Commit Graph

185 Commits

Author SHA1 Message Date
Daniel García
c380d9c379
Support for webauthn and u2f->webauthn migrations 2021-06-16 19:06:40 +02:00
BlackDex
f270f2ed65 Updated icon fetching and crates.
- Updated some crates
- Updated icon fetching code:
  + Use a cookie jar and set Max-Age to 2 minutes for all cookies
  + Locate the base href tag to fix some locations
  + Changed User-Agent (Helps on some sites to get HTML instead of JS)
  + Reduced HTML code limit from 512KB to 384KB
  + Allow some large icons higer-up in the sort
  + Allow GIF images
  + Ignore cookie_store and hyper::client debug messages
2021-05-16 15:29:13 +02:00
Daniel García
7b5d5d1302
Rename references to the discourse forum 2021-04-30 22:40:12 +02:00
Daniel García
34ea10475d
Project renaming 2021-04-27 23:18:32 +02:00
Jake Howard
994669fb69
Merge remote-tracking branch 'origin/master' into fmt 2021-04-06 21:55:28 +01:00
Jeremy Lin
d77333576b Add support for auto-deleting trashed items
Upstream will soon auto-delete trashed items after 30 days, but some people
use the trash as an archive folder, so to avoid unexpected data loss, this
implementation requires the user to explicitly enable auto-deletion.
2021-04-05 23:07:25 -07:00
Jeremy Lin
73ff8d79f7 Add a generic job scheduler
Also rewrite deletion of old sends using the job scheduler.
2021-04-05 23:07:15 -07:00
Jake Howard
0af3956abd
Run cargo fmt on codebase 2021-03-31 21:18:35 +01:00
Jake Howard
49af9cf4f5
Correctly camelCase acronyms
https://rust-lang.github.io/rust-clippy/master/index.html#upper_case_acronyms
2021-03-27 14:26:32 +00:00
Jake Howard
ea57dc3bc9
Use matches macro 2021-03-27 14:03:07 +00:00
Daniel García
1fc6c30652
Send deletion thread and updated users revision 2021-03-22 19:57:35 +01:00
Jeremy Lin
513056f711 Check for data folder on startup
Currently, when starting up for the first time (running standalone, outside
of Docker), bitwarden_rs panics when the `openssl` tool isn't able to create
`data/rsa_key.pem` due to the `data` dir not existing. Instead, print a more
helpful error message telling the user to create the directory.
2021-02-28 01:45:05 -08:00
Daniel García
8b660ae090
Swap structopt for a simpler alternative 2021-02-07 20:10:40 +01:00
BlackDex
5860679624 Updated dependencies and small mail fixes
- Updated rust nightly
- Updated depenencies
- Removed unicode support for regex (less dependencies)
- Fixed dependency and nightly changes/deprications
- Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
BlackDex
235ff44736 Updated the admin interface
Mostly updated the admin interface, also some small other items.

- Added more diagnostic information to (hopefully) decrease issue
  reporting, or at least solve them quicker.
- Added an option to generate a support string which can be used to
  copy/paste on the forum or during the creation of an issue. It will
try to hide the sensitive information automatically.
- Changed the `Created At` and `Last Active` info to be in a column and
  able to sort them in the users overview.
- Some small layout changes.
- Updated javascript and css files to the latest versions available.
- Decreased the png file sizes using `oxipng`
- Updated target='_blank' links to have rel='noreferrer' to prevent
  javascript window.opener modifications.
2021-01-19 17:55:21 +01:00
BlackDex
48baf723a4 Updated icon downloading
- Added more checks to prevent panics (Removed unwrap)
- Try do download from base domain or add www when the provided domain
  fails
- Added some more domain validation checks to prevent errors
- Added the ICON_BLACKLIST_REGEX to a Lazy Static HashMap which
  speeds-up the checks!
- Validate the Regex before starting/config change.
- Some cleanups
- Disabled some noisy debugging from 2 crates.
2020-12-08 17:34:18 +01:00
BlackDex
6faaeaae66 Updated email processing.
- Added an option to enable smtp debugging via SMTP_DEBUG. This will
  trigger a trace of the smtp commands sent/received to/from the mail
server. Useful when troubleshooting.
- Added two options to ignore invalid certificates which either do not
  match at all, or only doesn't match the hostname.
- Updated lettre to the latest alpha.4 version.
2020-11-18 12:07:08 +01:00
Daniel García
729c9cff41
Retry initial db connection, with adjustable option 2020-10-03 22:32:00 +02:00
Daniel García
0365b7c6a4
Add support for multiple simultaneous database features by using macros.
Diesel requires the following changes:
- Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type
- Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names
- Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones
- Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-24 20:11:17 +02:00
Jeremy Lin
f83a8a36d1 Track favorites on a per-user basis
Currently, favorites are tracked at the cipher level. For org-owned ciphers,
this means that if one user sets it as a favorite, it automatically becomes a
favorite for all other users that the cipher has been shared with.
2020-08-19 02:32:58 -07:00
Daniel García
93b7ded1e6
Remove unneccessary shim for backtrace 2020-08-12 18:45:26 +02:00
Jeremy Lin
d348f12a0e Add config option for log timestamp format 2020-07-22 21:50:49 -07:00
Daniel García
1e950c7dbc
Replace IP support in preparation for compiling on stable, included some tests to check that the code matches the unstable implementation 2020-07-15 00:00:03 +02:00
Daniel García
668d5c23dc
Removed try_trait and some formatting, particularly around imports 2020-07-14 18:34:22 +02:00
Daniel García
a87646b8cb
Some format changes to main.rs 2020-06-15 23:40:39 +02:00
Robert Kaussow
afbf1db331 add back openssl crate 2020-06-04 01:21:30 +02:00
Jeremy Lin
322a08edfb Update startup banner to direct usage/config questions to the forum 2020-05-13 12:29:47 -07:00
Daniel García
9cca64003a
Remove unused dependency and simple feature, update dependencies and fix some clippy lints 2020-05-03 17:24:51 +02:00
Daniel García
7a6a3e4160
Set the cargo version and allow changing it during build time with BWRS_VERSION.
Also renamed GIT_VERSION because that's not the only source anymore.
2020-03-22 16:13:34 +01:00
BlackDex
35f30088b2 Fixing issue #759 by disabling Foreign Key Checks.
During migrations some queries are out of order regarding to foreign
keys.
Because of this the migrations fail when the sql database has this
enforced by default.
Turning of this check during the migrations will fix this and this is
only per session.
2020-03-18 18:11:11 +01:00
Daniel García
dce054e632
Merge pull request #912 from ymage/openssl_as_default
Fix alpine build with openssl crate as default
2020-03-16 23:02:07 +01:00
Ymage
ba725e1c25 Make openssl crate as default (non feature-flipped) 2020-03-16 22:39:10 +01:00
BlackDex
bd09fe1a3d Updated code so backtraces are logged also. 2020-03-16 17:53:22 +01:00
BlackDex
bcbe6177b8 Merge branch 'master' of https://github.com/dani-garcia/bitwarden_rs into log-panics 2020-03-16 17:19:27 +01:00
Daniel García
70f3ab8ec3
Migrate lazy_static to once_cell, less macro magic and slightly faster 2020-03-09 22:04:03 +01:00
zethra
cc404b4edc
Added command line flags for help and version
Signed-off-by: zethra <benaagoldberg@gmail.com>
2020-03-02 15:51:57 -05:00
BlackDex
7439aeb63e Make panics logable (as warn)
panic!()'s only appear on stderr, this makes tracking down some strange
issues harder with the usage of docker since stderr does not get logged
into the bitwarden.log file. This change logs the message to stdout and
the logfile when activated.
2020-02-25 14:10:52 +01:00
Jeremy Lin
29a0795219 Add backend support for alternate base dir (subdir/subpath) hosting
To use this, include a path in the `DOMAIN` URL, e.g.:

* `DOMAIN=https://example.com/custom-path`
* `DOMAIN=https://example.com/multiple/levels/are/ok`
2020-02-18 21:27:00 -08:00
Richard Huang
d592323e39
minor typo conect -> connect 2020-01-04 14:37:29 -08:00
Daniel García
36ae946655
Avoid some to_string in the request logging and include message to disable web vault when not found. 2019-12-29 15:34:22 +01:00
Daniel García
8d1b72b951
Collapsed log messages from 3 lines per request to 2 and hidden the ones valued as less informative.
Use LOG_LEVEL debug or trace to recover them.

Removed LOG_MOUNTS and bundled it with LOG_LEVEL debug and trace.

Removed duplicate error messages

Made websocket not proxied message more prominent, but only print it once.
2019-12-06 22:46:12 +01:00
BlackDex
0ff7fd939e Next attempt for issue #709 fix
Now creates icon cache directory at startup.
And it also creates the directory if it went missing during runtime.
Also modified the icon_save/mark_negcache to be one.
2019-11-06 20:21:47 +01:00
Daniel García
fccc0a4b05
Update rocket to latest master
Downgrade rust version to fix cargo issue
Set rustup profile to minimal
2019-10-25 21:48:10 +02:00
BlackDex
9124d8a3fb Updated icon blacklisting.
- Blacklisting was not effective for redirects and rel href
- Able to blacklist non global IP's like RFC1918, multicast etc...
2019-10-05 14:48:15 +02:00
Michael Powers
f5f9861a78
Adds support for PostgreSQL which resolves #87 and is mentioned in #246.
This includes migrations as well as Dockerfile's for amd64.

The biggest change is that replace_into isn't supported by Diesel for the
PostgreSQL backend, instead requiring the use of on_conflict. This
unfortunately requires a branch for save() on all of the models currently
using replace_into.
2019-09-12 16:12:22 -04:00
vpl
16d88402cb Initial version of CORS support 2019-09-01 13:00:12 +02:00
Daniel García
05a1137828
Move backend checks to build.rs to fail fast, and updated dependencies 2019-07-09 17:26:34 +02:00
Daniel García
12af32b9ea
Don't print DB URL 2019-06-02 13:39:16 +02:00
Nils Domrose
62a461ae15 remove syslog from ci, make features flag more clear 2019-05-30 22:19:58 +02:00
Nils Domrose
4859932d35 fixed typo 2019-05-28 07:48:17 +02:00
Nils Domrose
dc36f0cb6c re-added sqlite check_db code, cleanup 2019-05-27 22:58:52 +02:00
Nils Domrose
ff759397f6 initial mysql support 2019-05-26 23:03:05 +02:00
Emil Madsen
ab95a69dc8 Rework migrations for MySQL 2019-05-20 21:12:41 +02:00
Emil Madsen
85c8a01f4a Merge branch 'master' of github.com:Skeen/bitwarden_rs 2019-05-20 19:53:18 +02:00
Emil Madsen
42af7c6dab MySQL database 2019-05-20 19:53:14 +02:00
Daniel García
874f5c34bd
Formatting 2019-04-26 22:08:26 +02:00
Daniel García
c5832f2b30
With the latest fern, syslog can be a config option instead of a build flag 2019-03-29 20:27:20 +01:00
Daniel García
2475c36a75
Implement log_level config option 2019-03-25 14:23:14 +01:00
Daniel García
c384f9c0ca
Set default log level to Info, we don't use debug anyway and it just fills the logs with other crates info. 2019-03-25 14:21:50 +01:00
Frank Petrilli
d156170971
Minor typo fix conect => connect 2019-02-24 16:08:38 -08:00
Daniel García
b50c27b619
Print a warning when an env variable is being overriden by the config file, and reorganize the main file a bit.
Modified the JWT key generation, now it should also show the output of OpenSSL in the logs.
2019-02-20 20:59:37 +01:00
Miroslav Prasil
4df686f49e Add an option to not enable WAL (should help in #399) 2019-02-18 10:48:48 +00:00
Daniel García
a744b9437a
Implemented multiple U2f keys, key names, and compromised checks 2019-02-16 23:07:48 +01:00
Daniel García
d3773a433a
Removed list of mounted routes at startup by default, with option to add it back. This would get annoying when starting the server frequently, because it printed ~130 lines of mostly useless info 2019-02-13 00:03:16 +01:00
Daniel García
0f0a87becf
Add version to initial message 2019-02-12 22:47:00 +01:00
Daniel García
3db815b969
Implemented config form and fixed config priority 2019-02-06 17:34:30 +01:00
Daniel García
f42ac5f2c0
Update web vault error message 2019-01-29 21:45:25 +01:00
BlackDex
9657463717 Added better favicon downloader. 2019-01-27 15:39:19 +01:00
Daniel García
a1dc47b826
Change config to thread-safe system, needed for a future config panel.
Improved some two factor methods.
2019-01-25 18:24:57 +01:00
Daniel García
ce42b07a80
Update Diesel to 1.4 and other dependencies 2019-01-21 15:29:52 +01:00
Daniel García
bfd93e5b13
Show organizations in admin panel, implement reload templates option 2019-01-20 17:43:56 +01:00
Daniel García
6cbb683f99
Rename admin templates to match email 2019-01-19 22:59:32 +01:00
Daniel García
92bbb98d48
Created base template 2019-01-19 22:12:52 +01:00
Daniel García
834c847746
Implement admin JWT cookie, separate JWT issuers for each type of token and migrate admin page to handlebars template 2019-01-19 21:41:49 +01:00
Daniel García
97aa407fe4
Move email templates to subfolder 2019-01-19 17:40:18 +01:00
Daniel García
4bf32af60e
Fix folder notifications, enable template strict mode and add missing option to env template 2019-01-15 15:28:47 +01:00
Daniel García
0e4a746eeb
Added SMTP_FROM_NAME 2019-01-15 15:28:47 +01:00
Daniel García
2fe919cc5e
Embed the default templates 2019-01-15 15:28:46 +01:00
Daniel García
bcd750695f
Default to $data_folder/templates and remove dev option (use TEMPLATES_FOLDER=src/static/templates instead) 2019-01-15 15:28:46 +01:00
Daniel García
19b6bb0fd6
Initial stab at templates 2019-01-15 15:28:46 +01:00
Daniel García
de51bc782e
Updated dependencies, removing need for yubico fork 2019-01-12 15:23:46 +01:00
Daniel García
c5aef60bd7
Implement unofficial warning message 2019-01-11 14:20:42 +01:00
Daniel García
5f49ecd7f3
Updated dependencies to use u2f crate directly, and some style changes 2019-01-04 00:25:38 +01:00
Daniel García
30e768613b
Start using rustfmt and some style changes to make some lines shorter 2018-12-30 23:34:31 +01:00
Daniel García
adb8052689
Updated Error to implement Display and Debug, instead of using custom methods 2018-12-30 21:43:56 +01:00
Daniel García
acb9d1b3c6
Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally 2018-12-30 21:43:56 +01:00
Daniel García
6a99849a1e
Implemented proper error handling, now we can do user.save($conn)?; and it works.
In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
2018-12-30 21:31:12 +01:00
Daniel García
1b5134dfe2
Fixed delete user when 2FA is enabled, implemented delete user for admin panel, and the front-end part for invite user. Secured admin panel behind a configurable token. 2018-12-30 21:31:11 +01:00
Daniel García
5fecf09631
Initial version of admin panel, list users and reload user list works. No serious auth method yet, password is 'token123' 2018-12-30 21:31:11 +01:00
Nick Fox
ec715d78fb
Change log timestamp format so fail2ban can parse it 2018-12-26 11:54:31 -05:00
Steven Noonan
848cd1dbec
add environment variables for ICON_CACHE_TTL and ICON_CACHE_NEGTTL
These aren't used yet, but will be utilized by the icon caching service
in a subsequent patch.

Signed-off-by: Steven Noonan <steven@uplinklabs.net>
2018-12-18 13:33:31 -08:00
Daniel García
19754c967f
More changes to the push token, and filtered multipart logs 2018-12-07 18:25:18 +01:00
Daniel García
94810c106a
Migrate to rust 2018 edition 2018-12-07 02:05:45 +01:00
Daniel García
2fde4e6933
Implemented proper logging, with support for file logging, timestamp and syslog (this last one is untested) 2018-12-06 20:35:25 +01:00
Daniel García
f71f10eac6
Implemented key rotation with the latest vault 2018-11-24 23:00:41 +01:00
Daniel García
5edbd0e952
Merge branch 'master' into rocket-0.4
# Conflicts:
#	Cargo.lock
#	Cargo.toml
#	src/api/core/mod.rs
2018-11-19 19:52:43 +01:00
Stepan Fedorko-Bartos
2433d39df5 Allows Custom Yubico OTP Server 2018-11-15 18:54:53 -07:00
Stepan Fedorko-Bartos
e66436625c Adds Yubico Client ID and Secret Key Env Vars 2018-11-15 18:40:27 -07:00
Daniel García
c673370103
Updated bw_rs to Rocket version 0.4-rc1 2018-11-01 19:25:09 +01:00
Miroslav Prasil
9ecc98c3cc Disable WebSockets negotiation by default 2018-10-14 23:25:16 +01:00