1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-22 05:10:29 +01:00
Commit-Graph

810 Commits

Autor SHA1 Nachricht Datum
BlackDex
d6e0ace192
Fix Login With Device without MasterPassword
It looks like either something changed in the latest v2023.8.x versions,
or when using Biometrics to login, but the MasterPasswordHash is an
optional value during the Approve action.

This PR makes the MasterPasswordHash an optional value which resolves
this issues. Bitwarden works the same way.

I also changed the EncKey to an Option in the database since empty
strings as a default value is not nice in databases, better to use
`null` in these cases.

Fixes #3819
2023-09-01 21:03:50 +02:00
BlackDex
32543c46da
Update Rust and Crates
- Updated Rust to v1.72.0
- Updated all the crates
  Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21
- Updated GitHub Workflows
- Run `cargo fmt` which has some new fmt's
- Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-31 22:45:53 +02:00
BlackDex
83d5432cbf
Update admin interface
- Updated the admin interface dependencies.
- Replace bootstrap-native with bootstrap
- Added auto theme with an option to switch to dark/light
- Some small color changes
- Added an dev only function to always load static files from disk
2023-08-31 21:14:53 +02:00
Daniel García
f579a4154c
Merge pull request #3806 from BlackDex/fix-3776
Allow Authorization header for Web Sockets
2023-08-31 20:46:07 +02:00
Daniel García
f5a19c5f8b
Merge pull request #3797 from stefan0xC/add-plans-all-endpoint
add new secretsmanager plan for web-v2023.8.x
2023-08-31 20:37:04 +02:00
BlackDex
aa9bc1f785
Allow Authorization header for Web Sockets
Some clients (Thirdparty) might use the `Authorization` header instead
of a query param. We didn't supported this since all the official
clients do not seem to use this way of working. But Bitwarden does check
both ways.

This PR adds an extra check for this header which can be optional.

Fixes #3776
2023-08-31 12:35:20 +02:00
Stefan Melmuk
f162e85e44
add UserDecryptionOptions to login response (#3813)
needed for web-v2023.8.2+ compatibility due to the inclusion of the new
trusted device encryption feature. without this change, the web vault
will assume that you don't have a master password set and force you to
set one.
2023-08-31 11:02:36 +02:00
Stefan Melmuk
33ef70c192
add minimal secretsmanager plan for web-v2023.8.x
in web-v2023.8.x the getPlans() call was changed from `/plans/` to `/plans/all`
and the create new organization form also requires a bitwardenProduct to
differentiate between plans for PasswordManager and the SecretsManager
2023-08-24 22:39:16 +02:00
BlackDex
6cdcb3b297
Optimized Favicon downloading
Some optimizations in regards to downloading Favicon's.

I also encounterd some issues with accessing some sites where the
connection got dropped or closed early. This seems a reqwest/hyper
thingy, https://github.com/hyperium/hyper/issues/2136. This is now also
fixed.

General:

- Decreased struct size
- Decreased memory allocations
- Optimized tokenizer a bit more to only emit tags when all attributes are there and are valid.

reqwest/hyper connection issue:
The following changes helped solve the connection issues to some sites.
The endresult is that some icons are now able to be downloaded always instead of sometimes.

- Enabled some extra reqwest features, `deflate` and `native-tls-alpn`
  (Which do not bring in any extra crates since other crates already enabled them, but they were not active for Vaultwarden it self)
- Configured reqwest to have a max amount of idle pool connections per host
- Configured reqwest to timeout the idle connections in 10 seconds
2023-08-13 19:13:00 +02:00
Bernd Schoolmann
8d7b3db33d Implement login-with-device 2023-08-13 17:54:18 +02:00
BlackDex
d892880dd2
Fix UserOrg status during LDAP Import
When a user does not have an account yet and SMTP was disabled it would
set the UserOrg status still to Accepted, though that would make it
possible to verify the user by the Org Admin's.
This would fail, since the user didn't actually crated his account, and
therefor no PublicKey existed.

This PR fixes this behaviour by checking if the password is empty and if
so, puts the user to an `Invited` state instead of `Accepted`.

Fixes #3737
2023-07-31 20:40:48 +02:00
BlackDex
4ec2507073
Remove debug code during attachment download
There was some debug code during attachment downloads.
This produces extra logs not needed or even wanted.
2023-07-17 15:36:54 +02:00
BlackDex
631d022e17
Fix some external_id issues
- Do not update `externalId` on group updates
   Groups are only updated via the web-vault currently, and those do not
   send the `externalId` value, and thus we need to prevent updating it.
 - Refactored some other ExternalId functions
 - Prevent empty `externalId` on `Collections`
 - Return `externalId` for users

Fixes #3685
2023-07-12 22:04:18 +02:00
BlackDex
08f37b9935
Fix org creation regresion
A previous PR added a field which isn't there on the initial creation of
an org. This PR fixes that.
2023-07-06 10:14:04 +02:00
Daniel García
a6cfdddfd8
Merge pull request #3649 from BlackDex/update-crates
Update crates and small clippy fix
2023-07-04 20:56:05 +02:00
Daniel García
814ce9a6ac
Merge pull request #3632 from sirux88/fix-reset-password-check-issue
fix missing password check while manual reset password enrollment
2023-07-04 20:55:34 +02:00
Daniel García
1bee46f64b
Merge pull request #3623 from fashberg/main
Added-External_id for Collections
2023-07-04 20:54:36 +02:00
Jan Jansen
84e901b7d2 add user to collection during creation
Signed-off-by: Jan Jansen <jan.jansen@gdata.de>
2023-07-04 20:27:37 +02:00
Folke Ashberg
6050c8dac5 Added-External_id for Collections 2023-07-04 20:26:03 +02:00
BlackDex
0a6b797e6e
Update crates and small clippy fix
- Update all crates
- Remove async which is reported by clippy in v1.72.0
2023-07-04 20:12:50 +02:00
sirux88
fb6f441a4f fixed unnecessary variable usage 2023-07-04 18:57:49 +02:00
sirux88
9876aedd67 added password check for manual reset
password enrollment endpoint
2023-07-04 18:57:49 +02:00
Daniel García
19e671ff25
Fix dataurl parse panic when icon is malformed 2023-07-03 20:20:26 +02:00
Daniel García
60964c07e6
Add some extra access checks for attachments and groups 2023-07-03 19:58:14 +02:00
GeekCornerGH
1074315a87
feat: Support for storing passkeys in the vault 2023-06-22 18:48:13 +02:00
BlackDex
3c0cac623d
Fix send access regression
In a previous commit push notifications for mobile were added, but this
introduced a header guard which caused issues with anonymous endpoints.

This PR fixes this by using a uuid with only 0's.

Fixes #3607
2023-06-22 16:40:26 +02:00
Jan Jansen
e818a0bf37 Add group import on invite
Fixes #3599

Signed-off-by: Jan Jansen <jan.jansen@gdata.de>
2023-06-22 11:10:43 +02:00
BlackDex
84a23008f4
Update crates and workflow
- Updated all the crates
- Updated workflow actions
- Set cargo registry to sparse
2023-06-21 22:01:05 +02:00
Bernd Schoolmann
e4606431d1
Fix mobile push blocking requests and spamming push server 2023-06-16 23:34:16 +02:00
BlackDex
a05187c0ff
Some code changes and optimizations
Some cleanups and optimizations done on the code generated by @Kurnihil
2023-06-13 08:51:07 +02:00
BlackDex
8e34495e73
Merge and modify PR from @Kurnihil
Merging a PR from @Kurnihil into the already rebased branch.
Made some small changes to make it work with newer changes.

Some finetuning is probably still needed.

Co-authored-by: Daniele Andrei <daniele.andrei@geo-satis.com>
Co-authored-by: Kurnihil
2023-06-13 08:51:07 +02:00
BlackDex
4219249e11
Add support for Organization token
This is a WIP for adding organization token login support.
It has basic token login and verification support, but that's about it.

This branch is a refresh of the previous version, and will contain code
from a PR based upon my previous branch.
2023-06-13 08:48:18 +02:00
GeekCornerGH
2d66292350
feat: Push Notifications
Co-authored-by: samb-devel <125741162+samb-devel@users.noreply.github.com>
Co-authored-by: Zoruk <Zoruk@users.noreply.github.com>
2023-06-11 13:28:18 +02:00
BlackDex
83376544d8 Fix collection change ws notifications
When chaning a collection this did not got notified via WebSockets.
This PR adds this feature and resolves #3534
2023-05-26 17:42:00 +02:00
BlackDex
636f16dc66
Prevent 401 on main admin page
When you are not loggedin, and have no cookie etc.. we always returned a 401.
This was mainly to allow the login page on all the sub pages, and after
login being redirected to the requested page, for these pages a 401 is a
valid response, since, you do not have access.

But for the main `/admin` page, it should just respond with a `200` and
show the login page.

This PR fixes this flow and response. It should prevent people using
Fail2ban, or other tools being triggered by only accessing the login page.

Resolves #3540
2023-05-25 23:40:36 +02:00
Stefan Melmuk
4d5c047ddc
policy data should be null not an empty object 2023-05-09 11:14:46 +02:00
BlackDex
f906f6230a
Change String to &str for all Rocket functions
During setting the latest commit hash for Rocket and updating all the
other crates, there were some messages regarding the usage of `String`
for the Rocket endpoint function calls. I acted upon this message and
changed all `String` types to `&str` and modified the code where needed.

This ended up in less alloc calls, and probably also a bit less memory usage.

- Updated all the crates and commit hashes
- Modified all `String` to `&str` where applicable
2023-04-30 17:18:12 +02:00
BlackDex
48cc31a59f
Small update to Rocket WebSockets
Switched from channels to stream. This is able to use yield, and the
code looks a bit nicer this way.

Also updated all the crates.
2023-04-12 15:59:05 +02:00
Daniel García
07099df41a
Merge pull request #3436 from BlackDex/fix-admin-base-url
Several config and admin interface fixes
2023-04-10 21:11:44 +02:00
BlackDex
ae437f70a3
Several config and admin interface fixes
- Fixed issue with domains starting with `admin`
- Fixed issue with DUO not being enabled globally anymore (regression)
- Renamed `Ciphers` to `Entries` in overview
- Improved `ADMIN_TOKEN` description
- Updated jquery-slim and datatables

Resolves #3382
Resolves #3415
Resolves discussion on #3288
2023-04-10 20:39:51 +02:00
BlackDex
3d11f4cd16
WebSockets via Rocket's Upgrade connection
This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections.
No more need for multiple ports to be opened for Vaultwarden.
No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy).

- Using a git revision for Rocket, since `rocket_ws` is not yet released.
- Updated other crates as well.
- Added a connection guard to clear the WS connection from the Users list.

Fixes #685
Fixes #2917
Fixes #1424
2023-04-10 16:58:58 +02:00
Daniel García
867c6ba056
Merge pull request #3398 from stefan0xC/dont-expect-kdf-memory-or-parallelism
always return KdfMemory and KdfParallelism
2023-04-02 15:22:42 +02:00
Daniel García
d1ecf03f44
Merge pull request #3397 from nikolaevn/feature/add-admin-reinvite-endpoint
support `/users/<uuid>/invite/resend` admin api
2023-04-02 15:21:51 +02:00
Nikolay Nikolaev
aa6f774f65 add check user state 2023-03-31 14:03:37 +03:00
Stefan Melmuk
39a5f2dbe8
clear kdf memory and parallelism with pbkdf2
when changing back from argon2id to PBKDF2 the unused parameters
should be set to 0.

also fix small bug in _register
2023-03-31 07:31:40 +02:00
Stefan Melmuk
0daaa9b175
always return KdfMemory and KdfParallelism
the client will ignore the value of theses fields in case of `PBKDF2`
(whether they are unset or left from trying out `Argon2id` as KDF).

with `Argon2id` those fields should never be `null` but always in a
valid state. if they are `null` (how would that even happen?) the
client still assumes default values for `Argon2id` (i.e. m=64 and p=4)
and if they are set to something else login will fail anyway.
2023-03-31 01:10:28 +02:00
Nikolay Nikolaev
0c085d21ce fmt 2023-03-30 16:04:35 +03:00
Nikolay Nikolaev
dcaaa430f0 support /users/<uuid>/invite/resend admin api 2023-03-30 15:23:16 +03:00
BlackDex
2cda54ceff
Fix password reset issues
There was used a wrong macro to produce an error message when mailing
the user his password was reset failed. It was using `error!()` which
does not return an `Err` and aborts the rest of the code.

This resulted in the users password still being resetted, but not being
notified. This PR fixes this by using `err!()`. Also, do not set the
user object as mutable until it really is needed.

Second, when a user was using the new Argon2id KDF with custom values
like memory and parallelism, that would have rendered the password
incorrect. The endpoint which should return all the data did not
returned all the new Argon2id values.

Fixes #3388

Co-authored-by: Stefan Melmuk <509385+stefan0xC@users.noreply.github.com>
2023-03-30 09:41:13 +02:00
Jeremy Lin
62cebebd3d
Decode knowndevice X-Request-Email as base64url with no padding
The clients end up removing the padding characters [1][2].

[1] https://github.com/bitwarden/clients/blob/web-v2023.3.0/libs/common/src/misc/utils.ts#L141-L143
[2] https://github.com/bitwarden/mobile/blob/v2023.3.1/src/Core/Utilities/CoreHelpers.cs#L227-L234
2023-03-27 00:03:54 -07:00