1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-16 04:12:53 +01:00
Commit-Graph

222 Commits

Autor SHA1 Nachricht Datum
BlackDex
de86aa671e Fix Key Rotation during password change
When ticking the 'Also rotate my account's encryption key' box, the key
rotated ciphers are posted after the change of password.

During the password change the security stamp was reseted which made
the posted key's return an invalid auth. This reset is needed to prevent other clients from still being able to read/write.

This fixes this by adding a new database column which stores a stamp exception which includes the allowed route and the current security stamp before it gets reseted.
When the security stamp check fails it will check if there is a stamp exception and tries to match the route and security stamp.

Currently it only allows for one exception. But if needed we could expand it by using a Vec<UserStampException> and change the functions accordingly.

fixes #1240
2020-12-14 19:58:23 +01:00
Daniel García
b32f4451ee
Merge branch 'master' into admin-disable-user 2020-12-08 15:42:37 +01:00
janost
1eb5495802 Show latest active device as last active on admin page 2020-12-03 17:07:32 +01:00
janost
043aa27aa3 Implement admin ability to enable/disable users 2020-11-30 23:12:56 +01:00
Ave
fa364c3f2c
Ensure that a user is actually in an org when applying policies 2020-11-08 01:14:17 +03:00
Daniel García
b5f9fe4d3b
Fix #1206 2020-11-07 23:03:02 +01:00
Daniel García
013d4c28b2
Try to fix #1218 2020-11-07 23:01:56 +01:00
Daniel García
448e6ac917
Invalidate sessions when changing password or kdf values 2020-10-03 22:43:13 +02:00
BlackDex
978be0b4a9 Fixed foreign-key (mariadb) errors.
When using MariaDB v10.5+ Foreign-Key errors were popping up because of
some changes in that version. To mitigate this on MariaDB and other
MySQL forks those errors are now catched, and instead of a replace_into
an update will happen. I have tested this as thorough as possible with
MariaDB 10.5, 10.4, 10.3 and the default MySQL on Ubuntu Focal. And
tested it again using sqlite, all seems to be ok on all tables.

resolves #1081. resolves #1065, resolves #1050
2020-09-22 12:13:02 +02:00
Jeremy Lin
0eee907c88 Simplify implementation of UserOrgType::cmp()
Also move `UserOrgType::from_str()` closer to the definition of `UserOrgType`
since it references specific enum values.
2020-09-13 02:03:16 -07:00
Jeremy Lin
4c3b328aca Hide ciphers from non-selected collections for org owners/admins
If org owners/admins set their org access to only include selected
collections, then ciphers from non-selected collections shouldn't
appear in "My Vault". This matches the upstream behavior.
2020-09-01 02:20:25 -07:00
Daniel García
aaba1e8368
Fix some clippy warnings and remove unused function 2020-08-28 22:10:28 +02:00
Jeremy Lin
175d647e47 Delete associated favorites when deleting a cipher or user
This prevents foreign key constraint violations.
2020-08-26 01:27:38 -07:00
Daniel García
0365b7c6a4
Add support for multiple simultaneous database features by using macros.
Diesel requires the following changes:
- Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type
- Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names
- Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones
- Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-24 20:11:17 +02:00
Jeremy Lin
f83a8a36d1 Track favorites on a per-user basis
Currently, favorites are tracked at the cipher level. For org-owned ciphers,
this means that if one user sets it as a favorite, it automatically becomes a
favorite for all other users that the cipher has been shared with.
2020-08-19 02:32:58 -07:00
Jeremy Lin
790146bfac Fix error in PostgreSQL build 2020-07-10 17:23:02 -07:00
Jeremy Lin
f9a73a9bbe More cipher optimization/cleanup 2020-07-03 10:49:10 -07:00
Jeremy Lin
35868dd72c Optimize cipher queries 2020-07-03 09:00:33 -07:00
Jeremy Lin
979d010dc2 Add support for hiding passwords in a collection
Ref: https://github.com/bitwarden/server/pull/743
2020-07-02 21:51:20 -07:00
BlackDex
ac2723f898 Updated Organizations overview
- Changed HTML to match users overview
- Added User count
- Added Org cipher amount
- Added Attachment count and size
2020-06-03 20:37:31 +02:00
BlackDex
2fffaec226 Added attachment info per user and some layout fix
- Added the amount and size of the attachments per user
- Changed the items count function a bit
- Some small layout changes
2020-06-03 17:57:03 +02:00
BlackDex
3c66deb5cc Redesign of the admin interface.
Main changes:
 - Splitted up settings and users into two separate pages.
 - Added verified shield when the e-mail address has been verified.
 - Added the amount of personal items in the database to the users overview.
 - Added Organizations and Diagnostics pages.
   - Shows if DNS resolving works.
   - Shows if there is a posible time drift.
   - Shows current versions of server and web-vault.
 - Optimized logo-gray.png using optipng

Items which can be added later:
 - Amount of cipher items accessible for a user, not only his personal items.
 - Amount of users per Org
 - Version update check in the diagnostics overview.
 - Copy/Pasteable runtime config which has sensitive data changed or removed for support questions either on the forum or github issues.
 - Option to delete Orgs and all its passwords (when there are no members anymore).
 - Etc....
2020-05-28 10:46:25 +02:00
Daniel García
aee1ea032b
Merge pull request #989 from theycallmesteve/update_responses
Update responses
2020-05-13 22:34:16 +02:00
theycallmesteve
08afc312c3
Add missing items to profileOrganization response model 2020-05-08 13:39:17 -04:00
theycallmesteve
6a8c65493f
Rename collection_user_details to collection_read_only to reflect the response model 2020-05-08 13:37:40 -04:00
theycallmesteve
dfdf4473ea
Rename to_json_list to to_json_provder to reflect the response model 2020-05-08 13:36:35 -04:00
theycallmesteve
632f4d5453
Whitespace fixes 2020-05-07 18:02:37 -04:00
Daniel García
9cca64003a
Remove unused dependency and simple feature, update dependencies and fix some clippy lints 2020-05-03 17:24:51 +02:00
Daniel García
e3b00b59a7
Initial support for soft deletes 2020-04-17 22:35:27 +02:00
BlackDex
1ee8e44912 Fixed issue #965
PostgreSQL updates/inserts ignored None/null values.
This is nice for new entries, but not for updates.
Added derive option to allways add these none/null values for Option<>
variables.

This solves issue #965
2020-04-15 16:49:33 +02:00
Daniel García
adf47827c9
Make sure the data field is always returned, otherwise the mobile apps seem to have issues 2020-03-30 22:19:50 +02:00
Daniel García
40c339db9b
Fix postgres policies, second try 2020-03-14 23:53:12 +01:00
Daniel García
819f340f39
Fix issue with postgres 2020-03-14 23:35:34 +01:00
Daniel García
3fa78e7bb1
Initial version of policies 2020-03-14 13:32:28 +01:00
Daniel García
325039c316
Attachment size limits, per-user and per-organization 2020-02-17 22:56:26 +01:00
Miro Prasil
03233429f4 Remove check from Invitation:take()
I've checked the spots when `Invitation::new()` and `Invitation::take()`
are used and it seems like all spots are already correctly gated. So to
enable invitations via admin API even when invitations are otherwise
disabled, this check can be removed.
2020-02-16 20:28:50 +00:00
Michael Powers
e196ba6e86
Switch error handling to ? operator instead of explicit handling. 2020-01-16 08:14:25 -05:00
Michael Powers
76743aee48
Fixes #635 - Unique constraint violation when using U2F tokens on PostgreSQL
Because of differences in how .on_conflict() works compared to .replace_into() the PostgreSQL backend wasn't correctly ensuring the unique constraint on user_uuid and atype wasn't getting violated.

This change simply issues a DELETE on the unique constraint prior to the insert to ensure uniqueness. PostgreSQL does not support multiple constraints in ON CONFLICT clauses.
2020-01-13 21:53:57 -05:00
tomuta
bd1e8be328 Implement change-email, email-verification, account-recovery, and welcome notifications 2019-11-24 22:28:49 -07:00
BlackDex
ebf40099f2 Updated authenticator TOTP
- Added security check for previouse used codes
- Allow TOTP codes with 1 step back and forward when there is a time
drift. This means in total 3 codes could be valid. But only newer codes
then the previouse used codes are excepted after that.
2019-10-10 17:32:20 +02:00
Daniel García
4c07f05b3a
Remove Result<T, E: Debug> in preparation of deprecation as Rocket responder.
Removed unnecessary returns
2019-09-17 21:05:56 +02:00
Michael Powers
f5f9861a78
Adds support for PostgreSQL which resolves #87 and is mentioned in #246.
This includes migrations as well as Dockerfile's for amd64.

The biggest change is that replace_into isn't supported by Diesel for the
PostgreSQL backend, instead requiring the use of on_conflict. This
unfortunately requires a branch for save() on all of the models currently
using replace_into.
2019-09-12 16:12:22 -04:00
Daniel García
df8114f8be
Updated client kdf iterations to 100000 and fixed some lints 2019-09-05 21:56:12 +02:00
vpl
6d460b44b0 Use saved token for email 2fa codes 2019-08-04 17:21:57 +02:00
vpl
29aedd388e Add email code logic and move two_factor into separate modules 2019-08-04 16:56:41 +02:00
Daniel García
76f38621de
Update dependencies and remove unwraps from Cipher::to_json 2019-06-14 22:51:50 +02:00
Emil Madsen
e22e290f67 Fix key and type variable names for mysql 2019-05-20 21:24:29 +02:00
Emil Madsen
ab95a69dc8 Rework migrations for MySQL 2019-05-20 21:12:41 +02:00
Daniel García
bf20355c5e
Merge branch 'duo' 2019-04-14 22:02:55 +02:00
Daniel García
0136c793b4
Implement better user status API, in the future we'll probably want a way to disable users.
We should migrate from the empty password hash to a separate column then.
2019-04-13 00:01:52 +02:00
Daniel García
621f607297
Update dependencies and fix some warnings 2019-04-11 15:40:19 +02:00
Daniel García
43f9038325
Add option to force resync clients in admin panel 2019-03-07 21:08:33 +01:00
Daniel García
7d2bc9e162
Added option to force 2fa at logins and made some changes to two factor code.
Added newlines to config options to keep them a reasonable length.
2019-03-03 16:09:15 +01:00
Дамјан Георгиевски
473f8b8e31 remove some unneeded mutability 2019-02-22 20:25:50 +01:00
Daniel García
9636f33fdb
Implement constant time equal check for admin, 2fa recover and 2fa remember tokens 2019-02-11 23:45:55 +01:00
Daniel García
8b4a6f2a64
Fixed some clippy lints and changed update_uuid_revision to only use one db query 2019-02-08 18:45:07 +01:00
Miroslav Prasil
08ca47cadb Update revision when adding or removing cipher from collection 2019-02-06 14:47:47 +00:00
Miroslav Prasil
5272b465cc Update revision of affected users when deleting Collection 2019-02-06 13:39:32 +00:00
Miroslav Prasil
bce656c787 Retry updating revision - fixes #383 2019-02-05 11:52:11 +00:00
Daniel García
bef1183c49
Only send one notification per vault import and purge, improve move ciphers functions 2019-01-28 00:39:14 +01:00
Daniel García
69036cc6a4
Add disabled user badge (no password) and deauthorize button to admin page. 2019-01-26 19:28:54 +01:00
Daniel García
700e084101
Add 2FA icon to admin panel 2019-01-25 18:50:57 +01:00
Daniel García
a1dc47b826
Change config to thread-safe system, needed for a future config panel.
Improved some two factor methods.
2019-01-25 18:24:57 +01:00
Daniel García
86de0ca17b
Fix editing users from collections menu 2019-01-25 17:43:51 +01:00
Stephen White
fc0e239bdf No point calling find_by_uuid now we don't use the result. 2019-01-25 14:25:15 +00:00
Stephen White
928ad6c1d8 Fix the list of users with access to a collection to display correctly.
https://github.com/dani-garcia/bitwarden_rs/issues/364
2019-01-25 14:18:06 +00:00
Daniel García
ddd49596ba
Fix invite empty email 2019-01-22 17:26:17 +01:00
Daniel García
834c847746
Implement admin JWT cookie, separate JWT issuers for each type of token and migrate admin page to handlebars template 2019-01-19 21:41:49 +01:00
Daniel García
6f52104324
Fix casing error in Attachment, should fix 'Attachment doesn't exist' errors 2019-01-11 01:35:15 +01:00
Daniel García
30e768613b
Start using rustfmt and some style changes to make some lines shorter 2018-12-30 23:34:31 +01:00
Daniel García
acb9d1b3c6
Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 2018-12-30 21:43:56 +01:00
Daniel García
b2fc0499f6
Finish invite functionality, and remove virtual organization 2018-12-30 21:40:26 +01:00
Daniel García
6a99849a1e
Implemented proper error handling, now we can do user.save($conn)?; and it works.
In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
2018-12-30 21:31:12 +01:00
Daniel García
1b5134dfe2
Fixed delete user when 2FA is enabled, implemented delete user for admin panel, and the front-end part for invite user. Secured admin panel behind a configurable token. 2018-12-30 21:31:11 +01:00
Daniel García
004a3f891f
Merge pull request #315 from aksdb/master
Restrict join on users_collections to current user (fixes #313)
2018-12-28 21:06:30 +01:00
Andreas Schneider
e7ea5097f4 Restrict join on users_collections to current user (fixes #313) 2018-12-28 15:25:51 +01:00
Miroslav Prasil
8451a70de6 Rewrite find_by_user_uuid to use one query 2018-12-27 18:56:01 +01:00
Daniel García
4e827e4f8a
Implement better retry and use it while saving device 2018-12-12 22:15:54 +01:00
Daniel García
7adc045b80
Updated IP logging to use client_ip, to match old remote behavior.
Improved error logging, now it won't show a generic error message in some situations.
Removed delete device, which is not needed as it will be overwritten later.
Logged more info when an error occurs saving a device.
Added orgmanager to JWT claims.
2018-12-09 17:58:38 +01:00
Daniel García
738ad2127b
Fixed some clippy linting issues 2018-12-07 15:01:29 +01:00
Daniel García
cb930a0858
Remove some required values during login, now uses default values 2018-12-07 14:32:40 +01:00
Daniel García
94810c106a
Migrate to rust 2018 edition 2018-12-07 02:05:45 +01:00
Daniel García
2fde4e6933
Implemented proper logging, with support for file logging, timestamp and syslog (this last one is untested) 2018-12-06 20:35:25 +01:00
Daniel García
6364c05789
Fix attachments during key rotation, add individual attachment key 2018-11-27 17:24:12 +01:00
Daniel García
f71f10eac6
Implemented key rotation with the latest vault 2018-11-24 23:00:41 +01:00
Daniel García
5edbd0e952
Merge branch 'master' into rocket-0.4
# Conflicts:
#	Cargo.lock
#	Cargo.toml
#	src/api/core/mod.rs
2018-11-19 19:52:43 +01:00
Miroslav Prasil
044cf19913 Prevent accepted user from seeing ciphers until confirmed (fixes #196) 2018-11-16 14:21:26 +00:00
Daniel García
f84cbeaaf8
Merge branch 'master' into rocket-0.4
# Conflicts:
#	src/db/models/organization.rs
2018-11-14 16:14:49 +01:00
Miroslav Prasil
dd684753d0 Fix gt() 2018-11-13 21:38:56 +00:00
Miroslav Prasil
f3e6cc6ffd Set PartialOrd to consider invalid i32 UserOrgType lower than anything 2018-11-13 16:34:21 +00:00
Miroslav Prasil
66a4c5d48b Implement comparison between i32 and UserOrgType 2018-11-12 17:13:25 +00:00
Daniel García
c673370103
Updated bw_rs to Rocket version 0.4-rc1 2018-11-01 19:25:09 +01:00
Daniel García
02fd68d63b
Merge pull request #218 from janost/refactor-folder-save
Folder::save() should return QueryResult instead of bool
2018-10-14 20:07:27 +02:00
janost
e985221b50 User::save() should return QueryResult instead of bool 2018-10-14 19:33:12 +02:00
janost
77cf63c06d Folder::save() should return QueryResult instead of bool 2018-10-14 18:25:04 +02:00
Daniel García
faec050a6d
Merge pull request #217 from janost/refactor-device-save
Device::save() should return QueryResult instead of bool
2018-10-14 17:35:59 +02:00
janost
58a78ffa54 Device::save() should return QueryResult instead of bool 2018-10-14 16:17:37 +02:00
janost
64f6c60bfd Organization::save() and UserOrganization::save() should return QueryResult instead of bool 2018-10-14 16:04:23 +02:00
Miroslav Prasil
a28caa33ef Implement poor man's admin panel 2018-10-12 15:20:10 +01:00
janost
5292d38c73 CollectionCipher::save() and delete() should return QueryResult instead of bool 2018-10-07 11:06:11 +02:00