Commit Graph

201 Commits

Author SHA1 Message Date
Daniel García 26ad06df7c
Update web vault to 2.28.0 and dependencies 2022-04-23 18:18:15 +02:00
BlackDex fb0c23b71f
Remove u2f implementation
For a while now WebAuthn has replaced u2f.
And since web-vault v2.27.0 the connector files for u2f have been removed.
Also, on the official bitwarden server the endpoint to `/two-factor/get-u2f` results in a 404.

- Removed all u2f code except the migration code from u2f to WebAuthn
2022-03-27 17:25:04 +02:00
Daniel García 7b742009a1
Update web vault to 2.27.0 and dependencies 2022-03-26 16:35:54 +01:00
BlackDex b0faaf2527
Several updates and fixes
- Removed all `thread::sleep` and use `tokio::time::sleep` now.
  This solves an issue with updating to Bullseye ( Resolves #1998 )
- Updated all Debian images to Bullseye
- Added MiMalloc feature and enabled it by default for Alpine based images
  This increases performance for the Alpine images because the default
  memory allocator for MUSL based binaries isn't that fast
- Updated `dotenv` to `dotenvy` a maintained and updated fork
- Fixed an issue with a newer jslib (not fully released yet)
  That version uses a different endpoint for `prelogin` Resolves #2378 )
2022-03-20 18:51:24 +01:00
BlackDex c4d565b15b
Update login API code
- Updated jsonwebtoken to latest version
- Trim `username` received from the login form ( Fixes #2348 )
- Make uuid and user_uuid a combined primary key for the devices table ( Fixes #2295 )
- Updated crates including regex which contains a CVE ( https://blog.rust-lang.org/2022/03/08/cve-2022-24713.html )
2022-03-12 18:45:45 +01:00
BlackDex 42136a7097
Favicon, SMTP and misc updates
Favicon:
- Replaced HTML tokenizer, much faster now.
- Caching the domain blacklist function.
- Almost all functions are async now.
- Fixed bug on minimizing data to parse
- Changed maximum icon download size to 5MB to match Bitwarden
- Added `apple-touch-icon.png` as a second fallback besides `favicon.ico`

SMTP:
- Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY

Misc:
- Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283)
- Updated Javscript and CSS files for admin interface
- Fixed an issue with the /admin interface which did not cleared the login cookie correctly
- Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import.
  This is also the same as Bitwarden which does not trigger this refresh via websockets.

Rust:
- Updated to use v1.59
- Use the new `strip` option and enabled to strip `debuginfo`
- Enabled `lto` with `thin`
- Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-26 13:56:42 +01:00
BlackDex 5f01db69ff
Update async to prepare for main merge
- Changed nightly to stable in Dockerfile and Workflow
- Updated Dockerfile to use stable and updated ENV's
- Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default
- Updated Github Workflow actions to the latest versions
- Updated Hadolint version
- Re-orderd the Cargo.toml file a bit and put libs together which are linked
- Updated some libs
- Updated .dockerignore file
2022-02-22 20:00:33 +01:00
Daniel García 2d5f172e77
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking 2022-01-30 22:25:54 +01:00
Daniel García 08f0de7b46
Dependency updates 2022-01-30 22:24:42 +01:00
D. Scott Boggs 85c0aa1619 Bump rust version to mitigate CVE-2022-21658 2022-01-23 17:51:36 -05:00
Daniel García e501dc6d0e
Merge branch 'multi-db-dockers' of https://github.com/BlackDex/vaultwarden into BlackDex-multi-db-dockers 2021-12-27 21:55:28 +01:00
BlackDex 5b430f22bc
Support all DB's for Alpine and Debian
- Using my own rust-musl build containers we now support all database
types for both Debian and Alpine.
- Added new Alpine containers for armv6 and arm64/aarch64
- The Debian builds can also be done wihout dpkg magic stuff, probably
some fixes in Rust regarding linking (Or maybe OpenSSL or Diesel), in
any case, it works now without hacking dpkg and apt.
- Updated toolchain and crates
2021-12-26 21:59:28 +01:00
Daniel García 5529264c3f
Basic ratelimit for user login (including 2FA) and admin login 2021-12-22 21:48:49 +01:00
BlackDex e327583aa5
Enabled trust-dns and some updates.
- Enabled trust-dns feature which seems to help a bit when DNS is
causing long timeouts. Though in the blocking version it is less visible
then on the async branch.
- Updated crates
- Removed some redundant code
- Updated javascript/css libraries

Resolves #2118
Resolves #2119
2021-12-01 19:01:55 +01:00
BlackDex c453528dc1
Macro recursion decrease and other optimizations
- Decreased `recursion_limit` from 512 to 87
  Mainly done by optimizing the config macro's.
  This fixes an issue with the rust-analyzer which doesn't go beyond 128
- Removed Regex for masking sensitive values and replaced it with a map()
  This is much faster then using a Regex.
- Refactored the get_support_json macro's
- All items above also lowered the binary size and possibly compile-time
- Removed `_conn: DbConn` from several functions, these caused unnecessary database connections for functions who didn't used that at all
- Decreased json response for `/plans`
- Updated libraries and where needed some code changes
  This also fixes some rare issues with SMTP https://github.com/lettre/lettre/issues/678
- Using Rust 2021 instead of 2018
- Updated rust nightly
2021-11-06 17:44:53 +01:00
Daniel García 97f9eb1320
Update dependencies 2021-10-24 21:50:26 +02:00
Daniel García 016fe2269e
Update dependencies 2021-10-18 22:14:29 +02:00
BlackDex 9375d5b8c2 Updated icon downloading
- Unicode websites could break (www.post.japanpost.jp for example).
  regex would fail because it was missing the unicode-perl feature.
- Be less verbose in logging with icon downloads
- Removed duplicate info/error messages
- Added err_silent! macro to help with the less verbose error/info messages.
2021-09-24 18:27:52 +02:00
Daniel García 0bb33e04bb
Update dependencies and ser cargo resolver to version 2 ahead of 2021 edition 2021-09-22 20:26:48 +02:00
Ben Armstead 8af4b593fa Update dependencies in cargo.toml 2021-09-16 15:58:49 +01:00
BlackDex 89b5f7c98d Dependency updates
Updated several dependencies and switch to different totp library.

- Switch oath with totp-lite
  oauth hasn't been updated in a long while and some dependencies could not be updated any more
  It now also validates a preseeding 0, as the previous library returned an int instead of a str which stripped a leading 0
- Updated rust to the current latest nightly (including build image)
- Updated bootstrap css and js
- Updated hadolint to latest version
- Updated default rust image from v1.53 to v1.54
- Updated new nightly build/clippy messages
2021-08-22 13:46:48 +02:00
BlackDex ffdcafa044 Fix WebAuthn issues and some small updates
- Updated some packages
- Updated code related to package updates.
- Disabled User Verification enforcement when WebAuthn Key sends UV=1
  This makes it compatible with upstream and resolves #1840
- Fixed a bug where removing an individual WebAuthn key deleted the wrong key.
2021-07-25 14:49:55 +02:00
Daniel García c546a59c38
Dependency updates 2021-07-15 19:18:16 +02:00
BlackDex ee391720aa Fixes issue with multiple security keys.
- Updated webauthn-rs commit hash to resolve #1796
2021-06-27 18:12:27 +02:00
Daniel García f44b2611e6
Update rust toolchain and dependencies 2021-06-25 20:53:26 +02:00
Daniel García 0cd065d354
Update webauthn-rs crate to upstream version 2021-06-19 21:25:55 +02:00
Daniel García c380d9c379
Support for webauthn and u2f->webauthn migrations 2021-06-16 19:06:40 +02:00
Jeremy Lin 06cde29419 Update dependencies
Notably, update `diesel` to 1.4.7 and `libsqlite3-sys` to 0.22.2 to pick up
the fix for CVE-2021-20227 added in SQLite 3.34.1.
2021-06-09 01:44:29 -07:00
BlackDex f270f2ed65 Updated icon fetching and crates.
- Updated some crates
- Updated icon fetching code:
  + Use a cookie jar and set Max-Age to 2 minutes for all cookies
  + Locate the base href tag to fix some locations
  + Changed User-Agent (Helps on some sites to get HTML instead of JS)
  + Reduced HTML code limit from 512KB to 384KB
  + Allow some large icons higer-up in the sort
  + Allow GIF images
  + Ignore cookie_store and hyper::client debug messages
2021-05-16 15:29:13 +02:00
BlackDex 7cb19ef767 Updated branding, email and crates
- Updated branding for admin and emails
- Updated crates and some deprications
- Removed newline-converter because this is built-in into lettre
- Updated email templates to use a shared header and footer template
- Also trigger SMTP SSL When TLS is selected without SSL
  Resolves #1641
2021-05-08 17:46:31 +02:00
Daniel García f76b8a32ca
Update dependencies 2021-05-02 17:48:06 +02:00
rkowalewski 48482fece0
Merge branch 'main' into fix-libressl-332 2021-04-29 08:34:10 +02:00
Roger Kowalewski 1dc1d4df72 update openssl crate to support LibreSSL 3.3.2 2021-04-29 10:04:08 +02:00
Daniel García 34ea10475d
Project renaming 2021-04-27 23:18:32 +02:00
Daniel García ced7f1771a
Update dependencies 2021-04-15 18:38:00 +02:00
Jake Howard f7056bcaa5
Enable socks feature for reqwest
This allowed HTTP_PROXY be set with a socks5 proxy
2021-04-07 19:25:02 +01:00
Jeremy Lin 73ff8d79f7 Add a generic job scheduler
Also rewrite deletion of old sends using the job scheduler.
2021-04-05 23:07:15 -07:00
BlackDex 3a3390963c Icon and SMTP Debug fixes.
- We need to add some feature to enable smtp debugging again. See: https://github.com/lettre/lettre/pull/584
- Upstream added the fallback icon again, probably because of caching ;). See: https://github.com/bitwarden/server/pull/1149
- Enabled gzip and brotli compression support with reqwest. Some sites seem to force this, or assume that because of the User-Agent string it is supported. This caused some failed icons.

Fixes #1540
2021-03-29 10:27:58 +02:00
Daniel García 3e4ff47a38
Update dependencies, particularly openssl to 1.1.1k 2021-03-25 20:05:20 +01:00
Daniel García f9ebb780f9
Update dependencies 2021-03-22 20:00:57 +01:00
Daniel García 431462d839
Update dependencies and enable serde integration for chrono 2021-03-13 22:02:11 +01:00
Daniel García dad1b1bee9
Updated dependencies 2021-03-06 22:04:01 +01:00
Daniel García 9117095764
Update dependencies and web vault 2021-02-24 20:30:19 +01:00
Daniel García c836f88ff2
Remove soup and use a newer html5ever directly 2021-02-07 22:28:02 +01:00
Daniel García 8b660ae090
Swap structopt for a simpler alternative 2021-02-07 20:10:40 +01:00
Daniel García 0680638933
Update dependencies 2021-02-06 16:49:28 +01:00
BlackDex 5860679624 Updated dependencies and small mail fixes
- Updated rust nightly
- Updated depenencies
- Removed unicode support for regex (less dependencies)
- Fixed dependency and nightly changes/deprications
- Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
Daniel García 46df3ee7cd
Updated insecure ws dependency and general dep updates 2020-12-15 22:23:12 +01:00
BlackDex d46a6ac687 Updated dependencies and Dockerfiles
- Updated crates
- Updated rust-toolchain
- Updated Dockerfile to use latest rust 1.48 version
- Updated AMD64 Alpine to use same version as rust-toolchain and support
  PostgreSQL.
- Updated Rocket to the commit right before they updated hyper.
  Until that update there were some crates updated and some small fixes.
  After that build fails and we probably need to make some changes
(which is probably something already done in the async branch)
2020-12-04 13:38:42 +01:00
BlackDex 6faaeaae66 Updated email processing.
- Added an option to enable smtp debugging via SMTP_DEBUG. This will
  trigger a trace of the smtp commands sent/received to/from the mail
server. Useful when troubleshooting.
- Added two options to ignore invalid certificates which either do not
  match at all, or only doesn't match the hostname.
- Updated lettre to the latest alpha.4 version.
2020-11-18 12:07:08 +01:00