diff --git a/.hadolint.yaml b/.hadolint.yaml new file mode 100644 index 0000000..fb06a7c --- /dev/null +++ b/.hadolint.yaml @@ -0,0 +1,9 @@ +ignored: + # Disable Multiple consecutive `RUN` instructions check. + - DL3059 + # Disable pipefail check + - DL4006 + # Disable Shellcheck Quote check + - SC2046 +trustedRegistries: + - docker.io diff --git a/Dockerfile b/Dockerfile index f510573..00fb1df 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,10 @@ # docker cp $image_id:/bw_web_vault.tar.gz . # docker rm $image_id -FROM node:14.16.0-buster as build +FROM node:14-buster as build + +# Update NPM - Matching the bitwarden/web GH Action Workflow. +RUN npm -g install npm@7 # Prepare the folder to enable non-root, otherwise npm will refuse to run the postinstall RUN mkdir /vault @@ -22,14 +25,14 @@ USER node # Can be a tag, release, but prefer a commit hash because it's not changeable # https://github.com/bitwarden/web/commit/$VAULT_VERSION # -# Using https://github.com/bitwarden/web/releases/tag/v2.20.4 -ARG VAULT_VERSION=daf641e978ea381cc744a4b7265e64de338101d1 +# Using https://github.com/bitwarden/web/releases/tag/v2.21.1 +ARG VAULT_VERSION=62cd45030ad5b0a0bdbd08f0579f8ffac91a48a4 RUN git clone https://github.com/bitwarden/web.git /vault WORKDIR /vault -RUN git checkout "$VAULT_VERSION" -RUN git submodule update --recursive --init +RUN git checkout "$VAULT_VERSION" && \ + git submodule update --recursive --init COPY --chown=node:node patches /patches COPY --chown=node:node apply_patches.sh /apply_patches.sh @@ -37,8 +40,8 @@ COPY --chown=node:node apply_patches.sh /apply_patches.sh RUN bash /apply_patches.sh # Build -RUN npm install -RUN npm audit fix +RUN npm ci +RUN npm audit fix || true RUN npm run dist RUN printf '{"version":"%s"}' \ @@ -55,6 +58,7 @@ RUN tar -czvf "bw_web_vault.tar.gz" web-vault --owner=0 --group=0 # We copy the final result as a separate empty image so there's no need to download all the intermediate steps # The result is included both uncompressed and as a tar.gz, to be able to use it in the docker images and the github releases directly FROM scratch +# hadolint ignore=DL3010 COPY --from=build /vault/bw_web_vault.tar.gz /bw_web_vault.tar.gz COPY --from=build /vault/web-vault /web-vault # Added so docker create works, can't actually run a scratch image diff --git a/package_web_vault.sh b/package_web_vault.sh index 1ca3387..2ac50bb 100755 --- a/package_web_vault.sh +++ b/package_web_vault.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -o pipefail -o errexit # Error handling @@ -18,11 +18,13 @@ VAULT_FOLDER=web-vault OUTPUT_FOLDER=builds OUTPUT_NAME="$OUTPUT_FOLDER/bw_web_$VAULT_VERSION.tar.gz" +npm install npm@7 + mkdir -p "$OUTPUT_FOLDER" # If this is the first time, clone the project if [ ! -d "$VAULT_FOLDER" ]; then - git clone --recurse-submodules https://github.com/bitwarden/web.git "$VAULT_FOLDER" + git clone https://github.com/bitwarden/web.git "$VAULT_FOLDER" fi cd $VAULT_FOLDER @@ -31,7 +33,7 @@ cd $VAULT_FOLDER git checkout -f # Update branch -git fetch --tags +git fetch --tags --all git pull origin master # Checkput the branch we want @@ -45,8 +47,8 @@ git submodule update --recursive --init . ../apply_patches.sh # Build -npm install -npm audit fix +npm ci +npm audit fix || true npm run dist # Delete debugging map files, optional @@ -54,10 +56,10 @@ npm run dist # Create bwrs-version.json with the latest tag from the remote repo. printf '{"version":"%s"}' \ - $(git -c 'versionsort.suffix=-' ls-remote --tags --sort='v:refname' https://github.com/dani-garcia/bw_web_builds.git 'v*' | tail -n1 | sed -E 's#.*?refs/tags/v##') \ + "$(git -c 'versionsort.suffix=-' ls-remote --tags --sort='v:refname' https://github.com/dani-garcia/bw_web_builds.git 'v*' | tail -n1 | sed -E 's#.*?refs/tags/v##')" \ > build/bwrs-version.json # Prepare the final archives mv build web-vault tar -czvf "../$OUTPUT_NAME" web-vault --owner=0 --group=0 -mv web-vault build \ No newline at end of file +mv web-vault build diff --git a/patches/v2.21.1.patch b/patches/v2.21.1.patch new file mode 100644 index 0000000..a3ac3bd --- /dev/null +++ b/patches/v2.21.1.patch @@ -0,0 +1,278 @@ +Submodule jslib contains modified content +diff --git a/jslib/angular/src/components/register.component.ts b/jslib/angular/src/components/register.component.ts +index 53ec3c8..a6c9150 100644 +--- a/jslib/angular/src/components/register.component.ts ++++ b/jslib/angular/src/components/register.component.ts +@@ -24,7 +24,7 @@ export class RegisterComponent { + formPromise: Promise; + masterPasswordScore: number; + referenceData: ReferenceEventRequest; +- showTerms = true; ++ showTerms = false; + acceptPolicies: boolean = false; + + protected successRoute = 'login'; +@@ -35,7 +35,7 @@ export class RegisterComponent { + protected apiService: ApiService, protected stateService: StateService, + protected platformUtilsService: PlatformUtilsService, + protected passwordGenerationService: PasswordGenerationService) { +- this.showTerms = !platformUtilsService.isSelfHost(); ++ this.showTerms = false; + } + + get masterPasswordScoreWidth() { +@@ -69,6 +69,12 @@ export class RegisterComponent { + } + + async submit() { ++ if (typeof crypto.subtle === 'undefined') { ++ this.platformUtilsService.showToast('error', "This browser requires HTTPS to use the web vault", ++ "Check the Vaultwarden wiki for details on how to enable it"); ++ return; ++ } ++ + if (!this.acceptPolicies && this.showTerms) { + this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'), + this.i18nService.t('acceptPoliciesError')); +@@ -130,6 +136,7 @@ export class RegisterComponent { + this.hint, encKey[1].encryptedString, kdf, kdfIterations, this.referenceData); + request.keys = new KeysRequest(keys[0], keys[1].encryptedString); + const orgInvite = await this.stateService.get('orgInvitation'); ++ console.log(orgInvite); + if (orgInvite != null && orgInvite.token != null && orgInvite.organizationUserId != null) { + request.token = orgInvite.token; + request.organizationUserId = orgInvite.organizationUserId; +diff --git a/src/404.html b/src/404.html +index eba36375..cb8883ec 100644 +--- a/src/404.html ++++ b/src/404.html +@@ -41,10 +41,10 @@ + +

+

You can return to the web vault, check our status page +- or contact us.

++ or contact us.

+ + + + +diff --git a/src/app/app.component.ts b/src/app/app.component.ts +index 2922cf09..8f2be1ad 100644 +--- a/src/app/app.component.ts ++++ b/src/app/app.component.ts +@@ -146,6 +146,10 @@ export class AppComponent implements OnDestroy, OnInit { + } + break; + case 'showToast': ++ if (typeof message.text === "string" && typeof crypto.subtle === 'undefined') { ++ message.title="This browser requires HTTPS to use the web vault"; ++ message.text="Check the Vaultwarden wiki for details on how to enable it"; ++ } + this.showToast(message); + break; + case 'setFullWidth': +diff --git a/src/app/layouts/footer.component.html b/src/app/layouts/footer.component.html +index b001b9e3..c1bd2ac8 100644 +--- a/src/app/layouts/footer.component.html ++++ b/src/app/layouts/footer.component.html +@@ -1,7 +1,7 @@ +