vaultwarden

Commit Graph

Author	SHA1	Message	Date
BlackDex	bcbe6177b8	Merge branch 'master' of https://github.com/dani-garcia/bitwarden_rs into log-panics	5 years ago
BlackDex	9b1d07365e	Updated ring Some small changes to match the updated ring package.	5 years ago
BlackDex	37b212427c	Updated jsonwebtoken Updated to the latest version of jsonwebtoken. Some small code changes to match the new versions.	5 years ago
BlackDex	078234d8b3	Small change for rocket compatibilty	5 years ago
Daniel García	2ee07ea1d8	Fix empty data when cloning cipher	5 years ago
Daniel García	40c339db9b	Fix postgres policies, second try	5 years ago
Daniel García	402c1cd06c	Merge pull request #906 from BlackDex/upgrade-reqwest Updated reqwest to the latest version.	5 years ago
Daniel García	819f340f39	Fix issue with postgres	5 years ago
BlackDex	1b4b40c95d	Updated reqwest to the latest version. - Use the blocking client (no async). - Disabled gzip. - use_sys_proxy is now default.	5 years ago
Daniel García	afd9f4e278	Allow the smtp mechanism to be provided without quotes and all lowercase	5 years ago
Daniel García	47a9461f39	Merge pull request #903 from TheBinaryLoop/patch-1 Updated domains with new values vualt	5 years ago
Daniel García	c6f64d8368	Merge pull request #901 from sleweke/feature/opportunistic_tls Use opportunistic TLS in SMTP connections	5 years ago
Daniel García	a30d5f4cf9	Fix cloning issues	5 years ago
Daniel García	3fa78e7bb1	Initial version of policies	5 years ago
Lukas Eßmann	a8a7e4f9a5	Updated domains with new values vualt Added domains from official vault.bitwarden.com	5 years ago
Samuel Leweke	5d3b765a23	Use opportunistic TLS in SMTP connections If SSL is disabled, the SMTP ClientSecurity of the lettre crate defaults to None, that is, an insecure connection. This is changed to Opportunistic, which uses TLS if available. If TLS is not available, the insecure connection is used (i.e., this change is backward compatible).	5 years ago
Daniel García	70f3ab8ec3	Migrate lazy_static to once_cell, less macro magic and slightly faster	5 years ago
BlackDex	84dc2eda1f	Changed javascript default argument construction	5 years ago
BlackDex	390d10d656	Relocated SMTP test input+button. - Moved smtp test option to within the "SMTP Email" Settings block. - Added optional option to prevent full page reload. - SMTP Test and Backup do not reload the admin interface any more.	5 years ago
zethra	cc404b4edc	Added command line flags for help and version Signed-off-by: zethra <benaagoldberg@gmail.com>	5 years ago
BlackDex	97fb7b5b96	Added urlpath to smtpTest function	5 years ago
BlackDex	5a974c7b94	Added SMTP test button in the admin gui - Added a test button for checking the e-mail settings. - Fixed a bug with the _post JavaScript function: A function was overwriten with a variable and errors were not handled correctly like a 500 for example.	5 years ago
BlackDex	7439aeb63e	Make panics logable (as warn) panic!()'s only appear on stderr, this makes tracking down some strange issues harder with the usage of docker since stderr does not get logged into the bitwarden.log file. This change logs the message to stdout and the logfile when activated.	5 years ago
Daniel García	cd8907542a	Make sure the provided domain contains the protocol and show a useful error when it doesn't	5 years ago
Daniel García	ad9f2b2d8e	Removed test urlpath	5 years ago
Daniel García	2f4a9865e1	Use absolute paths in the admin page	5 years ago
Jeremy Lin	29a0795219	Add backend support for alternate base dir (subdir/subpath) hosting To use this, include a path in the `DOMAIN` URL, e.g.: * `DOMAIN=https://example.com/custom-path` * `DOMAIN=https://example.com/multiple/levels/are/ok`	5 years ago
Daniel García	325039c316	Attachment size limits, per-user and per-organization	5 years ago
Miro Prasil	03233429f4	Remove check from Invitation:take() I've checked the spots when `Invitation::new()` and `Invitation::take()` are used and it seems like all spots are already correctly gated. So to enable invitations via admin API even when invitations are otherwise disabled, this check can be removed.	5 years ago
Miroslav Prasil	0a72c4b6db	Do not disable invitations via admin API This was brought up today: https://github.com/dani-garcia/bitwarden_rs/issues/752#issuecomment-586715073 I don't think it makes much sense in checking whether admin has the right to send invitation as admin can change the setting anyway. Removing the condition allows users to forbid regular users from inviting new users to server while still preserving the option to do so via the admin API.	5 years ago
Daniel García	8867626de8	Add option to change invitation org name, fixes #825 Add option to allow additional iframe ancestors, fixes #843 Sort the rocket routes before printing them	5 years ago
Daniel García	f5916ec396	Fix backwards indices	5 years ago
Daniel García	ebb36235a7	Cache icons in the clients	5 years ago
Daniel García	def174a517	Convert email domains to punycode	5 years ago
Daniel García	480ba933fa	Don't error if admin token is empty but disabled	5 years ago
Miro Prasil	c4101162d6	SIGNUPS_ALLOWED with no whitelist [fixes #830 ] This reverts back to `SIGNUPS_ALLOWED` when there is no domain whitelist set. The functionality was broken in `64d6f72`.	5 years ago
Daniel García	632d55265b	Merge pull request #824 from tomuta/fix_change_email Fix change email when no whitelist is configured	5 years ago
tomuta	e277f7d1c1	Fix change email when no whitelist is configured Fixes issue #792	5 years ago
Daniel García	ff7b4a3d38	Update handlebars to 3.0 which included performance improvements. Updated lettre to newer git revision, which should give better error messages now.	5 years ago
Daniel García	d212dfe735	Accept y/n, True/False, 1/0 as booleans in environment vars	5 years ago
Daniel García	84ed185579	Update u2f to 0.2, which requires OpenSSL but also might solve the problems we've had with certificates. The rust image doesn't need installing curl or tar, so removed. Also collapsed ENV lines.	5 years ago
Michael Powers	e196ba6e86	Switch error handling to ? operator instead of explicit handling.	5 years ago
Michael Powers	76743aee48	Fixes #635 - Unique constraint violation when using U2F tokens on PostgreSQL Because of differences in how .on_conflict() works compared to .replace_into() the PostgreSQL backend wasn't correctly ensuring the unique constraint on user_uuid and atype wasn't getting violated. This change simply issues a DELETE on the unique constraint prior to the insert to ensure uniqueness. PostgreSQL does not support multiple constraints in ON CONFLICT clauses.	5 years ago
Daniel García	96a189deb9	Merge pull request #803 from aeolyus/master Minor typo conect -> connect	5 years ago
Daniel García	8c229920ad	Protect websocket server against panics	5 years ago
Richard Huang	d592323e39	minor typo conect -> connect	5 years ago
Daniel García	36ae946655	Avoid some to_string in the request logging and include message to disable web vault when not found.	5 years ago
Daniel García	cb6f392774	When receiving a comma separated list as IP, pick the first	5 years ago
Daniel García	88c56de97b	Config option for client IP header	5 years ago
Daniel García	e274af6e3d	Print current server time when failing TOTP, and use chrono as the rest of the server	5 years ago
Daniel García	a0ece3754b	Formatting	5 years ago
Daniel García	2545469713	Fix crash when page URL points to huge file	5 years ago
Daniel García	5cabf4d040	Fix IP not shown when failed login (Fixes #761 )	5 years ago
Daniel García	a03db6d224	Also hide options requests, unless using debug or trace	5 years ago
Daniel García	8d1b72b951	Collapsed log messages from 3 lines per request to 2 and hidden the ones valued as less informative. Use LOG_LEVEL debug or trace to recover them. Removed LOG_MOUNTS and bundled it with LOG_LEVEL debug and trace. Removed duplicate error messages Made websocket not proxied message more prominent, but only print it once.	5 years ago
Daniel García	912e1f93b7	Fix some lints	5 years ago
Daniel García	adc443ea80	Add endpoint to delete specific U2F key	5 years ago
Daniel García	0d32179d07	Logout button in admin page	5 years ago
Daniel García	12928b832c	Fix broken tests	5 years ago
Daniel García	1e224220a8	Updated deps and fixed some lints	5 years ago
Daniel García	924ba153aa	Merge pull request #730 from tomuta/email_verification Implement change-email, email-verification, account-recovery, and welcome notifications	5 years ago
tomuta	bd1e8be328	Implement change-email, email-verification, account-recovery, and welcome notifications	5 years ago
Daniel García	4b71197c97	Merge pull request #738 from ntimo/task/add-netcup-global-domains Added netcup domains to global domains	5 years ago
BlackDex	b209c1bc4d	Add an option to fetch and parse href="data:image" Some sites are using base64 encoded inline images for favicons. This will try to match those with some sane checks and return that. These icons will have lower prio then the icons with a normal URL.	5 years ago
ntimo	2b8d08a3f4	Added netcup domains to global domains	5 years ago
Daniel García	cbadf00941	Update web vault to fix twofactorauth.org integration Update dependencies and toolchain Update included equivalent domains with upstream changes	5 years ago
tomuta	64d6f72e6c	Add the ability to disable signups, but allow signups from a whitelist This feature can be enabled by setting SIGNUPS_ALLOWED=false and providing a comma-separated list of whitelisted domains in SIGNUPS_DOMAINS_WHITELIST. Fixes #727	5 years ago
Timo N	b889e5185e	Added tv.apple.com to global domains	5 years ago
BlackDex	3f6809bcdf	Fixed issue/request #705 Added a config option to disable time drifted totp codes. Default is false, since this is what the RFC recommends.	5 years ago
BlackDex	c52adef919	Added configurable smtp timeout. - Added config option for smtp timeout - Lowered default timeout to 15 seconds instead of default 60.	5 years ago
BlackDex	2ffc3eac4d	Clippy fix	5 years ago
BlackDex	0ff7fd939e	Next attempt for issue #709 fix Now creates icon cache directory at startup. And it also creates the directory if it went missing during runtime. Also modified the icon_save/mark_negcache to be one.	5 years ago
BlackDex	ca7c5129b2	Fixed issue #709 creating icon_cache directory. When the icon_cache directory doesn't exists yet, and the first icon catched is a miss this .miss file was not able to be created since the directory was only created during a valid icon download.	5 years ago
Daniel García	b4dfc24040	Merge pull request #703 from patrickli/bugfix/dont-sync-excluded-global-domains Don't include excluded global equivalent domains during sync	5 years ago
Patrick Li	85dbf4e16c	Don't include excluded global equivalent domains during sync Fixes #681	5 years ago
BlackDex	3442eb1b9d	Trying to fix issue #687 - Using an older commit from rocket repo	5 years ago
Daniel García	e449912f05	Generate recovery codes for email and duo	5 years ago
Daniel García	d29b6bee28	Remove unnecessary clones and other clippy fixes	5 years ago
Miro Prasil	00a11b1b78	Stop leaking usernames when SIGNUPS_ALLOWED=false This fixes #691 - respond in less specific way to not leak the fact that user is already registered on the server.	5 years ago
BlackDex	ee550be80c	Added http favicon url when response failed	5 years ago
Daniel García	fccc0a4b05	Update rocket to latest master Downgrade rust version to fix cargo issue Set rustup profile to minimal	5 years ago
Jellyfrog	ebc47dc161	Remove unneeded WS logging	5 years ago
vpl	3b7a5bd102	Move 2FA email config to after SMTP config	5 years ago
vpl	2edecf34ff	Use user_uuid instead of mut twofactor	5 years ago
vpl	18bc8331f9	Send email when preparing 2FA JsonError	5 years ago
BlackDex	603a964579	Fixed issue #663 . During the 2fa activation there is no twofactor record yet. Changed the layout a bit so that it will generate a new twofactor record when it does not exists yet. Else it will just update the already existing record.	5 years ago
Daniel García	dc515b83f3	Merge pull request #657 from BlackDex/totp-timedrift Updated authenticator TOTP	5 years ago
BlackDex	9466f02696	Recoded TOTP time drift validation	5 years ago
BlackDex	2cde814aaa	Fixed a bug with the sqlite backup feature. When a custom path is used the backup feature does not work. Changed it so it will take the path of the sqlite file and use that.	5 years ago
BlackDex	d989a19f76	Merge branch 'master' of https://github.com/dani-garcia/bitwarden_rs into totp-timedrift	5 years ago
Daniel García	d292269ea0	Make the blacklist logic be cached	5 years ago
BlackDex	ebf40099f2	Updated authenticator TOTP - Added security check for previouse used codes - Allow TOTP codes with 1 step back and forward when there is a time drift. This means in total 3 codes could be valid. But only newer codes then the previouse used codes are excepted after that.	5 years ago
BlackDex	edc482c8ea	Changed HIBP Error message. - Moved the manual link to the check to the top. - Clearified that hibp is a payed service. - Changed error logo to hibp logo.	5 years ago
BlackDex	6e5c03cc78	Some modification when no HIBP API Key is set - Added an URL with the useraccount for manual check. - Added support for HTTP(S)_PROXY for hibp.	5 years ago
Daniel García	881c1978eb	Error when the URL scheme doesn't match the database type	5 years ago
Daniel García	662bc27523	Updated dependencies and fixed disable_admin_token description	5 years ago
Daniel García	e6b763026e	Merge branch 'master' into icon-security	5 years ago
Daniel García	c182583e09	Merge pull request #644 from BlackDex/issue-565 Fixed issue #565	5 years ago
Daniel García	d821389c2e	Merge pull request #639 from vverst/cors-update Change CORS headers	5 years ago
BlackDex	be2916333b	Fixed issue #565 Issue fixed by omitting the cookie header when cookie_str is empty	5 years ago

1 2 3 4 5 ...

646 Commits (a447e4e7efba3089525dad45d8ee9f7fe2a2b1dc)