Daniel García
5e649f0d0d
Merge branch 'webauthn-origin' of https://github.com/jjlin/vaultwarden into jjlin-webauthn-origin
2021-09-06 17:16:56 +02:00
Daniel García
612c0e9478
Merge branch 'jjlin-bullseye' into main
2021-09-06 17:16:36 +02:00
Daniel García
0d2b3bfb99
Merge pull request #1945 from BlackDex/github-actions-release
...
Build Docker Hub images via Github Actions
2021-09-08 20:54:41 +02:00
Daniel García
c934838ace
Merge branch 'bullseye' of https://github.com/jjlin/vaultwarden into jjlin-bullseye
2021-09-06 17:16:28 +02:00
Jeremy Lin
4350e9d241
Update Debian base images to bullseye
2021-09-04 11:46:15 -07:00
Jeremy Lin
0cdc0cb147
Fix incorrect WebAuthn origin
...
This mainly affects users running Vaultwarden under a subpath.
Refs:
* https://github.com/kanidm/webauthn-rs/blob/b2cbb34/src/core.rs#L941-L948
* https://github.com/kanidm/webauthn-rs/blob/b2cbb34/src/core.rs#L316
* https://w3c.github.io/webauthn/#dictionary-client-data
2021-08-29 15:53:25 -07:00
BlackDex
20535065d7
Build Docker Hub images via Github Actions
...
Since docker hub stopped Autobuild, we need to switch to something else.
This will trigger building of images on Github Actions and pushes them
to Docker Hub.
You only need to add 3 secrets before you merge this PR to have it working directly.
- DOCKERHUB_USERNAME : The username of the account you are going to push the builds to
- DOCKERHUB_TOKEN : The token needed to login and push builds
- DOCKERHUB_REPO : The repo name in the following form `index.docker.io/<user>/<repo>`
So for vaultwarden that would be `index.docker.io/vaultwarden/server`
Also some small modifications to the other workflows.
2021-08-28 17:29:13 +02:00
Daniel García
a23f4a704b
Merge branch 'fabianthdev-fix/sends_notifications' into main
2021-08-22 22:17:00 +02:00
Daniel García
93f2f74767
Merge branch 'fix/sends_notifications' of https://github.com/fabianthdev/vaultwarden into fabianthdev-fix/sends_notifications
2021-08-22 22:16:50 +02:00
Daniel García
37ca202247
Merge branch 'mrckndt-fix-timezone-alpine-container' into main
2021-08-22 22:14:46 +02:00
Daniel García
37525b1e7e
Merge branch 'fix-timezone-alpine-container' of https://github.com/mrckndt/vaultwarden into mrckndt-fix-timezone-alpine-container
2021-08-22 22:14:38 +02:00
Daniel García
d594b5a266
Merge branch 'jjlin-fix-attachment-sharing' into main
2021-08-22 22:14:14 +02:00
Daniel García
41add45e67
Merge branch 'fix-attachment-sharing' of https://github.com/jjlin/vaultwarden into jjlin-fix-attachment-sharing
2021-08-22 22:14:07 +02:00
Daniel García
08b168a0a1
Merge branch 'BlackDex-fix-1878' into main
2021-08-22 22:12:59 +02:00
Daniel García
978ef2bc8b
Merge branch 'fix-1878' of https://github.com/BlackDex/vaultwarden into BlackDex-fix-1878
2021-08-22 22:12:52 +02:00
BlackDex
881d1f4334
Fix wrong display of MFA email.
...
There was some wrong logic regarding the display of which email is
configured to be used for the email MFA. This is now fixed.
Resolves #1878
2021-08-19 09:25:34 +02:00
Jeremy Lin
56b4f46d7d
Fix limitation on sharing ciphers with attachments
...
This check is several years old, so maybe there was a valid reason
for having it before, but it's not correct anymore.
2021-08-16 22:23:33 -07:00
Marco
f6bd8b3462
Adding tzdata to container
...
To be able to set a timezone inside a container with the env variable TZ
the tzdata package is needed. Otherwise only UTC will be set.
2021-08-06 13:39:33 +02:00
Fabian Thies
1f0f64d961
Sort the imports in notifications.rs alphabetically
2021-08-04 16:56:43 +02:00
Fabian Thies
42ba817a4c
Fix errors that occurred in the nightly build
2021-08-04 13:25:41 +02:00
Fabian Thies
dd98fe860b
Send create, update and delete notifications for Send
s in the correct format.
...
Add endpoints to get all sends or a specific send by its uuid.
2021-08-03 17:39:38 +02:00
Daniel García
1fe9f101be
Merge branch 'jjlin-fix-org-attachment-uploads' into main
2021-07-25 19:08:44 +02:00
Daniel García
c68fbb41d2
Merge branch 'fix-org-attachment-uploads' of https://github.com/jjlin/vaultwarden into jjlin-fix-org-attachment-uploads
2021-07-25 19:08:38 +02:00
Jeremy Lin
91e80657e4
Fix error with adding file attachment from org vault view
2021-08-18 20:54:36 -07:00
Daniel García
2db30f918e
Merge branch 'BlackDex-fix-sync-desktop-client' into main
2021-07-25 19:07:59 +02:00
Daniel García
cfceac3909
Merge branch 'fix-sync-desktop-client' of https://github.com/BlackDex/vaultwarden into BlackDex-fix-sync-desktop-client
2021-07-25 19:07:51 +02:00
BlackDex
58b046fd10
Fix syncing with Bitwarden Desktop v1.28.0
...
Syncing with the latest desktop client (v1.28.0) fails because it expects some json key/values to be there.
This PR adds those key/value pairs.
Resolves #1924
2021-08-21 10:36:08 +02:00
Daniel García
227779256c
Merge branch 'BlackDex-dep-update' into main
2021-07-25 19:07:04 +02:00
BlackDex
89b5f7c98d
Dependency updates
...
Updated several dependencies and switch to different totp library.
- Switch oath with totp-lite
oauth hasn't been updated in a long while and some dependencies could not be updated any more
It now also validates a preseeding 0, as the previous library returned an int instead of a str which stripped a leading 0
- Updated rust to the current latest nightly (including build image)
- Updated bootstrap css and js
- Updated hadolint to latest version
- Updated default rust image from v1.53 to v1.54
- Updated new nightly build/clippy messages
2021-08-22 13:46:48 +02:00
Daniel García
c666497130
Update webvault to 2.21.1
2021-07-25 18:56:06 +02:00
Daniel García
2620a1ac8c
Merge pull request #1869 from BlackDex/webauthn-plus-updates
...
Fix WebAuthn issues and some small updates
2021-07-25 17:23:37 +02:00
BlackDex
ffdcafa044
Fix WebAuthn issues and some small updates
...
- Updated some packages
- Updated code related to package updates.
- Disabled User Verification enforcement when WebAuthn Key sends UV=1
This makes it compatible with upstream and resolves #1840
- Fixed a bug where removing an individual WebAuthn key deleted the wrong key.
2021-07-25 14:49:55 +02:00
Daniel García
56ffec40f4
Formatting
2021-07-15 21:52:17 +02:00
Daniel García
96c2416903
Merge branch 'BlackDex-future-web-vault' into main
2021-07-15 21:51:52 +02:00
Mathijs van Veluw
340d42a1ca
Merge branch 'main' into future-web-vault
2021-07-15 21:43:23 +02:00
Daniel García
e19420160f
Simplify 2fa removed email and remove extra table close in the footer
2021-07-15 21:25:46 +02:00
Daniel García
1741316f42
Merge branch 'olivierIllogika-2fa_enforcement' into main
2021-07-15 19:27:45 +02:00
Daniel García
4f08167d6f
Merge branch '2fa_enforcement' of https://github.com/olivierIllogika/bitwarden_rs into olivierIllogika-2fa_enforcement
2021-07-15 19:27:36 +02:00
Daniel García
fef76e2f6f
Merge branch 'BlackDex-attachment-storage' into main
2021-07-15 19:20:57 +02:00
Daniel García
f16d56cb27
Merge branch 'attachment-storage' of https://github.com/BlackDex/vaultwarden into BlackDex-attachment-storage
2021-07-15 19:20:52 +02:00
Daniel García
120b286f2b
Merge branch 'umireon-umireon-add-edge-frame-ancestors' into main
2021-07-15 19:20:25 +02:00
Daniel García
7f437b6947
Merge branch 'umireon-add-edge-frame-ancestors' of https://github.com/umireon/vaultwarden into umireon-umireon-add-edge-frame-ancestors
2021-07-15 19:20:19 +02:00
Daniel García
8d6e62e18b
Merge branch 'jjlin-password-hints' into main
2021-07-15 19:18:30 +02:00
Daniel García
d0ec410b73
Merge branch 'password-hints' of https://github.com/jjlin/vaultwarden into jjlin-password-hints
2021-07-15 19:18:22 +02:00
Daniel García
c546a59c38
Dependency updates
2021-07-15 19:18:16 +02:00
Daniel García
e5ec245626
Protect namedfile against path traversal, rocket only does it for pathbuf
2021-07-15 19:15:55 +02:00
BlackDex
6ea95d1ede
Updated attachment limit descriptions
...
The user and org attachment limit use `size` as wording while it should
have been `storage` since it isn't per attachment, but the sum of all attachments.
- Changed the wording in the config/env
- Changed the wording of the error messages.
Resolves #1818
2021-07-13 15:17:03 +02:00
Jeremy Lin
88bea44dd8
Prevent user enumeration via password hints
...
When `show_password_hint` is enabled but mail is not configured, the previous
implementation returned a differentiable response for non-existent email
addresses.
Even if mail is enabled, there is a timing side channel since mail is sent
synchronously. Add a randomized sleep to mitigate this somewhat.
2021-07-10 01:21:27 -07:00
Jeremy Lin
8ee5d51bd4
Disable show_password_hint
by default
...
A setting that provides unauthenticated access to potentially sensitive data
shouldn't be enabled by default.
2021-07-10 01:20:37 -07:00
Kaito Udagawa
c640abbcd7
Update src/util.rs
...
Co-authored-by: William Desportes <williamdes@wdes.fr>
2021-07-08 02:55:58 +09:00