mirrored/vaultwarden
1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-06-30 19:24:42 +02:00
Code Issues Releases Aktivität
1610 Commits 1 Branch 58 Tags 12 MiB
Commit-Graph

385 Commits

Autor SHA1 Nachricht Datum
Daniel García 4f08167d6f
Merge branch '2fa_enforcement' of https://github.com/olivierIllogika/bitwarden_rs into olivierIllogika-2fa_enforcement 2021-07-15 19:27:36 +02:00
Daniel García f16d56cb27
Merge branch 'attachment-storage' of https://github.com/BlackDex/vaultwarden into BlackDex-attachment-storage 2021-07-15 19:20:52 +02:00
Daniel García d0ec410b73
Merge branch 'password-hints' of https://github.com/jjlin/vaultwarden into jjlin-password-hints 2021-07-15 19:18:22 +02:00
Daniel García e5ec245626
Protect namedfile against path traversal, rocket only does it for pathbuf 2021-07-15 19:15:55 +02:00
BlackDex 6ea95d1ede Updated attachment limit descriptions 
The user and org attachment limit use `size` as wording while it should
have been `storage` since it isn't per attachment, but the sum of all attachments.

- Changed the wording in the config/env
- Changed the wording of the error messages.

Resolves #1818
 2021-07-13 15:17:03 +02:00
Jeremy Lin 88bea44dd8 Prevent user enumeration via password hints 
When `show_password_hint` is enabled but mail is not configured, the previous
implementation returned a differentiable response for non-existent email
addresses.

Even if mail is enabled, there is a timing side channel since mail is sent
synchronously. Add a randomized sleep to mitigate this somewhat.
 2021-07-10 01:21:27 -07:00
Daniel García 0dcea75764
Remove unused lifetime and double referencing 2021-06-26 13:35:09 +02:00
Daniel García 46e0f3c43a
Load RSA keys as pem format directly, and using openssl crate, backported from async branch 2021-06-25 20:53:26 +02:00
Daniel García 2cd17fe7af
Add token with short expiration time to send url 2021-06-25 20:53:26 +02:00
Jeremy Lin 49579e4ce7 Avoid Error parsing LastKnownRevisionDate warning for mobile clients 
When creating a new cipher, the mobile clients seem to set this field to an
invalid value, which causes a warning to be logged:

    Error parsing LastKnownRevisionDate '0001-01-01T00:00:00': premature end of input

Avoid this by dropping the `LastKnownRevisionDate` field on cipher creation.
 2021-06-19 21:32:11 -07:00
Daniel García 9254cf9d9c
Fix clippy lints 2021-06-19 22:02:03 +02:00
Daniel García c380d9c379
Support for webauthn and u2f->webauthn migrations 2021-06-16 19:06:40 +02:00
Jeremy Lin 3f7e4712cd Fix attachment size limit calculation for v2 uploads 2021-05-25 23:17:22 -07:00
Jeremy Lin c2ef331df9 Rework file ID generation 2021-05-25 23:15:24 -07:00
Jeremy Lin 5fef7983f4 Clean up attachment error handling 2021-05-25 22:13:04 -07:00
Jeremy Lin 29ed82a359 Add support for v2 attachment upload APIs 
Upstream PR: https://github.com/bitwarden/server/pull/1229
 2021-05-25 04:14:51 -07:00
Jeremy Lin 9133e2927d Fix attachment downloads 
Upstream switched to new upload/download APIs. Uploads fall back to the
legacy APIs for now, but not downloads apparently.
 2021-05-15 22:46:57 -07:00
Daniel García 8e6c6a1dc4
Merge pull request #1689 from jjlin/hide-email 
Add support for hiding the sender's email address in Bitwarden Sends
 2021-05-12 23:05:53 +02:00
Daniel García 7a9cfc45da
Merge pull request #1688 from jjlin/config-sends-allowed 
Add `sends_allowed` config setting
 2021-05-12 23:05:41 +02:00
Jeremy Lin 029008bad5 Add support for the Send Options policy 
Upstream refs:

* https://github.com/bitwarden/server/pull/1234
* https://bitwarden.com/help/article/policies/#send-options
 2021-05-12 01:22:12 -07:00
Jeremy Lin d3449bfa00 Add support for hiding the sender's email address in Bitwarden Sends 
Note: The original Vaultwarden implementation of Bitwarden Send would always
hide the email address, while the upstream implementation would always show it.

Upstream PR: https://github.com/bitwarden/server/pull/1234
 2021-05-11 22:51:12 -07:00
Jeremy Lin a9a5706764 Add support for password reprompt 
Upstream PR: https://github.com/bitwarden/server/pull/1269
 2021-05-11 20:09:57 -07:00
Jeremy Lin 3ff8014add Add sends_allowed config setting 
This provides global control over whether users can create Bitwarden Sends.
 2021-05-11 20:07:32 -07:00
Olivier Martin e3c4609c2a Merge commit '3da44a8d30e76f48b84f5b888e0b33427037037c' into 2fa_enforcement 2021-04-27 21:44:32 -04:00
Daniel García 34ea10475d
Project renaming 2021-04-27 23:18:32 +02:00
Olivier Martin 89a68741d6 ran cargo fmt --all 2021-04-16 14:49:59 -04:00
Olivier Martin 2421d49d9a Merge branch 'master' of github.com:dani-garcia/bitwarden_rs into 2fa_enforcement 
# Conflicts:
#	src/db/models/org_policy.rs
#	src/db/models/organization.rs
 2021-04-16 14:29:28 -04:00
Daniel García 305de2e2cd
Format the changes from merge to master 2021-04-15 18:30:23 +02:00
Daniel García 95d906bdbb
Merge branch 'master' into fmt 2021-04-15 18:24:04 +02:00
Olivier Martin 1db37bf3d0 make error toast display detailed message 
replace invite accept error message with the one from upstream
check if config mail is enabled
 2021-04-12 21:54:57 -04:00
Olivier Martin d75a80bd2d Resolves dani-garcia/bitwarden_rs#981 
* a user without 2fa trying to join a 2fa org will fail, but user gets an email to enable 2fa
* a user disabling 2fa will be removed from 2fa orgs; user gets an email for each org
* an org enabling 2fa policy will remove users without 2fa; users get an email
 2021-04-11 22:57:17 -04:00
Jake Howard 994669fb69
Merge remote-tracking branch 'origin/master' into fmt 2021-04-06 21:55:28 +01:00
Jake Howard 3ab90259f2
Modify rustfmt file 2021-04-06 21:54:42 +01:00
Jake Howard 155109dea1
Extract client creation to a single place 2021-04-06 21:04:37 +01:00
Daniel García b268c3dd1c
Update web vault and add unnoficialserver response 2021-04-06 20:38:22 +02:00
Jeremy Lin d77333576b Add support for auto-deleting trashed items 
Upstream will soon auto-delete trashed items after 30 days, but some people
use the trash as an archive folder, so to avoid unexpected data loss, this
implementation requires the user to explicitly enable auto-deletion.
 2021-04-05 23:07:25 -07:00
Jeremy Lin 73ff8d79f7 Add a generic job scheduler 
Also rewrite deletion of old sends using the job scheduler.
 2021-04-05 23:07:15 -07:00
Jake Howard 93c881a7a9
Reflow some lines manually 2021-03-31 21:45:05 +01:00
Jake Howard 0af3956abd
Run cargo fmt on codebase 2021-03-31 21:18:35 +01:00
Jake Howard 3e5971b9db
Remove unnecessary result return types 2021-03-27 15:07:26 +00:00
Jake Howard 6b1daeba05
Implement From over Into 
https://rust-lang.github.io/rust-clippy/master/index.html#from_over_into
 2021-03-27 14:19:57 +00:00
Jake Howard a8138be69b
Use if let more 2021-03-27 14:03:31 +00:00
Miro Prasil aa5cc642e1 Use constant for the "inaccessible" error message 2021-03-25 11:40:32 +00:00
Miro Prasil 4b6a574ee0 Return generic message when Send not available 
This should help avoid leaking information about (non)existence of Send
and be more in line with what official server returns.
 2021-03-23 13:39:09 +00:00
Daniel García 1fc6c30652
Send deletion thread and updated users revision 2021-03-22 19:57:35 +01:00
Daniel García 551810c486
Fix updating file send 2021-03-17 19:39:48 +01:00
Daniel García b987ba506d
Merge pull request #1493 from jjlin/send 
Add support for the Disable Send policy
 2021-03-16 18:13:55 +01:00
Daniel García 84810f2bb2
Remove unnecessary fields from send access 2021-03-16 18:11:25 +01:00
Jeremy Lin 424d666a50 Add support for the Disable Send policy 
Upstream refs:

* https://github.com/bitwarden/server/pull/1130
* https://bitwarden.com/help/article/policies/#disable-send
 2021-03-16 02:07:45 -07:00
Daniel García b9c3213b90
Merge pull request #1487 from jjlin/send 
Send access check fixes
 2021-03-15 16:47:14 +01:00