Fixed delete user when 2FA is enabled, implemented delete user for admin panel, and the front-end part for invite user. Secured admin panel behind a configurable token.

2025-09-14 04:25:58 +03:00 · 2018-12-18 18:52:58 +01:00
parent 5fecf09631
commit 1b5134dfe2
6 changed files with 154 additions and 71 deletions
--- a/.env
+++ b/.env
@@ -34,15 +34,23 @@
 ## It's recommended to also set 'ROCKET_CLI_COLORS=off'
 # LOG_FILE=/path/to/log

-## Controls if new users can register
-# SIGNUPS_ALLOWED=true
-
 ## Use a local favicon extractor
 ## Set to false to use bitwarden's official icon servers
 ## Set to true to use the local version, which is not as smart,
 ##   but it doesn't send the cipher domains to bitwarden's servers
 # LOCAL_ICON_EXTRACTOR=false

+## Controls if new users can register
+# SIGNUPS_ALLOWED=true
+
+## Token for the admin interface, preferably use a long random string
+## One option is to use 'openssl rand -base64 48'
+## If not set, the admin panel is disabled
+# ADMIN_TOKEN=Vy2VyYTTsKPv8W5aEOWUbB/Bt3DEKePbHmI4m9VcemUMS2rEviDowNAFqYi1xjmp
+
+## Invitations org admins to invite users, even when signups are disabled
+# INVITATIONS_ALLOWED=true
+
 ## Controls the PBBKDF password iterations to apply on the server
 ## The change only applies when the password is changed
 # PASSWORD_ITERATIONS=100000