Merge pull request #147 from mprasil/master

Bump version to 0.13.0 - latest Vault v1
2025-09-10 18:55:57 +03:00 · 2018-08-21 22:32:54 +02:00 · 2018-08-21 21:13:56 +01:00 · 2018-08-15 15:12:01 +02:00 · 2018-08-15 11:18:34 +01:00 · 2018-08-13 14:38:54 +02:00
8 changed files with 155 additions and 35 deletions
--- a/.env
+++ b/.env
@@ -27,6 +27,9 @@
 ## The change only applies when the password is changed
 # PASSWORD_ITERATIONS=100000
 ## Whether password hint should be sent into the error response when the client request it
 # SHOW_PASSWORD_HINT=true
 ## Domain settings
 ## The domain must match the address from where you access the server
 ## Unless you are using U2F, or having problems with attachments not downloading, there is no need to change this
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "bitwarden_rs"
-version = "0.11.0"
+version = "0.13.0"
 authors = ["Daniel García <dani-garcia@users.noreply.github.com>"]
 [dependencies]
--- a/README.md
+++ b/README.md
@@ -22,6 +22,7 @@ _*Note, that this project is not associated with the [Bitwarden](https://bitward
    - [icons cache](#icons-cache)
  - [Changing the API request size limit](#changing-the-api-request-size-limit)
  - [Changing the number of workers](#changing-the-number-of-workers)
  - [Disabling or overriding the Vault interface hosting](#disabling-or-overriding-the-vault-interface-hosting)
  - [Other configuration](#other-configuration)
 - [Building your own image](#building-your-own-image)
 - [Building binary](#building-binary)
@@ -33,6 +34,10 @@ _*Note, that this project is not associated with the [Bitwarden](https://bitward
  - [3. the key files](#3-the-key-files)
  - [4. Icon Cache](#4-icon-cache)
 - [Running the server with non-root user](#running-the-server-with-non-root-user)
 - [Differences from upstream API implementation](#differences-from-upstream-api-implementation)
  - [Changing user email](#changing-user-email)
  - [Creating organization](#creating-organization)
  - [Inviting users into organization](#inviting-users-into-organization)
 - [Get in touch](#get-in-touch)
 ## Features
@@ -134,11 +139,10 @@ Where:
 ```sh
 docker run -d --name bitwarden \
-  -e ROCKET_TLS={certs='"/ssl/certs.pem",key="/ssl/key.pem"}' \
+  -e ROCKET_TLS='{certs="/ssl/certs.pem",key="/ssl/key.pem"}' \
  -v /ssl/keys/:/ssl/ \
  -v /bw-data/:/data/ \
-  -v /icon_cache/ \
+  -p 443:80 \
  -p 443:443 \
  mprasil/bitwarden:latest
 ```
 Note that you need to mount ssl files and you need to forward appropriate port.
@@ -248,6 +252,30 @@ docker run -d --name bitwarden \
  mprasil/bitwarden:latest
 ```
 ### Disabling or overriding the Vault interface hosting
 As a convenience bitwarden_rs image will also host static files for Vault web interface. You can disable this static file hosting completely by setting the WEB_VAULT_ENABLED variable.
 ```sh
 docker run -d --name bitwarden \
  -e WEB_VAULT_ENABLED=false \
  -v /bw-data/:/data/ \
  -p 80:80 \
  mprasil/bitwarden:latest
 ```
 Alternatively you can override the Vault files and provide your own static files to host. You can do that by mounting a path with your files over the `/web-vault` directory in the container. Just make sure the directory contains at least `index.html` file.
 ```sh
 docker run -d --name bitwarden \
  -v /path/to/static/files_directory:/web-vault \
  -v /bw-data/:/data/ \
  -p 80:80 \
  mprasil/bitwarden:latest
 ```
 Note that you can also change the path where bitwarden_rs looks for static files by providing the `WEB_VAULT_FOLDER` environment variable with the path.
 ### Other configuration
 Though this is unlikely to be required in small deployment, you can fine-tune some other settings like number of workers using environment variables that are processed by [Rocket](https://rocket.rs), please see details in [documentation](https://rocket.rs/guide/configuration/#environment-variables).
@@ -313,8 +341,23 @@ docker run -d --name bitwarden \
  -p 80:8080 \
  mprasil/bitwarden:latest
 ```
 ## Differences from upstream API implementation
 ### Changing user email
 Because we don't have any SMTP functionality at the moment, there's no way to deliver the verification token when you try to change the email. User just needs to enter any random token to continue and the change will be applied.
 ### Creating organization
 We use upstream Vault interface directly without any (significant) changes, this is why user is presented with paid options when creating organization. To create an organization, just use the free option, none of the limits apply when using bitwarden_rs as back-end API and after the organization is created it should behave like Enterprise organization.
 ### Inviting users into organization
 The users must already be registered on your server to invite them, because we can't send the invitation via email. The invited users won't get the invitation email, instead they will appear in the interface as if they already accepted the invitation. Organization admin then just needs to confirm them to be proper Organization members and to give them access to the shared secrets.
 ## Get in touch
 To ask an question, [raising an issue](https://github.com/dani-garcia/bitwarden_rs/issues/new) is fine, also please report any bugs spotted here.
-If you prefer to chat, we're usually hanging around at [#bitwarden_rs:matrix.org](https://matrix.to/#/!cASGtOHlSftdScFNMs:matrix.org) room on Matrix. Feel free to join us!
+If you prefer to chat, we're usually hanging around at [#bitwarden_rs:matrix.org](https://matrix.to/#/#bitwarden_rs:matrix.org) room on Matrix. Feel free to join us!
--- a/src/api/core/accounts.rs
+++ b/src/api/core/accounts.rs
@@ -244,6 +244,29 @@ fn delete_account(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn
 #[get("/accounts/revision-date")]
 fn revision_date(headers: Headers) -> String {
-    let revision_date = headers.user.updated_at.timestamp();
+    let revision_date = headers.user.updated_at.timestamp_millis();
    revision_date.to_string()
 }
 #[derive(Deserialize)]
 #[allow(non_snake_case)]
 struct PasswordHintData {
    Email: String,
 }
 #[post("/accounts/password-hint", data = "<data>")]
 fn password_hint(data: JsonUpcase<PasswordHintData>, conn: DbConn) -> EmptyResult {
    let data: PasswordHintData = data.into_inner().data;
    if !CONFIG.show_password_hint {
        return Ok(())
    }
    match User::find_by_mail(&data.Email, &conn) {
        Some(user) => {
            let hint = user.password_hint.to_owned().unwrap_or_default();
            err!(format!("Your password hint is: {}", hint))
        },
        None => Ok(()),
    }
 }
--- a/src/api/core/ciphers.rs
+++ b/src/api/core/ciphers.rs
@@ -415,6 +415,22 @@ fn post_attachment(uuid: String, data: Data, content_type: &ContentType, headers
    Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, &conn)))
 }
 #[post("/ciphers/<uuid>/attachment-admin", format = "multipart/form-data", data = "<data>")]
 fn post_attachment_admin(uuid: String, data: Data, content_type: &ContentType, headers: Headers, conn: DbConn) -> JsonResult {
    post_attachment(uuid, data, content_type, headers, conn)
 }
 #[post("/ciphers/<uuid>/attachment/<attachment_id>/share", format = "multipart/form-data", data = "<data>")]
 fn post_attachment_share(uuid: String, attachment_id: String, data: Data, content_type: &ContentType, headers: Headers, conn: DbConn) -> JsonResult {
    _delete_cipher_attachment_by_id(&uuid, &attachment_id, &headers, &conn)?;
    post_attachment(uuid, data, content_type, headers, conn)
 }
 #[post("/ciphers/<uuid>/attachment/<attachment_id>/delete-admin")]
 fn delete_attachment_post_admin(uuid: String, attachment_id: String, headers: Headers, conn: DbConn) -> EmptyResult {
    delete_attachment(uuid, attachment_id, headers, conn)
 }
 #[post("/ciphers/<uuid>/attachment/<attachment_id>/delete")]
 fn delete_attachment_post(uuid: String, attachment_id: String, headers: Headers, conn: DbConn) -> EmptyResult {
    delete_attachment(uuid, attachment_id, headers, conn)
@@ -422,29 +438,7 @@ fn delete_attachment_post(uuid: String, attachment_id: String, headers: Headers,
 #[delete("/ciphers/<uuid>/attachment/<attachment_id>")]
 fn delete_attachment(uuid: String, attachment_id: String, headers: Headers, conn: DbConn) -> EmptyResult {
-    let attachment = match Attachment::find_by_id(&attachment_id, &conn) {
+    _delete_cipher_attachment_by_id(&uuid, &attachment_id, &headers, &conn)
        Some(attachment) => attachment,
        None => err!("Attachment doesn't exist")
    };
    if attachment.cipher_uuid != uuid {
        err!("Attachment from other cipher")
    }
    let cipher = match Cipher::find_by_uuid(&uuid, &conn) {
        Some(cipher) => cipher,
        None => err!("Cipher doesn't exist")
    };
    if !cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) {
        err!("Cipher cannot be deleted by user")
    }
    // Delete attachment
    match attachment.delete(&conn) {
        Ok(()) => Ok(()),
        Err(_) => err!("Deleting attachement failed")
    }
 }
 #[post("/ciphers/<uuid>/delete")]
@@ -578,3 +572,29 @@ fn _delete_cipher_by_uuid(uuid: &str, headers: &Headers, conn: &DbConn) -> Empty
        Err(_) => err!("Failed deleting cipher")
    }
 }
 fn _delete_cipher_attachment_by_id(uuid: &str, attachment_id: &str, headers: &Headers, conn: &DbConn) -> EmptyResult {
    let attachment = match Attachment::find_by_id(&attachment_id, &conn) {
        Some(attachment) => attachment,
        None => err!("Attachment doesn't exist")
    };
    if attachment.cipher_uuid != uuid {
        err!("Attachment from other cipher")
    }
    let cipher = match Cipher::find_by_uuid(&uuid, &conn) {
        Some(cipher) => cipher,
        None => err!("Cipher doesn't exist")
    };
    if !cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) {
        err!("Cipher cannot be deleted by user")
    }
    // Delete attachment
    match attachment.delete(&conn) {
        Ok(()) => Ok(()),
        Err(_) => err!("Deleting attachement failed")
    }
 }
--- a/src/api/core/mod.rs
+++ b/src/api/core/mod.rs
@@ -23,6 +23,7 @@ pub fn routes() -> Vec<Route> {
        post_email,
        delete_account,
        revision_date,
        password_hint,
        sync,
@@ -34,7 +35,10 @@ pub fn routes() -> Vec<Route> {
        post_ciphers_admin,
        post_ciphers_import,
        post_attachment,
        post_attachment_admin,
        post_attachment_share,
        delete_attachment_post,
        delete_attachment_post_admin,
        delete_attachment,
        post_cipher_admin,
        post_cipher_share,
--- a/src/db/models/attachment.rs
+++ b/src/db/models/attachment.rs
@@ -64,14 +64,33 @@ impl Attachment {
    pub fn delete(self, conn: &DbConn) -> QueryResult<()> {
        use util;
        use std::{thread, time};
        let mut retries = 10;
        loop {
            match diesel::delete(
                attachments::table.filter(
                    attachments::id.eq(&self.id)
                )
            ).execute(&**conn) {
                Ok(_) => break,
                Err(err) => {
                    if retries < 1 {
                        println!("ERROR: Failed with 10 retries");
                        return Err(err)
                    } else {
                        retries = retries - 1;
                        println!("Had to retry! Retries left: {}", retries);
                        thread::sleep(time::Duration::from_millis(500));
                        continue
                    }
                }
            }
        }
        util::delete_file(&self.get_file_path());
-
+        Ok(())
        diesel::delete(
            attachments::table.filter(
                attachments::id.eq(self.id)
            )
        ).execute(&**conn).and(Ok(()))
    }
    pub fn delete_all_by_cipher(cipher_uuid: &str, conn: &DbConn) -> QueryResult<()> {
--- a/src/main.rs
+++ b/src/main.rs
@@ -83,6 +83,11 @@ fn check_db() {
            exit(1);
        }
    }
    // Turn on WAL in SQLite
    use diesel::RunQueryDsl;
    let connection = db::get_connection().expect("Can't conect to DB");
    diesel::sql_query("PRAGMA journal_mode=wal").execute(&connection).expect("Failed to turn on WAL");
 }
 fn check_rsa_keys() {
@@ -164,6 +169,7 @@ pub struct Config {
    local_icon_extractor: bool,
    signups_allowed: bool,
    password_iterations: i32,
    show_password_hint: bool,
    domain: String,
    domain_set: bool,
 }
@@ -192,6 +198,8 @@ impl Config {
            local_icon_extractor: util::parse_option_string(env::var("LOCAL_ICON_EXTRACTOR").ok()).unwrap_or(false),
            signups_allowed: util::parse_option_string(env::var("SIGNUPS_ALLOWED").ok()).unwrap_or(true),
            password_iterations: util::parse_option_string(env::var("PASSWORD_ITERATIONS").ok()).unwrap_or(100_000),
            show_password_hint: util::parse_option_string(env::var("SHOW_PASSWORD_HINT").ok()).unwrap_or(true),
            domain_set: domain.is_ok(),
            domain: domain.unwrap_or("http://localhost".into()),
        }
Author	SHA1	Message	Date
Daniel García	bd20d8724b	Merge pull request #147 from mprasil/master Bump version to 0.13.0 - latest Vault v1	2018-08-21 22:32:54 +02:00
Miroslav Prasil	df041108f6	Bump version to 0.13.0 - latest Vault v1	2018-08-21 21:13:56 +01:00
Daniel García	b6312340b6	Merge pull request #138 from mprasil/readme_updates Cleaned up HTTPS example	2018-08-15 15:12:01 +02:00
Miroslav Prasil	80bad9f66d	Cleaned up HTTPS example	2018-08-15 11:18:34 +01:00
Daniel García	5a55dd1d4b	Merge pull request #133 from mprasil/document_differences Extend documentation	2018-08-13 14:38:54 +02:00
Miroslav Prasil	c0f554311b	Extend documentation	2018-08-13 12:01:52 +01:00
Daniel García	c6256e1455	Merge pull request #128 from mprasil/revision_date Return revision date in miliseconds (fixes #127)	2018-08-10 19:40:56 +02:00
Daniel García	0cd3053fcb	Merge pull request #125 from stammw/master Make password hints available in the error message #85	2018-08-10 19:40:31 +02:00
Miroslav Prasil	58c1545707	Return revision date in miliseconds (fixes #127 )	2018-08-10 17:18:59 +01:00
Jean-Christophe BEGUE	d3b4b10d18	Add a explaination to the password hint message #85	2018-08-10 16:59:23 +02:00
Jean-Christophe BEGUE	c031ae9f2f	Make password hints available in the error message #85	2018-08-10 15:52:06 +02:00
Daniel García	56b3afa77c	Merge pull request #107 from shauder/bug/attachments_for_orgs Bug/attachments for orgs	2018-07-31 20:08:05 +02:00
Shane A. Faulkner	d335f45e34	Bump version to 0.12.0	2018-07-31 12:07:03 -05:00
Shane A. Faulkner	34d2648509	Merge pull request #3 from shauder/master Sync working branch with changes in master upstream	2018-07-31 12:05:52 -05:00
Shane A. Faulkner	f39c4fe2f4	Merge pull request #2 from dani-garcia/master Sync local fork with upstream	2018-07-31 12:03:39 -05:00
Shane A. Faulkner	01875c395b	Merge pull request #1 from mprasil/concurrency_fix WAL journal mode and delete retry added	2018-07-31 11:39:45 -05:00
Miroslav Prasil	2872f40d13	WAL journal mode and delete retry added	2018-07-31 16:43:43 +01:00
mprasil	d7df545078	Merge pull request #104 from jcgruenhage/patch-1 Update matrix.to link in the README	2018-07-26 22:52:12 +01:00
Jan Christian Grünhage	d073f06652	Update matrix.to link in the README Using the room ID instead of an alias isn't supposed to be working for joining rooms, and doesn't work when joining over federation. It only works when your server is already participating in the room.	2018-07-26 22:42:02 +01:00
Daniel García	3726da9c14	Merge pull request #103 from mprasil/https_doc_fix Fixed the documentation for https (resolves #101)	2018-07-24 15:28:23 +02:00
Miroslav Prasil	51450a0df9	Fixed the documentation for https (resolves #101 )	2018-07-24 12:32:41 +01:00
Shane A. Faulkner	98bae4a0a1	Cleanup and working with 2 or less attachments	2018-07-18 15:35:45 -05:00
Shane A. Faulkner	31349a47d3	Very dirty addition of missing api's	2018-07-14 01:09:20 -05:00