nickslowinski/vaultwarden-test
1
0
Fork 0
geforkt von mirrored/vaultwarden
Code Pull-Requests Aktivität
1612 Commits 1 Branch 49 Tags 23 MiB
Commit-Graph

1612 Commits

Dieser Branch
Dieser Branch
Alle Branches
Autor SHA1 Nachricht Datum
Daniel García e19420160f
Simplify 2fa removed email and remove extra table close in the footer 2021-07-15 21:25:46 +02:00
Daniel García 1741316f42
Merge branch 'olivierIllogika-2fa_enforcement' into main 2021-07-15 19:27:45 +02:00
Daniel García 4f08167d6f
Merge branch '2fa_enforcement' of https://github.com/olivierIllogika/bitwarden_rs into olivierIllogika-2fa_enforcement 2021-07-15 19:27:36 +02:00
Daniel García fef76e2f6f
Merge branch 'BlackDex-attachment-storage' into main 2021-07-15 19:20:57 +02:00
Daniel García f16d56cb27
Merge branch 'attachment-storage' of https://github.com/BlackDex/vaultwarden into BlackDex-attachment-storage 2021-07-15 19:20:52 +02:00
Daniel García 120b286f2b
Merge branch 'umireon-umireon-add-edge-frame-ancestors' into main 2021-07-15 19:20:25 +02:00
Daniel García 7f437b6947
Merge branch 'umireon-add-edge-frame-ancestors' of https://github.com/umireon/vaultwarden into umireon-umireon-add-edge-frame-ancestors 2021-07-15 19:20:19 +02:00
Daniel García 8d6e62e18b
Merge branch 'jjlin-password-hints' into main 2021-07-15 19:18:30 +02:00
Daniel García d0ec410b73
Merge branch 'password-hints' of https://github.com/jjlin/vaultwarden into jjlin-password-hints 2021-07-15 19:18:22 +02:00
Daniel García c546a59c38
Dependency updates 2021-07-15 19:18:16 +02:00
Daniel García e5ec245626
Protect namedfile against path traversal, rocket only does it for pathbuf 2021-07-15 19:15:55 +02:00
BlackDex 6ea95d1ede Updated attachment limit descriptions 
The user and org attachment limit use `size` as wording while it should
have been `storage` since it isn't per attachment, but the sum of all attachments.

- Changed the wording in the config/env
- Changed the wording of the error messages.

Resolves #1818
 2021-07-13 15:17:03 +02:00
Jeremy Lin 88bea44dd8 Prevent user enumeration via password hints 
When `show_password_hint` is enabled but mail is not configured, the previous
implementation returned a differentiable response for non-existent email
addresses.

Even if mail is enabled, there is a timing side channel since mail is sent
synchronously. Add a randomized sleep to mitigate this somewhat.
 2021-07-10 01:21:27 -07:00
Jeremy Lin 8ee5d51bd4 Disable show_password_hint by default 
A setting that provides unauthenticated access to potentially sensitive data
shouldn't be enabled by default.
 2021-07-10 01:20:37 -07:00
Kaito Udagawa c640abbcd7
Update src/util.rs 
Co-authored-by: William Desportes <williamdes@wdes.fr>
 2021-07-08 02:55:58 +09:00
Kaito Udagawa 13598c098f Add links to browser extensions 2021-07-08 02:52:45 +09:00
Kaito Udagawa a622b4d2fb Add Edge's frame-ancestors 
Edge's frame-ancestors are required for Edge extension to do WebAuthn.
 2021-07-08 01:19:52 +09:00
Daniel García 3968bc8016
Merge pull request #1800 from BlackDex/pre-commit 
Adding pre-commit config
 2021-07-04 21:58:43 +02:00
Daniel García ff66368cb6
Merge pull request #1830 from BlackDex/vaultwarden-logo 
Storing the original Vaultwarden svg images
 2021-07-04 21:58:29 +02:00
BlackDex 3fb419e704 Storing the original Vaultwarden svg images 2021-07-04 18:37:01 +02:00
Daniel García 832f838ddd
Merge pull request #1809 from BlackDex/fix-armv7 
Fix armv7 alpine build.
 2021-06-29 17:16:57 +02:00
BlackDex 18703bf195 Fix armv7 alpine build. 
The `messense/rust-musl-cross` has removed OpenSSL in favor of the
vendored option. Enabled vendored openssl to resolve this.

Resolves #1807
 2021-06-29 10:37:39 +02:00
BlackDex ff8e88a5df Adding pre-commit config 
There is a nice tool called pre-commit: https://pre-commit.com/
It can run actions prior to a commit to validate everything is working.
People can choose to enable this for them selfs, but it would be nice to have a base config by default.
 2021-06-27 19:11:22 +02:00
Daniel García 72e1946ce5
Merge pull request #1799 from BlackDex/issue-1796 
Fixes issue with multiple security keys.
 2021-06-27 18:23:15 +02:00
BlackDex ee391720aa Fixes issue with multiple security keys. 
- Updated webauthn-rs commit hash to resolve #1796
 2021-06-27 18:12:27 +02:00
Daniel García e3a2dfffab
Formatting 2021-06-26 14:21:58 +02:00
Daniel García 8bf1278b1b
Update web vault and docker base images 2021-06-26 14:08:06 +02:00
Daniel García 00ce943ea5
Merge branch 'BlackDex-security-md' into main 2021-06-26 13:36:14 +02:00
Daniel García b67eacdfde
Merge branch 'security-md' of https://github.com/BlackDex/vaultwarden into BlackDex-security-md 2021-06-26 13:36:05 +02:00
Daniel García 0dcea75764
Remove unused lifetime and double referencing 2021-06-26 13:35:09 +02:00
BlackDex 0c5532d8b5 Adding a SECURITY.md 2021-06-26 11:49:00 +02:00
Daniel García 46e0f3c43a
Load RSA keys as pem format directly, and using openssl crate, backported from async branch 2021-06-25 20:53:26 +02:00
Daniel García 2cd17fe7af
Add token with short expiration time to send url 2021-06-25 20:53:26 +02:00
Daniel García f44b2611e6
Update rust toolchain and dependencies 2021-06-25 20:53:26 +02:00
Mathijs van Veluw 82fee0ede3
Merge pull request #1779 from jjlin/last-known-rev-warning 
Avoid `Error parsing LastKnownRevisionDate` warning for mobile clients
 2021-06-20 18:07:18 +02:00
Jeremy Lin 49579e4ce7 Avoid Error parsing LastKnownRevisionDate warning for mobile clients 
When creating a new cipher, the mobile clients seem to set this field to an
invalid value, which causes a warning to be logged:

    Error parsing LastKnownRevisionDate '0001-01-01T00:00:00': premature end of input

Avoid this by dropping the `LastKnownRevisionDate` field on cipher creation.
 2021-06-19 21:32:11 -07:00
Daniel García 9254cf9d9c
Fix clippy lints 2021-06-19 22:02:03 +02:00
Daniel García ff0fee3690
Merge branch 'BlackDex-admin-changes' into main 2021-06-19 21:38:58 +02:00
Daniel García 0778bd4bd5
Merge branch 'admin-changes' of https://github.com/BlackDex/vaultwarden into BlackDex-admin-changes 2021-06-19 21:27:25 +02:00
Daniel García 0cd065d354
Update webauthn-rs crate to upstream version 2021-06-19 21:25:55 +02:00
BlackDex 8615736e84 Multiple Admin Interface fixes and some others. 
Misc:
- Fixed hadolint workflow, new git cli needs some extra arguments.
- Add ignore paths to all specific on triggers.
- Updated hadolint version.
- Made SMTP_DEBUG read-only, since it can't be changed at runtime.

Admin:
- Migrated from Bootstrap v4 to v5
- Updated jquery to v3.6.0
- Updated Datatables
- Made Javascript strict
- Added a way to show which ENV Vars are overridden.
- Changed the way to provide data for handlebars.
- Fixed date/time check.
- Made support string use details and summary feature of markdown/github.
 2021-06-19 19:22:19 +02:00
Daniel García 5772836be5
Fix admin page with handlebars 4 2021-06-16 22:57:28 +02:00
Daniel García c380d9c379
Support for webauthn and u2f->webauthn migrations 2021-06-16 19:06:40 +02:00
Daniel García cea7a30d82
Merge pull request #1761 from jjlin/deps 
Update dependencies
 2021-06-10 21:03:05 +02:00
Jeremy Lin 06cde29419 Update dependencies 
Notably, update `diesel` to 1.4.7 and `libsqlite3-sys` to 0.22.2 to pick up
the fix for CVE-2021-20227 added in SQLite 3.34.1.
 2021-06-09 01:44:29 -07:00
Daniel García 20f5988174
Merge pull request #1736 from jjlin/rocket-env-docs 
Clarify Rocket env var defaults
 2021-06-04 20:03:17 +02:00
Jeremy Lin b491cfe0b0 Clarify Rocket env var defaults 
Mention `ROCKET_WORKERS`, but remove `ROCKET_ENV` since most users
probably wouldn't use it.
 2021-05-31 13:13:02 -07:00
Daniel García fc513413ea
Merge pull request #1730 from jjlin/attachment-upload-v2 
Add support for v2 attachment upload APIs
 2021-05-30 22:27:52 +02:00
Jeremy Lin 3f7e4712cd Fix attachment size limit calculation for v2 uploads 2021-05-25 23:17:22 -07:00
Jeremy Lin c2ef331df9 Rework file ID generation 2021-05-25 23:15:24 -07:00