Commit Graph

40 Commits

Author SHA1 Message Date
Bernd Schoolmann
8d7b3db33d Implement login-with-device 2023-08-13 17:54:18 +02:00
Bernd Schoolmann
e4606431d1
Fix mobile push blocking requests and spamming push server 2023-06-16 23:34:16 +02:00
BlackDex
4219249e11
Add support for Organization token
This is a WIP for adding organization token login support.
It has basic token login and verification support, but that's about it.

This branch is a refresh of the previous version, and will contain code
from a PR based upon my previous branch.
2023-06-13 08:48:18 +02:00
GeekCornerGH
2d66292350
feat: Push Notifications
Co-authored-by: samb-devel <125741162+samb-devel@users.noreply.github.com>
Co-authored-by: Zoruk <Zoruk@users.noreply.github.com>
2023-06-11 13:28:18 +02:00
Samuel Tardieu
d0baa23f9a Use constant size generic parameter for random bytes generation
All uses of `get_random()` were in the form of:

  `&get_random(vec![0u8; SIZE])`

with `SIZE` being a constant.

Building a `Vec` is unnecessary for two reasons. First, it uses a
very short-lived dynamic memory allocation. Second, a `Vec` is a
resizable object, which is useless in those context when random
data have a fixed size and will only be read.

`get_random_bytes()` takes a constant as a generic parameter and
returns an array with the requested number of random bytes.

Stack safety analysis: the random bytes will be allocated on the
caller stack for a very short time (until the encoding function has
been called on the data). In some cases, the random bytes take
less room than the `Vec` did (a `Vec` is 24 bytes on a 64 bit
computer). The maximum used size is 180 bytes, which makes it
for 0.008% of the default stack size for a Rust thread (2MiB),
so this is a non-issue.

Also, most of the uses of those random bytes are to encode them
using an `Encoding`. The function `crypto::encode_random_bytes()`
generates random bytes and encode them with the provided
`Encoding`, leading to code deduplication.

`generate_id()` has also been converted to use a constant generic
parameter as well since the length of the requested String is always
a constant.
2022-11-11 11:59:27 +01:00
Daniel García
8409b31d6b
Update to diesel2 2022-10-23 00:49:23 +02:00
BlackDex
55d7c48b1d
Add more clippy checks for better code/readability
A bit inspired by @paolobarbolini from this commit at lettre https://github.com/lettre/lettre/pull/784 .
I added a few more clippy lints here, and fixed the resulted issues.

Overall i think this could help in preventing future issues, and maybe
even peformance problems. It also makes some code a bit more clear.

We could always add more if we want to, i left a few out which i think
arn't that huge of an issue. Some like the `unused_async` are nice,
which resulted in a few `async` removals.

Some others are maybe a bit more estatic, like `string_to_string`, but i
think it looks better to use `clone` in those cases instead of `to_string` while they already are a string.
2022-07-10 16:39:38 +02:00
BlackDex
3ca85028ea
Improve sync speed and updated dep. versions
Improved sync speed by resolving the N+1 query issues.
Solves #1402 and Solves #1453

With this change there is just one query done to retreive all the
important data, and matching is done in-code/memory.

With a very large database the sync time went down about 3 times.

Also updated misc crates and Github Actions versions.
2022-05-06 17:01:02 +02:00
BlackDex
c4d565b15b
Update login API code
- Updated jsonwebtoken to latest version
- Trim `username` received from the login form ( Fixes #2348 )
- Make uuid and user_uuid a combined primary key for the devices table ( Fixes #2295 )
- Updated crates including regex which contains a CVE ( https://blog.rust-lang.org/2022/03/08/cve-2022-24713.html )
2022-03-12 18:45:45 +01:00
BlackDex
87e08b9e50
Async/Awaited all db methods
This is a rather large PR which updates the async branch to have all the
database methods as an async fn.

Some iter/map logic needed to be changed to a stream::iter().then(), but
besides that most changes were just adding async/await where needed.
2022-02-27 21:37:23 +01:00
Jeremy Lin
8f7900759f Fix scope and refresh_token for API key logins
API key logins use a scope of `api`, not `api offline_access`. Since
`offline_access` is not requested, no `refresh_token` is returned either.
2022-01-21 23:10:15 -08:00
Jeremy Lin
c476e19796 Add email notifications for incomplete 2FA logins
An incomplete 2FA login is one where the correct master password was provided,
but the 2FA token or action required to complete the login was not provided
within the configured time limit. This potentially indicates that the user's
master password has been compromised, but the login was blocked by 2FA.

Be aware that the 2FA step can usually still be completed after the email
notification has already been sent out, which could be confusing. Therefore,
the incomplete 2FA time limit should be long enough that this situation would
be unlikely. This feature can also be disabled entirely if desired.
2021-10-28 00:19:43 -07:00
Daniel García
9254cf9d9c
Fix clippy lints 2021-06-19 22:02:03 +02:00
Jake Howard
49af9cf4f5
Correctly camelCase acronyms
https://rust-lang.github.io/rust-clippy/master/index.html#upper_case_acronyms
2021-03-27 14:26:32 +00:00
Daniel García
ce62e898c3
Remove debug impl from database structs
This is only implemented for the database specific structs, which is not what we want
2021-03-13 22:04:04 +01:00
janost
1eb5495802 Show latest active device as last active on admin page 2020-12-03 17:07:32 +01:00
Daniel García
0365b7c6a4
Add support for multiple simultaneous database features by using macros.
Diesel requires the following changes:
- Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type
- Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names
- Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones
- Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-24 20:11:17 +02:00
theycallmesteve
632f4d5453
Whitespace fixes 2020-05-07 18:02:37 -04:00
Daniel García
9cca64003a
Remove unused dependency and simple feature, update dependencies and fix some clippy lints 2020-05-03 17:24:51 +02:00
BlackDex
1ee8e44912 Fixed issue #965
PostgreSQL updates/inserts ignored None/null values.
This is nice for new entries, but not for updates.
Added derive option to allways add these none/null values for Option<>
variables.

This solves issue #965
2020-04-15 16:49:33 +02:00
tomuta
bd1e8be328 Implement change-email, email-verification, account-recovery, and welcome notifications 2019-11-24 22:28:49 -07:00
Michael Powers
f5f9861a78
Adds support for PostgreSQL which resolves #87 and is mentioned in #246.
This includes migrations as well as Dockerfile's for amd64.

The biggest change is that replace_into isn't supported by Diesel for the
PostgreSQL backend, instead requiring the use of on_conflict. This
unfortunately requires a branch for save() on all of the models currently
using replace_into.
2019-09-12 16:12:22 -04:00
Emil Madsen
ab95a69dc8 Rework migrations for MySQL 2019-05-20 21:12:41 +02:00
Daniel García
834c847746
Implement admin JWT cookie, separate JWT issuers for each type of token and migrate admin page to handlebars template 2019-01-19 21:41:49 +01:00
Daniel García
30e768613b
Start using rustfmt and some style changes to make some lines shorter 2018-12-30 23:34:31 +01:00
Daniel García
6a99849a1e
Implemented proper error handling, now we can do user.save($conn)?; and it works.
In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
2018-12-30 21:31:12 +01:00
Daniel García
4e827e4f8a
Implement better retry and use it while saving device 2018-12-12 22:15:54 +01:00
Daniel García
7adc045b80
Updated IP logging to use client_ip, to match old remote behavior.
Improved error logging, now it won't show a generic error message in some situations.
Removed delete device, which is not needed as it will be overwritten later.
Logged more info when an error occurs saving a device.
Added orgmanager to JWT claims.
2018-12-09 17:58:38 +01:00
Daniel García
94810c106a
Migrate to rust 2018 edition 2018-12-07 02:05:45 +01:00
Daniel García
6364c05789
Fix attachments during key rotation, add individual attachment key 2018-11-27 17:24:12 +01:00
janost
58a78ffa54 Device::save() should return QueryResult instead of bool 2018-10-14 16:17:37 +02:00
Miroslav Prasil
a28caa33ef Implement poor man's admin panel 2018-10-12 15:20:10 +01:00
Daniel García
dae92b9018 Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device. 2018-07-12 22:22:10 +02:00
Daniel García
b0ee5f6570 Improved two factor auth 2018-06-01 15:08:03 +02:00
Daniel García
4093bf92fe Initial organizations functionality: Creating orgs and inviting users 2018-04-24 22:01:55 +02:00
Daniel García
84a75c871b Improved error messagees, implemented delete ciphers, attachments and account, implemented two factor recovery.
Known missing:
 - import ciphers, create ciphers types other than login and card, update ciphers
 - clear and put device_tokens
 - Equivalent domains
 - Organizations
2018-02-15 19:05:57 +01:00
Daniel García
912901780e Updated modified date when saving and removed hardcoded attachment domain 2018-02-15 01:07:57 +01:00
Daniel García
31bf2bc2b1 Solved some warnings 2018-02-15 00:53:11 +01:00
Daniel García
b54684b677 Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00
Daniel García
5cd40c63ed First working version 2018-02-10 01:00:55 +01:00