Commit Graph

2173 Commits

Author SHA1 Message Date
pjsier
bdd918b4d4 Log message to stderr if LOG_FILE is not writable
Co-authored-by: Helmut K. C. Tessarek <tessarek@evermeet.cx>
2023-01-09 19:10:56 +01:00
BlackDex
88085fe17b Validate YUBICO_SERVER string (#3003)
If the `YUBICO_SERVER` is defined to an empty string, the whole yubikey
implementation doesn't work anymore.

This PR adds a check for this variable that it at least starts with `https://`.

Resolves #3003
2023-01-09 19:10:56 +01:00
BlackDex
2020a302d0 Removed unsafe-inline JS from CSP and other fixes
- Removed `unsafe-inline` for javascript from CSP.
  The admin interface now uses files instead of inline javascript.
- Modified javascript to work not being inline.
- Run eslint over javascript and fixed some items.
- Added a `to_json` Handlebars helper.
  Used at the diagnostics page.
- Changed `AdminTemplateData` struct to be smaller.
  The `config` was always added, but only used at one page.
  Same goes for `can_backup` and `version`.
- Also inlined CSS.
  We can't remove the `unsafe-inline` from css, because that seems to
  break the web-vault currently. That might need some further checks.
  But for now the 404 page and all the admin pages are clear of inline scripts and styles.
2023-01-09 19:10:55 +01:00
Alex Martel
ab2dd0f300 Remove patched multer-rs 2023-01-09 19:10:55 +01:00
Jeremy Lin
4d9d649db9 Change text/plain API responses to application/json
Recent versions of the Bitwarden clients (see bitwarden/clients#3574)
won't parse non-JSON responses. The most noticeable consequence is that
`/api/accounts/revision-date` responses won't be parsed, leading to
`/api/sync` always being called, even when it's not necessary.
2023-01-07 10:41:28 -08:00
Daniel García
10dadfca06 Update web vault to 2022.12.0 1.27.0 2022-12-18 20:37:01 +01:00
Daniel García
bf73a8235f Merge branch 'BlackDex-fix-yubikey-panic' 2022-12-18 20:32:10 +01:00
BlackDex
67a584c1d4 Disable groups by default and Some optimizations
- Put groups support behind a feature flag, and disabled by default.
  The reason is that it has some known issues, but we want to keep
  optimizing this feature. Putting it behind a feature flag could help
  some users, and the developers into optimizing this feature without to
  much trouble.

Further:

- Updates Rust to v1.66.0
- Updated GHA workflows
- Updated Alpine to 3.17
- Updated jquery to v3.6.2
- Moved jdenticon.js to load at the bottom, fixes an issue on chromium
- Added autocomplete attribute to admin login password field
- Added some extra CSP options (Tested this on Safari, Firefox, Chrome, Bitwarden Desktop)
- Moved uppercase convertion from runtime to compile-time using `paste`
  for building the environment variables, lowers heap allocations.
2022-12-18 20:32:06 +01:00
BlackDex
8e5f03972e Fix recover-2fa not working.
When audit logging was introduced there entered a small bug preventing
the recover-2fa from working.

This PR fixes that by add a new headers check to extract the device-type
when possible and use that for the logging.

Fixes #2985
2022-12-18 20:32:06 +01:00
Daniel García
d8abf8f98f Merge branch 'BlackDex-some-optimizations' 2022-12-18 20:31:22 +01:00
BlackDex
cb348d2e05 Fix recover-2fa not working.
When audit logging was introduced there entered a small bug preventing
the recover-2fa from working.

This PR fixes that by add a new headers check to extract the device-type
when possible and use that for the logging.

Fixes #2985
2022-12-18 20:31:17 +01:00
Daniel García
aceb111024 Merge branch 'BlackDex-issue-2985' 2022-12-18 20:25:46 +01:00
BlackDex
b60a4a68c7 Fix a panic during Yubikey register/login
The yubico crate uses blocking reqwest, and we called the `verify` from
a async thread. To prevent issues we need to wrap it within a
`spawn_blocking`.
2022-12-18 17:57:35 +01:00
BlackDex
8b6dfe48b7 Disable groups by default and Some optimizations
- Put groups support behind a feature flag, and disabled by default.
  The reason is that it has some known issues, but we want to keep
  optimizing this feature. Putting it behind a feature flag could help
  some users, and the developers into optimizing this feature without to
  much trouble.

Further:

- Updates Rust to v1.66.0
- Updated GHA workflows
- Updated Alpine to 3.17
- Updated jquery to v3.6.2
- Moved jdenticon.js to load at the bottom, fixes an issue on chromium
- Added autocomplete attribute to admin login password field
- Added some extra CSP options (Tested this on Safari, Firefox, Chrome, Bitwarden Desktop)
- Moved uppercase convertion from runtime to compile-time using `paste`
  for building the environment variables, lowers heap allocations.
2022-12-16 14:52:42 +01:00
BlackDex
6154e03c05 Fix recover-2fa not working.
When audit logging was introduced there entered a small bug preventing
the recover-2fa from working.

This PR fixes that by add a new headers check to extract the device-type
when possible and use that for the logging.

Fixes #2985
2022-12-15 15:57:30 +01:00
Daniel García
d0b53a6a3d Update web vault to v2022.11.2 2022-12-12 23:11:46 +01:00
Daniel García
317aa679cf Merge branch 'BlackDex-issue-2975' 2022-12-12 22:56:32 +01:00
BlackDex
8d1bc2e539 Fix org export (again)
It looks like Bitwarden, in-the-end, didn't changed the export feature
on v2022.11.0, and now have put in on v2023.1.0.

This patch now changes that to the same version.
Before those new clients are being released, we should see if they
changed that again, and adjust where needed.
2022-12-12 22:56:14 +01:00
BlackDex
50c46f6e9a Remove ctrlc crate and some updates
- Removed ctrlc crate and use the tokio provided ctrl_c function.
- Updated some crates.
2022-12-12 22:56:10 +01:00
Helmut K. C. Tessarek
4f1928778a use 32x32 favicon for consistency 2022-12-12 22:56:09 +01:00
Helmut K. C. Tessarek
5fcba3d7f5 use black favicon for /admin 2022-12-12 22:56:09 +01:00
Helmut K. C. Tessarek
4db42b07c4 Improve comments
- The first one was not a proper sentence.
- The second one mixed passive and active form in the secon d part of the sentence.
2022-12-12 22:56:09 +01:00
BlackDex
cd3e2d7a5a Increase privacy of masked config
This changes the masking function to hide a bit more information from
the generated support string. It will still keep showing the `://` for
example, and `,`, but other characters will be hidden.

Also did some small changes on some key's which all showed up as
`Internal` on the Settings page.

Fixes #2929
2022-12-12 22:56:09 +01:00
Daniel García
d139e22042 Merge branch 'BlackDex-fix-org-export' 2022-12-12 22:55:56 +01:00
BlackDex
892296e6d5 Remove ctrlc crate and some updates
- Removed ctrlc crate and use the tokio provided ctrl_c function.
- Updated some crates.
2022-12-12 22:55:17 +01:00
Helmut K. C. Tessarek
992ef399ed use 32x32 favicon for consistency 2022-12-12 22:55:17 +01:00
Helmut K. C. Tessarek
5afba46743 use black favicon for /admin 2022-12-12 22:55:16 +01:00
Helmut K. C. Tessarek
df0aa7949e Improve comments
- The first one was not a proper sentence.
- The second one mixed passive and active form in the secon d part of the sentence.
2022-12-12 22:55:16 +01:00
BlackDex
353d2e6e01 Increase privacy of masked config
This changes the masking function to hide a bit more information from
the generated support string. It will still keep showing the `://` for
example, and `,`, but other characters will be hidden.

Also did some small changes on some key's which all showed up as
`Internal` on the Settings page.

Fixes #2929
2022-12-12 22:55:16 +01:00
Daniel García
f9375bb215 Merge branch 'BlackDex-replace-ctrlc-crate' 2022-12-12 22:55:06 +01:00
Helmut K. C. Tessarek
8d04ff66e7 use 32x32 favicon for consistency 2022-12-12 22:55:02 +01:00
Helmut K. C. Tessarek
e649b11511 use black favicon for /admin 2022-12-12 22:55:02 +01:00
Helmut K. C. Tessarek
bda19bdddf Improve comments
- The first one was not a proper sentence.
- The second one mixed passive and active form in the secon d part of the sentence.
2022-12-12 22:55:01 +01:00
BlackDex
99fd92df21 Increase privacy of masked config
This changes the masking function to hide a bit more information from
the generated support string. It will still keep showing the `://` for
example, and `,`, but other characters will be hidden.

Also did some small changes on some key's which all showed up as
`Internal` on the Settings page.

Fixes #2929
2022-12-12 22:55:01 +01:00
Daniel García
1210310063 Merge branch 'tessus-fix/admin-icon' 2022-12-12 22:54:49 +01:00
Helmut K. C. Tessarek
b093384385 Improve comments
- The first one was not a proper sentence.
- The second one mixed passive and active form in the secon d part of the sentence.
2022-12-12 22:54:45 +01:00
BlackDex
cec45ae9bd Increase privacy of masked config
This changes the masking function to hide a bit more information from
the generated support string. It will still keep showing the `://` for
example, and `,`, but other characters will be hidden.

Also did some small changes on some key's which all showed up as
`Internal` on the Settings page.

Fixes #2929
2022-12-12 22:54:45 +01:00
Daniel García
e6dd584dd6 Merge branch 'tessus-fix/env-template' 2022-12-12 22:54:34 +01:00
BlackDex
7cc74dabaf Increase privacy of masked config
This changes the masking function to hide a bit more information from
the generated support string. It will still keep showing the `://` for
example, and `,`, but other characters will be hidden.

Also did some small changes on some key's which all showed up as
`Internal` on the Settings page.

Fixes #2929
2022-12-12 22:54:30 +01:00
Daniel García
2336f102f9 Merge branch 'BlackDex-issue-2929' 2022-12-12 22:53:48 +01:00
BlackDex
cebe0f6442 Remove ctrlc crate and some updates
- Removed ctrlc crate and use the tokio provided ctrl_c function.
- Updated some crates.
2022-12-12 12:58:48 +01:00
BlackDex
d9c0c23819 Revert collection queries back to left_join
Using the `inner_join` seems to cause issues, even though i have tested
it. Strangely it does cause issues. Reverting it back to `left_join`
seems to solve the issue for me.

Fixes #2975
2022-12-12 12:21:48 +01:00
BlackDex
aa355a96f9 Fix org export (again)
It looks like Bitwarden, in-the-end, didn't changed the export feature
on v2022.11.0, and now have put in on v2023.1.0.

This patch now changes that to the same version.
Before those new clients are being released, we should see if they
changed that again, and adjust where needed.
2022-12-12 11:17:34 +01:00
BlackDex
4a85dd2480 Increase privacy of masked config
This changes the masking function to hide a bit more information from
the generated support string. It will still keep showing the `://` for
example, and `,`, but other characters will be hidden.

Also did some small changes on some key's which all showed up as
`Internal` on the Settings page.

Fixes #2929
2022-12-10 17:55:59 +01:00
Helmut K. C. Tessarek
213909baa5 use 32x32 favicon for consistency 2022-12-09 19:09:35 -05:00
Helmut K. C. Tessarek
6915a60332 use black favicon for /admin 2022-12-09 17:32:59 -05:00
Helmut K. C. Tessarek
52a50e9ade Improve comments
- The first one was not a proper sentence.
- The second one mixed passive and active form in the secon d part of the sentence.
2022-12-09 16:31:40 -05:00
Daniel García
b7c9a346c1 Merge branch 'stefan0xC-use-custom-404-page' 2022-12-08 20:43:38 +01:00
BlackDex
2d90c6ac24 Fix managers and groups link
This PR should fix the managers and group link.
Although i think there might be a cleaner sollution, there are a lot of
other items to fix here which we should do in time.

But for now, with theh group support already merged, this fix should at
least help solving issue #2932.

Fixes #2932
2022-12-08 20:43:34 +01:00
Daniel García
7f7b5447fd Merge branch 'BlackDex-issue-2932-take2' 2022-12-08 20:43:15 +01:00