mirror of
				https://github.com/dani-garcia/vaultwarden.git
				synced 2025-10-26 07:50:02 +02:00 
			
		
		
		
	
							
								
								
									
										816
									
								
								Cargo.lock
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										816
									
								
								Cargo.lock
									
									
									
										generated
									
									
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							
							
								
								
									
										14
									
								
								Cargo.toml
									
									
									
									
									
								
							
							
						
						
									
										14
									
								
								Cargo.toml
									
									
									
									
									
								
							| @@ -26,7 +26,6 @@ rocket = { version = "0.5.0-dev", features = ["tls"], default-features = false } | |||||||
| rocket_contrib = "0.5.0-dev" | rocket_contrib = "0.5.0-dev" | ||||||
|  |  | ||||||
| # HTTP client | # HTTP client | ||||||
| # reqwest = "0.9.24" |  | ||||||
| reqwest = { version = "0.10.4", features = ["blocking", "json"] } | reqwest = { version = "0.10.4", features = ["blocking", "json"] } | ||||||
|  |  | ||||||
| # multipart/form-data support | # multipart/form-data support | ||||||
| @@ -58,13 +57,14 @@ diesel_migrations = "1.4.0" | |||||||
| libsqlite3-sys = { version = "0.16.0", features = ["bundled"], optional = true } | libsqlite3-sys = { version = "0.16.0", features = ["bundled"], optional = true } | ||||||
|  |  | ||||||
| # Crypto library | # Crypto library | ||||||
| ring = "0.14.6" | ring = "0.16.11" | ||||||
|  |  | ||||||
| # UUID generation | # UUID generation | ||||||
| uuid = { version = "0.8.1", features = ["v4"] } | uuid = { version = "0.8.1", features = ["v4"] } | ||||||
|  |  | ||||||
| # Date and time library for Rust | # Date and time librar for Rust | ||||||
| chrono = "0.4.11" | chrono = "0.4.11" | ||||||
|  | time = "0.2.9" | ||||||
|  |  | ||||||
| # TOTP library | # TOTP library | ||||||
| oath = "0.10.2" | oath = "0.10.2" | ||||||
| @@ -73,13 +73,13 @@ oath = "0.10.2" | |||||||
| data-encoding = "2.2.0" | data-encoding = "2.2.0" | ||||||
|  |  | ||||||
| # JWT library | # JWT library | ||||||
| jsonwebtoken = "6.0.1" | jsonwebtoken = "7.1.0" | ||||||
|  |  | ||||||
| # U2F library | # U2F library | ||||||
| u2f = "0.2.0" | u2f = "0.2.0" | ||||||
|  |  | ||||||
| # Yubico Library | # Yubico Library | ||||||
| yubico = { version = "0.7.1", features = ["online-tokio"], default-features = false } | yubico = { version = "0.9.0", features = ["online-tokio"], default-features = false } | ||||||
|  |  | ||||||
| # A `dotenv` implementation for Rust | # A `dotenv` implementation for Rust | ||||||
| dotenv = { version = "0.15.0", default-features = false } | dotenv = { version = "0.15.0", default-features = false } | ||||||
| @@ -123,8 +123,8 @@ backtrace = "0.3.45" | |||||||
|  |  | ||||||
| [patch.crates-io] | [patch.crates-io] | ||||||
| # Use newest ring | # Use newest ring | ||||||
| rocket = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'b95b6765e1cc8be7c1e7eaef8a9d9ad940b0ac13' } | rocket = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'dfc9e9aab01d349da32c52db393e35b7fffea63c' } | ||||||
| rocket_contrib = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'b95b6765e1cc8be7c1e7eaef8a9d9ad940b0ac13' } | rocket_contrib = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'dfc9e9aab01d349da32c52db393e35b7fffea63c' } | ||||||
|  |  | ||||||
| # Use git version for timeout fix #706 | # Use git version for timeout fix #706 | ||||||
| lettre = { git = 'https://github.com/lettre/lettre', rev = '245c600c82ee18b766e8729f005ff453a55dce34' } | lettre = { git = 'https://github.com/lettre/lettre', rev = '245c600c82ee18b766e8729f005ff453a55dce34' } | ||||||
|   | |||||||
| @@ -91,7 +91,7 @@ fn post_admin_login(data: Form<LoginForm>, mut cookies: Cookies, ip: ClientIp) - | |||||||
|  |  | ||||||
|         let cookie = Cookie::build(COOKIE_NAME, jwt) |         let cookie = Cookie::build(COOKIE_NAME, jwt) | ||||||
|             .path(admin_path()) |             .path(admin_path()) | ||||||
|             .max_age(chrono::Duration::minutes(20)) |             .max_age(time::Duration::minutes(20)) | ||||||
|             .same_site(SameSite::Strict) |             .same_site(SameSite::Strict) | ||||||
|             .http_only(true) |             .http_only(true) | ||||||
|             .finish(); |             .finish(); | ||||||
|   | |||||||
| @@ -6,7 +6,7 @@ use chrono::{Duration, Utc}; | |||||||
| use once_cell::sync::Lazy; | use once_cell::sync::Lazy; | ||||||
| use num_traits::FromPrimitive; | use num_traits::FromPrimitive; | ||||||
|  |  | ||||||
| use jsonwebtoken::{self, Algorithm, Header}; | use jsonwebtoken::{self, Algorithm, Header, EncodingKey, DecodingKey}; | ||||||
| use serde::de::DeserializeOwned; | use serde::de::DeserializeOwned; | ||||||
| use serde::ser::Serialize; | use serde::ser::Serialize; | ||||||
|  |  | ||||||
| @@ -32,7 +32,7 @@ static PUBLIC_RSA_KEY: Lazy<Vec<u8>> = Lazy::new(|| match read_file(&CONFIG.publ | |||||||
| }); | }); | ||||||
|  |  | ||||||
| pub fn encode_jwt<T: Serialize>(claims: &T) -> String { | pub fn encode_jwt<T: Serialize>(claims: &T) -> String { | ||||||
|     match jsonwebtoken::encode(&JWT_HEADER, claims, &PRIVATE_RSA_KEY) { |     match jsonwebtoken::encode(&JWT_HEADER, claims, &EncodingKey::from_rsa_der(&PRIVATE_RSA_KEY)) { | ||||||
|         Ok(token) => token, |         Ok(token) => token, | ||||||
|         Err(e) => panic!("Error encoding jwt {}", e), |         Err(e) => panic!("Error encoding jwt {}", e), | ||||||
|     } |     } | ||||||
| @@ -51,7 +51,7 @@ fn decode_jwt<T: DeserializeOwned>(token: &str, issuer: String) -> Result<T, Err | |||||||
|  |  | ||||||
|     let token = token.replace(char::is_whitespace, ""); |     let token = token.replace(char::is_whitespace, ""); | ||||||
|  |  | ||||||
|     jsonwebtoken::decode(&token, &PUBLIC_RSA_KEY, &validation) |     jsonwebtoken::decode(&token, &DecodingKey::from_rsa_der(&PUBLIC_RSA_KEY), &validation) | ||||||
|         .map(|d| d.claims) |         .map(|d| d.claims) | ||||||
|         .map_res("Error decoding JWT") |         .map_res("Error decoding JWT") | ||||||
| } | } | ||||||
|   | |||||||
| @@ -6,7 +6,7 @@ use crate::error::Error; | |||||||
| use ring::{digest, hmac, pbkdf2}; | use ring::{digest, hmac, pbkdf2}; | ||||||
| use std::num::NonZeroU32; | use std::num::NonZeroU32; | ||||||
|  |  | ||||||
| static DIGEST_ALG: &digest::Algorithm = &digest::SHA256; | static DIGEST_ALG: pbkdf2::Algorithm = pbkdf2::PBKDF2_HMAC_SHA256; | ||||||
| const OUTPUT_LEN: usize = digest::SHA256_OUTPUT_LEN; | const OUTPUT_LEN: usize = digest::SHA256_OUTPUT_LEN; | ||||||
|  |  | ||||||
| pub fn hash_password(secret: &[u8], salt: &[u8], iterations: u32) -> Vec<u8> { | pub fn hash_password(secret: &[u8], salt: &[u8], iterations: u32) -> Vec<u8> { | ||||||
| @@ -29,7 +29,7 @@ pub fn verify_password_hash(secret: &[u8], salt: &[u8], previous: &[u8], iterati | |||||||
| pub fn hmac_sign(key: &str, data: &str) -> String { | pub fn hmac_sign(key: &str, data: &str) -> String { | ||||||
|     use data_encoding::HEXLOWER; |     use data_encoding::HEXLOWER; | ||||||
|  |  | ||||||
|     let key = hmac::SigningKey::new(&digest::SHA1, key.as_bytes()); |     let key = hmac::Key::new(hmac::HMAC_SHA1_FOR_LEGACY_USE_ONLY, key.as_bytes()); | ||||||
|     let signature = hmac::sign(&key, data.as_bytes()); |     let signature = hmac::sign(&key, data.as_bytes()); | ||||||
|  |  | ||||||
|     HEXLOWER.encode(signature.as_ref()) |     HEXLOWER.encode(signature.as_ref()) | ||||||
|   | |||||||
| @@ -76,7 +76,8 @@ impl<'a, 'r> FromRequest<'a, 'r> for DbConn { | |||||||
|     type Error = (); |     type Error = (); | ||||||
|  |  | ||||||
|     fn from_request(request: &'a Request<'r>) -> request::Outcome<DbConn, ()> { |     fn from_request(request: &'a Request<'r>) -> request::Outcome<DbConn, ()> { | ||||||
|         let pool = request.guard::<State<Pool>>()?; |         // https://github.com/SergioBenitez/Rocket/commit/e3c1a4ad3ab9b840482ec6de4200d30df43e357c | ||||||
|  |         let pool = try_outcome!(request.guard::<State<Pool>>()); | ||||||
|         match pool.get() { |         match pool.get() { | ||||||
|             Ok(conn) => Outcome::Success(DbConn(conn)), |             Ok(conn) => Outcome::Success(DbConn(conn)), | ||||||
|             Err(_) => Outcome::Failure((Status::ServiceUnavailable, ())), |             Err(_) => Outcome::Failure((Status::ServiceUnavailable, ())), | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user