Commit Graph

1942 Commits

Author SHA1 Message Date
Aaron 1ff4ff72bf
fix: update warning and success case verbiage 2022-09-25 18:59:25 +02:00
Aaron d27e91a9b0
fix: tooltip typo 2022-09-25 18:59:25 +02:00
BlackDex 7cf063b196
Update build workflow
Currently the branch protection is set on specific workflows which needs
to be run every time a PR is created (or a push).

Because it isn't possible to tell the branch protection only to do it's
job if specific files are touched or not, we just need to make sure
these jobs are always started.

Also, because we now check the builds for an MSRV, and the title would
change all the time, that would cause the branch protection to be
updated everytime the MSRV would change. This is now also addressed by
naming that job 'msrv' instead of the version number.
2022-09-25 18:59:25 +02:00
BlackDex 1094f359c3
Update libraries and Rust version
- Updated to Rust v1.64.0
- Updated all libararies
- Updated multer-rs to be based upon the latest version
- Updated Dockerfiles to match the Rust version
2022-09-25 16:44:34 +02:00
Daniel García 9c891baad1
Merge pull request #2739 from BlackDex/fix-restore-revoke
Rename/Fix revoke/restore endpoints
2022-09-12 17:12:23 +02:00
Daniel García b050c60807
Merge pull request #2738 from BlackDex/issue-2737
Fix issue 2737, unable to create org
2022-09-12 17:11:43 +02:00
BlackDex e47a2fd0f3
Rename/Fix revoke/restore endpoints
In web-vault v2022.9.x it seems the endpoints changed.
 - activate > restore
 - deactivate > revoke

This PR adds those endpoints and renames the functions.
It also keeps the previous endpoints for now to be compatible with
previous vault verions for now, just in case.
2022-09-12 16:08:36 +02:00
BlackDex 42b9cc73ac
Fix issue 2737, unable to create org
There was a small oversight on upgrading to v2022.9.0 web-vault version.
It seems the call to the /plans/ endpoint doesn't provide authentication anymore.

Removed this check and it seems to work again.

Fixes #2737
2022-09-12 14:10:54 +02:00
Daniel García edca4248aa
Use optional env as this variable isn't defined during CI 2022-09-08 18:01:27 +02:00
Daniel García b1b6bc9be0
Update web vault to 2022.9.0 2022-09-08 17:46:02 +02:00
Daniel García 818b254cef
Implement config endpoint 2022-09-08 17:38:00 +02:00
Daniel García ddfac5e34b
Merge branch 'BlackDex-web-vault-v2022.9-support' into main 2022-09-08 16:30:46 +02:00
Daniel García 8b5c945bad
Merge branch 'web-vault-v2022.9-support' of https://github.com/BlackDex/vaultwarden into BlackDex-web-vault-v2022.9-support 2022-09-08 16:30:41 +02:00
Daniel García 50c5eb9c50
Merge branch 'BlackDex-vw-admin-updates' into main 2022-09-08 16:30:31 +02:00
BlackDex 94be67eac1
Added support for web-vault v2022.9
- The new web-vault version supports fastmail.com anon email, add the
  correct api host to support it.
- Removed Firefox Relay, this seems only to be supported on SaaS.
- Added a function to the two-factor api to prevent 404 errors.
2022-09-07 20:48:48 +02:00
BlackDex 5a05139efe
Change the handling of login errors.
Previously FlashMessage was used to provide an error message during login.
This PR changes that flow to not use redirect for this, but renders the HTML and responds using the correct status code where needed. This should solve some issues which were reported in the past.

Thanks to @RealOrangeOne, for initiating this with a PR.

Fixes #2448
Fixes #2712
Closes #2715

Co-authored-by: Jake Howard <git@theorangeone.net>
2022-09-06 17:27:20 +02:00
Daniel García a62dc102fb
Update web vault to 2022.8.1 and cargo dependencies 2022-09-04 23:18:27 +02:00
Daniel García 518d74ce21
Merge branch 'BlackDex-org-user-revoke-access' into main 2022-09-04 23:04:22 +02:00
Daniel García 7598997deb
Merge branch 'org-user-revoke-access' of https://github.com/BlackDex/vaultwarden into BlackDex-org-user-revoke-access 2022-09-04 23:04:15 +02:00
Daniel García 3c876dc202
Merge branch 'Fvbor-patch-1' into main 2022-09-04 22:49:19 +02:00
BlackDex 1722742ab3
Add Org user revoke feature
This PR adds a the new v2022.8.x revoke feature which allows an
organization owner or admin to revoke access for one or more users.

This PR also fixes several permissions and policy checks which were faulty.

- Modified some functions to use DB Count features instead of iter/count aftwards.
- Rearanged some if statements (faster matching or just one if instead of nested if's)
- Added and fixed several policy checks where needed
- Some small updates on some response models
- Made some functions require an enum instead of an i32
2022-08-20 16:42:36 +02:00
Hagen Tasche d9c0eb3cfc
Update two external Links to prevent tabnabbing
Added noopener to prevent tabnabbing
2022-08-17 08:14:19 +02:00
Hagen Tasche 0d990e1dc0
Open Externallink in new Tab
The link to the backup documentation was opened in the active tab.
With this change it will open in a new tab and prevent tabnabbing
2022-08-17 08:00:46 +02:00
Daniel García 60ed5ff99d
Merge pull request #2675 from BlackDex/patch-multer
Fix uploads from mobile clients (and dep updates)
2022-08-04 23:47:48 +02:00
BlackDex 5b98bd66ee
Fix uploads from mobile clients (and dep updates)
This patch fixes the file upload send by the mobile clients.
It resolves #2644 by always providing a `Content-Type` even though one
isn't set in this specific case.

I do hope it will be fixed upstream by either Bitwarden by fixing the
client. Or Rocket by allowing to override this somehow.

Until then, we can use this patched version of multer-rs.

Issue @ Rocket: https://github.com/SergioBenitez/Rocket/issues/2299
Issue @ Bitwarden: https://github.com/bitwarden/mobile/issues/2018

Also updated some dependencies.
2022-08-04 23:28:45 +02:00
Daniel García abd20777fe
Merge pull request #2665 from BlackDex/update-deps-and-alpine-base 2022-08-01 23:48:14 +02:00
BlackDex 7f0d0cf8a4
Update MSRV to 1.60.0
The latest version of chrono-tz needs 1.60.0 because of phf.
Since chrono-tz has updated timezone information i do think it is
usefull in some cases around the world.
2022-08-01 16:21:06 +02:00
BlackDex 6e23a573fb
Update deps and Alpine image
- Updated deps
- Updated Alpine images to 3.16
- Removed dumb-init, not needed anymore
- Some small shellcheck tweaks on the start/healthcheck scripts
2022-07-31 15:45:31 +02:00
Daniel García ce9d93003c
Merge pull request #2650 from BlackDex/mitigate-mobile-client-uploads
Mitigate attachment/send upload issues
2022-07-27 17:39:07 +02:00
BlackDex abfa868423
Mitigate attachment/send upload issues
This PR attends to mitigate (not fix) #2644.
There seems to be an issue when uploading files either as attachment or
via send via the mobile (Android) client.

The binary data gets transfered correctly to Vaultwarden (Checked via
Wireshark), but the data is not parsed correctly for some reason.

Since the parsing is not done by Vaultwarden it self, i think we should
at least try to prevent saving the data and letting users think all
fine.

Further investigation is needed to actually fix this issue.
This is just a quick patch.
2022-07-27 17:12:04 +02:00
Daniel García 331f6c08fe
Merge branch 'BlackDex-update-github-actions' into main 2022-07-22 16:00:45 +02:00
Daniel García c0efd3d419
Merge branch 'update-github-actions' of https://github.com/BlackDex/vaultwarden into BlackDex-update-github-actions 2022-07-22 16:00:40 +02:00
Daniel García 1385d75972
Merge branch 'BlackDex-fix-2622-persistent-volume-check' into main 2022-07-22 16:00:28 +02:00
BlackDex 9a787dd105
Fix persistent folder check within containers
The previous persistent folder check worked by checking if a file
exists. If you used a bind-mount, then this file is not there. But when
using a docker/podman volume those files are copied, and caused the
container to not start.

This change checks the `/proc/self/mountinfo` for a specific patern to
see if the data folder is persistent or not.

Fixes #2622
2022-07-20 13:29:39 +02:00
BlackDex 0dcc435bb4
Update build workflow for CI
Because we want to support MSRV, we also need to run a CI for this.
This PR adds checks for the MSRV and rust-toolchain defined versions.

It will also run all cargo test, clippy and fmt checks no matter the outcome of the previous job.
This will help when there are multiple issues, like clippy errors and formatting.
Previously it would show only the first failed check and stopped.

It will also output a nice step summary with some details on which checks have failed.
Or it will output a success message.
2022-07-19 23:17:49 +02:00
Daniel García f1a67663d1
Merge pull request #2624 from BlackDex/fix-2623-csp-icon-redirect
Fix issue with CSP and icon redirects
2022-07-18 00:40:59 +02:00
BlackDex 0f95bdc9bb
Fix issue with CSP and icon redirects
When using anything else but the `internal` icon service it would
trigger an CSP block because the redirects were not allowed.

This PR fixes #2623 by dynamically adding the needed CSP strings.
This should also work with custom services.

For Google i needed to add an extra check because that does a redirect
it self to there gstatic.com domain.
2022-07-17 16:21:03 +02:00
Daniel García a0eab35768
Update web vault to 2022.6.2 2022-07-15 19:15:22 +02:00
Daniel García 027c87dd07
Merge branch 'BlackDex-update-dep-fix-issue-2516' into main 2022-07-15 19:14:21 +02:00
Daniel García f2b31352fe
Merge branch 'update-dep-fix-issue-2516' of https://github.com/BlackDex/vaultwarden into BlackDex-update-dep-fix-issue-2516 2022-07-15 19:14:14 +02:00
Daniel García c9376e3126
Remove read_file and read_file_string and replace them with the std alternatives 2022-07-15 19:13:26 +02:00
Daniel García 7cbcad0e38
Merge branch 'BlackDex-more-clippy-checks' into main 2022-07-15 19:06:09 +02:00
Daniel García e167798449
Merge branch 'more-clippy-checks' of https://github.com/BlackDex/vaultwarden into BlackDex-more-clippy-checks 2022-07-15 19:05:54 +02:00
Daniel García fc5928772b
Move around comments 2022-07-15 19:05:38 +02:00
Daniel García 8263bdd21d
Merge branch 'ruifung-main' into main 2022-07-15 19:03:49 +02:00
BlackDex 3c1d4254e7
Update deps and fix file-uploads
- Update deps. One of them is multer-rs which fixes #2516
- Changed MSRV to `1.59.0`, since that is the correct MSRV currently.
  It could be lower, but that would mean removing the `strip` option.
2022-07-15 16:03:57 +02:00
BlackDex 55d7c48b1d
Add more clippy checks for better code/readability
A bit inspired by @paolobarbolini from this commit at lettre https://github.com/lettre/lettre/pull/784 .
I added a few more clippy lints here, and fixed the resulted issues.

Overall i think this could help in preventing future issues, and maybe
even peformance problems. It also makes some code a bit more clear.

We could always add more if we want to, i left a few out which i think
arn't that huge of an issue. Some like the `unused_async` are nice,
which resulted in a few `async` removals.

Some others are maybe a bit more estatic, like `string_to_string`, but i
think it looks better to use `clone` in those cases instead of `to_string` while they already are a string.
2022-07-10 16:39:38 +02:00
Yip Rui Fung bf623eed7f Use if let instead of a match with empty block. 2022-07-09 11:43:00 +08:00
Yip Rui Fung 84bcac0112 Apply rustfmt.
Because apparently CLion's default formatting is not the same as rustfmt for some reason.
2022-07-09 10:49:51 +08:00
Yip Rui Fung 31595888ea Use match to avoid ownership issues on the TempFile / file_path variables in closures. 2022-07-09 10:33:27 +08:00