octoleo/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2024-06-10 20:32:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,660 Commits 2 Branches 58 Tags 11 MiB
main
Commit Graph

117 Commits

Author SHA1 Message Date
BlackDex
338756550a
Fix error reporting in admin and some small fixes 
- Fixed a bug in JavaScript which caused no messages to be shown to the
user in-case of an error send by the server.
- Changed mail error handling for better error messages
- Changed user/org actions from a to buttons, this should prevent
strange issues in-case of javascript issues and the page does re-load.
- Added Alpine and Debian info for the running docker image

During the mail error testing i encountered a bug which caused lettre to
panic. This panic only happens on debug builds and not release builds,
so no need to update anything on that part. This bug is also already
fixed. See https://github.com/lettre/lettre/issues/678 and https://github.com/lettre/lettre/pull/679

Resolves #2021
Could also fix the issue reported here #2022, or at least no hash `#` in
the url.
 2021-10-08 00:01:24 +02:00
Daniel García
7f437b6947
Merge branch 'umireon-add-edge-frame-ancestors' of https://github.com/umireon/vaultwarden into umireon-umireon-add-edge-frame-ancestors 2021-07-15 19:20:19 +02:00
Daniel García
e5ec245626
Protect namedfile against path traversal, rocket only does it for pathbuf 2021-07-15 19:15:55 +02:00
Kaito Udagawa
c640abbcd7
Update src/util.rs 
Co-authored-by: William Desportes <williamdes@wdes.fr>
 2021-07-08 02:55:58 +09:00
Kaito Udagawa
13598c098f Add links to browser extensions 2021-07-08 02:52:45 +09:00
Kaito Udagawa
a622b4d2fb Add Edge's frame-ancestors 
Edge's frame-ancestors are required for Edge extension to do WebAuthn.
 2021-07-08 01:19:52 +09:00
Daniel García
46e0f3c43a
Load RSA keys as pem format directly, and using openssl crate, backported from async branch 2021-06-25 20:53:26 +02:00
Daniel García
34ea10475d
Project renaming 2021-04-27 23:18:32 +02:00
Daniel García
305de2e2cd
Format the changes from merge to master 2021-04-15 18:30:23 +02:00
Daniel García
95d906bdbb
Merge branch 'master' into fmt 2021-04-15 18:24:04 +02:00
Jake Howard
3ab90259f2
Modify rustfmt file 2021-04-06 21:54:42 +01:00
Jake Howard
155109dea1
Extract client creation to a single place 2021-04-06 21:04:37 +01:00
Jake Howard
0af3956abd
Run cargo fmt on codebase 2021-03-31 21:18:35 +01:00
Daniel García
fd27759a95
Merge pull request #1546 from RealOrangeOne/clippy-run 
Run Clippy
 2021-03-28 16:04:09 +02:00
Jake Howard
49af9cf4f5
Correctly camelCase acronyms 
https://rust-lang.github.io/rust-clippy/master/index.html#upper_case_acronyms
 2021-03-27 14:26:32 +00:00
Jake Howard
131348a49f
Add immutable caching for vault assets 
The URLs are cachebusted, so updates will still be applied cleanly and immediately
 2021-03-27 13:37:56 +00:00
Jake Howard
b22564cb00
Cache icons on the client 
This should make the vault pages load much faster, and massively reduce the number of requests.
 2021-03-27 13:30:40 +00:00
Jeremy Lin
7d0e234b34 CORS fixes 
* The Safari extension apparently now uses the origin `file://` and expects
  that to be returned (see bitwarden/browser#1311, bitwarden/server#800).

* The `Access-Control-Allow-Origin` header was reflecting the value of the
  `Origin` header without checking whether the origin was actually allowed.
  This effectively allows any origin to interact with the server, which
  defeats the purpose of CORS.
 2021-03-07 00:35:08 -08:00
Jeremy Lin
513056f711 Check for data folder on startup 
Currently, when starting up for the first time (running standalone, outside
of Docker), bitwarden_rs panics when the `openssl` tool isn't able to create
`data/rsa_key.pem` due to the `data` dir not existing. Instead, print a more
helpful error message telling the user to create the directory.
 2021-02-28 01:45:05 -08:00
Jeremy Lin
e37ff60617 Change twofactorauth.org to 2fa.directory 
The `twofactorauth.org` has apparently been sold to some company for
marketing purposes.
 2021-02-23 18:51:07 -08:00
Jeremy Lin
455a23361f Clean up datetime output and code 
* For clarity, add `UTC` suffix for datetimes in the `Diagnostics` admin tab.
* Format datetimes in the local timezone in the `Users` admin tab.
* Refactor some datetime code and add doc comments.
 2020-12-13 19:49:22 -08:00
janost
e8ef76b8f9 Read config vars from files 2020-11-29 02:31:49 +01:00
Daniel García
729c9cff41
Retry initial db connection, with adjustable option 2020-10-03 22:32:00 +02:00
Jeremy Lin
de70fbf88a Use strip_prefix() instead of trim_start_matches() as appropriate 
As of Rust 1.45.0, `strip_prefix()` is now stable.
 2020-07-20 22:33:13 -07:00
Daniel García
668d5c23dc
Removed try_trait and some formatting, particularly around imports 2020-07-14 18:34:22 +02:00
fdeĉ
4c3727b4a3 use format! for rounding to fix arm issue 2020-05-22 12:10:56 +02:00
Daniel García
a8870eef0d
Convert to f32 before rounding to fix arm issue 2020-05-20 17:58:39 +02:00
Daniel García
9cca64003a
Remove unused dependency and simple feature, update dependencies and fix some clippy lints 2020-05-03 17:24:51 +02:00
Jeremy Lin
29a0795219 Add backend support for alternate base dir (subdir/subpath) hosting 
To use this, include a path in the `DOMAIN` URL, e.g.:

* `DOMAIN=https://example.com/custom-path`
* `DOMAIN=https://example.com/multiple/levels/are/ok`
 2020-02-18 21:27:00 -08:00
Daniel García
8867626de8
Add option to change invitation org name, fixes #825 
Add option to allow additional iframe ancestors, fixes #843
Sort the rocket routes before printing them
 2020-02-04 22:14:50 +01:00
Daniel García
d212dfe735
Accept y/n, True/False, 1/0 as booleans in environment vars 2020-01-20 22:28:54 +01:00
Daniel García
36ae946655
Avoid some to_string in the request logging and include message to disable web vault when not found. 2019-12-29 15:34:22 +01:00
Daniel García
2545469713
Fix crash when page URL points to huge file 2019-12-19 00:37:16 +01:00
Daniel García
a03db6d224
Also hide options requests, unless using debug or trace 2019-12-06 22:55:29 +01:00
Daniel García
8d1b72b951
Collapsed log messages from 3 lines per request to 2 and hidden the ones valued as less informative. 
Use LOG_LEVEL debug or trace to recover them.

Removed LOG_MOUNTS and bundled it with LOG_LEVEL debug and trace.

Removed duplicate error messages

Made websocket not proxied message more prominent, but only print it once.
 2019-12-06 22:46:12 +01:00
vpl
7b1da527a6 Change CORS headers 
Only add Allow-Origin to all requests and move the others to preflight OPTIONS request.
If Origin is `file://` change it to the wildcard.
 2019-10-01 20:12:33 +02:00
vpl
56f12dc982 Use Access-Control-Allow-Method 2019-09-23 07:44:44 +02:00
vpl
5a2f968d7a Set correct response headers, status code 2019-09-02 21:13:12 +02:00
vpl
16d88402cb Initial version of CORS support 2019-09-01 13:00:12 +02:00
Daniel García
4689ed7b30
Changed uppercase deserializer to avoid a clone. 2019-03-18 22:02:37 +01:00
Daniel García
5ee04e31e5
Updated dependencies, removed some unnecessary clones and fixed some lints 2019-02-20 17:54:18 +01:00
Daniel García
877408b808
Implement basic config loading and updating. No save to file yet. 2019-02-06 17:34:29 +01:00
Daniel García
86ed75bf7c
Config can now be serialized / deserialized 2019-02-06 17:34:29 +01:00
Daniel García
a1dc47b826
Change config to thread-safe system, needed for a future config panel. 
Improved some two factor methods.
 2019-01-25 18:24:57 +01:00
Daniel García
834c847746
Implement admin JWT cookie, separate JWT issuers for each type of token and migrate admin page to handlebars template 2019-01-19 21:41:49 +01:00
TBK
d8116a80df Add Feature-Policy header 2019-01-17 21:08:31 +01:00
Daniel García
30e768613b
Start using rustfmt and some style changes to make some lines shorter 2018-12-30 23:34:31 +01:00
Daniel García
acb9d1b3c6
Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 2018-12-30 21:43:56 +01:00
Daniel García
6a99849a1e
Implemented proper error handling, now we can do user.save($conn)?; and it works. 
In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
 2018-12-30 21:31:12 +01:00
Daniel García
4e827e4f8a
Implement better retry and use it while saving device 2018-12-12 22:15:54 +01:00
Daniel García
7adc045b80
Updated IP logging to use client_ip, to match old remote behavior. 
Improved error logging, now it won't show a generic error message in some situations.
Removed delete device, which is not needed as it will be overwritten later.
Logged more info when an error occurs saving a device.
Added orgmanager to JWT claims.
 2018-12-09 17:58:38 +01:00
Daniel García
cb930a0858
Remove some required values during login, now uses default values 2018-12-07 14:32:40 +01:00
Daniel García
94810c106a
Migrate to rust 2018 edition 2018-12-07 02:05:45 +01:00
Daniel García
2fde4e6933
Implemented proper logging, with support for file logging, timestamp and syslog (this last one is untested) 2018-12-06 20:35:25 +01:00
Daniel García
c673370103
Updated bw_rs to Rocket version 0.4-rc1 2018-11-01 19:25:09 +01:00
Daniel García
ce4fedf191
Change error response to be closer to upstream 2018-10-10 20:37:04 +02:00
Daniel García
948554a20f
Added config option for websocket port, and reworked the config parsing a bit. 
Added SMTP_FROM config to examples and made it mandatory, it doesn't make much sense to not specify the from address.
 2018-09-13 20:59:51 +02:00
Miroslav Prasil
b3f3fd81ac Update theerror format to show message in new Vault 2018-08-15 15:50:07 +01:00
Daniel García
819622e310 Documented U2F, removed debug prints, and documented missing features 2018-07-13 15:58:50 +02:00
Daniel García
dae92b9018 Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device. 2018-07-12 22:22:10 +02:00
Daniel García
410ee9f1f7 Fixed case problems, hopefully this time for real 2018-06-12 23:01:14 +02:00
Daniel García
483066b9a0 Some style changes, removed useless matches and formats 2018-06-11 15:44:37 +02:00
Daniel García
5ec728683e Make sure the inputs are always in the same case (PascalCase, which is what upstream seems to prefer most of the time) 2018-06-01 00:18:50 +02:00
Daniel García
dfefbf1f31 Fixed cipher import, created missing data structs instead of using generic Value, and fixed some warnings 2018-02-23 00:38:54 +01:00
Daniel García
84a75c871b Improved error messagees, implemented delete ciphers, attachments and account, implemented two factor recovery. 
Known missing:
 - import ciphers, create ciphers types other than login and card, update ciphers
 - clear and put device_tokens
 - Equivalent domains
 - Organizations
 2018-02-15 19:05:57 +01:00
Daniel García
b54684b677 Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00
Daniel García
5cd40c63ed First working version 2018-02-10 01:00:55 +01:00