Commit graph

1046 commits

Author SHA1 Message Date
BlackDex
42b9cc73ac
Fix issue 2737, unable to create org
There was a small oversight on upgrading to v2022.9.0 web-vault version.
It seems the call to the /plans/ endpoint doesn't provide authentication anymore.

Removed this check and it seems to work again.

Fixes #2737
2022-09-12 14:10:54 +02:00
Daniel García
edca4248aa
Use optional env as this variable isn't defined during CI 2022-09-08 18:01:27 +02:00
Daniel García
818b254cef
Implement config endpoint 2022-09-08 17:38:00 +02:00
Daniel García
8b5c945bad
Merge branch 'web-vault-v2022.9-support' of https://github.com/BlackDex/vaultwarden into BlackDex-web-vault-v2022.9-support 2022-09-08 16:30:41 +02:00
BlackDex
94be67eac1
Added support for web-vault v2022.9
- The new web-vault version supports fastmail.com anon email, add the
  correct api host to support it.
- Removed Firefox Relay, this seems only to be supported on SaaS.
- Added a function to the two-factor api to prevent 404 errors.
2022-09-07 20:48:48 +02:00
BlackDex
5a05139efe
Change the handling of login errors.
Previously FlashMessage was used to provide an error message during login.
This PR changes that flow to not use redirect for this, but renders the HTML and responds using the correct status code where needed. This should solve some issues which were reported in the past.

Thanks to @RealOrangeOne, for initiating this with a PR.

Fixes #2448
Fixes #2712
Closes #2715

Co-authored-by: Jake Howard <git@theorangeone.net>
2022-09-06 17:27:20 +02:00
Daniel García
7598997deb
Merge branch 'org-user-revoke-access' of https://github.com/BlackDex/vaultwarden into BlackDex-org-user-revoke-access 2022-09-04 23:04:15 +02:00
BlackDex
1722742ab3
Add Org user revoke feature
This PR adds a the new v2022.8.x revoke feature which allows an
organization owner or admin to revoke access for one or more users.

This PR also fixes several permissions and policy checks which were faulty.

- Modified some functions to use DB Count features instead of iter/count aftwards.
- Rearanged some if statements (faster matching or just one if instead of nested if's)
- Added and fixed several policy checks where needed
- Some small updates on some response models
- Made some functions require an enum instead of an i32
2022-08-20 16:42:36 +02:00
Hagen Tasche
d9c0eb3cfc
Update two external Links to prevent tabnabbing
Added noopener to prevent tabnabbing
2022-08-17 08:14:19 +02:00
Hagen Tasche
0d990e1dc0
Open Externallink in new Tab
The link to the backup documentation was opened in the active tab.
With this change it will open in a new tab and prevent tabnabbing
2022-08-17 08:00:46 +02:00
BlackDex
abfa868423
Mitigate attachment/send upload issues
This PR attends to mitigate (not fix) #2644.
There seems to be an issue when uploading files either as attachment or
via send via the mobile (Android) client.

The binary data gets transfered correctly to Vaultwarden (Checked via
Wireshark), but the data is not parsed correctly for some reason.

Since the parsing is not done by Vaultwarden it self, i think we should
at least try to prevent saving the data and letting users think all
fine.

Further investigation is needed to actually fix this issue.
This is just a quick patch.
2022-07-27 17:12:04 +02:00
BlackDex
9a787dd105
Fix persistent folder check within containers
The previous persistent folder check worked by checking if a file
exists. If you used a bind-mount, then this file is not there. But when
using a docker/podman volume those files are copied, and caused the
container to not start.

This change checks the `/proc/self/mountinfo` for a specific patern to
see if the data folder is persistent or not.

Fixes #2622
2022-07-20 13:29:39 +02:00
BlackDex
0f95bdc9bb
Fix issue with CSP and icon redirects
When using anything else but the `internal` icon service it would
trigger an CSP block because the redirects were not allowed.

This PR fixes #2623 by dynamically adding the needed CSP strings.
This should also work with custom services.

For Google i needed to add an extra check because that does a redirect
it self to there gstatic.com domain.
2022-07-17 16:21:03 +02:00
Daniel García
c9376e3126
Remove read_file and read_file_string and replace them with the std alternatives 2022-07-15 19:13:26 +02:00
Daniel García
e167798449
Merge branch 'more-clippy-checks' of https://github.com/BlackDex/vaultwarden into BlackDex-more-clippy-checks 2022-07-15 19:05:54 +02:00
Daniel García
fc5928772b
Move around comments 2022-07-15 19:05:38 +02:00
BlackDex
55d7c48b1d
Add more clippy checks for better code/readability
A bit inspired by @paolobarbolini from this commit at lettre https://github.com/lettre/lettre/pull/784 .
I added a few more clippy lints here, and fixed the resulted issues.

Overall i think this could help in preventing future issues, and maybe
even peformance problems. It also makes some code a bit more clear.

We could always add more if we want to, i left a few out which i think
arn't that huge of an issue. Some like the `unused_async` are nice,
which resulted in a few `async` removals.

Some others are maybe a bit more estatic, like `string_to_string`, but i
think it looks better to use `clone` in those cases instead of `to_string` while they already are a string.
2022-07-10 16:39:38 +02:00
Yip Rui Fung
bf623eed7f Use if let instead of a match with empty block. 2022-07-09 11:43:00 +08:00
Yip Rui Fung
84bcac0112 Apply rustfmt.
Because apparently CLion's default formatting is not the same as rustfmt for some reason.
2022-07-09 10:49:51 +08:00
Yip Rui Fung
31595888ea Use match to avoid ownership issues on the TempFile / file_path variables in closures. 2022-07-09 10:33:27 +08:00
Yip Rui Fung
5c38b2c4eb Remove option and use unwrap_or_else to fall back to copy behavior. 2022-07-09 08:53:00 +08:00
Yip Rui Fung
ebe9162af9 Add option to make file uploads use move_copy_to instead of persist_to
This is to support scenarios where the attachments and sends folder are to be stored on a separate device from the tmp_folder (i.e. fuse-mounted S3 storage), due to having the tmp_dir on the same device being undesirable.

Example being fuse-mounted S3 storage with the reasoning that because S3 basically requires a copy+delete operations to rename files, it's inefficient to rename files on device, if it's even allowed.
2022-07-09 01:19:00 +08:00
Daniel García
b64cf27038
Upgrade dependencies and swap lettre to async transport 2022-07-06 23:57:37 +02:00
Jeremy Lin
5e13b1a7cb Add password_hints_allowed config option
Disabling password hints is mainly useful for admins who are concerned that
their users might provide password hints that are too revealing.
2022-06-30 20:46:17 -07:00
Daniel García
221a11de9b
Merge branch 'log-level-adjustment' of https://github.com/BlackDex/vaultwarden into BlackDex-log-level-adjustment 2022-06-26 21:54:48 +02:00
Daniel García
c9934ccdb7
Merge branch 'fix-issue-2570' of https://github.com/BlackDex/vaultwarden into BlackDex-fix-issue-2570 2022-06-26 21:54:22 +02:00
Daniel García
f1a86acb98
Merge branch 'optimize-icon-html-parsing' of https://github.com/BlackDex/vaultwarden into BlackDex-optimize-icon-html-parsing 2022-06-26 21:54:03 +02:00
Daniel García
bf403fee7d
Merge branch 'fix-issue-2566' of https://github.com/BlackDex/vaultwarden into BlackDex-fix-issue-2566 2022-06-26 21:52:59 +02:00
BlackDex
45d3b479bc
Small change in log-level for better debugging
Regarding some recent issues with sending attachments, but previously
also some changes to the API for example which could cause a `400` error
it just returned that there is something wrong, but not to much details
on what exactly.

To help with getting a bit more detailed information, we should set the
log-level for `_` to at least `Warn`.
2022-06-26 14:49:26 +02:00
BlackDex
c7a752b01d
Update dep's and small improvements on favicons
- Updated dependencies (html5gum for favicon downloading)
  * Also openssl, time, jsonwebtoken and r2d2
- Small optimizations on downloading favicons.
  It now only emits tokens/tags which needs to be parsed, all others are
  being skipped. This prevents unneeded items within the for-loop being
  parsed.
2022-06-25 11:29:08 +02:00
BlackDex
099d359628
Fix identicons not always working
Fixes #2570
Reverted the `defer` option for these scripts, seems to cause some
issues in some situations.
2022-06-22 16:38:16 +02:00
BlackDex
006a2aacbb
Allow FireFox relay in CSP.
This PR is needed for https://github.com/dani-garcia/bw_web_builds/pull/71
Without this the web-vault will refuse to make calls to the FireFox Relay API.

Also fixed a small issue with the pre-commit config.
2022-06-22 16:30:31 +02:00
BlackDex
b71d9dd53e
Fix for issue #2566
This PR fixes #2566
If Organizational syncs returned a FolderId it would cause the web-vault
to hide the cipher because there is a FolderId set. Upstream seems to
not return FolderId and Favorite. When set to null/false it will behave
the same.

In this PR I have added a new CipherSyncType enum to select which type
of sync to execute, and return an empty list for both Folders and Favorites if this is for Orgs.
This also reduces the database load a bit since it will not execute those queries.
2022-06-21 17:36:07 +02:00
Daniel García
887e320e7f
Merge pull request #2555 from jjlin/global-domains
Sync global_domains.json
2022-06-15 20:44:35 +02:00
BlackDex
5d05ec58be
Updated deps and misc fixes and updates
- Updated some Rust dependencies
- Fixed an issue with CSP header, this was not configured correctly
- Prevent sending CSP and Frame headers for the MFA connector.html files.
  Else some clients will fail to handle these protocols.
- Add `unsafe-inline` for `script-src` only to the CSP for the Admin Interface
- Updated JavaScript and CSS files for the Admin interface
- Changed the layout for showing overridden settings, better visible now.
- Made the version check cachable to prevent hitting the Github API rate limits
- Hide the `database_url` as if it is a password in the Admin Interface
  Else for MariaDB/MySQL or PostgreSQL this was plain text.
- Fixed an issue that pressing enter on the SMTP Test would save the config.
  resolves #2542
- Prevent user names larger then 50 characters
  resolves #2419
2022-06-14 14:51:51 +02:00
Jeremy Lin
dec03b3dc0 Sync global_domains.json to bitwarden/server@194b76c (HealthCare.gov) 2022-06-12 20:15:20 -07:00
Jeremy Lin
85950bdc0b Sync global_domains.json to bitwarden/server@496c9a5 (Proton) 2022-06-12 20:14:30 -07:00
BlackDex
e33b8fab34
Re-Base, Update crates and small change. 2022-06-04 19:14:14 +02:00
Daniel García
b00fbf153e
Fix clippy lint and remove unused log 2022-06-04 19:13:58 +02:00
Daniel García
0de5919a16
Fix incorrect pings sent, and respond to pings from the client 2022-06-04 19:13:58 +02:00
Daniel García
699777be9e
use dashmap in icons blacklist regex 2022-06-04 19:13:58 +02:00
Daniel García
16ff49d712
Move to job_scheduler_ng 2022-06-04 19:13:57 +02:00
Daniel García
54c78cf06d
Migrate old ws crate to tungstenite, which is async and also removes over 20 old dependencies 2022-06-04 19:13:39 +02:00
Daniel García
6b6f5b8d04
Merge branch 'lettre-improvements' of https://github.com/paolobarbolini/vaultwarden into paolobarbolini-lettre-improvements 2022-06-04 19:10:51 +02:00
Paolo Barbolini
12612da75e Remove manual IDN handling 2022-06-04 19:02:51 +02:00
Paolo Barbolini
68ec5f2a18 Use MultiPart::alternative_plain_html instead of manual impl 2022-06-04 14:53:27 +02:00
Lyonel Martinez
dbd95e08e9 Adding "UserEnabled" and "CreatedAt" member to the json output of a User in the admin/users and admin/users/<ID> web routes. 2022-06-02 15:13:58 +02:00
BlackDex
40ed505581
Add a persistent volume check.
This will add a persistent volume check to make sure when running
containers someone is using a volume for persistent storage.

This check can be bypassed if someone configures
`I_REALLY_WANT_VOLATILE_STORAGE=true` as an environment variable.

This should prevent issues like #2493 .
2022-05-26 09:39:56 +02:00
BlackDex
1c266031d7
Fix upload limits and disable color logs
The limits for uploading files were to small in regards to the allowed
maximum filesize of the Bitwarden clients including the web-vault.
Changed both `data-form` (used for Send) and `file` (used for
attachments) to be 525MB, this is the same size we already check our selfs.

Also changed the `json` limit to be 20MB, this should allow very large
imports with 4000/5000+ items depending on if there are large notes or not.

And, also disabled Rocket from outputting colors, these colors were also
send to the log files and syslog. I think this changed in Rocket 0.5rc
somewhere, need to look a bit further into that maybe.
2022-05-21 17:28:29 +02:00
Daniel García
2a9ca88c2a
Dependency updates 2022-05-11 22:03:07 +02:00