From aa355a96f92c731c01cf0c4b9d135808e144778e Mon Sep 17 00:00:00 2001 From: BlackDex Date: Sun, 11 Dec 2022 18:17:53 +0100 Subject: [PATCH 1/6] Fix org export (again) It looks like Bitwarden, in-the-end, didn't changed the export feature on v2022.11.0, and now have put in on v2023.1.0. This patch now changes that to the same version. Before those new clients are being released, we should see if they changed that again, and adjust where needed. --- src/api/core/organizations.rs | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index b612ccc3..e605080d 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -2403,13 +2403,13 @@ async fn delete_group_user( async fn get_org_export(org_id: String, headers: AdminHeaders, mut conn: DbConn) -> Json { use semver::{Version, VersionReq}; - // Since version v2022.11.0 the format of the export is different. + // Since version v2023.1.0 the format of the export is different. // Also, this endpoint was created since v2022.9.0. - // Therefore, we will check for any version smaller then 2022.11.0 and return a different response. - // If we can't determine the version, we will use the latest default v2022.11.0 and higher. - // https://github.com/bitwarden/server/blob/8a6f780d55cf0768e1869f1f097452328791983e/src/Api/Controllers/OrganizationExportController.cs#L44-L45 + // Therefore, we will check for any version smaller then v2023.1.0 and return a different response. + // If we can't determine the version, we will use the latest default v2023.1.0 and higher. + // https://github.com/bitwarden/server/blob/9ca93381ce416454734418c3a9f99ab49747f1b6/src/Api/Controllers/OrganizationExportController.cs#L44 let use_list_response_model = if let Some(client_version) = headers.client_version { - let ver_match = VersionReq::parse("<2022.11.0").unwrap(); + let ver_match = VersionReq::parse("<2023.1.0").unwrap(); let client_version = Version::parse(&client_version).unwrap(); ver_match.matches(&client_version) } else { @@ -2418,7 +2418,7 @@ async fn get_org_export(org_id: String, headers: AdminHeaders, mut conn: DbConn) // Also both main keys here need to be lowercase, else the export will fail. if use_list_response_model { - // Backwards compatible pre v2022.11.0 response + // Backwards compatible pre v2023.1.0 response Json(json!({ "collections": { "data": convert_json_key_lcase_first(_get_org_collections(&org_id, &mut conn).await), @@ -2432,7 +2432,7 @@ async fn get_org_export(org_id: String, headers: AdminHeaders, mut conn: DbConn) } })) } else { - // v2022.11.0 and newer response + // v2023.1.0 and newer response Json(json!({ "collections": convert_json_key_lcase_first(_get_org_collections(&org_id, &mut conn).await), "ciphers": convert_json_key_lcase_first(_get_org_details(&org_id, &headers.host, &headers.user.uuid, &mut conn).await), From 353d2e6e01fbca528bc4fef5b16bf17ff99de570 Mon Sep 17 00:00:00 2001 From: BlackDex Date: Thu, 8 Dec 2022 13:35:53 +0100 Subject: [PATCH 2/6] Increase privacy of masked config This changes the masking function to hide a bit more information from the generated support string. It will still keep showing the `://` for example, and `,`, but other characters will be hidden. Also did some small changes on some key's which all showed up as `Internal` on the Settings page. Fixes #2929 --- src/config.rs | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/src/config.rs b/src/config.rs index eb776bb9..edf5bbfe 100644 --- a/src/config.rs +++ b/src/config.rs @@ -232,14 +232,23 @@ macro_rules! make_config { /// We map over the string and remove all alphanumeric, _ and - characters. /// This is the fastest way (within micro-seconds) instead of using a regex (which takes mili-seconds) fn _privacy_mask(value: &str) -> String { - value.chars().map(|c| - match c { - c if c.is_alphanumeric() => '*', - '_' => '*', - '-' => '*', - _ => c - } - ).collect::() + let mut n: u16 = 0; + let mut colon_match = false; + value + .chars() + .map(|c| { + n += 1; + match c { + ':' if n <= 11 => { + colon_match = true; + c + } + '/' if n <= 13 && colon_match => c, + ',' => c, + _ => '*', + } + }) + .collect::() } serde_json::Value::Object({ @@ -475,9 +484,9 @@ make_config! { /// service is set, an icon request to Vaultwarden will return an HTTP redirect to the /// corresponding icon at the external service. icon_service: String, false, def, "internal".to_string(); - /// Internal + /// _icon_service_url _icon_service_url: String, false, gen, |c| generate_icon_service_url(&c.icon_service); - /// Internal + /// _icon_service_csp _icon_service_csp: String, false, gen, |c| generate_icon_service_csp(&c.icon_service, &c._icon_service_url); /// Icon redirect code |> The HTTP status code to use for redirects to an external icon service. /// The supported codes are 301 (legacy permanent), 302 (legacy temporary), 307 (temporary), and 308 (permanent). @@ -613,7 +622,7 @@ make_config! { helo_name: String, true, option; /// Embed images as email attachments. smtp_embed_images: bool, true, def, true; - /// Internal + /// _smtp_img_src _smtp_img_src: String, false, gen, |c| generate_smtp_img_src(c.smtp_embed_images, &c.domain); /// Enable SMTP debugging (Know the risks!) |> DANGEROUS: Enabling this will output very detailed SMTP messages. This could contain sensitive information like passwords and usernames! Only enable this during troubleshooting! smtp_debug: bool, false, def, false; From df0aa7949e35932b54942b84ee3e73a24847a845 Mon Sep 17 00:00:00 2001 From: "Helmut K. C. Tessarek" Date: Fri, 9 Dec 2022 16:31:40 -0500 Subject: [PATCH 3/6] Improve comments - The first one was not a proper sentence. - The second one mixed passive and active form in the secon d part of the sentence. --- .env.template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.env.template b/.env.template index 22877f15..7ccdacd3 100644 --- a/.env.template +++ b/.env.template @@ -83,11 +83,11 @@ ## Controls whether event logging is enabled for organizations ## This setting applies to organizations. -## Default this is disabled. Also check the EVENT_CLEANUP_SCHEDULE and EVENTS_DAYS_RETAIN settings. +## Disabled by default. Also check the EVENT_CLEANUP_SCHEDULE and EVENTS_DAYS_RETAIN settings. # ORG_EVENTS_ENABLED=false ## Number of days to retain events stored in the database. -## If unset (the default), events are kept indefently and also disables the scheduled job! +## If unset (the default), events are kept indefinitely and the scheduled job is disabled! # EVENTS_DAYS_RETAIN= ## Job scheduler settings From 5afba4674312bbc59aa221862ff96092cf858333 Mon Sep 17 00:00:00 2001 From: "Helmut K. C. Tessarek" Date: Fri, 9 Dec 2022 17:32:59 -0500 Subject: [PATCH 4/6] use black favicon for /admin --- src/api/web.rs | 1 + src/static/images/vaultwarden-favicon.png | Bin 0 -> 1615 bytes src/static/templates/404.hbs | 2 +- src/static/templates/admin/base.hbs | 2 +- 4 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 src/static/images/vaultwarden-favicon.png diff --git a/src/api/web.rs b/src/api/web.rs index a7640cd9..72bb66d0 100644 --- a/src/api/web.rs +++ b/src/api/web.rs @@ -101,6 +101,7 @@ pub fn static_files(filename: String) -> Result<(ContentType, &'static [u8]), Er "error-x.svg" => Ok((ContentType::SVG, include_bytes!("../static/images/error-x.svg"))), "hibp.png" => Ok((ContentType::PNG, include_bytes!("../static/images/hibp.png"))), "vaultwarden-icon.png" => Ok((ContentType::PNG, include_bytes!("../static/images/vaultwarden-icon.png"))), + "vaultwarden-favicon.png" => Ok((ContentType::PNG, include_bytes!("../static/images/vaultwarden-favicon.png"))), "bootstrap.css" => Ok((ContentType::CSS, include_bytes!("../static/scripts/bootstrap.css"))), "bootstrap-native.js" => Ok((ContentType::JavaScript, include_bytes!("../static/scripts/bootstrap-native.js"))), "jdenticon.js" => Ok((ContentType::JavaScript, include_bytes!("../static/scripts/jdenticon.js"))), diff --git a/src/static/images/vaultwarden-favicon.png b/src/static/images/vaultwarden-favicon.png new file mode 100644 index 0000000000000000000000000000000000000000..bb0e169a1e008dc0e41548c87a8b83c7fbdb6488 GIT binary patch literal 1615 zcmV-V2C(^wP)uwr$(CZQHhO+qQl4W^LQ4`d-rAwb{B_J&dQm^vNmw zt4<+{`SITrP+BDXQi~)IJlptQXa~VFpN*HATzO^v$N0~JrUe(!qGd4qPm{0VYniq` zgZ-uj63|-9#C_fpc??b;v;*ug=nQyF>PkETBcnLoDych;;76c+sk^C?k(O zcBCjDhRF`m2r+kg9%{7wg##t;;R4|Dt~4B2KR%@r7T*(PI|$}~$74_5B(O-1(?lC4 z%pVt%2O!2KrysjxRkS6bq#YnmHbsPv-5DX;USQ*(3lUOT;sEWUYzH;DoTZawAq9B6 zBG!B>c^41Am?gP1mrKodAR<-D6uInRdO$CZ)M7h0jW+1PA(v64Ow}HPI)6WWa0xAG zR#wm9LL|!|(epk(g6*Y&Mu|F#-q6b4bF3~LNiXVOM=2Qvbjz*4Tb2X4nO2V7m^(#Y z!vpgCt7$>YAm5kAt0H%@@v*dWlW1!Y`@@?udK-qz2ojy3!UIhKB~Rf(rvxKpINOYo zH=)0^kOn`tHB1({v0>qC9O%K;Gn>OWXD?d8;p~Qi8$~9=){hM~0!lsuN<1+8w{55%uk|>fhq;S<3o|7S?{;m4^RR=6XgqN8Gis3;;adK3=o-ECJH5PYYN;?1)`KE ziVWBj)+A1a{p-X9UC=V^3^KUv@o7!8mTM?Lk~OCWeb6#m5in=4ejfXMIvo;A+u< zz%7&@#ro6zhB@*oUWy&QmbqQH5|X&QW!~{_$`GY8F~E7sswAMy-KPE)E=hdHO#!^7 zz;6@*kB=J-O1{Jeiu~3T@B#s=3ob93VV}JlE#Po|;NS}K(86xB&7{1D+w6iF#C)0i zLIEXD;zE6E9Mc%~2@YMs<%zlF`zYrb6b_=9#&jPp5N$1ezf-EQuq?o}oKGJ!jm?E* zEne*-ndPKL^&A`@L{pQQThqfVq~=nN(|ixrm?-Gb!Z4B1L^}l_s!(7cS>k3X8<@5t z?()*y*NpO!^mtL^4Ll#jQKFk;824eaan5Hr$N;PZBr_bUXoDV@P)hKs2SFDUstQ`Qw(>hQk?VphF}*-gzG{1ksdE$D!?yTiQNAH!6G` zrkD`PR*pWFbO>T-;A<*$Yi_F6w%(Hsr-{-^DT8DJ5(dQjhgLFeLwZ`4#P&%nk6!THUMa2fXJ++)>R_=v#g0Ye;cxRZv4aW zk%$~i79h*9BJwdjJpNfs$okuu_x>gTF*xA4QO{8VDDm9r=MVH7VUzbw%=`PGxzaKo z9UNdCA^;KA2AmFf%dBLA=7L0BFGB|a=s?~D - + Page not found!