saret/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-09-11 03:05:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

Implement HIBP check [WIP].

Browse Source 
Add extra security attributes to admin cookie.
Error handling.
This commit is contained in:
Daniel García
2019-01-20 15:36:33 +01:00
parent 6cbb683f99
commit a797459560
4 changed files with 38 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/api/admin.rs
View File

@@ -1,7 +1,7 @@
use rocket_contrib::json::Json;
use serde_json::Value;
use rocket::http::{Cookie, Cookies};
use rocket::http::{Cookie, Cookies, SameSite};
use rocket::request::{self, FlashMessage, Form, FromRequest, Request};
use rocket::response::{content::Html, Flash, Redirect};
use rocket::{Outcome, Route};
@@ -85,6 +85,8 @@ fn post_admin_login(data: Form<LoginForm>, mut cookies: Cookies, ip: ClientIp) -
let cookie = Cookie::build(COOKIE_NAME, jwt)
.path(ADMIN_PATH)
.max_age(chrono::Duration::minutes(20))
.same_site(SameSite::Strict)
.http_only(true)
.finish();