Commit Graph

2441 Commits

Author SHA1 Message Date
sirux88 d121cce0d2
include key into user.set_password 2023-01-24 19:47:14 +01:00
Daniel García 0eba7a88fa
Merge branch 'sirux88-refactoring-user-setpassword' 2023-01-24 19:46:35 +01:00
BlackDex 34ac16e9d7
Validate note sizes on key-rotation.
We also need to validate the note sizes on key-rotation.
If we do not validate them before we store them, that could lead to a
partial or total loss of the password vault. Validating these
restrictions before actually processing them to store/replace the
existing ciphers should prevent this.

There was also a small bug when using web-sockets. The client which is
triggering the password/key-rotation change should not be forced to
logout via a web-socket request. That is something the client will
handle it self. Refactored the logout notification to either send the
device uuid or not on specific actions.

Fixes #3152
2023-01-24 09:30:10 +01:00
sirux88 906d9e2f1a Merge branch 'refactoring-user-setpassword' of https://github.com/sirux88/vaultwarden into refactoring-user-setpassword 2023-01-14 10:16:56 +01:00
sirux88 623d84aeb5 include key into user.set_password 2023-01-14 10:16:03 +01:00
sirux88 f8122cd2ca include key into user.set_password 2023-01-13 12:10:33 +01:00
Daniel García 9b7e86efc2
Update web vault to 2023.1.0 2023-01-12 19:49:06 +01:00
Daniel García e7ccfbdd0e
Merge branch 'BlackDex-optimize-ciphersync' 2023-01-12 19:19:01 +01:00
BlackDex acc1474394
Add avatar color support
The new web-vault v2023.1.0 supports a custom color for the avatar.
https://github.com/bitwarden/server/pull/2330

This PR adds this feature.
2023-01-12 19:18:57 +01:00
BlackDex c90b3031a6
Update Rust to v1.66.1 to patch CVE
This PR sets Rust to v1.66.1 to fix a CVE.
https://blog.rust-lang.org/2023/01/10/cve-2022-46176.html
https://blog.rust-lang.org/2023/01/10/Rust-1.66.1.html

Also updated some packages while at it.
2023-01-12 19:18:57 +01:00
BlackDex aaffb2e007
Add MFA icon to org member overview
The Organization member overview supports showing an icon if the user
has MFA enabled or not. This PR adds this feature.

This is very useful if you want to enable force mfa for example.
2023-01-12 19:18:57 +01:00
GeekCorner e0e95e95e4
fix (2fa.directory): Allow api.2fa.directory, and remove 2fa.directory 2023-01-12 19:18:57 +01:00
BlackDex fa70b440d0
Fix remaning inline format 2023-01-12 19:18:56 +01:00
Rychart Redwerkz 42acb2ebb6
Use more modern meta tag for charset encoding 2023-01-12 19:18:56 +01:00
Daniel García 174bea8d6e
Merge branch 'BlackDex-add-avatar-color-feature' 2023-01-12 19:17:22 +01:00
BlackDex f68a57950b
Update Rust to v1.66.1 to patch CVE
This PR sets Rust to v1.66.1 to fix a CVE.
https://blog.rust-lang.org/2023/01/10/cve-2022-46176.html
https://blog.rust-lang.org/2023/01/10/Rust-1.66.1.html

Also updated some packages while at it.
2023-01-12 19:17:16 +01:00
BlackDex f747bf126b
Add MFA icon to org member overview
The Organization member overview supports showing an icon if the user
has MFA enabled or not. This PR adds this feature.

This is very useful if you want to enable force mfa for example.
2023-01-12 19:17:15 +01:00
GeekCorner 1ca197fd46
fix (2fa.directory): Allow api.2fa.directory, and remove 2fa.directory 2023-01-12 19:17:15 +01:00
BlackDex 63d05d929b
Fix remaning inline format 2023-01-12 19:17:15 +01:00
Rychart Redwerkz ef5bf5d326
Use more modern meta tag for charset encoding 2023-01-12 19:17:15 +01:00
Daniel García 9d6e35d803
Merge branch 'BlackDex-update-rust-fix-cve' 2023-01-12 19:16:32 +01:00
BlackDex 0cccdcab83
Add MFA icon to org member overview
The Organization member overview supports showing an icon if the user
has MFA enabled or not. This PR adds this feature.

This is very useful if you want to enable force mfa for example.
2023-01-12 19:16:28 +01:00
GeekCorner 6607faa390
fix (2fa.directory): Allow api.2fa.directory, and remove 2fa.directory 2023-01-12 19:16:28 +01:00
BlackDex 6fcf18ab51
Fix remaning inline format 2023-01-12 19:16:28 +01:00
Rychart Redwerkz d122c10573
Use more modern meta tag for charset encoding 2023-01-12 19:16:28 +01:00
Daniel García ae9553ca1c
Merge branch 'BlackDex-add-mfa-icon-to-orgs' 2023-01-12 19:16:16 +01:00
GeekCorner ff919039c9
fix (2fa.directory): Allow api.2fa.directory, and remove 2fa.directory 2023-01-12 19:16:12 +01:00
BlackDex 80eb15d46a
Fix remaning inline format 2023-01-12 19:16:11 +01:00
Rychart Redwerkz c36b870c54
Use more modern meta tag for charset encoding 2023-01-12 19:16:11 +01:00
Daniel García b7cbca590c
Merge branch 'GeekCornerGH-fix/2fa_directory-csp' 2023-01-12 19:15:42 +01:00
BlackDex 606a1bbfcb
Fix remaning inline format 2023-01-12 19:15:38 +01:00
Rychart Redwerkz 3e5369c8dd
Use more modern meta tag for charset encoding 2023-01-12 19:15:38 +01:00
Daniel García dd5e4cec73
Merge branch 'BlackDex-fix-remaining-inline' 2023-01-12 19:15:14 +01:00
Rychart Redwerkz a31a040abd
Use more modern meta tag for charset encoding 2023-01-12 19:15:06 +01:00
Daniel García f0125b95c1
Merge branch 'redwerkz-patch-1' 2023-01-12 19:14:49 +01:00
BlackDex 072f2e24c2
Update Rust to v1.66.1 to patch CVE
This PR sets Rust to v1.66.1 to fix a CVE.
https://blog.rust-lang.org/2023/01/10/cve-2022-46176.html
https://blog.rust-lang.org/2023/01/10/Rust-1.66.1.html

Also updated some packages while at it.
2023-01-12 09:45:52 +01:00
BlackDex 36b5350f9b
Add avatar color support
The new web-vault v2023.1.0 supports a custom color for the avatar.
https://github.com/bitwarden/server/pull/2330

This PR adds this feature.
2023-01-11 22:20:03 +01:00
BlackDex c7489c9fdf
Add MFA icon to org member overview
The Organization member overview supports showing an icon if the user
has MFA enabled or not. This PR adds this feature.

This is very useful if you want to enable force mfa for example.
2023-01-11 22:13:20 +01:00
BlackDex 3181e4e96e
Optimize CipherSyncData for very large vaults
As mentioned in #3111, using a very very large vault causes some issues.
Mainly because of a SQLite limit, but, it could also cause issue on
MariaDB/MySQL or PostgreSQL. It also uses a lot of memory, and memory
allocations.

This PR solves this by removing the need of all the cipher_uuid's just
to gather the correct attachments.

It will use the user_uuid and org_uuid's to get all attachments linked
to both, weither the user has access to them or not. This isn't an
issue, since the matching is done per cipher and the attachment data is
only returned if there is a matching cipher to where the user has access to.

I also modified some code to be able to use `::with_capacity(n)` where
possible. This prevents re-allocations if the `Vec` increases size,
which will happen a lot if there are a lot of ciphers.

According to my tests measuring the time it takes to sync, it seems to
have lowered the duration a bit more.

Fixes #3111
2023-01-11 20:23:53 +01:00
GeekCorner 2ee0d53c5f
fix (2fa.directory): Allow api.2fa.directory, and remove 2fa.directory 2023-01-10 09:41:35 +01:00
Rychart Redwerkz dfa629ecc7
Use more modern meta tag for charset encoding 2023-01-10 00:24:37 +01:00
BlackDex 92dc48b882
Fix remaning inline format 2023-01-09 20:41:31 +01:00
Daniel García 367e1ce289
Merge pull request #3065 from BlackDex/future-clippy-fixes
Resolve uninlined_format_args clippy warnings
2023-01-09 20:17:06 +01:00
BlackDex 7390f34355
Resolve uninlined_format_args clippy warnings
The upcomming release of Rust 1.67.0 will warn on `uninlined_format_args`.
This PR resolves that by inlining all these items.
It also looks nicer.
2023-01-09 20:13:48 +01:00
Daniel García c47d9f6593
Fix some lints: explicit Arc::clone, and unnecessary return after unreachable! 2023-01-09 19:54:25 +01:00
Daniel García 5399ee8208
Merge branch 'BlackDex-update-libraries' 2023-01-09 19:19:11 +01:00
pjsier 117045e6d3
Log message to stderr if LOG_FILE is not writable
Co-authored-by: Helmut K. C. Tessarek <tessarek@evermeet.cx>
2023-01-09 19:18:59 +01:00
BlackDex 912ad64555
Resolve uninlined_format_args clippy warnings
The upcomming release of Rust 1.67.0 will warn on `uninlined_format_args`.
This PR resolves that by inlining all these items.
It also looks nicer.
2023-01-09 19:18:58 +01:00
BlackDex 00855ee31d
Fix failing large note imports
When importing to Vaultwarden (or Bitwarden) notes larger then 10_000
encrypted characters are invalid. This because it for one isn't
compatible with Bitwarden. And some clients tend to break on very large
notes.

We already added a check for this limit when adding a single cipher, but
this caused issues during import, and could cause a partial imported
vault. Bitwarden does some validations before actually running it
through the import process and generates a special error message which
helps the user indicate which items are invalid during the import.

This PR adds that validation check and returns the same kind of error.
Fixes #3048
2023-01-09 19:18:19 +01:00
pjsier c18a273b4a
Log message to stderr if LOG_FILE is not writable
Co-authored-by: Helmut K. C. Tessarek <tessarek@evermeet.cx>
2023-01-09 19:18:18 +01:00