Daniel García
e19420160f
Simplify 2fa removed email and remove extra table close in the footer
3 years ago
Daniel García
1741316f42
Merge branch 'olivierIllogika-2fa_enforcement' into main
3 years ago
Daniel García
4f08167d6f
Merge branch '2fa_enforcement' of https://github.com/olivierIllogika/bitwarden_rs into olivierIllogika-2fa_enforcement
3 years ago
Daniel García
fef76e2f6f
Merge branch 'BlackDex-attachment-storage' into main
3 years ago
Daniel García
f16d56cb27
Merge branch 'attachment-storage' of https://github.com/BlackDex/vaultwarden into BlackDex-attachment-storage
3 years ago
Daniel García
120b286f2b
Merge branch 'umireon-umireon-add-edge-frame-ancestors' into main
3 years ago
Daniel García
7f437b6947
Merge branch 'umireon-add-edge-frame-ancestors' of https://github.com/umireon/vaultwarden into umireon-umireon-add-edge-frame-ancestors
3 years ago
Daniel García
8d6e62e18b
Merge branch 'jjlin-password-hints' into main
3 years ago
Daniel García
d0ec410b73
Merge branch 'password-hints' of https://github.com/jjlin/vaultwarden into jjlin-password-hints
3 years ago
Daniel García
c546a59c38
Dependency updates
3 years ago
Daniel García
e5ec245626
Protect namedfile against path traversal, rocket only does it for pathbuf
3 years ago
BlackDex
6ea95d1ede
Updated attachment limit descriptions
...
The user and org attachment limit use `size` as wording while it should
have been `storage` since it isn't per attachment, but the sum of all attachments.
- Changed the wording in the config/env
- Changed the wording of the error messages.
Resolves #1818
3 years ago
Jeremy Lin
88bea44dd8
Prevent user enumeration via password hints
...
When `show_password_hint` is enabled but mail is not configured, the previous
implementation returned a differentiable response for non-existent email
addresses.
Even if mail is enabled, there is a timing side channel since mail is sent
synchronously. Add a randomized sleep to mitigate this somewhat.
3 years ago
Jeremy Lin
8ee5d51bd4
Disable `show_password_hint` by default
...
A setting that provides unauthenticated access to potentially sensitive data
shouldn't be enabled by default.
3 years ago
Kaito Udagawa
c640abbcd7
Update src/util.rs
...
Co-authored-by: William Desportes <williamdes@wdes.fr>
3 years ago
Kaito Udagawa
13598c098f
Add links to browser extensions
3 years ago
Kaito Udagawa
a622b4d2fb
Add Edge's frame-ancestors
...
Edge's frame-ancestors are required for Edge extension to do WebAuthn.
3 years ago
Daniel García
3968bc8016
Merge pull request #1800 from BlackDex/pre-commit
...
Adding pre-commit config
3 years ago
Daniel García
ff66368cb6
Merge pull request #1830 from BlackDex/vaultwarden-logo
...
Storing the original Vaultwarden svg images
3 years ago
BlackDex
3fb419e704
Storing the original Vaultwarden svg images
3 years ago
Daniel García
832f838ddd
Merge pull request #1809 from BlackDex/fix-armv7
...
Fix armv7 alpine build.
3 years ago
BlackDex
18703bf195
Fix armv7 alpine build.
...
The `messense/rust-musl-cross` has removed OpenSSL in favor of the
vendored option. Enabled vendored openssl to resolve this.
Resolves #1807
3 years ago
BlackDex
ff8e88a5df
Adding pre-commit config
...
There is a nice tool called pre-commit: https://pre-commit.com/
It can run actions prior to a commit to validate everything is working.
People can choose to enable this for them selfs, but it would be nice to have a base config by default.
3 years ago
Daniel García
72e1946ce5
Merge pull request #1799 from BlackDex/issue-1796
...
Fixes issue with multiple security keys.
3 years ago
BlackDex
ee391720aa
Fixes issue with multiple security keys.
...
- Updated webauthn-rs commit hash to resolve #1796
3 years ago
Daniel García
e3a2dfffab
Formatting
3 years ago
Daniel García
8bf1278b1b
Update web vault and docker base images
3 years ago
Daniel García
00ce943ea5
Merge branch 'BlackDex-security-md' into main
3 years ago
Daniel García
b67eacdfde
Merge branch 'security-md' of https://github.com/BlackDex/vaultwarden into BlackDex-security-md
3 years ago
Daniel García
0dcea75764
Remove unused lifetime and double referencing
3 years ago
BlackDex
0c5532d8b5
Adding a SECURITY.md
3 years ago
Daniel García
46e0f3c43a
Load RSA keys as pem format directly, and using openssl crate, backported from async branch
3 years ago
Daniel García
2cd17fe7af
Add token with short expiration time to send url
3 years ago
Daniel García
f44b2611e6
Update rust toolchain and dependencies
3 years ago
Mathijs van Veluw
82fee0ede3
Merge pull request #1779 from jjlin/last-known-rev-warning
...
Avoid `Error parsing LastKnownRevisionDate` warning for mobile clients
3 years ago
Jeremy Lin
49579e4ce7
Avoid `Error parsing LastKnownRevisionDate` warning for mobile clients
...
When creating a new cipher, the mobile clients seem to set this field to an
invalid value, which causes a warning to be logged:
Error parsing LastKnownRevisionDate '0001-01-01T00:00:00': premature end of input
Avoid this by dropping the `LastKnownRevisionDate` field on cipher creation.
4 years ago
Daniel García
9254cf9d9c
Fix clippy lints
4 years ago
Daniel García
ff0fee3690
Merge branch 'BlackDex-admin-changes' into main
4 years ago
Daniel García
0778bd4bd5
Merge branch 'admin-changes' of https://github.com/BlackDex/vaultwarden into BlackDex-admin-changes
4 years ago
Daniel García
0cd065d354
Update webauthn-rs crate to upstream version
4 years ago
BlackDex
8615736e84
Multiple Admin Interface fixes and some others.
...
Misc:
- Fixed hadolint workflow, new git cli needs some extra arguments.
- Add ignore paths to all specific on triggers.
- Updated hadolint version.
- Made SMTP_DEBUG read-only, since it can't be changed at runtime.
Admin:
- Migrated from Bootstrap v4 to v5
- Updated jquery to v3.6.0
- Updated Datatables
- Made Javascript strict
- Added a way to show which ENV Vars are overridden.
- Changed the way to provide data for handlebars.
- Fixed date/time check.
- Made support string use details and summary feature of markdown/github.
4 years ago
Daniel García
5772836be5
Fix admin page with handlebars 4
4 years ago
Daniel García
c380d9c379
Support for webauthn and u2f->webauthn migrations
4 years ago
Daniel García
cea7a30d82
Merge pull request #1761 from jjlin/deps
...
Update dependencies
4 years ago
Jeremy Lin
06cde29419
Update dependencies
...
Notably, update `diesel` to 1.4.7 and `libsqlite3-sys` to 0.22.2 to pick up
the fix for CVE-2021-20227 added in SQLite 3.34.1.
4 years ago
Daniel García
20f5988174
Merge pull request #1736 from jjlin/rocket-env-docs
...
Clarify Rocket env var defaults
4 years ago
Jeremy Lin
b491cfe0b0
Clarify Rocket env var defaults
...
Mention `ROCKET_WORKERS`, but remove `ROCKET_ENV` since most users
probably wouldn't use it.
4 years ago
Daniel García
fc513413ea
Merge pull request #1730 from jjlin/attachment-upload-v2
...
Add support for v2 attachment upload APIs
4 years ago
Jeremy Lin
3f7e4712cd
Fix attachment size limit calculation for v2 uploads
4 years ago
Jeremy Lin
c2ef331df9
Rework file ID generation
4 years ago