1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-16 04:12:53 +01:00
Commit-Graph

134 Commits

Autor SHA1 Nachricht Datum
Daniel García
5529264c3f
Basic ratelimit for user login (including 2FA) and admin login 2021-12-22 21:48:49 +01:00
Jeremy Lin
2f9ac61a4e Add support for external icon services
If an external icon service is configured, icon requests return an HTTP
redirect to the corresponding icon at the external service.

An external service may be useful for various reasons, such as if:

* The Vaultwarden instance has no external network connectivity.
* The Vaultwarden instance has trouble handling large bursts of icon requests.
* There are concerns that an attacker may probe the instance to try to detect
  whether icons for certain sites have been cached, which would suggest that
  the instance contains entries for those sites.
* The external icon service does a better job of providing icons than the
  built-in fetcher.
2021-12-20 01:34:31 -08:00
BlackDex
c453528dc1
Macro recursion decrease and other optimizations
- Decreased `recursion_limit` from 512 to 87
  Mainly done by optimizing the config macro's.
  This fixes an issue with the rust-analyzer which doesn't go beyond 128
- Removed Regex for masking sensitive values and replaced it with a map()
  This is much faster then using a Regex.
- Refactored the get_support_json macro's
- All items above also lowered the binary size and possibly compile-time
- Removed `_conn: DbConn` from several functions, these caused unnecessary database connections for functions who didn't used that at all
- Decreased json response for `/plans`
- Updated libraries and where needed some code changes
  This also fixes some rare issues with SMTP https://github.com/lettre/lettre/issues/678
- Using Rust 2021 instead of 2018
- Updated rust nightly
2021-11-06 17:44:53 +01:00
Jeremy Lin
c476e19796 Add email notifications for incomplete 2FA logins
An incomplete 2FA login is one where the correct master password was provided,
but the 2FA token or action required to complete the login was not provided
within the configured time limit. This potentially indicates that the user's
master password has been compromised, but the login was blocked by 2FA.

Be aware that the 2FA step can usually still be completed after the email
notification has already been sent out, which could be confusing. Therefore,
the incomplete 2FA time limit should be long enough that this situation would
be unlikely. This feature can also be disabled entirely if desired.
2021-10-28 00:19:43 -07:00
Daniel García
75e62abed0
Move database_max_conns 2021-10-24 22:22:28 +02:00
Daniel García
53cc8a65af
Add doc comments to the functions in Config, and remove some unneeded pubs 2021-10-23 20:47:05 +02:00
Jeremy Lin
cee3fd5ba2 Emergency Access cleanup
This commit contains mostly superficial user-facing cleanup, to be followed up
with more extensive cleanup and fixes in the API implementation.
2021-10-19 02:22:44 -07:00
Adam Jones
d014eede9a
feature: Support single organization policy
This adds back-end support for the [single organization policy](https://bitwarden.com/help/article/policies/#single-organization).
2021-10-02 19:30:19 +02:00
thelittlefireman
4ab9362971 Add Emergency contact feature
Signed-off-by: thelittlefireman <thelittlefireman@users.noreply.github.com>
2021-09-17 01:25:44 +02:00
Daniel García
4f08167d6f
Merge branch '2fa_enforcement' of https://github.com/olivierIllogika/bitwarden_rs into olivierIllogika-2fa_enforcement 2021-07-15 19:27:36 +02:00
Daniel García
f16d56cb27
Merge branch 'attachment-storage' of https://github.com/BlackDex/vaultwarden into BlackDex-attachment-storage 2021-07-15 19:20:52 +02:00
BlackDex
6ea95d1ede Updated attachment limit descriptions
The user and org attachment limit use `size` as wording while it should
have been `storage` since it isn't per attachment, but the sum of all attachments.

- Changed the wording in the config/env
- Changed the wording of the error messages.

Resolves #1818
2021-07-13 15:17:03 +02:00
Jeremy Lin
8ee5d51bd4 Disable show_password_hint by default
A setting that provides unauthenticated access to potentially sensitive data
shouldn't be enabled by default.
2021-07-10 01:20:37 -07:00
Daniel García
46e0f3c43a
Load RSA keys as pem format directly, and using openssl crate, backported from async branch 2021-06-25 20:53:26 +02:00
Daniel García
9254cf9d9c
Fix clippy lints 2021-06-19 22:02:03 +02:00
BlackDex
8615736e84 Multiple Admin Interface fixes and some others.
Misc:
- Fixed hadolint workflow, new git cli needs some extra arguments.
- Add ignore paths to all specific on triggers.
- Updated hadolint version.
- Made SMTP_DEBUG read-only, since it can't be changed at runtime.

Admin:
- Migrated from Bootstrap v4 to v5
- Updated jquery to v3.6.0
- Updated Datatables
- Made Javascript strict
- Added a way to show which ENV Vars are overridden.
- Changed the way to provide data for handlebars.
- Fixed date/time check.
- Made support string use details and summary feature of markdown/github.
2021-06-19 19:22:19 +02:00
Jeremy Lin
3ff8014add Add sends_allowed config setting
This provides global control over whether users can create Bitwarden Sends.
2021-05-11 20:07:32 -07:00
BlackDex
7cb19ef767 Updated branding, email and crates
- Updated branding for admin and emails
- Updated crates and some deprications
- Removed newline-converter because this is built-in into lettre
- Updated email templates to use a shared header and footer template
- Also trigger SMTP SSL When TLS is selected without SSL
  Resolves #1641
2021-05-08 17:46:31 +02:00
Olivier Martin
e3c4609c2a Merge commit '3da44a8d30e76f48b84f5b888e0b33427037037c' into 2fa_enforcement 2021-04-27 21:44:32 -04:00
Daniel García
34ea10475d
Project renaming 2021-04-27 23:18:32 +02:00
Olivier Martin
2421d49d9a Merge branch 'master' of github.com:dani-garcia/bitwarden_rs into 2fa_enforcement
# Conflicts:
#	src/db/models/org_policy.rs
#	src/db/models/organization.rs
2021-04-16 14:29:28 -04:00
Olivier Martin
d75a80bd2d Resolves dani-garcia/bitwarden_rs#981
* a user without 2fa trying to join a 2fa org will fail, but user gets an email to enable 2fa
* a user disabling 2fa will be removed from 2fa orgs; user gets an email for each org
* an org enabling 2fa policy will remove users without 2fa; users get an email
2021-04-11 22:57:17 -04:00
Jake Howard
994669fb69
Merge remote-tracking branch 'origin/master' into fmt 2021-04-06 21:55:28 +01:00
Jake Howard
3ab90259f2
Modify rustfmt file 2021-04-06 21:54:42 +01:00
Jeremy Lin
90e0b7fec6 Offset scheduled jobs by 5 minutes
This is intended to avoid contention with database backups that many users
probably schedule to start at exactly the top of an hour.
2021-04-05 23:20:08 -07:00
Jeremy Lin
d77333576b Add support for auto-deleting trashed items
Upstream will soon auto-delete trashed items after 30 days, but some people
use the trash as an archive folder, so to avoid unexpected data loss, this
implementation requires the user to explicitly enable auto-deletion.
2021-04-05 23:07:25 -07:00
Jeremy Lin
73ff8d79f7 Add a generic job scheduler
Also rewrite deletion of old sends using the job scheduler.
2021-04-05 23:07:15 -07:00
Jake Howard
0af3956abd
Run cargo fmt on codebase 2021-03-31 21:18:35 +01:00
Daniel García
8da5b99482
Send API 2021-03-14 23:35:55 +01:00
BlackDex
e794b397d3 Fixed small buggy in validation 2021-02-03 23:47:48 +01:00
Mathijs van Veluw
9e5fd2d576
Merge branch 'master' into admin-interface 2021-02-03 22:22:33 +01:00
BlackDex
705d840ea3 Extra features for admin interface.
- Able to modify the user type per organization
- Able to remove a whole organization
- Added podman detection
- Only show web-vault update when not running a containerized
  bitwarden_rs

Solves #936
2021-02-03 18:43:54 +01:00
BlackDex
5860679624 Updated dependencies and small mail fixes
- Updated rust nightly
- Updated depenencies
- Removed unicode support for regex (less dependencies)
- Fixed dependency and nightly changes/deprications
- Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
BlackDex
235ff44736 Updated the admin interface
Mostly updated the admin interface, also some small other items.

- Added more diagnostic information to (hopefully) decrease issue
  reporting, or at least solve them quicker.
- Added an option to generate a support string which can be used to
  copy/paste on the forum or during the creation of an issue. It will
try to hide the sensitive information automatically.
- Changed the `Created At` and `Last Active` info to be in a column and
  able to sort them in the users overview.
- Some small layout changes.
- Updated javascript and css files to the latest versions available.
- Decreased the png file sizes using `oxipng`
- Updated target='_blank' links to have rel='noreferrer' to prevent
  javascript window.opener modifications.
2021-01-19 17:55:21 +01:00
BlackDex
48baf723a4 Updated icon downloading
- Added more checks to prevent panics (Removed unwrap)
- Try do download from base domain or add www when the provided domain
  fails
- Added some more domain validation checks to prevent errors
- Added the ICON_BLACKLIST_REGEX to a Lazy Static HashMap which
  speeds-up the checks!
- Validate the Regex before starting/config change.
- Some cleanups
- Disabled some noisy debugging from 2 crates.
2020-12-08 17:34:18 +01:00
BlackDex
6faaeaae66 Updated email processing.
- Added an option to enable smtp debugging via SMTP_DEBUG. This will
  trigger a trace of the smtp commands sent/received to/from the mail
server. Useful when troubleshooting.
- Added two options to ignore invalid certificates which either do not
  match at all, or only doesn't match the hostname.
- Updated lettre to the latest alpha.4 version.
2020-11-18 12:07:08 +01:00
BlackDex
d11d663c5c Added error handling during dotenv loading
Some issue people report are because of misconfiguration or bad .env
files. To mittigate this i added error handling for this.

- Panic/Quit on a LineParse error, which indicates bad .env file format.
- Emits a info message when there is no .env file found.
- Emits a warning message when there is a .env file, but not no
  permissions.
- Emits a warning on every other message not specifically catched.
2020-11-12 13:40:26 +01:00
Rob Watson
b9daa59e5d Add DATABASE_MAX_CONNS config setting 2020-10-09 10:29:02 +02:00
Daniel García
729c9cff41
Retry initial db connection, with adjustable option 2020-10-03 22:32:00 +02:00
BlackDex
f847c6e225 Updated the config options descriptions.
Made some small changes to the description of the config options for
SMTP. Some were a bit cryptic and missing some extra descriptions.

Also made it more clear which type of secured smtp connection is going
to used.
2020-09-19 17:09:58 +02:00
BlackDex
c877583979 Allow multiple SMTP Auth meganisms.
- Allow all SMTP Auth meganisms supported by Lettre.
- The config value order is leading and values can be separated by a
  comma ','
- Case doesn't matter, and invalid values are ignored.
- Warning is printed when no valid value is found at all.
2020-09-12 21:47:24 +02:00
Daniel García
0365b7c6a4
Add support for multiple simultaneous database features by using macros.
Diesel requires the following changes:
- Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type
- Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names
- Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones
- Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-24 20:11:17 +02:00
Jeremy Lin
c05dc50f53 Add more docs on the email_token_size setting 2020-08-22 17:35:55 -07:00
Jeremy Lin
570d6c8bf9 Add support for restricting org creation to certain users 2020-08-05 22:35:29 -07:00
Jeremy Lin
071a3b2a32 Log timestamps with milliseconds by default 2020-07-23 14:19:51 -07:00
Jeremy Lin
d348f12a0e Add config option for log timestamp format 2020-07-22 21:50:49 -07:00
Daniel García
668d5c23dc
Removed try_trait and some formatting, particularly around imports 2020-07-14 18:34:22 +02:00
Daniel García
596c9b8691
Add option to set name during HELO in email settings 2020-07-05 01:59:15 +02:00
Armaan Tobaccowalla
624791e09a
Allow postgres:// DATABASE_URL 2020-07-04 16:13:27 -04:00
BlackDex
3c66deb5cc Redesign of the admin interface.
Main changes:
 - Splitted up settings and users into two separate pages.
 - Added verified shield when the e-mail address has been verified.
 - Added the amount of personal items in the database to the users overview.
 - Added Organizations and Diagnostics pages.
   - Shows if DNS resolving works.
   - Shows if there is a posible time drift.
   - Shows current versions of server and web-vault.
 - Optimized logo-gray.png using optipng

Items which can be added later:
 - Amount of cipher items accessible for a user, not only his personal items.
 - Amount of users per Org
 - Version update check in the diagnostics overview.
 - Copy/Pasteable runtime config which has sensitive data changed or removed for support questions either on the forum or github issues.
 - Option to delete Orgs and all its passwords (when there are no members anymore).
 - Etc....
2020-05-28 10:46:25 +02:00