BlackDex
d989a19f76
Merge branch 'master' of https://github.com/dani-garcia/bitwarden_rs into totp-timedrift
5 years ago
Daniel García
d292269ea0
Make the blacklist logic be cached
5 years ago
BlackDex
ebf40099f2
Updated authenticator TOTP
...
- Added security check for previouse used codes
- Allow TOTP codes with 1 step back and forward when there is a time
drift. This means in total 3 codes could be valid. But only newer codes
then the previouse used codes are excepted after that.
5 years ago
BlackDex
edc482c8ea
Changed HIBP Error message.
...
- Moved the manual link to the check to the top.
- Clearified that hibp is a payed service.
- Changed error logo to hibp logo.
5 years ago
BlackDex
6e5c03cc78
Some modification when no HIBP API Key is set
...
- Added an URL with the useraccount for manual check.
- Added support for HTTP(S)_PROXY for hibp.
5 years ago
Daniel García
e6b763026e
Merge branch 'master' into icon-security
5 years ago
BlackDex
be2916333b
Fixed issue #565
...
Issue fixed by omitting the cookie header when cookie_str is empty
5 years ago
BlackDex
9124d8a3fb
Updated icon blacklisting.
...
- Blacklisting was not effective for redirects and rel href
- Able to blacklist non global IP's like RFC1918, multicast etc...
5 years ago
Miro Prasil
d6e9af909b
Remove the unnecessary check for sqlite
...
The binary we use is called `sqlite3` so no need to check for other
name variants as we won't use those anyways.
5 years ago
Miro Prasil
acdd42935b
Add sqlite binary into the docker images
...
This is done to enable backup functionality in the admin interface while
we're waiting for the libsqlite-sys 0.17 to bubble up in the upstream
dependencies. Then we can start using `VACUUM INTO`
This also extends the check for the sqlite binary to also try `sqlite3`
as this is the name of the binary in baseimage distributions we use.
5 years ago
Daniel García
4c07f05b3a
Remove Result<T, E: Debug> in preparation of deprecation as Rocket responder.
...
Removed unnecessary returns
5 years ago
Daniel García
df8114f8be
Updated client kdf iterations to 100000 and fixed some lints
5 years ago
Daniel García
e3404dd322
Use the local scripts instead of cloudflare, remove jquery and update config so disabling a master toggle doesn't remove the values
5 years ago
Daniel García
bfc517ee80
Remove unused warning
5 years ago
Daniel García
4a7d2a1e28
Rename static files endpoint
5 years ago
vpl
5d50b1ee3c
Merge remote-tracking branch 'upstream/master' into email-codes
5 years ago
vpl
c99df1c310
Compare token using crypto::ct_eq
5 years ago
vpl
591ae10144
Get token from single u64
5 years ago
Daniel García
026f9da035
Allow removing users two factors
5 years ago
Daniel García
515b87755a
Update HIBP to v3, requires paid API key, fixes #583
5 years ago
vpl
ee7837d022
Add option to require new device emails
5 years ago
Daniel García
07743e490b
Ignore error sending device email
5 years ago
BlackDex
e7b6238f43
Added reqwest proxy support
5 years ago
vpl
ad2225b6e5
Add configuration options for Email 2FA
5 years ago
vpl
5609103a97
Use ring to generate email token
5 years ago
vpl
6d460b44b0
Use saved token for email 2fa codes
5 years ago
vpl
efd8d9f528
Remove some unused imports, unneeded mut variables
5 years ago
vpl
29aedd388e
Add email code logic and move two_factor into separate modules
5 years ago
vpl
27e0e41835
Add email authenticator logic
5 years ago
Daniel García
c9c3f07171
Updated dependencies and fixed panic getting icons
5 years ago
vpl
df71f57d86
Move send device email to end of password login
...
Send new device email after two factor authentication.
5 years ago
vpl
60e39a9dd1
Move retrieve/new device from connData to separate function
5 years ago
vpl
bc6a53b847
Add new device email when user logs in
5 years ago
Daniel García
05a1137828
Move backend checks to build.rs to fail fast, and updated dependencies
5 years ago
Daniel García
5710703c50
Make sure the backup option only appears when using sqlite
6 years ago
Daniel García
1322b876e9
Merge pull request #493 from endyman/feature/initial_mysql_support
...
Initial support for mysql
6 years ago
Emil Madsen
e22e290f67
Fix key and type variable names for mysql
6 years ago
TheMardy
ef551f4cc6
Create Backup funcitonality
...
Added create backup functionality to the admin panel
6 years ago
Daniel García
5521a86693
Change path for served images to avoid collision with vault images
6 years ago
Daniel García
3160780549
Merge pull request #401 from TheMardy/master
...
Images in Email Templates
6 years ago
Daniel García
874f5c34bd
Formatting
6 years ago
Daniel García
253faaf023
Use users duo host when required, instead of always using the global one
6 years ago
Daniel García
3d843a6a51
Merge pull request #460 from janost/organization-vault-purge
...
Fixed purging organization vault
6 years ago
janost
03fdf36bf9
Fixed purging organization vault
6 years ago
Daniel García
fdcc32beda
Validate Duo credentials when custom
6 years ago
Daniel García
bf20355c5e
Merge branch 'duo'
6 years ago
Daniel García
2e12114350
Always create the user when inviting from admin panel
6 years ago
ViViDboarder
d3a8a278e6
Add new endpoint for retrieving all users
6 years ago
Daniel García
8d9827c55f
Implement selection between global config and user settings for duo keys.
6 years ago
Daniel García
cad63f9761
Auto generate akey
6 years ago
Daniel García
621f607297
Update dependencies and fix some warnings
6 years ago
Daniel García
754087b990
Add global duo config and document options in .env template
6 years ago
Daniel García
cfbeb56371
Implement user duo, initial version
...
TODO:
- At the moment each user needs to configure a DUO application and input the API keys, we need to check if multiple users can register with the same keys correctly and if so we could implement a global setting.
- Sometimes the Duo frame doesn't load correctly, but canceling, reloading the page and logging in again seems to fix it for me.
6 years ago
Daniel García
4b40cda910
Added domain blacklist regex for icons service and improved valid domain check.
...
Reorganized the icons code a bit.
6 years ago
Daniel García
61515160a7
Allow changing error codes and create an empty error.
...
Return 404 instead of 400 when no accounts breached.
6 years ago
Daniel García
43f9038325
Add option to force resync clients in admin panel
6 years ago
Daniel García
0718a090e1
Trim spaces from admin token during authentication and validate that the admin panel token is not empty
6 years ago
Daniel García
04922f6aa0
Some formatting and dependency updates
6 years ago
Daniel García
7d2bc9e162
Added option to force 2fa at logins and made some changes to two factor code.
...
Added newlines to config options to keep them a reasonable length.
6 years ago
Daniel García
10756b0920
Update dependencies and fix some lints
6 years ago
Дамјан Георгиевски
473f8b8e31
remove some unneeded mutability
6 years ago
Shane Faulkner
8b5b06c3d1
Allow the Admin token to be disabled in the advanced menu
6 years ago
Daniel García
5ee04e31e5
Updated dependencies, removed some unnecessary clones and fixed some lints
6 years ago
TheMardy
84fb6aaddb
Set correct MIME type
6 years ago
Daniel García
a744b9437a
Implemented multiple U2f keys, key names, and compromised checks
6 years ago
Daniel García
6027b969f5
Delete old devices when deauthorizing user sessions
6 years ago
Daniel García
93805a5d7b
Fix Yubikeys deleted on error
6 years ago
TheMardy
a79334ea4c
Added static email image routes
6 years ago
BlackDex
3b27dbb0aa
Added config option for icon download timeout
6 years ago
Daniel García
9636f33fdb
Implement constant time equal check for admin, 2fa recover and 2fa remember tokens
6 years ago
Daniel García
28d1588e73
Show version in admin panel
6 years ago
Daniel García
f3b1a5ff3e
Error when admin panel is disabled
6 years ago
Daniel García
820c8b0dce
Change use of deserialize_with for Option iterator
6 years ago
Daniel García
8b4a6f2a64
Fixed some clippy lints and changed update_uuid_revision to only use one db query
6 years ago
Daniel García
ef63342e20
Add reset user config button
6 years ago
Daniel García
3db815b969
Implemented config form and fixed config priority
6 years ago
Daniel García
ade293cf52
Save config
6 years ago
Daniel García
877408b808
Implement basic config loading and updating. No save to file yet.
6 years ago
Daniel García
86ed75bf7c
Config can now be serialized / deserialized
6 years ago
Daniel García
20d8d800f3
Updated dependencies
6 years ago
Miroslav Prasil
637f655b6f
Do not allocate uneccessary Vec
6 years ago
Miroslav Prasil
b3f7394c06
Do not update revision at the end, as we already did that
6 years ago
Miroslav Prasil
1a5ecd4d4a
cipher does not need to be mutable
6 years ago
Miroslav Prasil
bd65c4e312
Remove superfluous cipher.save() call
6 years ago
BlackDex
9026cc8d42
Fixed issue when the iconlist is smaller then 5
...
When the iconlist was smaller then 5 items, it would cause a panic.
Solved by using .truncate() on the iconlist.
6 years ago
BlackDex
574b040142
Loop through the iconlist until an icon is found
...
Loop for a maximum of 5 times through the iconlist or until a
successful download of an icon.
6 years ago
BlackDex
c13f115473
Fixed issue #380
...
- Created a separate function for parsing the sizes attribute
- Parsing sizes now with regex
- Should work with any non-digit separator
6 years ago
BlackDex
bc461d9baa
Some small changes on the iter of the cookies
6 years ago
BlackDex
5016e30cf2
Added cookies to the icon download request.
...
Some sites use XSRF Tokens, or other Tokens to verify a subseqense
response. The cookies which are sent during the page request are now
used when downloading the favicon.
A site which uses this is mijn.ing.nl.
6 years ago
Daniel García
2a60414031
Reuse the client between requests, and use the client when downloading the icons themselves
6 years ago
BlackDex
feb74a5e86
Changed the way to fix the href
...
- Using url from reqwest to fix href, this fixes:
+ "//domain.com/icon.png"
+ "relative/path/to/icon.png"
+ "/absolute/path/to/icon.png"
- Removed fix_href function
- Some variable changes
6 years ago
Daniel García
c0e350b734
Disable icon downloads, accept optional query after icon href, format and clippy fixes
6 years ago
Daniel García
bef1183c49
Only send one notification per vault import and purge, improve move ciphers functions
6 years ago
Daniel García
07388d327f
Merge pull request #370 from BlackDex/favicons
...
Added better favicon downloader.
6 years ago
BlackDex
4de16b2d17
Removed unwrap and added ?
6 years ago
BlackDex
da068a43c1
Moved function call to get_icon_url to prevent error bubbeling
6 years ago
BlackDex
9657463717
Added better favicon downloader.
6 years ago
Daniel García
69036cc6a4
Add disabled user badge (no password) and deauthorize button to admin page.
6 years ago
Daniel García
700e084101
Add 2FA icon to admin panel
6 years ago
Daniel García
a1dc47b826
Change config to thread-safe system, needed for a future config panel.
...
Improved some two factor methods.
6 years ago
Daniel García
86de0ca17b
Fix editing users from collections menu
6 years ago
Stephen White
928ad6c1d8
Fix the list of users with access to a collection to display correctly.
...
https://github.com/dani-garcia/bitwarden_rs/issues/364
6 years ago
Daniel García
bfd93e5b13
Show organizations in admin panel, implement reload templates option
6 years ago
Daniel García
a797459560
Implement HIBP check [WIP].
...
Add extra security attributes to admin cookie.
Error handling.
6 years ago
Daniel García
6cbb683f99
Rename admin templates to match email
6 years ago
Daniel García
92bbb98d48
Created base template
6 years ago
Daniel García
834c847746
Implement admin JWT cookie, separate JWT issuers for each type of token and migrate admin page to handlebars template
6 years ago
Daniel García
e0aec8d373
Use new i64::to_be_bytes and remove byteorder dep
...
(https://doc.rust-lang.org/stable/std/primitive.i64.html#method.to_be_bytes )
6 years ago
Daniel García
1ce2587330
Correct update cipher order: first save cipher, then cipher-folder, then notify
6 years ago
Miroslav Prasil
71a10e0378
Fix sharing the item to organization.
6 years ago
Daniel García
9bf13b7872
Can't return inside multipart closure
6 years ago
Daniel García
d420992f8c
Update some function calls to use ?
6 years ago
Daniel García
c259a0e3e2
Save recovery code when using yubikey and stop repeating headers.user everywhere
6 years ago
Daniel García
432be274ba
Improve org mismatch check, consider different orgs
6 years ago
Daniel García
484bf5b703
Check that the client is not updating an outdated cipher, that should be part of an org now
6 years ago
Daniel García
4bf32af60e
Fix folder notifications, enable template strict mode and add missing option to env template
6 years ago
Daniel García
f571df7367
Revert yubikey feature, not needed anymore
6 years ago
Daniel García
1d7f704754
Send CipherUpdate when adding and deleting attachments
6 years ago
Daniel García
1d034749f7
Fix AArch64 build by disabling yubico
6 years ago
Daniel García
320266606e
Implement put collections
6 years ago
Daniel García
a0a08c4c5a
Include IP in invalid admin token error
6 years ago
Daniel García
4309df8334
Only create invitations when SMTP is disabled, and ignore invitations if we have a token.
...
Disallow users from accepting invitation twice
6 years ago
Daniel García
f1161c65fb
Make sure an invitation is created when reinviting
6 years ago
Daniel García
21b85b78b1
Changed reinvite check and removed obsolete comment
6 years ago
Daniel García
5e37471488
Merge pull request #323 from njfox/invite_accepted_email
...
Send email notifications when invitations are accepted/confirmed
6 years ago
Nick Fox
0a74e79cea
Refactor generate_invite_claims, make org_name and org_id optional
6 years ago
Nick Fox
7db66f73f0
Refactor invited_by_email check
6 years ago
Nick Fox
cec28a85ac
Update admin page to work with new invitation flow
6 years ago
Daniel García
5f49ecd7f3
Updated dependencies to use u2f crate directly, and some style changes
6 years ago
Nick Fox
736c0e62f2
Send emails to inviters/invitees when invites are accepted/confirmed
6 years ago
Daniel García
30e768613b
Start using rustfmt and some style changes to make some lines shorter
6 years ago
Daniel García
adb8052689
Updated Error to implement Display and Debug, instead of using custom methods
6 years ago
Daniel García
acb9d1b3c6
Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally
6 years ago
Daniel García
2bb0b15e04
Implemented better errors for JWT
6 years ago
Daniel García
250a2b340f
Use new Errors in latest changes
6 years ago
Daniel García
b2fc0499f6
Finish invite functionality, and remove virtual organization
6 years ago
Daniel García
6a99849a1e
Implemented proper error handling, now we can do `user.save($conn)?;` and it works.
...
In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
6 years ago
Daniel García
172f1770cf
Embed the icon in the binary, no need to download when it's not going to change
6 years ago
Daniel García
1b5134dfe2
Fixed delete user when 2FA is enabled, implemented delete user for admin panel, and the front-end part for invite user. Secured admin panel behind a configurable token.
6 years ago
Daniel García
5fecf09631
Initial version of admin panel, list users and reload user list works. No serious auth method yet, password is 'token123'
6 years ago
Nick Fox
f20c4705d9
Refactor invite claims and disallow reinvites to virtual_org
6 years ago
Nick Fox
3142d8d01f
Add more detail to invitation not found error
6 years ago
Nick Fox
84fa5a4ed6
Implement reinvite endpoint
6 years ago
Nick Fox
b0ac640d8b
Use JWT to validate existing user invites
6 years ago
Daniel García
2b24b17609
Merge pull request #295 from njfox/invite_emails
...
Add Email Invite Functionality
6 years ago
Nick Fox
2cd736ab81
Validate JWT if a user registers with SMTP invites enabled
6 years ago
Nick Fox
99256b9b3a
Prefix unused params with underscore
6 years ago
Nick Fox
26bf7bc12f
Use upstream jslib invite/registration workflow
6 years ago
Daniel García
b3ec8f2611
Merge pull request #302 from tycho/icon-cache-ttl
...
implement TTLs for icon cache
6 years ago
Steven Noonan
a55c048a62
icons: implement positive/negative cache TTLs
...
Signed-off-by: Steven Noonan <steven@uplinklabs.net>
6 years ago
Daniel García
149e69414f
Merge pull request #293 from dheimerl/patch-1
...
Update web.rs
6 years ago
dheimerl
9a7d3634d5
Changed frame-ancestors to use 'self'
6 years ago
dheimerl
7f7c936049
Fixed web.rs
6 years ago
Nick Fox
9479108fb7
Remove CONFIG.email_invitations
6 years ago
Nick Fox
042c1072d9
Remove CONFIG.email_invitation option
6 years ago
Daniel García
5a9aab1a32
Implement fromform, and ignore case and underscores, fixes #298
6 years ago
dheimerl
037eb0b790
Update web.rs
...
Add frame-ancestors to allow U2F to work in Chrome (and possibly Firefox) extension
6 years ago
Nick Fox
4910b14d57
Implement email invitations and registration workflow
6 years ago
algebro
e26e2319da
Close #264 . Usernames and IP addresses are logged on successful authentication
6 years ago
Daniel García
7adc045b80
Updated IP logging to use client_ip, to match old remote behavior.
...
Improved error logging, now it won't show a generic error message in some situations.
Removed delete device, which is not needed as it will be overwritten later.
Logged more info when an error occurs saving a device.
Added orgmanager to JWT claims.
6 years ago
Daniel García
19754c967f
More changes to the push token, and filtered multipart logs
6 years ago
Daniel García
738ad2127b
Fixed some clippy linting issues
6 years ago
Daniel García
cb930a0858
Remove some required values during login, now uses default values
6 years ago
Daniel García
94810c106a
Migrate to rust 2018 edition
6 years ago
Daniel García
2fde4e6933
Implemented proper logging, with support for file logging, timestamp and syslog (this last one is untested)
6 years ago
Daniel García
dc1bb6de20
Update device push token methods to more closely follow the official server response
6 years ago
Daniel García
6364c05789
Fix attachments during key rotation, add individual attachment key
6 years ago
Daniel García
f71f10eac6
Implemented key rotation with the latest vault
6 years ago
Daniel García
f1acc1e05a
Merge branch 'master' into rocket-0.4
6 years ago
Daniel García
3d36ac4601
Remove unwrap in connection_lost
6 years ago
Daniel García
00abd4c853
Add create endpoint, fixes #253 , fixes #261
6 years ago
Daniel García
a4550e51ea
Update dependencies and add /ciphers/create
6 years ago
Daniel García
5edbd0e952
Merge branch 'master' into rocket-0.4
...
# Conflicts:
# Cargo.lock
# Cargo.toml
# src/api/core/mod.rs
6 years ago
Stepan Fedorko-Bartos
f344dbaad4
Fixes NFC Response for Mobile Login
6 years ago
Stepan Fedorko-Bartos
aba9c28226
Disable Yubikey 2FA if 0 Keys Provided
6 years ago
Stepan Fedorko-Bartos
82e2b8a8c0
Code style changes
6 years ago
Stepan Fedorko-Bartos
6d735806c0
Ensures Yubico Creds are set when opening Yubikey Modal
6 years ago
Stepan Fedorko-Bartos
2433d39df5
Allows Custom Yubico OTP Server
6 years ago
Stepan Fedorko-Bartos
9e0e4b13c5
Adds Yubikey OTP Support
6 years ago
Daniel García
f84cbeaaf8
Merge branch 'master' into rocket-0.4
...
# Conflicts:
# src/db/models/organization.rs
6 years ago
Miroslav Prasil
b94f4db52a
Fix #242
6 years ago
Miroslav Prasil
66a4c5d48b
Implement comparison between i32 and UserOrgType
6 years ago
Daniel García
4638786507
Merge branch 'master' into rocket-0.4
...
# Conflicts:
# src/api/core/mod.rs
6 years ago
Roman Hargrave
62bc58e145
Clean up after u2f endpoint split
6 years ago
Roman Hargrave
760e0ab805
Initial u2f fix
6 years ago
Daniel García
bc532f54d5
Improve login query parsing
6 years ago
Daniel García
c673370103
Updated bw_rs to Rocket version 0.4-rc1
6 years ago
janost
c32c65d367
Accept PUT and POST on /settings/domains, returns JsonResult, fixes saving Custom Equivalent Domains
6 years ago
janost
daa66b08dc
Fix /sync without query string
6 years ago
janost
55fbd8d468
Don't send Domains if excludeDomains=true on /sync
6 years ago
Miroslav Prasil
2e7fa6440b
Do not spawn WS thread if it's disabled
6 years ago
Miroslav Prasil
9ecc98c3cc
Disable WebSockets negotiation by default
6 years ago
Daniel García
02fd68d63b
Merge pull request #218 from janost/refactor-folder-save
...
Folder::save() should return QueryResult instead of bool
6 years ago
janost
e985221b50
User::save() should return QueryResult instead of bool
6 years ago
janost
77cf63c06d
Folder::save() should return QueryResult instead of bool
6 years ago
Daniel García
faec050a6d
Merge pull request #217 from janost/refactor-device-save
...
Device::save() should return QueryResult instead of bool
6 years ago
janost
58a78ffa54
Device::save() should return QueryResult instead of bool
6 years ago
janost
64f6c60bfd
Organization::save() and UserOrganization::save() should return QueryResult instead of bool
6 years ago
Miroslav Prasil
a28caa33ef
Implement poor man's admin panel
6 years ago
janost
5292d38c73
CollectionCipher::save() and delete() should return QueryResult instead of bool
6 years ago