Daniel García
0b7d6bf6df
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
3 years ago
Jeremy Lin
8f7900759f
Fix `scope` and `refresh_token` for API key logins
...
API key logins use a scope of `api`, not `api offline_access`. Since
`offline_access` is not requested, no `refresh_token` is returned either.
3 years ago
Jeremy Lin
69ee4a70b4
Add support for API keys
...
This is mainly useful for CLI-based login automation.
3 years ago
Daniel García
5529264c3f
Basic ratelimit for user login (including 2FA) and admin login
3 years ago
Jeremy Lin
c476e19796
Add email notifications for incomplete 2FA logins
...
An incomplete 2FA login is one where the correct master password was provided,
but the 2FA token or action required to complete the login was not provided
within the configured time limit. This potentially indicates that the user's
master password has been compromised, but the login was blocked by 2FA.
Be aware that the 2FA step can usually still be completed after the email
notification has already been sent out, which could be confusing. Therefore,
the incomplete 2FA time limit should be long enough that this situation would
be unlikely. This feature can also be disabled entirely if desired.
3 years ago
Adam Jones
d014eede9a
feature: Support single organization policy
...
This adds back-end support for the [single organization policy](https://bitwarden.com/help/article/policies/#single-organization ).
3 years ago
Daniel García
9254cf9d9c
Fix clippy lints
3 years ago
Daniel García
c380d9c379
Support for webauthn and u2f->webauthn migrations
3 years ago
Jake Howard
994669fb69
Merge remote-tracking branch 'origin/master' into fmt
4 years ago
Jake Howard
3ab90259f2
Modify rustfmt file
4 years ago
Daniel García
b268c3dd1c
Update web vault and add unnoficialserver response
4 years ago
Jake Howard
0af3956abd
Run `cargo fmt` on codebase
4 years ago
janost
043aa27aa3
Implement admin ability to enable/disable users
4 years ago
Daniel García
29c6b145ca
Remove redundant user fetching from login
4 years ago
Daniel García
ad48e9ed0f
Fix unlock on desktop clients
4 years ago
Daniel García
668d5c23dc
Removed try_trait and some formatting, particularly around imports
4 years ago
Jeremy Lin
a28ebcb401
Use local time in email notifications for new device logins
...
In this implementation, the `TZ` environment variable must be set
in order for the formatted output to use a more user-friendly
time zone abbreviation (e.g., `UTC`). Otherwise, the output uses
the time zone's UTC offset (e.g., `+00:00`).
4 years ago
Daniel García
0807783388
Add ip on totp miss
5 years ago
Daniel García
9cca64003a
Remove unused dependency and simple feature, update dependencies and fix some clippy lints
5 years ago
Jeremy Lin
c06162b22f
Handle `devicePushToken`
...
Mobile push isn't currently supported, but this should get rid of spurious
`Detected unexpected parameter during login: devicepushtoken` warnings.
5 years ago
Daniel García
5cabf4d040
Fix IP not shown when failed login ( Fixes #761 )
5 years ago
Daniel García
912e1f93b7
Fix some lints
5 years ago
tomuta
bd1e8be328
Implement change-email, email-verification, account-recovery, and welcome notifications
5 years ago
vpl
2edecf34ff
Use user_uuid instead of mut twofactor
5 years ago
vpl
18bc8331f9
Send email when preparing 2FA JsonError
5 years ago
BlackDex
ebf40099f2
Updated authenticator TOTP
...
- Added security check for previouse used codes
- Allow TOTP codes with 1 step back and forward when there is a time
drift. This means in total 3 codes could be valid. But only newer codes
then the previouse used codes are excepted after that.
5 years ago
vpl
5d50b1ee3c
Merge remote-tracking branch 'upstream/master' into email-codes
5 years ago
vpl
ee7837d022
Add option to require new device emails
5 years ago
Daniel García
07743e490b
Ignore error sending device email
5 years ago
vpl
6d460b44b0
Use saved token for email 2fa codes
5 years ago
vpl
efd8d9f528
Remove some unused imports, unneeded mut variables
5 years ago
vpl
29aedd388e
Add email code logic and move two_factor into separate modules
5 years ago
vpl
27e0e41835
Add email authenticator logic
5 years ago
vpl
df71f57d86
Move send device email to end of password login
...
Send new device email after two factor authentication.
5 years ago
vpl
60e39a9dd1
Move retrieve/new device from connData to separate function
5 years ago
vpl
bc6a53b847
Add new device email when user logs in
5 years ago
Emil Madsen
e22e290f67
Fix key and type variable names for mysql
6 years ago
Daniel García
253faaf023
Use users duo host when required, instead of always using the global one
6 years ago
Daniel García
8d9827c55f
Implement selection between global config and user settings for duo keys.
6 years ago
Daniel García
754087b990
Add global duo config and document options in .env template
6 years ago
Daniel García
cfbeb56371
Implement user duo, initial version
...
TODO:
- At the moment each user needs to configure a DUO application and input the API keys, we need to check if multiple users can register with the same keys correctly and if so we could implement a global setting.
- Sometimes the Duo frame doesn't load correctly, but canceling, reloading the page and logging in again seems to fix it for me.
6 years ago
Daniel García
7d2bc9e162
Added option to force 2fa at logins and made some changes to two factor code.
...
Added newlines to config options to keep them a reasonable length.
6 years ago
Daniel García
5ee04e31e5
Updated dependencies, removed some unnecessary clones and fixed some lints
6 years ago
Daniel García
9636f33fdb
Implement constant time equal check for admin, 2fa recover and 2fa remember tokens
6 years ago
Daniel García
700e084101
Add 2FA icon to admin panel
6 years ago
Daniel García
a1dc47b826
Change config to thread-safe system, needed for a future config panel.
...
Improved some two factor methods.
6 years ago
Daniel García
30e768613b
Start using rustfmt and some style changes to make some lines shorter
6 years ago
Daniel García
6a99849a1e
Implemented proper error handling, now we can do `user.save($conn)?;` and it works.
...
In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
6 years ago
Daniel García
5a9aab1a32
Implement fromform, and ignore case and underscores, fixes #298
6 years ago
algebro
e26e2319da
Close #264 . Usernames and IP addresses are logged on successful authentication
6 years ago