mirrors/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2024-11-21 20:35:28 +03:00
Code Issues Projects Releases Packages Wiki Activity

Implement cipher key encryption (#3990)

Browse source
This commit is contained in:
Daniel García 2023-10-23 00:18:14 +02:00 committed by GitHub
parent 6eaf131922
commit cb4b683dcd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 29 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
migrations/mysql/2023-10-21-221242_add_cipher_key/down.sql Normal file
View file

2
migrations/mysql/2023-10-21-221242_add_cipher_key/up.sql Normal file
View file

@ -0,0 +1,2 @@
ALTER TABLE ciphers
ADD COLUMN "key" TEXT;

0
migrations/postgresql/2023-10-21-221242_add_cipher_key/down.sql Normal file
View file

2
migrations/postgresql/2023-10-21-221242_add_cipher_key/up.sql Normal file
View file

@ -0,0 +1,2 @@
ALTER TABLE ciphers
ADD COLUMN "key" TEXT;

0
migrations/sqlite/2023-10-21-221242_add_cipher_key/down.sql Normal file
View file

2
migrations/sqlite/2023-10-21-221242_add_cipher_key/up.sql Normal file
View file

@ -0,0 +1,2 @@
ALTER TABLE ciphers
ADD COLUMN "key" TEXT;

3
src/api/core/ciphers.rs
View file

@ -206,6 +206,8 @@ pub struct CipherData {
// TODO: Some of these might appear all the time, no need for Option // TODO: Some of these might appear all the time, no need for Option
OrganizationId: Option<String>, OrganizationId: Option<String>,
Key: Option<String>,
/* /*
Login = 1, Login = 1,
SecureNote = 2, SecureNote = 2,
@ -483,6 +485,7 @@ pub async fn update_cipher_from_data(
None => err!("Data missing"), None => err!("Data missing"),
}; };
cipher.key = data.Key;
cipher.name = data.Name; cipher.name = data.Name;
cipher.notes = data.Notes; cipher.notes = data.Notes;
cipher.fields = data.Fields.map(|f| _clean_cipher_data(f).to_string()); cipher.fields = data.Fields.map(|f| _clean_cipher_data(f).to_string());

13
src/api/core/mod.rs
View file

@ -194,7 +194,12 @@ fn version() -> Json<&'static str> {
fn config() -> Json<Value> { fn config() -> Json<Value> {
let domain = crate::CONFIG.domain(); let domain = crate::CONFIG.domain();
Json(json!({ Json(json!({
"version": crate::VERSION, // Note: The clients use this version to handle backwards compatibility concerns
// This means they expect a version that closely matches the Bitwarden server version
// We should make sure that we keep this updated when we support the new server features
// Version history:
// - Individual cipher key encryption: 2023.9.1
"version": "2023.9.1",
"gitHash": option_env!("GIT_REV"), "gitHash": option_env!("GIT_REV"),
"server": { "server": {
"name": "Vaultwarden", "name": "Vaultwarden",
@ -207,6 +212,12 @@ fn config() -> Json<Value> {
"notifications": format!("{domain}/notifications"), "notifications": format!("{domain}/notifications"),
"sso": "", "sso": "",
}, },
"featureStates": {
// Any feature flags that we want the clients to use
// Can check the enabled ones at:
// https://vault.bitwarden.com/api/config
"autofill-v2": true
},
"object": "config", "object": "config",
})) }))
} }

5
src/db/models/cipher.rs
View file

@ -23,6 +23,8 @@ db_object! {
pub user_uuid: Option<String>, pub user_uuid: Option<String>,
pub organization_uuid: Option<String>, pub organization_uuid: Option<String>,
pub key: Option<String>,
/* /*
Login = 1, Login = 1,
SecureNote = 2, SecureNote = 2,
@ -62,6 +64,8 @@ impl Cipher {
user_uuid: None, user_uuid: None,
organization_uuid: None, organization_uuid: None,
key: None,
atype, atype,
name, name,
@ -203,6 +207,7 @@ impl Cipher {
"DeletedDate": self.deleted_at.map_or(Value::Null, |d| Value::String(format_date(&d))), "DeletedDate": self.deleted_at.map_or(Value::Null, |d| Value::String(format_date(&d))),
"Reprompt": self.reprompt.unwrap_or(RepromptType::None as i32), "Reprompt": self.reprompt.unwrap_or(RepromptType::None as i32),
"OrganizationId": self.organization_uuid, "OrganizationId": self.organization_uuid,
"Key": self.key,
"Attachments": attachments_json, "Attachments": attachments_json,
// We have UseTotp set to true by default within the Organization model. // We have UseTotp set to true by default within the Organization model.
// This variable together with UsersGetPremium is used to show or hide the TOTP counter. // This variable together with UsersGetPremium is used to show or hide the TOTP counter.

1
src/db/schemas/mysql/schema.rs
View file

@ -15,6 +15,7 @@ table! {
updated_at -> Datetime, updated_at -> Datetime,
user_uuid -> Nullable<Text>, user_uuid -> Nullable<Text>,
organization_uuid -> Nullable<Text>, organization_uuid -> Nullable<Text>,
key -> Nullable<Text>,
atype -> Integer, atype -> Integer,
name -> Text, name -> Text,
notes -> Nullable<Text>, notes -> Nullable<Text>,

1
src/db/schemas/postgresql/schema.rs
View file

@ -15,6 +15,7 @@ table! {
updated_at -> Timestamp, updated_at -> Timestamp,
user_uuid -> Nullable<Text>, user_uuid -> Nullable<Text>,
organization_uuid -> Nullable<Text>, organization_uuid -> Nullable<Text>,
key -> Nullable<Text>,
atype -> Integer, atype -> Integer,
name -> Text, name -> Text,
notes -> Nullable<Text>, notes -> Nullable<Text>,

1
src/db/schemas/sqlite/schema.rs
View file

@ -15,6 +15,7 @@ table! {
updated_at -> Timestamp, updated_at -> Timestamp,
user_uuid -> Nullable<Text>, user_uuid -> Nullable<Text>,
organization_uuid -> Nullable<Text>, organization_uuid -> Nullable<Text>,
key -> Nullable<Text>,
atype -> Integer, atype -> Integer,
name -> Text, name -> Text,
notes -> Nullable<Text>, notes -> Nullable<Text>,