Commit Graph

997 Commits

Author SHA1 Message Date
Daniel García 2a9ca88c2a
Dependency updates 2022-05-11 22:03:07 +02:00
Daniel García 451ad47327
Merge branch 'db-conn-init' of https://github.com/jjlin/vaultwarden into jjlin-db-conn-init 2022-05-11 21:36:00 +02:00
BlackDex 3ca85028ea
Improve sync speed and updated dep. versions
Improved sync speed by resolving the N+1 query issues.
Solves #1402 and Solves #1453

With this change there is just one query done to retreive all the
important data, and matching is done in-code/memory.

With a very large database the sync time went down about 3 times.

Also updated misc crates and Github Actions versions.
2022-05-06 17:01:02 +02:00
Jeremy Lin 542a73cc6e Switch to a single config option for database connection init
The main pro is less config options, while the main con is less clarity in
what the defaults are for the various database types.
2022-04-29 00:26:49 -07:00
Jeremy Lin 78d07e2fda Add default connection-scoped pragmas for SQLite
`PRAGMA busy_timeout = 5000` tells SQLite to keep trying for up to 5000 ms
when there is lock contention, rather than aborting immediately. This should
hopefully prevent the vast majority of "database is locked" panics observed
since the async transition.

`PRAGMA synchronous = NORMAL` trades better performance for a small potential
loss in durability (the default is `FULL`). The SQLite docs recommend `NORMAL`
as "a good choice for most applications running in WAL mode".
2022-04-26 17:55:19 -07:00
Jeremy Lin b617ffd2af Add support for database connection init statements
This is probably mainly useful for running connection-scoped pragma statements.
2022-04-26 17:50:20 -07:00
Jeremy Lin df8aeb10e8 Add `/api/{alive,now,version}` endpoints
The added endpoints work the same as in their upstream implementations.

Upstream also implements `/api/ip`. This seems to include the server's public
IP address (the one that should be hidden behind Cloudflare), which doesn't
seem like a great idea.
2022-04-23 23:47:49 -07:00
Jeremy Lin 28c5e63bf5 Sync global_domains.json to bitwarden/server@3521ccb (Just Eat Takeaway.com) 2022-03-29 11:41:43 -07:00
BlackDex fb0c23b71f
Remove u2f implementation
For a while now WebAuthn has replaced u2f.
And since web-vault v2.27.0 the connector files for u2f have been removed.
Also, on the official bitwarden server the endpoint to `/two-factor/get-u2f` results in a 404.

- Removed all u2f code except the migration code from u2f to WebAuthn
2022-03-27 17:25:04 +02:00
Daniel García 81f0c2b0e8
Merge branch 'x-xss-protection' of https://github.com/Wonderfall/vaultwarden into Wonderfall-x-xss-protection 2022-03-26 16:18:34 +01:00
Wonderfall 27d4b713f6 disable legacy X-XSS-Protection feature
Obsolete in every modern browser, unsafe, and replaced by CSP
2022-03-21 15:29:01 +01:00
BlackDex b0faaf2527
Several updates and fixes
- Removed all `thread::sleep` and use `tokio::time::sleep` now.
  This solves an issue with updating to Bullseye ( Resolves #1998 )
- Updated all Debian images to Bullseye
- Added MiMalloc feature and enabled it by default for Alpine based images
  This increases performance for the Alpine images because the default
  memory allocator for MUSL based binaries isn't that fast
- Updated `dotenv` to `dotenvy` a maintained and updated fork
- Fixed an issue with a newer jslib (not fully released yet)
  That version uses a different endpoint for `prelogin` Resolves #2378 )
2022-03-20 18:51:24 +01:00
BlackDex c4d565b15b
Update login API code
- Updated jsonwebtoken to latest version
- Trim `username` received from the login form ( Fixes #2348 )
- Make uuid and user_uuid a combined primary key for the devices table ( Fixes #2295 )
- Updated crates including regex which contains a CVE ( https://blog.rust-lang.org/2022/03/08/cve-2022-24713.html )
2022-03-12 18:45:45 +01:00
Daniel García 843f205f6f
Merge branch 'async-updates' of https://github.com/BlackDex/vaultwarden into BlackDex-async-updates 2022-02-27 21:50:33 +01:00
Daniel García 2ff51ae77e
formatting 2022-02-27 21:37:24 +01:00
Daniel García 2b75d81a8b
Ignore unused field 2022-02-27 21:37:24 +01:00
Daniel García cad0dcbed1
await the mutex in db_run and use block_in_place for it's contents 2022-02-27 21:37:24 +01:00
BlackDex 19b8388950
Upd Dockerfiles, crates. Fixed rust 2018 idioms
- Updated crates
- Fixed Dockerfiles to build using the rust stable version
- Enabled warnings for rust 2018 idioms and fixed them.
2022-02-27 21:37:23 +01:00
BlackDex 87e08b9e50
Async/Awaited all db methods
This is a rather large PR which updates the async branch to have all the
database methods as an async fn.

Some iter/map logic needed to be changed to a stream::iter().then(), but
besides that most changes were just adding async/await where needed.
2022-02-27 21:37:23 +01:00
Daniel García 0b7d6bf6df
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking 2022-02-27 21:36:31 +01:00
Daniel García d73d74e78f
Merge branch 'main' of https://github.com/taylorwmj/vaultwarden into taylorwmj-main 2022-02-27 21:22:15 +01:00
Daniel García 94201ca133
Merge branch 'custom-env-path' of https://github.com/TinfoilSubmarine/vaultwarden into TinfoilSubmarine-custom-env-path 2022-02-27 21:21:38 +01:00
BlackDex 42136a7097
Favicon, SMTP and misc updates
Favicon:
- Replaced HTML tokenizer, much faster now.
- Caching the domain blacklist function.
- Almost all functions are async now.
- Fixed bug on minimizing data to parse
- Changed maximum icon download size to 5MB to match Bitwarden
- Added `apple-touch-icon.png` as a second fallback besides `favicon.ico`

SMTP:
- Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY

Misc:
- Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283)
- Updated Javscript and CSS files for admin interface
- Fixed an issue with the /admin interface which did not cleared the login cookie correctly
- Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import.
  This is also the same as Bitwarden which does not trigger this refresh via websockets.

Rust:
- Updated to use v1.59
- Use the new `strip` option and enabled to strip `debuginfo`
- Enabled `lto` with `thin`
- Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-26 13:56:42 +01:00
taylorwmj 9bb4c38bf9
Added autofocus to pw field on admin login page 2022-02-22 20:44:29 -06:00
BlackDex 5f01db69ff
Update async to prepare for main merge
- Changed nightly to stable in Dockerfile and Workflow
- Updated Dockerfile to use stable and updated ENV's
- Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default
- Updated Github Workflow actions to the latest versions
- Updated Hadolint version
- Re-orderd the Cargo.toml file a bit and put libs together which are linked
- Updated some libs
- Updated .dockerignore file
2022-02-22 20:00:33 +01:00
Joel Beckmeyer 8295688bed Add support for custom .env file path 2022-02-16 09:25:37 -05:00
Tomek Mańko 9713a3a555 Add IP address to missing/invalid password message for Sends 2022-02-13 13:13:42 +01:00
Daniel García d781981bbd
formatting 2022-01-30 22:26:19 +01:00
Daniel García 5125fdb882
Ignore unused field 2022-01-30 22:26:19 +01:00
Daniel García fd9693b961
await the mutex in db_run and use block_in_place for it's contents 2022-01-30 22:26:19 +01:00
BlackDex f38926d666
Upd Dockerfiles, crates. Fixed rust 2018 idioms
- Updated crates
- Fixed Dockerfiles to build using the rust stable version
- Enabled warnings for rust 2018 idioms and fixed them.
2022-01-30 22:26:18 +01:00
BlackDex 775d07e9a0
Async/Awaited all db methods
This is a rather large PR which updates the async branch to have all the
database methods as an async fn.

Some iter/map logic needed to be changed to a stream::iter().then(), but
besides that most changes were just adding async/await where needed.
2022-01-30 22:26:18 +01:00
Daniel García 2d5f172e77
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking 2022-01-30 22:25:54 +01:00
Jeremy Lin 7d552dbdc8 Increase length limit for email token generation
The current limit of 19 is an artifact of the implementation, which can be
easily rewritten in terms of a more general string generation function.
The new limit is 255 (max value of a `u8`); using a larger type would
probably be overkill.
2022-01-24 01:17:00 -08:00
Daniel García bf6330374c
Merge branch 'api-key' of https://github.com/jjlin/vaultwarden into jjlin-api-key 2022-01-23 23:50:34 +01:00
Daniel García 4a88e7ec78
Merge branch 'iamdoubz-feature-to-permissions-policy-patch' of https://github.com/iamdoubz/vaultwarden into iamdoubz-iamdoubz-feature-to-permissions-policy-patch 2022-01-23 23:44:08 +01:00
Daniel García ba9ad14fbb
Merge branch 'icons' of https://github.com/jjlin/vaultwarden into jjlin-icons 2022-01-23 23:43:24 +01:00
Daniel García 14e3dcad8e
Merge branch 'fix-emergency-invite-register' of https://github.com/BlackDex/vaultwarden into BlackDex-fix-emergency-invite-register 2022-01-23 23:42:35 +01:00
Daniel García f4a9645b54
Remove references to "bwrs" #2195
Squashed commit of the following:

commit 1bdf1c7954e0731c95703d10118f3874ab5155d3
Merge: 8ba6e61 7257251
Author: Daniel García <dani-garcia@users.noreply.github.com>
Date:   Sun Jan 23 23:40:17 2022 +0100

    Merge branch 'remove-bwrs' of https://github.com/RealOrangeOne/vaultwarden into RealOrangeOne-remove-bwrs

commit 7257251ecf
Author: Jake Howard <git@theorangeone.net>
Date:   Thu Jan 6 17:48:18 2022 +0000

    Use `or_else` to save potentially unnecessary function call

commit 40ae81dd3c
Author: Jake Howard <git@theorangeone.net>
Date:   Wed Jan 5 21:18:24 2022 +0000

    Move $BWRS_VERSION fallback into build.rs

commit 743ef74b30
Author: Jake Howard <git@theorangeone.net>
Date:   Sat Jan 1 23:08:27 2022 +0000

    Revert "Add feature to enable use of `Option::or` in const context"

    This reverts commit fe8e043b8a.

    We want to run on stable soon, where these features are not supported

commit a1f0da638c
Author: Jake Howard <git@theorangeone.net>
Date:   Sat Jan 1 13:04:47 2022 +0000

    Rename web vault version file

    https://github.com/dani-garcia/bw_web_builds/pull/58

commit fe8e043b8a
Author: Jake Howard <git@theorangeone.net>
Date:   Sat Jan 1 12:56:44 2022 +0000

    Add feature to enable use of `Option::or` in const context

commit 687435c8b2
Author: Jake Howard <git@theorangeone.net>
Date:   Sat Jan 1 12:27:28 2022 +0000

    Continue to allow using `$BWRS_VERSION`

commit 8e2f708e50
Author: Jake Howard <git@theorangeone.net>
Date:   Fri Dec 31 11:41:34 2021 +0000

    Remove references to "bwrs"

    The only remaining one is getting the version of the web vault, which requires coordinating with the web vault patching.
2022-01-23 23:40:59 +01:00
Jeremy Lin 8f7900759f Fix `scope` and `refresh_token` for API key logins
API key logins use a scope of `api`, not `api offline_access`. Since
`offline_access` is not requested, no `refresh_token` is returned either.
2022-01-21 23:10:15 -08:00
Jeremy Lin 69ee4a70b4 Add support for API keys
This is mainly useful for CLI-based login automation.
2022-01-21 23:10:11 -08:00
iamdoubz e4e16ed50f Upgrade Feature-Policy to Permissions-Policy
Convert old, soon to be defunct, Feature-Policy with its replacement Permissions-Policy
2022-01-12 10:36:50 -06:00
Jeremy Lin a16c656770 Add support for legacy HTTP 301/302 redirects for external icons
At least on Android, it seems the Bitwarden mobile client responds to
HTTP 307, but not to HTTP 308 for some reason.
2022-01-08 23:40:35 -08:00
BlackDex 76b7de15de
Fix emergency access invites for new users
If a new user gets invited it should check if the user is invited via
emergency access, if so, allow that user to register.
2022-01-07 18:55:48 +01:00
Daniel García 8ba6e61fd5
Merge pull request #2197 from BlackDex/issue-2196
Fix issue with Bitwarden CLI.
2022-01-02 23:47:40 +01:00
Daniel García a30a1c9703
Merge pull request #2194 from BlackDex/issue-2154
Fixed issue #2154
2022-01-02 23:46:32 +01:00
BlackDex bf5aefd129
Fix issue with Bitwarden CLI.
The CLI seems to send a String instead of an Integer for the maximum access count.
It now accepts both types and converts it to an i32 in all cases.

Fixes #2196
2021-12-31 15:59:58 +01:00
BlackDex 1fa178d1d3
Fixed issue #2154
For emergency access invitations we need to check if invites are
allowed, not if sign-ups are allowed.
2021-12-31 11:53:21 +01:00
Jeremy Lin b7eedbcddc Add config option to set the HTTP redirect code for external icons
The default code is 307 (temporary) to make it easier to test different icon
services, but once a service has been decided on, users should ideally switch
to using permanent redirects for cacheability.
2021-12-30 23:06:52 -08:00
Jake Howard 6ddbe84bde
Remove unnecessary return 2021-12-29 16:29:42 +00:00