Commit graph

1174 commits

Author SHA1 Message Date
Daniel García
f92efda0f0
Merge branch 'main' into main 2023-02-12 19:40:04 +01:00
Daniel García
5bcee24f88
Merge branch 'main' into feature/kdf-options 2023-02-12 19:23:14 +01:00
soruh
9e3d7ea44c add EXE_SUFFIX to sendmail executable when not specified 2023-02-12 18:55:15 +01:00
soruh
8cc6dac893 check if SENDMAIL_COMMAND is valid using 'which' crate 2023-02-12 18:55:15 +01:00
soruh
b7c4316c77 Add support for sendmail as a mail transport 2023-02-12 18:54:59 +01:00
Daniel García
bc49d1f90d
Merge branch 'main' into issue-3166 2023-02-12 18:47:55 +01:00
Daniel García
cef5dd4a46
Merge branch 'main' into allow-editing/unhiding-by-group 2023-02-12 18:46:53 +01:00
Daniel García
6e2c3fc1cc
Merge branch 'main' into icon-blacklist-improvements 2023-02-12 18:43:19 +01:00
Daniel García
af69c83db2
Merge branch 'main' into fix-domain-description 2023-02-12 18:42:49 +01:00
Daniel García
c58aac585b
Merge branch 'main' into fix-post-emergency-access 2023-02-12 18:42:21 +01:00
Daniel García
a20a641de3
Merge branch 'main' into spell-jack_mitigation 2023-02-12 18:39:27 +01:00
Helmut K. C. Tessarek
68bcc7a4b8
add argon2 kdf fields 2023-02-07 13:52:52 -05:00
BlockListed
c04a1352cb
remove warn when sanitizing domain 2023-02-07 18:49:26 +01:00
BlockListed
5d1c11ceba
fix trailing slash in configuration builder 2023-02-07 18:42:36 +01:00
BlockListed
a2aa7c9bc2
Revert "fix trailing slash not being removed from domain"
This reverts commit 679bc7a59b.
2023-02-07 18:41:24 +01:00
Jan Jansen
b3a351ccb2 allow editing/unhiding by group
Fixes #2989

Signed-off-by: Jan Jansen <jan.jansen@gdata.de>
2023-02-07 16:20:36 +01:00
BlockListed
679bc7a59b
fix trailing slash not being removed from domain 2023-02-07 13:03:28 +01:00
BlockListed
a72d0b518f
remove documentation of bug since I'm fixing it 2023-02-07 12:48:48 +01:00
Kevin P. Fleming
6741b25907 Ensure that all results from check_domain_blacklist_reason are cached. 2023-02-07 05:54:06 -05:00
Kevin P. Fleming
24b5784f02 Generate distinct log messages for regex vs. IP blacklisting.
When an icon will not be downloaded due to matching a configured
blacklist, ensure that the log message indicates the type of blacklist
that was matched.
2023-02-07 05:24:23 -05:00
BlockListed
eb9b481eba
improve wording of domain description 2023-02-07 08:49:05 +01:00
BlockListed
64edc49392
change description of domain configuration
Vaultwarden send won't work if the domain includes a trailing slash.
This should be documented, as it may lead to confusion amoung users.
2023-02-06 23:19:08 +01:00
sirux88
0d1753ac74 completly hide reset password policy
on email disabled instances
2023-02-05 16:47:23 +01:00
sirux88
a6558f5548 rust lang specific improvements 2023-02-05 16:34:48 +01:00
sirux88
62dfeb80f2 improved security, disabling policy usage on
email-disabled clients and some refactoring
2023-02-04 13:29:57 +01:00
Stefan Melmuk
e65fbbfc21
don't nullify key when editing emergency access
the client does not send the key on every update of an emergency access
contact so the field would be emptied on a change of the wait days or access level.
2023-02-01 23:10:09 +01:00
BlackDex
c9ed9aa733
Fix Javascript issue on non sqlite databases
When a non sqlite database is used, loading the admin interface fails
because the backup button is not generated.
This PR is solves it by checking if the elements are valid.

Also made some other changes and fixed some eslint errors.
Showing `_post` errors is better now.

Update jquery to latest version.

Fixes #3166
2023-01-26 20:34:25 +01:00
Daniel Hammer
9b20decdc1 "Spell-Jacking" mitigation ~ prevent sensitive data leak from spell checker.
@see https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords
2023-01-25 22:35:18 +01:00
sirux88
adaefc8628 fixes for current upstream main 2023-01-25 08:09:26 +01:00
sirux88
c6c45c4c49 working implementation 2023-01-25 08:06:21 +01:00
sirux88
95494083f2 added database migration 2023-01-25 08:06:21 +01:00
BlackDex
e38e1a5d5f
Validate note sizes on key-rotation.
We also need to validate the note sizes on key-rotation.
If we do not validate them before we store them, that could lead to a
partial or total loss of the password vault. Validating these
restrictions before actually processing them to store/replace the
existing ciphers should prevent this.

There was also a small bug when using web-sockets. The client which is
triggering the password/key-rotation change should not be forced to
logout via a web-socket request. That is something the client will
handle it self. Refactored the logout notification to either send the
device uuid or not on specific actions.

Fixes #3152
2023-01-24 20:05:09 +01:00
sirux88
cc91ac6cc0
include key into user.set_password 2023-01-24 20:04:05 +01:00
BlackDex
2d8c8e18f7
Update KDF Configuration and processing
- Change default Password Hash KDF Storage from 100_000 to 600_000 iterations
- Update Password Hash when the default iteration value is different
- Validate password_iterations
- Validate client-side KDF to prevent it from being set lower than 100_000
2023-01-24 19:49:12 +01:00
BlackDex
acc1474394
Add avatar color support
The new web-vault v2023.1.0 supports a custom color for the avatar.
https://github.com/bitwarden/server/pull/2330

This PR adds this feature.
2023-01-12 19:18:57 +01:00
BlackDex
aaffb2e007
Add MFA icon to org member overview
The Organization member overview supports showing an icon if the user
has MFA enabled or not. This PR adds this feature.

This is very useful if you want to enable force mfa for example.
2023-01-12 19:18:57 +01:00
GeekCorner
e0e95e95e4
fix (2fa.directory): Allow api.2fa.directory, and remove 2fa.directory 2023-01-12 19:18:57 +01:00
BlackDex
fa70b440d0
Fix remaning inline format 2023-01-12 19:18:56 +01:00
Rychart Redwerkz
42acb2ebb6
Use more modern meta tag for charset encoding 2023-01-12 19:18:56 +01:00
BlackDex
3181e4e96e
Optimize CipherSyncData for very large vaults
As mentioned in #3111, using a very very large vault causes some issues.
Mainly because of a SQLite limit, but, it could also cause issue on
MariaDB/MySQL or PostgreSQL. It also uses a lot of memory, and memory
allocations.

This PR solves this by removing the need of all the cipher_uuid's just
to gather the correct attachments.

It will use the user_uuid and org_uuid's to get all attachments linked
to both, weither the user has access to them or not. This isn't an
issue, since the matching is done per cipher and the attachment data is
only returned if there is a matching cipher to where the user has access to.

I also modified some code to be able to use `::with_capacity(n)` where
possible. This prevents re-allocations if the `Vec` increases size,
which will happen a lot if there are a lot of ciphers.

According to my tests measuring the time it takes to sync, it seems to
have lowered the duration a bit more.

Fixes #3111
2023-01-11 20:23:53 +01:00
BlackDex
7390f34355
Resolve uninlined_format_args clippy warnings
The upcomming release of Rust 1.67.0 will warn on `uninlined_format_args`.
This PR resolves that by inlining all these items.
It also looks nicer.
2023-01-09 20:13:48 +01:00
Daniel García
c47d9f6593
Fix some lints: explicit Arc::clone, and unnecessary return after unreachable! 2023-01-09 19:54:25 +01:00
pjsier
7dd1959eba
Log message to stderr if LOG_FILE is not writable
Co-authored-by: Helmut K. C. Tessarek <tessarek@evermeet.cx>
2023-01-09 19:17:13 +01:00
pjsier
e266b39254
Log message to stderr if LOG_FILE is not writable
Co-authored-by: Helmut K. C. Tessarek <tessarek@evermeet.cx>
2023-01-09 19:17:13 +01:00
BlackDex
e935989fee
Resolve uninlined_format_args clippy warnings
The upcomming release of Rust 1.67.0 will warn on `uninlined_format_args`.
This PR resolves that by inlining all these items.
It also looks nicer.
2023-01-09 19:17:13 +01:00
Rychart Redwerkz
25c401f64d
Remove shrink-to-fit=no
This was a workaroud needed for iOS versions before 9.3 and is not part of the recommended viewport meta tag anymore.
https://www.scottohara.me/blog/2018/12/11/shrink-to-fit.html
2023-01-09 19:17:03 +01:00
Jeremy Lin
18b72da657
Change text/plain API responses to application/json
Recent versions of the Bitwarden clients (see bitwarden/clients#3574)
won't parse non-JSON responses. The most noticeable consequence is that
`/api/accounts/revision-date` responses won't be parsed, leading to
`/api/sync` always being called, even when it's not necessary.
2023-01-09 19:16:47 +01:00
BlackDex
6be26f0a38
Fix failing large note imports
When importing to Vaultwarden (or Bitwarden) notes larger then 10_000
encrypted characters are invalid. This because it for one isn't
compatible with Bitwarden. And some clients tend to break on very large
notes.

We already added a check for this limit when adding a single cipher, but
this caused issues during import, and could cause a partial imported
vault. Bitwarden does some validations before actually running it
through the import process and generates a special error message which
helps the user indicate which items are invalid during the import.

This PR adds that validation check and returns the same kind of error.
Fixes #3048
2023-01-09 19:11:58 +01:00
BlackDex
e945d16fcf
Optimize config loading messages
As kinda discussed here #3090, the messages regarding loading the
configuration files is a bit strange or unclear. There have been some
other reports regarding this in the past, but wasn't that big a of a
deal.

But to make the whole process it bit more nice, this PR adjusts the way
it reports issues and some small changes to the messages to make it all
a bit more clear.

- Do not report a missing `.env` file, but only send a message when using one.
- Exit instead of Panic, a panic causes a stacktrace, which isn't needed
  here. I'm using a exit code 255 here so it is different to the other
  exit's we use.
- Exit on more issues, since if we continue, it could cause
  configuration issues if the user thinks all is fine.
- Use the actual env file used in the messages instead of `.env`.
- Added a **INFO** message when loading the `config.json`.
  This makes it consistent with the info message for loading the env file.

Resolves #3090
2023-01-09 18:25:36 +01:00
BlackDex
f1c0aa4f83
Update WebSocket Notifications
Previously the websocket notifications were using `app_id` as the
`ContextId`. This was incorrect and should have been the device_uuid
from the client device executing the request. The clients will ignore
the websocket request if the uuid matches. This also fixes some issues
with the Desktop client which is able to modify attachments within the
same screen and causes an issue when saving the attachment afterwards.

Also changed the way to handle removed attachments, since that causes an
error saving the vault cipher afterwards, complaining about a missing
attachment. Bitwarden ignores this, and continues with the remaining
attachments (if any). This also fixes #2591 .

Further some more websocket notifications have been added to some other
functions which enhance the user experience.

- Logout users when deauthed, changed password, rotated keys
- Trigger OrgSyncKeys on user confirm and removal
- Added some extra to the send feature

Also renamed UpdateTypes to match Bitwarden naming.
2023-01-09 18:25:36 +01:00