mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2024-11-25 20:33:14 +01:00
commit
9162b13123
2
build.rs
2
build.rs
@ -18,7 +18,7 @@ fn main() {
|
|||||||
);
|
);
|
||||||
|
|
||||||
#[cfg(all(not(debug_assertions), feature = "query_logger"))]
|
#[cfg(all(not(debug_assertions), feature = "query_logger"))]
|
||||||
compile_error!("Query Logging is only allowed during development, it is not intented for production usage!");
|
compile_error!("Query Logging is only allowed during development, it is not intended for production usage!");
|
||||||
|
|
||||||
// Support $BWRS_VERSION for legacy compatibility, but default to $VW_VERSION.
|
// Support $BWRS_VERSION for legacy compatibility, but default to $VW_VERSION.
|
||||||
// If neither exist, read from git.
|
// If neither exist, read from git.
|
||||||
|
@ -346,7 +346,7 @@ async fn post_password(
|
|||||||
|
|
||||||
let save_result = user.save(&mut conn).await;
|
let save_result = user.save(&mut conn).await;
|
||||||
|
|
||||||
// Prevent loging out the client where the user requested this endpoint from.
|
// Prevent logging out the client where the user requested this endpoint from.
|
||||||
// If you do logout the user it will causes issues at the client side.
|
// If you do logout the user it will causes issues at the client side.
|
||||||
// Adding the device uuid will prevent this.
|
// Adding the device uuid will prevent this.
|
||||||
nt.send_logout(&user, Some(headers.device.uuid)).await;
|
nt.send_logout(&user, Some(headers.device.uuid)).await;
|
||||||
@ -493,7 +493,7 @@ async fn post_rotatekey(data: JsonUpcase<KeyData>, headers: Headers, mut conn: D
|
|||||||
|
|
||||||
let save_result = user.save(&mut conn).await;
|
let save_result = user.save(&mut conn).await;
|
||||||
|
|
||||||
// Prevent loging out the client where the user requested this endpoint from.
|
// Prevent logging out the client where the user requested this endpoint from.
|
||||||
// If you do logout the user it will causes issues at the client side.
|
// If you do logout the user it will causes issues at the client side.
|
||||||
// Adding the device uuid will prevent this.
|
// Adding the device uuid will prevent this.
|
||||||
nt.send_logout(&user, Some(headers.device.uuid)).await;
|
nt.send_logout(&user, Some(headers.device.uuid)).await;
|
||||||
@ -970,10 +970,10 @@ async fn put_device_token(uuid: &str, data: JsonUpcase<PushToken>, headers: Head
|
|||||||
device.push_uuid = Some(uuid::Uuid::new_v4().to_string());
|
device.push_uuid = Some(uuid::Uuid::new_v4().to_string());
|
||||||
}
|
}
|
||||||
if let Err(e) = device.save(&mut conn).await {
|
if let Err(e) = device.save(&mut conn).await {
|
||||||
err!(format!("An error occured while trying to save the device push token: {e}"));
|
err!(format!("An error occurred while trying to save the device push token: {e}"));
|
||||||
}
|
}
|
||||||
if let Err(e) = register_push_device(headers.user.uuid, device).await {
|
if let Err(e) = register_push_device(headers.user.uuid, device).await {
|
||||||
err!(format!("An error occured while proceeding registration of a device: {e}"));
|
err!(format!("An error occurred while proceeding registration of a device: {e}"));
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
|
@ -1752,7 +1752,7 @@ impl CipherSyncData {
|
|||||||
let cipher_folders: HashMap<String, String>;
|
let cipher_folders: HashMap<String, String>;
|
||||||
let cipher_favorites: HashSet<String>;
|
let cipher_favorites: HashSet<String>;
|
||||||
match sync_type {
|
match sync_type {
|
||||||
// User Sync supports Folders and Favorits
|
// User Sync supports Folders and Favorites
|
||||||
CipherSyncType::User => {
|
CipherSyncType::User => {
|
||||||
// Generate a HashMap with the Cipher UUID as key and the Folder UUID as value
|
// Generate a HashMap with the Cipher UUID as key and the Folder UUID as value
|
||||||
cipher_folders = FolderCipher::find_by_user(user_uuid, conn).await.into_iter().collect();
|
cipher_folders = FolderCipher::find_by_user(user_uuid, conn).await.into_iter().collect();
|
||||||
@ -1760,7 +1760,7 @@ impl CipherSyncData {
|
|||||||
// Generate a HashSet of all the Cipher UUID's which are marked as favorite
|
// Generate a HashSet of all the Cipher UUID's which are marked as favorite
|
||||||
cipher_favorites = Favorite::get_all_cipher_uuid_by_user(user_uuid, conn).await.into_iter().collect();
|
cipher_favorites = Favorite::get_all_cipher_uuid_by_user(user_uuid, conn).await.into_iter().collect();
|
||||||
}
|
}
|
||||||
// Organization Sync does not support Folders and Favorits.
|
// Organization Sync does not support Folders and Favorites.
|
||||||
// If these are set, it will cause issues in the web-vault.
|
// If these are set, it will cause issues in the web-vault.
|
||||||
CipherSyncType::Organization => {
|
CipherSyncType::Organization => {
|
||||||
cipher_folders = HashMap::with_capacity(0);
|
cipher_folders = HashMap::with_capacity(0);
|
||||||
@ -1805,7 +1805,7 @@ impl CipherSyncData {
|
|||||||
.map(|collection_group| (collection_group.collections_uuid.clone(), collection_group))
|
.map(|collection_group| (collection_group.collections_uuid.clone(), collection_group))
|
||||||
.collect();
|
.collect();
|
||||||
|
|
||||||
// Get all organizations that the user has full access to via group assignement
|
// Get all organizations that the user has full access to via group assignment
|
||||||
let user_group_full_access_for_organizations: HashSet<String> =
|
let user_group_full_access_for_organizations: HashSet<String> =
|
||||||
Group::gather_user_organizations_full_access(user_uuid, conn).await.into_iter().collect();
|
Group::gather_user_organizations_full_access(user_uuid, conn).await.into_iter().collect();
|
||||||
|
|
||||||
|
@ -319,7 +319,7 @@ async fn accept_invite(emer_id: &str, data: JsonUpcase<AcceptData>, headers: Hea
|
|||||||
let claims = decode_emergency_access_invite(token)?;
|
let claims = decode_emergency_access_invite(token)?;
|
||||||
|
|
||||||
// This can happen if the user who received the invite used a different email to signup.
|
// This can happen if the user who received the invite used a different email to signup.
|
||||||
// Since we do not know if this is intented, we error out here and do nothing with the invite.
|
// Since we do not know if this is intended, we error out here and do nothing with the invite.
|
||||||
if claims.email != headers.user.email {
|
if claims.email != headers.user.email {
|
||||||
err!("Claim email does not match current users email")
|
err!("Claim email does not match current users email")
|
||||||
}
|
}
|
||||||
|
@ -1520,9 +1520,9 @@ async fn bulk_public_keys(
|
|||||||
let data: OrgBulkIds = data.into_inner().data;
|
let data: OrgBulkIds = data.into_inner().data;
|
||||||
|
|
||||||
let mut bulk_response = Vec::new();
|
let mut bulk_response = Vec::new();
|
||||||
// Check all received UserOrg UUID's and find the matching User to retreive the public-key.
|
// Check all received UserOrg UUID's and find the matching User to retrieve the public-key.
|
||||||
// If the user does not exists, just ignore it, and do not return any information regarding that UserOrg UUID.
|
// If the user does not exists, just ignore it, and do not return any information regarding that UserOrg UUID.
|
||||||
// The web-vault will then ignore that user for the folowing steps.
|
// The web-vault will then ignore that user for the following steps.
|
||||||
for user_org_id in data.Ids {
|
for user_org_id in data.Ids {
|
||||||
match UserOrganization::find_by_uuid_and_org(&user_org_id, org_id, &mut conn).await {
|
match UserOrganization::find_by_uuid_and_org(&user_org_id, org_id, &mut conn).await {
|
||||||
Some(user_org) => match User::find_by_uuid(&user_org.user_uuid, &mut conn).await {
|
Some(user_org) => match User::find_by_uuid(&user_org.user_uuid, &mut conn).await {
|
||||||
@ -1882,7 +1882,7 @@ async fn import(org_id: &str, data: JsonUpcase<OrgImportData>, headers: Headers,
|
|||||||
// This means that this endpoint can end up removing users that were added manually by an admin,
|
// This means that this endpoint can end up removing users that were added manually by an admin,
|
||||||
// as opposed to upstream which only removes auto-imported users.
|
// as opposed to upstream which only removes auto-imported users.
|
||||||
|
|
||||||
// User needs to be admin or owner to use the Directry Connector
|
// User needs to be admin or owner to use the Directory Connector
|
||||||
match UserOrganization::find_by_user_and_org(&headers.user.uuid, org_id, &mut conn).await {
|
match UserOrganization::find_by_user_and_org(&headers.user.uuid, org_id, &mut conn).await {
|
||||||
Some(user_org) if user_org.atype >= UserOrgType::Admin => { /* Okay, nothing to do */ }
|
Some(user_org) if user_org.atype >= UserOrgType::Admin => { /* Okay, nothing to do */ }
|
||||||
Some(_) => err!("User has insufficient permissions to use Directory Connector"),
|
Some(_) => err!("User has insufficient permissions to use Directory Connector"),
|
||||||
@ -2897,7 +2897,7 @@ async fn put_reset_password_enrollment(
|
|||||||
|
|
||||||
// This is a new function active since the v2022.9.x clients.
|
// This is a new function active since the v2022.9.x clients.
|
||||||
// It combines the previous two calls done before.
|
// It combines the previous two calls done before.
|
||||||
// We call those two functions here and combine them our selfs.
|
// We call those two functions here and combine them ourselves.
|
||||||
//
|
//
|
||||||
// NOTE: It seems clients can't handle uppercase-first keys!!
|
// NOTE: It seems clients can't handle uppercase-first keys!!
|
||||||
// We need to convert all keys so they have the first character to be a lowercase.
|
// We need to convert all keys so they have the first character to be a lowercase.
|
||||||
|
@ -177,7 +177,7 @@ pub async fn validate_totp_code(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Else no valide code received, deny access
|
// Else no valid code received, deny access
|
||||||
err!(
|
err!(
|
||||||
format!("Invalid TOTP code! Server time: {} IP: {}", current_time.format("%F %T UTC"), ip.ip),
|
format!("Invalid TOTP code! Server time: {} IP: {}", current_time.format("%F %T UTC"), ip.ip),
|
||||||
ErrorEvent {
|
ErrorEvent {
|
||||||
|
@ -534,11 +534,11 @@ async fn get_icon_url(domain: &str) -> Result<IconUrlResult, Error> {
|
|||||||
let mut referer = String::new();
|
let mut referer = String::new();
|
||||||
|
|
||||||
if let Ok(content) = resp {
|
if let Ok(content) = resp {
|
||||||
// Extract the URL from the respose in case redirects occured (like @ gitlab.com)
|
// Extract the URL from the response in case redirects occurred (like @ gitlab.com)
|
||||||
let url = content.url().clone();
|
let url = content.url().clone();
|
||||||
|
|
||||||
// Set the referer to be used on the final request, some sites check this.
|
// Set the referer to be used on the final request, some sites check this.
|
||||||
// Mostly used to prevent direct linking and other security resons.
|
// Mostly used to prevent direct linking and other security reasons.
|
||||||
referer = url.to_string();
|
referer = url.to_string();
|
||||||
|
|
||||||
// Add the fallback favicon.ico and apple-touch-icon.png to the list with the domain the content responded from.
|
// Add the fallback favicon.ico and apple-touch-icon.png to the list with the domain the content responded from.
|
||||||
@ -638,7 +638,7 @@ fn get_icon_priority(href: &str, sizes: &str) -> u8 {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Returns a Tuple with the width and hight as a seperate value extracted from the sizes attribute
|
/// Returns a Tuple with the width and height as a separate value extracted from the sizes attribute
|
||||||
/// It will return 0 for both values if no match has been found.
|
/// It will return 0 for both values if no match has been found.
|
||||||
///
|
///
|
||||||
/// # Arguments
|
/// # Arguments
|
||||||
|
@ -469,7 +469,7 @@ async fn twofactor_auth(
|
|||||||
TwoFactorIncomplete::mark_incomplete(user_uuid, &device.uuid, &device.name, ip, conn).await?;
|
TwoFactorIncomplete::mark_incomplete(user_uuid, &device.uuid, &device.name, ip, conn).await?;
|
||||||
|
|
||||||
let twofactor_ids: Vec<_> = twofactors.iter().map(|tf| tf.atype).collect();
|
let twofactor_ids: Vec<_> = twofactors.iter().map(|tf| tf.atype).collect();
|
||||||
let selected_id = data.two_factor_provider.unwrap_or(twofactor_ids[0]); // If we aren't given a two factor provider, asume the first one
|
let selected_id = data.two_factor_provider.unwrap_or(twofactor_ids[0]); // If we aren't given a two factor provider, assume the first one
|
||||||
|
|
||||||
let twofactor_code = match data.two_factor_token {
|
let twofactor_code = match data.two_factor_token {
|
||||||
Some(ref code) => code,
|
Some(ref code) => code,
|
||||||
|
@ -116,7 +116,7 @@ pub async fn unregister_push_device(uuid: String) -> EmptyResult {
|
|||||||
.await
|
.await
|
||||||
{
|
{
|
||||||
Ok(r) => r,
|
Ok(r) => r,
|
||||||
Err(e) => err!(format!("An error occured during device unregistration: {e}")),
|
Err(e) => err!(format!("An error occurred during device unregistration: {e}")),
|
||||||
};
|
};
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
@ -252,7 +252,7 @@ async fn send_to_push_relay(notification_data: Value) {
|
|||||||
.send()
|
.send()
|
||||||
.await
|
.await
|
||||||
{
|
{
|
||||||
error!("An error occured while sending a send update to the push relay: {}", e);
|
error!("An error occurred while sending a send update to the push relay: {}", e);
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -12,7 +12,7 @@ use crate::{
|
|||||||
};
|
};
|
||||||
|
|
||||||
pub fn routes() -> Vec<Route> {
|
pub fn routes() -> Vec<Route> {
|
||||||
// If addding more routes here, consider also adding them to
|
// If adding more routes here, consider also adding them to
|
||||||
// crate::utils::LOGGED_ROUTES to make sure they appear in the log
|
// crate::utils::LOGGED_ROUTES to make sure they appear in the log
|
||||||
let mut routes = routes![attachments, alive, alive_head, static_files];
|
let mut routes = routes![attachments, alive, alive_head, static_files];
|
||||||
if CONFIG.web_vault_enabled() {
|
if CONFIG.web_vault_enabled() {
|
||||||
|
@ -126,7 +126,7 @@ macro_rules! make_config {
|
|||||||
|
|
||||||
if show_overrides && !overrides.is_empty() {
|
if show_overrides && !overrides.is_empty() {
|
||||||
// We can't use warn! here because logging isn't setup yet.
|
// We can't use warn! here because logging isn't setup yet.
|
||||||
println!("[WARNING] The following environment variables are being overriden by the config.json file.");
|
println!("[WARNING] The following environment variables are being overridden by the config.json file.");
|
||||||
println!("[WARNING] Please use the admin panel to make changes to them:");
|
println!("[WARNING] Please use the admin panel to make changes to them:");
|
||||||
println!("[WARNING] {}\n", overrides.join(", "));
|
println!("[WARNING] {}\n", overrides.join(", "));
|
||||||
}
|
}
|
||||||
@ -164,7 +164,7 @@ macro_rules! make_config {
|
|||||||
)+)+
|
)+)+
|
||||||
|
|
||||||
pub fn prepare_json(&self) -> serde_json::Value {
|
pub fn prepare_json(&self) -> serde_json::Value {
|
||||||
let (def, cfg, overriden) = {
|
let (def, cfg, overridden) = {
|
||||||
let inner = &self.inner.read().unwrap();
|
let inner = &self.inner.read().unwrap();
|
||||||
(inner._env.build(), inner.config.clone(), inner._overrides.clone())
|
(inner._env.build(), inner.config.clone(), inner._overrides.clone())
|
||||||
};
|
};
|
||||||
@ -211,7 +211,7 @@ macro_rules! make_config {
|
|||||||
element.insert("default".into(), serde_json::to_value(def.$name).unwrap());
|
element.insert("default".into(), serde_json::to_value(def.$name).unwrap());
|
||||||
element.insert("type".into(), (_get_form_type(stringify!($ty))).into());
|
element.insert("type".into(), (_get_form_type(stringify!($ty))).into());
|
||||||
element.insert("doc".into(), (_get_doc(concat!($($doc),+))).into());
|
element.insert("doc".into(), (_get_doc(concat!($($doc),+))).into());
|
||||||
element.insert("overridden".into(), (overriden.contains(&paste::paste!(stringify!([<$name:upper>])).into())).into());
|
element.insert("overridden".into(), (overridden.contains(&paste::paste!(stringify!([<$name:upper>])).into())).into());
|
||||||
element
|
element
|
||||||
}),
|
}),
|
||||||
)+
|
)+
|
||||||
|
@ -396,7 +396,7 @@ impl UserOrganization {
|
|||||||
let user = User::find_by_uuid(&self.user_uuid, conn).await.unwrap();
|
let user = User::find_by_uuid(&self.user_uuid, conn).await.unwrap();
|
||||||
|
|
||||||
// Because BitWarden want the status to be -1 for revoked users we need to catch that here.
|
// Because BitWarden want the status to be -1 for revoked users we need to catch that here.
|
||||||
// We subtract/add a number so we can restore/activate the user to it's previouse state again.
|
// We subtract/add a number so we can restore/activate the user to it's previous state again.
|
||||||
let status = if self.status < UserOrgStatus::Revoked as i32 {
|
let status = if self.status < UserOrgStatus::Revoked as i32 {
|
||||||
UserOrgStatus::Revoked as i32
|
UserOrgStatus::Revoked as i32
|
||||||
} else {
|
} else {
|
||||||
@ -475,7 +475,7 @@ impl UserOrganization {
|
|||||||
};
|
};
|
||||||
|
|
||||||
// Because BitWarden want the status to be -1 for revoked users we need to catch that here.
|
// Because BitWarden want the status to be -1 for revoked users we need to catch that here.
|
||||||
// We subtract/add a number so we can restore/activate the user to it's previouse state again.
|
// We subtract/add a number so we can restore/activate the user to it's previous state again.
|
||||||
let status = if self.status < UserOrgStatus::Revoked as i32 {
|
let status = if self.status < UserOrgStatus::Revoked as i32 {
|
||||||
UserOrgStatus::Revoked as i32
|
UserOrgStatus::Revoked as i32
|
||||||
} else {
|
} else {
|
||||||
|
Loading…
Reference in New Issue
Block a user