Add option to change invitation org name, fixes #825

Add option to allow additional iframe ancestors, fixes #843 Sort the rocket routes before printing them
2020-02-04 22:14:50 +01:00 · 2020-02-04 22:14:50 +01:00 · 8867626de8
Commit 8867626de8
--- a/src/api/admin.rs
+++ b/src/api/admin.rs
@ -161,8 +161,7 @@ fn invite_user(data: Json<InviteData>, _token: AdminToken, conn: DbConn) -> Empt
    user.save(&conn)?;

    if CONFIG.mail_enabled() {
-        let org_name = "bitwarden_rs";
-        mail::send_invite(&user.email, &user.uuid, None, None, &org_name, None)
+        mail::send_invite(&user.email, &user.uuid, None, None, &CONFIG.invitation_org_name(), None)
    } else {
        let invitation = Invitation::new(data.email);
        invitation.save(&conn)
--- a/src/config.rs
+++ b/src/config.rs
@ -271,6 +271,9 @@ make_config! {

        /// Admin page token |> The token used to authenticate in this very same page. Changing it here won't deauthorize the current session
        admin_token:            Pass,   true,   option;
+
+        /// Invitation organization name |> Name shown in the invitation emails that don't come from a specific organization
+        invitation_org_name:    String, true,   def,    "Bitwarden_RS".to_string();
    },

    /// Advanced settings
@ -323,6 +326,9 @@ make_config! {

        /// Bypass admin page security (Know the risks!) |> Disables the Admin Token for the admin page so you may use your own auth in-front
        disable_admin_token:    bool,   true,   def,    false;
+
+        /// Allowed iframe ancestors (Know the risks!) |> Allows other domains to embed the web vault into an iframe, useful for embedding into secure intranets
+        allowed_iframe_ancestors: String, true, def,    String::new();
    },

    /// Yubikey settings
--- a/src/util.rs
+++ b/src/util.rs
@ -7,6 +7,8 @@ use rocket::response::{self, Responder};
 use rocket::{Data, Request, Response, Rocket};
 use std::io::Cursor;

+use crate::CONFIG;
+
 pub struct AppHeaders();

 impl Fairing for AppHeaders {
@ -23,7 +25,7 @@ impl Fairing for AppHeaders {
        res.set_raw_header("X-Frame-Options", "SAMEORIGIN");
        res.set_raw_header("X-Content-Type-Options", "nosniff");
        res.set_raw_header("X-XSS-Protection", "1; mode=block");
-        let csp = "frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb moz-extension://*;";
+        let csp = format!("frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb moz-extension://* {};", CONFIG.allowed_iframe_ancestors());
        res.set_raw_header("Content-Security-Policy", csp);

        // Disable cache unless otherwise specified
@ -131,7 +133,9 @@ impl Fairing for BetterLogging {
    fn on_launch(&self, rocket: &Rocket) {
        if self.0 {
            info!(target: "routes", "Routes loaded:");
-            for route in rocket.routes() {
+            let mut routes: Vec<_> = rocket.routes().collect();
+            routes.sort_by_key(|r| r.uri.path());
+            for route in routes {
                if route.rank < 0 {
                    info!(target: "routes", "{:<6} {}", route.method, route.uri);
                } else {