Commit Graph

2732 Commits

Author SHA1 Message Date
nico 512b3b9b7c
ci: add trivy workflow (#3997)
* ci: add trivy workflow

to ensure critical and high vulnerabilties are detected quickly

* push trivy-action to 0.13.1
2023-11-05 15:00:24 +01:00
GeekCorner 93da5091e6
feat: Working passkeys storage (#4025) 2023-11-04 03:08:45 +01:00
Daniel García 915496c103
Update web vault to 2023.10.0 2023-11-04 02:55:41 +01:00
Mathijs van Veluw ecb31c85d6
Fix issue with MariaDB/MySQL migrations (#3994)
MariaDB/MySQL doesn't like the normal `"` quotes around the column name.
This needs to be a backtick **`**.

This PR changes the migration script to fix this issue.

Fixes #3993
2023-10-23 12:23:35 +02:00
Mathijs van Veluw d722328f05
Container building changes (#3958)
* WIP: Container building changes

* Small updates

- Updated to rust 1.73.0
- Updated crates
- Updated documentation
- Added a bake.sh script to make baking easier

* Update GitHub Actions Workflow

- Updated workflow to use qemu and buildx bake

In the future i would like to extract the alpine based binaries and add
them as artifacts to the release.

* Address review remarks and small updates

- Addressed review remarks
- Added `podman-bake.sh` script to build Vaultwarden with podman
- Updated README
- Updated crates
- Added `VW_VERSION` support
- Added annotations
- Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
Daniel García cb4b683dcd
Implement cipher key encryption (#3990) 2023-10-23 00:18:14 +02:00
aureateflux 6eaf131922
2FA Confirmation Code Email subject line change to fix triggering Google spam blocker (#3572)
* Update twofactor_email.hbs subject line to avoid triggering gmail content filter

Previous subject line was triggering Google's spam blocker, breaking the 2FA setup process if a gmail SMTP server is configured.  The new subject line does not (currently) run afoul of Google's filter.

* Update twofactor_email.html.hbs subject line to avoid triggering gmail content filter

Previous subject line was triggering Google's spam blocker, breaking the 2FA setup process if a gmail SMTP server is configured.  The new subject line does not (currently) run afoul of Google's filter.

* Update twofactor_email.hbs

Changed "Confirmation" to "Verification" for the sake of internal consistency

* Update twofactor_email.hbs

* Update twofactor_email.html.hbs
2023-10-21 20:50:22 +02:00
Daniel García 8933ac2ee7
Merge pull request #3986 from admav/config_email_change
New config option disable email change
2023-10-21 17:59:25 +02:00
Daniel García 6822e445bb
Merge pull request #3804 from BlackDex/fix-3777
Fix External ID not set during DC Sync
2023-10-21 17:58:51 +02:00
Daniel García 18fbc1ccf6
Merge pull request #3909 from tobiasmboelz/reopen-log-file
Reopen log file on SIGHUP
2023-10-21 17:58:15 +02:00
Adrià Martín 4861f6decc New config option disable email change 2023-10-21 17:14:26 +02:00
Tobias Bölz b435ee49ad tokio::signal::unix::SignalKind::hangup().as_raw_value() insted of 1 2023-10-21 17:14:03 +02:00
Tobias Bölz 193f86e43e reopen removed from Cargo.toml 2023-10-21 17:14:03 +02:00
Tobias Bölz 66a7baa67c Reopen log file on SIGHUP 2023-10-21 17:14:03 +02:00
BlackDex 18d66474e0
Fix External ID not set during DC Sync
While working on the fix I realised the location where the `external_id`
is stored was wrong. It was stored in the `users` table, but it actually
should have been stored in the `users_organizations` table.

This will move the column to the right table. It will not move the
values of the `external_id` column, because if there are more
organizations, there is no way to really know which organization it is
linked to. Setups using the Directory Connector can clear the sync
cache, and sync again, that will store all the `external_id` values at
the right location.

Also changed the function to revoke,restore an org-user and set_external_id to return a boolean.
It will state if the value has been changed or not, and if not, we can
prevent a `save` call to the database.

The `users` table is not changed to remove the `external_id` column, thi
to prevent issue when users want to revert back to an earlier version
for some reason. We can do this after a few minor release i think.

Fixes #3777
2023-10-21 13:54:48 +02:00
Daniel García ff8db4fd78
Merge pull request #3951 from teicee/last-active
Adds LastActive on /admin/users API route
2023-10-21 00:21:58 +02:00
Daniel García b2f9af718e
Merge pull request #3964 from BlackDex/fix-small-issues
Fix small issues
2023-10-21 00:18:21 +02:00
Daniel García 198fd2fc1d
Merge pull request #3965 from AndreasHGK/patch-0
README.md: Fix grammar nit
2023-10-21 00:17:22 +02:00
Daniel García ec8a9c82df
Merge pull request #3981 from teicee/3980-unnecessary-copy
Remove unnecessary variable clone
2023-10-21 00:17:00 +02:00
Mathieu Valois ef5e0bd4e5 Remove unnecessary variable clone 2023-10-17 20:53:10 +02:00
Mathieu Valois 30b408eaa9 LastActive is null instead of 'Never' when never connected 2023-10-17 11:18:39 +02:00
AndreasHGK e205e3b7db
README.md: Fix grammar nit 2023-10-09 22:54:33 +02:00
BlackDex ca1a9e26d8
Remove `SET CONSTRAINTS` during postgres migration
The PostgreSQL migrations do not need this setting.
I tested this by running an old Vaultwarden instance (v1.18.0) on a new
PostrgreSQL database, created a few users and some vault items, after
that run the new code and it doesn't break.

Fixes #3930
2023-10-09 20:55:09 +02:00
BlackDex f3a1385aee
Do not send extra headers for Upgrade connection
During a WebSocket connection we currently also send several headers
which could cause issues with some reverse proxy, or with the CloudFlare
tunnel for example. This PR resolves these issues.

Fixes #3881
2023-10-09 20:11:20 +02:00
Daniel García 008a2cf298
Merge pull request #3859 from stefan0xC/prevent-handlebar-logs
filter handlebars logs
2023-10-08 14:57:23 +02:00
Daniel García f0c9a7fbc3
Merge pull request #3950 from stefan0xC/rename-anonaddy
csp: rename anonaddy.com to addy.io
2023-10-08 14:56:18 +02:00
Daniel García 9162b13123
Merge pull request #3959 from tuhanayim/fix-typos
Fix typos
2023-10-08 14:55:38 +02:00
tuhana 480bf9b0c1
`our selves` -> `ourselves` 2023-10-07 22:07:38 +03:00
Stefan Melmuk f96c5e8a1e filter handlebars logs 2023-10-07 16:24:21 +02:00
tuhana 3d4be24902
Fix typos 2023-10-05 20:08:26 +03:00
Mathieu Valois bf41d74501 Adds LastActive on /admin/users API route 2023-10-03 16:41:06 +02:00
Stefan Melmuk 01e33a4919
csp: rename anonaddy.com to addy.io 2023-10-03 08:21:02 +02:00
Daniel García bc26bfa589
Merge pull request #3911 from BlackDex/fix-arm-build
Fix arm builds
2023-09-22 13:48:11 -06:00
BlackDex ccc51e7580
Fix arm builds
Because of some changes in the packages of Debian we need to add an
extra package to request it also to install
2023-09-22 21:44:20 +02:00
Daniel García 99a59bc4f3
Merge pull request #3910 from BlackDex/update-git-workflow
Update GitHub Workflow
2023-09-22 13:05:53 -06:00
BlackDex a77482575a
Update GitHub Workflow
- Updated GitHub actions
- Fixed an issue with testing MSRV (It didn't)
2023-09-22 20:31:31 +02:00
Daniel García bbd630f1ee
Merge pull request #3831 from BlackDex/fix-3819
Fix Login With Device without MasterPassword
2023-09-02 14:41:44 +02:00
Daniel García d18b793c71
Merge branch 'main' into fix-3819 2023-09-01 23:39:02 +02:00
Daniel García d3a1d875d5
Merge pull request #3821 from stefan0xC/update-to-v2023.8.2
update web-vault to v2023.8.2
2023-09-01 23:37:14 +02:00
BlackDex d6e0ace192
Fix Login With Device without MasterPassword
It looks like either something changed in the latest v2023.8.x versions,
or when using Biometrics to login, but the MasterPasswordHash is an
optional value during the Approve action.

This PR makes the MasterPasswordHash an optional value which resolves
this issues. Bitwarden works the same way.

I also changed the EncKey to an Option in the database since empty
strings as a default value is not nice in databases, better to use
`null` in these cases.

Fixes #3819
2023-09-01 21:03:50 +02:00
Stefan Melmuk 60cbfa59bf
update web-vault to v2023.8.2 2023-09-01 07:45:48 +02:00
Daniel García 5ab7010c37
Fix reference to rust-toolchain.toml in Docker 2023-09-01 00:12:48 +02:00
Daniel García ad2cfd8b97
Merge pull request #3808 from BlackDex/update-rust-and-crates
Update Rust and Crates
2023-09-01 00:07:14 +02:00
BlackDex 32543c46da
Update Rust and Crates
- Updated Rust to v1.72.0
- Updated all the crates
  Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21
- Updated GitHub Workflows
- Run `cargo fmt` which has some new fmt's
- Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-31 22:45:53 +02:00
Daniel García 66bff73ebf
Merge pull request #3730 from BlackDex/update-admin-interface
Update admin interface
2023-08-31 21:31:10 +02:00
BlackDex 83d5432cbf
Update admin interface
- Updated the admin interface dependencies.
- Replace bootstrap-native with bootstrap
- Added auto theme with an option to switch to dark/light
- Some small color changes
- Added an dev only function to always load static files from disk
2023-08-31 21:14:53 +02:00
Daniel García f579a4154c
Merge pull request #3806 from BlackDex/fix-3776
Allow Authorization header for Web Sockets
2023-08-31 20:46:07 +02:00
Daniel García f5a19c5f8b
Merge pull request #3797 from stefan0xC/add-plans-all-endpoint
add new secretsmanager plan for web-v2023.8.x
2023-08-31 20:37:04 +02:00
BlackDex aa9bc1f785
Allow Authorization header for Web Sockets
Some clients (Thirdparty) might use the `Authorization` header instead
of a query param. We didn't supported this since all the official
clients do not seem to use this way of working. But Bitwarden does check
both ways.

This PR adds an extra check for this header which can be optional.

Fixes #3776
2023-08-31 12:35:20 +02:00
Stefan Melmuk f162e85e44
add UserDecryptionOptions to login response (#3813)
needed for web-v2023.8.2+ compatibility due to the inclusion of the new
trusted device encryption feature. without this change, the web vault
will assume that you don't have a master password set and force you to
set one.
2023-08-31 11:02:36 +02:00