00ce943ea5
Merge branch 'BlackDex-security-md' into main
3 years ago
b67eacdfde
Merge branch 'security-md' of https://github.com/BlackDex/vaultwarden into BlackDex-security-md
3 years ago
0dcea75764
Remove unused lifetime and double referencing
3 years ago
0c5532d8b5
Adding a SECURITY.md
3 years ago
46e0f3c43a
Load RSA keys as pem format directly, and using openssl crate, backported from async branch
3 years ago
2cd17fe7af
Add token with short expiration time to send url
3 years ago
f44b2611e6
Update rust toolchain and dependencies
3 years ago
82fee0ede3
Merge pull request #1779 from jjlin/last-known-rev-warning
...
Avoid `Error parsing LastKnownRevisionDate` warning for mobile clients
3 years ago
49579e4ce7
Avoid `Error parsing LastKnownRevisionDate` warning for mobile clients
...
When creating a new cipher, the mobile clients seem to set this field to an
invalid value, which causes a warning to be logged:
Error parsing LastKnownRevisionDate '0001-01-01T00:00:00': premature end of input
Avoid this by dropping the `LastKnownRevisionDate` field on cipher creation.
3 years ago
9254cf9d9c
Fix clippy lints
3 years ago
ff0fee3690
Merge branch 'BlackDex-admin-changes' into main
3 years ago
0778bd4bd5
Merge branch 'admin-changes' of https://github.com/BlackDex/vaultwarden into BlackDex-admin-changes
3 years ago
0cd065d354
Update webauthn-rs crate to upstream version
3 years ago
8615736e84
Multiple Admin Interface fixes and some others.
...
Misc:
- Fixed hadolint workflow, new git cli needs some extra arguments.
- Add ignore paths to all specific on triggers.
- Updated hadolint version.
- Made SMTP_DEBUG read-only, since it can't be changed at runtime.
Admin:
- Migrated from Bootstrap v4 to v5
- Updated jquery to v3.6.0
- Updated Datatables
- Made Javascript strict
- Added a way to show which ENV Vars are overridden.
- Changed the way to provide data for handlebars.
- Fixed date/time check.
- Made support string use details and summary feature of markdown/github.
3 years ago
5772836be5
Fix admin page with handlebars 4
3 years ago
c380d9c379
Support for webauthn and u2f->webauthn migrations
3 years ago
cea7a30d82
Merge pull request #1761 from jjlin/deps
...
Update dependencies
4 years ago
06cde29419
Update dependencies
...
Notably, update `diesel` to 1.4.7 and `libsqlite3-sys` to 0.22.2 to pick up
the fix for CVE-2021-20227 added in SQLite 3.34.1.
4 years ago
20f5988174
Merge pull request #1736 from jjlin/rocket-env-docs
...
Clarify Rocket env var defaults
4 years ago
b491cfe0b0
Clarify Rocket env var defaults
...
Mention `ROCKET_WORKERS`, but remove `ROCKET_ENV` since most users
probably wouldn't use it.
4 years ago
fc513413ea
Merge pull request #1730 from jjlin/attachment-upload-v2
...
Add support for v2 attachment upload APIs
4 years ago
3f7e4712cd
Fix attachment size limit calculation for v2 uploads
4 years ago
c2ef331df9
Rework file ID generation
4 years ago
5fef7983f4
Clean up attachment error handling
4 years ago
29ed82a359
Add support for v2 attachment upload APIs
...
Upstream PR: https://github.com/bitwarden/server/pull/1229
4 years ago
7d5186e40a
Merge pull request #1706 from jjlin/trash-auto-delete-env
...
Add `TRASH_AUTO_DELETE_DAYS` to .env.template
4 years ago
99270612ba
Merge pull request #1704 from jjlin/global-domains
...
Sync global_domains.json
4 years ago
c7b5b6ee07
Add `TRASH_AUTO_DELETE_DAYS` to .env.template
4 years ago
848d17ffb9
Sync global_domains.json to bitwarden/server@7857053 (Amazon)
4 years ago
47e8aa29e1
Merge pull request #1702 from BlackDex/icon-updates-plus
...
Updated icon fetching and crates.
4 years ago
f270f2ed65
Updated icon fetching and crates.
...
- Updated some crates
- Updated icon fetching code:
+ Use a cookie jar and set Max-Age to 2 minutes for all cookies
+ Locate the base href tag to fix some locations
+ Changed User-Agent (Helps on some sites to get HTML instead of JS)
+ Reduced HTML code limit from 512KB to 384KB
+ Allow some large icons higer-up in the sort
+ Allow GIF images
+ Ignore cookie_store and hyper::client debug messages
4 years ago
aba5b234af
Merge pull request #1700 from jjlin/fix-attachment-downloads
...
Fix attachment downloads
4 years ago
9133e2927d
Fix attachment downloads
...
Upstream switched to new upload/download APIs. Uploads fall back to the
legacy APIs for now, but not downloads apparently.
4 years ago
38104ba7cf
`cargo fmt` changes
...
The PR build seems to fail without this...
4 years ago
c42bcae224
Merge pull request #1696 from umireon/patch-1
...
Remove unneeded spaces in .env.template
4 years ago
764e51bbe9
Remove unneeded spaces in .env.template
4 years ago
8e6c6a1dc4
Merge pull request #1689 from jjlin/hide-email
...
Add support for hiding the sender's email address in Bitwarden Sends
4 years ago
7a9cfc45da
Merge pull request #1688 from jjlin/config-sends-allowed
...
Add `sends_allowed` config setting
4 years ago
9e24b9065c
Merge pull request #1682 from dongcarl/2021-05-admin-granular-http-codes
...
admin: More granular HTTP return codes for user-related endpoints
4 years ago
1c2b376ca2
Merge pull request #1663 from dongcarl/2021-05-invite_user-return
...
admin: Return newly-created user in invite_user
4 years ago
746ce2afb4
Merge pull request #1653 from jjlin/password-reprompt
...
Add support for password reprompt
4 years ago
029008bad5
Add support for the `Send Options` policy
...
Upstream refs:
* https://github.com/bitwarden/server/pull/1234
* https://bitwarden.com/help/article/policies/#send-options
4 years ago
d3449bfa00
Add support for hiding the sender's email address in Bitwarden Sends
...
Note: The original Vaultwarden implementation of Bitwarden Send would always
hide the email address, while the upstream implementation would always show it.
Upstream PR: https://github.com/bitwarden/server/pull/1234
4 years ago
a9a5706764
Add support for password reprompt
...
Upstream PR: https://github.com/bitwarden/server/pull/1269
4 years ago
3ff8014add
Add `sends_allowed` config setting
...
This provides global control over whether users can create Bitwarden Sends.
4 years ago
e60bdc7efe
admin: Make invite_user error codes more specific
...
- Return 409 Conflict for when a user with that email already exists
- Return 500 InternalServerError for everything else
4 years ago
cccd8262fa
admin: Add /users/<uuid> route
...
Individual user information can now be looked up by UUID.
4 years ago
68e5d95d25
admin: Specifically return 404 for user not found
...
- Modify err_code to accept an expr for err_code
- Add get_user_or_404, properly returning 404 instead of a generic 400
for cases where user is not found
- Use get_user_or_404 where appropriate.
4 years ago
5f458b288a
admin: Return newly-created user in invite_user
...
Instead of having the caller dig through /admin/users for the right one,
just return the user upon creation.
4 years ago
e9ee8ac2fa
Fix sponsors
4 years ago
Daniel García
BlackDex
Jeremy Lin
Kaito Udagawa
Carl Dong