lasers
/
bitwarden_rs
mirror of https://github.com/dani-garcia/bitwarden_rs
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,855 Commits 2 Branches 58 Tags 11 MiB
Commit Graph

102 Commits

Author SHA1 Message Date
Daniel García ec8028aef2
Merge pull request #979 from jjlin/admin-redirect 
Use absolute URIs for admin page redirects
 2020-05-03 22:27:09 +02:00
Daniel García 9cca64003a
Remove unused dependency and simple feature, update dependencies and fix some clippy lints 2020-05-03 17:24:51 +02:00
Jeremy Lin 819d5e2dc8 Use absolute URIs for admin page redirects 
This is technically required per RFC 2616 (HTTP/1.1); some proxies will
rewrite a plain `/admin` path to an unexpected URL otherwise.
 2020-05-01 00:31:47 -07:00
Jeremy Lin 0a68de6c24 Warn on empty `ADMIN_TOKEN` instead of bailing out 
The admin page will still be disabled.

Fixes #849.
 2020-04-09 20:55:08 -07:00
Daniel García 7a6a3e4160
Set the cargo version and allow changing it during build time with BWRS_VERSION. 
Also renamed GIT_VERSION because that's not the only source anymore.
 2020-03-22 16:13:34 +01:00
BlackDex 37b212427c Updated jsonwebtoken 
Updated to the latest version of jsonwebtoken.
Some small code changes to match the new versions.
 2020-03-16 16:38:00 +01:00
Daniel García 70f3ab8ec3
Migrate lazy_static to once_cell, less macro magic and slightly faster 2020-03-09 22:04:03 +01:00
BlackDex 5a974c7b94 Added SMTP test button in the admin gui 
- Added a test button for checking the e-mail settings.
- Fixed a bug with the _post JavaScript function:
  A function was overwriten with a variable and errors were not handled
correctly like a 500 for example.
 2020-02-26 16:49:56 +01:00
Daniel García 2f4a9865e1
Use absolute paths in the admin page 2020-02-22 17:49:33 +01:00
Jeremy Lin 29a0795219 Add backend support for alternate base dir (subdir/subpath) hosting 
To use this, include a path in the `DOMAIN` URL, e.g.:

* `DOMAIN=https://example.com/custom-path`
* `DOMAIN=https://example.com/multiple/levels/are/ok`
 2020-02-18 21:27:00 -08:00
Miroslav Prasil 0a72c4b6db Do not disable invitations via admin API 
This was brought up today:

https://github.com/dani-garcia/bitwarden_rs/issues/752#issuecomment-586715073

I don't think it makes much sense in checking whether admin has the
right to send invitation as admin can change the setting anyway.

Removing the condition allows users to forbid regular users from
inviting new users to server while still preserving the option to do so
via the admin API.
 2020-02-16 15:01:07 +00:00
Daniel García 8867626de8
Add option to change invitation org name, fixes #825 
Add option to allow additional iframe ancestors, fixes #843
Sort the rocket routes before printing them
 2020-02-04 22:14:50 +01:00
Daniel García a0ece3754b
Formatting 2019-12-27 18:37:14 +01:00
Daniel García 0d32179d07
Logout button in admin page 2019-12-01 21:15:14 +01:00
Miro Prasil d6e9af909b Remove the unnecessary check for sqlite 
The binary we use is called `sqlite3` so no need to check for other
name variants as we won't use those anyways.
 2019-10-01 10:40:22 +01:00
Miro Prasil acdd42935b Add sqlite binary into the docker images 
This is done to enable backup functionality in the admin interface while
we're waiting for the libsqlite-sys 0.17 to bubble up in the upstream
dependencies. Then we can start using `VACUUM INTO`

This also extends the check for the sqlite binary to also try `sqlite3`
as this is the name of the binary in baseimage distributions we use.
 2019-09-30 13:54:06 +01:00
Daniel García 026f9da035
Allow removing users two factors 2019-08-21 17:13:06 +02:00
Daniel García 5710703c50
Make sure the backup option only appears when using sqlite 2019-06-02 00:08:52 +02:00
TheMardy ef551f4cc6 Create Backup funcitonality 
Added create backup functionality to the admin panel
 2019-05-03 15:46:29 +02:00
Daniel García 874f5c34bd
Formatting 2019-04-26 22:08:26 +02:00
Daniel García 2e12114350
Always create the user when inviting from admin panel 2019-04-12 23:44:49 +02:00
ViViDboarder d3a8a278e6 Add new endpoint for retrieving all users 2019-04-11 11:24:53 -07:00
Daniel García 43f9038325
Add option to force resync clients in admin panel 2019-03-07 21:08:33 +01:00
Daniel García 0718a090e1
Trim spaces from admin token during authentication and validate that the admin panel token is not empty 2019-03-07 20:21:50 +01:00
Daniel García 04922f6aa0
Some formatting and dependency updates 2019-03-03 16:11:55 +01:00
Дамјан Георгиевски 473f8b8e31 remove some unneeded mutability 2019-02-22 20:25:50 +01:00
Shane Faulkner 8b5b06c3d1 Allow the Admin token to be disabled in the advanced menu 2019-02-20 14:56:08 -06:00
Daniel García 6027b969f5
Delete old devices when deauthorizing user sessions 2019-02-16 23:06:26 +01:00
Daniel García 9636f33fdb
Implement constant time equal check for admin, 2fa recover and 2fa remember tokens 2019-02-11 23:45:55 +01:00
Daniel García 28d1588e73
Show version in admin panel 2019-02-10 16:02:46 +01:00
Daniel García f3b1a5ff3e
Error when admin panel is disabled 2019-02-10 15:26:19 +01:00
Daniel García ef63342e20
Add reset user config button 2019-02-06 17:34:32 +01:00
Daniel García 3db815b969
Implemented config form and fixed config priority 2019-02-06 17:34:30 +01:00
Daniel García ade293cf52
Save config 2019-02-06 17:34:29 +01:00
Daniel García 877408b808
Implement basic config loading and updating. No save to file yet. 2019-02-06 17:34:29 +01:00
Daniel García 86ed75bf7c
Config can now be serialized / deserialized 2019-02-06 17:34:29 +01:00
Daniel García c0e350b734
Disable icon downloads, accept optional query after icon href, format and clippy fixes 2019-01-28 23:58:32 +01:00
Daniel García 69036cc6a4
Add disabled user badge (no password) and deauthorize button to admin page. 2019-01-26 19:28:54 +01:00
Daniel García a1dc47b826
Change config to thread-safe system, needed for a future config panel. 
Improved some two factor methods.
 2019-01-25 18:24:57 +01:00
Daniel García bfd93e5b13
Show organizations in admin panel, implement reload templates option 2019-01-20 17:43:56 +01:00
Daniel García a797459560
Implement HIBP check [WIP]. 
Add extra security attributes to admin cookie.
Error handling.
 2019-01-20 15:36:33 +01:00
Daniel García 6cbb683f99
Rename admin templates to match email 2019-01-19 22:59:32 +01:00
Daniel García 92bbb98d48
Created base template 2019-01-19 22:12:52 +01:00
Daniel García 834c847746
Implement admin JWT cookie, separate JWT issuers for each type of token and migrate admin page to handlebars template 2019-01-19 21:41:49 +01:00
Daniel García a0a08c4c5a
Include IP in invalid admin token error 2019-01-08 16:17:18 +01:00
Daniel García 4309df8334
Only create invitations when SMTP is disabled, and ignore invitations if we have a token. 
Disallow users from accepting invitation twice
 2019-01-08 15:42:26 +01:00
Nick Fox 0a74e79cea
Refactor generate_invite_claims, make org_name and org_id optional 2019-01-05 23:03:49 -05:00
Nick Fox cec28a85ac
Update admin page to work with new invitation flow 2019-01-04 10:32:51 -05:00
Daniel García b2fc0499f6
Finish invite functionality, and remove virtual organization 2018-12-30 21:40:26 +01:00
Daniel García 6a99849a1e
Implemented proper error handling, now we can do `user.save($conn)?;` and it works. 
In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
 2018-12-30 21:31:12 +01:00
Daniel García 1b5134dfe2
Fixed delete user when 2FA is enabled, implemented delete user for admin panel, and the front-end part for invite user. Secured admin panel behind a configurable token. 2018-12-30 21:31:11 +01:00
Daniel García 5fecf09631
Initial version of admin panel, list users and reload user list works. No serious auth method yet, password is 'token123' 2018-12-30 21:31:11 +01:00