Daniel García 
							
						 
					 
					
						
						
							
						
						e2e3712921 
					 
					
						
						
							
							Merge pull request  #695  from mprasil/do-not-leak-usernames  
						
						... 
						
						
						
						Stop leaking usernames when SIGNUPS_ALLOWED=false 
						
						
							
						
					 
					
						2019-11-02 00:12:53 +01:00 
						 
				 
			
				
					
						
							
							
								Miro Prasil 
							
						 
					 
					
						
						
							
						
						00a11b1b78 
					 
					
						
						
							
							Stop leaking usernames when SIGNUPS_ALLOWED=false  
						
						... 
						
						
						
						This fixes  #691  - respond in less specific way to not leak the
fact that user is already registered on the server. 
						
						
							
						
					 
					
						2019-11-01 22:34:42 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						77b78f0991 
					 
					
						
						
							
							Merge pull request  #690  from BlackDex/icon-download-http  
						
						... 
						
						
						
						Added http favicon url when response failed 
						
						
							
						
					 
					
						2019-10-29 15:02:59 +01:00 
						 
				 
			
				
					
						
							
							
								BlackDex 
							
						 
					 
					
						
						
							
						
						ee550be80c 
					 
					
						
						
							
							Added http favicon url when response failed  
						
						
						
						
							
						
					 
					
						2019-10-29 14:24:01 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						97d41c2686 
					 
					
						
						
							
							Revert rustup minimal profile, rustup can't be updated  
						
						
						
						
							
						
					 
					
						2019-10-26 00:55:58 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						fccc0a4b05 
					 
					
						
						
							
							Update rocket to latest master  
						
						... 
						
						
						
						Downgrade rust version to fix cargo issue
Set rustup profile to minimal 
						
						
							
						
					 
					
						2019-10-25 21:48:10 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						57b1d3f850 
					 
					
						
						
							
							Update dependencies and docker base images  
						
						
						
						
							
						
					 
					
						2019-10-24 20:37:17 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						77d40833d9 
					 
					
						
						
							
							Merge pull request  #679  from mprasil/bump-rust-toolchain  
						
						... 
						
						
						
						Bump rust toolchain 
						
						
							
						
					 
					
						2019-10-22 19:18:43 +02:00 
						 
				 
			
				
					
						
							
							
								Miro Prasil 
							
						 
					 
					
						
						
							
						
						7814218208 
					 
					
						
						
							
							Bump rust toolchain  
						
						... 
						
						
						
						This is as per #622  that sshould resolve issues building on armv7. 
						
						
							
						
					 
					
						2019-10-22 16:31:36 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						95a7ffdf6b 
					 
					
						
						
							
							Merge pull request  #673  from Jellyfrog/patch-2  
						
						... 
						
						
						
						Remove unneeded WS logging 
						
						
							
						
					 
					
						2019-10-17 20:21:47 +02:00 
						 
				 
			
				
					
						
							
							
								Jellyfrog 
							
						 
					 
					
						
						
							
						
						ebc47dc161 
					 
					
						
						
							
							Remove unneeded WS logging  
						
						
						
						
							
						
					 
					
						2019-10-17 17:15:11 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						cd8acc2e8c 
					 
					
						
						
							
							Merge pull request  #671  from vverst/enable-2fa-email  
						
						... 
						
						
						
						Move 2FA email config to after SMTP config 
						
						
							
						
					 
					
						2019-10-16 19:55:54 +02:00 
						 
				 
			
				
					
						
							
							
								vpl 
							
						 
					 
					
						
						
							
						
						3b7a5bd102 
					 
					
						
						
							
							Move 2FA email config to after SMTP config  
						
						
						
						
							
						
					 
					
						2019-10-16 07:11:16 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						d3054d4f83 
					 
					
						
						
							
							Merge pull request  #667  from dani-garcia/minimal_profile  
						
						... 
						
						
						
						Update rust version and use minimal profile for CI 
						
						
							
						
					 
					
						2019-10-15 22:26:12 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						5ac66b05e3 
					 
					
						
						
							
							Merge pull request  #666  from vverst/fix-2fa-email  
						
						... 
						
						
						
						Fix 2FA email not sending 
						
						
							
						
					 
					
						2019-10-15 22:25:37 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						83fd44eeef 
					 
					
						
						
							
							Update rust version and use minimal profile for CI  
						
						
						
						
							
						
					 
					
						2019-10-15 21:21:37 +02:00 
						 
				 
			
				
					
						
							
							
								vpl 
							
						 
					 
					
						
						
							
						
						2edecf34ff 
					 
					
						
						
							
							Use user_uuid instead of mut twofactor  
						
						
						
						
							
						
					 
					
						2019-10-15 21:20:19 +02:00 
						 
				 
			
				
					
						
							
							
								vpl 
							
						 
					 
					
						
						
							
						
						18bc8331f9 
					 
					
						
						
							
							Send email when preparing 2FA JsonError  
						
						
						
						
							
						
					 
					
						2019-10-15 21:19:49 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						7d956c5117 
					 
					
						
						
							
							Merge pull request  #664  from BlackDex/fix-issue-663  
						
						... 
						
						
						
						Fixed issue #663 . 
						
						
							
						
					 
					
						2019-10-14 01:25:26 +02:00 
						 
				 
			
				
					
						
							
							
								BlackDex 
							
						 
					 
					
						
						
							
						
						603a964579 
					 
					
						
						
							
							Fixed issue  #663 .  
						
						... 
						
						
						
						During the 2fa activation there is no twofactor record yet.
Changed the layout a bit so that it will generate a new twofactor record
when it does not exists yet. Else it will just update the already
existing record. 
						
						
							
						
					 
					
						2019-10-14 00:32:44 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						dc515b83f3 
					 
					
						
						
							
							Merge pull request  #657  from BlackDex/totp-timedrift  
						
						... 
						
						
						
						Updated authenticator TOTP 
						
						
							
						
					 
					
						2019-10-12 16:33:43 +02:00 
						 
				 
			
				
					
						
							
							
								BlackDex 
							
						 
					 
					
						
						
							
						
						9466f02696 
					 
					
						
						
							
							Recoded TOTP time drift validation  
						
						
						
						
							
						
					 
					
						2019-10-12 15:28:28 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						d3bd2774dc 
					 
					
						
						
							
							Update dependencies to use newer SQLite  
						
						
						
						
							
						
					 
					
						2019-10-11 22:49:47 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						f482585d7c 
					 
					
						
						
							
							Merge pull request  #660  from BlackDex/sqlite-backup-fix  
						
						... 
						
						
						
						Fixed a bug with the sqlite backup feature. 
						
						
							
						
					 
					
						2019-10-11 15:07:21 +02:00 
						 
				 
			
				
					
						
							
							
								BlackDex 
							
						 
					 
					
						
						
							
						
						2cde814aaa 
					 
					
						
						
							
							Fixed a bug with the sqlite backup feature.  
						
						... 
						
						
						
						When a custom path is used the backup feature does not work.
Changed it so it will take the path of the sqlite file and use that. 
						
						
							
						
					 
					
						2019-10-11 12:08:40 +02:00 
						 
				 
			
				
					
						
							
							
								BlackDex 
							
						 
					 
					
						
						
							
						
						d989a19f76 
					 
					
						
						
							
							Merge branch 'master' of  https://github.com/dani-garcia/bitwarden_rs  into totp-timedrift  
						
						
						
						
							
						
					 
					
						2019-10-11 11:22:13 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						d292269ea0 
					 
					
						
						
							
							Make the blacklist logic be cached  
						
						
						
						
							
						
					 
					
						2019-10-10 23:21:22 +02:00 
						 
				 
			
				
					
						
							
							
								BlackDex 
							
						 
					 
					
						
						
							
						
						ebf40099f2 
					 
					
						
						
							
							Updated authenticator TOTP  
						
						... 
						
						
						
						- Added security check for previouse used codes
- Allow TOTP codes with 1 step back and forward when there is a time
drift. This means in total 3 codes could be valid. But only newer codes
then the previouse used codes are excepted after that. 
						
						
							
						
					 
					
						2019-10-10 17:32:20 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						0586c00285 
					 
					
						
						
							
							Merge pull request  #653  from stevesbrain/master  
						
						... 
						
						
						
						Simple grammar update 
						
						
							
						
					 
					
						2019-10-10 01:06:51 +02:00 
						 
				 
			
				
					
						
							
							
								Steve Divskinsy 
							
						 
					 
					
						
						
							
						
						bb9ddd5680 
					 
					
						
						
							
							Merge pull request  #1  from stevesbrain/stevesbrain-patch-1  
						
						... 
						
						
						
						Very simple grammar updates 
						
						
							
						
					 
					
						2019-10-09 22:23:20 +10:30 
						 
				 
			
				
					
						
							
							
								Steve Divskinsy 
							
						 
					 
					
						
						
							
						
						cb1663fc12 
					 
					
						
						
							
							Very simple grammar updates  
						
						... 
						
						
						
						Just some basic grammar updates in the "get in touch" section. 
						
						
							
						
					 
					
						2019-10-09 22:22:52 +10:30 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						45d9d8db94 
					 
					
						
						
							
							Merge pull request  #652  from BlackDex/hibp-changes  
						
						... 
						
						
						
						Some modification when no HIBP API Key is set 
						
						
							
						
					 
					
						2019-10-09 00:44:00 +02:00 
						 
				 
			
				
					
						
							
							
								BlackDex 
							
						 
					 
					
						
						
							
						
						edc482c8ea 
					 
					
						
						
							
							Changed HIBP Error message.  
						
						... 
						
						
						
						- Moved the manual link to the check to the top.
- Clearified that hibp is a payed service.
- Changed error logo to hibp logo. 
						
						
							
						
					 
					
						2019-10-08 22:29:12 +02:00 
						 
				 
			
				
					
						
							
							
								BlackDex 
							
						 
					 
					
						
						
							
						
						6e5c03cc78 
					 
					
						
						
							
							Some modification when no HIBP API Key is set  
						
						... 
						
						
						
						- Added an URL with the useraccount for manual check.
- Added support for HTTP(S)_PROXY for hibp. 
						
						
							
						
					 
					
						2019-10-08 21:39:11 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						881c1978eb 
					 
					
						
						
							
							Error when the URL scheme doesn't match the database type  
						
						
						
						
							
						
					 
					
						2019-10-08 19:34:47 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						662bc27523 
					 
					
						
						
							
							Updated dependencies and fixed disable_admin_token description  
						
						
						
						
							
						
					 
					
						2019-10-08 19:33:27 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						b4b62c22a4 
					 
					
						
						
							
							Merge pull request  #648  from BlackDex/icon-security  
						
						... 
						
						
						
						Added missing .env configuration option. 
						
						
							
 
						
					 
					
						2019-10-08 18:08:32 +02:00 
						 
				 
			
				
					
						
							
							
								BlackDex 
							
						 
					 
					
						
						
							
						
						05569147af 
					 
					
						
						
							
							Added missing .env configuration option.  
						
						
						
						
							
						
					 
					
						2019-10-08 13:30:17 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						99a635d327 
					 
					
						
						
							
							Merge pull request  #643  from BlackDex/icon-security  
						
						... 
						
						
						
						Updated icon blacklisting. 
						
						
							
						
					 
					
						2019-10-05 17:06:14 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						e6b763026e 
					 
					
						
						
							
							Merge branch 'master' into icon-security  
						
						
						
						
							
						
					 
					
						2019-10-05 16:45:36 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						c182583e09 
					 
					
						
						
							
							Merge pull request  #644  from BlackDex/issue-565  
						
						... 
						
						
						
						Fixed issue #565  
						
						
							
						
					 
					
						2019-10-05 16:17:43 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						d821389c2e 
					 
					
						
						
							
							Merge pull request  #639  from vverst/cors-update  
						
						... 
						
						
						
						Change CORS headers 
						
						
							
						
					 
					
						2019-10-05 16:09:33 +02:00 
						 
				 
			
				
					
						
							
							
								BlackDex 
							
						 
					 
					
						
						
							
						
						be2916333b 
					 
					
						
						
							
							Fixed issue  #565  
						
						... 
						
						
						
						Issue fixed by omitting the cookie header when cookie_str is empty 
						
						
							
						
					 
					
						2019-10-05 15:45:09 +02:00 
						 
				 
			
				
					
						
							
							
								BlackDex 
							
						 
					 
					
						
						
							
						
						9124d8a3fb 
					 
					
						
						
							
							Updated icon blacklisting.  
						
						... 
						
						
						
						- Blacklisting was not effective for redirects and rel href
- Able to blacklist non global IP's like RFC1918, multicast etc... 
						
						
							
						
					 
					
						2019-10-05 14:48:15 +02:00 
						 
				 
			
				
					
						
							
							
								vpl 
							
						 
					 
					
						
						
							
						
						7b1da527a6 
					 
					
						
						
							
							Change CORS headers  
						
						... 
						
						
						
						Only add Allow-Origin to all requests and move the others to preflight OPTIONS request.
If Origin is `file://` change it to the wildcard. 
						
						
							
						
					 
					
						2019-10-01 20:12:33 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						e7b8602e1f 
					 
					
						
						
							
							Merge pull request  #638  from mprasil/add_sqlite_binary  
						
						... 
						
						
						
						Add sqlite binary into the docker images 
						
						
							
						
					 
					
						2019-10-01 19:50:41 +02:00 
						 
				 
			
				
					
						
							
							
								Miro Prasil 
							
						 
					 
					
						
						
							
						
						d6e9af909b 
					 
					
						
						
							
							Remove the unnecessary check for sqlite  
						
						... 
						
						
						
						The binary we use is called `sqlite3` so no need to check for other
name variants as we won't use those anyways. 
						
						
							
						
					 
					
						2019-10-01 10:40:22 +01:00 
						 
				 
			
				
					
						
							
							
								Miro Prasil 
							
						 
					 
					
						
						
							
						
						acdd42935b 
					 
					
						
						
							
							Add sqlite binary into the docker images  
						
						... 
						
						
						
						This is done to enable backup functionality in the admin interface while
we're waiting for the libsqlite-sys 0.17 to bubble up in the upstream
dependencies. Then we can start using `VACUUM INTO`
This also extends the check for the sqlite binary to also try `sqlite3`
as this is the name of the binary in baseimage distributions we use. 
						
						
							
						
					 
					
						2019-09-30 13:54:06 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						8367d1d715 
					 
					
						
						
							
							Merge pull request  #631  from vverst/cors-put  
						
						... 
						
						
						
						Use Access-Control-Allow-Method 
						
						
							
						
					 
					
						2019-09-23 20:03:51 +02:00 
						 
				 
			
				
					
						
							
							
								vpl 
							
						 
					 
					
						
						
							
						
						56f12dc982 
					 
					
						
						
							
							Use Access-Control-Allow-Method  
						
						
						
						
							
						
					 
					
						2019-09-23 07:44:44 +02:00