360 Commits

Author	SHA1	Message	Date
BlackDex	9466f02696	Recoded TOTP time drift validation	2019-10-12 15:28:28 +02:00
BlackDex	d989a19f76	Merge branch 'master' of https://github.com/dani-garcia/bitwarden_rs into totp-timedrift	2019-10-11 11:22:13 +02:00
Daniel García	d292269ea0	Make the blacklist logic be cached	2019-10-10 23:21:22 +02:00
BlackDex	ebf40099f2	Updated authenticator TOTP ... - Added security check for previouse used codes - Allow TOTP codes with 1 step back and forward when there is a time drift. This means in total 3 codes could be valid. But only newer codes then the previouse used codes are excepted after that.	2019-10-10 17:32:20 +02:00
BlackDex	edc482c8ea	Changed HIBP Error message. ... - Moved the manual link to the check to the top. - Clearified that hibp is a payed service. - Changed error logo to hibp logo.	2019-10-08 22:29:12 +02:00
BlackDex	6e5c03cc78	Some modification when no HIBP API Key is set ... - Added an URL with the useraccount for manual check. - Added support for HTTP(S)_PROXY for hibp.	2019-10-08 21:39:11 +02:00
Daniel García	e6b763026e	Merge branch 'master' into icon-security	2019-10-05 16:45:36 +02:00
BlackDex	be2916333b	Fixed issue #565 ... Issue fixed by omitting the cookie header when cookie_str is empty	2019-10-05 15:45:09 +02:00
BlackDex	9124d8a3fb	Updated icon blacklisting. ... - Blacklisting was not effective for redirects and rel href - Able to blacklist non global IP's like RFC1918, multicast etc...	2019-10-05 14:48:15 +02:00
Miro Prasil	d6e9af909b	Remove the unnecessary check for sqlite ... The binary we use is called `sqlite3` so no need to check for other name variants as we won't use those anyways.	2019-10-01 10:40:22 +01:00
Miro Prasil	acdd42935b	Add sqlite binary into the docker images ... This is done to enable backup functionality in the admin interface while we're waiting for the libsqlite-sys 0.17 to bubble up in the upstream dependencies. Then we can start using `VACUUM INTO` This also extends the check for the sqlite binary to also try `sqlite3` as this is the name of the binary in baseimage distributions we use.	2019-09-30 13:54:06 +01:00
Daniel García	4c07f05b3a	Remove Result<T, E: Debug> in preparation of deprecation as Rocket responder. ... Removed unnecessary returns	2019-09-17 21:05:56 +02:00
Daniel García	df8114f8be	Updated client kdf iterations to 100000 and fixed some lints	2019-09-05 21:56:12 +02:00
Daniel García	e3404dd322	Use the local scripts instead of cloudflare, remove jquery and update config so disabling a master toggle doesn't remove the values	2019-08-31 17:47:52 +02:00
Daniel García	bfc517ee80	Remove unused warning	2019-08-31 17:26:16 +02:00
Daniel García	4a7d2a1e28	Rename static files endpoint	2019-08-31 17:25:31 +02:00
vpl	5d50b1ee3c	Merge remote-tracking branch 'upstream/master' into email-codes	2019-08-26 21:38:45 +02:00
vpl	c99df1c310	Compare token using crypto::ct_eq	2019-08-26 20:26:59 +02:00
vpl	591ae10144	Get token from single u64	2019-08-26 20:26:54 +02:00
Daniel García	026f9da035	Allow removing users two factors	2019-08-21 17:13:06 +02:00
Daniel García	515b87755a	Update HIBP to v3, requires paid API key, fixes #583	2019-08-20 20:07:12 +02:00
vpl	ee7837d022	Add option to require new device emails	2019-08-19 22:14:00 +02:00
Daniel García	07743e490b	Ignore error sending device email	2019-08-18 19:32:26 +02:00
BlackDex	e7b6238f43	Added reqwest proxy support	2019-08-12 17:24:32 +02:00
vpl	ad2225b6e5	Add configuration options for Email 2FA	2019-08-10 22:39:04 +02:00
vpl	5609103a97	Use ring to generate email token	2019-08-06 22:38:08 +02:00
vpl	6d460b44b0	Use saved token for email 2fa codes	2019-08-04 17:21:57 +02:00
vpl	efd8d9f528	Remove some unused imports, unneeded mut variables	2019-08-04 16:56:41 +02:00
vpl	29aedd388e	Add email code logic and move two_factor into separate modules	2019-08-04 16:56:41 +02:00
vpl	27e0e41835	Add email authenticator logic	2019-08-04 16:56:39 +02:00
Daniel García	c9c3f07171	Updated dependencies and fixed panic getting icons	2019-07-30 19:42:05 +02:00
vpl	df71f57d86	Move send device email to end of password login ... Send new device email after two factor authentication.	2019-07-25 21:10:27 +02:00
vpl	60e39a9dd1	Move retrieve/new device from connData to separate function	2019-07-22 12:30:26 +02:00
vpl	bc6a53b847	Add new device email when user logs in	2019-07-22 08:26:24 +02:00
Daniel García	05a1137828	Move backend checks to build.rs to fail fast, and updated dependencies	2019-07-09 17:26:34 +02:00
Daniel García	5710703c50	Make sure the backup option only appears when using sqlite	2019-06-02 00:08:52 +02:00
Daniel García	1322b876e9	Merge pull request #493 from endyman/feature/initial_mysql_support ... Initial support for mysql	2019-06-01 23:33:06 +02:00
Emil Madsen	e22e290f67	Fix key and type variable names for mysql	2019-05-20 21:24:29 +02:00
TheMardy	ef551f4cc6	Create Backup funcitonality ... Added create backup functionality to the admin panel	2019-05-03 15:46:29 +02:00
Daniel García	5521a86693	Change path for served images to avoid collision with vault images	2019-05-01 16:19:22 +02:00
Daniel García	3160780549	Merge pull request #401 from TheMardy/master ... Images in Email Templates	2019-04-30 17:52:10 +02:00
Daniel García	874f5c34bd	Formatting	2019-04-26 22:08:26 +02:00
Daniel García	253faaf023	Use users duo host when required, instead of always using the global one	2019-04-15 13:07:23 +02:00
Daniel García	3d843a6a51	Merge pull request #460 from janost/organization-vault-purge ... Fixed purging organization vault	2019-04-14 22:30:51 +02:00
janost	03fdf36bf9	Fixed purging organization vault	2019-04-14 22:12:48 +02:00
Daniel García	fdcc32beda	Validate Duo credentials when custom	2019-04-14 22:05:05 +02:00
Daniel García	bf20355c5e	Merge branch 'duo'	2019-04-14 22:02:55 +02:00
Daniel García	2e12114350	Always create the user when inviting from admin panel	2019-04-12 23:44:49 +02:00
ViViDboarder	d3a8a278e6	Add new endpoint for retrieving all users	2019-04-11 11:24:53 -07:00
Daniel García	8d9827c55f	Implement selection between global config and user settings for duo keys.	2019-04-11 18:40:03 +02:00