mirrored/vaultwarden
1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-07-02 12:14:41 +02:00
Code Issues Releases Aktivität
1371 Commits 1 Branch 58 Tags 12 MiB
Commit-Graph

471 Commits

Autor SHA1 Nachricht Datum
BlackDex 0ff7fd939e Next attempt for issue #709 fix 
Now creates icon cache directory at startup.
And it also creates the directory if it went missing during runtime.
Also modified the icon_save/mark_negcache to be one.
 2019-11-06 20:21:47 +01:00
BlackDex ca7c5129b2 Fixed issue #709 creating icon_cache directory. 
When the icon_cache directory doesn't exists yet, and the first icon
catched is a miss this .miss file was not able to be created since the
directory was only created during a valid icon download.
 2019-11-06 15:47:56 +01:00
Patrick Li 85dbf4e16c
Don't include excluded global equivalent domains during sync 
Fixes #681
 2019-11-05 21:29:04 +13:00
Daniel García e449912f05
Generate recovery codes for email and duo 2019-11-02 18:31:50 +01:00
Daniel García d29b6bee28
Remove unnecessary clones and other clippy fixes 2019-11-02 17:39:01 +01:00
Miro Prasil 00a11b1b78 Stop leaking usernames when SIGNUPS_ALLOWED=false 
This fixes #691 - respond in less specific way to not leak the
fact that user is already registered on the server.
 2019-11-01 22:34:42 +00:00
BlackDex ee550be80c Added http favicon url when response failed 2019-10-29 14:24:01 +01:00
Jellyfrog ebc47dc161
Remove unneeded WS logging 2019-10-17 17:15:11 +02:00
vpl 2edecf34ff Use user_uuid instead of mut twofactor 2019-10-15 21:20:19 +02:00
vpl 18bc8331f9 Send email when preparing 2FA JsonError 2019-10-15 21:19:49 +02:00
BlackDex 603a964579 Fixed issue #663. 
During the 2fa activation there is no twofactor record yet.
Changed the layout a bit so that it will generate a new twofactor record
when it does not exists yet. Else it will just update the already
existing record.
 2019-10-14 00:32:44 +02:00
BlackDex 9466f02696 Recoded TOTP time drift validation 2019-10-12 15:28:28 +02:00
BlackDex d989a19f76 Merge branch 'master' of https://github.com/dani-garcia/bitwarden_rs into totp-timedrift 2019-10-11 11:22:13 +02:00
Daniel García d292269ea0
Make the blacklist logic be cached 2019-10-10 23:21:22 +02:00
BlackDex ebf40099f2 Updated authenticator TOTP 
- Added security check for previouse used codes
- Allow TOTP codes with 1 step back and forward when there is a time
drift. This means in total 3 codes could be valid. But only newer codes
then the previouse used codes are excepted after that.
 2019-10-10 17:32:20 +02:00
BlackDex edc482c8ea Changed HIBP Error message. 
- Moved the manual link to the check to the top.
- Clearified that hibp is a payed service.
- Changed error logo to hibp logo.
 2019-10-08 22:29:12 +02:00
BlackDex 6e5c03cc78 Some modification when no HIBP API Key is set 
- Added an URL with the useraccount for manual check.
- Added support for HTTP(S)_PROXY for hibp.
 2019-10-08 21:39:11 +02:00
Daniel García e6b763026e
Merge branch 'master' into icon-security 2019-10-05 16:45:36 +02:00
BlackDex be2916333b Fixed issue #565 
Issue fixed by omitting the cookie header when cookie_str is empty
 2019-10-05 15:45:09 +02:00
BlackDex 9124d8a3fb Updated icon blacklisting. 
- Blacklisting was not effective for redirects and rel href
- Able to blacklist non global IP's like RFC1918, multicast etc...
 2019-10-05 14:48:15 +02:00
Miro Prasil d6e9af909b Remove the unnecessary check for sqlite 
The binary we use is called `sqlite3` so no need to check for other
name variants as we won't use those anyways.
 2019-10-01 10:40:22 +01:00
Miro Prasil acdd42935b Add sqlite binary into the docker images 
This is done to enable backup functionality in the admin interface while
we're waiting for the libsqlite-sys 0.17 to bubble up in the upstream
dependencies. Then we can start using `VACUUM INTO`

This also extends the check for the sqlite binary to also try `sqlite3`
as this is the name of the binary in baseimage distributions we use.
 2019-09-30 13:54:06 +01:00
Daniel García 4c07f05b3a
Remove Result<T, E: Debug> in preparation of deprecation as Rocket responder. 
Removed unnecessary returns
 2019-09-17 21:05:56 +02:00
Daniel García df8114f8be
Updated client kdf iterations to 100000 and fixed some lints 2019-09-05 21:56:12 +02:00
Daniel García e3404dd322
Use the local scripts instead of cloudflare, remove jquery and update config so disabling a master toggle doesn't remove the values 2019-08-31 17:47:52 +02:00
Daniel García bfc517ee80
Remove unused warning 2019-08-31 17:26:16 +02:00
Daniel García 4a7d2a1e28
Rename static files endpoint 2019-08-31 17:25:31 +02:00
vpl 5d50b1ee3c Merge remote-tracking branch 'upstream/master' into email-codes 2019-08-26 21:38:45 +02:00
vpl c99df1c310 Compare token using crypto::ct_eq 2019-08-26 20:26:59 +02:00
vpl 591ae10144 Get token from single u64 2019-08-26 20:26:54 +02:00
Daniel García 026f9da035
Allow removing users two factors 2019-08-21 17:13:06 +02:00
Daniel García 515b87755a
Update HIBP to v3, requires paid API key, fixes #583 2019-08-20 20:07:12 +02:00
vpl ee7837d022 Add option to require new device emails 2019-08-19 22:14:00 +02:00
Daniel García 07743e490b
Ignore error sending device email 2019-08-18 19:32:26 +02:00
BlackDex e7b6238f43 Added reqwest proxy support 2019-08-12 17:24:32 +02:00
vpl ad2225b6e5 Add configuration options for Email 2FA 2019-08-10 22:39:04 +02:00
vpl 5609103a97 Use ring to generate email token 2019-08-06 22:38:08 +02:00
vpl 6d460b44b0 Use saved token for email 2fa codes 2019-08-04 17:21:57 +02:00
vpl efd8d9f528 Remove some unused imports, unneeded mut variables 2019-08-04 16:56:41 +02:00
vpl 29aedd388e Add email code logic and move two_factor into separate modules 2019-08-04 16:56:41 +02:00
vpl 27e0e41835 Add email authenticator logic 2019-08-04 16:56:39 +02:00
Daniel García c9c3f07171
Updated dependencies and fixed panic getting icons 2019-07-30 19:42:05 +02:00
vpl df71f57d86 Move send device email to end of password login 
Send new device email after two factor authentication.
 2019-07-25 21:10:27 +02:00
vpl 60e39a9dd1 Move retrieve/new device from connData to separate function 2019-07-22 12:30:26 +02:00
vpl bc6a53b847 Add new device email when user logs in 2019-07-22 08:26:24 +02:00
Daniel García 05a1137828
Move backend checks to build.rs to fail fast, and updated dependencies 2019-07-09 17:26:34 +02:00
Daniel García 5710703c50
Make sure the backup option only appears when using sqlite 2019-06-02 00:08:52 +02:00
Daniel García 1322b876e9
Merge pull request #493 from endyman/feature/initial_mysql_support 
Initial support for mysql
 2019-06-01 23:33:06 +02:00
Emil Madsen e22e290f67 Fix key and type variable names for mysql 2019-05-20 21:24:29 +02:00
TheMardy ef551f4cc6 Create Backup funcitonality 
Added create backup functionality to the admin panel
 2019-05-03 15:46:29 +02:00
Daniel García 5521a86693
Change path for served images to avoid collision with vault images 2019-05-01 16:19:22 +02:00
Daniel García 3160780549
Merge pull request #401 from TheMardy/master 
Images in Email Templates
 2019-04-30 17:52:10 +02:00
Daniel García 874f5c34bd
Formatting 2019-04-26 22:08:26 +02:00
Daniel García 253faaf023
Use users duo host when required, instead of always using the global one 2019-04-15 13:07:23 +02:00
Daniel García 3d843a6a51
Merge pull request #460 from janost/organization-vault-purge 
Fixed purging organization vault
 2019-04-14 22:30:51 +02:00
janost 03fdf36bf9 Fixed purging organization vault 2019-04-14 22:12:48 +02:00
Daniel García fdcc32beda
Validate Duo credentials when custom 2019-04-14 22:05:05 +02:00
Daniel García bf20355c5e
Merge branch 'duo' 2019-04-14 22:02:55 +02:00
Daniel García 2e12114350
Always create the user when inviting from admin panel 2019-04-12 23:44:49 +02:00
ViViDboarder d3a8a278e6 Add new endpoint for retrieving all users 2019-04-11 11:24:53 -07:00
Daniel García 8d9827c55f
Implement selection between global config and user settings for duo keys. 2019-04-11 18:40:03 +02:00
Daniel García cad63f9761
Auto generate akey 2019-04-11 16:08:26 +02:00
Daniel García 621f607297
Update dependencies and fix some warnings 2019-04-11 15:40:19 +02:00
Daniel García 754087b990
Add global duo config and document options in .env template 2019-04-07 18:58:15 +02:00
Daniel García cfbeb56371
Implement user duo, initial version 
TODO:
- At the moment each user needs to configure a DUO application and input the API keys, we need to check if multiple users can register with the same keys correctly and if so we could implement a global setting.
- Sometimes the Duo frame doesn't load correctly, but canceling, reloading the page and logging in again seems to fix it for me.
 2019-04-05 22:09:53 +02:00
Daniel García 4b40cda910
Added domain blacklist regex for icons service and improved valid domain check. 
Reorganized the icons code a bit.
 2019-03-18 22:12:39 +01:00
Daniel García 61515160a7
Allow changing error codes and create an empty error. 
Return 404 instead of 400 when no accounts breached.
 2019-03-14 00:17:36 +01:00
Daniel García 43f9038325
Add option to force resync clients in admin panel 2019-03-07 21:08:33 +01:00
Daniel García 0718a090e1
Trim spaces from admin token during authentication and validate that the admin panel token is not empty 2019-03-07 20:21:50 +01:00
Daniel García 04922f6aa0
Some formatting and dependency updates 2019-03-03 16:11:55 +01:00
Daniel García 7d2bc9e162
Added option to force 2fa at logins and made some changes to two factor code. 
Added newlines to config options to keep them a reasonable length.
 2019-03-03 16:09:15 +01:00
Daniel García 10756b0920
Update dependencies and fix some lints 2019-02-27 17:21:04 +01:00
Дамјан Георгиевски 473f8b8e31 remove some unneeded mutability 2019-02-22 20:25:50 +01:00
Shane Faulkner 8b5b06c3d1 Allow the Admin token to be disabled in the advanced menu 2019-02-20 14:56:08 -06:00
Daniel García 5ee04e31e5
Updated dependencies, removed some unnecessary clones and fixed some lints 2019-02-20 17:54:18 +01:00
TheMardy 84fb6aaddb Set correct MIME type 2019-02-17 01:08:24 +01:00
Daniel García a744b9437a
Implemented multiple U2f keys, key names, and compromised checks 2019-02-16 23:07:48 +01:00
Daniel García 6027b969f5
Delete old devices when deauthorizing user sessions 2019-02-16 23:06:26 +01:00
Daniel García 93805a5d7b
Fix Yubikeys deleted on error 2019-02-16 21:30:55 +01:00
TheMardy a79334ea4c Added static email image routes 2019-02-16 03:44:30 +01:00
BlackDex 3b27dbb0aa Added config option for icon download timeout 2019-02-12 21:56:28 +01:00
Daniel García 9636f33fdb
Implement constant time equal check for admin, 2fa recover and 2fa remember tokens 2019-02-11 23:45:55 +01:00
Daniel García 28d1588e73
Show version in admin panel 2019-02-10 16:02:46 +01:00
Daniel García f3b1a5ff3e
Error when admin panel is disabled 2019-02-10 15:26:19 +01:00
Daniel García 820c8b0dce
Change use of deserialize_with for Option iterator 2019-02-08 19:12:08 +01:00
Daniel García 8b4a6f2a64
Fixed some clippy lints and changed update_uuid_revision to only use one db query 2019-02-08 18:45:07 +01:00
Daniel García ef63342e20
Add reset user config button 2019-02-06 17:34:32 +01:00
Daniel García 3db815b969
Implemented config form and fixed config priority 2019-02-06 17:34:30 +01:00
Daniel García ade293cf52
Save config 2019-02-06 17:34:29 +01:00
Daniel García 877408b808
Implement basic config loading and updating. No save to file yet. 2019-02-06 17:34:29 +01:00
Daniel García 86ed75bf7c
Config can now be serialized / deserialized 2019-02-06 17:34:29 +01:00
Daniel García 20d8d800f3
Updated dependencies 2019-02-06 17:34:29 +01:00
Miroslav Prasil 637f655b6f Do not allocate uneccessary Vec 2019-02-05 14:16:07 +00:00
Miroslav Prasil b3f7394c06 Do not update revision at the end, as we already did that 2019-02-05 14:09:59 +00:00
Miroslav Prasil 1a5ecd4d4a cipher does not need to be mutable 2019-02-05 13:52:30 +00:00
Miroslav Prasil bd65c4e312 Remove superfluous cipher.save() call 2019-02-05 13:49:30 +00:00
BlackDex 9026cc8d42 Fixed issue when the iconlist is smaller then 5 
When the iconlist was smaller then 5 items, it would cause a panic.
Solved by using .truncate() on the iconlist.
 2019-02-04 17:27:40 +01:00
BlackDex 574b040142 Loop through the iconlist until an icon is found 
Loop for a maximum of 5 times through the iconlist or until a
successful download of an icon.
 2019-02-04 16:59:52 +01:00
BlackDex c13f115473 Fixed issue #380 
- Created a separate function for parsing the sizes attribute
 - Parsing sizes now with regex
 - Should work with any non-digit separator
 2019-02-04 12:55:39 +01:00
BlackDex bc461d9baa Some small changes on the iter of the cookies 2019-01-31 17:58:03 +01:00
BlackDex 5016e30cf2 Added cookies to the icon download request. 
Some sites use XSRF Tokens, or other Tokens to verify a subseqense
response. The cookies which are sent during the page request are now
used when downloading the favicon.

A site which uses this is mijn.ing.nl.
 2019-01-31 15:49:58 +01:00
Daniel García 2a60414031
Reuse the client between requests, and use the client when downloading the icons themselves 2019-01-29 21:21:26 +01:00
BlackDex feb74a5e86 Changed the way to fix the href 
- Using url from reqwest to fix href, this fixes:
   + "//domain.com/icon.png"
   + "relative/path/to/icon.png"
   + "/absolute/path/to/icon.png"
 - Removed fix_href function
 - Some variable changes
 2019-01-29 18:08:23 +01:00
Daniel García c0e350b734
Disable icon downloads, accept optional query after icon href, format and clippy fixes 2019-01-28 23:58:32 +01:00
Daniel García bef1183c49
Only send one notification per vault import and purge, improve move ciphers functions 2019-01-28 00:39:14 +01:00
Daniel García 07388d327f
Merge pull request #370 from BlackDex/favicons 
Added better favicon downloader.
 2019-01-27 16:37:47 +01:00
BlackDex 4de16b2d17 Removed unwrap and added ? 2019-01-27 16:25:02 +01:00
BlackDex da068a43c1 Moved function call to get_icon_url to prevent error bubbeling 2019-01-27 16:03:18 +01:00
BlackDex 9657463717 Added better favicon downloader. 2019-01-27 15:39:19 +01:00
Daniel García 69036cc6a4
Add disabled user badge (no password) and deauthorize button to admin page. 2019-01-26 19:28:54 +01:00
Daniel García 700e084101
Add 2FA icon to admin panel 2019-01-25 18:50:57 +01:00
Daniel García a1dc47b826
Change config to thread-safe system, needed for a future config panel. 
Improved some two factor methods.
 2019-01-25 18:24:57 +01:00
Daniel García 86de0ca17b
Fix editing users from collections menu 2019-01-25 17:43:51 +01:00
Stephen White 928ad6c1d8 Fix the list of users with access to a collection to display correctly. 
https://github.com/dani-garcia/bitwarden_rs/issues/364
 2019-01-25 14:18:06 +00:00
Daniel García bfd93e5b13
Show organizations in admin panel, implement reload templates option 2019-01-20 17:43:56 +01:00
Daniel García a797459560
Implement HIBP check [WIP]. 
Add extra security attributes to admin cookie.
Error handling.
 2019-01-20 15:36:33 +01:00
Daniel García 6cbb683f99
Rename admin templates to match email 2019-01-19 22:59:32 +01:00
Daniel García 92bbb98d48
Created base template 2019-01-19 22:12:52 +01:00
Daniel García 834c847746
Implement admin JWT cookie, separate JWT issuers for each type of token and migrate admin page to handlebars template 2019-01-19 21:41:49 +01:00
Daniel García e0aec8d373
Use new i64::to_be_bytes and remove byteorder dep 
(https://doc.rust-lang.org/stable/std/primitive.i64.html#method.to_be_bytes)
 2019-01-16 22:14:17 +01:00
Daniel García 1ce2587330
Correct update cipher order: first save cipher, then cipher-folder, then notify 2019-01-16 19:57:49 +01:00
Miroslav Prasil 71a10e0378 Fix sharing the item to organization. 2019-01-16 11:33:43 +00:00
Daniel García 9bf13b7872
Can't return inside multipart closure 2019-01-15 22:00:41 +01:00
Daniel García d420992f8c
Update some function calls to use ? 2019-01-15 21:47:16 +01:00
Daniel García c259a0e3e2
Save recovery code when using yubikey and stop repeating headers.user everywhere 2019-01-15 21:38:21 +01:00
Daniel García 432be274ba
Improve org mismatch check, consider different orgs 2019-01-15 17:31:03 +01:00
Daniel García 484bf5b703
Check that the client is not updating an outdated cipher, that should be part of an org now 2019-01-15 16:35:08 +01:00
Daniel García 4bf32af60e
Fix folder notifications, enable template strict mode and add missing option to env template 2019-01-15 15:28:47 +01:00
Daniel García f571df7367
Revert yubikey feature, not needed anymore 2019-01-12 15:28:41 +01:00
Daniel García 1d7f704754
Send CipherUpdate when adding and deleting attachments 2019-01-11 01:12:54 +01:00
Daniel García 1d034749f7
Fix AArch64 build by disabling yubico 2019-01-10 23:54:01 +01:00
Daniel García 320266606e
Implement put collections 2019-01-08 20:27:28 +01:00
Daniel García a0a08c4c5a
Include IP in invalid admin token error 2019-01-08 16:17:18 +01:00
Daniel García 4309df8334
Only create invitations when SMTP is disabled, and ignore invitations if we have a token. 
Disallow users from accepting invitation twice
 2019-01-08 15:42:26 +01:00
Daniel García f1161c65fb
Make sure an invitation is created when reinviting 2019-01-08 14:05:05 +01:00
Daniel García 21b85b78b1
Changed reinvite check and removed obsolete comment 2019-01-07 15:29:57 +01:00
Daniel García 5e37471488
Merge pull request #323 from njfox/invite_accepted_email 
Send email notifications when invitations are accepted/confirmed
 2019-01-06 14:12:24 +01:00
Nick Fox 0a74e79cea
Refactor generate_invite_claims, make org_name and org_id optional 2019-01-05 23:03:49 -05:00
Nick Fox 7db66f73f0
Refactor invited_by_email check 2019-01-05 13:46:45 -05:00
Nick Fox cec28a85ac
Update admin page to work with new invitation flow 2019-01-04 10:32:51 -05:00
Daniel García 5f49ecd7f3
Updated dependencies to use u2f crate directly, and some style changes 2019-01-04 00:25:38 +01:00
Nick Fox 736c0e62f2
Send emails to inviters/invitees when invites are accepted/confirmed 2019-01-02 22:20:39 -05:00
Daniel García 30e768613b
Start using rustfmt and some style changes to make some lines shorter 2018-12-30 23:34:31 +01:00
Daniel García adb8052689
Updated Error to implement Display and Debug, instead of using custom methods 2018-12-30 21:43:56 +01:00
Daniel García acb9d1b3c6
Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 2018-12-30 21:43:56 +01:00
Daniel García 2bb0b15e04
Implemented better errors for JWT 2018-12-30 21:43:55 +01:00
Daniel García 250a2b340f
Use new Errors in latest changes 2018-12-30 21:43:55 +01:00
Daniel García b2fc0499f6
Finish invite functionality, and remove virtual organization 2018-12-30 21:40:26 +01:00
Daniel García 6a99849a1e
Implemented proper error handling, now we can do user.save($conn)?; and it works. 
In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
 2018-12-30 21:31:12 +01:00
Daniel García 172f1770cf
Embed the icon in the binary, no need to download when it's not going to change 2018-12-30 21:31:12 +01:00