BlackDex 636f16dc66

Prevent 401 on main admin page ...

When you are not loggedin, and have no cookie etc.. we always returned a 401.
This was mainly to allow the login page on all the sub pages, and after
login being redirected to the requested page, for these pages a 401 is a
valid response, since, you do not have access.

But for the main `/admin` page, it should just respond with a `200` and
show the login page.

This PR fixes this flow and response. It should prevent people using
Fail2ban, or other tools being triggered by only accessing the login page.

Resolves #3540

2023-05-25 23:40:36 +02:00

..

api

Prevent 401 on main admin page

2023-05-25 23:40:36 +02:00

db

check if reset policy is enabled

2023-04-06 22:34:05 +02:00

static

Sync global_domains.json to bitwarden/server@8dda73a (Pinterest)

2023-05-17 12:04:31 -07:00

auth.rs

Change String to &str for all Rocket functions

2023-04-30 17:18:12 +02:00

config.rs

Several config and admin interface fixes

2023-04-10 20:39:51 +02:00

crypto.rs

Remove get_random_64()

2022-11-13 10:03:06 +01:00

error.rs

Cleanups and Fixes for Emergency Access

2022-12-04 23:17:48 +01:00

mail.rs

Change String to &str for all Rocket functions

2023-04-30 17:18:12 +02:00

main.rs

Prevent some ::_ logs from outputting

2023-04-30 17:17:43 +02:00

ratelimit.rs

Basic ratelimit for user login (including 2FA) and admin login

2021-12-22 21:48:49 +01:00

util.rs

Use Rocket v0.5 branch to fix endpoints

2023-05-06 19:46:55 +02:00