saltyming/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-07-19 10:38:24 +00:00
Code Activity
2702 commits 3 branches 72 tags 22 MiB
Commit graph

2702 commits

This branch
This branch
All branches
Author SHA1 Message Date
0x0fbc
fd00f3ed1d rustfmt 2024-07-23 21:13:23 -04:00
0x0fbc
df573958d9 Add fixes suggested by clippy 2024-07-23 21:13:23 -04:00
0x0fbc
8fa181a2e6 Reduce twofactor_duo_ctx state/nonce column size in postgres and maria 2024-07-23 21:13:23 -04:00
0x0fbc
8092bb37b9 override charset on duo state column to ascii for mysql 2024-07-23 21:13:23 -04:00
0x0fbc
f907e02424 rearrange constants, update comments, error message 2024-07-23 21:13:23 -04:00
0x0fbc
d89a7b7439 remove redundant explicit returns, rustfmt 2024-07-23 21:13:23 -04:00
0x0fbc
3ae5a0b1f8 directly use JWT_VALIDITY_SECS constant instead of copying it to DuoClient instances 2024-07-23 21:13:23 -04:00
0x0fbc
e7a058cfa8 error handling cleanup 2024-07-23 21:13:23 -04:00
0x0fbc
4df7fcf35c drop redundant alphanum string generation code 2024-07-23 21:13:23 -04:00
0x0fbc
6f06fa9da3 bind Duo oauth flow to device id, drop redundant device type handling 2024-07-23 21:13:23 -04:00
0x0fbc
f489930482 more cleanup 2024-07-23 21:13:23 -04:00
0x0fbc
90b73c6dbe replace stray use of TimeDelta 2024-07-23 21:13:23 -04:00
0x0fbc
41f94e2f52 bump state/nonce length 2024-07-23 21:13:23 -04:00
0x0fbc
328c4a3e3c cleanup & comments 2024-07-23 21:13:23 -04:00
0x0fbc
36f90cd8f4 store duo states in the database and validate during authentication 2024-07-23 21:13:23 -04:00
0x0fbc
6f86749757 Add db schema and models for Duo 2FA state storage 2024-07-23 21:13:23 -04:00
0x0fbc
849ce1ebce Add initial working Duo Universal Prompt support. 2024-07-23 21:13:23 -04:00
Stefan Melmuk
ecfebaf3c7
 		allow re-invitations of existing users (#4768) 
* allow re-invitations of existing users

* auto-accept existing user if mail is disabled

Apply suggestions from code review

Co-authored-by: Mathijs van Veluw <black.dex@gmail.com>

---------

Co-authored-by: Mathijs van Veluw <black.dex@gmail.com>
 2024-07-24 00:32:46 +02:00
Daniel
0e53f58288
 		Fix Dockerfile linter warnings (#4763) 
- they seem to have started appearing with buildx v0.16.0
- skip lint check for FromPlatformFlagConstDisallowed and RedundantTargetPlatform
 2024-07-24 00:28:07 +02:00
Daniel
bc7ceb2ee3
 		Update crates & fix crate vulnerability (#4771) 
- fixes GHSA-q445-7m23-qrmw by updating openssl to version 0.10.66
 2024-07-24 00:26:39 +02:00
Mathijs van Veluw
b27e6e30c9
 		Fix Email 2FA login on native app (#4762) 2024-07-17 16:20:54 +02:00
Mathijs van Veluw
505b30eec2
 		Fix for RSA Keys which are read only (#4744) 
* Fix for RSA Keys which are read only

Sometimes an RSA Key file could be read only.
We currently failed because we also wanted to write.
Added an extra check if the file exists already and is not 0 in size.
If it does already exists and is larger then 0, then open in read only
mode.

Fixes #4644

* Updated code to work atomically

- Changed the code to work atomically
- Also show the alert generated from `Io`

* Fix spelling
 2024-07-17 12:59:22 +02:00
Mathijs van Veluw
54bfcb8bc3
 		Update admin interface (#4737) 
- Updated datatables
- Set Cookie Secure flag if the connection is https
- Prevent possible XSS via Organization Name
  Converted all `innerHTML` and `innerText` to the Safe Sink version `textContent`
- Removed `jsesc` function as handlebars escapes all these chars already and more by default
 2024-07-12 22:59:48 +02:00
Daniel García
035f694d2f
 		Improved HTTP client (#4740) 
* Improved HTTP client

* Change config compat to use auto, rename blacklist

* Fix wrong doc references
 2024-07-12 22:33:11 +02:00
Coby Geralnik
a4ab014ade
 		Fix bug where secureNotes is empty (#4730) 2024-07-10 22:13:55 +02:00
Calvin Li
6fedfceaa9
 		chore: Dockerfile to Remove port 3012 (#4725) 2024-07-10 18:40:29 +02:00
Stefan Melmuk
8e8483481f
 		use a custom plan of enterprise tier to fix limits (#4726) 
* use a custom plan of enterprise tier to fix limits

* set maxStorageGb limit to max signed int value
 2024-07-10 17:25:41 +02:00
Mathijs van Veluw
d04b94b77d
 		Some fixes for emergency access (#4715) 
- Add missing `Headers` parameter for some functions
   This allowed any request from allowing these endpoints by not validating the user correctly.
 - Changed the functions to retreive the emergency access record by
   using the user uuid which calls the endpoint, instead of validating afterwards.
   This is more secure and prevents the need of an if check.
 2024-07-08 23:39:22 +02:00
Mathijs van Veluw
247d0706ff
 		Update crates and web-vault (#4714) 
- Updated the crates
   Removed the patch for mimalloc
 - Updated the web-vault to v2024.5.1b

The reason for not updating to v2024.6.x is that there are several items
not working correctly or need some more research.
 2024-07-08 23:27:48 +02:00
Daniel
0e8b410798
 		Switch registry cache compression algorithm to zstd (#4704) 
- faster builds than with gzip (the default)
 2024-07-08 23:27:39 +02:00
Stefan Melmuk
fda77afc2a
 		add group support for Cipher::get_collections() (#4592) 
* add group support for Cipher::get_collections()

join group infos assigned to a collection to check
whether user has been given access to all collections via any group
or they have access to a specific collection via any group membership

* fix Collection::is_writable_by_user()

prevent side effects if groups are disabled

* differentiate the /collection endpoints

* return cipherDetails on post_collections_update()

* add collections_v2 endpoint
 2024-07-04 20:28:19 +02:00
Daniel
d9835f530c
 		Remove duplicate registry step (#4703) 2024-07-04 19:57:49 +02:00
Mathijs van Veluw
bd91964170
 		Fix duplicate folder creations during import (#4702) 
During import you are able to select an existing folder, or with
Bitwarden exports it can contain existing folders already. In either
case it didn't matter, we always created new folders.

Bitwarden uses the same UUID of the selected or existing folders if they
are already there.

This PR fixes this by using the same behaviour.

Fixes #4700
 2024-07-04 19:57:32 +02:00
Mathijs van Veluw
d42b264a93
 		Fix collections and native app issue (#4685) 
Collections were not visible in the organization view.
This was because the `flexibleCollections` was set to `true`

Found an issue with loading some old created Secure Notes which had `{}` or `{"type":null}` as there `data` value.
This isn't allowed. When detected, replace it with `{"type":0}`

Fixes #4682
Fixes #4590
 2024-07-03 21:11:04 +02:00
Daniel García
a4c7fadbf4
 		Change some missing PascalCase keys (#4671) 2024-06-24 21:17:59 +02:00
Daniel
8e2a87fd79
 		Remove mimalloc workaround (#4606) 
- libatomic linking for armv6 has been fixed in 992c9da4c5
 2024-06-24 19:44:21 +02:00
Daniel García
4233dbf3db
 		Fix cipher creation on new android app (#4670) 2024-06-24 19:44:06 +02:00
Daniel García
a2bf8def2a
 		Change API and structs to camelCase (#4386) 
* Change API inputs/outputs and structs to camelCase

* Fix fields and password history

* Use convert_json_key_lcase_first

* Make sends lowercase

* Update admin and templates

* Update org revoke

* Fix sends expecting size to be a string on mobile

* Convert two-factor providers to string
 2024-06-23 21:31:02 +02:00
Daniel García
8f05a90b96
 		Fix some more nightly errors and remove lint that will become an error by default (#4661) 2024-06-20 20:25:40 +02:00
Daniel García
9082e7cebb
 		Fix some nightly build errors (#4657) 2024-06-20 09:35:52 +02:00
Mathijs van Veluw
55fdee3bf8
 		Update crates, web-vault and GHA (#4648) 
- Updated all crates including Diesel and the new mysqlclient-sys
- Updated the MSRV to v1.78 as that is what Diesel mandates
- Added the mimalloc crate as a patch for now to fix armv6 static builds
  This probably makes #4606 possible
- Updated web-vault to v2024.5.1
- Updated GitHub Actions
  Fixed an issue with the localhost images for extracting the musl binaries.
 2024-06-19 13:06:58 +02:00
Daniel García
377969ea67
 		Update rust and remove unused header values (#4645) 
* Update rust and remove unused header values

* Missed one unused var
 2024-06-16 22:05:17 +02:00
Mathijs van Veluw
f05398a6b3
 		Update admin interface dependencies (#4581) 
- Updated JS/CSS dependencies
- Fixed a small issue regarding DNS IP detection
  fixes #3946
  fixes #3947
 2024-05-25 15:39:36 +02:00
Timshel
9555ac7bb8
 		Remove compatibility route (#4578) 2024-05-25 15:29:58 +02:00
Stefan Melmuk
f01ef40a8e
 		differentiate external groups by organization id (#4586) 2024-05-25 15:20:36 +02:00
Daniel
8e7b27cc36
 		Update Alpine to version 3.20 (#4583) 
- needed to add double quotes, otherwise it was parsed as 3.2 instead of 3.20
 2024-05-25 15:19:53 +02:00
Daniel
d230ee087c
 		Fix web-vault version in Docker(files/Settings) (#4575) 2024-05-25 15:18:59 +02:00
Mathijs van Veluw
f8f14727b9
 		Update crates (#4587) 
- Update crates including rocket and rocket_ws
 2024-05-25 15:14:19 +02:00
FDHoho007
753a9e0bae
 		Fix public api for domains with path prefix (#4500) 2024-05-19 20:33:31 +02:00
Stefan Melmuk
f5fb69b64f
 		also delete organization_api_key (#4557) 2024-05-19 20:33:00 +02:00