Commit Graph

545 Commits

Author SHA1 Message Date
Daniel García
2545469713
Fix crash when page URL points to huge file 2019-12-19 00:37:16 +01:00
Daniel García
5cabf4d040
Fix IP not shown when failed login (Fixes #761) 2019-12-07 14:38:32 +01:00
Daniel García
a03db6d224
Also hide options requests, unless using debug or trace 2019-12-06 22:55:29 +01:00
Daniel García
8d1b72b951
Collapsed log messages from 3 lines per request to 2 and hidden the ones valued as less informative.
Use LOG_LEVEL debug or trace to recover them.

Removed LOG_MOUNTS and bundled it with LOG_LEVEL debug and trace.

Removed duplicate error messages

Made websocket not proxied message more prominent, but only print it once.
2019-12-06 22:46:12 +01:00
Daniel García
912e1f93b7
Fix some lints 2019-12-06 22:12:41 +01:00
Daniel García
adc443ea80
Add endpoint to delete specific U2F key 2019-12-01 21:41:46 +01:00
Daniel García
0d32179d07
Logout button in admin page 2019-12-01 21:15:14 +01:00
Daniel García
12928b832c
Fix broken tests 2019-11-30 23:30:35 +01:00
Daniel García
1e224220a8
Updated deps and fixed some lints 2019-11-28 21:59:05 +01:00
Daniel García
924ba153aa
Merge pull request #730 from tomuta/email_verification
Implement change-email, email-verification, account-recovery, and welcome notifications
2019-11-25 08:21:18 +01:00
tomuta
bd1e8be328 Implement change-email, email-verification, account-recovery, and welcome notifications 2019-11-24 22:28:49 -07:00
Daniel García
4b71197c97
Merge pull request #738 from ntimo/task/add-netcup-global-domains
Added netcup domains to global domains
2019-11-22 15:54:21 +01:00
BlackDex
b209c1bc4d Add an option to fetch and parse href="data:image"
Some sites are using base64 encoded inline images for favicons.
This will try to match those with some sane checks and return that.
These icons will have lower prio then the icons with a normal URL.
2019-11-22 13:16:12 +01:00
ntimo
2b8d08a3f4
Added netcup domains to global domains 2019-11-21 08:31:18 +01:00
Daniel García
cbadf00941
Update web vault to fix twofactorauth.org integration
Update dependencies and toolchain
Update included equivalent domains with upstream changes
2019-11-19 20:30:09 +01:00
tomuta
64d6f72e6c Add the ability to disable signups, but allow signups from a whitelist
This feature can be enabled by setting SIGNUPS_ALLOWED=false and
providing a comma-separated list of whitelisted domains in
SIGNUPS_DOMAINS_WHITELIST.

Fixes #727
2019-11-16 15:01:45 -07:00
Timo N
b889e5185e
Added tv.apple.com to global domains 2019-11-14 23:10:55 +01:00
BlackDex
3f6809bcdf Fixed issue/request #705
Added a config option to disable time drifted totp codes.
Default is false, since this is what the RFC recommends.
2019-11-07 17:11:29 +01:00
BlackDex
c52adef919 Added configurable smtp timeout.
- Added config option for smtp timeout
 - Lowered default timeout to 15 seconds instead of default 60.
2019-11-06 21:39:33 +01:00
BlackDex
2ffc3eac4d Clippy fix 2019-11-06 20:34:52 +01:00
BlackDex
0ff7fd939e Next attempt for issue #709 fix
Now creates icon cache directory at startup.
And it also creates the directory if it went missing during runtime.
Also modified the icon_save/mark_negcache to be one.
2019-11-06 20:21:47 +01:00
BlackDex
ca7c5129b2 Fixed issue #709 creating icon_cache directory.
When the icon_cache directory doesn't exists yet, and the first icon
catched is a miss this .miss file was not able to be created since the
directory was only created during a valid icon download.
2019-11-06 15:47:56 +01:00
Daniel García
b4dfc24040
Merge pull request #703 from patrickli/bugfix/dont-sync-excluded-global-domains
Don't include excluded global equivalent domains during sync
2019-11-05 18:47:43 +01:00
Patrick Li
85dbf4e16c
Don't include excluded global equivalent domains during sync
Fixes #681
2019-11-05 21:29:04 +13:00
BlackDex
3442eb1b9d Trying to fix issue #687
- Using an older commit from rocket repo
2019-11-04 14:30:24 +01:00
Daniel García
e449912f05
Generate recovery codes for email and duo 2019-11-02 18:31:50 +01:00
Daniel García
d29b6bee28
Remove unnecessary clones and other clippy fixes 2019-11-02 17:39:01 +01:00
Miro Prasil
00a11b1b78 Stop leaking usernames when SIGNUPS_ALLOWED=false
This fixes #691 - respond in less specific way to not leak the
fact that user is already registered on the server.
2019-11-01 22:34:42 +00:00
BlackDex
ee550be80c Added http favicon url when response failed 2019-10-29 14:24:01 +01:00
Daniel García
fccc0a4b05
Update rocket to latest master
Downgrade rust version to fix cargo issue
Set rustup profile to minimal
2019-10-25 21:48:10 +02:00
Jellyfrog
ebc47dc161
Remove unneeded WS logging 2019-10-17 17:15:11 +02:00
vpl
3b7a5bd102 Move 2FA email config to after SMTP config 2019-10-16 07:11:16 +02:00
vpl
2edecf34ff Use user_uuid instead of mut twofactor 2019-10-15 21:20:19 +02:00
vpl
18bc8331f9 Send email when preparing 2FA JsonError 2019-10-15 21:19:49 +02:00
BlackDex
603a964579 Fixed issue #663.
During the 2fa activation there is no twofactor record yet.
Changed the layout a bit so that it will generate a new twofactor record
when it does not exists yet. Else it will just update the already
existing record.
2019-10-14 00:32:44 +02:00
Daniel García
dc515b83f3
Merge pull request #657 from BlackDex/totp-timedrift
Updated authenticator TOTP
2019-10-12 16:33:43 +02:00
BlackDex
9466f02696 Recoded TOTP time drift validation 2019-10-12 15:28:28 +02:00
BlackDex
2cde814aaa Fixed a bug with the sqlite backup feature.
When a custom path is used the backup feature does not work.
Changed it so it will take the path of the sqlite file and use that.
2019-10-11 12:08:40 +02:00
BlackDex
d989a19f76 Merge branch 'master' of https://github.com/dani-garcia/bitwarden_rs into totp-timedrift 2019-10-11 11:22:13 +02:00
Daniel García
d292269ea0
Make the blacklist logic be cached 2019-10-10 23:21:22 +02:00
BlackDex
ebf40099f2 Updated authenticator TOTP
- Added security check for previouse used codes
- Allow TOTP codes with 1 step back and forward when there is a time
drift. This means in total 3 codes could be valid. But only newer codes
then the previouse used codes are excepted after that.
2019-10-10 17:32:20 +02:00
BlackDex
edc482c8ea Changed HIBP Error message.
- Moved the manual link to the check to the top.
- Clearified that hibp is a payed service.
- Changed error logo to hibp logo.
2019-10-08 22:29:12 +02:00
BlackDex
6e5c03cc78 Some modification when no HIBP API Key is set
- Added an URL with the useraccount for manual check.
- Added support for HTTP(S)_PROXY for hibp.
2019-10-08 21:39:11 +02:00
Daniel García
881c1978eb
Error when the URL scheme doesn't match the database type 2019-10-08 19:34:47 +02:00
Daniel García
662bc27523
Updated dependencies and fixed disable_admin_token description 2019-10-08 19:33:27 +02:00
Daniel García
e6b763026e
Merge branch 'master' into icon-security 2019-10-05 16:45:36 +02:00
Daniel García
c182583e09
Merge pull request #644 from BlackDex/issue-565
Fixed issue #565
2019-10-05 16:17:43 +02:00
Daniel García
d821389c2e
Merge pull request #639 from vverst/cors-update
Change CORS headers
2019-10-05 16:09:33 +02:00
BlackDex
be2916333b Fixed issue #565
Issue fixed by omitting the cookie header when cookie_str is empty
2019-10-05 15:45:09 +02:00
BlackDex
9124d8a3fb Updated icon blacklisting.
- Blacklisting was not effective for redirects and rel href
- Able to blacklist non global IP's like RFC1918, multicast etc...
2019-10-05 14:48:15 +02:00