saltyming/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-10-04 07:20:31 +00:00
Code Activity
2960 commits 2 branches 74 tags 28 MiB
Commit graph

2960 commits

This branch
This branch
All branches
Author SHA1 Message Date
Timshel
a71da2d0a4 Perform same checks when setting kdf 2025-08-06 19:26:32 +02:00
Timshel
4faecf2549 More review fix 2025-08-06 18:16:42 +02:00
Timshel
801b372e67 Review fix 2025-08-05 17:44:48 +02:00
Timshel
bac049f2dd Fix playwright test 2025-08-04 16:59:26 +02:00
Timshel
8d91f351a3 Merge remote-tracking branch 'dani/main' into sso-support 2025-07-30 19:12:32 +02:00
Stefan Melmuk
5d84f17600
 		fix hiding of signup link (#6113) 
The registration link should be hidden if signup is not allowed and
whitelist is empty unless mail is disabled and invitations are allowed
 2025-07-29 12:13:02 +02:00
Mathijs van Veluw
0db4b00007
 		Update crates to trigger rebuild for mysql issue (#6111) 
Signed-off-by: BlackDex <black.dex@gmail.com>
 2025-07-28 21:31:02 +02:00
Stefan Melmuk
a0198d8d7c
 		fix account key rotation (#6105) 2025-07-27 12:18:54 +02:00
Mathijs van Veluw
dfad931dca
 		Update crates (#6100) 
Updated crates and made adjustments where needed.
Also removed a struct which wasn't used and the nightly compiler complained about it.

Used pinact to update GitHub Actions.
Validated GitHub Actions with zizmor.

Signed-off-by: BlackDex <black.dex@gmail.com>
 2025-07-26 14:58:39 +02:00
Richy
25865efd79
 		fix: resolve group permission conflicts with multiple groups (#6017) 
* fix: resolve group permission conflicts with multiple groups

When a user belonged to multiple groups with different permissions for the
same collection, only the permissions from one group were applied instead
of combining them properly. This caused users to see incorrect access levels
when initially viewing collection items.

The fix combines permissions from all user groups by taking the most
permissive settings:
- read_only: false if ANY group allows write access
- hide_passwords: false if ANY group allows password viewing
- manage: true if ANY group allows management

This ensures users immediately see the correct permissions when opening
collection entries, matching the behavior after editing and saving.

* Update src/api/core/ciphers.rs

Co-authored-by: Mathijs van Veluw <black.dex@gmail.com>

* fix: format

* fix: restrict collection manage permissions to managers only

Prevent users from getting logged out when they have manage permissions by only allowing manage permissions for MembershipType::Manager and higher roles.

* refactor: cipher permission logic to prioritize user access

Updated permission checks to return user collection permissions if available, otherwise fallback to group permissions. Clarified comments to indicate user permissions overrule group permissions and corrected the logic for the 'manage' flag to use boolean OR instead of AND.

---------

Co-authored-by: Mathijs van Veluw <black.dex@gmail.com>
 2025-07-25 20:58:41 +02:00
Mathijs van Veluw
bcf627930e
 		Adjust issue template to hopefully show better to search for closed and open issues (#6096) 2025-07-25 18:17:55 +02:00
Timshel
f763c7a8ce Merge remote-tracking branch 'dani/main' into sso-support 2025-07-15 17:45:37 +02:00
Timshel
ce70cd2cf4
 		Hide login form custom fields (#6054) 
Co-authored-by: Timshel <timshel@480s>
 2025-07-14 22:01:20 +02:00
Daniel
2ac589d4b4
 		Fix digest SHA extraction step (#6059) 2025-07-13 12:20:16 +02:00
Stefan Melmuk
b2e2aef7de
 		fix hash reference in release.yml (#6058) 2025-07-13 10:22:33 +02:00
Daniel García
0755bb19c0
 		Update release.yml (#6057) 
Seems like docker can't use the hash references: https://github.com/dani-garcia/vaultwarden/actions/runs/16242780267/job/45861396226
 2025-07-13 01:01:08 +02:00
Mathijs van Veluw
fee0c1c711
 		Update crates, workflow and issue template (#6056) 
- Updated all the crates, which probably fixes #5959
- Updated all the workflows and tested it with zizmor
  Also added zizmor as a workflow it self.
- Updated the issue template to better mention to search first.

Signed-off-by: BlackDex <black.dex@gmail.com>
 2025-07-13 00:48:56 +02:00
Timshel
a880b3d737 Use only css for login fields 2025-07-10 17:05:32 +02:00
Stefan Melmuk
f58539f0b4
 		close unmatched left parenthesis in the README (#6046) 2025-07-10 13:52:52 +02:00
Stefan Melmuk
e718afb441
 		improve the usage section of the README (#6041) 2025-07-09 23:44:20 +02:00
Mathijs van Veluw
55945ad793
 		Update web-vault and admin resources (#6044) 
- Updated web-vault to v2025.7.0
- Updated admin JS and CSS files

Signed-off-by: BlackDex <black.dex@gmail.com>
 2025-07-09 23:26:12 +02:00
Stefan Melmuk
4fd22d8e3b
 		fix hiding email as 2fa provider (#6026) 2025-07-09 23:25:11 +02:00
mountdisk
d6a8fb8e48
 		chore: fix some minor issues in the comments (#5998) 
Signed-off-by: mountdisk <mountdisk@icloud.com>
 2025-07-09 23:24:29 +02:00
Timshel
930b44ede9 Server settings for login fields toggle 2025-07-08 18:33:37 +02:00
Timshel
7d92059603 Upgrade openidconnect to 4.0.1 2025-07-07 12:06:53 +02:00
Timshel
1dad24badc Create a separate sso_client 2025-07-02 13:10:25 +02:00
Timshel
f8ac0d0fd1 Fix playwright tests 2025-07-02 13:00:13 +02:00
Timshel
ddf3495d18 Merge remote-tracking branch 'dani/main' into sso-support 2025-07-02 12:59:56 +02:00
Mathijs van Veluw
3b48e6e903
 		Fix v2025.6.x clients and newer to delete items (#6004) 2025-07-01 10:33:22 +02:00
Chase Douglas
6b9333b33e
 		Use existing reqwest client for AWS S3 requests (#5917) 
This removes a lot of duplicate client dependency bloat for roughly
equivalent functionality.

Co-authored-by: Mathijs van Veluw <black.dex@gmail.com>
 2025-06-30 22:57:00 +02:00
Daniel García
a545636ee5
 		Update flags version and enable manual error reporting (#5994) 2025-06-27 21:39:38 +02:00
Mathijs van Veluw
f125d5f1a1
 		Misc Updates and favicon fixes (#5993) 
- Updated crates
- Switched to rustls instead of native-tls
  Some dependency were already using rustls by default or without option.
  By removing native-tls we also have just one way of working here.

Updated favicon fetching which now is able to fetch more icons.
- Use rustls instead of native-tls
  This seems to work better, probably because of tls sniffing
- Use different user-agent and added several other headers
- Added SVG support. SVG Images will be sanitized first before stored or presented.
  Also, a special CSP for images will be sent to prevent scripts etc.. from SVG images.

Signed-off-by: BlackDex <black.dex@gmail.com>
 2025-06-27 21:20:36 +02:00
Mathijs van Veluw
ad75ce281e
 		Fix an issue with yubico keys not validating (#5991) 
* Fix an issue with yubico keys not validating

When adding or updating yubico otp keys there were some issues with the validation.
Looks like the web-vault sends all keys, not only filled-in keys, which triggered a check on empty keys.
Also, we should only return filled-in keys, not the empty ones too.

Fixes #5986

Signed-off-by: BlackDex <black.dex@gmail.com>

* Use more idomatic code

Signed-off-by: BlackDex <black.dex@gmail.com>

* Use more idomatic code - take 2

Signed-off-by: BlackDex <black.dex@gmail.com>

---------

Signed-off-by: BlackDex <black.dex@gmail.com>
 2025-06-26 21:46:56 +02:00
Timshel
b85ef22f98 Merge remote-tracking branch 'dani/main' into sso-support 2025-06-17 19:38:21 +02:00
Stefan Melmuk
9059437c35
 		fix account recovery withdrawal (#5968) 
since `web-v2025.4.0` the client sends `""` instead of `null`, so we
also have to check whether the `reset_password_key` is empty or not.
 2025-06-17 18:55:11 +02:00
Stefan Melmuk
c84db0daca
 		allow signup for invited users (#5967) 
invited users (e.g. via /admin panel or org invite) should be able to
register if email is disabled.
 2025-06-17 11:15:36 +02:00
Timshel
bcdc7dce9d Merge remote-tracking branch 'dani/main' into sso-support 2025-06-16 19:14:25 +02:00
Timshel
f773147ee8 Add sso verified endpoint for v2025.6.0 2025-06-16 19:06:45 +02:00
Mathijs van Veluw
72adc239f5
 		Update crates and web-vault (#5955) 
- Updated crates
- Updated web-vault to v2025.6.0

Signed-off-by: BlackDex <black.dex@gmail.com>
 2025-06-15 01:19:53 +02:00
Nick Grimshaw
34ebeeca76
 		Minor fixes to copy in .env.template (#5928) 2025-06-15 01:19:08 +02:00
Stefan Melmuk
0469d9ba4c
 		make css for login-page position independent (#5906) 
* make css for login-page position independent

starting with v2025.5.1 the login page will have custom classes so the
fields to be disabled can be targeted specifically without risking
side-effects

* hide buttons after cancelling login
 2025-06-14 19:31:51 +02:00
Daniel
eaa6ad06ed
 		Update Alpine to version 3.22 (#5938) 2025-06-14 19:30:19 +02:00
Timshel
dcc3511885 Check email_verified in id_token and user_info 2025-06-12 16:02:50 +02:00
Timshel
1c7ac7beac Upgrades playwright tests deps 2025-06-12 16:02:49 +02:00
Timshel
cbe2dc9f76 Playwright upgrade maildev to use MailBuffer.expect 2025-06-12 16:01:47 +02:00
Timshel
9d0338d740 PKCE should now work with Zitadel 2025-06-05 17:07:54 +02:00
Timshel
de429f7c50 Run playwright sso tests against correct db 2025-06-03 21:15:12 +02:00
Timshel
ab5cae5341 Merge remote-tracking branch 'dani/main' into sso-support 2025-06-02 23:42:15 +02:00
Timshel
0d3f283c37
 		Fix and improvements to policies (#5923) 2025-06-02 21:47:12 +02:00
Timshel
8773d5d157 Fix enforceOnLogin org policies 2025-06-02 18:48:56 +02:00