Jeremy Lin
4c3b328aca
Hide ciphers from non-selected collections for org owners/admins
...
If org owners/admins set their org access to only include selected
collections, then ciphers from non-selected collections shouldn't
appear in "My Vault". This matches the upstream behavior.
2020-09-01 02:20:25 -07:00
aaxdev
260ffee093
Improving code
2020-08-31 22:20:21 +02:00
aaxdev
c59cfe3371
Fix MsgPack headers and support mobile SignalR
2020-08-31 19:05:07 +02:00
Daniel García
0822c0c128
Update admin page dependencies
2020-08-31 16:40:21 +02:00
Daniel García
aaba1e8368
Fix some clippy warnings and remove unused function
2020-08-28 22:10:28 +02:00
Jeremy Lin
175d647e47
Delete associated favorites when deleting a cipher or user
...
This prevents foreign key constraint violations.
2020-08-26 01:27:38 -07:00
Daniel García
0365b7c6a4
Add support for multiple simultaneous database features by using macros.
...
Diesel requires the following changes:
- Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type
- Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names
- Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones
- Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-24 20:11:17 +02:00
Daniel García
19889187a5
Merge pull request #1106 from jjlin/favorites
...
Track favorites on a per-user basis
2020-08-24 00:31:48 +02:00
Daniel García
9571277c44
Merge pull request #1112 from jjlin/token-size-docs
...
Add more docs on the `email_token_size` setting
2020-08-24 00:25:47 +02:00
Daniel García
a202da9e23
Merge pull request #1099 from jjlin/global-domains
...
Sync global_domains.json with upstream
2020-08-24 00:25:33 +02:00
Jeremy Lin
c05dc50f53
Add more docs on the email_token_size
setting
2020-08-22 17:35:55 -07:00
Jeremy Lin
d9684bef6b
Generate tokens more simply and uniformly
2020-08-22 16:07:53 -07:00
Jeremy Lin
db0c45c172
Sync global_domains.json to bitwarden/server@8383a08 (Yandex)
2020-08-20 03:31:21 -07:00
Jeremy Lin
ad4393e3f7
Sync global_domains.json to bitwarden/server@80f57d2 (Amazon updates)
2020-08-20 03:30:39 -07:00
Jeremy Lin
f83a8a36d1
Track favorites on a per-user basis
...
Currently, favorites are tracked at the cipher level. For org-owned ciphers,
this means that if one user sets it as a favorite, it automatically becomes a
favorite for all other users that the cipher has been shared with.
2020-08-19 02:32:58 -07:00
Jeremy Lin
0e9eba8c8b
Maximize similarity between MySQL and SQLite/PostgreSQL schemas
...
In particular, Diesel aliases `Varchar` to `Text`, and `Blob` to `Binary`:
* https://docs.diesel.rs/diesel/sql_types/struct.Text.html
* https://docs.diesel.rs/diesel/sql_types/struct.Binary.html
2020-08-19 02:32:56 -07:00
Jeremy Lin
d5c760960a
Sync global_domains.json to bitwarden/server@af85e17 (eBay India updates)
2020-08-19 00:40:59 -07:00
Jeremy Lin
2c6ef2bc68
Sync global_domains.json to bitwarden/server@2c43019 (eBay updates)
2020-08-15 01:34:12 -07:00
Jeremy Lin
7032ae5587
Sync global_domains.json to bitwarden/server@6aed80a (Amazon updates)
2020-08-15 01:32:56 -07:00
Jeremy Lin
6d9f03e84b
Sync global_domains.json to bitwarden/server@61b11e3
2020-08-12 21:10:31 -07:00
Daniel García
6a972e4b19
Make the admin URL redirect try to use the referrer first, and use /admin when DOMAIN is not configured and the referrer check doesn't work, to allow users without DOMAIN configured to use the admin page correctly
2020-08-12 19:07:52 +02:00
Daniel García
93b7ded1e6
Remove unneccessary shim for backtrace
2020-08-12 18:45:26 +02:00
Daniel García
29c6b145ca
Remove redundant user fetching from login
2020-08-11 16:48:15 +02:00
Daniel García
a7a479623c
Merge pull request #1087 from jjlin/org-creation-users
...
Add support for restricting org creation to certain users
2020-08-08 16:20:15 +02:00
Jeremy Lin
05b308b8b4
Sync global_domains.json with upstream
2020-08-06 12:13:40 -07:00
Jeremy Lin
570d6c8bf9
Add support for restricting org creation to certain users
2020-08-05 22:35:29 -07:00
Daniel García
ad48e9ed0f
Fix unlock on desktop clients
2020-08-04 15:12:04 +02:00
Jeremy Lin
a846f6c610
Fix soft delete notifications
...
A soft-deleted entry should now show up in the trash folder immediately
(previously, an extra sync was required).
2020-07-26 16:19:47 -07:00
Daniel García
fd1354d00e
Merge pull request #1067 from jjlin/log-time-fmt
...
Add config option for log timestamp format
2020-07-24 16:42:10 +02:00
Jeremy Lin
071a3b2a32
Log timestamps with milliseconds by default
2020-07-23 14:19:51 -07:00
Daniel García
32cfaab5ee
Updated dependencies and changed rocket request imports
2020-07-23 21:07:04 +02:00
Jeremy Lin
d348f12a0e
Add config option for log timestamp format
2020-07-22 21:50:49 -07:00
Jeremy Lin
de70fbf88a
Use strip_prefix()
instead of trim_start_matches()
as appropriate
...
As of Rust 1.45.0, `strip_prefix()` is now stable.
2020-07-20 22:33:13 -07:00
Daniel García
1e950c7dbc
Replace IP support in preparation for compiling on stable, included some tests to check that the code matches the unstable implementation
2020-07-15 00:00:03 +02:00
Daniel García
f14e19a3d8
Don't compile the regexes each time
2020-07-14 21:58:27 +02:00
Daniel García
668d5c23dc
Removed try_trait and some formatting, particularly around imports
2020-07-14 18:34:22 +02:00
Jeremy Lin
790146bfac
Fix error in PostgreSQL build
2020-07-10 17:23:02 -07:00
Jeremy Lin
a28ebcb401
Use local time in email notifications for new device logins
...
In this implementation, the `TZ` environment variable must be set
in order for the formatted output to use a more user-friendly
time zone abbreviation (e.g., `UTC`). Otherwise, the output uses
the time zone's UTC offset (e.g., `+00:00`).
2020-07-07 21:30:18 -07:00
Daniel García
77e47ddd1f
Merge pull request #1042 from jjlin/hide-passwords
...
Add support for hiding passwords in a collection
2020-07-06 18:56:06 +02:00
Daniel García
596c9b8691
Add option to set name during HELO in email settings
2020-07-05 01:59:15 +02:00
Armaan Tobaccowalla
624791e09a
Allow postgres:// DATABASE_URL
2020-07-04 16:13:27 -04:00
Jeremy Lin
f9a73a9bbe
More cipher optimization/cleanup
2020-07-03 10:49:10 -07:00
Jeremy Lin
35868dd72c
Optimize cipher queries
2020-07-03 09:00:33 -07:00
Jeremy Lin
979d010dc2
Add support for hiding passwords in a collection
...
Ref: https://github.com/bitwarden/server/pull/743
2020-07-02 21:51:20 -07:00
Daniel García
a87646b8cb
Some format changes to main.rs
2020-06-15 23:40:39 +02:00
BlackDex
24c914799d
Fixes #1022 cloning with attachments
...
When a cipher has one or more attachments it wasn't able to be cloned.
This commit fixes that issue.
2020-06-07 17:57:04 +02:00
BlackDex
325691e588
Fixed wrong status if there is an update.
...
- Checking the sha hash first if this is also in the server version.
- Added a badge to show if you are on a branched build.
2020-06-04 17:05:17 +02:00
Robert Kaussow
afbf1db331
add back openssl crate
2020-06-04 01:21:30 +02:00
BlackDex
ac2723f898
Updated Organizations overview
...
- Changed HTML to match users overview
- Added User count
- Added Org cipher amount
- Added Attachment count and size
2020-06-03 20:37:31 +02:00
BlackDex
2fffaec226
Added attachment info per user and some layout fix
...
- Added the amount and size of the attachments per user
- Changed the items count function a bit
- Some small layout changes
2020-06-03 17:57:03 +02:00
BlackDex
5c54dfee3a
Fixed an issue when DNS resolving fails.
...
In the event of a failed DNS Resolving checking for new versions will
cause a huge delay, and in the end a timeout when loading the page.
- Check if DNS resolving failed, if that is the case, do not check for
new versions
- Changed `fn get_github_api` to make use of structs
- Added a timeout of 10 seconds for the version check requests
- Moved the "Unknown" lables to the "Latest" lable
2020-06-03 17:07:32 +02:00
BlackDex
b47cf97409
Updated js/css libraries and fixed smallscreen err
...
- Updated bootstrap js and css to the latest version
- Fixed issue with small-screens where the menu overlaps the token input
- The menu now collapses to a hamburger menu
- Menu's only accessable when logedin are hidden when you are not
- Changed Users Overview to use a table to prevent small-screen issues.
2020-06-01 18:58:38 +02:00
Daniel García
5e802f8aa3
Update lettre to alpha release instead of git commit, and update the rest of dependencies while we are at it
2020-05-31 17:58:06 +02:00
Daniel García
0bdeb02a31
Merge pull request #1009 from jjlin/email-subject
...
Don't HTML-escape email subject lines
2020-05-31 00:22:58 +02:00
Jeremy Lin
39d1a09704
Avoid double-slashes in the admin URL
2020-05-30 01:06:40 -07:00
Jeremy Lin
a447e4e7ef
Don't HTML-escape email subject lines
...
For example, this causes org names like `X&Y` to appear as `X&Y`.
2020-05-30 00:36:43 -07:00
BlackDex
b6fde857a7
Added version check to diagnostics
...
- Added a version check based upon the github api information.
2020-05-28 20:25:25 +02:00
BlackDex
3c66deb5cc
Redesign of the admin interface.
...
Main changes:
- Splitted up settings and users into two separate pages.
- Added verified shield when the e-mail address has been verified.
- Added the amount of personal items in the database to the users overview.
- Added Organizations and Diagnostics pages.
- Shows if DNS resolving works.
- Shows if there is a posible time drift.
- Shows current versions of server and web-vault.
- Optimized logo-gray.png using optipng
Items which can be added later:
- Amount of cipher items accessible for a user, not only his personal items.
- Amount of users per Org
- Version update check in the diagnostics overview.
- Copy/Pasteable runtime config which has sensitive data changed or removed for support questions either on the forum or github issues.
- Option to delete Orgs and all its passwords (when there are no members anymore).
- Etc....
2020-05-28 10:46:25 +02:00
Jeremy Lin
a314933557
Allow email changes for existing accounts even when signups are disabled
2020-05-24 14:38:19 -07:00
Daniel García
c5d7e3f2bc
Merge pull request #1003 from frdescam/fix_arm_displaysize
...
Use format! for rounding to fix arm issue
2020-05-23 13:10:06 +02:00
Daniel García
c95a2881b5
Merge pull request #998 from frdescam/fix_email_templates
...
Fixing bad width in 2FA email template
2020-05-23 13:09:44 +02:00
fdeĉ
4c3727b4a3
use format! for rounding to fix arm issue
2020-05-22 12:10:56 +02:00
Daniel García
a8870eef0d
Convert to f32 before rounding to fix arm issue
2020-05-20 17:58:39 +02:00
François
afaebc6cf3
fixing hard coded width email templates
2020-05-20 13:38:04 +02:00
François
8f4a1f4fc2
fixing bad width in 2FA email template
2020-05-18 12:27:21 +02:00
Daniel García
0807783388
Add ip on totp miss
2020-05-14 00:19:50 +02:00
Daniel García
dc2f8e5c85
Merge pull request #994 from jjlin/help-text
...
Update startup banner to direct usage/config questions to the forum
2020-05-13 22:34:30 +02:00
Daniel García
aee1ea032b
Merge pull request #989 from theycallmesteve/update_responses
...
Update responses
2020-05-13 22:34:16 +02:00
Jeremy Lin
322a08edfb
Update startup banner to direct usage/config questions to the forum
2020-05-13 12:29:47 -07:00
theycallmesteve
08afc312c3
Add missing items to profileOrganization response model
2020-05-08 13:39:17 -04:00
theycallmesteve
5571a5d8ed
Update post_keys to return a keys response model
2020-05-08 13:38:49 -04:00
theycallmesteve
6a8c65493f
Rename collection_user_details to collection_read_only to reflect the response model
2020-05-08 13:37:40 -04:00
theycallmesteve
dfdf4473ea
Rename to_json_list to to_json_provder to reflect the response model
2020-05-08 13:36:35 -04:00
theycallmesteve
42e37ebea1
Apply upstream global domain values and whitespace fixes
2020-05-07 18:05:17 -04:00
theycallmesteve
632f4d5453
Whitespace fixes
2020-05-07 18:02:37 -04:00
Daniel García
6c5e35ce5c
Change the mails content types to more closely match what we sent before
2020-05-07 00:51:46 +02:00
Daniel García
4ff15f6dc2
Merge pull request #978 from AltiUP/patch-1
...
Delete the call to the map file
2020-05-03 22:30:06 +02:00
Daniel García
ec8028aef2
Merge pull request #979 from jjlin/admin-redirect
...
Use absolute URIs for admin page redirects
2020-05-03 22:27:09 +02:00
Daniel García
63cbd9ef9c
Update lettre to latest master
2020-05-03 17:41:53 +02:00
Daniel García
9cca64003a
Remove unused dependency and simple feature, update dependencies and fix some clippy lints
2020-05-03 17:24:51 +02:00
Jeremy Lin
819d5e2dc8
Use absolute URIs for admin page redirects
...
This is technically required per RFC 2616 (HTTP/1.1); some proxies will
rewrite a plain `/admin` path to an unexpected URL otherwise.
2020-05-01 00:31:47 -07:00
Christophe Gherardi
3b06ab296b
Delete the call to the map file
...
The file bootstrap.css.map is missing, the reference can be deleted.
2020-04-30 19:41:58 +02:00
Daniel García
0de52c6c99
Merge pull request #957 from jjlin/domain-whitelist
...
Domain whitelist cleanup and fixes
2020-04-18 12:08:48 +02:00
Daniel García
e3b00b59a7
Initial support for soft deletes
2020-04-17 22:35:27 +02:00
BlackDex
1ee8e44912
Fixed issue #965
...
PostgreSQL updates/inserts ignored None/null values.
This is nice for new entries, but not for updates.
Added derive option to allways add these none/null values for Option<>
variables.
This solves issue #965
2020-04-15 16:49:33 +02:00
Jeremy Lin
86685c1cd2
Ensure email domain comparison is case-insensitive
2020-04-11 14:51:36 -07:00
Jeremy Lin
0a68de6c24
Warn on empty ADMIN_TOKEN
instead of bailing out
...
The admin page will still be disabled.
Fixes #849 .
2020-04-09 20:55:08 -07:00
Jeremy Lin
e4d08836e2
Make org owner invitations respect the email domain whitelist
...
This closes a loophole where org owners can invite new users from any domain.
2020-04-09 01:51:05 -07:00
Jeremy Lin
c2a324e5da
Clean up domain whitelist logic
...
* Make `SIGNUPS_DOMAINS_WHITELIST` override the `SIGNUPS_ALLOWED` setting.
Otherwise, a common pitfall is to set `SIGNUPS_DOMAINS_WHITELIST` without
realizing that `SIGNUPS_ALLOWED=false` must also be set.
* Whitespace is now accepted in `SIGNUPS_DOMAINS_WHITELIST`. That is,
`foo.com, bar.com` is now equivalent to `foo.com,bar.com`.
* Add validation on `SIGNUPS_DOMAINS_WHITELIST`. For example, `foo.com,`
is rejected as containing an empty token.
2020-04-09 01:42:27 -07:00
Jeremy Lin
6cd8512bbd
Fix Duo auth failure with non-lowercased email addresses
2020-04-07 20:40:51 -07:00
Jeremy Lin
7407b8326a
Fix attachment size limit calculation
...
The config values (in KB) need to be converted to bytes when comparing
against total attachment sizes.
2020-03-31 02:30:28 -07:00
Daniel García
adf47827c9
Make sure the data field is always returned, otherwise the mobile apps seem to have issues
2020-03-30 22:19:50 +02:00
Jeremy Lin
862d401077
Fix WebSocket notifications
...
Ignore a missing `id` query param; it's unclear what this ID represents,
but it wasn't being used in the existing bitwarden_rs code, and no longer
seems to be sent in the latest versions of the official clients.
2020-03-26 19:26:44 -07:00
Jeremy Lin
c06162b22f
Handle devicePushToken
...
Mobile push isn't currently supported, but this should get rid of spurious
`Detected unexpected parameter during login: devicepushtoken` warnings.
2020-03-22 15:04:25 -07:00
Daniel García
7a6a3e4160
Set the cargo version and allow changing it during build time with BWRS_VERSION.
...
Also renamed GIT_VERSION because that's not the only source anymore.
2020-03-22 16:13:34 +01:00
Daniel García
94341f9f3f
Fix token error while accepting invite
2020-03-20 10:51:17 +01:00
Daniel García
ff19fb3426
Merge pull request #919 from BlackDex/issue-908
...
Fixed issue #908
2020-03-19 18:11:47 +01:00
BlackDex
baac8d9627
Fixed issue #908
...
The organization uuid is most of the time within the uri path as a
parameter. But sometimes it only is there as a query value.
This fix checks both, and returns the uuid when possible.
2020-03-19 17:37:10 +01:00
BlackDex
669b101e6a
Fixing issue #908
...
Sometimes an org-uuid is not within the path but in a query value,
This fixes the check for that.
2020-03-19 16:50:47 +01:00
Daniel García
d2d9fb08cc
Revert "Use opportunistic TLS in SMTP connections"
2020-03-19 13:56:53 +01:00