lasers/bitwarden_rs
1
0
Fork 0
mirror of https://github.com/dani-garcia/bitwarden_rs synced 2024-11-10 20:49:51 +01:00
Code Issues Projects Releases Wiki Activity
4219249e11
bitwarden_rs/src/db/models/user.rs

452 lines
15 KiB
Rust
Raw Normal View History

Added web-vault v2.21.x support + some misc fixes - The new web-vault v2.21.0+ has support for Master Password Reset. For this to work it generates a public/private key-pair which needs to be stored in the database. Currently the Master Password Reset is not fixed, but there are endpoints which are needed even if we do not support this feature (yet). This PR fixes those endpoints, and stores the keys already in the database. - There was an issue when you want to do a key-rotate when you change your password, it also called an Emergency Access endpoint, which we do not yet support. Because this endpoint failed to reply correctly produced some errors, and also prevent the user from being forced to logout. This resolves #1826 by adding at least that endpoint. Because of that extra endpoint check to Emergency Access is done using an old user stamp, i also modified the stamp exception to allow multiple rocket routes to be called, and added an expiration timestamp to it. During these tests i stumbled upon an issue that after my key-change was done, it triggered the websockets to try and reload my ciphers, because they were updated. This shouldn't happen when rotating they keys, since all access should be invalided. Now there will be no websocket notification for this, which also prevents error toasts. - Increased Send Size limit to 500MB (with a litle overhead) As a side note, i tested these changes on both v2.20.4 and v2.21.1 web-vault versions, all keeps working.
2021-07-04 23:02:56 +02:00
use chrono::{Duration, NaiveDateTime, Utc};
Updated bw_rs to Rocket version 0.4-rc1
2018-10-10 20:40:39 +02:00
use serde_json::Value;
First working version
2018-02-10 01:00:55 +01:00
Migrate to rust 2018 edition
2018-12-07 02:05:45 +01:00
use crate::crypto;
use crate::CONFIG;
First working version
2018-02-10 01:00:55 +01:00
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
db_object! {
Remove debug impl from database structs This is only implemented for the database specific structs, which is not what we want
2021-03-13 22:04:04 +01:00
#[derive(Identifiable, Queryable, Insertable, AsChangeset)]
Update to diesel2
2022-05-20 23:39:47 +02:00
#[diesel(table_name = users)]
#[diesel(treat_none_as_null = true)]
#[diesel(primary_key(uuid))]
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
pub struct User {
pub uuid: String,
Implement admin ability to enable/disable users
2020-11-30 23:12:56 +01:00
pub enabled: bool,
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
pub created_at: NaiveDateTime,
pub updated_at: NaiveDateTime,
pub verified_at: Option<NaiveDateTime>,
pub last_verifying_at: Option<NaiveDateTime>,
pub login_verify_count: i32,
pub email: String,
pub email_new: Option<String>,
pub email_new_token: Option<String>,
pub name: String,
pub password_hash: Vec<u8>,
pub salt: Vec<u8>,
pub password_iterations: i32,
pub password_hint: Option<String>,
pub akey: String,
pub private_key: Option<String>,
pub public_key: Option<String>,
Update to diesel2
2022-05-20 23:39:47 +02:00
#[diesel(column_name = "totp_secret")] // Note, this is only added to the UserDb structs, not to User
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
_totp_secret: Option<String>,
pub totp_recover: Option<String>,
pub security_stamp: String,
Fix Key Rotation during password change When ticking the 'Also rotate my account's encryption key' box, the key rotated ciphers are posted after the change of password. During the password change the security stamp was reseted which made the posted key's return an invalid auth. This reset is needed to prevent other clients from still being able to read/write. This fixes this by adding a new database column which stores a stamp exception which includes the allowed route and the current security stamp before it gets reseted. When the security stamp check fails it will check if there is a stamp exception and tries to match the route and security stamp. Currently it only allows for one exception. But if needed we could expand it by using a Vec<UserStampException> and change the functions accordingly. fixes #1240
2020-12-14 19:58:23 +01:00
pub stamp_exception: Option<String>,
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
pub equivalent_domains: String,
pub excluded_globals: String,
pub client_kdf_type: i32,
pub client_kdf_iter: i32,
add argon2 kdf fields
2023-02-01 03:26:23 +01:00
pub client_kdf_memory: Option<i32>,
pub client_kdf_parallelism: Option<i32>,
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 11:51:26 +01:00
pub api_key: Option<String>,
Add avatar color support The new web-vault v2023.1.0 supports a custom color for the avatar. https://github.com/bitwarden/server/pull/2330 This PR adds this feature.
2023-01-11 21:45:11 +01:00
pub avatar_color: Option<String>,
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 11:51:26 +01:00
}
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
Remove debug impl from database structs This is only implemented for the database specific structs, which is not what we want
2021-03-13 22:04:04 +01:00
#[derive(Identifiable, Queryable, Insertable)]
Update to diesel2
2022-05-20 23:39:47 +02:00
#[diesel(table_name = invitations)]
#[diesel(primary_key(email))]
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
pub struct Invitation {
pub email: String,
}
First working version
2018-02-10 01:00:55 +01:00
}
add argon2 kdf fields
2023-02-01 03:26:23 +01:00
pub enum UserKdfType {
Pbkdf2 = 0,
Argon2id = 1,
}
Implement better user status API, in the future we'll probably want a way to disable users. We should migrate from the empty password hash to a separate column then.
2019-04-13 00:01:52 +02:00
enum UserStatus {
Enabled = 0,
Invited = 1,
_Disabled = 2,
}
Fix Key Rotation during password change When ticking the 'Also rotate my account's encryption key' box, the key rotated ciphers are posted after the change of password. During the password change the security stamp was reseted which made the posted key's return an invalid auth. This reset is needed to prevent other clients from still being able to read/write. This fixes this by adding a new database column which stores a stamp exception which includes the allowed route and the current security stamp before it gets reseted. When the security stamp check fails it will check if there is a stamp exception and tries to match the route and security stamp. Currently it only allows for one exception. But if needed we could expand it by using a Vec<UserStampException> and change the functions accordingly. fixes #1240
2020-12-14 19:58:23 +01:00
#[derive(Serialize, Deserialize)]
pub struct UserStampException {
Added web-vault v2.21.x support + some misc fixes - The new web-vault v2.21.0+ has support for Master Password Reset. For this to work it generates a public/private key-pair which needs to be stored in the database. Currently the Master Password Reset is not fixed, but there are endpoints which are needed even if we do not support this feature (yet). This PR fixes those endpoints, and stores the keys already in the database. - There was an issue when you want to do a key-rotate when you change your password, it also called an Emergency Access endpoint, which we do not yet support. Because this endpoint failed to reply correctly produced some errors, and also prevent the user from being forced to logout. This resolves #1826 by adding at least that endpoint. Because of that extra endpoint check to Emergency Access is done using an old user stamp, i also modified the stamp exception to allow multiple rocket routes to be called, and added an expiration timestamp to it. During these tests i stumbled upon an issue that after my key-change was done, it triggered the websockets to try and reload my ciphers, because they were updated. This shouldn't happen when rotating they keys, since all access should be invalided. Now there will be no websocket notification for this, which also prevents error toasts. - Increased Send Size limit to 500MB (with a litle overhead) As a side note, i tested these changes on both v2.20.4 and v2.21.1 web-vault versions, all keeps working.
2021-07-04 23:02:56 +02:00
pub routes: Vec<String>,
Run `cargo fmt` on codebase
2021-03-31 22:18:35 +02:00
pub security_stamp: String,
Added web-vault v2.21.x support + some misc fixes - The new web-vault v2.21.0+ has support for Master Password Reset. For this to work it generates a public/private key-pair which needs to be stored in the database. Currently the Master Password Reset is not fixed, but there are endpoints which are needed even if we do not support this feature (yet). This PR fixes those endpoints, and stores the keys already in the database. - There was an issue when you want to do a key-rotate when you change your password, it also called an Emergency Access endpoint, which we do not yet support. Because this endpoint failed to reply correctly produced some errors, and also prevent the user from being forced to logout. This resolves #1826 by adding at least that endpoint. Because of that extra endpoint check to Emergency Access is done using an old user stamp, i also modified the stamp exception to allow multiple rocket routes to be called, and added an expiration timestamp to it. During these tests i stumbled upon an issue that after my key-change was done, it triggered the websockets to try and reload my ciphers, because they were updated. This shouldn't happen when rotating they keys, since all access should be invalided. Now there will be no websocket notification for this, which also prevents error toasts. - Increased Send Size limit to 500MB (with a litle overhead) As a side note, i tested these changes on both v2.20.4 and v2.21.1 web-vault versions, all keeps working.
2021-07-04 23:02:56 +02:00
pub expire: i64,
Fix Key Rotation during password change When ticking the 'Also rotate my account's encryption key' box, the key rotated ciphers are posted after the change of password. During the password change the security stamp was reseted which made the posted key's return an invalid auth. This reset is needed to prevent other clients from still being able to read/write. This fixes this by adding a new database column which stores a stamp exception which includes the allowed route and the current security stamp before it gets reseted. When the security stamp check fails it will check if there is a stamp exception and tries to match the route and security stamp. Currently it only allows for one exception. But if needed we could expand it by using a Vec<UserStampException> and change the functions accordingly. fixes #1240
2020-12-14 19:58:23 +01:00
}
First working version
2018-02-10 01:00:55 +01:00
/// Local methods
impl User {
add argon2 kdf fields
2023-02-01 03:26:23 +01:00
pub const CLIENT_KDF_TYPE_DEFAULT: i32 = UserKdfType::Pbkdf2 as i32;
Update KDF Configuration and processing - Change default Password Hash KDF Storage from 100_000 to 600_000 iterations - Update Password Hash when the default iteration value is different - Validate password_iterations - Validate client-side KDF to prevent it from being set lower than 100_000
2023-01-24 13:06:31 +01:00
pub const CLIENT_KDF_ITER_DEFAULT: i32 = 600_000;
Implement KDF iterations change (Fixes #195)
2018-09-19 17:30:14 +02:00
Fix issue when using uppercase chars in emails In the case when SMTP is disabled and. when inviting new users either via the admin interface or into an organization and using uppercase letters, this would fail for those users to be able to register since the checks which were done are case-sensitive and never matched. This PR fixes that issue by ensuring everything is lowercase. Fixes #1963
2021-09-09 13:50:18 +02:00
pub fn new(email: String) -> Self {
First working version
2018-02-10 01:00:55 +01:00
let now = Utc::now().naive_utc();
Fix issue when using uppercase chars in emails In the case when SMTP is disabled and. when inviting new users either via the admin interface or into an organization and using uppercase letters, this would fail for those users to be able to register since the checks which were done are case-sensitive and never matched. This PR fixes that issue by ensuring everything is lowercase. Fixes #1963
2021-09-09 13:50:18 +02:00
let email = email.to_lowercase();
First working version
2018-02-10 01:00:55 +01:00
Upload and download attachments, and added License file
2018-02-15 00:40:34 +01:00
Self {
Remove some required values during login, now uses default values
2018-12-07 14:32:40 +01:00
uuid: crate::util::get_uuid(),
Implement admin ability to enable/disable users
2020-11-30 23:12:56 +01:00
enabled: true,
First working version
2018-02-10 01:00:55 +01:00
created_at: now,
updated_at: now,
Implement change-email, email-verification, account-recovery, and welcome notifications
2019-11-25 06:28:49 +01:00
verified_at: None,
last_verifying_at: None,
login_verify_count: 0,
First working version
2018-02-10 01:00:55 +01:00
name: email.clone(),
email,
Rework migrations for MySQL
2019-05-20 21:12:41 +02:00
akey: String::new(),
Implement change-email, email-verification, account-recovery, and welcome notifications
2019-11-25 06:28:49 +01:00
email_new: None,
email_new_token: None,
First working version
2018-02-10 01:00:55 +01:00
Modify User::new to be keyless and paswordless
2018-09-11 15:25:12 +02:00
password_hash: Vec::new(),
Remove get_random_64() Its uses are replaced by get_randm_bytes() or encode_random_bytes().
2022-11-13 10:03:04 +01:00
salt: crypto::get_random_bytes::<64>().to_vec(),
Change config to thread-safe system, needed for a future config panel. Improved some two factor methods.
2019-01-25 18:23:51 +01:00
password_iterations: CONFIG.password_iterations(),
First working version
2018-02-10 01:00:55 +01:00
Remove some required values during login, now uses default values
2018-12-07 14:32:40 +01:00
security_stamp: crate::util::get_uuid(),
Fix Key Rotation during password change When ticking the 'Also rotate my account's encryption key' box, the key rotated ciphers are posted after the change of password. During the password change the security stamp was reseted which made the posted key's return an invalid auth. This reset is needed to prevent other clients from still being able to read/write. This fixes this by adding a new database column which stores a stamp exception which includes the allowed route and the current security stamp before it gets reseted. When the security stamp check fails it will check if there is a stamp exception and tries to match the route and security stamp. Currently it only allows for one exception. But if needed we could expand it by using a Vec<UserStampException> and change the functions accordingly. fixes #1240
2020-12-14 19:58:23 +01:00
stamp_exception: None,
First working version
2018-02-10 01:00:55 +01:00
password_hint: None,
private_key: None,
public_key: None,
Start using rustfmt and some style changes to make some lines shorter
2018-12-30 23:34:31 +01:00
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
_totp_secret: None,
First working version
2018-02-10 01:00:55 +01:00
totp_recover: None,
Upload and download attachments, and added License file
2018-02-15 00:40:34 +01:00
equivalent_domains: "[]".to_string(),
excluded_globals: "[]".to_string(),
Start using rustfmt and some style changes to make some lines shorter
2018-12-30 23:34:31 +01:00
Implement KDF iterations change (Fixes #195)
2018-09-19 17:30:14 +02:00
client_kdf_type: Self::CLIENT_KDF_TYPE_DEFAULT,
client_kdf_iter: Self::CLIENT_KDF_ITER_DEFAULT,
add argon2 kdf fields
2023-02-01 03:26:23 +01:00
client_kdf_memory: None,
client_kdf_parallelism: None,
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 11:51:26 +01:00
api_key: None,
Add avatar color support The new web-vault v2023.1.0 supports a custom color for the avatar. https://github.com/bitwarden/server/pull/2330 This PR adds this feature.
2023-01-11 21:45:11 +01:00
avatar_color: None,
First working version
2018-02-10 01:00:55 +01:00
}
}
pub fn check_valid_password(&self, password: &str) -> bool {
Start using rustfmt and some style changes to make some lines shorter
2018-12-30 23:34:31 +01:00
crypto::verify_password_hash(
password.as_bytes(),
&self.salt,
&self.password_hash,
self.password_iterations as u32,
)
First working version
2018-02-10 01:00:55 +01:00
}
Improved error messagees, implemented delete ciphers, attachments and account, implemented two factor recovery. Known missing: - import ciphers, create ciphers types other than login and card, update ciphers - clear and put device_tokens - Equivalent domains - Organizations
2018-02-15 19:05:57 +01:00
pub fn check_valid_recovery_code(&self, recovery_code: &str) -> bool {
if let Some(ref totp_recover) = self.totp_recover {
Implement constant time equal check for admin, 2fa recover and 2fa remember tokens
2019-02-11 23:45:55 +01:00
crate::crypto::ct_eq(recovery_code, totp_recover.to_lowercase())
Improved error messagees, implemented delete ciphers, attachments and account, implemented two factor recovery. Known missing: - import ciphers, create ciphers types other than login and card, update ciphers - clear and put device_tokens - Equivalent domains - Organizations
2018-02-15 19:05:57 +01:00
} else {
false
}
}
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 11:51:26 +01:00
pub fn check_valid_api_key(&self, key: &str) -> bool {
matches!(self.api_key, Some(ref api_key) if crate::crypto::ct_eq(api_key, key))
}
Fix Key Rotation during password change When ticking the 'Also rotate my account's encryption key' box, the key rotated ciphers are posted after the change of password. During the password change the security stamp was reseted which made the posted key's return an invalid auth. This reset is needed to prevent other clients from still being able to read/write. This fixes this by adding a new database column which stores a stamp exception which includes the allowed route and the current security stamp before it gets reseted. When the security stamp check fails it will check if there is a stamp exception and tries to match the route and security stamp. Currently it only allows for one exception. But if needed we could expand it by using a Vec<UserStampException> and change the functions accordingly. fixes #1240
2020-12-14 19:58:23 +01:00
/// Set the password hash generated
/// And resets the security_stamp. Based upon the allow_next_route the security_stamp will be different.
///
/// # Arguments
///
/// * `password` - A str which contains a hashed version of the users master password.
include key into user.set_password
2023-01-14 10:16:03 +01:00
/// * `new_key` - A String which contains the new aKey value of the users master password.
Added web-vault v2.21.x support + some misc fixes - The new web-vault v2.21.0+ has support for Master Password Reset. For this to work it generates a public/private key-pair which needs to be stored in the database. Currently the Master Password Reset is not fixed, but there are endpoints which are needed even if we do not support this feature (yet). This PR fixes those endpoints, and stores the keys already in the database. - There was an issue when you want to do a key-rotate when you change your password, it also called an Emergency Access endpoint, which we do not yet support. Because this endpoint failed to reply correctly produced some errors, and also prevent the user from being forced to logout. This resolves #1826 by adding at least that endpoint. Because of that extra endpoint check to Emergency Access is done using an old user stamp, i also modified the stamp exception to allow multiple rocket routes to be called, and added an expiration timestamp to it. During these tests i stumbled upon an issue that after my key-change was done, it triggered the websockets to try and reload my ciphers, because they were updated. This shouldn't happen when rotating they keys, since all access should be invalided. Now there will be no websocket notification for this, which also prevents error toasts. - Increased Send Size limit to 500MB (with a litle overhead) As a side note, i tested these changes on both v2.20.4 and v2.21.1 web-vault versions, all keeps working.
2021-07-04 23:02:56 +02:00
/// * `allow_next_route` - A Option<Vec<String>> with the function names of the next allowed (rocket) routes.
/// These routes are able to use the previous stamp id for the next 2 minutes.
/// After these 2 minutes this stamp will expire.
Fix Key Rotation during password change When ticking the 'Also rotate my account's encryption key' box, the key rotated ciphers are posted after the change of password. During the password change the security stamp was reseted which made the posted key's return an invalid auth. This reset is needed to prevent other clients from still being able to read/write. This fixes this by adding a new database column which stores a stamp exception which includes the allowed route and the current security stamp before it gets reseted. When the security stamp check fails it will check if there is a stamp exception and tries to match the route and security stamp. Currently it only allows for one exception. But if needed we could expand it by using a Vec<UserStampException> and change the functions accordingly. fixes #1240
2020-12-14 19:58:23 +01:00
///
include key into user.set_password
2023-01-14 10:16:03 +01:00
pub fn set_password(
&mut self,
password: &str,
new_key: Option<String>,
reset_security_stamp: bool,
allow_next_route: Option<Vec<String>>,
) {
Start using rustfmt and some style changes to make some lines shorter
2018-12-30 23:34:31 +01:00
self.password_hash = crypto::hash_password(password.as_bytes(), &self.salt, self.password_iterations as u32);
Fix Key Rotation during password change When ticking the 'Also rotate my account's encryption key' box, the key rotated ciphers are posted after the change of password. During the password change the security stamp was reseted which made the posted key's return an invalid auth. This reset is needed to prevent other clients from still being able to read/write. This fixes this by adding a new database column which stores a stamp exception which includes the allowed route and the current security stamp before it gets reseted. When the security stamp check fails it will check if there is a stamp exception and tries to match the route and security stamp. Currently it only allows for one exception. But if needed we could expand it by using a Vec<UserStampException> and change the functions accordingly. fixes #1240
2020-12-14 19:58:23 +01:00
if let Some(route) = allow_next_route {
self.set_stamp_exception(route);
}
include key into user.set_password
2023-01-14 10:16:03 +01:00
if let Some(new_key) = new_key {
self.akey = new_key;
}
Update KDF Configuration and processing - Change default Password Hash KDF Storage from 100_000 to 600_000 iterations - Update Password Hash when the default iteration value is different - Validate password_iterations - Validate client-side KDF to prevent it from being set lower than 100_000
2023-01-24 13:06:31 +01:00
if reset_security_stamp {
self.reset_security_stamp()
}
First working version
2018-02-10 01:00:55 +01:00
}
pub fn reset_security_stamp(&mut self) {
Remove some required values during login, now uses default values
2018-12-07 14:32:40 +01:00
self.security_stamp = crate::util::get_uuid();
First working version
2018-02-10 01:00:55 +01:00
}
Fix Key Rotation during password change When ticking the 'Also rotate my account's encryption key' box, the key rotated ciphers are posted after the change of password. During the password change the security stamp was reseted which made the posted key's return an invalid auth. This reset is needed to prevent other clients from still being able to read/write. This fixes this by adding a new database column which stores a stamp exception which includes the allowed route and the current security stamp before it gets reseted. When the security stamp check fails it will check if there is a stamp exception and tries to match the route and security stamp. Currently it only allows for one exception. But if needed we could expand it by using a Vec<UserStampException> and change the functions accordingly. fixes #1240
2020-12-14 19:58:23 +01:00
/// Set the stamp_exception to only allow a subsequent request matching a specific route using the current security-stamp.
///
/// # Arguments
Added web-vault v2.21.x support + some misc fixes - The new web-vault v2.21.0+ has support for Master Password Reset. For this to work it generates a public/private key-pair which needs to be stored in the database. Currently the Master Password Reset is not fixed, but there are endpoints which are needed even if we do not support this feature (yet). This PR fixes those endpoints, and stores the keys already in the database. - There was an issue when you want to do a key-rotate when you change your password, it also called an Emergency Access endpoint, which we do not yet support. Because this endpoint failed to reply correctly produced some errors, and also prevent the user from being forced to logout. This resolves #1826 by adding at least that endpoint. Because of that extra endpoint check to Emergency Access is done using an old user stamp, i also modified the stamp exception to allow multiple rocket routes to be called, and added an expiration timestamp to it. During these tests i stumbled upon an issue that after my key-change was done, it triggered the websockets to try and reload my ciphers, because they were updated. This shouldn't happen when rotating they keys, since all access should be invalided. Now there will be no websocket notification for this, which also prevents error toasts. - Increased Send Size limit to 500MB (with a litle overhead) As a side note, i tested these changes on both v2.20.4 and v2.21.1 web-vault versions, all keeps working.
2021-07-04 23:02:56 +02:00
/// * `route_exception` - A Vec<String> with the function names of the next allowed (rocket) routes.
/// These routes are able to use the previous stamp id for the next 2 minutes.
/// After these 2 minutes this stamp will expire.
Fix Key Rotation during password change When ticking the 'Also rotate my account's encryption key' box, the key rotated ciphers are posted after the change of password. During the password change the security stamp was reseted which made the posted key's return an invalid auth. This reset is needed to prevent other clients from still being able to read/write. This fixes this by adding a new database column which stores a stamp exception which includes the allowed route and the current security stamp before it gets reseted. When the security stamp check fails it will check if there is a stamp exception and tries to match the route and security stamp. Currently it only allows for one exception. But if needed we could expand it by using a Vec<UserStampException> and change the functions accordingly. fixes #1240
2020-12-14 19:58:23 +01:00
///
Added web-vault v2.21.x support + some misc fixes - The new web-vault v2.21.0+ has support for Master Password Reset. For this to work it generates a public/private key-pair which needs to be stored in the database. Currently the Master Password Reset is not fixed, but there are endpoints which are needed even if we do not support this feature (yet). This PR fixes those endpoints, and stores the keys already in the database. - There was an issue when you want to do a key-rotate when you change your password, it also called an Emergency Access endpoint, which we do not yet support. Because this endpoint failed to reply correctly produced some errors, and also prevent the user from being forced to logout. This resolves #1826 by adding at least that endpoint. Because of that extra endpoint check to Emergency Access is done using an old user stamp, i also modified the stamp exception to allow multiple rocket routes to be called, and added an expiration timestamp to it. During these tests i stumbled upon an issue that after my key-change was done, it triggered the websockets to try and reload my ciphers, because they were updated. This shouldn't happen when rotating they keys, since all access should be invalided. Now there will be no websocket notification for this, which also prevents error toasts. - Increased Send Size limit to 500MB (with a litle overhead) As a side note, i tested these changes on both v2.20.4 and v2.21.1 web-vault versions, all keeps working.
2021-07-04 23:02:56 +02:00
pub fn set_stamp_exception(&mut self, route_exception: Vec<String>) {
Fix Key Rotation during password change When ticking the 'Also rotate my account's encryption key' box, the key rotated ciphers are posted after the change of password. During the password change the security stamp was reseted which made the posted key's return an invalid auth. This reset is needed to prevent other clients from still being able to read/write. This fixes this by adding a new database column which stores a stamp exception which includes the allowed route and the current security stamp before it gets reseted. When the security stamp check fails it will check if there is a stamp exception and tries to match the route and security stamp. Currently it only allows for one exception. But if needed we could expand it by using a Vec<UserStampException> and change the functions accordingly. fixes #1240
2020-12-14 19:58:23 +01:00
let stamp_exception = UserStampException {
Added web-vault v2.21.x support + some misc fixes - The new web-vault v2.21.0+ has support for Master Password Reset. For this to work it generates a public/private key-pair which needs to be stored in the database. Currently the Master Password Reset is not fixed, but there are endpoints which are needed even if we do not support this feature (yet). This PR fixes those endpoints, and stores the keys already in the database. - There was an issue when you want to do a key-rotate when you change your password, it also called an Emergency Access endpoint, which we do not yet support. Because this endpoint failed to reply correctly produced some errors, and also prevent the user from being forced to logout. This resolves #1826 by adding at least that endpoint. Because of that extra endpoint check to Emergency Access is done using an old user stamp, i also modified the stamp exception to allow multiple rocket routes to be called, and added an expiration timestamp to it. During these tests i stumbled upon an issue that after my key-change was done, it triggered the websockets to try and reload my ciphers, because they were updated. This shouldn't happen when rotating they keys, since all access should be invalided. Now there will be no websocket notification for this, which also prevents error toasts. - Increased Send Size limit to 500MB (with a litle overhead) As a side note, i tested these changes on both v2.20.4 and v2.21.1 web-vault versions, all keeps working.
2021-07-04 23:02:56 +02:00
routes: route_exception,
Add more clippy checks for better code/readability A bit inspired by @paolobarbolini from this commit at lettre https://github.com/lettre/lettre/pull/784 . I added a few more clippy lints here, and fixed the resulted issues. Overall i think this could help in preventing future issues, and maybe even peformance problems. It also makes some code a bit more clear. We could always add more if we want to, i left a few out which i think arn't that huge of an issue. Some like the `unused_async` are nice, which resulted in a few `async` removals. Some others are maybe a bit more estatic, like `string_to_string`, but i think it looks better to use `clone` in those cases instead of `to_string` while they already are a string.
2022-07-10 16:39:38 +02:00
security_stamp: self.security_stamp.clone(),
Added web-vault v2.21.x support + some misc fixes - The new web-vault v2.21.0+ has support for Master Password Reset. For this to work it generates a public/private key-pair which needs to be stored in the database. Currently the Master Password Reset is not fixed, but there are endpoints which are needed even if we do not support this feature (yet). This PR fixes those endpoints, and stores the keys already in the database. - There was an issue when you want to do a key-rotate when you change your password, it also called an Emergency Access endpoint, which we do not yet support. Because this endpoint failed to reply correctly produced some errors, and also prevent the user from being forced to logout. This resolves #1826 by adding at least that endpoint. Because of that extra endpoint check to Emergency Access is done using an old user stamp, i also modified the stamp exception to allow multiple rocket routes to be called, and added an expiration timestamp to it. During these tests i stumbled upon an issue that after my key-change was done, it triggered the websockets to try and reload my ciphers, because they were updated. This shouldn't happen when rotating they keys, since all access should be invalided. Now there will be no websocket notification for this, which also prevents error toasts. - Increased Send Size limit to 500MB (with a litle overhead) As a side note, i tested these changes on both v2.20.4 and v2.21.1 web-vault versions, all keeps working.
2021-07-04 23:02:56 +02:00
expire: (Utc::now().naive_utc() + Duration::minutes(2)).timestamp(),
Fix Key Rotation during password change When ticking the 'Also rotate my account's encryption key' box, the key rotated ciphers are posted after the change of password. During the password change the security stamp was reseted which made the posted key's return an invalid auth. This reset is needed to prevent other clients from still being able to read/write. This fixes this by adding a new database column which stores a stamp exception which includes the allowed route and the current security stamp before it gets reseted. When the security stamp check fails it will check if there is a stamp exception and tries to match the route and security stamp. Currently it only allows for one exception. But if needed we could expand it by using a Vec<UserStampException> and change the functions accordingly. fixes #1240
2020-12-14 19:58:23 +01:00
};
self.stamp_exception = Some(serde_json::to_string(&stamp_exception).unwrap_or_default());
}
/// Resets the stamp_exception to prevent re-use of the previous security-stamp
pub fn reset_stamp_exception(&mut self) {
self.stamp_exception = None;
}
Initial organizations functionality: Creating orgs and inviting users
2018-04-24 22:01:55 +02:00
}
Add email notifications for incomplete 2FA logins An incomplete 2FA login is one where the correct master password was provided, but the 2FA token or action required to complete the login was not provided within the configured time limit. This potentially indicates that the user's master password has been compromised, but the login was blocked by 2FA. Be aware that the 2FA step can usually still be completed after the email notification has already been sent out, which could be confusing. Therefore, the incomplete 2FA time limit should be long enough that this situation would be unlikely. This feature can also be disabled entirely if desired.
2021-10-25 10:36:05 +02:00
use super::{
Cipher, Device, EmergencyAccess, Favorite, Folder, Send, TwoFactor, TwoFactorIncomplete, UserOrgType,
UserOrganization,
};
Start using rustfmt and some style changes to make some lines shorter
2018-12-30 23:34:31 +01:00
use crate::db::DbConn;
Initial organizations functionality: Creating orgs and inviting users
2018-04-24 22:01:55 +02:00
Implemented proper error handling, now we can do `user.save($conn)?;` and it works. In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
2018-12-19 21:52:53 +01:00
use crate::api::EmptyResult;
use crate::error::MapResult;
Initial organizations functionality: Creating orgs and inviting users
2018-04-24 22:01:55 +02:00
/// Database methods
impl User {
Update to diesel2
2022-05-20 23:39:47 +02:00
pub async fn to_json(&self, conn: &mut DbConn) -> Value {
let mut orgs_json = Vec::new();
for c in UserOrganization::find_confirmed_by_user(&self.uuid, conn).await {
orgs_json.push(c.to_json(conn).await);
}
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
let twofactor_enabled = !TwoFactor::find_by_user(&self.uuid, conn).await.is_empty();
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
Implement better user status API, in the future we'll probably want a way to disable users. We should migrate from the empty password hash to a separate column then.
2019-04-13 00:01:52 +02:00
// TODO: Might want to save the status field in the DB
let status = if self.password_hash.is_empty() {
UserStatus::Invited
} else {
UserStatus::Enabled
};
First working version
2018-02-10 01:00:55 +01:00
json!({
Implement better user status API, in the future we'll probably want a way to disable users. We should migrate from the empty password hash to a separate column then.
2019-04-13 00:01:52 +02:00
"_Status": status as i32,
First working version
2018-02-10 01:00:55 +01:00
"Id": self.uuid,
"Name": self.name,
"Email": self.email,
Implement change-email, email-verification, account-recovery, and welcome notifications
2019-11-25 06:28:49 +01:00
"EmailVerified": !CONFIG.mail_enabled() || self.verified_at.is_some(),
First working version
2018-02-10 01:00:55 +01:00
"Premium": true,
"MasterPasswordHint": self.password_hint,
"Culture": "en-US",
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
2018-07-12 21:46:50 +02:00
"TwoFactorEnabled": twofactor_enabled,
Rework migrations for MySQL
2019-05-20 21:12:41 +02:00
"Key": self.akey,
First working version
2018-02-10 01:00:55 +01:00
"PrivateKey": self.private_key,
"SecurityStamp": self.security_stamp,
Initial organizations functionality: Creating orgs and inviting users
2018-04-24 22:01:55 +02:00
"Organizations": orgs_json,
Fix syncing with Bitwarden Desktop v1.28.0 Syncing with the latest desktop client (v1.28.0) fails because it expects some json key/values to be there. This PR adds those key/value pairs. Resolves #1924
2021-08-21 10:36:08 +02:00
"Providers": [],
"ProviderOrganizations": [],
"ForcePasswordReset": false,
Add avatar color support The new web-vault v2023.1.0 supports a custom color for the avatar. https://github.com/bitwarden/server/pull/2330 This PR adds this feature.
2023-01-11 21:45:11 +01:00
"AvatarColor": self.avatar_color,
Fix syncing with Bitwarden Desktop v1.28.0 Syncing with the latest desktop client (v1.28.0) fails because it expects some json key/values to be there. This PR adds those key/value pairs. Resolves #1924
2021-08-21 10:36:08 +02:00
"Object": "profile",
First working version
2018-02-10 01:00:55 +01:00
})
}
Update to diesel2
2022-05-20 23:39:47 +02:00
pub async fn save(&mut self, conn: &mut DbConn) -> EmptyResult {
Adds support for PostgreSQL which resolves #87 and is mentioned in #246. This includes migrations as well as Dockerfile's for amd64. The biggest change is that replace_into isn't supported by Diesel for the PostgreSQL backend, instead requiring the use of on_conflict. This unfortunately requires a branch for save() on all of the models currently using replace_into.
2019-09-12 22:12:22 +02:00
if self.email.trim().is_empty() {
err!("User email can't be empty")
}
self.updated_at = Utc::now().naive_utc();
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
db_run! {conn:
sqlite, mysql {
Fixed foreign-key (mariadb) errors. When using MariaDB v10.5+ Foreign-Key errors were popping up because of some changes in that version. To mitigate this on MariaDB and other MySQL forks those errors are now catched, and instead of a replace_into an update will happen. I have tested this as thorough as possible with MariaDB 10.5, 10.4, 10.3 and the default MySQL on Ubuntu Focal. And tested it again using sqlite, all seems to be ok on all tables. resolves #1081. resolves #1065, resolves #1050
2020-09-22 12:13:02 +02:00
match diesel::replace_into(users::table)
.values(UserDb::to_db(self))
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
.execute(conn)
Fixed foreign-key (mariadb) errors. When using MariaDB v10.5+ Foreign-Key errors were popping up because of some changes in that version. To mitigate this on MariaDB and other MySQL forks those errors are now catched, and instead of a replace_into an update will happen. I have tested this as thorough as possible with MariaDB 10.5, 10.4, 10.3 and the default MySQL on Ubuntu Focal. And tested it again using sqlite, all seems to be ok on all tables. resolves #1081. resolves #1065, resolves #1050
2020-09-22 12:13:02 +02:00
{
Ok(_) => Ok(()),
// Record already exists and causes a Foreign Key Violation because replace_into() wants to delete the record first.
Err(diesel::result::Error::DatabaseError(diesel::result::DatabaseErrorKind::ForeignKeyViolation, _)) => {
diesel::update(users::table)
.filter(users::uuid.eq(&self.uuid))
.set(UserDb::to_db(self))
.execute(conn)
.map_res("Error saving user")
}
Err(e) => Err(e.into()),
}.map_res("Error saving user")
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
}
postgresql {
let value = UserDb::to_db(self);
diesel::insert_into(users::table) // Insert or update
.values(&value)
.on_conflict(users::uuid)
.do_update()
.set(&value)
.execute(conn)
.map_res("Error saving user")
}
Fix invite empty email
2019-01-22 17:26:17 +01:00
}
First working version
2018-02-10 01:00:55 +01:00
}
Update to diesel2
2022-05-20 23:39:47 +02:00
pub async fn delete(self, conn: &mut DbConn) -> EmptyResult {
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
for user_org in UserOrganization::find_confirmed_by_user(&self.uuid, conn).await {
Add Org user revoke feature This PR adds a the new v2022.8.x revoke feature which allows an organization owner or admin to revoke access for one or more users. This PR also fixes several permissions and policy checks which were faulty. - Modified some functions to use DB Count features instead of iter/count aftwards. - Rearanged some if statements (faster matching or just one if instead of nested if's) - Added and fixed several policy checks where needed - Some small updates on some response models - Made some functions require an enum instead of an i32
2022-08-20 16:42:36 +02:00
if user_org.atype == UserOrgType::Owner
&& UserOrganization::count_confirmed_by_org_and_type(&user_org.org_uuid, UserOrgType::Owner, conn).await
<= 1
{
err!("Can't delete last owner")
Implement poor man's admin panel
2018-10-12 16:20:10 +02:00
}
Improved error messagees, implemented delete ciphers, attachments and account, implemented two factor recovery. Known missing: - import ciphers, create ciphers types other than login and card, update ciphers - clear and put device_tokens - Equivalent domains - Organizations
2018-02-15 19:05:57 +01:00
}
Implement poor man's admin panel
2018-10-12 16:20:10 +02:00
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
Send::delete_all_by_user(&self.uuid, conn).await?;
EmergencyAccess::delete_all_by_user(&self.uuid, conn).await?;
UserOrganization::delete_all_by_user(&self.uuid, conn).await?;
Cipher::delete_all_by_user(&self.uuid, conn).await?;
Favorite::delete_all_by_user(&self.uuid, conn).await?;
Folder::delete_all_by_user(&self.uuid, conn).await?;
Device::delete_all_by_user(&self.uuid, conn).await?;
TwoFactor::delete_all_by_user(&self.uuid, conn).await?;
TwoFactorIncomplete::delete_all_by_user(&self.uuid, conn).await?;
Invitation::take(&self.email, conn).await; // Delete invitation if any
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
db_run! {conn: {
diesel::delete(users::table.filter(users::uuid.eq(self.uuid)))
.execute(conn)
.map_res("Error deleting user")
}}
Improved error messagees, implemented delete ciphers, attachments and account, implemented two factor recovery. Known missing: - import ciphers, create ciphers types other than login and card, update ciphers - clear and put device_tokens - Equivalent domains - Organizations
2018-02-15 19:05:57 +01:00
}
Update to diesel2
2022-05-20 23:39:47 +02:00
pub async fn update_uuid_revision(uuid: &str, conn: &mut DbConn) {
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
if let Err(e) = Self::_update_revision(uuid, &Utc::now().naive_utc(), conn).await {
Fixed some clippy lints and changed update_uuid_revision to only use one db query
2019-02-08 18:45:07 +01:00
warn!("Failed to update revision for {}: {:#?}", uuid, e);
}
Update affected users revision when there are collection changes
2018-08-21 13:20:55 +02:00
}
Update to diesel2
2022-05-20 23:39:47 +02:00
pub async fn update_all_revisions(conn: &mut DbConn) -> EmptyResult {
Add option to force resync clients in admin panel
2019-03-07 21:08:33 +01:00
let updated_at = Utc::now().naive_utc();
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
db_run! {conn: {
crate::util::retry(|| {
Add option to force resync clients in admin panel
2019-03-07 21:08:33 +01:00
diesel::update(users::table)
.set(users::updated_at.eq(updated_at))
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
.execute(conn)
}, 10)
.map_res("Error updating revision date for all users")
}}
Add option to force resync clients in admin panel
2019-03-07 21:08:33 +01:00
}
Update to diesel2
2022-05-20 23:39:47 +02:00
pub async fn update_revision(&mut self, conn: &mut DbConn) -> EmptyResult {
Actually update the revision date for user struct, not just in DB
2018-08-21 11:36:04 +02:00
self.updated_at = Utc::now().naive_utc();
Fixed some clippy lints and changed update_uuid_revision to only use one db query
2019-02-08 18:45:07 +01:00
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
Self::_update_revision(&self.uuid, &self.updated_at, conn).await
Fixed some clippy lints and changed update_uuid_revision to only use one db query
2019-02-08 18:45:07 +01:00
}
Update to diesel2
2022-05-20 23:39:47 +02:00
async fn _update_revision(uuid: &str, date: &NaiveDateTime, conn: &mut DbConn) -> EmptyResult {
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
db_run! {conn: {
crate::util::retry(|| {
Fixed some clippy lints and changed update_uuid_revision to only use one db query
2019-02-08 18:45:07 +01:00
diesel::update(users::table.filter(users::uuid.eq(uuid)))
.set(users::updated_at.eq(date))
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
.execute(conn)
}, 10)
.map_res("Error updating user revision")
}}
Implement update_revision trigger
2018-08-13 11:58:39 +02:00
}
Update to diesel2
2022-05-20 23:39:47 +02:00
pub async fn find_by_mail(mail: &str, conn: &mut DbConn) -> Option<Self> {
First working version
2018-02-10 01:00:55 +01:00
let lower_mail = mail.to_lowercase();
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
db_run! {conn: {
users::table
.filter(users::email.eq(lower_mail))
.first::<UserDb>(conn)
.ok()
.from_db()
}}
First working version
2018-02-10 01:00:55 +01:00
}
Update to diesel2
2022-05-20 23:39:47 +02:00
pub async fn find_by_uuid(uuid: &str, conn: &mut DbConn) -> Option<Self> {
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
db_run! {conn: {
users::table.filter(users::uuid.eq(uuid)).first::<UserDb>(conn).ok().from_db()
}}
First working version
2018-02-10 01:00:55 +01:00
}
Implement poor man's admin panel
2018-10-12 16:20:10 +02:00
Update to diesel2
2022-05-20 23:39:47 +02:00
pub async fn get_all(conn: &mut DbConn) -> Vec<Self> {
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
db_run! {conn: {
users::table.load::<UserDb>(conn).expect("Error loading users").from_db()
}}
Implement poor man's admin panel
2018-10-12 16:20:10 +02:00
}
Show latest active device as last active on admin page
2020-11-30 22:00:51 +01:00
Update to diesel2
2022-05-20 23:39:47 +02:00
pub async fn last_active(&self, conn: &mut DbConn) -> Option<NaiveDateTime> {
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
match Device::find_latest_active_by_user(&self.uuid, conn).await {
Show latest active device as last active on admin page
2020-11-30 22:00:51 +01:00
Some(device) => Some(device.updated_at),
Run `cargo fmt` on codebase
2021-03-31 22:18:35 +02:00
None => None,
Fix Key Rotation during password change When ticking the 'Also rotate my account's encryption key' box, the key rotated ciphers are posted after the change of password. During the password change the security stamp was reseted which made the posted key's return an invalid auth. This reset is needed to prevent other clients from still being able to read/write. This fixes this by adding a new database column which stores a stamp exception which includes the allowed route and the current security stamp before it gets reseted. When the security stamp check fails it will check if there is a stamp exception and tries to match the route and security stamp. Currently it only allows for one exception. But if needed we could expand it by using a Vec<UserStampException> and change the functions accordingly. fixes #1240
2020-12-14 19:58:23 +01:00
}
Show latest active device as last active on admin page
2020-11-30 22:00:51 +01:00
}
First working version
2018-02-10 01:00:55 +01:00
}
Implement poor man's invitation via Organization invitation
2018-09-10 15:51:40 +02:00
impl Invitation {
Cleanups and Fixes for Emergency Access - Several cleanups and code optimizations for Emergency Access - Fixed a race-condition regarding jobs for Emergency Access - Some other small changes like `allow(clippy::)` removals Fixes #2925
2022-11-26 19:07:28 +01:00
pub fn new(email: &str) -> Self {
Fix issue when using uppercase chars in emails In the case when SMTP is disabled and. when inviting new users either via the admin interface or into an organization and using uppercase letters, this would fail for those users to be able to register since the checks which were done are case-sensitive and never matched. This PR fixes that issue by ensuring everything is lowercase. Fixes #1963
2021-09-09 13:50:18 +02:00
let email = email.to_lowercase();
Modify rustfmt file
2021-04-06 22:54:42 +02:00
Self {
email,
}
Implement poor man's invitation via Organization invitation
2018-09-10 15:51:40 +02:00
}
Update to diesel2
2022-05-20 23:39:47 +02:00
pub async fn save(&self, conn: &mut DbConn) -> EmptyResult {
Adds support for PostgreSQL which resolves #87 and is mentioned in #246. This includes migrations as well as Dockerfile's for amd64. The biggest change is that replace_into isn't supported by Diesel for the PostgreSQL backend, instead requiring the use of on_conflict. This unfortunately requires a branch for save() on all of the models currently using replace_into.
2019-09-12 22:12:22 +02:00
if self.email.trim().is_empty() {
err!("Invitation email can't be empty")
}
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
db_run! {conn:
sqlite, mysql {
Fixed foreign-key (mariadb) errors. When using MariaDB v10.5+ Foreign-Key errors were popping up because of some changes in that version. To mitigate this on MariaDB and other MySQL forks those errors are now catched, and instead of a replace_into an update will happen. I have tested this as thorough as possible with MariaDB 10.5, 10.4, 10.3 and the default MySQL on Ubuntu Focal. And tested it again using sqlite, all seems to be ok on all tables. resolves #1081. resolves #1065, resolves #1050
2020-09-22 12:13:02 +02:00
// Not checking for ForeignKey Constraints here
// Table invitations does not have any ForeignKey Constraints.
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
diesel::replace_into(invitations::table)
.values(InvitationDb::to_db(self))
.execute(conn)
Fixed foreign-key (mariadb) errors. When using MariaDB v10.5+ Foreign-Key errors were popping up because of some changes in that version. To mitigate this on MariaDB and other MySQL forks those errors are now catched, and instead of a replace_into an update will happen. I have tested this as thorough as possible with MariaDB 10.5, 10.4, 10.3 and the default MySQL on Ubuntu Focal. And tested it again using sqlite, all seems to be ok on all tables. resolves #1081. resolves #1065, resolves #1050
2020-09-22 12:13:02 +02:00
.map_res("Error saving invitation")
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
}
postgresql {
diesel::insert_into(invitations::table)
.values(InvitationDb::to_db(self))
.on_conflict(invitations::email)
.do_nothing()
.execute(conn)
Fixed foreign-key (mariadb) errors. When using MariaDB v10.5+ Foreign-Key errors were popping up because of some changes in that version. To mitigate this on MariaDB and other MySQL forks those errors are now catched, and instead of a replace_into an update will happen. I have tested this as thorough as possible with MariaDB 10.5, 10.4, 10.3 and the default MySQL on Ubuntu Focal. And tested it again using sqlite, all seems to be ok on all tables. resolves #1081. resolves #1065, resolves #1050
2020-09-22 12:13:02 +02:00
.map_res("Error saving invitation")
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
}
Fix invite empty email
2019-01-22 17:26:17 +01:00
}
Implement poor man's invitation via Organization invitation
2018-09-10 15:51:40 +02:00
}
Update to diesel2
2022-05-20 23:39:47 +02:00
pub async fn delete(self, conn: &mut DbConn) -> EmptyResult {
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
db_run! {conn: {
diesel::delete(invitations::table.filter(invitations::email.eq(self.email)))
.execute(conn)
.map_res("Error deleting invitation")
}}
Implement poor man's invitation via Organization invitation
2018-09-10 15:51:40 +02:00
}
Update to diesel2
2022-05-20 23:39:47 +02:00
pub async fn find_by_mail(mail: &str, conn: &mut DbConn) -> Option<Self> {
Implement poor man's invitation via Organization invitation
2018-09-10 15:51:40 +02:00
let lower_mail = mail.to_lowercase();
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
db_run! {conn: {
invitations::table
.filter(invitations::email.eq(lower_mail))
.first::<InvitationDb>(conn)
.ok()
.from_db()
}}
Implement poor man's invitation via Organization invitation
2018-09-10 15:51:40 +02:00
}
Update to diesel2
2022-05-20 23:39:47 +02:00
pub async fn take(mail: &str, conn: &mut DbConn) -> bool {
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
match Self::find_by_mail(mail, conn).await {
Some(invitation) => invitation.delete(conn).await.is_ok(),
Remove check from Invitation:take() I've checked the spots when `Invitation::new()` and `Invitation::take()` are used and it seems like all spots are already correctly gated. So to enable invitations via admin API even when invitations are otherwise disabled, this check can be removed.
2020-02-16 21:28:50 +01:00
None => false,
}
Implement poor man's invitation via Organization invitation
2018-09-10 15:51:40 +02:00
}
Start using rustfmt and some style changes to make some lines shorter
2018-12-30 23:34:31 +01:00
}
Reference in New Issue Copy Permalink