vaultwarden

mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-01-16 17:23:18 -05:00

Author	SHA1	Message	Date
BlackDex	de86aa671e	Fix Key Rotation during password change When ticking the 'Also rotate my account's encryption key' box, the key rotated ciphers are posted after the change of password. During the password change the security stamp was reseted which made the posted key's return an invalid auth. This reset is needed to prevent other clients from still being able to read/write. This fixes this by adding a new database column which stores a stamp exception which includes the allowed route and the current security stamp before it gets reseted. When the security stamp check fails it will check if there is a stamp exception and tries to match the route and security stamp. Currently it only allows for one exception. But if needed we could expand it by using a Vec<UserStampException> and change the functions accordingly. fixes #1240	2020-12-14 19:58:23 +01:00
BlackDex	7cf8809d77	Adding Manager Role support This has been requested a few times (#1136 & #246 & forum), and there already were two (1:1 duplicate) PR's (#1222 & #1223) which needed some changes and no followups or further comments unfortunally. This PR adds two auth headers. - ManagerHeaders Checks if the user-type is Manager or higher and if the manager is part of that collection or not. - ManagerHeadersLoose Check if the user-type is Manager or higher, but does not check if the user is part of the collection, needed for a few features like retreiving all the users of an org. I think this is the safest way to implement this instead of having to check this within every function which needs this manually. Also some extra checks if a manager has access to all collections or just a selection. fixes #1136	2020-12-02 22:50:51 +01:00
Daniel García	32cfaab5ee	Updated dependencies and changed rocket request imports	2020-07-23 21:07:04 +02:00
Daniel García	668d5c23dc	Removed try_trait and some formatting, particularly around imports	2020-07-14 18:34:22 +02:00
BlackDex	baac8d9627	Fixed issue #908 The organization uuid is most of the time within the uri path as a parameter. But sometimes it only is there as a query value. This fix checks both, and returns the uuid when possible.	2020-03-19 17:37:10 +01:00
BlackDex	669b101e6a	Fixing issue #908 Sometimes an org-uuid is not within the path but in a query value, This fixes the check for that.	2020-03-19 16:50:47 +01:00
BlackDex	37b212427c	Updated jsonwebtoken Updated to the latest version of jsonwebtoken. Some small code changes to match the new versions.	2020-03-16 16:38:00 +01:00
Daniel García	3fa78e7bb1	Initial version of policies	2020-03-14 13:32:28 +01:00
Daniel García	70f3ab8ec3	Migrate lazy_static to once_cell, less macro magic and slightly faster	2020-03-09 22:04:03 +01:00
Jeremy Lin	29a0795219	Add backend support for alternate base dir (subdir/subpath) hosting To use this, include a path in the `DOMAIN` URL, e.g.: * `DOMAIN=https://example.com/custom-path` * `DOMAIN=https://example.com/multiple/levels/are/ok`	2020-02-18 21:27:00 -08:00
Daniel García	cb6f392774	When receiving a comma separated list as IP, pick the first	2019-12-28 15:09:07 +01:00
Daniel García	88c56de97b	Config option for client IP header	2019-12-27 18:42:39 +01:00
Daniel García	a0ece3754b	Formatting	2019-12-27 18:37:14 +01:00
tomuta	bd1e8be328	Implement change-email, email-verification, account-recovery, and welcome notifications	2019-11-24 22:28:49 -07:00
Daniel García	d29b6bee28	Remove unnecessary clones and other clippy fixes	2019-11-02 17:39:01 +01:00
Emil Madsen	e22e290f67	Fix key and type variable names for mysql	2019-05-20 21:24:29 +02:00
Daniel García	4f45cc081f	Update ring to 0.14, jwt to 6.0, and u2f	2019-05-11 23:18:18 +02:00
Daniel García	04922f6aa0	Some formatting and dependency updates	2019-03-03 16:11:55 +01:00
Daniel García	a1dc47b826	Change config to thread-safe system, needed for a future config panel. Improved some two factor methods.	2019-01-25 18:24:57 +01:00
Daniel García	834c847746	Implement admin JWT cookie, separate JWT issuers for each type of token and migrate admin page to handlebars template	2019-01-19 21:41:49 +01:00
Daniel García	50eeb4f651	Remove whitespace before processing tokens	2019-01-07 20:37:14 +01:00
Nick Fox	0a74e79cea	Refactor generate_invite_claims, make org_name and org_id optional	2019-01-05 23:03:49 -05:00
Nick Fox	cec28a85ac	Update admin page to work with new invitation flow	2019-01-04 10:32:51 -05:00
Nick Fox	736c0e62f2	Send emails to inviters/invitees when invites are accepted/confirmed	2019-01-02 22:20:39 -05:00
Daniel García	30e768613b	Start using rustfmt and some style changes to make some lines shorter	2018-12-30 23:34:31 +01:00
Daniel García	2bb0b15e04	Implemented better errors for JWT	2018-12-30 21:43:55 +01:00
Daniel García	b2fc0499f6	Finish invite functionality, and remove virtual organization	2018-12-30 21:40:26 +01:00
Daniel García	5fecf09631	Initial version of admin panel, list users and reload user list works. No serious auth method yet, password is 'token123'	2018-12-30 21:31:11 +01:00
Nick Fox	26bf7bc12f	Use upstream jslib invite/registration workflow	2018-12-18 23:16:03 -05:00
Nick Fox	680f5e83d8	Add Invite JWT struct and supporting functions	2018-12-14 21:52:16 -05:00
Daniel García	7adc045b80	Updated IP logging to use client_ip, to match old remote behavior. Improved error logging, now it won't show a generic error message in some situations. Removed delete device, which is not needed as it will be overwritten later. Logged more info when an error occurs saving a device. Added orgmanager to JWT claims.	2018-12-09 17:58:38 +01:00
Daniel García	738ad2127b	Fixed some clippy linting issues	2018-12-07 15:01:29 +01:00
Daniel García	94810c106a	Migrate to rust 2018 edition	2018-12-07 02:05:45 +01:00
Daniel García	2fde4e6933	Implemented proper logging, with support for file logging, timestamp and syslog (this last one is untested)	2018-12-06 20:35:25 +01:00
Daniel García	f84cbeaaf8	Merge branch 'master' into rocket-0.4 # Conflicts: # src/db/models/organization.rs	2018-11-14 16:14:49 +01:00
Miroslav Prasil	66a4c5d48b	Implement comparison between i32 and UserOrgType	2018-11-12 17:13:25 +00:00
Daniel García	6eb1c3d638	Fixed change in organizations header, now Request::get_param() are indexed by segment, not dynamic parameter.	2018-11-06 16:53:34 +01:00
Daniel García	c673370103	Updated bw_rs to Rocket version 0.4-rc1	2018-11-01 19:25:09 +01:00
Miroslav Prasil	a28caa33ef	Implement poor man's admin panel	2018-10-12 15:20:10 +01:00
Miroslav Prasil	de72655bb1	Add confirmed check to the OrgHeaders request guard	2018-07-16 10:23:45 +01:00
Daniel García	c722256cbd	Remove debug print	2018-07-13 00:40:59 +02:00
Daniel García	8ff50481e5	Use X-Forwarded-Host if available	2018-07-13 00:33:28 +02:00
Daniel García	4f6f510bd4	Improve domain detection, should fix attachment problems. Otherwise, set the `DOMAIN` env variable to the correct domain	2018-07-12 23:28:16 +02:00
Daniel García	dae92b9018	Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.	2018-07-12 22:22:10 +02:00
Daniel García	e88d8c856d	Change host url to https when it's enabled, should fix some problems downloading attachments	2018-07-11 16:23:39 +02:00
Daniel García	483066b9a0	Some style changes, removed useless matches and formats	2018-06-11 15:44:37 +02:00
Miroslav Prasil	4d50014e35	Implement request guards for organization	2018-05-30 13:35:10 +01:00
Daniel García	4093bf92fe	Initial organizations functionality: Creating orgs and inviting users	2018-04-24 22:01:55 +02:00
Daniel García	66097e5f12	r2d2_diesel is included in diesel since 1.1, so we don't need the dependencies directly. Same thing with time, included in chrono	2018-03-07 18:41:34 +01:00
Daniel García	dfefbf1f31	Fixed cipher import, created missing data structs instead of using generic Value, and fixed some warnings	2018-02-23 00:38:54 +01:00

1 2

55 Commits