Commit graph

259 commits

Author SHA1 Message Date
BlackDex
f270f2ed65 Updated icon fetching and crates.
- Updated some crates
- Updated icon fetching code:
  + Use a cookie jar and set Max-Age to 2 minutes for all cookies
  + Locate the base href tag to fix some locations
  + Changed User-Agent (Helps on some sites to get HTML instead of JS)
  + Reduced HTML code limit from 512KB to 384KB
  + Allow some large icons higer-up in the sort
  + Allow GIF images
  + Ignore cookie_store and hyper::client debug messages
2021-05-16 15:29:13 +02:00
BlackDex
7cb19ef767 Updated branding, email and crates
- Updated branding for admin and emails
- Updated crates and some deprications
- Removed newline-converter because this is built-in into lettre
- Updated email templates to use a shared header and footer template
- Also trigger SMTP SSL When TLS is selected without SSL
  Resolves #1641
2021-05-08 17:46:31 +02:00
Daniel García
f76b8a32ca
Update dependencies 2021-05-02 17:48:06 +02:00
rkowalewski
48482fece0
Merge branch 'main' into fix-libressl-332 2021-04-29 08:34:10 +02:00
Roger Kowalewski
1dc1d4df72 update openssl crate to support LibreSSL 3.3.2 2021-04-29 10:04:08 +02:00
Daniel García
34ea10475d
Project renaming 2021-04-27 23:18:32 +02:00
Daniel García
ced7f1771a
Update dependencies 2021-04-15 18:38:00 +02:00
Jake Howard
f7056bcaa5
Enable socks feature for reqwest
This allowed HTTP_PROXY be set with a socks5 proxy
2021-04-07 19:25:02 +01:00
Jeremy Lin
73ff8d79f7 Add a generic job scheduler
Also rewrite deletion of old sends using the job scheduler.
2021-04-05 23:07:15 -07:00
BlackDex
3a3390963c Icon and SMTP Debug fixes.
- We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584
- Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149
- Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons.

Fixes #1540
2021-03-29 10:27:58 +02:00
Daniel García
3e4ff47a38
Update dependencies, particularly openssl to 1.1.1k 2021-03-25 20:05:20 +01:00
Daniel García
f9ebb780f9
Update dependencies 2021-03-22 20:00:57 +01:00
Daniel García
431462d839
Update dependencies and enable serde integration for chrono 2021-03-13 22:02:11 +01:00
Daniel García
dad1b1bee9
Updated dependencies 2021-03-06 22:04:01 +01:00
Daniel García
9117095764
Update dependencies and web vault 2021-02-24 20:30:19 +01:00
Daniel García
c836f88ff2
Remove soup and use a newer html5ever directly 2021-02-07 22:28:02 +01:00
Daniel García
8b660ae090
Swap structopt for a simpler alternative 2021-02-07 20:10:40 +01:00
Daniel García
0680638933
Update dependencies 2021-02-06 16:49:28 +01:00
BlackDex
5860679624 Updated dependencies and small mail fixes
- Updated rust nightly
- Updated depenencies
- Removed unicode support for regex (less dependencies)
- Fixed dependency and nightly changes/deprications
- Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
Daniel García
46df3ee7cd
Updated insecure ws dependency and general dep updates 2020-12-15 22:23:12 +01:00
BlackDex
d46a6ac687 Updated dependencies and Dockerfiles
- Updated crates
- Updated rust-toolchain
- Updated Dockerfile to use latest rust 1.48 version
- Updated AMD64 Alpine to use same version as rust-toolchain and support
  PostgreSQL.
- Updated Rocket to the commit right before they updated hyper.
  Until that update there were some crates updated and some small fixes.
  After that build fails and we probably need to make some changes
(which is probably something already done in the async branch)
2020-12-04 13:38:42 +01:00
BlackDex
6faaeaae66 Updated email processing.
- Added an option to enable smtp debugging via SMTP_DEBUG. This will
  trigger a trace of the smtp commands sent/received to/from the mail
server. Useful when troubleshooting.
- Added two options to ignore invalid certificates which either do not
  match at all, or only doesn't match the hostname.
- Updated lettre to the latest alpha.4 version.
2020-11-18 12:07:08 +01:00
Daniel García
63acc8619b
Update dependencies 2020-11-07 23:01:04 +01:00
Daniel García
c577ade90e
Updated dependencies 2020-10-15 23:44:35 +02:00
Daniel García
ab4355cfed
Updated web vault, dependencies and base docker images 2020-10-03 20:50:13 +02:00
Eduardo Sánchez Muñoz
2f7fbde789 Add vendored_openssl feature.
This feature enables the `vendored` feature from the `openssl` crate and build a statically linked version of openssl.
2020-09-25 23:25:53 +02:00
Daniel García
dbc082dc75
Update web vault to 2.16.0 and dependencies 2020-09-19 22:01:14 +02:00
BlackDex
844cf70345 Updated lettre (and other crates) and workflow.
General:
- Updated several dependancies

Lettre:
- Updateded lettere and the workflow
- Changed encoding to base64
- Convert unix newlines to dos newlines for e-mails.
- Created custom e-mail boundary (auto generated could cause errors)

Tested the e-mails sent using several clients (Linux, Windows, MacOS, Web).
Run msglint (https://tools.ietf.org/tools/msglint/) on the generated e-mails until all errors were gone.

Lettre has changed quite some stuff compared between alpha.1 and alpha.2, i haven't noticed any issues sending e-mails during my tests.
2020-09-11 23:52:20 +02:00
Daniel García
0822c0c128
Update admin page dependencies 2020-08-31 16:40:21 +02:00
Daniel García
062f5e4712
Update dependencies 2020-08-28 22:11:55 +02:00
Daniel García
0365b7c6a4
Add support for multiple simultaneous database features by using macros.
Diesel requires the following changes:
- Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type
- Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names
- Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones
- Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-24 20:11:17 +02:00
Jeremy Lin
d9684bef6b Generate tokens more simply and uniformly 2020-08-22 16:07:53 -07:00
Daniel García
171b174ce9
Update dependencies 2020-08-12 18:46:28 +02:00
Daniel García
32cfaab5ee
Updated dependencies and changed rocket request imports 2020-07-23 21:07:04 +02:00
Daniel García
fb6f96f5c3
Updated dependencies 2020-07-14 16:08:11 +02:00
Jeremy Lin
a28ebcb401 Use local time in email notifications for new device logins
In this implementation, the `TZ` environment variable must be set
in order for the formatted output to use a more user-friendly
time zone abbreviation (e.g., `UTC`). Otherwise, the output uses
the time zone's UTC offset (e.g., `+00:00`).
2020-07-07 21:30:18 -07:00
Daniel García
596c9b8691
Add option to set name during HELO in email settings 2020-07-05 01:59:15 +02:00
Daniel García
d4357eb55a
Updated dependencies ans web vault version 2020-07-05 01:38:16 +02:00
Daniel García
b34d548246
Update dependencies 2020-06-22 17:15:20 +02:00
Daniel García
a2411eef56
Updated dependencies 2020-06-15 23:04:52 +02:00
Daniel García
5e802f8aa3
Update lettre to alpha release instead of git commit, and update the rest of dependencies while we are at it 2020-05-31 17:58:06 +02:00
Daniel García
80d4061d14
Update dependencies 2020-05-14 00:18:18 +02:00
Daniel García
6c5e35ce5c
Change the mails content types to more closely match what we sent before 2020-05-07 00:51:46 +02:00
Daniel García
63cbd9ef9c
Update lettre to latest master 2020-05-03 17:41:53 +02:00
Daniel García
9cca64003a
Remove unused dependency and simple feature, update dependencies and fix some clippy lints 2020-05-03 17:24:51 +02:00
Daniel García
4be8dae626
Make web vault show a more informative error when browsers block WebCrypto in insecure contexts and update dependencies 2020-04-09 22:54:31 +02:00
Daniel García
ccf6ee79d0
Update dependencies, mainly diesel and sqlite 2020-03-24 20:36:19 +01:00
Daniel García
7d9c7017c9
Merge pull request #911 from BlackDex/upgrade-rocket
Upgrade rocket
2020-03-16 18:17:17 +01:00
BlackDex
bd09fe1a3d Updated code so backtraces are logged also. 2020-03-16 17:53:22 +01:00
BlackDex
3ce0c3d1a5 Update dependencies
Primarily updating rocket, which needed some dependencies

Latest versions of:
 - ring
 - time
 - jsonwebtoken
 - yubico
 - rocket (git)
2020-03-16 16:32:33 +01:00
BlackDex
1b4b40c95d Updated reqwest to the latest version.
- Use the blocking client (no async).
- Disabled gzip.
- use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
Daniel García
70f3ab8ec3
Migrate lazy_static to once_cell, less macro magic and slightly faster 2020-03-09 22:04:03 +01:00
Daniel García
b6612e90ca
Update dependencies 2020-03-09 22:00:59 +01:00
zethra
cc404b4edc
Added command line flags for help and version
Signed-off-by: zethra <benaagoldberg@gmail.com>
2020-03-02 15:51:57 -05:00
Daniel García
def174a517
Convert email domains to punycode 2020-01-30 22:11:53 +01:00
Daniel García
ff7b4a3d38
Update handlebars to 3.0 which included performance improvements.
Updated lettre to newer git revision, which should give better error messages now.
2020-01-26 15:29:14 +01:00
Daniel García
84ed185579
Update u2f to 0.2, which requires OpenSSL but also might solve the problems we've had with certificates.
The rust image doesn't need installing curl or tar, so removed. Also collapsed ENV lines.
2020-01-19 21:34:13 +01:00
Daniel García
9ebca99290
Update dependencies 2020-01-10 18:37:16 +01:00
Daniel García
c058a1d63c
Make sure handlebars is not updated, as the next patch version has breaking changes 2020-01-05 00:12:35 +01:00
Daniel García
95dd1cd7ad
Use rmp upstream version 2019-12-31 02:00:16 +01:00
Daniel García
4cec502f7b
Update docker images to alpine 3.11 and rust 1.40 2019-12-22 21:42:13 +01:00
Daniel García
f09996a21d
Updated dependencies 2019-12-15 15:43:56 +01:00
Daniel García
a5aa4d9b54
Updated dependencies 2019-12-06 22:07:25 +01:00
Daniel García
1e224220a8
Updated deps and fixed some lints 2019-11-28 21:59:05 +01:00
Daniel García
607521c88f
Updated dependencies 2019-11-24 14:50:43 +01:00
BlackDex
b209c1bc4d Add an option to fetch and parse href="data:image"
Some sites are using base64 encoded inline images for favicons.
This will try to match those with some sane checks and return that.
These icons will have lower prio then the icons with a normal URL.
2019-11-22 13:16:12 +01:00
Daniel García
cbadf00941
Update web vault to fix twofactorauth.org integration
Update dependencies and toolchain
Update included equivalent domains with upstream changes
2019-11-19 20:30:09 +01:00
BlackDex
cbb92bcbc0 Updated dependencies
Updated some dependencies and used a git patch for lettre addressing
timeouts.
2019-11-06 21:37:51 +01:00
BlackDex
3442eb1b9d Trying to fix issue #687
- Using an older commit from rocket repo
2019-11-04 14:30:24 +01:00
Daniel García
72a46fb386
Update dependencies 2019-11-02 17:39:27 +01:00
Daniel García
fccc0a4b05
Update rocket to latest master
Downgrade rust version to fix cargo issue
Set rustup profile to minimal
2019-10-25 21:48:10 +02:00
Daniel García
57b1d3f850
Update dependencies and docker base images 2019-10-24 20:37:17 +02:00
Daniel García
83fd44eeef
Update rust version and use minimal profile for CI 2019-10-15 21:21:37 +02:00
Daniel García
d3bd2774dc
Update dependencies to use newer SQLite 2019-10-11 22:49:47 +02:00
Daniel García
662bc27523
Updated dependencies and fixed disable_admin_token description 2019-10-08 19:33:27 +02:00
Daniel García
b73ff886c3
Use upstream rmp 2019-09-17 19:47:51 +02:00
Michael Powers
f5f9861a78
Adds support for PostgreSQL which resolves #87 and is mentioned in #246.
This includes migrations as well as Dockerfile's for amd64.

The biggest change is that replace_into isn't supported by Diesel for the
PostgreSQL backend, instead requiring the use of on_conflict. This
unfortunately requires a branch for save() on all of the models currently
using replace_into.
2019-09-12 16:12:22 -04:00
Daniel García
df8114f8be
Updated client kdf iterations to 100000 and fixed some lints 2019-09-05 21:56:12 +02:00
Daniel García
e3404dd322
Use the local scripts instead of cloudflare, remove jquery and update config so disabling a master toggle doesn't remove the values 2019-08-31 17:47:52 +02:00
Daniel García
469318bcbd
Updated dependencies and web vault version 2019-08-27 21:14:15 +02:00
Daniel García
9101d6e48f
Update dependencies 2019-08-18 19:31:54 +02:00
Daniel García
c9c3f07171
Updated dependencies and fixed panic getting icons 2019-07-30 19:42:05 +02:00
Daniel García
05a1137828
Move backend checks to build.rs to fail fast, and updated dependencies 2019-07-09 17:26:34 +02:00
Nick Fox
2e300da057
Fix #468 - Percent-encode the email address in invite link 2019-07-02 22:55:13 -04:00
Daniel García
76f38621de
Update dependencies and remove unwraps from Cipher::to_json 2019-06-14 22:51:50 +02:00
Daniel García
9add8e19eb
Update dependencies and remove travis unused feature 2019-06-02 00:28:20 +02:00
Emil Madsen
ab95a69dc8 Rework migrations for MySQL 2019-05-20 21:12:41 +02:00
Daniel García
c0b2877da3
Update deps and swap back to official u2f crate again 2019-05-17 15:39:36 +02:00
Daniel García
95f833aacd
Update dependencies to use new ring 2019-05-15 18:10:25 +02:00
Daniel García
4f45cc081f
Update ring to 0.14, jwt to 6.0, and u2f 2019-05-11 23:18:18 +02:00
Daniel García
2a4cd24c60
Updated web vault to hide org plans again and updated dependencies 2019-05-11 22:27:51 +02:00
Daniel García
eadab2e9ca
Updated dependencies 2019-04-26 22:07:00 +02:00
Daniel García
621f607297
Update dependencies and fix some warnings 2019-04-11 15:40:19 +02:00
Daniel García
cfbeb56371
Implement user duo, initial version
TODO:
- At the moment each user needs to configure a DUO application and input the API keys, we need to check if multiple users can register with the same keys correctly and if so we could implement a global setting.
- Sometimes the Duo frame doesn't load correctly, but canceling, reloading the page and logging in again seems to fix it for me.
2019-04-05 22:09:53 +02:00
Daniel García
3bb46ce496
Make the syslog crate non-optional when available 2019-04-02 22:35:22 +02:00
Daniel García
c5832f2b30
With the latest fern, syslog can be a config option instead of a build flag 2019-03-29 20:27:20 +01:00
BlackDex
6b686c18f7 Fixed long e-mail message extending 1000 lines.
- Added quoted_printable crate to encode the e-mail messages.
- Change the way the e-mail gets build to use custom part headers.
2019-03-25 09:48:19 +01:00
Daniel García
349cb33fbd
Updated dependencies 2019-03-23 19:48:22 +01:00
Daniel García
084bc2aee3
Use final release of lettre and update dependencies 2019-03-17 14:43:22 +01:00
Daniel García
a25bfdd16d
Remove unused features from multipart (integration with other servers) 2019-03-13 15:57:00 +01:00
Daniel García
27872f476e
Update dependencies 2019-03-07 20:22:08 +01:00
Daniel García
04922f6aa0
Some formatting and dependency updates 2019-03-03 16:11:55 +01:00
Daniel García
10756b0920
Update dependencies and fix some lints 2019-02-27 17:21:04 +01:00
Daniel García
5ee04e31e5
Updated dependencies, removed some unnecessary clones and fixed some lints 2019-02-20 17:54:18 +01:00
Daniel García
274ea9a4f2
Use the latest fast_chemail crate directly, with the fix 2019-02-15 14:39:30 +01:00
Daniel García
ff2fbd322e
Update deps and fix email check 2019-02-12 15:01:02 +01:00
Daniel García
3db815b969
Implemented config form and fixed config priority 2019-02-06 17:34:30 +01:00
Daniel García
20d8d800f3
Updated dependencies 2019-02-06 17:34:29 +01:00
BlackDex
9657463717 Added better favicon downloader. 2019-01-27 15:39:19 +01:00
Daniel García
a1dc47b826
Change config to thread-safe system, needed for a future config panel.
Improved some two factor methods.
2019-01-25 18:24:57 +01:00
Daniel García
9d027b96d8
Update web-vault to fix U2F NotTrustedAnchor error 2019-01-24 18:43:22 +01:00
Daniel García
ce42b07a80
Update Diesel to 1.4 and other dependencies 2019-01-21 15:29:52 +01:00
Daniel García
e0aec8d373
Use new i64::to_be_bytes and remove byteorder dep
(https://doc.rust-lang.org/stable/std/primitive.i64.html#method.to_be_bytes)
2019-01-16 22:14:17 +01:00
Daniel García
979b6305af
Update dependencies 2019-01-15 15:30:12 +01:00
Daniel García
19b6bb0fd6
Initial stab at templates 2019-01-15 15:28:46 +01:00
Daniel García
60f6a350be
Update yubico to fix OpenSSL error 2019-01-13 14:37:17 +01:00
Daniel García
de51bc782e
Updated dependencies, removing need for yubico fork 2019-01-12 15:23:46 +01:00
Daniel García
1d034749f7
Fix AArch64 build by disabling yubico 2019-01-10 23:54:01 +01:00
Daniel García
1b11445bb2
Update dependencies and web vault 2019-01-08 20:28:17 +01:00
Daniel García
5f49ecd7f3
Updated dependencies to use u2f crate directly, and some style changes 2019-01-04 00:25:38 +01:00
Daniel García
adb8052689
Updated Error to implement Display and Debug, instead of using custom methods 2018-12-30 21:43:56 +01:00
Daniel García
f2ab25085d
Updated dependencies, and dockerfiles to use NodeJS 10 LTS 2018-12-11 16:42:52 +01:00
Daniel García
2fde4e6933
Implemented proper logging, with support for file logging, timestamp and syslog (this last one is untested) 2018-12-06 20:35:25 +01:00
Daniel García
259a2f2982
Updated rocket to final release 2018-12-06 20:15:22 +01:00
Daniel García
2129946d14
Updated deps and web vault to 2.6.1 2018-12-03 20:28:13 +01:00
Daniel García
8b5d97790f
Updated rocket to rc2 and rest of dependencies 2018-12-01 14:29:19 +01:00
Daniel García
9ecb29883c
Merge branch 'master' into rocket-0.4
# Conflicts:
#	Cargo.lock
2018-11-19 20:59:41 +01:00
Daniel García
8b3e87cfe0
Update lockfile to fix yubico error 2018-11-19 20:58:59 +01:00
Daniel García
5edbd0e952
Merge branch 'master' into rocket-0.4
# Conflicts:
#	Cargo.lock
#	Cargo.toml
#	src/api/core/mod.rs
2018-11-19 19:52:43 +01:00
Stepan Fedorko-Bartos
5a8d5e426d Switches to Downstream yubico with Optional libusb 2018-11-16 11:28:20 -07:00
Stepan Fedorko-Bartos
24a4478b5c Adds yubico-rs library dep 2018-11-15 18:34:17 -07:00
Daniel García
c673370103
Updated bw_rs to Rocket version 0.4-rc1 2018-11-01 19:25:09 +01:00
Daniel García
7112c86471
Updated dependencies, removed valid mail check (now done by lettre), and updated global domains file 2018-10-04 00:01:04 +02:00
Daniel García
c169095128
Update dependencies to point to upstream lettre 2018-09-20 22:45:19 +02:00
Daniel García
3df31e3464
Temp fix for OpenSSL 1.1.1 compatibility 2018-09-19 21:45:50 +02:00
Daniel García
638a0fd3c3
Updated dependencies 2018-09-19 21:43:03 +02:00
Daniel García
928e2424c0
Updated dependencies and fixed errors 2018-09-13 16:05:13 +02:00
Daniel García
d70864ac73 Initial version of websockets notification support.
For now only folder notifications are sent (create, rename, delete).
The notifications are only tested between two web-vault sessions in different browsers, mobile apps and browser extensions are untested.

The websocket server is exposed in port 3012, while the rocket server is exposed in another port (8000 by default). To make notifications work, both should be accessible in the same port, which requires a reverse proxy.

My testing is done with Caddy server, and the following config:

```
localhost {

    # The negotiation endpoint is also proxied to Rocket
    proxy /notifications/hub/negotiate 0.0.0.0:8000 {
        transparent
    }

    # Notifications redirected to the websockets server
    proxy /notifications/hub 0.0.0.0:3012 {
        websocket
    }

    # Proxy the Root directory to Rocket
    proxy / 0.0.0.0:8000 {
        transparent
    }
}
```

This exposes the service in port 2015.
2018-08-30 17:58:53 +02:00
Daniel García
39891e86a0 Updated dependencies, added Travis CI integration and some badges 2018-08-24 17:07:11 +02:00
Daniel García
a291dea16f Updated dependencies and Docker image to new web-vault 2018-07-21 17:27:00 +02:00
Daniel García
03172a6cd7 Bump version to 0.10.0 2018-07-13 16:06:01 +02:00
Daniel García
dae92b9018 Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device. 2018-07-12 22:22:10 +02:00
Daniel García
7d01947173 Updated dependencies and rust version 2018-06-29 23:18:19 +02:00
Daniel García
f72efa899e Updated dependencies and created 'rust-toolchain', to mark a working nightly to rustup users, and hopefully avoid some nightly breakage. 2018-06-12 17:30:36 +02:00
Daniel García
f1b4a146ae Updated version 2018-06-01 16:06:25 +02:00
Daniel García
b46e9c936d Updated dependencies and removed some warnings from jsonwebtoken 2018-06-01 15:34:26 +02:00
Miroslav Prasil
103acd1747 Update rocket to 0.3.12 2018-06-01 13:19:05 +01:00
Miroslav Prasil
571ef6823d Update rocket to 0.3.11 2018-05-21 13:20:34 +01:00
Daniel García
8298795087 Update dependencies and bundle SQLite with the program, so we have one less dependency to install separately 2018-05-07 21:33:54 +02:00
Daniel García
3a1321a5a9 Updated some dependencies and removed old unused attribute that might create compile errors 2018-04-24 15:49:38 +02:00