saret/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-09-10 10:45:57 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,344 Commits 2 Branches 74 Tags
3b0f643e9d0aa8456876b0a27f6a13123560f743
Commit Graph

2344 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel García
3b0f643e9d Merge pull request #3210 from tessus/feature/kdf-options 
add argon2 kdf fields
 2023-02-12 19:23:22 +01:00
Daniel García
5bcee24f88 Merge branch 'main' into feature/kdf-options 2023-02-12 19:23:14 +01:00
Daniel García
0c295d5e6e Merge pull request #3167 from BlackDex/issue-3166 
Fix Javascript issue on non sqlite databases
 2023-02-12 18:48:03 +01:00
Daniel García
bc49d1f90d Merge branch 'main' into issue-3166 2023-02-12 18:47:55 +01:00
Daniel García
6f6d9dee83 Merge pull request #3108 from farodin91/allow-editing/unhiding-by-group 
allow editing/unhiding by group
 2023-02-12 18:47:02 +01:00
Daniel García
cef5dd4a46 Merge branch 'main' into allow-editing/unhiding-by-group 2023-02-12 18:46:53 +01:00
Daniel García
79061c0eb5 Merge pull request #3231 from kpfleming/icon-blacklist-improvements 
Generate distinct log messages for regex vs. IP blacklisting.
 2023-02-12 18:43:26 +01:00
Daniel García
6e2c3fc1cc Merge branch 'main' into icon-blacklist-improvements 2023-02-12 18:43:19 +01:00
Daniel García
e301fe137f Merge pull request #3228 from BlockListed/fix-domain-description 
Fix trailing slash not getting removed from domain
 2023-02-12 18:42:55 +01:00
Daniel García
af69c83db2 Merge branch 'main' into fix-domain-description 2023-02-12 18:42:49 +01:00
Daniel García
53fa8da5b1 Merge pull request #3215 from stefan0xC/fix-post-emergency-access 
don't nullify key when editing emergency access
 2023-02-12 18:42:30 +01:00
Daniel García
c58aac585b Merge branch 'main' into fix-post-emergency-access 2023-02-12 18:42:21 +01:00
Daniel García
8c1117fcbf Merge pull request #3170 from jjlin/cap_net_bind_service 
Allow listening on privileged ports (below 1024) as non-root
 2023-02-12 18:42:00 +01:00
Daniel García
a6dd4f1206 Merge branch 'main' into cap_net_bind_service 2023-02-12 18:41:45 +01:00
Daniel García
5af1799991 Merge pull request #3145 from dlehammer/spell-jack_mitigation 
"Spell-Jacking" mitigation ~ prevent sensitive data leak …
 2023-02-12 18:39:54 +01:00
Daniel García
a20a641de3 Merge branch 'main' into spell-jack_mitigation 2023-02-12 18:39:27 +01:00
Daniel García
8abd38573b Merge pull request #3116 from sirux88/admin-password-reset 
Admin password reset
 2023-02-12 18:38:50 +01:00
Daniel García
78abdf0e9d Merge branch 'main' into admin-password-reset 2023-02-12 18:38:36 +01:00
Daniel García
dc031d8d86 Merge pull request #2561 from BlackDex/re-license 
Re-License Vaultwarden to AGPLv3
 2023-02-12 18:35:35 +01:00
Daniel García
de6330b09d Merge branch 'main' into re-license 2023-02-12 18:35:09 +01:00
Helmut K. C. Tessarek
68bcc7a4b8 add argon2 kdf fields 2023-02-07 13:52:52 -05:00
BlockListed
c04a1352cb remove warn when sanitizing domain 2023-02-07 18:49:26 +01:00
BlockListed
5d1c11ceba fix trailing slash in configuration builder 2023-02-07 18:42:36 +01:00
BlockListed
a2aa7c9bc2 Revert "fix trailing slash not being removed from domain" 
This reverts commit 679bc7a59b.
 2023-02-07 18:41:24 +01:00
Jan Jansen
b3a351ccb2 allow editing/unhiding by group 
Fixes #2989

Signed-off-by: Jan Jansen <jan.jansen@gdata.de>
 2023-02-07 16:20:36 +01:00
BlockListed
679bc7a59b fix trailing slash not being removed from domain 2023-02-07 13:03:28 +01:00
BlockListed
a72d0b518f remove documentation of bug since I'm fixing it 2023-02-07 12:48:48 +01:00
Kevin P. Fleming
6741b25907 Ensure that all results from check_domain_blacklist_reason are cached. 2023-02-07 05:54:06 -05:00
Kevin P. Fleming
24b5784f02 Generate distinct log messages for regex vs. IP blacklisting. 
When an icon will not be downloaded due to matching a configured
blacklist, ensure that the log message indicates the type of blacklist
that was matched.
 2023-02-07 05:24:23 -05:00
BlockListed
eb9b481eba improve wording of domain description 2023-02-07 08:49:05 +01:00
BlockListed
64edc49392 change description of domain configuration 
Vaultwarden send won't work if the domain includes a trailing slash.
This should be documented, as it may lead to confusion amoung users.
 2023-02-06 23:19:08 +01:00
sirux88
0d1753ac74 completly hide reset password policy 
on email disabled instances
 2023-02-05 16:47:23 +01:00
sirux88
a6558f5548 rust lang specific improvements 2023-02-05 16:34:48 +01:00
sirux88
62dfeb80f2 improved security, disabling policy usage on 
email-disabled clients and some refactoring
 2023-02-04 13:29:57 +01:00
sirux88
26cd5d9643 Replaced wrong mysql column type 2023-02-04 09:23:13 +01:00
Stefan Melmuk
e65fbbfc21 don't nullify key when editing emergency access 
the client does not send the key on every update of an emergency access
contact so the field would be emptied on a change of the wait days or access level.
 2023-02-01 23:10:09 +01:00
Jeremy Lin
a2162f4d69 Allow listening on privileged ports (below 1024) as non-root 
This is done by running `setcap cap_net_bind_service=+ep` on the executable
in the build stage (doing it in the runtime stage creates an extra copy of
the executable that bloats the image). This only works when using the
BuildKit-based builder, since the `COPY` instruction doesn't copy
capabilities on the legacy builder.
 2023-02-01 00:35:33 -08:00
BlackDex
c9ed9aa733 Fix Javascript issue on non sqlite databases 
When a non sqlite database is used, loading the admin interface fails
because the backup button is not generated.
This PR is solves it by checking if the elements are valid.

Also made some other changes and fixed some eslint errors.
Showing `_post` errors is better now.

Update jquery to latest version.

Fixes #3166
 2023-01-26 20:34:25 +01:00
Daniel Hammer
9b20decdc1 "Spell-Jacking" mitigation ~ prevent sensitive data leak from spell checker. 
@see https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords
 2023-01-25 22:35:18 +01:00
sirux88
adaefc8628 fixes for current upstream main 2023-01-25 08:09:26 +01:00
sirux88
c6c45c4c49 working implementation 2023-01-25 08:06:21 +01:00
sirux88
95494083f2 added database migration 2023-01-25 08:06:21 +01:00
Jeremy Lin
686474f815 Disable Hadolint check for consecutive RUN instructions (DL3059) 
This check doesn't seem to add enough value to justify the difficulties it
tends to create when generating `RUN` instructions from a template.
 2023-01-24 13:11:13 -08:00
Jeremy Lin
2c6bd8c9dc Rename .buildx Dockerfiles to .buildkit 
This is a more accurate name, since these Dockerfiles require BuildKit, not Buildx.
 2023-01-24 13:11:12 -08:00
Daniel García
9366e31452 Merge pull request #3164 from jjlin/remove-arm32v6-tag 
Remove `arm32v6`-specific tag
 2023-01-24 21:39:25 +01:00
Jeremy Lin
96ff32fb2f Remove arm32v6-specific tag 
This section of code seems to be breaking the Docker release workflow as of a
few days ago, though it's unclear why. This tag only existed to work around
an issue with Docker pulling the wrong image for ARMv6 platforms; that issue
was resolved in Docker 20.10.0, which has been out for a few years now, so it
seems like a reasonable time to drop this tag.
 2023-01-24 12:33:25 -08:00
BlackDex
9342fa5744 Re-License Vaultwarden to AGPLv3 
This commit prepares Vaultwarden for the Re-Licensing to AGPLv3
Solves #2450
 2023-01-24 20:49:11 +01:00
Daniel García
50fc22966c Updated web vault to 2023.1.1 and rust dependencies 2023-01-24 20:39:09 +01:00
Daniel García
4fab4c74ff Merge branch 'BlackDex-update-kdf-config' 2023-01-24 20:06:30 +01:00
BlackDex
e38e1a5d5f Validate note sizes on key-rotation. 
We also need to validate the note sizes on key-rotation.
If we do not validate them before we store them, that could lead to a
partial or total loss of the password vault. Validating these
restrictions before actually processing them to store/replace the
existing ciphers should prevent this.

There was also a small bug when using web-sockets. The client which is
triggering the password/key-rotation change should not be forced to
logout via a web-socket request. That is something the client will
handle it self. Refactored the logout notification to either send the
device uuid or not on specific actions.

Fixes #3152
 2023-01-24 20:05:09 +01:00