Daniel García
d292269ea0
Make the blacklist logic be cached
2019-10-10 23:21:22 +02:00
BlackDex
ebf40099f2
Updated authenticator TOTP
...
- Added security check for previouse used codes
- Allow TOTP codes with 1 step back and forward when there is a time
drift. This means in total 3 codes could be valid. But only newer codes
then the previouse used codes are excepted after that.
2019-10-10 17:32:20 +02:00
BlackDex
edc482c8ea
Changed HIBP Error message.
...
- Moved the manual link to the check to the top.
- Clearified that hibp is a payed service.
- Changed error logo to hibp logo.
2019-10-08 22:29:12 +02:00
BlackDex
6e5c03cc78
Some modification when no HIBP API Key is set
...
- Added an URL with the useraccount for manual check.
- Added support for HTTP(S)_PROXY for hibp.
2019-10-08 21:39:11 +02:00
Daniel García
881c1978eb
Error when the URL scheme doesn't match the database type
2019-10-08 19:34:47 +02:00
Daniel García
662bc27523
Updated dependencies and fixed disable_admin_token description
2019-10-08 19:33:27 +02:00
Daniel García
e6b763026e
Merge branch 'master' into icon-security
2019-10-05 16:45:36 +02:00
Daniel García
c182583e09
Merge pull request #644 from BlackDex/issue-565
...
Fixed issue #565
2019-10-05 16:17:43 +02:00
Daniel García
d821389c2e
Merge pull request #639 from vverst/cors-update
...
Change CORS headers
2019-10-05 16:09:33 +02:00
BlackDex
be2916333b
Fixed issue #565
...
Issue fixed by omitting the cookie header when cookie_str is empty
2019-10-05 15:45:09 +02:00
BlackDex
9124d8a3fb
Updated icon blacklisting.
...
- Blacklisting was not effective for redirects and rel href
- Able to blacklist non global IP's like RFC1918, multicast etc...
2019-10-05 14:48:15 +02:00
vpl
7b1da527a6
Change CORS headers
...
Only add Allow-Origin to all requests and move the others to preflight OPTIONS request.
If Origin is `file://` change it to the wildcard.
2019-10-01 20:12:33 +02:00
Miro Prasil
d6e9af909b
Remove the unnecessary check for sqlite
...
The binary we use is called `sqlite3` so no need to check for other
name variants as we won't use those anyways.
2019-10-01 10:40:22 +01:00
Miro Prasil
acdd42935b
Add sqlite binary into the docker images
...
This is done to enable backup functionality in the admin interface while
we're waiting for the libsqlite-sys 0.17 to bubble up in the upstream
dependencies. Then we can start using `VACUUM INTO`
This also extends the check for the sqlite binary to also try `sqlite3`
as this is the name of the binary in baseimage distributions we use.
2019-09-30 13:54:06 +01:00
vpl
56f12dc982
Use Access-Control-Allow-Method
2019-09-23 07:44:44 +02:00
Daniel García
4c07f05b3a
Remove Result<T, E: Debug> in preparation of deprecation as Rocket responder.
...
Removed unnecessary returns
2019-09-17 21:05:56 +02:00
Michael Powers
f5f9861a78
Adds support for PostgreSQL which resolves #87 and is mentioned in #246 .
...
This includes migrations as well as Dockerfile's for amd64.
The biggest change is that replace_into isn't supported by Diesel for the
PostgreSQL backend, instead requiring the use of on_conflict. This
unfortunately requires a branch for save() on all of the models currently
using replace_into.
2019-09-12 16:12:22 -04:00
Daniel García
df8114f8be
Updated client kdf iterations to 100000 and fixed some lints
2019-09-05 21:56:12 +02:00
vpl
5a2f968d7a
Set correct response headers, status code
2019-09-02 21:13:12 +02:00
vpl
16d88402cb
Initial version of CORS support
2019-09-01 13:00:12 +02:00
Daniel García
7dcf18151d
Fix onsubmit
2019-08-31 17:57:47 +02:00
Daniel García
e3404dd322
Use the local scripts instead of cloudflare, remove jquery and update config so disabling a master toggle doesn't remove the values
2019-08-31 17:47:52 +02:00
Daniel García
bfc517ee80
Remove unused warning
2019-08-31 17:26:16 +02:00
Daniel García
4a7d2a1e28
Rename static files endpoint
2019-08-31 17:25:31 +02:00
Daniel García
c07c9995ea
Merge pull request #555 from vverst/email-codes
...
Add Email 2FA login
2019-08-27 21:07:41 +02:00
ViViDboarder
672a245548
Remove unecessary clone
2019-08-27 10:40:38 -07:00
vpl
5d50b1ee3c
Merge remote-tracking branch 'upstream/master' into email-codes
2019-08-26 21:38:45 +02:00
vpl
c99df1c310
Compare token using crypto::ct_eq
2019-08-26 20:26:59 +02:00
vpl
591ae10144
Get token from single u64
2019-08-26 20:26:54 +02:00
ViViDboarder
2d2745195e
Allow explicitly defined smtp auth mechansim
2019-08-23 16:22:14 -07:00
Daniel García
026f9da035
Allow removing users two factors
2019-08-21 17:13:06 +02:00
Daniel García
d23d4f2c1d
Allow editing HIBP key in the admin panel
2019-08-20 23:53:00 +02:00
Daniel García
515b87755a
Update HIBP to v3, requires paid API key, fixes #583
2019-08-20 20:07:12 +02:00
vpl
ee7837d022
Add option to require new device emails
2019-08-19 22:14:00 +02:00
Daniel García
07743e490b
Ignore error sending device email
2019-08-18 19:32:26 +02:00
BlackDex
e7b6238f43
Added reqwest proxy support
2019-08-12 17:24:32 +02:00
vpl
ad2225b6e5
Add configuration options for Email 2FA
2019-08-10 22:39:04 +02:00
vpl
5609103a97
Use ring to generate email token
2019-08-06 22:38:08 +02:00
vpl
6d460b44b0
Use saved token for email 2fa codes
2019-08-04 17:21:57 +02:00
vpl
efd8d9f528
Remove some unused imports, unneeded mut variables
2019-08-04 16:56:41 +02:00
vpl
29aedd388e
Add email code logic and move two_factor into separate modules
2019-08-04 16:56:41 +02:00
vpl
27e0e41835
Add email authenticator logic
2019-08-04 16:56:39 +02:00
vpl
0b60f20eb3
Add email message for twofactor email codes
2019-08-03 18:49:34 +02:00
Daniel García
c9c3f07171
Updated dependencies and fixed panic getting icons
2019-07-30 19:42:05 +02:00
vpl
df71f57d86
Move send device email to end of password login
...
Send new device email after two factor authentication.
2019-07-25 21:10:27 +02:00
vpl
60e39a9dd1
Move retrieve/new device from connData to separate function
2019-07-22 12:30:26 +02:00
vpl
bc6a53b847
Add new device email when user logs in
2019-07-22 08:26:24 +02:00
Daniel García
05a1137828
Move backend checks to build.rs to fail fast, and updated dependencies
2019-07-09 17:26:34 +02:00
Nick Fox
2e300da057
Fix #468 - Percent-encode the email address in invite link
2019-07-02 22:55:13 -04:00
Cubity_First
6989fc7bdb
Corrected Spelling
...
Changed it from Chache to Cache on Line 207
2019-06-18 15:45:19 +01:00
Daniel García
76f38621de
Update dependencies and remove unwraps from Cipher::to_json
2019-06-14 22:51:50 +02:00
Daniel García
12af32b9ea
Don't print DB URL
2019-06-02 13:39:16 +02:00
Daniel García
9add8e19eb
Update dependencies and remove travis unused feature
2019-06-02 00:28:20 +02:00
Daniel García
5710703c50
Make sure the backup option only appears when using sqlite
2019-06-02 00:08:52 +02:00
Daniel García
1322b876e9
Merge pull request #493 from endyman/feature/initial_mysql_support
...
Initial support for mysql
2019-06-01 23:33:06 +02:00
Daniel García
9ed2ba61c6
Merge pull request #475 from TheMardy/master
...
Create Backup funcitonality
2019-06-01 23:29:58 +02:00
Nils Domrose
62a461ae15
remove syslog from ci, make features flag more clear
2019-05-30 22:19:58 +02:00
Nils Domrose
4859932d35
fixed typo
2019-05-28 07:48:17 +02:00
Nils Domrose
dc36f0cb6c
re-added sqlite check_db code, cleanup
2019-05-27 22:58:52 +02:00
Nils Domrose
ff759397f6
initial mysql support
2019-05-26 23:03:05 +02:00
Emil Madsen
233b48bdad
Fix missing joinable in schema
2019-05-20 21:30:31 +02:00
Emil Madsen
e22e290f67
Fix key and type variable names for mysql
2019-05-20 21:24:29 +02:00
Emil Madsen
ab95a69dc8
Rework migrations for MySQL
2019-05-20 21:12:41 +02:00
Emil Madsen
85c8a01f4a
Merge branch 'master' of github.com:Skeen/bitwarden_rs
2019-05-20 19:53:18 +02:00
Emil Madsen
42af7c6dab
MySQL database
2019-05-20 19:53:14 +02:00
Daniel García
4f45cc081f
Update ring to 0.14, jwt to 6.0, and u2f
2019-05-11 23:18:18 +02:00
TheMardy
ef551f4cc6
Create Backup funcitonality
...
Added create backup functionality to the admin panel
2019-05-03 15:46:29 +02:00
Daniel García
5521a86693
Change path for served images to avoid collision with vault images
2019-05-01 16:19:22 +02:00
Daniel García
3160780549
Merge pull request #401 from TheMardy/master
...
Images in Email Templates
2019-04-30 17:52:10 +02:00
TheMardy
f0701657a9
Changed to Bitwarden_RS Logo
2019-04-30 16:08:53 +02:00
Daniel García
874f5c34bd
Formatting
2019-04-26 22:08:26 +02:00
Daniel García
253faaf023
Use users duo host when required, instead of always using the global one
2019-04-15 13:07:23 +02:00
Daniel García
3d843a6a51
Merge pull request #460 from janost/organization-vault-purge
...
Fixed purging organization vault
2019-04-14 22:30:51 +02:00
janost
03fdf36bf9
Fixed purging organization vault
2019-04-14 22:12:48 +02:00
Daniel García
fdcc32beda
Validate Duo credentials when custom
2019-04-14 22:05:05 +02:00
Daniel García
bf20355c5e
Merge branch 'duo'
2019-04-14 22:02:55 +02:00
Daniel García
0136c793b4
Implement better user status API, in the future we'll probably want a way to disable users.
...
We should migrate from the empty password hash to a separate column then.
2019-04-13 00:01:52 +02:00
Daniel García
2e12114350
Always create the user when inviting from admin panel
2019-04-12 23:44:49 +02:00
ViViDboarder
d3a8a278e6
Add new endpoint for retrieving all users
2019-04-11 11:24:53 -07:00
Daniel García
8d9827c55f
Implement selection between global config and user settings for duo keys.
2019-04-11 18:40:03 +02:00
Daniel García
cad63f9761
Auto generate akey
2019-04-11 16:08:26 +02:00
Daniel García
bf446f44f9
Enable DATA_FOLDER to affect default CONFIG_FILE path
2019-04-11 15:41:13 +02:00
Daniel García
621f607297
Update dependencies and fix some warnings
2019-04-11 15:40:19 +02:00
Daniel García
754087b990
Add global duo config and document options in .env template
2019-04-07 18:58:15 +02:00
Daniel García
cfbeb56371
Implement user duo, initial version
...
TODO:
- At the moment each user needs to configure a DUO application and input the API keys, we need to check if multiple users can register with the same keys correctly and if so we could implement a global setting.
- Sometimes the Duo frame doesn't load correctly, but canceling, reloading the page and logging in again seems to fix it for me.
2019-04-05 22:09:53 +02:00
Daniel García
c5832f2b30
With the latest fern, syslog can be a config option instead of a build flag
2019-03-29 20:27:20 +01:00
Daniel García
2475c36a75
Implement log_level config option
2019-03-25 14:23:14 +01:00
Daniel García
c384f9c0ca
Set default log level to Info, we don't use debug anyway and it just fills the logs with other crates info.
2019-03-25 14:21:50 +01:00
BlackDex
6b686c18f7
Fixed long e-mail message extending 1000 lines.
...
- Added quoted_printable crate to encode the e-mail messages.
- Change the way the e-mail gets build to use custom part headers.
2019-03-25 09:48:19 +01:00
Nick Fox
7976d39d9d
Adjust whitespace
2019-03-20 23:29:29 -04:00
Nick Fox
5ee9676941
Break up long line to stop SMTP from breaking
2019-03-20 23:24:30 -04:00
Daniel García
4b40cda910
Added domain blacklist regex for icons service and improved valid domain check.
...
Reorganized the icons code a bit.
2019-03-18 22:12:39 +01:00
Daniel García
4689ed7b30
Changed uppercase deserializer to avoid a clone.
2019-03-18 22:02:37 +01:00
Daniel García
61515160a7
Allow changing error codes and create an empty error.
...
Return 404 instead of 400 when no accounts breached.
2019-03-14 00:17:36 +01:00
Daniel García
e93538cea9
Add option to use wrapped TLS in email, instead of STARTTLS upgrade
2019-03-10 14:45:42 +01:00
Daniel García
b4244b28b6
Update admin page scripts and fixed broken tooltip
2019-03-09 14:41:34 +01:00
Daniel García
43f9038325
Add option to force resync clients in admin panel
2019-03-07 21:08:33 +01:00
Daniel García
339044f8aa
Add warning about config panel values overriding env vars.
2019-03-07 20:22:02 +01:00
Daniel García
0718a090e1
Trim spaces from admin token during authentication and validate that the admin panel token is not empty
2019-03-07 20:21:50 +01:00
Daniel García
9e1f030a80
Explicitly close SMTP connection in case of error.
2019-03-07 20:21:10 +01:00
Daniel García
04922f6aa0
Some formatting and dependency updates
2019-03-03 16:11:55 +01:00
Daniel García
7d2bc9e162
Added option to force 2fa at logins and made some changes to two factor code.
...
Added newlines to config options to keep them a reasonable length.
2019-03-03 16:09:15 +01:00
Daniel García
10756b0920
Update dependencies and fix some lints
2019-02-27 17:21:04 +01:00
Frank Petrilli
d156170971
Minor typo fix conect => connect
2019-02-24 16:08:38 -08:00
Дамјан Георгиевски
473f8b8e31
remove some unneeded mutability
2019-02-22 20:25:50 +01:00
Daniel García
5794969f5b
Merge pull request #406 from shauder/feature/disable-admin-token
...
Allow the Admin token to be disabled in the advanced menu
2019-02-20 23:06:52 +01:00
Shane Faulkner
8b5b06c3d1
Allow the Admin token to be disabled in the advanced menu
2019-02-20 14:56:08 -06:00
Daniel García
b50c27b619
Print a warning when an env variable is being overriden by the config file, and reorganize the main file a bit.
...
Modified the JWT key generation, now it should also show the output of OpenSSL in the logs.
2019-02-20 20:59:37 +01:00
Daniel García
5ee04e31e5
Updated dependencies, removed some unnecessary clones and fixed some lints
2019-02-20 17:54:18 +01:00
Daniel García
bf6ae91a6d
Remove margins on small devices
2019-02-18 20:43:34 +01:00
Daniel García
828e3a5795
Add extra padding when the toolbar collapses in small devices
2019-02-18 20:33:32 +01:00
Daniel García
7b5bcd45f8
Show read-only options in the config panel and the env variable names in the tooltips
2019-02-18 19:25:33 +01:00
Miroslav Prasil
0b903fc5f4
Extended the template file and refer to wiki
2019-02-18 14:57:21 +00:00
Miroslav Prasil
4df686f49e
Add an option to not enable WAL (should help in #399 )
2019-02-18 10:48:48 +00:00
Daniel García
d7eeaaf249
Escape user data from admin panel when calling JS
2019-02-17 15:24:14 +01:00
TheMardy
84fb6aaddb
Set correct MIME type
2019-02-17 01:08:24 +01:00
Daniel García
a744b9437a
Implemented multiple U2f keys, key names, and compromised checks
2019-02-16 23:07:48 +01:00
Daniel García
6027b969f5
Delete old devices when deauthorizing user sessions
2019-02-16 23:06:26 +01:00
Daniel García
93805a5d7b
Fix Yubikeys deleted on error
2019-02-16 21:30:55 +01:00
TheMardy
8526055bb7
Added images to email templates
2019-02-16 03:48:23 +01:00
TheMardy
a79334ea4c
Added static email image routes
2019-02-16 03:44:30 +01:00
Daniel García
d3773a433a
Removed list of mounted routes at startup by default, with option to add it back. This would get annoying when starting the server frequently, because it printed ~130 lines of mostly useless info
2019-02-13 00:03:16 +01:00
Daniel García
0f0a87becf
Add version to initial message
2019-02-12 22:47:00 +01:00
BlackDex
3b27dbb0aa
Added config option for icon download timeout
2019-02-12 21:56:28 +01:00
Daniel García
9636f33fdb
Implement constant time equal check for admin, 2fa recover and 2fa remember tokens
2019-02-11 23:45:55 +01:00
Daniel García
79fdfd6524
Add missing url parameter
2019-02-10 21:40:20 +01:00
Daniel García
d086a99e5b
Implemented HTML emails with text alternative
2019-02-10 19:12:34 +01:00
TheMardy
22b0b95209
Added HTML templates (+14 squashed commit)
...
Squashed commit:
[ece2260] Plaintext send_org_invite
[01d4884] Plaintext pw_hint_some
[6ce5173] Plaintext pw_hint_none
[881af3e] Plaintext invite_confirmed
[ce78621] Plaintext invite_accepted
[13a44a4] Rename send_org_invite.hbs to send_org_invite.html.hbs
[b52bf2f] Rename pw_hint_some.hbs to pw_hint_some.html.hbs
[e0d1aeb] Rename pw_hint_none.hbs to pw_hint_none.html.hbs
[898dbcd] Rename invite_confirmed.hbs to invite_confirmed.html.hbs
[107af31] Rename invite_accepted.hbs to invite_accepted.html.hbs
[d26d662] Updated send_org_invite template
[71f47af] Updated pw_hint_some template
[c2ca3c2] Updated pw_hint_none template
[50f8bfb] Updated invite_accepted template
[17f96f8] Updated invite_confirmed template
2019-02-10 19:04:18 +01:00
Daniel García
28d1588e73
Show version in admin panel
2019-02-10 16:02:46 +01:00
Daniel García
f3b1a5ff3e
Error when admin panel is disabled
2019-02-10 15:26:19 +01:00
Daniel García
330e90a6ac
Hide secrets in config panel
2019-02-08 20:49:04 +01:00
Daniel García
820c8b0dce
Change use of deserialize_with for Option iterator
2019-02-08 19:12:08 +01:00
Daniel García
8b4a6f2a64
Fixed some clippy lints and changed update_uuid_revision to only use one db query
2019-02-08 18:45:07 +01:00
Daniel García
ef63342e20
Add reset user config button
2019-02-06 17:34:32 +01:00
Daniel García
89840790e7
Fix .env path traversal issue
2019-02-06 17:34:31 +01:00
Daniel García
a72809b225
Yubico and SMTP enable/disable master switches
2019-02-06 17:34:31 +01:00
Daniel García
9976e4736e
Add groups
2019-02-06 17:34:31 +01:00
Daniel García
dc92f07232
Added env variable to select config file. Initial work towards groups and added tooltips with descriptions and nicer names
2019-02-06 17:34:30 +01:00
Daniel García
3db815b969
Implemented config form and fixed config priority
2019-02-06 17:34:30 +01:00
Daniel García
ade293cf52
Save config
2019-02-06 17:34:29 +01:00
Daniel García
877408b808
Implement basic config loading and updating. No save to file yet.
2019-02-06 17:34:29 +01:00
Daniel García
86ed75bf7c
Config can now be serialized / deserialized
2019-02-06 17:34:29 +01:00
Daniel García
20d8d800f3
Updated dependencies
2019-02-06 17:34:29 +01:00
Miroslav Prasil
08ca47cadb
Update revision when adding or removing cipher from collection
2019-02-06 14:47:47 +00:00
Miroslav Prasil
5272b465cc
Update revision of affected users when deleting Collection
2019-02-06 13:39:32 +00:00
Miroslav Prasil
637f655b6f
Do not allocate uneccessary Vec
2019-02-05 14:16:07 +00:00
Miroslav Prasil
b3f7394c06
Do not update revision at the end, as we already did that
2019-02-05 14:09:59 +00:00
Miroslav Prasil
1a5ecd4d4a
cipher does not need to be mutable
2019-02-05 13:52:30 +00:00
Miroslav Prasil
bd65c4e312
Remove superfluous cipher.save() call
2019-02-05 13:49:30 +00:00
Miroslav Prasil
bce656c787
Retry updating revision - fixes #383
2019-02-05 11:52:11 +00:00
BlackDex
9026cc8d42
Fixed issue when the iconlist is smaller then 5
...
When the iconlist was smaller then 5 items, it would cause a panic.
Solved by using .truncate() on the iconlist.
2019-02-04 17:27:40 +01:00
BlackDex
574b040142
Loop through the iconlist until an icon is found
...
Loop for a maximum of 5 times through the iconlist or until a
successful download of an icon.
2019-02-04 16:59:52 +01:00
BlackDex
c13f115473
Fixed issue #380
...
- Created a separate function for parsing the sizes attribute
- Parsing sizes now with regex
- Should work with any non-digit separator
2019-02-04 12:55:39 +01:00
BlackDex
bc461d9baa
Some small changes on the iter of the cookies
2019-01-31 17:58:03 +01:00
BlackDex
5016e30cf2
Added cookies to the icon download request.
...
Some sites use XSRF Tokens, or other Tokens to verify a subseqense
response. The cookies which are sent during the page request are now
used when downloading the favicon.
A site which uses this is mijn.ing.nl.
2019-01-31 15:49:58 +01:00
Daniel García
f42ac5f2c0
Update web vault error message
2019-01-29 21:45:25 +01:00
Daniel García
2a60414031
Reuse the client between requests, and use the client when downloading the icons themselves
2019-01-29 21:21:26 +01:00
BlackDex
feb74a5e86
Changed the way to fix the href
...
- Using url from reqwest to fix href, this fixes:
+ "//domain.com/icon.png"
+ "relative/path/to/icon.png"
+ "/absolute/path/to/icon.png"
- Removed fix_href function
- Some variable changes
2019-01-29 18:08:23 +01:00
Daniel García
c0e350b734
Disable icon downloads, accept optional query after icon href, format and clippy fixes
2019-01-28 23:58:32 +01:00
Daniel García
bef1183c49
Only send one notification per vault import and purge, improve move ciphers functions
2019-01-28 00:39:14 +01:00
Daniel García
f935f5cf46
Remove local icon extractor
2019-01-27 16:42:30 +01:00
Daniel García
07388d327f
Merge pull request #370 from BlackDex/favicons
...
Added better favicon downloader.
2019-01-27 16:37:47 +01:00
BlackDex
4de16b2d17
Removed unwrap and added ?
2019-01-27 16:25:02 +01:00
BlackDex
da068a43c1
Moved function call to get_icon_url to prevent error bubbeling
2019-01-27 16:03:18 +01:00
BlackDex
9657463717
Added better favicon downloader.
2019-01-27 15:39:19 +01:00
Daniel García
69036cc6a4
Add disabled user badge (no password) and deauthorize button to admin page.
2019-01-26 19:28:54 +01:00
Daniel García
700e084101
Add 2FA icon to admin panel
2019-01-25 18:50:57 +01:00
Daniel García
a1dc47b826
Change config to thread-safe system, needed for a future config panel.
...
Improved some two factor methods.
2019-01-25 18:24:57 +01:00
Daniel García
86de0ca17b
Fix editing users from collections menu
2019-01-25 17:43:51 +01:00
Stephen White
fc0e239bdf
No point calling find_by_uuid now we don't use the result.
2019-01-25 14:25:15 +00:00
Stephen White
928ad6c1d8
Fix the list of users with access to a collection to display correctly.
...
https://github.com/dani-garcia/bitwarden_rs/issues/364
2019-01-25 14:18:06 +00:00
Daniel García
ddd49596ba
Fix invite empty email
2019-01-22 17:26:17 +01:00
Daniel García
b8cabadd43
Fix admin page links
2019-01-21 23:41:27 +01:00
Daniel García
ce42b07a80
Update Diesel to 1.4 and other dependencies
2019-01-21 15:29:52 +01:00
Daniel García
bfd93e5b13
Show organizations in admin panel, implement reload templates option
2019-01-20 17:43:56 +01:00
Daniel García
a797459560
Implement HIBP check [WIP].
...
Add extra security attributes to admin cookie.
Error handling.
2019-01-20 15:36:33 +01:00
Daniel García
6cbb683f99
Rename admin templates to match email
2019-01-19 22:59:32 +01:00
Daniel García
92bbb98d48
Created base template
2019-01-19 22:12:52 +01:00
Daniel García
834c847746
Implement admin JWT cookie, separate JWT issuers for each type of token and migrate admin page to handlebars template
2019-01-19 21:41:49 +01:00
Daniel García
97aa407fe4
Move email templates to subfolder
2019-01-19 17:40:18 +01:00
TBK
d8116a80df
Add Feature-Policy header
2019-01-17 21:08:31 +01:00
Daniel García
e0aec8d373
Use new i64::to_be_bytes and remove byteorder dep
...
(https://doc.rust-lang.org/stable/std/primitive.i64.html#method.to_be_bytes )
2019-01-16 22:14:17 +01:00
Daniel García
1ce2587330
Correct update cipher order: first save cipher, then cipher-folder, then notify
2019-01-16 19:57:49 +01:00
Miroslav Prasil
71a10e0378
Fix sharing the item to organization.
2019-01-16 11:33:43 +00:00
Daniel García
9bf13b7872
Can't return inside multipart closure
2019-01-15 22:00:41 +01:00
Daniel García
d420992f8c
Update some function calls to use ?
2019-01-15 21:47:16 +01:00
Daniel García
c259a0e3e2
Save recovery code when using yubikey and stop repeating headers.user everywhere
2019-01-15 21:38:21 +01:00
Daniel García
432be274ba
Improve org mismatch check, consider different orgs
2019-01-15 17:31:03 +01:00
Daniel García
484bf5b703
Check that the client is not updating an outdated cipher, that should be part of an org now
2019-01-15 16:35:08 +01:00
Daniel García
4bf32af60e
Fix folder notifications, enable template strict mode and add missing option to env template
2019-01-15 15:28:47 +01:00
Daniel García
0e4a746eeb
Added SMTP_FROM_NAME
2019-01-15 15:28:47 +01:00
Daniel García
2fe919cc5e
Embed the default templates
2019-01-15 15:28:46 +01:00
Daniel García
bcd750695f
Default to $data_folder/templates and remove dev option (use TEMPLATES_FOLDER=src/static/templates
instead)
2019-01-15 15:28:46 +01:00
Daniel García
19b6bb0fd6
Initial stab at templates
2019-01-15 15:28:46 +01:00
Daniel García
f571df7367
Revert yubikey feature, not needed anymore
2019-01-12 15:28:41 +01:00
Daniel García
de51bc782e
Updated dependencies, removing need for yubico fork
2019-01-12 15:23:46 +01:00
Daniel García
c5aef60bd7
Implement unofficial warning message
2019-01-11 14:20:42 +01:00
Daniel García
6f52104324
Fix casing error in Attachment, should fix 'Attachment doesn't exist' errors
2019-01-11 01:35:15 +01:00
Daniel García
1d7f704754
Send CipherUpdate when adding and deleting attachments
2019-01-11 01:12:54 +01:00
Daniel García
1d034749f7
Fix AArch64 build by disabling yubico
2019-01-10 23:54:01 +01:00
Daniel García
320266606e
Implement put collections
2019-01-08 20:27:28 +01:00
Daniel García
a0a08c4c5a
Include IP in invalid admin token error
2019-01-08 16:17:18 +01:00
Daniel García
4309df8334
Only create invitations when SMTP is disabled, and ignore invitations if we have a token.
...
Disallow users from accepting invitation twice
2019-01-08 15:42:26 +01:00
Daniel García
f1161c65fb
Make sure an invitation is created when reinviting
2019-01-08 14:05:05 +01:00
Daniel García
50eeb4f651
Remove whitespace before processing tokens
2019-01-07 20:37:14 +01:00
Daniel García
21b85b78b1
Changed reinvite check and removed obsolete comment
2019-01-07 15:29:57 +01:00
Daniel García
673adde9f1
Make the admin retype the user name before deleting
2019-01-07 14:48:10 +01:00
Daniel García
c9063a06b4
Print unauthorized error message
2019-01-07 02:18:51 +01:00
Daniel García
5e37471488
Merge pull request #323 from njfox/invite_accepted_email
...
Send email notifications when invitations are accepted/confirmed
2019-01-06 14:12:24 +01:00
Nick Fox
0a74e79cea
Refactor generate_invite_claims, make org_name and org_id optional
2019-01-05 23:03:49 -05:00
Nick Fox
7db66f73f0
Refactor invited_by_email check
2019-01-05 13:46:45 -05:00
Nick Fox
2f5bdc23f6
Fix formatting and add vault link to notification emails
2019-01-05 13:36:08 -05:00
Nick Fox
cec28a85ac
Update admin page to work with new invitation flow
2019-01-04 10:32:51 -05:00
Daniel García
5f49ecd7f3
Updated dependencies to use u2f crate directly, and some style changes
2019-01-04 00:25:38 +01:00
Nick Fox
736c0e62f2
Send emails to inviters/invitees when invites are accepted/confirmed
2019-01-02 22:20:39 -05:00
Nick Fox
43eb064351
Replace invite/reinvite email functions with generic send_email
2019-01-02 22:19:44 -05:00
Daniel García
30e768613b
Start using rustfmt and some style changes to make some lines shorter
2018-12-30 23:34:31 +01:00
Daniel García
adb8052689
Updated Error to implement Display and Debug, instead of using custom methods
2018-12-30 21:43:56 +01:00
Daniel García
1483829c94
Removed invalid todo
2018-12-30 21:43:56 +01:00
Daniel García
acb9d1b3c6
Remove config option for admin email, embdedded admin page, managed IO::Error, and added security and cache headers globally
2018-12-30 21:43:56 +01:00
Daniel García
301919d9d4
Modified navigation bar and corrected some comments
2018-12-30 21:43:55 +01:00
Daniel García
2bb0b15e04
Implemented better errors for JWT
2018-12-30 21:43:55 +01:00
Daniel García
250a2b340f
Use new Errors in latest changes
2018-12-30 21:43:55 +01:00
Daniel García
b2fc0499f6
Finish invite functionality, and remove virtual organization
2018-12-30 21:40:26 +01:00
Daniel García
6a99849a1e
Implemented proper error handling, now we can do user.save($conn)?;
and it works.
...
In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
2018-12-30 21:31:12 +01:00
Daniel García
172f1770cf
Embed the icon in the binary, no need to download when it's not going to change
2018-12-30 21:31:12 +01:00
Daniel García
1b5134dfe2
Fixed delete user when 2FA is enabled, implemented delete user for admin panel, and the front-end part for invite user. Secured admin panel behind a configurable token.
2018-12-30 21:31:11 +01:00
Daniel García
5fecf09631
Initial version of admin panel, list users and reload user list works. No serious auth method yet, password is 'token123'
2018-12-30 21:31:11 +01:00
Daniel García
7d7d8afed9
Merge pull request #318 from njfox/reinvite_endpoint
...
Add email reinvite endpoint
2018-12-30 21:22:26 +01:00
Nick Fox
f20c4705d9
Refactor invite claims and disallow reinvites to virtual_org
2018-12-30 00:19:01 -05:00
Nick Fox
3142d8d01f
Add more detail to invitation not found error
2018-12-29 23:28:19 -05:00
Nick Fox
84fa5a4ed6
Implement reinvite endpoint
2018-12-29 23:24:38 -05:00
Daniel García
004a3f891f
Merge pull request #315 from aksdb/master
...
Restrict join on users_collections to current user (fixes #313 )
2018-12-28 21:06:30 +01:00
Andreas Schneider
e7ea5097f4
Restrict join on users_collections to current user ( fixes #313 )
2018-12-28 15:25:51 +01:00
Miroslav Prasil
8451a70de6
Rewrite find_by_user_uuid to use one query
2018-12-27 18:56:01 +01:00
Nick Fox
ec715d78fb
Change log timestamp format so fail2ban can parse it
2018-12-26 11:54:31 -05:00
Nick Fox
b0ac640d8b
Use JWT to validate existing user invites
2018-12-23 15:15:44 -05:00
Daniel García
2b24b17609
Merge pull request #295 from njfox/invite_emails
...
Add Email Invite Functionality
2018-12-21 16:04:19 +01:00
Nick Fox
2cd736ab81
Validate JWT if a user registers with SMTP invites enabled
2018-12-20 22:16:41 -05:00
Nick Fox
99256b9b3a
Prefix unused params with underscore
2018-12-20 21:37:03 -05:00
Nick Fox
26bf7bc12f
Use upstream jslib invite/registration workflow
2018-12-18 23:16:03 -05:00
Daniel García
b3ec8f2611
Merge pull request #302 from tycho/icon-cache-ttl
...
implement TTLs for icon cache
2018-12-18 23:34:16 +01:00
Steven Noonan
a55c048a62
icons: implement positive/negative cache TTLs
...
Signed-off-by: Steven Noonan <steven@uplinklabs.net>
2018-12-18 13:33:32 -08:00
Steven Noonan
848cd1dbec
add environment variables for ICON_CACHE_TTL and ICON_CACHE_NEGTTL
...
These aren't used yet, but will be utilized by the icon caching service
in a subsequent patch.
Signed-off-by: Steven Noonan <steven@uplinklabs.net>
2018-12-18 13:33:31 -08:00
Daniel García
149e69414f
Merge pull request #293 from dheimerl/patch-1
...
Update web.rs
2018-12-18 19:00:43 +01:00
dheimerl
9a7d3634d5
Changed frame-ancestors to use 'self'
2018-12-18 10:19:35 -06:00
dheimerl
7f7c936049
Fixed web.rs
2018-12-17 22:59:53 -06:00
Nick Fox
9479108fb7
Remove CONFIG.email_invitations
2018-12-17 17:10:09 -05:00
Nick Fox
042c1072d9
Remove CONFIG.email_invitation option
2018-12-17 17:02:15 -05:00
Daniel García
5a9aab1a32
Implement fromform, and ignore case and underscores, fixes #298
2018-12-16 20:00:16 +01:00
dheimerl
037eb0b790
Update web.rs
...
Add frame-ancestors to allow U2F to work in Chrome (and possibly Firefox) extension
2018-12-15 13:23:07 -06:00
Nick Fox
4910b14d57
Implement email invitations and registration workflow
2018-12-14 21:56:00 -05:00
Nick Fox
d428120ec6
Add email_invitations config option
2018-12-14 21:54:44 -05:00
Nick Fox
e2907f4250
Add invite email functionality
2018-12-14 21:54:03 -05:00
Nick Fox
680f5e83d8
Add Invite JWT struct and supporting functions
2018-12-14 21:52:16 -05:00
Daniel García
4e827e4f8a
Implement better retry and use it while saving device
2018-12-12 22:15:54 +01:00
algebro
e26e2319da
Close #264 . Usernames and IP addresses are logged on successful authentication
2018-12-11 15:20:06 -05:00
Daniel García
7adc045b80
Updated IP logging to use client_ip, to match old remote behavior.
...
Improved error logging, now it won't show a generic error message in some situations.
Removed delete device, which is not needed as it will be overwritten later.
Logged more info when an error occurs saving a device.
Added orgmanager to JWT claims.
2018-12-09 17:58:38 +01:00
Daniel García
19754c967f
More changes to the push token, and filtered multipart logs
2018-12-07 18:25:18 +01:00
Daniel García
738ad2127b
Fixed some clippy linting issues
2018-12-07 15:01:29 +01:00
Daniel García
cb930a0858
Remove some required values during login, now uses default values
2018-12-07 14:32:40 +01:00
Daniel García
94810c106a
Migrate to rust 2018 edition
2018-12-07 02:05:45 +01:00
Daniel García
2fde4e6933
Implemented proper logging, with support for file logging, timestamp and syslog (this last one is untested)
2018-12-06 20:35:25 +01:00
Daniel García
dc1bb6de20
Update device push token methods to more closely follow the official server response
2018-12-06 16:28:36 +01:00
Daniel García
6364c05789
Fix attachments during key rotation, add individual attachment key
2018-11-27 17:24:12 +01:00
Daniel García
f71f10eac6
Implemented key rotation with the latest vault
2018-11-24 23:00:41 +01:00
Daniel García
f1acc1e05a
Merge branch 'master' into rocket-0.4
2018-11-21 15:35:34 +01:00
Daniel García
3d36ac4601
Remove unwrap in connection_lost
2018-11-21 15:07:18 +01:00
Daniel García
00abd4c853
Add create endpoint, fixes #253 , fixes #261
2018-11-19 20:27:49 +01:00
Daniel García
a4550e51ea
Update dependencies and add /ciphers/create
2018-11-19 20:21:02 +01:00
Daniel García
5edbd0e952
Merge branch 'master' into rocket-0.4
...
# Conflicts:
# Cargo.lock
# Cargo.toml
# src/api/core/mod.rs
2018-11-19 19:52:43 +01:00
Daniel García
17052b665f
Merge pull request #257 from Step7750/fix-nfc-mobile
...
Fixes NFC Response for Mobile Yubikey OTP Login
2018-11-17 15:28:41 +01:00
Stepan Fedorko-Bartos
f344dbaad4
Fixes NFC Response for Mobile Login
2018-11-17 01:25:07 -07:00
Daniel García
c5c9e3fd65
Merge pull request #254 from Step7750/master
...
Adds Yubikey OTP Support
2018-11-16 20:39:03 +01:00
Stepan Fedorko-Bartos
aba9c28226
Disable Yubikey 2FA if 0 Keys Provided
2018-11-16 12:07:00 -07:00
Stepan Fedorko-Bartos
82e2b8a8c0
Code style changes
2018-11-16 11:52:01 -07:00
Miroslav Prasil
044cf19913
Prevent accepted user from seeing ciphers until confirmed ( fixes #196 )
2018-11-16 14:21:26 +00:00
Stepan Fedorko-Bartos
6d735806c0
Ensures Yubico Creds are set when opening Yubikey Modal
2018-11-15 18:58:44 -07:00
Stepan Fedorko-Bartos
2433d39df5
Allows Custom Yubico OTP Server
2018-11-15 18:54:53 -07:00
Stepan Fedorko-Bartos
9e0e4b13c5
Adds Yubikey OTP Support
2018-11-15 18:43:09 -07:00
Stepan Fedorko-Bartos
e66436625c
Adds Yubico Client ID and Secret Key Env Vars
2018-11-15 18:40:27 -07:00
Daniel García
f84cbeaaf8
Merge branch 'master' into rocket-0.4
...
# Conflicts:
# src/db/models/organization.rs
2018-11-14 16:14:49 +01:00
Miroslav Prasil
dd684753d0
Fix gt()
2018-11-13 21:38:56 +00:00
Miroslav Prasil
f3e6cc6ffd
Set PartialOrd to consider invalid i32 UserOrgType lower than anything
2018-11-13 16:34:21 +00:00
Miroslav Prasil
b94f4db52a
Fix #242
2018-11-13 15:34:37 +00:00
Miroslav Prasil
66a4c5d48b
Implement comparison between i32 and UserOrgType
2018-11-12 17:13:25 +00:00
Daniel García
4638786507
Merge branch 'master' into rocket-0.4
...
# Conflicts:
# src/api/core/mod.rs
2018-11-09 16:06:24 +01:00
Roman Hargrave
62bc58e145
Clean up after u2f endpoint split
2018-11-09 00:27:43 -06:00
Roman Hargrave
760e0ab805
Initial u2f fix
2018-11-09 00:00:31 -06:00
Daniel García
6eb1c3d638
Fixed change in organizations header, now Request::get_param() are indexed by segment, not dynamic parameter.
2018-11-06 16:53:34 +01:00
Daniel García
bc532f54d5
Improve login query parsing
2018-11-01 19:25:10 +01:00
Daniel García
c673370103
Updated bw_rs to Rocket version 0.4-rc1
2018-11-01 19:25:09 +01:00
janost
c32c65d367
Accept PUT and POST on /settings/domains, returns JsonResult, fixes saving Custom Equivalent Domains
2018-10-23 00:32:43 +02:00
janost
daa66b08dc
Fix /sync without query string
2018-10-19 00:54:40 +02:00
janost
55fbd8d468
Don't send Domains if excludeDomains=true on /sync
2018-10-17 23:22:07 +02:00
Miroslav Prasil
2e7fa6440b
Do not spawn WS thread if it's disabled
2018-10-15 15:08:15 +01:00
Miroslav Prasil
9ecc98c3cc
Disable WebSockets negotiation by default
2018-10-14 23:25:16 +01:00
Daniel García
02fd68d63b
Merge pull request #218 from janost/refactor-folder-save
...
Folder::save() should return QueryResult instead of bool
2018-10-14 20:07:27 +02:00
janost
e985221b50
User::save() should return QueryResult instead of bool
2018-10-14 19:33:12 +02:00
janost
77cf63c06d
Folder::save() should return QueryResult instead of bool
2018-10-14 18:25:04 +02:00