From 7f69eebeb12141240df8c29ef4900cfb56af46f0 Mon Sep 17 00:00:00 2001
From: Misterbabou <58564168+Misterbabou@users.noreply.github.com>
Date: Fri, 17 Feb 2023 13:34:57 +0100
Subject: [PATCH 1/4] Fix Collection Read Only access for groups

I messed up with identation sorry it's my first PR

Fix Collection Read Only access for groups

Fix Collection Read Only access for groups

With indentation modification
---
 src/db/models/collection.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/db/models/collection.rs b/src/db/models/collection.rs
index 0b40196d..1ae29493 100644
--- a/src/db/models/collection.rs
+++ b/src/db/models/collection.rs
@@ -64,6 +64,8 @@ impl Collection {
                 Some(_) => {
                     if let Some(uc) = cipher_sync_data.user_collections.get(&self.uuid) {
                         (uc.read_only, uc.hide_passwords)
+                    } else if let Some(cg) = cipher_sync_data.user_collections_groups.get(&self.uuid) {
+                        (cg.read_only, cg.hide_passwords)
                     } else {
                         (false, false)
                     }

From 9f056523c951397c1d4650da4ddadf3bff099c57 Mon Sep 17 00:00:00 2001
From: r3drun3 <simone.ragonesi@kiratech.it>
Date: Wed, 15 Feb 2023 10:15:42 +0100
Subject: [PATCH 2/4] docs: add build status badge in readme

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 1201ab2b..2bec51ee 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
 📢 Note: This project was known as Bitwarden_RS and has been renamed to separate itself from the official Bitwarden server in the hopes of avoiding confusion and trademark/branding issues. Please see [#1642](https://github.com/dani-garcia/vaultwarden/discussions/1642) for more explanation.
 
 ---
-
+[![Build](https://github.com/dani-garcia/vaultwarden/actions/workflows/build.yml/badge.svg)](https://github.com/dani-garcia/vaultwarden/actions/workflows/build.yml)
 [![Docker Pulls](https://img.shields.io/docker/pulls/vaultwarden/server.svg)](https://hub.docker.com/r/vaultwarden/server)
 [![Dependency Status](https://deps.rs/repo/github/dani-garcia/vaultwarden/status.svg)](https://deps.rs/repo/github/dani-garcia/vaultwarden)
 [![GitHub Release](https://img.shields.io/github/release/dani-garcia/vaultwarden.svg)](https://github.com/dani-garcia/vaultwarden/releases/latest)

From fac44888cdcf9b7844dfcb21e484e5e67c5fafa9 Mon Sep 17 00:00:00 2001
From: BlackDex <black.dex@gmail.com>
Date: Thu, 16 Feb 2023 16:29:24 +0100
Subject: [PATCH 3/4] Validate all needed fields for client API login

During the client API login we need to have a `device_identifier`, `device_name` and `device_type`.
When these were not provided Vaultwarden would panic.

This PR add checks for these fields and makes sure it returns a better error message instead of causing a panic.
---
 src/api/identity.rs | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/api/identity.rs b/src/api/identity.rs
index 039e61d5..bb575cca 100644
--- a/src/api/identity.rs
+++ b/src/api/identity.rs
@@ -52,6 +52,10 @@ async fn login(data: Form<ConnectData>, client_header: ClientHeaders, mut conn:
             _check_is_some(&data.client_secret, "client_secret cannot be blank")?;
             _check_is_some(&data.scope, "scope cannot be blank")?;
 
+            _check_is_some(&data.device_identifier, "device_identifier cannot be blank")?;
+            _check_is_some(&data.device_name, "device_name cannot be blank")?;
+            _check_is_some(&data.device_type, "device_type cannot be blank")?;
+
             _api_key_login(data, &mut user_uuid, &mut conn, &ip).await
         }
         t => err!("Invalid type", t),

From 54cc47b14e329e7c874d40fe4d0109418b987be1 Mon Sep 17 00:00:00 2001
From: BlackDex <black.dex@gmail.com>
Date: Thu, 16 Feb 2023 17:29:12 +0100
Subject: [PATCH 4/4] Fix Organization delete when groups are configured

With existing groups configured within an org, deleting that org would
fail because of Foreign Key issues.

This PR fixes this by making sure the groups get deleted before the org does.

Fixes #3247
---
 src/db/models/group.rs        | 7 +++++++
 src/db/models/organization.rs | 3 ++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/db/models/group.rs b/src/db/models/group.rs
index 1d2e6062..6f267c10 100644
--- a/src/db/models/group.rs
+++ b/src/db/models/group.rs
@@ -151,6 +151,13 @@ impl Group {
         }
     }
 
+    pub async fn delete_all_by_organization(org_uuid: &str, conn: &mut DbConn) -> EmptyResult {
+        for group in Self::find_by_organization(org_uuid, conn).await {
+            group.delete(conn).await?;
+        }
+        Ok(())
+    }
+
     pub async fn find_by_organization(organizations_uuid: &str, conn: &mut DbConn) -> Vec<Self> {
         db_run! { conn: {
             groups::table
diff --git a/src/db/models/organization.rs b/src/db/models/organization.rs
index a6e4be21..34325b78 100644
--- a/src/db/models/organization.rs
+++ b/src/db/models/organization.rs
@@ -2,7 +2,7 @@ use num_traits::FromPrimitive;
 use serde_json::Value;
 use std::cmp::Ordering;
 
-use super::{CollectionUser, GroupUser, OrgPolicy, OrgPolicyType, TwoFactor, User};
+use super::{CollectionUser, Group, GroupUser, OrgPolicy, OrgPolicyType, TwoFactor, User};
 use crate::CONFIG;
 
 db_object! {
@@ -267,6 +267,7 @@ impl Organization {
         Collection::delete_all_by_organization(&self.uuid, conn).await?;
         UserOrganization::delete_all_by_organization(&self.uuid, conn).await?;
         OrgPolicy::delete_all_by_organization(&self.uuid, conn).await?;
+        Group::delete_all_by_organization(&self.uuid, conn).await?;
 
         db_run! { conn: {
             diesel::delete(organizations::table.filter(organizations::uuid.eq(self.uuid)))