1
0
Fork 0
Commit-Graph

2042 Commits

Autor SHA1 Nachricht Datum
Daniel García
2f71a01877
Merge branch 'add_disabled_member_to_json_user' of https://github.com/Lowaiz/vaultwarden into Lowaiz-add_disabled_member_to_json_user 2022-06-04 19:08:15 +02:00
Daniel García
d5cfbfc71d
Update web vault to v2022.05.0 2022-06-04 19:07:15 +02:00
Paolo Barbolini
12612da75e Remove manual IDN handling 2022-06-04 19:02:51 +02:00
Paolo Barbolini
68ec5f2a18 Use MultiPart::alternative_plain_html instead of manual impl 2022-06-04 14:53:27 +02:00
Paolo Barbolini
00670450df Bump lettre to 0.10.0-rc.7 2022-06-04 14:47:26 +02:00
Lyonel Martinez
dbd95e08e9 Adding "UserEnabled" and "CreatedAt" member to the json output of a User in the admin/users and admin/users/<ID> web routes. 2022-06-02 15:13:58 +02:00
Daniel García
3713f2d134
Merge pull request #2507 from BlackDex/fix-persisten-volume-check
Fix persistent volume check
2022-05-28 14:56:47 +02:00
BlackDex
a85a250dfd
Fix persistent volume check
It seemed there were some issues building the cross-platform images.
This PR fixes #2501 so building the containers will work again.
2022-05-28 09:31:09 +02:00
Daniel García
5845ed2c92
Merge pull request #2501 from BlackDex/add-persistent-volume-check-docker
Add a persistent volume check.
2022-05-27 19:41:42 +02:00
BlackDex
40ed505581
Add a persistent volume check.
This will add a persistent volume check to make sure when running
containers someone is using a volume for persistent storage.

This check can be bypassed if someone configures
`I_REALLY_WANT_VOLATILE_STORAGE=true` as an environment variable.

This should prevent issues like #2493 .
2022-05-26 09:39:56 +02:00
Daniel García
bf0b8d9968
Merge pull request #2491 from BlackDex/issue-2490
Fix armv6 issue with bullseye images
2022-05-24 15:46:34 +02:00
Daniel García
d0a7437dbd
Merge pull request #2489 from fox34/update-env-template
Add TMP_FOLDER to .env.template
2022-05-24 15:33:22 +02:00
BlackDex
21b433c5d7
Fix armv6 issue with bullseye images
It looks like the armv6 bullseye images are missing a symlink to the
dynamic linker. The previous buster images had this symlink there,
bullseye does not.

This PR fixes adds that symlink again for only the Debian armv6 build.

Resolves #2490
2022-05-24 15:25:51 +02:00
fox34
7c89bc619a
Add TMP_FOLDER to .env.template 2022-05-24 09:38:16 +02:00
Daniel García
0d3daa9fc6
Remove recommendation to set ROCKET_CLI_COLORS to off
The value is now a boolean so setting it to off will cause an error
2022-05-23 20:19:29 +02:00
Daniel García
0c1f0bad17
Merge branch 'BlackDex-update-rust-version-dockerfile' into main 2022-05-21 19:17:29 +02:00
Daniel García
72cf59fa54
Merge branch 'update-rust-version-dockerfile' of https://github.com/BlackDex/vaultwarden into BlackDex-update-rust-version-dockerfile 2022-05-21 19:17:24 +02:00
Daniel García
527bc1f625
Merge branch 'BlackDex-fix-upload-limits-and-logging' into main 2022-05-21 19:17:15 +02:00
BlackDex
2168d09421
Update Rust version in Dockerfile
Updated Rust from v1.60 to v1.61 for building the images.
Also made the rust version fixed for the Alpine build images to prevent
those images being build with a newer version when released.
2022-05-21 17:46:14 +02:00
BlackDex
1c266031d7
Fix upload limits and disable color logs
The limits for uploading files were to small in regards to the allowed
maximum filesize of the Bitwarden clients including the web-vault.
Changed both `data-form` (used for Send) and `file` (used for
attachments) to be 525MB, this is the same size we already check our selfs.

Also changed the `json` limit to be 20MB, this should allow very large
imports with 4000/5000+ items depending on if there are large notes or not.

And, also disabled Rocket from outputting colors, these colors were also
send to the log files and syslog. I think this changed in Rocket 0.5rc
somewhere, need to look a bit further into that maybe.
2022-05-21 17:28:29 +02:00
Daniel García
b636d20c64
Update web vault to v2.28.1 2022-05-11 22:19:22 +02:00
Daniel García
2a9ca88c2a
Dependency updates 2022-05-11 22:03:07 +02:00
Daniel García
b9c434addb
Merge branch 'jjlin-db-conn-init' into main 2022-05-11 21:36:11 +02:00
Daniel García
451ad47327
Merge branch 'db-conn-init' of https://github.com/jjlin/vaultwarden into jjlin-db-conn-init 2022-05-11 21:36:00 +02:00
Daniel García
7f61dd5fe3
Merge branch 'BlackDex-sql-optimizations' into main 2022-05-11 21:33:43 +02:00
BlackDex
3ca85028ea
Improve sync speed and updated dep. versions
Improved sync speed by resolving the N+1 query issues.
Solves #1402 and Solves #1453

With this change there is just one query done to retreive all the
important data, and matching is done in-code/memory.

With a very large database the sync time went down about 3 times.

Also updated misc crates and Github Actions versions.
2022-05-06 17:01:02 +02:00
Jeremy Lin
542a73cc6e Switch to a single config option for database connection init
The main pro is less config options, while the main con is less clarity in
what the defaults are for the various database types.
2022-04-29 00:26:49 -07:00
Jeremy Lin
78d07e2fda Add default connection-scoped pragmas for SQLite
`PRAGMA busy_timeout = 5000` tells SQLite to keep trying for up to 5000 ms
when there is lock contention, rather than aborting immediately. This should
hopefully prevent the vast majority of "database is locked" panics observed
since the async transition.

`PRAGMA synchronous = NORMAL` trades better performance for a small potential
loss in durability (the default is `FULL`). The SQLite docs recommend `NORMAL`
as "a good choice for most applications running in WAL mode".
2022-04-26 17:55:19 -07:00
Jeremy Lin
b617ffd2af Add support for database connection init statements
This is probably mainly useful for running connection-scoped pragma statements.
2022-04-26 17:50:20 -07:00
Daniel García
3abf173d89
Merge pull request #2433 from jjlin/meta-apis
Add `/api/{alive,now,version}` endpoints
2022-04-24 18:36:08 +02:00
Jeremy Lin
df8aeb10e8 Add /api/{alive,now,version} endpoints
The added endpoints work the same as in their upstream implementations.

Upstream also implements `/api/ip`. This seems to include the server's public
IP address (the one that should be hidden behind Cloudflare), which doesn't
seem like a great idea.
2022-04-23 23:47:49 -07:00
Daniel García
26ad06df7c
Update web vault to 2.28.0 and dependencies 2022-04-23 18:18:15 +02:00
Daniel García
37fff3ef4a
Merge pull request #2400 from jjlin/global-domains
Sync global_domains.json
2022-03-30 22:02:44 +02:00
Jeremy Lin
28c5e63bf5 Sync global_domains.json to bitwarden/server@3521ccb (Just Eat Takeaway.com) 2022-03-29 11:41:43 -07:00
Daniel García
a07c213b3e
Merge pull request #2398 from BlackDex/remove-u2f
Remove u2f implementation
2022-03-27 18:43:09 +02:00
Daniel García
ed72741f48
Merge pull request #2397 from BlackDex/fix-mimalloc-build
Fix building mimalloc on armv6
2022-03-27 18:42:59 +02:00
BlackDex
fb0c23b71f
Remove u2f implementation
For a while now WebAuthn has replaced u2f.
And since web-vault v2.27.0 the connector files for u2f have been removed.
Also, on the official bitwarden server the endpoint to `/two-factor/get-u2f` results in a 404.

- Removed all u2f code except the migration code from u2f to WebAuthn
2022-03-27 17:25:04 +02:00
BlackDex
d98f95f536
Fix building mimalloc on armv6
The armv6 builds need a specific location for the libatomic.a file.
This commit fixes that by adding a RUSTFLAGS argument for this.

Also removed the `link-arg=-s` since this is now already done during via the release profile
And removed the CFLAGS for armv7, this is already fixed by default in the blackdex/rust-musl images.
2022-03-27 14:45:50 +02:00
Daniel García
6643e83b61
Disable mimalloc in arm for now 2022-03-26 20:11:46 +01:00
Daniel García
7b742009a1
Update web vault to 2.27.0 and dependencies 2022-03-26 16:35:54 +01:00
Daniel García
649e2b48f3
Merge branch 'Wonderfall-x-xss-protection' into main 2022-03-26 16:18:48 +01:00
Daniel García
81f0c2b0e8
Merge branch 'x-xss-protection' of https://github.com/Wonderfall/vaultwarden into Wonderfall-x-xss-protection 2022-03-26 16:18:34 +01:00
Daniel García
80d8aa7239
Merge branch 'BlackDex-misc-updates-202203' into main 2022-03-26 16:18:24 +01:00
Wonderfall
27d4b713f6 disable legacy X-XSS-Protection feature
Obsolete in every modern browser, unsafe, and replaced by CSP
2022-03-21 15:29:01 +01:00
BlackDex
b0faaf2527
Several updates and fixes
- Removed all `thread::sleep` and use `tokio::time::sleep` now.
  This solves an issue with updating to Bullseye ( Resolves #1998 )
- Updated all Debian images to Bullseye
- Added MiMalloc feature and enabled it by default for Alpine based images
  This increases performance for the Alpine images because the default
  memory allocator for MUSL based binaries isn't that fast
- Updated `dotenv` to `dotenvy` a maintained and updated fork
- Fixed an issue with a newer jslib (not fully released yet)
  That version uses a different endpoint for `prelogin` Resolves #2378 )
2022-03-20 18:51:24 +01:00
Daniel García
8d06d9c111
Merge pull request #2354 from BlackDex/multi-account-login
Update login API code and update crates to fix CVE
2022-03-13 15:46:49 +01:00
BlackDex
c4d565b15b
Update login API code
- Updated jsonwebtoken to latest version
- Trim `username` received from the login form ( Fixes #2348 )
- Make uuid and user_uuid a combined primary key for the devices table ( Fixes #2295 )
- Updated crates including regex which contains a CVE ( https://blog.rust-lang.org/2022/03/08/cve-2022-24713.html )
2022-03-12 18:45:45 +01:00
Daniel García
06f8e69c70
Update web vault to 2.26.1 2022-02-27 22:21:36 +01:00
Daniel García
7db52374cd
Merge branch 'BlackDex-async-updates' into async 2022-02-27 21:51:19 +01:00
Daniel García
843f205f6f
Merge branch 'async-updates' of https://github.com/BlackDex/vaultwarden into BlackDex-async-updates 2022-02-27 21:50:33 +01:00