Commit Graph

581 Commits

Author SHA1 Message Date
Daniel García
cbadf00941
Update web vault to fix twofactorauth.org integration
Update dependencies and toolchain
Update included equivalent domains with upstream changes
2019-11-19 20:30:09 +01:00
tomuta
64d6f72e6c Add the ability to disable signups, but allow signups from a whitelist
This feature can be enabled by setting SIGNUPS_ALLOWED=false and
providing a comma-separated list of whitelisted domains in
SIGNUPS_DOMAINS_WHITELIST.

Fixes #727
2019-11-16 15:01:45 -07:00
Timo N
b889e5185e
Added tv.apple.com to global domains 2019-11-14 23:10:55 +01:00
BlackDex
3f6809bcdf Fixed issue/request #705
Added a config option to disable time drifted totp codes.
Default is false, since this is what the RFC recommends.
2019-11-07 17:11:29 +01:00
BlackDex
c52adef919 Added configurable smtp timeout.
- Added config option for smtp timeout
 - Lowered default timeout to 15 seconds instead of default 60.
2019-11-06 21:39:33 +01:00
BlackDex
2ffc3eac4d Clippy fix 2019-11-06 20:34:52 +01:00
BlackDex
0ff7fd939e Next attempt for issue #709 fix
Now creates icon cache directory at startup.
And it also creates the directory if it went missing during runtime.
Also modified the icon_save/mark_negcache to be one.
2019-11-06 20:21:47 +01:00
BlackDex
ca7c5129b2 Fixed issue #709 creating icon_cache directory.
When the icon_cache directory doesn't exists yet, and the first icon
catched is a miss this .miss file was not able to be created since the
directory was only created during a valid icon download.
2019-11-06 15:47:56 +01:00
Daniel García
b4dfc24040
Merge pull request #703 from patrickli/bugfix/dont-sync-excluded-global-domains
Don't include excluded global equivalent domains during sync
2019-11-05 18:47:43 +01:00
Patrick Li
85dbf4e16c
Don't include excluded global equivalent domains during sync
Fixes #681
2019-11-05 21:29:04 +13:00
BlackDex
3442eb1b9d Trying to fix issue #687
- Using an older commit from rocket repo
2019-11-04 14:30:24 +01:00
Daniel García
e449912f05
Generate recovery codes for email and duo 2019-11-02 18:31:50 +01:00
Daniel García
d29b6bee28
Remove unnecessary clones and other clippy fixes 2019-11-02 17:39:01 +01:00
Miro Prasil
00a11b1b78 Stop leaking usernames when SIGNUPS_ALLOWED=false
This fixes #691 - respond in less specific way to not leak the
fact that user is already registered on the server.
2019-11-01 22:34:42 +00:00
BlackDex
ee550be80c Added http favicon url when response failed 2019-10-29 14:24:01 +01:00
Daniel García
fccc0a4b05
Update rocket to latest master
Downgrade rust version to fix cargo issue
Set rustup profile to minimal
2019-10-25 21:48:10 +02:00
Jellyfrog
ebc47dc161
Remove unneeded WS logging 2019-10-17 17:15:11 +02:00
vpl
3b7a5bd102 Move 2FA email config to after SMTP config 2019-10-16 07:11:16 +02:00
vpl
2edecf34ff Use user_uuid instead of mut twofactor 2019-10-15 21:20:19 +02:00
vpl
18bc8331f9 Send email when preparing 2FA JsonError 2019-10-15 21:19:49 +02:00
BlackDex
603a964579 Fixed issue #663.
During the 2fa activation there is no twofactor record yet.
Changed the layout a bit so that it will generate a new twofactor record
when it does not exists yet. Else it will just update the already
existing record.
2019-10-14 00:32:44 +02:00
Daniel García
dc515b83f3
Merge pull request #657 from BlackDex/totp-timedrift
Updated authenticator TOTP
2019-10-12 16:33:43 +02:00
BlackDex
9466f02696 Recoded TOTP time drift validation 2019-10-12 15:28:28 +02:00
BlackDex
2cde814aaa Fixed a bug with the sqlite backup feature.
When a custom path is used the backup feature does not work.
Changed it so it will take the path of the sqlite file and use that.
2019-10-11 12:08:40 +02:00
BlackDex
d989a19f76 Merge branch 'master' of https://github.com/dani-garcia/bitwarden_rs into totp-timedrift 2019-10-11 11:22:13 +02:00
Daniel García
d292269ea0
Make the blacklist logic be cached 2019-10-10 23:21:22 +02:00
BlackDex
ebf40099f2 Updated authenticator TOTP
- Added security check for previouse used codes
- Allow TOTP codes with 1 step back and forward when there is a time
drift. This means in total 3 codes could be valid. But only newer codes
then the previouse used codes are excepted after that.
2019-10-10 17:32:20 +02:00
BlackDex
edc482c8ea Changed HIBP Error message.
- Moved the manual link to the check to the top.
- Clearified that hibp is a payed service.
- Changed error logo to hibp logo.
2019-10-08 22:29:12 +02:00
BlackDex
6e5c03cc78 Some modification when no HIBP API Key is set
- Added an URL with the useraccount for manual check.
- Added support for HTTP(S)_PROXY for hibp.
2019-10-08 21:39:11 +02:00
Daniel García
881c1978eb
Error when the URL scheme doesn't match the database type 2019-10-08 19:34:47 +02:00
Daniel García
662bc27523
Updated dependencies and fixed disable_admin_token description 2019-10-08 19:33:27 +02:00
Daniel García
e6b763026e
Merge branch 'master' into icon-security 2019-10-05 16:45:36 +02:00
Daniel García
c182583e09
Merge pull request #644 from BlackDex/issue-565
Fixed issue #565
2019-10-05 16:17:43 +02:00
Daniel García
d821389c2e
Merge pull request #639 from vverst/cors-update
Change CORS headers
2019-10-05 16:09:33 +02:00
BlackDex
be2916333b Fixed issue #565
Issue fixed by omitting the cookie header when cookie_str is empty
2019-10-05 15:45:09 +02:00
BlackDex
9124d8a3fb Updated icon blacklisting.
- Blacklisting was not effective for redirects and rel href
- Able to blacklist non global IP's like RFC1918, multicast etc...
2019-10-05 14:48:15 +02:00
vpl
7b1da527a6 Change CORS headers
Only add Allow-Origin to all requests and move the others to preflight OPTIONS request.
If Origin is `file://` change it to the wildcard.
2019-10-01 20:12:33 +02:00
Miro Prasil
d6e9af909b Remove the unnecessary check for sqlite
The binary we use is called `sqlite3` so no need to check for other
name variants as we won't use those anyways.
2019-10-01 10:40:22 +01:00
Miro Prasil
acdd42935b Add sqlite binary into the docker images
This is done to enable backup functionality in the admin interface while
we're waiting for the libsqlite-sys 0.17 to bubble up in the upstream
dependencies. Then we can start using `VACUUM INTO`

This also extends the check for the sqlite binary to also try `sqlite3`
as this is the name of the binary in baseimage distributions we use.
2019-09-30 13:54:06 +01:00
vpl
56f12dc982 Use Access-Control-Allow-Method 2019-09-23 07:44:44 +02:00
Daniel García
4c07f05b3a
Remove Result<T, E: Debug> in preparation of deprecation as Rocket responder.
Removed unnecessary returns
2019-09-17 21:05:56 +02:00
Michael Powers
f5f9861a78
Adds support for PostgreSQL which resolves #87 and is mentioned in #246.
This includes migrations as well as Dockerfile's for amd64.

The biggest change is that replace_into isn't supported by Diesel for the
PostgreSQL backend, instead requiring the use of on_conflict. This
unfortunately requires a branch for save() on all of the models currently
using replace_into.
2019-09-12 16:12:22 -04:00
Daniel García
df8114f8be
Updated client kdf iterations to 100000 and fixed some lints 2019-09-05 21:56:12 +02:00
vpl
5a2f968d7a Set correct response headers, status code 2019-09-02 21:13:12 +02:00
vpl
16d88402cb Initial version of CORS support 2019-09-01 13:00:12 +02:00
Daniel García
7dcf18151d
Fix onsubmit 2019-08-31 17:57:47 +02:00
Daniel García
e3404dd322
Use the local scripts instead of cloudflare, remove jquery and update config so disabling a master toggle doesn't remove the values 2019-08-31 17:47:52 +02:00
Daniel García
bfc517ee80
Remove unused warning 2019-08-31 17:26:16 +02:00
Daniel García
4a7d2a1e28
Rename static files endpoint 2019-08-31 17:25:31 +02:00
Daniel García
c07c9995ea
Merge pull request #555 from vverst/email-codes
Add Email 2FA login
2019-08-27 21:07:41 +02:00
ViViDboarder
672a245548 Remove unecessary clone 2019-08-27 10:40:38 -07:00
vpl
5d50b1ee3c Merge remote-tracking branch 'upstream/master' into email-codes 2019-08-26 21:38:45 +02:00
vpl
c99df1c310 Compare token using crypto::ct_eq 2019-08-26 20:26:59 +02:00
vpl
591ae10144 Get token from single u64 2019-08-26 20:26:54 +02:00
ViViDboarder
2d2745195e Allow explicitly defined smtp auth mechansim 2019-08-23 16:22:14 -07:00
Daniel García
026f9da035
Allow removing users two factors 2019-08-21 17:13:06 +02:00
Daniel García
d23d4f2c1d
Allow editing HIBP key in the admin panel 2019-08-20 23:53:00 +02:00
Daniel García
515b87755a
Update HIBP to v3, requires paid API key, fixes #583 2019-08-20 20:07:12 +02:00
vpl
ee7837d022 Add option to require new device emails 2019-08-19 22:14:00 +02:00
Daniel García
07743e490b
Ignore error sending device email 2019-08-18 19:32:26 +02:00
BlackDex
e7b6238f43 Added reqwest proxy support 2019-08-12 17:24:32 +02:00
vpl
ad2225b6e5 Add configuration options for Email 2FA 2019-08-10 22:39:04 +02:00
vpl
5609103a97 Use ring to generate email token 2019-08-06 22:38:08 +02:00
vpl
6d460b44b0 Use saved token for email 2fa codes 2019-08-04 17:21:57 +02:00
vpl
efd8d9f528 Remove some unused imports, unneeded mut variables 2019-08-04 16:56:41 +02:00
vpl
29aedd388e Add email code logic and move two_factor into separate modules 2019-08-04 16:56:41 +02:00
vpl
27e0e41835 Add email authenticator logic 2019-08-04 16:56:39 +02:00
vpl
0b60f20eb3 Add email message for twofactor email codes 2019-08-03 18:49:34 +02:00
Daniel García
c9c3f07171
Updated dependencies and fixed panic getting icons 2019-07-30 19:42:05 +02:00
vpl
df71f57d86 Move send device email to end of password login
Send new device email after two factor authentication.
2019-07-25 21:10:27 +02:00
vpl
60e39a9dd1 Move retrieve/new device from connData to separate function 2019-07-22 12:30:26 +02:00
vpl
bc6a53b847 Add new device email when user logs in 2019-07-22 08:26:24 +02:00
Daniel García
05a1137828
Move backend checks to build.rs to fail fast, and updated dependencies 2019-07-09 17:26:34 +02:00
Nick Fox
2e300da057
Fix #468 - Percent-encode the email address in invite link 2019-07-02 22:55:13 -04:00
Cubity_First
6989fc7bdb
Corrected Spelling
Changed it from Chache to Cache on Line 207
2019-06-18 15:45:19 +01:00
Daniel García
76f38621de
Update dependencies and remove unwraps from Cipher::to_json 2019-06-14 22:51:50 +02:00
Daniel García
12af32b9ea
Don't print DB URL 2019-06-02 13:39:16 +02:00
Daniel García
9add8e19eb
Update dependencies and remove travis unused feature 2019-06-02 00:28:20 +02:00
Daniel García
5710703c50
Make sure the backup option only appears when using sqlite 2019-06-02 00:08:52 +02:00
Daniel García
1322b876e9
Merge pull request #493 from endyman/feature/initial_mysql_support
Initial support for mysql
2019-06-01 23:33:06 +02:00
Daniel García
9ed2ba61c6
Merge pull request #475 from TheMardy/master
Create Backup funcitonality
2019-06-01 23:29:58 +02:00
Nils Domrose
62a461ae15 remove syslog from ci, make features flag more clear 2019-05-30 22:19:58 +02:00
Nils Domrose
4859932d35 fixed typo 2019-05-28 07:48:17 +02:00
Nils Domrose
dc36f0cb6c re-added sqlite check_db code, cleanup 2019-05-27 22:58:52 +02:00
Nils Domrose
ff759397f6 initial mysql support 2019-05-26 23:03:05 +02:00
Emil Madsen
233b48bdad Fix missing joinable in schema 2019-05-20 21:30:31 +02:00
Emil Madsen
e22e290f67 Fix key and type variable names for mysql 2019-05-20 21:24:29 +02:00
Emil Madsen
ab95a69dc8 Rework migrations for MySQL 2019-05-20 21:12:41 +02:00
Emil Madsen
85c8a01f4a Merge branch 'master' of github.com:Skeen/bitwarden_rs 2019-05-20 19:53:18 +02:00
Emil Madsen
42af7c6dab MySQL database 2019-05-20 19:53:14 +02:00
Daniel García
4f45cc081f
Update ring to 0.14, jwt to 6.0, and u2f 2019-05-11 23:18:18 +02:00
TheMardy
ef551f4cc6 Create Backup funcitonality
Added create backup functionality to the admin panel
2019-05-03 15:46:29 +02:00
Daniel García
5521a86693
Change path for served images to avoid collision with vault images 2019-05-01 16:19:22 +02:00
Daniel García
3160780549
Merge pull request #401 from TheMardy/master
Images in Email Templates
2019-04-30 17:52:10 +02:00
TheMardy
f0701657a9 Changed to Bitwarden_RS Logo 2019-04-30 16:08:53 +02:00
Daniel García
874f5c34bd
Formatting 2019-04-26 22:08:26 +02:00
Daniel García
253faaf023
Use users duo host when required, instead of always using the global one 2019-04-15 13:07:23 +02:00
Daniel García
3d843a6a51
Merge pull request #460 from janost/organization-vault-purge
Fixed purging organization vault
2019-04-14 22:30:51 +02:00
janost
03fdf36bf9 Fixed purging organization vault 2019-04-14 22:12:48 +02:00
Daniel García
fdcc32beda
Validate Duo credentials when custom 2019-04-14 22:05:05 +02:00