mirrored/vaultwarden
1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-07-04 13:14:42 +02:00
Code Issues Releases Aktivität
1452 Commits 1 Branch 58 Tags 12 MiB
Commit-Graph

51 Commits

Autor SHA1 Nachricht Datum
Jake Howard b22564cb00
Cache icons on the client 
This should make the vault pages load much faster, and massively reduce the number of requests.
 2021-03-27 13:30:40 +00:00
Jeremy Lin 7d0e234b34 CORS fixes 
* The Safari extension apparently now uses the origin `file://` and expects
  that to be returned (see bitwarden/browser#1311, bitwarden/server#800).

* The `Access-Control-Allow-Origin` header was reflecting the value of the
  `Origin` header without checking whether the origin was actually allowed.
  This effectively allows any origin to interact with the server, which
  defeats the purpose of CORS.
 2021-03-07 00:35:08 -08:00
Jeremy Lin 513056f711 Check for data folder on startup 
Currently, when starting up for the first time (running standalone, outside
of Docker), bitwarden_rs panics when the `openssl` tool isn't able to create
`data/rsa_key.pem` due to the `data` dir not existing. Instead, print a more
helpful error message telling the user to create the directory.
 2021-02-28 01:45:05 -08:00
Jeremy Lin e37ff60617 Change twofactorauth.org to 2fa.directory 
The `twofactorauth.org` has apparently been sold to some company for
marketing purposes.
 2021-02-23 18:51:07 -08:00
Jeremy Lin 455a23361f Clean up datetime output and code 
* For clarity, add `UTC` suffix for datetimes in the `Diagnostics` admin tab.
* Format datetimes in the local timezone in the `Users` admin tab.
* Refactor some datetime code and add doc comments.
 2020-12-13 19:49:22 -08:00
janost e8ef76b8f9 Read config vars from files 2020-11-29 02:31:49 +01:00
Daniel García 729c9cff41
Retry initial db connection, with adjustable option 2020-10-03 22:32:00 +02:00
Jeremy Lin de70fbf88a Use strip_prefix() instead of trim_start_matches() as appropriate 
As of Rust 1.45.0, `strip_prefix()` is now stable.
 2020-07-20 22:33:13 -07:00
Daniel García 668d5c23dc
Removed try_trait and some formatting, particularly around imports 2020-07-14 18:34:22 +02:00
fdeĉ 4c3727b4a3 use format! for rounding to fix arm issue 2020-05-22 12:10:56 +02:00
Daniel García a8870eef0d
Convert to f32 before rounding to fix arm issue 2020-05-20 17:58:39 +02:00
Daniel García 9cca64003a
Remove unused dependency and simple feature, update dependencies and fix some clippy lints 2020-05-03 17:24:51 +02:00
Jeremy Lin 29a0795219 Add backend support for alternate base dir (subdir/subpath) hosting 
To use this, include a path in the `DOMAIN` URL, e.g.:

* `DOMAIN=https://example.com/custom-path`
* `DOMAIN=https://example.com/multiple/levels/are/ok`
 2020-02-18 21:27:00 -08:00
Daniel García 8867626de8
Add option to change invitation org name, fixes #825 
Add option to allow additional iframe ancestors, fixes #843
Sort the rocket routes before printing them
 2020-02-04 22:14:50 +01:00
Daniel García d212dfe735
Accept y/n, True/False, 1/0 as booleans in environment vars 2020-01-20 22:28:54 +01:00
Daniel García 36ae946655
Avoid some to_string in the request logging and include message to disable web vault when not found. 2019-12-29 15:34:22 +01:00
Daniel García 2545469713
Fix crash when page URL points to huge file 2019-12-19 00:37:16 +01:00
Daniel García a03db6d224
Also hide options requests, unless using debug or trace 2019-12-06 22:55:29 +01:00
Daniel García 8d1b72b951
Collapsed log messages from 3 lines per request to 2 and hidden the ones valued as less informative. 
Use LOG_LEVEL debug or trace to recover them.

Removed LOG_MOUNTS and bundled it with LOG_LEVEL debug and trace.

Removed duplicate error messages

Made websocket not proxied message more prominent, but only print it once.
 2019-12-06 22:46:12 +01:00
vpl 7b1da527a6 Change CORS headers 
Only add Allow-Origin to all requests and move the others to preflight OPTIONS request.
If Origin is `file://` change it to the wildcard.
 2019-10-01 20:12:33 +02:00
vpl 56f12dc982 Use Access-Control-Allow-Method 2019-09-23 07:44:44 +02:00
vpl 5a2f968d7a Set correct response headers, status code 2019-09-02 21:13:12 +02:00
vpl 16d88402cb Initial version of CORS support 2019-09-01 13:00:12 +02:00
Daniel García 4689ed7b30
Changed uppercase deserializer to avoid a clone. 2019-03-18 22:02:37 +01:00
Daniel García 5ee04e31e5
Updated dependencies, removed some unnecessary clones and fixed some lints 2019-02-20 17:54:18 +01:00
Daniel García 877408b808
Implement basic config loading and updating. No save to file yet. 2019-02-06 17:34:29 +01:00
Daniel García 86ed75bf7c
Config can now be serialized / deserialized 2019-02-06 17:34:29 +01:00
Daniel García a1dc47b826
Change config to thread-safe system, needed for a future config panel. 
Improved some two factor methods.
 2019-01-25 18:24:57 +01:00
Daniel García 834c847746
Implement admin JWT cookie, separate JWT issuers for each type of token and migrate admin page to handlebars template 2019-01-19 21:41:49 +01:00
TBK d8116a80df Add Feature-Policy header 2019-01-17 21:08:31 +01:00
Daniel García 30e768613b
Start using rustfmt and some style changes to make some lines shorter 2018-12-30 23:34:31 +01:00
Daniel García acb9d1b3c6
Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 2018-12-30 21:43:56 +01:00
Daniel García 6a99849a1e
Implemented proper error handling, now we can do user.save($conn)?; and it works. 
In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
 2018-12-30 21:31:12 +01:00
Daniel García 4e827e4f8a
Implement better retry and use it while saving device 2018-12-12 22:15:54 +01:00
Daniel García 7adc045b80
Updated IP logging to use client_ip, to match old remote behavior. 
Improved error logging, now it won't show a generic error message in some situations.
Removed delete device, which is not needed as it will be overwritten later.
Logged more info when an error occurs saving a device.
Added orgmanager to JWT claims.
 2018-12-09 17:58:38 +01:00
Daniel García cb930a0858
Remove some required values during login, now uses default values 2018-12-07 14:32:40 +01:00
Daniel García 94810c106a
Migrate to rust 2018 edition 2018-12-07 02:05:45 +01:00
Daniel García 2fde4e6933
Implemented proper logging, with support for file logging, timestamp and syslog (this last one is untested) 2018-12-06 20:35:25 +01:00
Daniel García c673370103
Updated bw_rs to Rocket version 0.4-rc1 2018-11-01 19:25:09 +01:00
Daniel García ce4fedf191
Change error response to be closer to upstream 2018-10-10 20:37:04 +02:00
Daniel García 948554a20f
Added config option for websocket port, and reworked the config parsing a bit. 
Added SMTP_FROM config to examples and made it mandatory, it doesn't make much sense to not specify the from address.
 2018-09-13 20:59:51 +02:00
Miroslav Prasil b3f3fd81ac Update theerror format to show message in new Vault 2018-08-15 15:50:07 +01:00
Daniel García 819622e310 Documented U2F, removed debug prints, and documented missing features 2018-07-13 15:58:50 +02:00
Daniel García dae92b9018 Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device. 2018-07-12 22:22:10 +02:00
Daniel García 410ee9f1f7 Fixed case problems, hopefully this time for real 2018-06-12 23:01:14 +02:00
Daniel García 483066b9a0 Some style changes, removed useless matches and formats 2018-06-11 15:44:37 +02:00
Daniel García 5ec728683e Make sure the inputs are always in the same case (PascalCase, which is what upstream seems to prefer most of the time) 2018-06-01 00:18:50 +02:00
Daniel García dfefbf1f31 Fixed cipher import, created missing data structs instead of using generic Value, and fixed some warnings 2018-02-23 00:38:54 +01:00
Daniel García 84a75c871b Improved error messagees, implemented delete ciphers, attachments and account, implemented two factor recovery. 
Known missing:
 - import ciphers, create ciphers types other than login and card, update ciphers
 - clear and put device_tokens
 - Equivalent domains
 - Organizations
 2018-02-15 19:05:57 +01:00
Daniel García b54684b677 Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00