Since the feature `Login with device` some actions done via the
web-vault need to be verified via an OTP instead of providing the MasterPassword.
This only happens if a user used the `Login with device` on a device
which uses either Biometrics login or PIN. These actions prevent the
athorizing device to send the MasterPasswordHash. When this happens, the
web-vault requests an OTP to be filled-in and this OTP is send to the
users email address which is the same as the email address to login.
The only way to bypass this is by logging in with the your password, in
those cases a password is requested instead of an OTP.
In case SMTP is not enabled, it will show an error message telling to
user to login using there password.
Fixes #4042
The bake recipt was missing the single `:alpine` tag for the alpine
builds when we were releasing a `stable/latest` version of Vaultwarden.
This PR fixes this by checking for those conditions and add the
`:alpine` tag too.
We will keep the `:latest-alpine` also, which i find even nicer then just
`:alpine`
Fixes #4035
When importing Bitwarden JSON exports, these would fail because the last
modification date was also imported and caused our out-off-sync check to
kick-in. This PR fixes this by checking if we are doing an import, and
skip this check.
Fixes #4005
MariaDB/MySQL doesn't like the normal `"` quotes around the column name.
This needs to be a backtick **`**.
This PR changes the migration script to fix this issue.
Fixes #3993
* WIP: Container building changes
* Small updates
- Updated to rust 1.73.0
- Updated crates
- Updated documentation
- Added a bake.sh script to make baking easier
* Update GitHub Actions Workflow
- Updated workflow to use qemu and buildx bake
In the future i would like to extract the alpine based binaries and add
them as artifacts to the release.
* Address review remarks and small updates
- Addressed review remarks
- Added `podman-bake.sh` script to build Vaultwarden with podman
- Updated README
- Updated crates
- Added `VW_VERSION` support
- Added annotations
- Updated web-vault to v2023.9.1
* Update twofactor_email.hbs subject line to avoid triggering gmail content filter
Previous subject line was triggering Google's spam blocker, breaking the 2FA setup process if a gmail SMTP server is configured. The new subject line does not (currently) run afoul of Google's filter.
* Update twofactor_email.html.hbs subject line to avoid triggering gmail content filter
Previous subject line was triggering Google's spam blocker, breaking the 2FA setup process if a gmail SMTP server is configured. The new subject line does not (currently) run afoul of Google's filter.
* Update twofactor_email.hbs
Changed "Confirmation" to "Verification" for the sake of internal consistency
* Update twofactor_email.hbs
* Update twofactor_email.html.hbs
While working on the fix I realised the location where the `external_id`
is stored was wrong. It was stored in the `users` table, but it actually
should have been stored in the `users_organizations` table.
This will move the column to the right table. It will not move the
values of the `external_id` column, because if there are more
organizations, there is no way to really know which organization it is
linked to. Setups using the Directory Connector can clear the sync
cache, and sync again, that will store all the `external_id` values at
the right location.
Also changed the function to revoke,restore an org-user and set_external_id to return a boolean.
It will state if the value has been changed or not, and if not, we can
prevent a `save` call to the database.
The `users` table is not changed to remove the `external_id` column, thi
to prevent issue when users want to revert back to an earlier version
for some reason. We can do this after a few minor release i think.
Fixes #3777
The PostgreSQL migrations do not need this setting.
I tested this by running an old Vaultwarden instance (v1.18.0) on a new
PostrgreSQL database, created a few users and some vault items, after
that run the new code and it doesn't break.
Fixes #3930
During a WebSocket connection we currently also send several headers
which could cause issues with some reverse proxy, or with the CloudFlare
tunnel for example. This PR resolves these issues.
Fixes #3881
It looks like either something changed in the latest v2023.8.x versions,
or when using Biometrics to login, but the MasterPasswordHash is an
optional value during the Approve action.
This PR makes the MasterPasswordHash an optional value which resolves
this issues. Bitwarden works the same way.
I also changed the EncKey to an Option in the database since empty
strings as a default value is not nice in databases, better to use
`null` in these cases.
Fixes #3819
- Updated the admin interface dependencies.
- Replace bootstrap-native with bootstrap
- Added auto theme with an option to switch to dark/light
- Some small color changes
- Added an dev only function to always load static files from disk