mirror of
				https://github.com/dani-garcia/vaultwarden.git
				synced 2025-10-26 16:00:02 +02:00 
			
		
		
		
	Add option to change invitation org name, fixes #825
Add option to allow additional iframe ancestors, fixes #843 Sort the rocket routes before printing them
This commit is contained in:
		| @@ -161,8 +161,7 @@ fn invite_user(data: Json<InviteData>, _token: AdminToken, conn: DbConn) -> Empt | |||||||
|     user.save(&conn)?; |     user.save(&conn)?; | ||||||
|  |  | ||||||
|     if CONFIG.mail_enabled() { |     if CONFIG.mail_enabled() { | ||||||
|         let org_name = "bitwarden_rs"; |         mail::send_invite(&user.email, &user.uuid, None, None, &CONFIG.invitation_org_name(), None) | ||||||
|         mail::send_invite(&user.email, &user.uuid, None, None, &org_name, None) |  | ||||||
|     } else { |     } else { | ||||||
|         let invitation = Invitation::new(data.email); |         let invitation = Invitation::new(data.email); | ||||||
|         invitation.save(&conn) |         invitation.save(&conn) | ||||||
|   | |||||||
| @@ -271,6 +271,9 @@ make_config! { | |||||||
|  |  | ||||||
|         /// Admin page token |> The token used to authenticate in this very same page. Changing it here won't deauthorize the current session |         /// Admin page token |> The token used to authenticate in this very same page. Changing it here won't deauthorize the current session | ||||||
|         admin_token:            Pass,   true,   option; |         admin_token:            Pass,   true,   option; | ||||||
|  |  | ||||||
|  |         /// Invitation organization name |> Name shown in the invitation emails that don't come from a specific organization | ||||||
|  |         invitation_org_name:    String, true,   def,    "Bitwarden_RS".to_string(); | ||||||
|     }, |     }, | ||||||
|  |  | ||||||
|     /// Advanced settings |     /// Advanced settings | ||||||
| @@ -299,7 +302,7 @@ make_config! { | |||||||
|  |  | ||||||
|         /// Disable authenticator time drifted codes to be valid |> Enabling this only allows the current TOTP code to be valid |         /// Disable authenticator time drifted codes to be valid |> Enabling this only allows the current TOTP code to be valid | ||||||
|         /// TOTP codes of the previous and next 30 seconds will be invalid. |         /// TOTP codes of the previous and next 30 seconds will be invalid. | ||||||
|         authenticator_disable_time_drift:     bool,   true,  def,    false; |         authenticator_disable_time_drift: bool, true, def, false; | ||||||
|  |  | ||||||
|         /// Require new device emails |> When a user logs in an email is required to be sent. |         /// Require new device emails |> When a user logs in an email is required to be sent. | ||||||
|         /// If sending the email fails the login attempt will fail. |         /// If sending the email fails the login attempt will fail. | ||||||
| @@ -323,6 +326,9 @@ make_config! { | |||||||
|  |  | ||||||
|         /// Bypass admin page security (Know the risks!) |> Disables the Admin Token for the admin page so you may use your own auth in-front |         /// Bypass admin page security (Know the risks!) |> Disables the Admin Token for the admin page so you may use your own auth in-front | ||||||
|         disable_admin_token:    bool,   true,   def,    false; |         disable_admin_token:    bool,   true,   def,    false; | ||||||
|  |  | ||||||
|  |         /// Allowed iframe ancestors (Know the risks!) |> Allows other domains to embed the web vault into an iframe, useful for embedding into secure intranets | ||||||
|  |         allowed_iframe_ancestors: String, true, def,    String::new(); | ||||||
|     }, |     }, | ||||||
|  |  | ||||||
|     /// Yubikey settings |     /// Yubikey settings | ||||||
|   | |||||||
| @@ -7,6 +7,8 @@ use rocket::response::{self, Responder}; | |||||||
| use rocket::{Data, Request, Response, Rocket}; | use rocket::{Data, Request, Response, Rocket}; | ||||||
| use std::io::Cursor; | use std::io::Cursor; | ||||||
|  |  | ||||||
|  | use crate::CONFIG; | ||||||
|  |  | ||||||
| pub struct AppHeaders(); | pub struct AppHeaders(); | ||||||
|  |  | ||||||
| impl Fairing for AppHeaders { | impl Fairing for AppHeaders { | ||||||
| @@ -23,7 +25,7 @@ impl Fairing for AppHeaders { | |||||||
|         res.set_raw_header("X-Frame-Options", "SAMEORIGIN"); |         res.set_raw_header("X-Frame-Options", "SAMEORIGIN"); | ||||||
|         res.set_raw_header("X-Content-Type-Options", "nosniff"); |         res.set_raw_header("X-Content-Type-Options", "nosniff"); | ||||||
|         res.set_raw_header("X-XSS-Protection", "1; mode=block"); |         res.set_raw_header("X-XSS-Protection", "1; mode=block"); | ||||||
|         let csp = "frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb moz-extension://*;"; |         let csp = format!("frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb moz-extension://* {};", CONFIG.allowed_iframe_ancestors()); | ||||||
|         res.set_raw_header("Content-Security-Policy", csp); |         res.set_raw_header("Content-Security-Policy", csp); | ||||||
|  |  | ||||||
|         // Disable cache unless otherwise specified |         // Disable cache unless otherwise specified | ||||||
| @@ -131,7 +133,9 @@ impl Fairing for BetterLogging { | |||||||
|     fn on_launch(&self, rocket: &Rocket) { |     fn on_launch(&self, rocket: &Rocket) { | ||||||
|         if self.0 { |         if self.0 { | ||||||
|             info!(target: "routes", "Routes loaded:"); |             info!(target: "routes", "Routes loaded:"); | ||||||
|             for route in rocket.routes() { |             let mut routes: Vec<_> = rocket.routes().collect(); | ||||||
|  |             routes.sort_by_key(|r| r.uri.path()); | ||||||
|  |             for route in routes { | ||||||
|                 if route.rank < 0 { |                 if route.rank < 0 { | ||||||
|                     info!(target: "routes", "{:<6} {}", route.method, route.uri); |                     info!(target: "routes", "{:<6} {}", route.method, route.uri); | ||||||
|                 } else { |                 } else { | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user