Add support for hiding the sender's email address in Bitwarden Sends

Note: The original Vaultwarden implementation of Bitwarden Send would always hide the email address, while the upstream implementation would always show it. Upstream PR: https://github.com/bitwarden/server/pull/1234
2025-10-31 13:51:14 +00:00 · 2021-05-11 22:51:12 -07:00 · 2021-05-11 22:51:12 -07:00 · d3449bfa00
commit d3449bfa00
parent e9ee8ac2fa
11 changed files with 34 additions and 2 deletions
--- a/migrations/mysql/2021-05-11-205202_add_hide_email/down.sql
+++ b/migrations/mysql/2021-05-11-205202_add_hide_email/down.sql
--- a/migrations/mysql/2021-05-11-205202_add_hide_email/up.sql
+++ b/migrations/mysql/2021-05-11-205202_add_hide_email/up.sql
@ -0,0 +1,2 @@
+ALTER TABLE sends
+ADD COLUMN hide_email BOOLEAN;
--- a/migrations/postgresql/2021-05-11-205202_add_hide_email/down.sql
+++ b/migrations/postgresql/2021-05-11-205202_add_hide_email/down.sql
--- a/migrations/postgresql/2021-05-11-205202_add_hide_email/up.sql
+++ b/migrations/postgresql/2021-05-11-205202_add_hide_email/up.sql
@ -0,0 +1,2 @@
+ALTER TABLE sends
+ADD COLUMN hide_email BOOLEAN;
--- a/migrations/sqlite/2021-05-11-205202_add_hide_email/down.sql
+++ b/migrations/sqlite/2021-05-11-205202_add_hide_email/down.sql
--- a/migrations/sqlite/2021-05-11-205202_add_hide_email/up.sql
+++ b/migrations/sqlite/2021-05-11-205202_add_hide_email/up.sql
@ -0,0 +1,2 @@
+ALTER TABLE sends
+ADD COLUMN hide_email BOOLEAN;
--- a/src/api/core/sends.rs
+++ b/src/api/core/sends.rs
@ -38,6 +38,7 @@ pub struct SendData {
    pub ExpirationDate: Option<DateTime<Utc>>,
    pub DeletionDate: DateTime<Utc>,
    pub Disabled: bool,
+    pub HideEmail: Option<bool>,

    // Data field
    pub Name: String,
@ -88,6 +89,7 @@ fn create_send(data: SendData, user_uuid: String) -> ApiResult<Send> {
    send.max_access_count = data.MaxAccessCount;
    send.expiration_date = data.ExpirationDate.map(|d| d.naive_utc());
    send.disabled = data.Disabled;
+    send.hide_email = data.HideEmail;
    send.atype = data.Type;

    send.set_password(data.Password.as_deref());
@ -243,7 +245,7 @@ fn post_access(access_id: String, data: JsonUpcase<SendAccessData>, conn: DbConn

    send.save(&conn)?;

-    Ok(Json(send.to_json_access()))
+    Ok(Json(send.to_json_access(&conn)))
 }

 #[post("/sends/<send_id>/access/file/<file_id>", data = "<data>")]
@ -340,6 +342,7 @@ fn put_send(id: String, data: JsonUpcase<SendData>, headers: Headers, conn: DbCo
    send.notes = data.Notes;
    send.max_access_count = data.MaxAccessCount;
    send.expiration_date = data.ExpirationDate.map(|d| d.naive_utc());
+    send.hide_email = data.HideEmail;
    send.disabled = data.Disabled;

    // Only change the value if it's present
--- a/src/db/models/send.rs
+++ b/src/db/models/send.rs
@ -36,6 +36,7 @@ db_object! {
        pub deletion_date: NaiveDateTime,

        pub disabled: bool,
+        pub hide_email: Option<bool>,
    }
 }

@ -73,6 +74,7 @@ impl Send {
            deletion_date,

            disabled: false,
+            hide_email: None,
        }
    }

@ -101,6 +103,22 @@ impl Send {
        }
    }

+    pub fn creator_identifier(&self, conn: &DbConn) -> Option<String> {
+        if let Some(hide_email) = self.hide_email {
+            if hide_email {
+                return None;
+            }
+        }
+
+        if let Some(user_uuid) = &self.user_uuid {
+            if let Some(user) = User::find_by_uuid(user_uuid, conn) {
+                return Some(user.email);
+            }
+        }
+
+        None
+    }
+
    pub fn to_json(&self) -> Value {
        use crate::util::format_date;
        use data_encoding::BASE64URL_NOPAD;
@ -123,6 +141,7 @@ impl Send {
            "AccessCount": self.access_count,
            "Password": self.password_hash.as_deref().map(|h| BASE64URL_NOPAD.encode(h)),
            "Disabled": self.disabled,
+            "HideEmail": self.hide_email,

            "RevisionDate": format_date(&self.revision_date),
            "ExpirationDate": self.expiration_date.as_ref().map(format_date),
@ -131,7 +150,7 @@ impl Send {
        })
    }

-    pub fn to_json_access(&self) -> Value {
+    pub fn to_json_access(&self, conn: &DbConn) -> Value {
        use crate::util::format_date;

        let data: Value = serde_json::from_str(&self.data).unwrap_or_default();
@ -145,6 +164,7 @@ impl Send {
            "File": if self.atype == SendType::File as i32 { Some(&data) } else { None },

            "ExpirationDate": self.expiration_date.as_ref().map(format_date),
+            "CreatorIdentifier": self.creator_identifier(conn),
            "Object": "send-access",
        })
    }
--- a/src/db/schemas/mysql/schema.rs
+++ b/src/db/schemas/mysql/schema.rs
@ -122,6 +122,7 @@ table! {
        expiration_date -> Nullable<Datetime>,
        deletion_date -> Datetime,
        disabled -> Bool,
+        hide_email -> Nullable<Bool>,
    }
 }

--- a/src/db/schemas/postgresql/schema.rs
+++ b/src/db/schemas/postgresql/schema.rs
@ -122,6 +122,7 @@ table! {
        expiration_date -> Nullable<Timestamp>,
        deletion_date -> Timestamp,
        disabled -> Bool,
+        hide_email -> Nullable<Bool>,
    }
 }

--- a/src/db/schemas/sqlite/schema.rs
+++ b/src/db/schemas/sqlite/schema.rs
@ -122,6 +122,7 @@ table! {
        expiration_date -> Nullable<Timestamp>,
        deletion_date -> Timestamp,
        disabled -> Bool,
+        hide_email -> Nullable<Bool>,
    }
 }