Add support for hiding the sender's email address in Bitwarden Sends

Note: The original Vaultwarden implementation of Bitwarden Send would always
hide the email address, while the upstream implementation would always show it.

Upstream PR: https://github.com/bitwarden/server/pull/1234
This commit is contained in:
Jeremy Lin 2021-05-11 22:51:12 -07:00
parent e9ee8ac2fa
commit d3449bfa00
11 changed files with 34 additions and 2 deletions

View File

@ -0,0 +1,2 @@
ALTER TABLE sends
ADD COLUMN hide_email BOOLEAN;

View File

@ -0,0 +1,2 @@
ALTER TABLE sends
ADD COLUMN hide_email BOOLEAN;

View File

@ -0,0 +1,2 @@
ALTER TABLE sends
ADD COLUMN hide_email BOOLEAN;

View File

@ -38,6 +38,7 @@ pub struct SendData {
pub ExpirationDate: Option<DateTime<Utc>>, pub ExpirationDate: Option<DateTime<Utc>>,
pub DeletionDate: DateTime<Utc>, pub DeletionDate: DateTime<Utc>,
pub Disabled: bool, pub Disabled: bool,
pub HideEmail: Option<bool>,
// Data field // Data field
pub Name: String, pub Name: String,
@ -88,6 +89,7 @@ fn create_send(data: SendData, user_uuid: String) -> ApiResult<Send> {
send.max_access_count = data.MaxAccessCount; send.max_access_count = data.MaxAccessCount;
send.expiration_date = data.ExpirationDate.map(|d| d.naive_utc()); send.expiration_date = data.ExpirationDate.map(|d| d.naive_utc());
send.disabled = data.Disabled; send.disabled = data.Disabled;
send.hide_email = data.HideEmail;
send.atype = data.Type; send.atype = data.Type;
send.set_password(data.Password.as_deref()); send.set_password(data.Password.as_deref());
@ -243,7 +245,7 @@ fn post_access(access_id: String, data: JsonUpcase<SendAccessData>, conn: DbConn
send.save(&conn)?; send.save(&conn)?;
Ok(Json(send.to_json_access())) Ok(Json(send.to_json_access(&conn)))
} }
#[post("/sends/<send_id>/access/file/<file_id>", data = "<data>")] #[post("/sends/<send_id>/access/file/<file_id>", data = "<data>")]
@ -340,6 +342,7 @@ fn put_send(id: String, data: JsonUpcase<SendData>, headers: Headers, conn: DbCo
send.notes = data.Notes; send.notes = data.Notes;
send.max_access_count = data.MaxAccessCount; send.max_access_count = data.MaxAccessCount;
send.expiration_date = data.ExpirationDate.map(|d| d.naive_utc()); send.expiration_date = data.ExpirationDate.map(|d| d.naive_utc());
send.hide_email = data.HideEmail;
send.disabled = data.Disabled; send.disabled = data.Disabled;
// Only change the value if it's present // Only change the value if it's present

View File

@ -36,6 +36,7 @@ db_object! {
pub deletion_date: NaiveDateTime, pub deletion_date: NaiveDateTime,
pub disabled: bool, pub disabled: bool,
pub hide_email: Option<bool>,
} }
} }
@ -73,6 +74,7 @@ impl Send {
deletion_date, deletion_date,
disabled: false, disabled: false,
hide_email: None,
} }
} }
@ -101,6 +103,22 @@ impl Send {
} }
} }
pub fn creator_identifier(&self, conn: &DbConn) -> Option<String> {
if let Some(hide_email) = self.hide_email {
if hide_email {
return None;
}
}
if let Some(user_uuid) = &self.user_uuid {
if let Some(user) = User::find_by_uuid(user_uuid, conn) {
return Some(user.email);
}
}
None
}
pub fn to_json(&self) -> Value { pub fn to_json(&self) -> Value {
use crate::util::format_date; use crate::util::format_date;
use data_encoding::BASE64URL_NOPAD; use data_encoding::BASE64URL_NOPAD;
@ -123,6 +141,7 @@ impl Send {
"AccessCount": self.access_count, "AccessCount": self.access_count,
"Password": self.password_hash.as_deref().map(|h| BASE64URL_NOPAD.encode(h)), "Password": self.password_hash.as_deref().map(|h| BASE64URL_NOPAD.encode(h)),
"Disabled": self.disabled, "Disabled": self.disabled,
"HideEmail": self.hide_email,
"RevisionDate": format_date(&self.revision_date), "RevisionDate": format_date(&self.revision_date),
"ExpirationDate": self.expiration_date.as_ref().map(format_date), "ExpirationDate": self.expiration_date.as_ref().map(format_date),
@ -131,7 +150,7 @@ impl Send {
}) })
} }
pub fn to_json_access(&self) -> Value { pub fn to_json_access(&self, conn: &DbConn) -> Value {
use crate::util::format_date; use crate::util::format_date;
let data: Value = serde_json::from_str(&self.data).unwrap_or_default(); let data: Value = serde_json::from_str(&self.data).unwrap_or_default();
@ -145,6 +164,7 @@ impl Send {
"File": if self.atype == SendType::File as i32 { Some(&data) } else { None }, "File": if self.atype == SendType::File as i32 { Some(&data) } else { None },
"ExpirationDate": self.expiration_date.as_ref().map(format_date), "ExpirationDate": self.expiration_date.as_ref().map(format_date),
"CreatorIdentifier": self.creator_identifier(conn),
"Object": "send-access", "Object": "send-access",
}) })
} }

View File

@ -122,6 +122,7 @@ table! {
expiration_date -> Nullable<Datetime>, expiration_date -> Nullable<Datetime>,
deletion_date -> Datetime, deletion_date -> Datetime,
disabled -> Bool, disabled -> Bool,
hide_email -> Nullable<Bool>,
} }
} }

View File

@ -122,6 +122,7 @@ table! {
expiration_date -> Nullable<Timestamp>, expiration_date -> Nullable<Timestamp>,
deletion_date -> Timestamp, deletion_date -> Timestamp,
disabled -> Bool, disabled -> Bool,
hide_email -> Nullable<Bool>,
} }
} }

View File

@ -122,6 +122,7 @@ table! {
expiration_date -> Nullable<Timestamp>, expiration_date -> Nullable<Timestamp>,
deletion_date -> Timestamp, deletion_date -> Timestamp,
disabled -> Bool, disabled -> Bool,
hide_email -> Nullable<Bool>,
} }
} }