Commit graph

2548 commits

Author SHA1 Message Date
Daniel García
97ffd17789
Merge pull request #3289 from BlackDex/admin-token-hash-support
Admin token Argon2 hashing support
2023-03-06 21:12:41 +01:00
BlackDex
10c5476d31
Fix web-vault Member UI show/edit/save
There was a small bug left in regards to the web-vault v2023.2.0 fixes.
This PR fixes the left items. I think all should be addressed now.
When editing a User, you were not able to see or edit groups, or see
wich collections a user bellonged to.

Fixes #3311
2023-03-06 17:07:21 +01:00
Jeremy Lin
d3626eba2a Add HEAD routes to avoid spurious error messages
Rocket automatically implements a HEAD route when there's a matching GET
route, but relying on this behavior also means a spurious error gets
logged due to <https://github.com/SergioBenitez/Rocket/issues/1098>.

Add explicit HEAD routes for `/` and `/alive` to prevent uptime monitoring
services from generating error messages like `No matching routes for HEAD /`.
With these new routes, `HEAD /` only checks that the server can respond over
the network, while `HEAD /alive` also checks that the database connection is
alive, similar to `GET /alive`.
2023-03-05 09:51:42 -08:00
BlackDex
de157b2654
Admin token Argon2 hashing support
Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead
of only supporting a plain text string.

The hash must be a PHC string which can be generated via the `argon2`
CLI **or** via the also built-in hash command in Vaultwarden.

You can simply run `vaultwarden hash` to generate a hash based upon a
password the user provides them self.

Added a warning during startup and within the admin settings panel is
the `ADMIN_TOKEN` is not an Argon2 hash.

Within the admin environment a user can ignore that warning and it will
not be shown for at least 30 days. After that the warning will appear
again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash.

I have also tested this on my RaspberryPi 2b and there the `Bitwarden`
preset takes almost 4.5 seconds to generate/verify the Argon2 hash.

Using the `OWASP` preset it is below 1 second, which I think should be
fine for low-graded hardware. If it is needed people could use lower
memory settings, but in those cases I even doubt Vaultwarden it self
would run. They can always use the `argon2` CLI and generate a faster hash.
2023-03-04 16:15:30 +01:00
Mathijs van Veluw
337cbfaf22
Merge pull request #3290 from dpinse/test
Fix confirmation for removing 2FA and deauthing sessions in admin panel
2023-03-01 06:38:28 +01:00
Dylan Pinsonneault
f88b6d961e Fix confirmation for removing 2FA and deauthing sessions in admin panel 2023-02-28 20:38:33 -05:00
Daniel García
0426051541
Merge pull request #3281 from BlackDex/fix-web-vault-issues
Fix the web-vault v2023.2.0 API calls
2023-02-28 23:45:59 +01:00
Daniel García
4556f668de
Merge pull request #3288 from BlackDex/admin-interface-updates
Some Admin Interface updates
2023-02-28 23:43:01 +01:00
Daniel García
da8225a3bd
Merge pull request #3282 from JCBird1012/main
Add confirmation for removing 2FA and deauthing sessions in admin panel
2023-02-28 23:42:47 +01:00
BlackDex
f10e6b6ac2
Some Admin Interface updates
- Updated datatables
- Added NTP Time check
- Added Collections, Groups and Events count for orgs
- Renamed `Items` to `Ciphers`
- Some small style updates
2023-02-28 20:43:22 +01:00
BlackDex
7ec00d3850
Fix the web-vault v2023.2.0 API calls
- Supports the new Collection/Group/User editing UI's
- Support `/partial` endpoint for cipher updating to allow folder and favorite update for read-only ciphers.
- Prevent `Favorite`, `Folder`, `read-only` and `hide-passwords` from being added to the organizational sync.
- Added and corrected some `Object` key's to the output json.

Fixes #3279
2023-02-27 16:37:58 +01:00
Jonathan Elias Caicedo
8f8d7418ed
Add confirmation for removing 2FA and deauth sessions in admin panel 2023-02-24 16:24:48 -05:00
Mathijs van Veluw
af6d17b701
Merge pull request #3277 from jjlin/org-vault-display
Fix vault item display in org vault view
2023-02-23 13:45:47 +01:00
Jeremy Lin
61183d001c Fix vault item display in org vault view
In the org vault view, the Bitwarden web vault currently tries to fetch the
groups for an org regardless of whether it claims to have group support.
If this errors out, no vault items are displayed.
2023-02-22 12:17:13 -08:00
Daniel García
024d12db08
Update web vault to v2023.2.0 and dependencies 2023-02-21 22:48:20 +01:00
Daniel García
dc7951efaf
Add missing collections/details endpoint, based on the existing one 2023-02-21 21:58:37 +01:00
Daniel García
06e14fea55
Merge branch 'mittler-works-search_user_by_email' 2023-02-21 21:37:28 +01:00
Nils Mittler
0f656b4889
Apply rewording 2023-02-21 21:37:24 +01:00
Nils Mittler
6fa1dc50be
Apply Admin Session Lifetime to JWT 2023-02-21 21:37:24 +01:00
Nils Mittler
2bb41367bc
Make the admin cookie lifetime adjustable 2023-02-21 21:37:24 +01:00
Misterbabou
20d8886bfa
Fix Collection Read Only access for groups
I messed up with identation sorry it's my first PR

Fix Collection Read Only access for groups

Fix Collection Read Only access for groups

With indentation modification
2023-02-21 21:37:23 +01:00
BlackDex
59ef82b740
Fix Organization delete when groups are configured
With existing groups configured within an org, deleting that org would
fail because of Foreign Key issues.

This PR fixes this by making sure the groups get deleted before the org does.

Fixes #3247
2023-02-21 21:37:23 +01:00
BlackDex
fc543154c0
Validate all needed fields for client API login
During the client API login we need to have a `device_identifier`, `device_name` and `device_type`.
When these were not provided Vaultwarden would panic.

This PR add checks for these fields and makes sure it returns a better error message instead of causing a panic.
2023-02-21 21:37:23 +01:00
r3drun3
569b464157
docs: add build status badge in readme 2023-02-21 21:37:23 +01:00
Daniel García
adf83c698d
Merge branch 'mittler-works-adjustable_admin_cookie_lifetime' 2023-02-21 21:30:19 +01:00
Misterbabou
8fcbc58ee2
Fix Collection Read Only access for groups
I messed up with identation sorry it's my first PR

Fix Collection Read Only access for groups

Fix Collection Read Only access for groups

With indentation modification
2023-02-21 21:30:15 +01:00
BlackDex
2dcbb2be59
Fix Organization delete when groups are configured
With existing groups configured within an org, deleting that org would
fail because of Foreign Key issues.

This PR fixes this by making sure the groups get deleted before the org does.

Fixes #3247
2023-02-21 21:30:14 +01:00
BlackDex
7026e004e1
Validate all needed fields for client API login
During the client API login we need to have a `device_identifier`, `device_name` and `device_type`.
When these were not provided Vaultwarden would panic.

This PR add checks for these fields and makes sure it returns a better error message instead of causing a panic.
2023-02-21 21:30:14 +01:00
r3drun3
a3084feaee
docs: add build status badge in readme 2023-02-21 21:30:14 +01:00
Daniel García
e7d36de784
Merge branch 'Misterbabou-issue-3249' 2023-02-21 21:29:13 +01:00
BlackDex
54cc47b14e
Fix Organization delete when groups are configured
With existing groups configured within an org, deleting that org would
fail because of Foreign Key issues.

This PR fixes this by making sure the groups get deleted before the org does.

Fixes #3247
2023-02-21 21:29:09 +01:00
BlackDex
fac44888cd
Validate all needed fields for client API login
During the client API login we need to have a `device_identifier`, `device_name` and `device_type`.
When these were not provided Vaultwarden would panic.

This PR add checks for these fields and makes sure it returns a better error message instead of causing a panic.
2023-02-21 21:29:08 +01:00
r3drun3
9f056523c9
docs: add build status badge in readme 2023-02-21 21:29:08 +01:00
Daniel García
0af1ef387d
Merge branch 'BlackDex-issue-3247' 2023-02-21 21:27:35 +01:00
BlackDex
f95f40be15
Validate all needed fields for client API login
During the client API login we need to have a `device_identifier`, `device_name` and `device_type`.
When these were not provided Vaultwarden would panic.

This PR add checks for these fields and makes sure it returns a better error message instead of causing a panic.
2023-02-21 21:27:31 +01:00
r3drun3
5c859e2e6c
docs: add build status badge in readme 2023-02-21 21:27:31 +01:00
Daniel García
03ff5e6ece
Merge branch 'BlackDex-fix-client-api-login-checks' 2023-02-21 21:26:57 +01:00
r3drun3
52d696aa74
docs: add build status badge in readme 2023-02-21 21:26:53 +01:00
Daniel García
a4e80712dd
Merge branch 'R3DRUN3-new_branch' 2023-02-21 21:26:26 +01:00
Nils Mittler
a947e434f0 Apply rewording 2023-02-20 17:02:14 +01:00
Nils Mittler
2eb4f290a5 Apply Admin Session Lifetime to JWT 2023-02-20 16:51:09 +01:00
Nils Mittler
8ae799a771 Add function to fetch user by email address 2023-02-20 16:39:56 +01:00
Nils Mittler
9a5f3a5015 Make the admin cookie lifetime adjustable 2023-02-20 16:10:30 +01:00
BlackDex
1ca0d6e245
Validate all needed fields for client API login
During the client API login we need to have a `device_identifier`, `device_name` and `device_type`.
When these were not provided Vaultwarden would panic.

This PR add checks for these fields and makes sure it returns a better error message instead of causing a panic.
2023-02-19 18:16:06 +01:00
Misterbabou
7f69eebeb1 Fix Collection Read Only access for groups
I messed up with identation sorry it's my first PR

Fix Collection Read Only access for groups

Fix Collection Read Only access for groups

With indentation modification
2023-02-17 14:17:18 +01:00
BlackDex
32bd9b83a3
Fix Organization delete when groups are configured
With existing groups configured within an org, deleting that org would
fail because of Foreign Key issues.

This PR fixes this by making sure the groups get deleted before the org does.

Fixes #3247
2023-02-16 17:29:12 +01:00
r3drun3
477d60de49
docs: add build status badge in readme 2023-02-15 10:15:42 +01:00
Mathijs van Veluw
1ba8275dcb
Merge pull request #3234 from BlackDex/update-rust-and-crates
Updated Rust and crates
2023-02-13 12:39:26 +01:00
BlackDex
a0a4994250
Updated Rust and crates
- Updated Rust to v1.67.0
- Updated all crates except for `cookies` and `webauthn`
2023-02-13 08:32:01 +01:00
Daniel García
32dfa41970
Merge pull request #3147 from soruh/main
add support for system mta though sendmail
2023-02-12 19:40:33 +01:00