568 Commits

Author	SHA1	Message	Date
Miro Prasil	03233429f4	Remove check from Invitation:take() ... I've checked the spots when `Invitation::new()` and `Invitation::take()` are used and it seems like all spots are already correctly gated. So to enable invitations via admin API even when invitations are otherwise disabled, this check can be removed.	2020-02-16 20:28:50 +00:00
Miroslav Prasil	0a72c4b6db	Do not disable invitations via admin API ... This was brought up today: https://github.com/dani-garcia/bitwarden_rs/issues/752#issuecomment-586715073 I don't think it makes much sense in checking whether admin has the right to send invitation as admin can change the setting anyway. Removing the condition allows users to forbid regular users from inviting new users to server while still preserving the option to do so via the admin API.	2020-02-16 15:01:07 +00:00
Daniel García	8867626de8	Add option to change invitation org name, fixes #825 ... Add option to allow additional iframe ancestors, fixes #843 Sort the rocket routes before printing them	2020-02-04 22:14:50 +01:00
Daniel García	f5916ec396	Fix backwards indices	2020-01-30 22:33:50 +01:00
Daniel García	ebb36235a7	Cache icons in the clients	2020-01-30 22:30:57 +01:00
Daniel García	def174a517	Convert email domains to punycode	2020-01-30 22:11:53 +01:00
Daniel García	480ba933fa	Don't error if admin token is empty but disabled	2020-01-30 22:10:50 +01:00
Miro Prasil	c4101162d6	SIGNUPS_ALLOWED with no whitelist [fixes #830] ... This reverts back to `SIGNUPS_ALLOWED` when there is no domain whitelist set. The functionality was broken in 64d6f72.	2020-01-29 11:32:42 +00:00
Daniel García	632d55265b	Merge pull request #824 from tomuta/fix_change_email ... Fix change email when no whitelist is configured	2020-01-28 20:52:16 +01:00
tomuta	e277f7d1c1	Fix change email when no whitelist is configured ... Fixes issue #792	2020-01-26 13:34:56 -07:00
Daniel García	ff7b4a3d38	Update handlebars to 3.0 which included performance improvements. ... Updated lettre to newer git revision, which should give better error messages now.	2020-01-26 15:29:14 +01:00
Daniel García	d212dfe735	Accept y/n, True/False, 1/0 as booleans in environment vars	2020-01-20 22:28:54 +01:00
Daniel García	84ed185579	Update u2f to 0.2, which requires OpenSSL but also might solve the problems we've had with certificates. ... The rust image doesn't need installing curl or tar, so removed. Also collapsed ENV lines.	2020-01-19 21:34:13 +01:00
Michael Powers	e196ba6e86	Switch error handling to ? operator instead of explicit handling.	2020-01-16 08:14:25 -05:00
Michael Powers	76743aee48	Fixes #635 - Unique constraint violation when using U2F tokens on PostgreSQL ... Because of differences in how .on_conflict() works compared to .replace_into() the PostgreSQL backend wasn't correctly ensuring the unique constraint on user_uuid and atype wasn't getting violated. This change simply issues a DELETE on the unique constraint prior to the insert to ensure uniqueness. PostgreSQL does not support multiple constraints in ON CONFLICT clauses.	2020-01-13 21:53:57 -05:00
Daniel García	96a189deb9	Merge pull request #803 from aeolyus/master ... Minor typo conect -> connect	2020-01-05 00:12:15 +01:00
Daniel García	8c229920ad	Protect websocket server against panics	2020-01-04 23:52:38 +01:00
Richard Huang	d592323e39	minor typo conect -> connect	2020-01-04 14:37:29 -08:00
Daniel García	36ae946655	Avoid some to_string in the request logging and include message to disable web vault when not found.	2019-12-29 15:34:22 +01:00
Daniel García	cb6f392774	When receiving a comma separated list as IP, pick the first	2019-12-28 15:09:07 +01:00
Daniel García	88c56de97b	Config option for client IP header	2019-12-27 18:42:39 +01:00
Daniel García	e274af6e3d	Print current server time when failing TOTP, and use chrono as the rest of the server	2019-12-27 18:42:14 +01:00
Daniel García	a0ece3754b	Formatting	2019-12-27 18:37:14 +01:00
Daniel García	2545469713	Fix crash when page URL points to huge file	2019-12-19 00:37:16 +01:00
Daniel García	5cabf4d040	Fix IP not shown when failed login (Fixes #761)	2019-12-07 14:38:32 +01:00
Daniel García	a03db6d224	Also hide options requests, unless using debug or trace	2019-12-06 22:55:29 +01:00
Daniel García	8d1b72b951	Collapsed log messages from 3 lines per request to 2 and hidden the ones valued as less informative. ... Use LOG_LEVEL debug or trace to recover them. Removed LOG_MOUNTS and bundled it with LOG_LEVEL debug and trace. Removed duplicate error messages Made websocket not proxied message more prominent, but only print it once.	2019-12-06 22:46:12 +01:00
Daniel García	912e1f93b7	Fix some lints	2019-12-06 22:12:41 +01:00
Daniel García	adc443ea80	Add endpoint to delete specific U2F key	2019-12-01 21:41:46 +01:00
Daniel García	0d32179d07	Logout button in admin page	2019-12-01 21:15:14 +01:00
Daniel García	12928b832c	Fix broken tests	2019-11-30 23:30:35 +01:00
Daniel García	1e224220a8	Updated deps and fixed some lints	2019-11-28 21:59:05 +01:00
Daniel García	924ba153aa	Merge pull request #730 from tomuta/email_verification ... Implement change-email, email-verification, account-recovery, and welcome notifications	2019-11-25 08:21:18 +01:00
tomuta	bd1e8be328	Implement change-email, email-verification, account-recovery, and welcome notifications	2019-11-24 22:28:49 -07:00
Daniel García	4b71197c97	Merge pull request #738 from ntimo/task/add-netcup-global-domains ... Added netcup domains to global domains	2019-11-22 15:54:21 +01:00
BlackDex	b209c1bc4d	Add an option to fetch and parse href="data:image" ... Some sites are using base64 encoded inline images for favicons. This will try to match those with some sane checks and return that. These icons will have lower prio then the icons with a normal URL.	2019-11-22 13:16:12 +01:00
ntimo	2b8d08a3f4	Added netcup domains to global domains	2019-11-21 08:31:18 +01:00
Daniel García	cbadf00941	Update web vault to fix twofactorauth.org integration ... Update dependencies and toolchain Update included equivalent domains with upstream changes	2019-11-19 20:30:09 +01:00
tomuta	64d6f72e6c	Add the ability to disable signups, but allow signups from a whitelist ... This feature can be enabled by setting SIGNUPS_ALLOWED=false and providing a comma-separated list of whitelisted domains in SIGNUPS_DOMAINS_WHITELIST. Fixes #727	2019-11-16 15:01:45 -07:00
Timo N	b889e5185e	Added tv.apple.com to global domains	2019-11-14 23:10:55 +01:00
BlackDex	3f6809bcdf	Fixed issue/request #705 ... Added a config option to disable time drifted totp codes. Default is false, since this is what the RFC recommends.	2019-11-07 17:11:29 +01:00
BlackDex	c52adef919	Added configurable smtp timeout. ... - Added config option for smtp timeout - Lowered default timeout to 15 seconds instead of default 60.	2019-11-06 21:39:33 +01:00
BlackDex	2ffc3eac4d	Clippy fix	2019-11-06 20:34:52 +01:00
BlackDex	0ff7fd939e	Next attempt for issue #709 fix ... Now creates icon cache directory at startup. And it also creates the directory if it went missing during runtime. Also modified the icon_save/mark_negcache to be one.	2019-11-06 20:21:47 +01:00
BlackDex	ca7c5129b2	Fixed issue #709 creating icon_cache directory. ... When the icon_cache directory doesn't exists yet, and the first icon catched is a miss this .miss file was not able to be created since the directory was only created during a valid icon download.	2019-11-06 15:47:56 +01:00
Daniel García	b4dfc24040	Merge pull request #703 from patrickli/bugfix/dont-sync-excluded-global-domains ... Don't include excluded global equivalent domains during sync	2019-11-05 18:47:43 +01:00
Patrick Li	85dbf4e16c	Don't include excluded global equivalent domains during sync ... Fixes #681	2019-11-05 21:29:04 +13:00
BlackDex	3442eb1b9d	Trying to fix issue #687 ... - Using an older commit from rocket repo	2019-11-04 14:30:24 +01:00
Daniel García	e449912f05	Generate recovery codes for email and duo	2019-11-02 18:31:50 +01:00
Daniel García	d29b6bee28	Remove unnecessary clones and other clippy fixes	2019-11-02 17:39:01 +01:00