d29b6bee28
Remove unnecessary clones and other clippy fixes
5 years ago
e2e3712921
Merge pull request #695 from mprasil/do-not-leak-usernames
...
Stop leaking usernames when SIGNUPS_ALLOWED=false
5 years ago
00a11b1b78
Stop leaking usernames when SIGNUPS_ALLOWED=false
...
This fixes #691 - respond in less specific way to not leak the
fact that user is already registered on the server.
5 years ago
77b78f0991
Merge pull request #690 from BlackDex/icon-download-http
...
Added http favicon url when response failed
5 years ago
ee550be80c
Added http favicon url when response failed
5 years ago
97d41c2686
Revert rustup minimal profile, rustup can't be updated
5 years ago
fccc0a4b05
Update rocket to latest master
...
Downgrade rust version to fix cargo issue
Set rustup profile to minimal
5 years ago
57b1d3f850
Update dependencies and docker base images
5 years ago
77d40833d9
Merge pull request #679 from mprasil/bump-rust-toolchain
...
Bump rust toolchain
5 years ago
7814218208
Bump rust toolchain
...
This is as per #622 that sshould resolve issues building on armv7.
5 years ago
95a7ffdf6b
Merge pull request #673 from Jellyfrog/patch-2
...
Remove unneeded WS logging
5 years ago
ebc47dc161
Remove unneeded WS logging
5 years ago
cd8acc2e8c
Merge pull request #671 from vverst/enable-2fa-email
...
Move 2FA email config to after SMTP config
5 years ago
3b7a5bd102
Move 2FA email config to after SMTP config
5 years ago
d3054d4f83
Merge pull request #667 from dani-garcia/minimal_profile
...
Update rust version and use minimal profile for CI
5 years ago
5ac66b05e3
Merge pull request #666 from vverst/fix-2fa-email
...
Fix 2FA email not sending
5 years ago
83fd44eeef
Update rust version and use minimal profile for CI
5 years ago
2edecf34ff
Use user_uuid instead of mut twofactor
5 years ago
18bc8331f9
Send email when preparing 2FA JsonError
5 years ago
7d956c5117
Merge pull request #664 from BlackDex/fix-issue-663
...
Fixed issue #663 .
5 years ago
603a964579
Fixed issue #663 .
...
During the 2fa activation there is no twofactor record yet.
Changed the layout a bit so that it will generate a new twofactor record
when it does not exists yet. Else it will just update the already
existing record.
5 years ago
dc515b83f3
Merge pull request #657 from BlackDex/totp-timedrift
...
Updated authenticator TOTP
5 years ago
9466f02696
Recoded TOTP time drift validation
5 years ago
d3bd2774dc
Update dependencies to use newer SQLite
5 years ago
f482585d7c
Merge pull request #660 from BlackDex/sqlite-backup-fix
...
Fixed a bug with the sqlite backup feature.
5 years ago
2cde814aaa
Fixed a bug with the sqlite backup feature.
...
When a custom path is used the backup feature does not work.
Changed it so it will take the path of the sqlite file and use that.
5 years ago
d989a19f76
Merge branch 'master' of https://github.com/dani-garcia/bitwarden_rs into totp-timedrift
5 years ago
d292269ea0
Make the blacklist logic be cached
5 years ago
ebf40099f2
Updated authenticator TOTP
...
- Added security check for previouse used codes
- Allow TOTP codes with 1 step back and forward when there is a time
drift. This means in total 3 codes could be valid. But only newer codes
then the previouse used codes are excepted after that.
5 years ago
0586c00285
Merge pull request #653 from stevesbrain/master
...
Simple grammar update
5 years ago
bb9ddd5680
Merge pull request #1 from stevesbrain/stevesbrain-patch-1
...
Very simple grammar updates
5 years ago
cb1663fc12
Very simple grammar updates
...
Just some basic grammar updates in the "get in touch" section.
5 years ago
45d9d8db94
Merge pull request #652 from BlackDex/hibp-changes
...
Some modification when no HIBP API Key is set
5 years ago
edc482c8ea
Changed HIBP Error message.
...
- Moved the manual link to the check to the top.
- Clearified that hibp is a payed service.
- Changed error logo to hibp logo.
5 years ago
6e5c03cc78
Some modification when no HIBP API Key is set
...
- Added an URL with the useraccount for manual check.
- Added support for HTTP(S)_PROXY for hibp.
5 years ago
881c1978eb
Error when the URL scheme doesn't match the database type
5 years ago
662bc27523
Updated dependencies and fixed disable_admin_token description
5 years ago
b4b62c22a4
Merge pull request #648 from BlackDex/icon-security
...
Added missing .env configuration option.
5 years ago
05569147af
Added missing .env configuration option.
5 years ago
99a635d327
Merge pull request #643 from BlackDex/icon-security
...
Updated icon blacklisting.
5 years ago
e6b763026e
Merge branch 'master' into icon-security
5 years ago
c182583e09
Merge pull request #644 from BlackDex/issue-565
...
Fixed issue #565
5 years ago
d821389c2e
Merge pull request #639 from vverst/cors-update
...
Change CORS headers
5 years ago
be2916333b
Fixed issue #565
...
Issue fixed by omitting the cookie header when cookie_str is empty
5 years ago
9124d8a3fb
Updated icon blacklisting.
...
- Blacklisting was not effective for redirects and rel href
- Able to blacklist non global IP's like RFC1918, multicast etc...
5 years ago
7b1da527a6
Change CORS headers
...
Only add Allow-Origin to all requests and move the others to preflight OPTIONS request.
If Origin is `file://` change it to the wildcard.
5 years ago
e7b8602e1f
Merge pull request #638 from mprasil/add_sqlite_binary
...
Add sqlite binary into the docker images
5 years ago
d6e9af909b
Remove the unnecessary check for sqlite
...
The binary we use is called `sqlite3` so no need to check for other
name variants as we won't use those anyways.
5 years ago
acdd42935b
Add sqlite binary into the docker images
...
This is done to enable backup functionality in the admin interface while
we're waiting for the libsqlite-sys 0.17 to bubble up in the upstream
dependencies. Then we can start using `VACUUM INTO`
This also extends the check for the sqlite binary to also try `sqlite3`
as this is the name of the binary in baseimage distributions we use.
5 years ago
8367d1d715
Merge pull request #631 from vverst/cors-put
...
Use Access-Control-Allow-Method
5 years ago
Daniel García
Miro Prasil
BlackDex
Jellyfrog
vpl
Steve Divskinsy