
2022-07-09 10:49:51 +08:00
Yip Rui Fung
31595888ea Use match to avoid ownership issues on the TempFile / file_path variables in closures. 2022-07-09 10:33:27 +08:00
Yip Rui Fung
5c38b2c4eb Remove option and use unwrap_or_else to fall back to copy behavior. 2022-07-09 08:53:00 +08:00
Yip Rui Fung
ebe9162af9 Add option to make file uploads use move_copy_to instead of persist_to
This is to support scenarios where the attachments and sends folder are to be stored on a separate device from the tmp_folder (i.e. fuse-mounted S3 storage), due to having the tmp_dir on the same device being undesirable.

Example being fuse-mounted S3 storage with the reasoning that because S3 basically requires a copy+delete operations to rename files, it's inefficient to rename files on device, if it's even allowed.
2022-07-09 01:19:00 +08:00
Daniel García
b64cf27038
Upgrade dependencies and swap lettre to async transport 2022-07-06 23:57:37 +02:00
Daniel García
0c4e79cff6
Update web vault to v2022.6.0 2022-07-06 23:35:02 +02:00
Daniel García
5b9129a086
Merge remote-tracking branch 'origin/dependabot/cargo/openssl-src-111.22.01.1.1q' into main 2022-07-06 23:30:49 +02:00
Daniel García
93d4a12834
Update the rest of the files leftover from #2595 by running make 2022-07-06 23:27:48 +02:00
Daniel García
bf3e2dc652
Merge branch 'nneul-patch-1' into main 2022-07-06 23:26:54 +02:00
dependabot[bot]
0d0e98d783
Bump openssl-src from 111.21.0+1.1.1p to 111.22.0+1.1.1q
Bumps [openssl-src](https://github.com/alexcrichton/openssl-src-rs) from 111.21.0+1.1.1p to 111.22.0+1.1.1q.
- [Release notes](https://github.com/alexcrichton/openssl-src-rs/releases)
- [Commits](https://github.com/alexcrichton/openssl-src-rs/commits)

---
updated-dependencies:
- dependency-name: openssl-src
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-06 20:16:56 +00:00
Nathan Neulinger
5a55cfbb9b
Update Dockerfile.j2 2022-07-06 08:56:17 -05:00
Nathan Neulinger
ac93b8a6b9
Update Dockerfile.buildx.alpine 2022-07-06 08:54:36 -05:00
Nathan Neulinger
93786d9ebd
Update Dockerfile.buildx 2022-07-06 08:54:19 -05:00
Nathan Neulinger
a6dbb580c9
Update Dockerfile.alpine 2022-07-06 08:53:58 -05:00
Nathan Neulinger
e62678abdb
Update Dockerfile 2022-07-06 08:53:18 -05:00
Daniel García
af50eae604
Merge pull request #2586 from jjlin/password-hint-config
Add `password_hints_allowed` config option
2022-07-01 16:31:56 +02:00
Jeremy Lin
cb4f6aa7f6 Pin a specific version of Rust
The latest version (1.62.0) that was just released includes Clippy changes
(https://github.com/rust-lang/rust-clippy/issues/9014) that break the build.
2022-06-30 23:56:33 -07:00
Jeremy Lin
5e13b1a7cb Add password_hints_allowed config option
Disabling password hints is mainly useful for admins who are concerned that
their users might provide password hints that are too revealing.
2022-06-30 20:46:17 -07:00
Daniel García
60b339f450
Update included web vault to v2022.5.2 2022-06-26 22:04:45 +02:00
Daniel García
f71c779860
Merge branch 'BlackDex-log-level-adjustment' into main 2022-06-26 21:54:54 +02:00
Daniel García
221a11de9b
Merge branch 'log-level-adjustment' of https://github.com/BlackDex/vaultwarden into BlackDex-log-level-adjustment 2022-06-26 21:54:48 +02:00
Daniel García
794483c10d
Merge branch 'BlackDex-fix-issue-2570' into main 2022-06-26 21:54:27 +02:00
Daniel García
c9934ccdb7
Merge branch 'fix-issue-2570' of https://github.com/BlackDex/vaultwarden into BlackDex-fix-issue-2570 2022-06-26 21:54:22 +02:00
Daniel García
54729f3c1e
Merge branch 'BlackDex-optimize-icon-html-parsing' into main 2022-06-26 21:54:10 +02:00
Daniel García
f1a86acb98
Merge branch 'optimize-icon-html-parsing' of https://github.com/BlackDex/vaultwarden into BlackDex-optimize-icon-html-parsing 2022-06-26 21:54:03 +02:00
Daniel García
6b6ea3c8bf
Merge branch 'BlackDex-fix-issue-2566' into main 2022-06-26 21:53:06 +02:00
Daniel García
bf403fee7d
Merge branch 'fix-issue-2566' of https://github.com/BlackDex/vaultwarden into BlackDex-fix-issue-2566 2022-06-26 21:52:59 +02:00
Daniel García
5cd920cf6f
Merge branch 'BlackDex-allow-firefox-relay' into main 2022-06-26 21:51:50 +02:00
BlackDex
45d3b479bc
Small change in log-level for better debugging
Regarding some recent issues with sending attachments, but previously
also some changes to the API for example which could cause a `400` error
it just returned that there is something wrong, but not to much details
on what exactly.

To help with getting a bit more detailed information, we should set the
log-level for `_` to at least `Warn`.
2022-06-26 14:49:26 +02:00
BlackDex
c7a752b01d
Update dep's and small improvements on favicons
- Updated dependencies (html5gum for favicon downloading)
  * Also openssl, time, jsonwebtoken and r2d2
- Small optimizations on downloading favicons.
  It now only emits tokens/tags which needs to be parsed, all others are
  being skipped. This prevents unneeded items within the for-loop being
  parsed.
2022-06-25 11:29:08 +02:00
BlackDex
099d359628
Fix identicons not always working
Fixes #2570
Reverted the `defer` option for these scripts, seems to cause some
issues in some situations.
2022-06-22 16:38:16 +02:00
BlackDex
006a2aacbb
Allow FireFox relay in CSP.
This PR is needed for https://github.com/dani-garcia/bw_web_builds/pull/71
Without this the web-vault will refuse to make calls to the FireFox Relay API.

Also fixed a small issue with the pre-commit config.
2022-06-22 16:30:31 +02:00
BlackDex
b71d9dd53e
Fix for issue #2566
This PR fixes #2566
If Organizational syncs returned a FolderId it would cause the web-vault
to hide the cipher because there is a FolderId set. Upstream seems to
not return FolderId and Favorite. When set to null/false it will behave
the same.

In this PR I have added a new CipherSyncType enum to select which type
of sync to execute, and return an empty list for both Folders and Favorites if this is for Orgs.
This also reduces the database load a bit since it will not execute those queries.
2022-06-21 17:36:07 +02:00
Daniel García
887e320e7f
Merge pull request #2555 from jjlin/global-domains
Sync global_domains.json
2022-06-15 20:44:35 +02:00
Daniel García
d7c18fd86e
Merge pull request #2556 from binlab/patch-1
A little depreciation change
2022-06-15 20:44:14 +02:00
Daniel García
7566f3db3e
Merge pull request #2543 from BlackDex/update-and-fixes
Updated deps and misc fixes and updates
2022-06-15 20:43:26 +02:00
BlackDex
5d05ec58be
Updated deps and misc fixes and updates
- Updated some Rust dependencies
- Fixed an issue with CSP header, this was not configured correctly
- Prevent sending CSP and Frame headers for the MFA connector.html files.
  Else some clients will fail to handle these protocols.
- Add `unsafe-inline` for `script-src` only to the CSP for the Admin Interface
- Updated JavaScript and CSS files for the Admin interface
- Changed the layout for showing overridden settings, better visible now.
- Made the version check cachable to prevent hitting the Github API rate limits
- Hide the `database_url` as if it is a password in the Admin Interface
  Else for MariaDB/MySQL or PostgreSQL this was plain text.
- Fixed an issue that pressing enter on the SMTP Test would save the config.
  resolves #2542
- Prevent user names larger then 50 characters
  resolves #2419
2022-06-14 14:51:51 +02:00
Mark
d9a452f558
A little depreciation change 2022-06-13 13:56:41 +03:00