mirrored/vaultwarden
1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-07-02 12:14:41 +02:00
Code Issues Releases Aktivität
1501 Commits 1 Branch 58 Tags 12 MiB
Commit-Graph

355 Commits

Autor SHA1 Nachricht Datum
theycallmesteve 6a8c65493f
Rename collection_user_details to collection_read_only to reflect the response model 2020-05-08 13:37:40 -04:00
theycallmesteve dfdf4473ea
Rename to_json_list to to_json_provder to reflect the response model 2020-05-08 13:36:35 -04:00
theycallmesteve 632f4d5453
Whitespace fixes 2020-05-07 18:02:37 -04:00
Daniel García 9cca64003a
Remove unused dependency and simple feature, update dependencies and fix some clippy lints 2020-05-03 17:24:51 +02:00
Daniel García 0de52c6c99
Merge pull request #957 from jjlin/domain-whitelist 
Domain whitelist cleanup and fixes
 2020-04-18 12:08:48 +02:00
Daniel García e3b00b59a7
Initial support for soft deletes 2020-04-17 22:35:27 +02:00
Jeremy Lin e4d08836e2 Make org owner invitations respect the email domain whitelist 
This closes a loophole where org owners can invite new users from any domain.
 2020-04-09 01:51:05 -07:00
Jeremy Lin c2a324e5da Clean up domain whitelist logic 
* Make `SIGNUPS_DOMAINS_WHITELIST` override the `SIGNUPS_ALLOWED` setting.
  Otherwise, a common pitfall is to set `SIGNUPS_DOMAINS_WHITELIST` without
  realizing that `SIGNUPS_ALLOWED=false` must also be set.

* Whitespace is now accepted in `SIGNUPS_DOMAINS_WHITELIST`. That is,
  `foo.com, bar.com` is now equivalent to `foo.com,bar.com`.

* Add validation on `SIGNUPS_DOMAINS_WHITELIST`. For example, `foo.com,`
  is rejected as containing an empty token.
 2020-04-09 01:42:27 -07:00
Jeremy Lin 6cd8512bbd Fix Duo auth failure with non-lowercased email addresses 2020-04-07 20:40:51 -07:00
Jeremy Lin 7407b8326a Fix attachment size limit calculation 
The config values (in KB) need to be converted to bytes when comparing
against total attachment sizes.
 2020-03-31 02:30:28 -07:00
Daniel García 94341f9f3f
Fix token error while accepting invite 2020-03-20 10:51:17 +01:00
Daniel García 2ee07ea1d8
Fix empty data when cloning cipher 2020-03-15 17:26:34 +01:00
BlackDex 1b4b40c95d Updated reqwest to the latest version. 
- Use the blocking client (no async).
- Disabled gzip.
- use_sys_proxy is now default.
 2020-03-14 23:12:45 +01:00
Daniel García a30d5f4cf9
Fix cloning issues 2020-03-14 14:08:57 +01:00
Daniel García 3fa78e7bb1
Initial version of policies 2020-03-14 13:32:28 +01:00
Daniel García 70f3ab8ec3
Migrate lazy_static to once_cell, less macro magic and slightly faster 2020-03-09 22:04:03 +01:00
Jeremy Lin 29a0795219 Add backend support for alternate base dir (subdir/subpath) hosting 
To use this, include a path in the `DOMAIN` URL, e.g.:

* `DOMAIN=https://example.com/custom-path`
* `DOMAIN=https://example.com/multiple/levels/are/ok`
 2020-02-18 21:27:00 -08:00
Daniel García 325039c316
Attachment size limits, per-user and per-organization 2020-02-17 22:56:26 +01:00
Daniel García f5916ec396
Fix backwards indices 2020-01-30 22:33:50 +01:00
Daniel García def174a517
Convert email domains to punycode 2020-01-30 22:11:53 +01:00
Daniel García 84ed185579
Update u2f to 0.2, which requires OpenSSL but also might solve the problems we've had with certificates. 
The rust image doesn't need installing curl or tar, so removed. Also collapsed ENV lines.
 2020-01-19 21:34:13 +01:00
Daniel García e274af6e3d
Print current server time when failing TOTP, and use chrono as the rest of the server 2019-12-27 18:42:14 +01:00
Daniel García a0ece3754b
Formatting 2019-12-27 18:37:14 +01:00
Daniel García 912e1f93b7
Fix some lints 2019-12-06 22:12:41 +01:00
Daniel García adc443ea80
Add endpoint to delete specific U2F key 2019-12-01 21:41:46 +01:00
Daniel García 12928b832c
Fix broken tests 2019-11-30 23:30:35 +01:00
tomuta bd1e8be328 Implement change-email, email-verification, account-recovery, and welcome notifications 2019-11-24 22:28:49 -07:00
tomuta 64d6f72e6c Add the ability to disable signups, but allow signups from a whitelist 
This feature can be enabled by setting SIGNUPS_ALLOWED=false and
providing a comma-separated list of whitelisted domains in
SIGNUPS_DOMAINS_WHITELIST.

Fixes #727
 2019-11-16 15:01:45 -07:00
BlackDex 3f6809bcdf Fixed issue/request #705 
Added a config option to disable time drifted totp codes.
Default is false, since this is what the RFC recommends.
 2019-11-07 17:11:29 +01:00
Patrick Li 85dbf4e16c
Don't include excluded global equivalent domains during sync 
Fixes #681
 2019-11-05 21:29:04 +13:00
Daniel García e449912f05
Generate recovery codes for email and duo 2019-11-02 18:31:50 +01:00
Daniel García d29b6bee28
Remove unnecessary clones and other clippy fixes 2019-11-02 17:39:01 +01:00
Miro Prasil 00a11b1b78 Stop leaking usernames when SIGNUPS_ALLOWED=false 
This fixes #691 - respond in less specific way to not leak the
fact that user is already registered on the server.
 2019-11-01 22:34:42 +00:00
vpl 2edecf34ff Use user_uuid instead of mut twofactor 2019-10-15 21:20:19 +02:00
vpl 18bc8331f9 Send email when preparing 2FA JsonError 2019-10-15 21:19:49 +02:00
BlackDex 603a964579 Fixed issue #663. 
During the 2fa activation there is no twofactor record yet.
Changed the layout a bit so that it will generate a new twofactor record
when it does not exists yet. Else it will just update the already
existing record.
 2019-10-14 00:32:44 +02:00
BlackDex 9466f02696 Recoded TOTP time drift validation 2019-10-12 15:28:28 +02:00
BlackDex ebf40099f2 Updated authenticator TOTP 
- Added security check for previouse used codes
- Allow TOTP codes with 1 step back and forward when there is a time
drift. This means in total 3 codes could be valid. But only newer codes
then the previouse used codes are excepted after that.
 2019-10-10 17:32:20 +02:00
BlackDex edc482c8ea Changed HIBP Error message. 
- Moved the manual link to the check to the top.
- Clearified that hibp is a payed service.
- Changed error logo to hibp logo.
 2019-10-08 22:29:12 +02:00
BlackDex 6e5c03cc78 Some modification when no HIBP API Key is set 
- Added an URL with the useraccount for manual check.
- Added support for HTTP(S)_PROXY for hibp.
 2019-10-08 21:39:11 +02:00
Daniel García df8114f8be
Updated client kdf iterations to 100000 and fixed some lints 2019-09-05 21:56:12 +02:00
Daniel García e3404dd322
Use the local scripts instead of cloudflare, remove jquery and update config so disabling a master toggle doesn't remove the values 2019-08-31 17:47:52 +02:00
Daniel García bfc517ee80
Remove unused warning 2019-08-31 17:26:16 +02:00
Daniel García 4a7d2a1e28
Rename static files endpoint 2019-08-31 17:25:31 +02:00
vpl 5d50b1ee3c Merge remote-tracking branch 'upstream/master' into email-codes 2019-08-26 21:38:45 +02:00
vpl c99df1c310 Compare token using crypto::ct_eq 2019-08-26 20:26:59 +02:00
vpl 591ae10144 Get token from single u64 2019-08-26 20:26:54 +02:00
Daniel García 026f9da035
Allow removing users two factors 2019-08-21 17:13:06 +02:00
Daniel García 515b87755a
Update HIBP to v3, requires paid API key, fixes #583 2019-08-20 20:07:12 +02:00
vpl ad2225b6e5 Add configuration options for Email 2FA 2019-08-10 22:39:04 +02:00
vpl 5609103a97 Use ring to generate email token 2019-08-06 22:38:08 +02:00
vpl 6d460b44b0 Use saved token for email 2fa codes 2019-08-04 17:21:57 +02:00
vpl efd8d9f528 Remove some unused imports, unneeded mut variables 2019-08-04 16:56:41 +02:00
vpl 29aedd388e Add email code logic and move two_factor into separate modules 2019-08-04 16:56:41 +02:00
Daniel García 05a1137828
Move backend checks to build.rs to fail fast, and updated dependencies 2019-07-09 17:26:34 +02:00
Emil Madsen e22e290f67 Fix key and type variable names for mysql 2019-05-20 21:24:29 +02:00
Daniel García 874f5c34bd
Formatting 2019-04-26 22:08:26 +02:00
Daniel García 253faaf023
Use users duo host when required, instead of always using the global one 2019-04-15 13:07:23 +02:00
Daniel García 3d843a6a51
Merge pull request #460 from janost/organization-vault-purge 
Fixed purging organization vault
 2019-04-14 22:30:51 +02:00
janost 03fdf36bf9 Fixed purging organization vault 2019-04-14 22:12:48 +02:00
Daniel García fdcc32beda
Validate Duo credentials when custom 2019-04-14 22:05:05 +02:00
Daniel García 8d9827c55f
Implement selection between global config and user settings for duo keys. 2019-04-11 18:40:03 +02:00
Daniel García cad63f9761
Auto generate akey 2019-04-11 16:08:26 +02:00
Daniel García 621f607297
Update dependencies and fix some warnings 2019-04-11 15:40:19 +02:00
Daniel García 754087b990
Add global duo config and document options in .env template 2019-04-07 18:58:15 +02:00
Daniel García cfbeb56371
Implement user duo, initial version 
TODO:
- At the moment each user needs to configure a DUO application and input the API keys, we need to check if multiple users can register with the same keys correctly and if so we could implement a global setting.
- Sometimes the Duo frame doesn't load correctly, but canceling, reloading the page and logging in again seems to fix it for me.
 2019-04-05 22:09:53 +02:00
Daniel García 61515160a7
Allow changing error codes and create an empty error. 
Return 404 instead of 400 when no accounts breached.
 2019-03-14 00:17:36 +01:00
Daniel García 04922f6aa0
Some formatting and dependency updates 2019-03-03 16:11:55 +01:00
Daniel García 7d2bc9e162
Added option to force 2fa at logins and made some changes to two factor code. 
Added newlines to config options to keep them a reasonable length.
 2019-03-03 16:09:15 +01:00
Daniel García 10756b0920
Update dependencies and fix some lints 2019-02-27 17:21:04 +01:00
Дамјан Георгиевски 473f8b8e31 remove some unneeded mutability 2019-02-22 20:25:50 +01:00
Daniel García 5ee04e31e5
Updated dependencies, removed some unnecessary clones and fixed some lints 2019-02-20 17:54:18 +01:00
Daniel García a744b9437a
Implemented multiple U2f keys, key names, and compromised checks 2019-02-16 23:07:48 +01:00
Daniel García 6027b969f5
Delete old devices when deauthorizing user sessions 2019-02-16 23:06:26 +01:00
Daniel García 93805a5d7b
Fix Yubikeys deleted on error 2019-02-16 21:30:55 +01:00
Daniel García 820c8b0dce
Change use of deserialize_with for Option iterator 2019-02-08 19:12:08 +01:00
Daniel García 8b4a6f2a64
Fixed some clippy lints and changed update_uuid_revision to only use one db query 2019-02-08 18:45:07 +01:00
Daniel García 86ed75bf7c
Config can now be serialized / deserialized 2019-02-06 17:34:29 +01:00
Daniel García 20d8d800f3
Updated dependencies 2019-02-06 17:34:29 +01:00
Miroslav Prasil 637f655b6f Do not allocate uneccessary Vec 2019-02-05 14:16:07 +00:00
Miroslav Prasil b3f7394c06 Do not update revision at the end, as we already did that 2019-02-05 14:09:59 +00:00
Miroslav Prasil 1a5ecd4d4a cipher does not need to be mutable 2019-02-05 13:52:30 +00:00
Miroslav Prasil bd65c4e312 Remove superfluous cipher.save() call 2019-02-05 13:49:30 +00:00
Daniel García bef1183c49
Only send one notification per vault import and purge, improve move ciphers functions 2019-01-28 00:39:14 +01:00
Daniel García a1dc47b826
Change config to thread-safe system, needed for a future config panel. 
Improved some two factor methods.
 2019-01-25 18:24:57 +01:00
Daniel García 86de0ca17b
Fix editing users from collections menu 2019-01-25 17:43:51 +01:00
Stephen White 928ad6c1d8 Fix the list of users with access to a collection to display correctly. 
https://github.com/dani-garcia/bitwarden_rs/issues/364
 2019-01-25 14:18:06 +00:00
Daniel García a797459560
Implement HIBP check [WIP]. 
Add extra security attributes to admin cookie.
Error handling.
 2019-01-20 15:36:33 +01:00
Daniel García 834c847746
Implement admin JWT cookie, separate JWT issuers for each type of token and migrate admin page to handlebars template 2019-01-19 21:41:49 +01:00
Daniel García 1ce2587330
Correct update cipher order: first save cipher, then cipher-folder, then notify 2019-01-16 19:57:49 +01:00
Miroslav Prasil 71a10e0378 Fix sharing the item to organization. 2019-01-16 11:33:43 +00:00
Daniel García 9bf13b7872
Can't return inside multipart closure 2019-01-15 22:00:41 +01:00
Daniel García d420992f8c
Update some function calls to use ? 2019-01-15 21:47:16 +01:00
Daniel García c259a0e3e2
Save recovery code when using yubikey and stop repeating headers.user everywhere 2019-01-15 21:38:21 +01:00
Daniel García 432be274ba
Improve org mismatch check, consider different orgs 2019-01-15 17:31:03 +01:00
Daniel García 484bf5b703
Check that the client is not updating an outdated cipher, that should be part of an org now 2019-01-15 16:35:08 +01:00
Daniel García 4bf32af60e
Fix folder notifications, enable template strict mode and add missing option to env template 2019-01-15 15:28:47 +01:00
Daniel García f571df7367
Revert yubikey feature, not needed anymore 2019-01-12 15:28:41 +01:00
Daniel García 1d7f704754
Send CipherUpdate when adding and deleting attachments 2019-01-11 01:12:54 +01:00
Daniel García 1d034749f7
Fix AArch64 build by disabling yubico 2019-01-10 23:54:01 +01:00