mirrored/vaultwarden
1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-06-30 19:24:42 +02:00
Code Issues Releases Aktivität
1126 Commits 1 Branch 58 Tags 12 MiB
Commit-Graph

296 Commits

Autor SHA1 Nachricht Datum
Jeremy Lin 7407b8326a Fix attachment size limit calculation 
The config values (in KB) need to be converted to bytes when comparing
against total attachment sizes.
 2020-03-31 02:30:28 -07:00
Daniel García 94341f9f3f
Fix token error while accepting invite 2020-03-20 10:51:17 +01:00
Daniel García 2ee07ea1d8
Fix empty data when cloning cipher 2020-03-15 17:26:34 +01:00
BlackDex 1b4b40c95d Updated reqwest to the latest version. 
- Use the blocking client (no async).
- Disabled gzip.
- use_sys_proxy is now default.
 2020-03-14 23:12:45 +01:00
Daniel García a30d5f4cf9
Fix cloning issues 2020-03-14 14:08:57 +01:00
Daniel García 3fa78e7bb1
Initial version of policies 2020-03-14 13:32:28 +01:00
Daniel García 70f3ab8ec3
Migrate lazy_static to once_cell, less macro magic and slightly faster 2020-03-09 22:04:03 +01:00
Jeremy Lin 29a0795219 Add backend support for alternate base dir (subdir/subpath) hosting 
To use this, include a path in the `DOMAIN` URL, e.g.:

* `DOMAIN=https://example.com/custom-path`
* `DOMAIN=https://example.com/multiple/levels/are/ok`
 2020-02-18 21:27:00 -08:00
Daniel García 325039c316
Attachment size limits, per-user and per-organization 2020-02-17 22:56:26 +01:00
Daniel García f5916ec396
Fix backwards indices 2020-01-30 22:33:50 +01:00
Daniel García def174a517
Convert email domains to punycode 2020-01-30 22:11:53 +01:00
Daniel García 84ed185579
Update u2f to 0.2, which requires OpenSSL but also might solve the problems we've had with certificates. 
The rust image doesn't need installing curl or tar, so removed. Also collapsed ENV lines.
 2020-01-19 21:34:13 +01:00
Daniel García e274af6e3d
Print current server time when failing TOTP, and use chrono as the rest of the server 2019-12-27 18:42:14 +01:00
Daniel García a0ece3754b
Formatting 2019-12-27 18:37:14 +01:00
Daniel García 912e1f93b7
Fix some lints 2019-12-06 22:12:41 +01:00
Daniel García adc443ea80
Add endpoint to delete specific U2F key 2019-12-01 21:41:46 +01:00
Daniel García 12928b832c
Fix broken tests 2019-11-30 23:30:35 +01:00
tomuta bd1e8be328 Implement change-email, email-verification, account-recovery, and welcome notifications 2019-11-24 22:28:49 -07:00
tomuta 64d6f72e6c Add the ability to disable signups, but allow signups from a whitelist 
This feature can be enabled by setting SIGNUPS_ALLOWED=false and
providing a comma-separated list of whitelisted domains in
SIGNUPS_DOMAINS_WHITELIST.

Fixes #727
 2019-11-16 15:01:45 -07:00
BlackDex 3f6809bcdf Fixed issue/request #705 
Added a config option to disable time drifted totp codes.
Default is false, since this is what the RFC recommends.
 2019-11-07 17:11:29 +01:00
Patrick Li 85dbf4e16c
Don't include excluded global equivalent domains during sync 
Fixes #681
 2019-11-05 21:29:04 +13:00
Daniel García e449912f05
Generate recovery codes for email and duo 2019-11-02 18:31:50 +01:00
Daniel García d29b6bee28
Remove unnecessary clones and other clippy fixes 2019-11-02 17:39:01 +01:00
Miro Prasil 00a11b1b78 Stop leaking usernames when SIGNUPS_ALLOWED=false 
This fixes #691 - respond in less specific way to not leak the
fact that user is already registered on the server.
 2019-11-01 22:34:42 +00:00
vpl 2edecf34ff Use user_uuid instead of mut twofactor 2019-10-15 21:20:19 +02:00
vpl 18bc8331f9 Send email when preparing 2FA JsonError 2019-10-15 21:19:49 +02:00
BlackDex 603a964579 Fixed issue #663. 
During the 2fa activation there is no twofactor record yet.
Changed the layout a bit so that it will generate a new twofactor record
when it does not exists yet. Else it will just update the already
existing record.
 2019-10-14 00:32:44 +02:00
BlackDex 9466f02696 Recoded TOTP time drift validation 2019-10-12 15:28:28 +02:00
BlackDex ebf40099f2 Updated authenticator TOTP 
- Added security check for previouse used codes
- Allow TOTP codes with 1 step back and forward when there is a time
drift. This means in total 3 codes could be valid. But only newer codes
then the previouse used codes are excepted after that.
 2019-10-10 17:32:20 +02:00
BlackDex edc482c8ea Changed HIBP Error message. 
- Moved the manual link to the check to the top.
- Clearified that hibp is a payed service.
- Changed error logo to hibp logo.
 2019-10-08 22:29:12 +02:00
BlackDex 6e5c03cc78 Some modification when no HIBP API Key is set 
- Added an URL with the useraccount for manual check.
- Added support for HTTP(S)_PROXY for hibp.
 2019-10-08 21:39:11 +02:00
Daniel García df8114f8be
Updated client kdf iterations to 100000 and fixed some lints 2019-09-05 21:56:12 +02:00
Daniel García e3404dd322
Use the local scripts instead of cloudflare, remove jquery and update config so disabling a master toggle doesn't remove the values 2019-08-31 17:47:52 +02:00
Daniel García bfc517ee80
Remove unused warning 2019-08-31 17:26:16 +02:00
Daniel García 4a7d2a1e28
Rename static files endpoint 2019-08-31 17:25:31 +02:00
vpl 5d50b1ee3c Merge remote-tracking branch 'upstream/master' into email-codes 2019-08-26 21:38:45 +02:00
vpl c99df1c310 Compare token using crypto::ct_eq 2019-08-26 20:26:59 +02:00
vpl 591ae10144 Get token from single u64 2019-08-26 20:26:54 +02:00
Daniel García 026f9da035
Allow removing users two factors 2019-08-21 17:13:06 +02:00
Daniel García 515b87755a
Update HIBP to v3, requires paid API key, fixes #583 2019-08-20 20:07:12 +02:00
vpl ad2225b6e5 Add configuration options for Email 2FA 2019-08-10 22:39:04 +02:00
vpl 5609103a97 Use ring to generate email token 2019-08-06 22:38:08 +02:00
vpl 6d460b44b0 Use saved token for email 2fa codes 2019-08-04 17:21:57 +02:00
vpl efd8d9f528 Remove some unused imports, unneeded mut variables 2019-08-04 16:56:41 +02:00
vpl 29aedd388e Add email code logic and move two_factor into separate modules 2019-08-04 16:56:41 +02:00
Daniel García 05a1137828
Move backend checks to build.rs to fail fast, and updated dependencies 2019-07-09 17:26:34 +02:00
Emil Madsen e22e290f67 Fix key and type variable names for mysql 2019-05-20 21:24:29 +02:00
Daniel García 874f5c34bd
Formatting 2019-04-26 22:08:26 +02:00
Daniel García 253faaf023
Use users duo host when required, instead of always using the global one 2019-04-15 13:07:23 +02:00
Daniel García 3d843a6a51
Merge pull request #460 from janost/organization-vault-purge 
Fixed purging organization vault
 2019-04-14 22:30:51 +02:00