geforkt von mirrored/vaultwarden
Merge pull request #243 from mprasil/vault_2.5.0
Bump vault version to 2.5.0 [wip]
Dieser Commit ist enthalten in:
Commit
3cb911a52f
9 geänderte Dateien mit 158 neuen und 39 gelöschten Zeilen
|
@ -4,7 +4,7 @@
|
||||||
####################### VAULT BUILD IMAGE #######################
|
####################### VAULT BUILD IMAGE #######################
|
||||||
FROM node:8-alpine as vault
|
FROM node:8-alpine as vault
|
||||||
|
|
||||||
ENV VAULT_VERSION "v2.4.0"
|
ENV VAULT_VERSION "v2.5.0"
|
||||||
|
|
||||||
ENV URL "https://github.com/bitwarden/web.git"
|
ENV URL "https://github.com/bitwarden/web.git"
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
####################### VAULT BUILD IMAGE #######################
|
####################### VAULT BUILD IMAGE #######################
|
||||||
FROM node:8-alpine as vault
|
FROM node:8-alpine as vault
|
||||||
|
|
||||||
ENV VAULT_VERSION "v2.4.0"
|
ENV VAULT_VERSION "v2.5.0"
|
||||||
|
|
||||||
ENV URL "https://github.com/bitwarden/web.git"
|
ENV URL "https://github.com/bitwarden/web.git"
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
####################### VAULT BUILD IMAGE #######################
|
####################### VAULT BUILD IMAGE #######################
|
||||||
FROM node:8-alpine as vault
|
FROM node:8-alpine as vault
|
||||||
|
|
||||||
ENV VAULT_VERSION "v2.4.0"
|
ENV VAULT_VERSION "v2.5.0"
|
||||||
|
|
||||||
ENV URL "https://github.com/bitwarden/web.git"
|
ENV URL "https://github.com/bitwarden/web.git"
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
####################### VAULT BUILD IMAGE #######################
|
####################### VAULT BUILD IMAGE #######################
|
||||||
FROM node:8-alpine as vault
|
FROM node:8-alpine as vault
|
||||||
|
|
||||||
ENV VAULT_VERSION "v2.4.0"
|
ENV VAULT_VERSION "v2.5.0"
|
||||||
|
|
||||||
ENV URL "https://github.com/bitwarden/web.git"
|
ENV URL "https://github.com/bitwarden/web.git"
|
||||||
|
|
||||||
|
|
|
@ -132,9 +132,18 @@ pub struct CipherData {
|
||||||
}
|
}
|
||||||
|
|
||||||
#[post("/ciphers/admin", data = "<data>")]
|
#[post("/ciphers/admin", data = "<data>")]
|
||||||
fn post_ciphers_admin(data: JsonUpcase<CipherData>, headers: Headers, conn: DbConn, ws: State<WebSocketUsers>) -> JsonResult {
|
fn post_ciphers_admin(data: JsonUpcase<ShareCipherData>, headers: Headers, conn: DbConn, ws: State<WebSocketUsers>) -> JsonResult {
|
||||||
// TODO: Implement this correctly
|
let data: ShareCipherData = data.into_inner().data;
|
||||||
post_ciphers(data, headers, conn, ws)
|
|
||||||
|
let mut cipher = Cipher::new(data.Cipher.Type.clone(), data.Cipher.Name.clone());
|
||||||
|
cipher.user_uuid = Some(headers.user.uuid.clone());
|
||||||
|
match cipher.save(&conn) {
|
||||||
|
Ok(()) => (),
|
||||||
|
Err(_) => err!("Failed saving cipher")
|
||||||
|
};
|
||||||
|
|
||||||
|
share_cipher_by_uuid(&cipher.uuid, data, &headers, &conn, &ws)
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[post("/ciphers", data = "<data>")]
|
#[post("/ciphers", data = "<data>")]
|
||||||
|
|
|
@ -91,7 +91,7 @@ fn leave_organization(org_id: String, headers: Headers, conn: DbConn) -> EmptyRe
|
||||||
match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, &conn) {
|
match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, &conn) {
|
||||||
None => err!("User not part of organization"),
|
None => err!("User not part of organization"),
|
||||||
Some(user_org) => {
|
Some(user_org) => {
|
||||||
if user_org.type_ == UserOrgType::Owner as i32 {
|
if user_org.type_ == UserOrgType::Owner {
|
||||||
let num_owners = UserOrganization::find_by_org_and_type(
|
let num_owners = UserOrganization::find_by_org_and_type(
|
||||||
&org_id, UserOrgType::Owner as i32, &conn)
|
&org_id, UserOrgType::Owner as i32, &conn)
|
||||||
.len();
|
.len();
|
||||||
|
@ -378,9 +378,9 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
|
||||||
None => err!("Invalid type")
|
None => err!("Invalid type")
|
||||||
};
|
};
|
||||||
|
|
||||||
if new_type != UserOrgType::User as i32 &&
|
if new_type != UserOrgType::User &&
|
||||||
headers.org_user_type != UserOrgType::Owner as i32 {
|
headers.org_user_type != UserOrgType::Owner {
|
||||||
err!("Only Owners can invite Admins or Owners")
|
err!("Only Owners can invite Managers, Admins or Owners")
|
||||||
}
|
}
|
||||||
|
|
||||||
for email in data.Emails.iter() {
|
for email in data.Emails.iter() {
|
||||||
|
@ -452,9 +452,9 @@ fn confirm_invite(org_id: String, org_user_id: String, data: JsonUpcase<Value>,
|
||||||
None => err!("The specified user isn't a member of the organization")
|
None => err!("The specified user isn't a member of the organization")
|
||||||
};
|
};
|
||||||
|
|
||||||
if user_to_confirm.type_ != UserOrgType::User as i32 &&
|
if user_to_confirm.type_ != UserOrgType::User &&
|
||||||
headers.org_user_type != UserOrgType::Owner as i32 {
|
headers.org_user_type != UserOrgType::Owner {
|
||||||
err!("Only Owners can confirm Admins or Owners")
|
err!("Only Owners can confirm Managers, Admins or Owners")
|
||||||
}
|
}
|
||||||
|
|
||||||
if user_to_confirm.status != UserOrgStatus::Accepted as i32 {
|
if user_to_confirm.status != UserOrgStatus::Accepted as i32 {
|
||||||
|
@ -502,7 +502,7 @@ fn edit_user(org_id: String, org_user_id: String, data: JsonUpcase<EditUserData>
|
||||||
let data: EditUserData = data.into_inner().data;
|
let data: EditUserData = data.into_inner().data;
|
||||||
|
|
||||||
let new_type = match UserOrgType::from_str(&data.Type.into_string()) {
|
let new_type = match UserOrgType::from_str(&data.Type.into_string()) {
|
||||||
Some(new_type) => new_type as i32,
|
Some(new_type) => new_type,
|
||||||
None => err!("Invalid type")
|
None => err!("Invalid type")
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -511,21 +511,21 @@ fn edit_user(org_id: String, org_user_id: String, data: JsonUpcase<EditUserData>
|
||||||
None => err!("The specified user isn't member of the organization")
|
None => err!("The specified user isn't member of the organization")
|
||||||
};
|
};
|
||||||
|
|
||||||
if new_type != user_to_edit.type_ as i32 && (
|
if new_type != user_to_edit.type_ && (
|
||||||
user_to_edit.type_ <= UserOrgType::Admin as i32 ||
|
user_to_edit.type_ >= UserOrgType::Admin ||
|
||||||
new_type <= UserOrgType::Admin as i32
|
new_type >= UserOrgType::Admin
|
||||||
) &&
|
) &&
|
||||||
headers.org_user_type != UserOrgType::Owner as i32 {
|
headers.org_user_type != UserOrgType::Owner {
|
||||||
err!("Only Owners can grant and remove Admin or Owner privileges")
|
err!("Only Owners can grant and remove Admin or Owner privileges")
|
||||||
}
|
}
|
||||||
|
|
||||||
if user_to_edit.type_ == UserOrgType::Owner as i32 &&
|
if user_to_edit.type_ == UserOrgType::Owner &&
|
||||||
headers.org_user_type != UserOrgType::Owner as i32 {
|
headers.org_user_type != UserOrgType::Owner {
|
||||||
err!("Only Owners can edit Owner users")
|
err!("Only Owners can edit Owner users")
|
||||||
}
|
}
|
||||||
|
|
||||||
if user_to_edit.type_ == UserOrgType::Owner as i32 &&
|
if user_to_edit.type_ == UserOrgType::Owner &&
|
||||||
new_type != UserOrgType::Owner as i32 {
|
new_type != UserOrgType::Owner {
|
||||||
|
|
||||||
// Removing owner permmission, check that there are at least another owner
|
// Removing owner permmission, check that there are at least another owner
|
||||||
let num_owners = UserOrganization::find_by_org_and_type(
|
let num_owners = UserOrganization::find_by_org_and_type(
|
||||||
|
@ -538,7 +538,7 @@ fn edit_user(org_id: String, org_user_id: String, data: JsonUpcase<EditUserData>
|
||||||
}
|
}
|
||||||
|
|
||||||
user_to_edit.access_all = data.AccessAll;
|
user_to_edit.access_all = data.AccessAll;
|
||||||
user_to_edit.type_ = new_type;
|
user_to_edit.type_ = new_type as i32;
|
||||||
|
|
||||||
// Delete all the odd collections
|
// Delete all the odd collections
|
||||||
for c in CollectionUser::find_by_organization_and_user_uuid(&org_id, &user_to_edit.user_uuid, &conn) {
|
for c in CollectionUser::find_by_organization_and_user_uuid(&org_id, &user_to_edit.user_uuid, &conn) {
|
||||||
|
@ -591,12 +591,12 @@ fn delete_user(org_id: String, org_user_id: String, headers: AdminHeaders, conn:
|
||||||
None => err!("User to delete isn't member of the organization")
|
None => err!("User to delete isn't member of the organization")
|
||||||
};
|
};
|
||||||
|
|
||||||
if user_to_delete.type_ != UserOrgType::User as i32 &&
|
if user_to_delete.type_ != UserOrgType::User &&
|
||||||
headers.org_user_type != UserOrgType::Owner as i32 {
|
headers.org_user_type != UserOrgType::Owner {
|
||||||
err!("Only Owners can delete Admins or Owners")
|
err!("Only Owners can delete Admins or Owners")
|
||||||
}
|
}
|
||||||
|
|
||||||
if user_to_delete.type_ == UserOrgType::Owner as i32 {
|
if user_to_delete.type_ == UserOrgType::Owner {
|
||||||
// Removing owner, check that there are at least another owner
|
// Removing owner, check that there are at least another owner
|
||||||
let num_owners = UserOrganization::find_by_org_and_type(
|
let num_owners = UserOrganization::find_by_org_and_type(
|
||||||
&org_id, UserOrgType::Owner as i32, &conn)
|
&org_id, UserOrgType::Owner as i32, &conn)
|
||||||
|
@ -653,7 +653,7 @@ fn post_org_import(query: OrgIdData, data: JsonUpcase<ImportData>, headers: Head
|
||||||
None => err!("User is not part of the organization")
|
None => err!("User is not part of the organization")
|
||||||
};
|
};
|
||||||
|
|
||||||
if org_user.type_ > UserOrgType::Admin as i32 {
|
if org_user.type_ < UserOrgType::Admin {
|
||||||
err!("Only admins or owners can import into an organization")
|
err!("Only admins or owners can import into an organization")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
24
src/auth.rs
24
src/auth.rs
|
@ -184,7 +184,7 @@ pub struct OrgHeaders {
|
||||||
pub host: String,
|
pub host: String,
|
||||||
pub device: Device,
|
pub device: Device,
|
||||||
pub user: User,
|
pub user: User,
|
||||||
pub org_user_type: i32,
|
pub org_user_type: UserOrgType,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<'a, 'r> FromRequest<'a, 'r> for OrgHeaders {
|
impl<'a, 'r> FromRequest<'a, 'r> for OrgHeaders {
|
||||||
|
@ -225,7 +225,13 @@ impl<'a, 'r> FromRequest<'a, 'r> for OrgHeaders {
|
||||||
host: headers.host,
|
host: headers.host,
|
||||||
device: headers.device,
|
device: headers.device,
|
||||||
user: headers.user,
|
user: headers.user,
|
||||||
org_user_type: org_user.type_,
|
org_user_type: {
|
||||||
|
if let Some(org_usr_type) = UserOrgType::from_i32(&org_user.type_) {
|
||||||
|
org_usr_type
|
||||||
|
} else { // This should only happen if the DB is corrupted
|
||||||
|
err_handler!("Unknown user type in the database")
|
||||||
|
}
|
||||||
|
},
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -238,7 +244,7 @@ pub struct AdminHeaders {
|
||||||
pub host: String,
|
pub host: String,
|
||||||
pub device: Device,
|
pub device: Device,
|
||||||
pub user: User,
|
pub user: User,
|
||||||
pub org_user_type: i32,
|
pub org_user_type: UserOrgType,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<'a, 'r> FromRequest<'a, 'r> for AdminHeaders {
|
impl<'a, 'r> FromRequest<'a, 'r> for AdminHeaders {
|
||||||
|
@ -249,15 +255,15 @@ impl<'a, 'r> FromRequest<'a, 'r> for AdminHeaders {
|
||||||
Outcome::Forward(f) => Outcome::Forward(f),
|
Outcome::Forward(f) => Outcome::Forward(f),
|
||||||
Outcome::Failure(f) => Outcome::Failure(f),
|
Outcome::Failure(f) => Outcome::Failure(f),
|
||||||
Outcome::Success(headers) => {
|
Outcome::Success(headers) => {
|
||||||
if headers.org_user_type > UserOrgType::Admin as i32 {
|
if headers.org_user_type >= UserOrgType::Admin {
|
||||||
err_handler!("You need to be Admin or Owner to call this endpoint")
|
|
||||||
} else {
|
|
||||||
Outcome::Success(Self{
|
Outcome::Success(Self{
|
||||||
host: headers.host,
|
host: headers.host,
|
||||||
device: headers.device,
|
device: headers.device,
|
||||||
user: headers.user,
|
user: headers.user,
|
||||||
org_user_type: headers.org_user_type,
|
org_user_type: headers.org_user_type,
|
||||||
})
|
})
|
||||||
|
} else {
|
||||||
|
err_handler!("You need to be Admin or Owner to call this endpoint")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -278,14 +284,14 @@ impl<'a, 'r> FromRequest<'a, 'r> for OwnerHeaders {
|
||||||
Outcome::Forward(f) => Outcome::Forward(f),
|
Outcome::Forward(f) => Outcome::Forward(f),
|
||||||
Outcome::Failure(f) => Outcome::Failure(f),
|
Outcome::Failure(f) => Outcome::Failure(f),
|
||||||
Outcome::Success(headers) => {
|
Outcome::Success(headers) => {
|
||||||
if headers.org_user_type > UserOrgType::Owner as i32 {
|
if headers.org_user_type == UserOrgType::Owner {
|
||||||
err_handler!("You need to be Owner to call this endpoint")
|
|
||||||
} else {
|
|
||||||
Outcome::Success(Self{
|
Outcome::Success(Self{
|
||||||
host: headers.host,
|
host: headers.host,
|
||||||
device: headers.device,
|
device: headers.device,
|
||||||
user: headers.user,
|
user: headers.user,
|
||||||
})
|
})
|
||||||
|
} else {
|
||||||
|
err_handler!("You need to be Owner to call this endpoint")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
use std::cmp::Ordering;
|
||||||
use serde_json::Value as JsonValue;
|
use serde_json::Value as JsonValue;
|
||||||
|
|
||||||
use uuid::Uuid;
|
use uuid::Uuid;
|
||||||
|
@ -32,10 +33,101 @@ pub enum UserOrgStatus {
|
||||||
Confirmed = 2,
|
Confirmed = 2,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[derive(Copy, Clone)]
|
||||||
|
#[derive(PartialEq)]
|
||||||
|
#[derive(Eq)]
|
||||||
pub enum UserOrgType {
|
pub enum UserOrgType {
|
||||||
Owner = 0,
|
Owner = 0,
|
||||||
Admin = 1,
|
Admin = 1,
|
||||||
User = 2,
|
User = 2,
|
||||||
|
Manager = 3,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Ord for UserOrgType {
|
||||||
|
fn cmp(&self, other: &UserOrgType) -> Ordering {
|
||||||
|
if self == other {
|
||||||
|
Ordering::Equal
|
||||||
|
} else {
|
||||||
|
match self {
|
||||||
|
UserOrgType::Owner => Ordering::Greater,
|
||||||
|
UserOrgType::Admin => match other {
|
||||||
|
UserOrgType::Owner => Ordering::Less,
|
||||||
|
_ => Ordering::Greater
|
||||||
|
},
|
||||||
|
UserOrgType::Manager => match other {
|
||||||
|
UserOrgType::Owner | UserOrgType::Admin => Ordering::Less,
|
||||||
|
_ => Ordering::Greater
|
||||||
|
},
|
||||||
|
UserOrgType::User => Ordering::Less
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl PartialOrd for UserOrgType {
|
||||||
|
fn partial_cmp(&self, other: &UserOrgType) -> Option<Ordering> {
|
||||||
|
Some(self.cmp(other))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl PartialEq<i32> for UserOrgType {
|
||||||
|
fn eq(&self, other: &i32) -> bool {
|
||||||
|
*other == *self as i32
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl PartialOrd<i32> for UserOrgType {
|
||||||
|
fn partial_cmp(&self, other: &i32) -> Option<Ordering> {
|
||||||
|
if let Some(other) = Self::from_i32(other) {
|
||||||
|
return Some(self.cmp(&other))
|
||||||
|
}
|
||||||
|
return None
|
||||||
|
}
|
||||||
|
|
||||||
|
fn gt(&self, other: &i32) -> bool {
|
||||||
|
match self.partial_cmp(other) {
|
||||||
|
Some(Ordering::Less) | Some(Ordering::Equal) => false,
|
||||||
|
_ => true,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn ge(&self, other: &i32) -> bool {
|
||||||
|
match self.partial_cmp(other) {
|
||||||
|
Some(Ordering::Less) => false,
|
||||||
|
_ => true,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
impl PartialEq<UserOrgType> for i32 {
|
||||||
|
fn eq(&self, other: &UserOrgType) -> bool {
|
||||||
|
*self == *other as i32
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl PartialOrd<UserOrgType> for i32 {
|
||||||
|
fn partial_cmp(&self, other: &UserOrgType) -> Option<Ordering> {
|
||||||
|
if let Some(self_type) = UserOrgType::from_i32(self) {
|
||||||
|
return Some(self_type.cmp(other))
|
||||||
|
}
|
||||||
|
return None
|
||||||
|
}
|
||||||
|
|
||||||
|
fn lt(&self, other: &UserOrgType) -> bool {
|
||||||
|
match self.partial_cmp(other) {
|
||||||
|
Some(Ordering::Less) | None => true,
|
||||||
|
_ => false,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn le(&self, other: &UserOrgType) -> bool {
|
||||||
|
match self.partial_cmp(other) {
|
||||||
|
Some(Ordering::Less) | Some(Ordering::Equal) | None => true,
|
||||||
|
_ => false,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
impl UserOrgType {
|
impl UserOrgType {
|
||||||
|
@ -44,9 +136,21 @@ impl UserOrgType {
|
||||||
"0" | "Owner" => Some(UserOrgType::Owner),
|
"0" | "Owner" => Some(UserOrgType::Owner),
|
||||||
"1" | "Admin" => Some(UserOrgType::Admin),
|
"1" | "Admin" => Some(UserOrgType::Admin),
|
||||||
"2" | "User" => Some(UserOrgType::User),
|
"2" | "User" => Some(UserOrgType::User),
|
||||||
|
"3" | "Manager" => Some(UserOrgType::Manager),
|
||||||
_ => None,
|
_ => None,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn from_i32(i: &i32) -> Option<Self> {
|
||||||
|
match i {
|
||||||
|
0 => Some(UserOrgType::Owner),
|
||||||
|
1 => Some(UserOrgType::Admin),
|
||||||
|
2 => Some(UserOrgType::User),
|
||||||
|
3 => Some(UserOrgType::Manager),
|
||||||
|
_ => None,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Local methods
|
/// Local methods
|
||||||
|
@ -302,7 +406,7 @@ impl UserOrganization {
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn has_full_access(self) -> bool {
|
pub fn has_full_access(self) -> bool {
|
||||||
self.access_all || self.type_ < UserOrgType::User as i32
|
self.access_all || self.type_ >= UserOrgType::Admin
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> {
|
pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> {
|
||||||
|
|
|
@ -157,7 +157,7 @@ impl User {
|
||||||
|
|
||||||
pub fn delete(self, conn: &DbConn) -> QueryResult<()> {
|
pub fn delete(self, conn: &DbConn) -> QueryResult<()> {
|
||||||
for user_org in UserOrganization::find_by_user(&self.uuid, &*conn) {
|
for user_org in UserOrganization::find_by_user(&self.uuid, &*conn) {
|
||||||
if user_org.type_ == UserOrgType::Owner as i32 {
|
if user_org.type_ == UserOrgType::Owner {
|
||||||
if UserOrganization::find_by_org_and_type(
|
if UserOrganization::find_by_org_and_type(
|
||||||
&user_org.org_uuid,
|
&user_org.org_uuid,
|
||||||
UserOrgType::Owner as i32, &conn
|
UserOrgType::Owner as i32, &conn
|
||||||
|
|
Laden …
In neuem Issue referenzieren