1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-29 06:20:29 +01:00
Commit-Graph

1366 Commits

Autor SHA1 Nachricht Datum
0x0fbc
b4b2701905
Add support for MFA with Duo's Universal Prompt (#4637)
* Add initial working Duo Universal Prompt support.

* Add db schema and models for Duo 2FA state storage

* store duo states in the database and validate during authentication

* cleanup & comments

* bump state/nonce length

* replace stray use of TimeDelta

* more cleanup

* bind Duo oauth flow to device id, drop redundant device type handling

* drop redundant alphanum string generation code

* error handling cleanup

* directly use JWT_VALIDITY_SECS constant instead of copying it to DuoClient instances

* remove redundant explicit returns, rustfmt

* rearrange constants, update comments, error message

* override charset on duo state column to ascii for mysql

* Reduce twofactor_duo_ctx state/nonce column size in postgres and maria

* Add fixes suggested by clippy

* rustfmt

* Update to use the make_http_request

* Don't handle OrganizationDuo

* move Duo API endpoint fmt strings out of macros and into format! calls

* Add missing indentation

Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>

* remove redundant expiry check when purging Duo contexts

---------

Co-authored-by: BlackDex <black.dex@gmail.com>
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
2024-07-24 16:50:35 +02:00
Timshel
de66e56b6c
Allow to override log level for specific target (#4305) 2024-07-24 16:49:03 +02:00
Stefan Melmuk
ecfebaf3c7
allow re-invitations of existing users (#4768)
* allow re-invitations of existing users

* auto-accept existing user if mail is disabled

Apply suggestions from code review

Co-authored-by: Mathijs van Veluw <black.dex@gmail.com>

---------

Co-authored-by: Mathijs van Veluw <black.dex@gmail.com>
2024-07-24 00:32:46 +02:00
Daniel
bc7ceb2ee3
Update crates & fix crate vulnerability (#4771)
- fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
2024-07-24 00:26:39 +02:00
Mathijs van Veluw
b27e6e30c9
Fix Email 2FA login on native app (#4762) 2024-07-17 16:20:54 +02:00
Mathijs van Veluw
505b30eec2
Fix for RSA Keys which are read only (#4744)
* Fix for RSA Keys which are read only

Sometimes an RSA Key file could be read only.
We currently failed because we also wanted to write.
Added an extra check if the file exists already and is not 0 in size.
If it does already exists and is larger then 0, then open in read only
mode.

Fixes #4644

* Updated code to work atomically

- Changed the code to work atomically
- Also show the alert generated from `Io`

* Fix spelling
2024-07-17 12:59:22 +02:00
Mathijs van Veluw
54bfcb8bc3
Update admin interface (#4737)
- Updated datatables
- Set Cookie Secure flag if the connection is https
- Prevent possible XSS via Organization Name
  Converted all `innerHTML` and `innerText` to the Safe Sink version `textContent`
- Removed `jsesc` function as handlebars escapes all these chars already and more by default
2024-07-12 22:59:48 +02:00
Daniel García
035f694d2f
Improved HTTP client (#4740)
* Improved HTTP client

* Change config compat to use auto, rename blacklist

* Fix wrong doc references
2024-07-12 22:33:11 +02:00
Coby Geralnik
a4ab014ade
Fix bug where secureNotes is empty (#4730) 2024-07-10 22:13:55 +02:00
Stefan Melmuk
8e8483481f
use a custom plan of enterprise tier to fix limits (#4726)
* use a custom plan of enterprise tier to fix limits

* set maxStorageGb limit to max signed int value
2024-07-10 17:25:41 +02:00
Mathijs van Veluw
d04b94b77d
Some fixes for emergency access (#4715)
- Add missing `Headers` parameter for some functions
   This allowed any request from allowing these endpoints by not validating the user correctly.
 - Changed the functions to retreive the emergency access record by
   using the user uuid which calls the endpoint, instead of validating afterwards.
   This is more secure and prevents the need of an if check.
2024-07-08 23:39:22 +02:00
Stefan Melmuk
fda77afc2a
add group support for Cipher::get_collections() (#4592)
* add group support for Cipher::get_collections()

join group infos assigned to a collection to check
whether user has been given access to all collections via any group
or they have access to a specific collection via any group membership

* fix Collection::is_writable_by_user()

prevent side effects if groups are disabled

* differentiate the /collection endpoints

* return cipherDetails on post_collections_update()

* add collections_v2 endpoint
2024-07-04 20:28:19 +02:00
Mathijs van Veluw
bd91964170
Fix duplicate folder creations during import (#4702)
During import you are able to select an existing folder, or with
Bitwarden exports it can contain existing folders already. In either
case it didn't matter, we always created new folders.

Bitwarden uses the same UUID of the selected or existing folders if they
are already there.

This PR fixes this by using the same behaviour.

Fixes #4700
2024-07-04 19:57:32 +02:00
Mathijs van Veluw
d42b264a93
Fix collections and native app issue (#4685)
Collections were not visible in the organization view.
This was because the `flexibleCollections` was set to `true`

Found an issue with loading some old created Secure Notes which had `{}` or `{"type":null}` as there `data` value.
This isn't allowed. When detected, replace it with `{"type":0}`

Fixes #4682
Fixes #4590
2024-07-03 21:11:04 +02:00
Daniel García
a4c7fadbf4
Change some missing PascalCase keys (#4671) 2024-06-24 21:17:59 +02:00
Daniel García
4233dbf3db
Fix cipher creation on new android app (#4670) 2024-06-24 19:44:06 +02:00
Daniel García
a2bf8def2a
Change API and structs to camelCase (#4386)
* Change API inputs/outputs and structs to camelCase

* Fix fields and password history

* Use convert_json_key_lcase_first

* Make sends lowercase

* Update admin and templates

* Update org revoke

* Fix sends expecting size to be a string on mobile

* Convert two-factor providers to string
2024-06-23 21:31:02 +02:00
Daniel García
8f05a90b96
Fix some more nightly errors and remove lint that will become an error by default (#4661) 2024-06-20 20:25:40 +02:00
Daniel García
9082e7cebb
Fix some nightly build errors (#4657) 2024-06-20 09:35:52 +02:00
Mathijs van Veluw
55fdee3bf8
Update crates, web-vault and GHA (#4648)
- Updated all crates including Diesel and the new mysqlclient-sys
- Updated the MSRV to v1.78 as that is what Diesel mandates
- Added the mimalloc crate as a patch for now to fix armv6 static builds
  This probably makes #4606 possible
- Updated web-vault to v2024.5.1
- Updated GitHub Actions
  Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
Daniel García
377969ea67
Update rust and remove unused header values (#4645)
* Update rust and remove unused header values

* Missed one unused var
2024-06-16 22:05:17 +02:00
Mathijs van Veluw
f05398a6b3
Update admin interface dependencies (#4581)
- Updated JS/CSS dependencies
- Fixed a small issue regarding DNS IP detection
  fixes #3946
  fixes #3947
2024-05-25 15:39:36 +02:00
Timshel
9555ac7bb8
Remove compatibility route (#4578) 2024-05-25 15:29:58 +02:00
Stefan Melmuk
f01ef40a8e
differentiate external groups by organization id (#4586) 2024-05-25 15:20:36 +02:00
FDHoho007
753a9e0bae
Fix public api for domains with path prefix (#4500) 2024-05-19 20:33:31 +02:00
Stefan Melmuk
f5fb69b64f
also delete organization_api_key (#4557) 2024-05-19 20:33:00 +02:00
Daniel García
0fe93edea6
Some fixes for the new mobile apps (#4526) 2024-04-27 23:24:04 +02:00
Stefan Melmuk
e9aa5a545e
fix emergency access invites (#4337)
* fix emergency access invites with no mail

when mail is disabled instead of accepting emergency access for all
invited users automatically, we only accept if the user already exists

on registration of a new account any open emergency access invitations
will be accepted, if mail is disabled

also prevent invited emergency access contacts to register if emergency
access is disabled (this is only relevant for when mail is enabled, if
mail is disabled they should have an Invitation entry)

* delete emergency access invitations

if an invited user is deleted in the /admin panel their emergency
access invitation will remain in the database which causes
the to_json_grantee_details fn to panic

* improve missing emergency access grantees

instead of returning an empty emergency access contact the entry should
not be added to the list. also the error handling can be improved a bit.
2024-04-27 22:16:05 +02:00
Stefan Melmuk
9dcc738f85
improve access to collections via groups (#4441)
* refactor get_org_collections_details

* improve access to collection check

* fix get_org_collection_detail too
2024-04-27 22:09:00 +02:00
Kristof Mattei
84a7c7da5d
Pass in collection ids to notifier when sharing cipher. (#4517) 2024-04-27 21:53:10 +02:00
Daniel García
27dc67fadd
Implement custom DNS resolver (#3988) 2024-04-27 20:25:34 +02:00
Mathijs van Veluw
e1a8df96db
Update Key Rotation web-vault v2024.3.x (#4446)
Key rotation was changed since 2024.1.x.
Multiple other items were added to be rotated like password-reset and emergency-access data to be part of just one POST instead of having multiple.

See: https://github.com/dani-garcia/bw_web_builds/pull/157
2024-04-06 14:42:53 +02:00
Mathijs van Veluw
e42a37c6c1
Update crates and some Clippy fixes (#4475)
- Updated all crates including reqwest
- Fixed some clippy lints reported by nightly Rust
2024-04-06 13:55:10 +02:00
Daniel García
2d98aa3045
Use async verify for Yubikey (#4448) 2024-03-23 16:03:17 +01:00
Mathijs van Veluw
93636eb3c3
Update Rust and crates (#4445)
- Updated Rust to v1.77.0
- Updated several crates
  The `reqwest` update included `trust-dns` > `hickory-dns` changes.
  Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate.
- Fixed a new clippy warning
2024-03-23 15:40:34 +01:00
Mathijs van Veluw
1e42755187
Update chrono and sqlite (#4436)
- Updated sqlite crate
- Updated chrono crate

The latter needed a lot of changes done, mostly `Duration` to `TimeDelta`.
And some changes on how to use Naive.
2024-03-19 19:47:30 +01:00
guangwu
ce8efcc48f
fix: typos (#4440)
Signed-off-by: guoguangwu <guoguangwug@gmail.com>
2024-03-19 19:47:14 +01:00
Stefan Melmuk
79ce5b49bc
automatically use email address as 2fa provider (#4317) 2024-03-17 22:35:02 +01:00
Matlink
7c3cad197c
Fix #3624: fix manager permission within groups (#3754)
* Fix #3624: fix manager permission within groups

* Query returns UUID only

* Fix issue when user is manager and in a group having access to all collections

* optimize condition check

* fix(groups): renaming and optimizations

* fix: wrong organization group membership detection

* Simplify group membership check

Co-authored-by: Stefan Melmuk <509385+stefan0xC@users.noreply.github.com>

* Remove unused statement

* improve check if the user has access via groups

instead of returning the two lists of member ids and later checking if
they contain the uuid of the current user, we really only care if
the current user has full access via a group or if they have
access to a given collection via a group

* improve comments for get_org_collections_details

* small refactor to make it easier to review

* fix(groups): query full access via group only when necessary

Co-authored-by: Mathijs van Veluw <black.dex@gmail.com>

* chore(fmt): apply rustfmt

---------

Co-authored-by: Stefan Melmuk <509385+stefan0xC@users.noreply.github.com>
Co-authored-by: Stefan Melmuk <stefan.melmuk@gmail.com>
Co-authored-by: Mathijs van Veluw <black.dex@gmail.com>
2024-03-17 22:11:34 +01:00
gzfrozen
000c606029
Change timestamp data type. (#4355)
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
2024-03-17 22:04:37 +01:00
Jacques B
29144b2ce0
Small improvements around email change (#4415) 2024-03-17 19:55:03 +01:00
Helmut K. C. Tessarek
ea04b6f151
refactor: replace panic with a graceful exit (#4402)
* refactor: replace panic with a graceful exit

* fix: clippy errors

* fix: typo

* Update src/main.rs

Co-authored-by: Stefan Melmuk <509385+stefan0xC@users.noreply.github.com>

---------

Co-authored-by: Stefan Melmuk <509385+stefan0xC@users.noreply.github.com>
2024-03-17 19:53:41 +01:00
Mathijs van Veluw
3427217686
Remove custom WebSocket code (#4001)
* Remove custom WebSocket code

Remove our custom WebSocket code and only use the Rocket code.
Removed all options in regards to WebSockets
Added a new option `WEBSOCKET_DISABLED` which defaults too `false`.
This can be used to disable WebSockets if you really do not want to use it.

* Addressed remarks given and some updates

- Addressed comments given during review
- Updated crates, including Rocket to the latest merged v0.5 changes
- Removed an extra header which should not be sent for websocket connections

* Updated suggestions and crates

- Addressed the suggestions
- Updated Rocket to latest rc4
  Also made the needed code changes
- Updated all other crates
  Pinned `openssl` and `openssl-sys`

---------

Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
2024-03-17 19:52:55 +01:00
Daniel García
a1fbd6d729
Improve JWT key initialization and avoid saving public key (#4085) 2024-03-17 15:11:20 +01:00
Krapp
2cbfe6fa5b
Fix comment in events.rs (#4408)
I think
` // Collection events`
was repeated twice
2024-03-17 14:29:31 +01:00
one230six
d86c4f2c23
Signed-off-by: one230six <723682061@qq.com> (#4422)
Signed-off-by: one230six <723682061@qq.com>
2024-03-17 14:28:10 +01:00
Calvin Li
d0c22b9fc9
fix: web API call for jquery 3.7.1 (#4400) 2024-03-02 19:09:36 +01:00
Mathijs van Veluw
d6b97090fa
Update crates, GHA and a Python/JS scripts (#4357)
- Update all crates
- Update GHA
- Update Global Domains script to use main instead of master
  Also fixed some Python linting warnings
- Updated Admin JS and CSS libraries
2024-02-25 23:26:46 +01:00
Mathijs van Veluw
b9bdc9b8e2
Update Rust, crates and web-vault (#4328)
- Updated Rust to v1.76.0
- Updated crates
- Updated web-vault to v2024.1.2b
- Fixed some Clippy lints
- Moved lint check configuration Cargo.toml
- Fixed issue with Reset Password Enrollment when logged-in via device
2024-02-08 22:16:29 +01:00
Mathijs van Veluw
569add453d
Add Kubernetes environment detection (#4290)
Also check if we are running within a Kubernetes environment.
These do not always run using Docker or Podman of course.

Also renamed all the functions and variables to use `container` instead
of `docker`.
2024-02-02 21:44:19 +01:00