Commit graph

2725 commits

Author SHA1 Message Date
Helmut K. C. Tessarek
f40f5b8399
update web-vault to v2023.5.0 2023-06-04 16:15:10 -04:00
Helmut K. C. Tessarek
2d6ca0ea95
Update a few more crates 2023-06-04 16:14:51 -04:00
Helmut K. C. Tessarek
06a10e2c5a
Update Rust and Crates 2023-06-03 17:04:45 -04:00
Mathijs van Veluw
445680fb84
Merge pull request from BlackDex/GH-3534
Fix collection change ws notifications
2023-05-26 18:03:45 +02:00
BlackDex
83376544d8 Fix collection change ws notifications
When chaning a collection this did not got notified via WebSockets.
This PR adds this feature and resolves 
2023-05-26 17:42:00 +02:00
Mathijs van Veluw
04a17dcdef
Merge pull request from BlackDex/update-crates
Update crates and GH Workflow
2023-05-26 17:41:03 +02:00
BlackDex
0851561392 Update crates and GH Workflow
- Updated crates
- Updated GHA where needed
2023-05-26 17:26:09 +02:00
Mathijs van Veluw
95cd6deda6
Merge pull request from BlackDex/GH-3540
Prevent 401 on main admin page
2023-05-26 17:25:48 +02:00
BlackDex
636f16dc66
Prevent 401 on main admin page
When you are not loggedin, and have no cookie etc.. we always returned a 401.
This was mainly to allow the login page on all the sub pages, and after
login being redirected to the requested page, for these pages a 401 is a
valid response, since, you do not have access.

But for the main `/admin` page, it should just respond with a `200` and
show the login page.

This PR fixes this flow and response. It should prevent people using
Fail2ban, or other tools being triggered by only accessing the login page.

Resolves 
2023-05-25 23:40:36 +02:00
Mathijs van Veluw
9e5b049dca
Merge pull request from jjlin/global-domains
Sync global_domains.json (Pinterest)
2023-05-17 21:20:48 +02:00
Jeremy Lin
23aa9088f3
Sync global_domains.json to bitwarden/server@8dda73a (Pinterest) 2023-05-17 12:04:31 -07:00
Mathijs van Veluw
4f0ed06b06
Merge pull request from stefan0xC/update-to-v2023.4.2
update web-vault to v2023.4.2
2023-05-12 09:48:56 +02:00
Stefan Melmuk
349c97efaf
update crates 2023-05-12 09:31:29 +02:00
Stefan Melmuk
8b05a5d192
update web-vault to v2023.4.2 2023-05-12 08:05:35 +02:00
Mathijs van Veluw
83bf77d713
Merge pull request from stefan0xC/fix-empty-policy
policy data should be `null` not an empty object
2023-05-09 12:00:10 +02:00
Stefan Melmuk
4d5c047ddc
policy data should be null not an empty object 2023-05-09 11:14:46 +02:00
Daniel García
147c9c7b50
Merge pull request from gitouche-sur-osm/dockerfile-fqin
Use fully qualified image names in Dockerfile
2023-05-08 21:00:30 +02:00
Daniel García
6515a2fcad
Merge pull request from BlackDex/fix-trailing-slash
Use Rocket `v0.5` branch to fix endpoints
2023-05-08 21:00:19 +02:00
BlackDex
4a2ed553df
Use Rocket v0.5 branch to fix endpoints
There now is a `v0.5` branch which will be the final release version
when the time is there. Switched to this instead of the `master` branch
which contains other fixes and enhancements as well (for `v0.6`).

This should solve all the endpoint issue we were having.
2023-05-06 19:46:55 +02:00
Gitouche
ba492c0602 Use fully qualified image names in Dockerfile 2023-05-03 18:31:28 +02:00
Daniel García
1ec049e2b5
Update web vault to v2023.4.0 2023-05-01 19:49:48 +02:00
Daniel García
0fb8563b13
Merge pull request from BlackDex/rocket_changes
Change `String` to `&str` for all Rocket functions and some other fixes
2023-04-30 23:53:15 +02:00
BlackDex
f906f6230a
Change String to &str for all Rocket functions
During setting the latest commit hash for Rocket and updating all the
other crates, there were some messages regarding the usage of `String`
for the Rocket endpoint function calls. I acted upon this message and
changed all `String` types to `&str` and modified the code where needed.

This ended up in less alloc calls, and probably also a bit less memory usage.

- Updated all the crates and commit hashes
- Modified all `String` to `&str` where applicable
2023-04-30 17:18:12 +02:00
BlackDex
951ba55123
Prevent some ::_ logs from outputting 2023-04-30 17:17:43 +02:00
BlackDex
18abf226be
Fix admin post endpoints 2023-04-30 17:09:42 +02:00
Daniel García
393645617e
Merge pull request from BlackDex/rust-and-crate-updates
Update Rust and Crates
2023-04-24 18:54:35 +02:00
Daniel García
5bf243b675
Merge pull request from vilgotf/inline-statics
inline static rsa keys
2023-04-24 18:54:19 +02:00
BlackDex
cfba8347a3
Update Rust and Crates
- Updated Rust to v1.69.0
- Updated MSRV to v1.67.1
- Updated crates
- Updated GitHub Actions
2023-04-24 14:10:58 +02:00
Tim Vilgot Mikael Fredenberg
55c1b6e8d5 inline static rsa keys 2023-04-23 21:34:26 +02:00
Daniel García
3d7e80a7aa
Merge pull request from BlackDex/switch-ws-to-streams
Small update to Rocket WebSockets
2023-04-17 20:26:03 +02:00
Daniel García
5866338de4
Merge pull request from kennymc-c/main
Fixed missing footer_text and a few inconsistencies in email templates
2023-04-17 20:25:36 +02:00
kennymc-c
271e3ae757 Changed permissions back to 644 2023-04-12 18:06:46 +02:00
BlackDex
48cc31a59f
Small update to Rocket WebSockets
Switched from channels to stream. This is able to use yield, and the
code looks a bit nicer this way.

Also updated all the crates.
2023-04-12 15:59:05 +02:00
kennymc-c
6a7cee4e7e Fixed footer to footer_text 2023-04-11 22:00:10 +02:00
kennymc-c
f850dbb310 Fixed some missing footer_text partials and a few inconsistencies between plain text and html email templates 2023-04-11 21:27:38 +02:00
Daniel García
07099df41a
Merge pull request from BlackDex/fix-admin-base-url
Several config and admin interface fixes
2023-04-10 21:11:44 +02:00
Daniel García
0c0a80720e
Merge pull request from BlackDex/websockets-via-rocket
WebSockets via Rocket's Upgrade connection
2023-04-10 21:10:29 +02:00
BlackDex
ae437f70a3
Several config and admin interface fixes
- Fixed issue with domains starting with `admin`
- Fixed issue with DUO not being enabled globally anymore (regression)
- Renamed `Ciphers` to `Entries` in overview
- Improved `ADMIN_TOKEN` description
- Updated jquery-slim and datatables

Resolves 
Resolves 
Resolves discussion on 
2023-04-10 20:39:51 +02:00
BlackDex
3d11f4cd16
WebSockets via Rocket's Upgrade connection
This PR implements a (not yet fully released) new feature of Rocket which allows WebSockets/Upgrade connections.
No more need for multiple ports to be opened for Vaultwarden.
No explicit need for a reverse proxy to get WebSockets to work (Although I still suggest to use a reverse proxy).

- Using a git revision for Rocket, since `rocket_ws` is not yet released.
- Updated other crates as well.
- Added a connection guard to clear the WS connection from the Users list.

Fixes 
Fixes 
Fixes 
2023-04-10 16:58:58 +02:00
Daniel García
3bd4e42fb0
Merge pull request from stefan0xC/check-if-policies-enabled
check if reset password policy is enabled
2023-04-09 19:02:27 +02:00
Stefan Melmuk
89e94b1d91
check if reset policy is enabled 2023-04-06 22:34:05 +02:00
Daniel García
0b28ab3be1
Merge pull request from BlackDex/update-dockerfile-and-rust
Revert setcap, update rust and crates
2023-04-02 15:39:36 +02:00
Daniel García
c5bcc340fa
Merge pull request from BlackDex/fix-multiple-websocket-messages
Fix sending out multiple websocket notifications
2023-04-02 15:24:00 +02:00
BlackDex
bff54fbfdb
Fix sending out multiple websocket notifications
For some reason I encountered a strange bug which resulted in sending
out multiple websocket notifications for the exact same user.

Added a `distinct()` for the query to filter out multiple uuid's.
2023-04-02 15:23:36 +02:00
Daniel García
867c6ba056
Merge pull request from stefan0xC/dont-expect-kdf-memory-or-parallelism
always return KdfMemory and KdfParallelism
2023-04-02 15:22:42 +02:00
Daniel García
d1ecf03f44
Merge pull request from nikolaevn/feature/add-admin-reinvite-endpoint
support `/users/<uuid>/invite/resend` admin api
2023-04-02 15:21:51 +02:00
BlackDex
fc43608eec
Revert setcap, update rust and crates
- Revert  as discussed in 
  In hindsight it's better to not have this feature
- Update Dockerfile.j2 for easy version changes.
  Just change it in one place instead of multiple
- Updated to Rust to latest patched version
- Updated crates to latest available
- Pinned mimalloc to an older version, as it breaks on musl builds
2023-04-02 15:19:59 +02:00
Daniel García
15dd05c78d
Merge pull request from BlackDex/fix-abort-pw-reset-on-mail-error
Fix abort on pw reset mail error
2023-04-02 15:19:53 +02:00
Nikolay Nikolaev
aa6f774f65 add check user state 2023-03-31 14:03:37 +03:00
Nikolay Nikolaev
379f885354 add mail check 2023-03-31 13:00:57 +03:00