Merge pull request #1026 from BlackDex/issue-1022

Fixes #1022 cloning with attachments

.env.template

@@ -185,6 +185,7 @@
 # SMTP_FROM_NAME=Bitwarden_RS
 # SMTP_PORT=587
 # SMTP_SSL=true
+# SMTP_EXPLICIT_TLS=true # N.B. This variable configures Implicit TLS. It's currently mislabelled (see bug #851)
 # SMTP_USERNAME=username
 # SMTP_PASSWORD=password
 # SMTP_AUTH_MECHANISM="Plain"

Cargo.toml

@@ -26,7 +26,7 @@ rocket = { version = "0.5.0-dev", features = ["tls"], default-features = false }
 rocket_contrib = "0.5.0-dev"
 
 # HTTP client
-reqwest = { version = "0.10.4", features = ["blocking", "json"] }
+reqwest = { version = "0.10.6", features = ["blocking", "json"] }
 
 # multipart/form-data support
 multipart = { version = "0.16.1", features = ["server"], default-features = false }
@@ -41,9 +41,9 @@ rmpv = "0.4.4"
 chashmap = "2.2.2"
 
 # A generic serialization/deserialization framework
-serde = "1.0.106"
-serde_derive = "1.0.106"
-serde_json = "1.0.51"
+serde = "1.0.111"
+serde_derive = "1.0.111"
+serde_json = "1.0.53"
 
 # Logging
 log = "0.4.8"
@@ -57,20 +57,20 @@ diesel_migrations = "1.4.0"
 libsqlite3-sys = { version = "0.17.3", features = ["bundled"], optional = true }
 
 # Crypto library
-ring = "0.16.12"
+ring = "0.16.14"
 
 # UUID generation
 uuid = { version = "0.8.1", features = ["v4"] }
 
 # Date and time librar for Rust
 chrono = "0.4.11"
-time = "0.2.9"
+time = "0.2.16"
 
 # TOTP library
 oath = "0.10.2"
 
 # Data encoding library
-data-encoding = "2.2.0"
+data-encoding = "2.2.1"
 
 # JWT library
 jsonwebtoken = "7.1.0"
@@ -85,26 +85,22 @@ yubico = { version = "0.9.0", features = ["online-tokio"], default-features = fa
 dotenv = { version = "0.15.0", default-features = false }
 
 # Lazy initialization
-once_cell = "1.3.1"
-
-# More derives
-derive_more = "0.99.5"
+once_cell = "1.4.0"
 
 # Numerical libraries
 num-traits = "0.2.11"
 num-derive = "0.3.0"
 
 # Email libraries
-lettre = "0.10.0-pre"
+lettre = { version = "0.10.0-alpha.1", features = ["smtp-transport", "builder", "serde", "native-tls"], default-features = false }
 native-tls = "0.2.4"
-quoted_printable = "0.4.2"
 
 # Template library
 handlebars = { version = "3.0.1", features = ["dir_source"] }
 
 # For favicon extraction from main website
 soup = "0.5.0"
-regex = "1.3.6"
+regex = "1.3.9"
 data-url = "0.1.0"
 
 # Used by U2F, JWT and Postgres
@@ -116,18 +112,15 @@ percent-encoding = "2.1.0"
 idna = "0.2.0"
 
 # CLI argument parsing
-structopt = "0.3.13"
+structopt = "0.3.14"
 
 # Logging panics to logfile instead stderr only
-backtrace = "0.3.46"
+backtrace = "0.3.48"
 
 [patch.crates-io]
 # Use newest ring
-rocket = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'dfc9e9aab01d349da32c52db393e35b7fffea63c' }
-rocket_contrib = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'dfc9e9aab01d349da32c52db393e35b7fffea63c' }
-
-# Use git version for timeout fix #706
-lettre = { git = 'https://github.com/lettre/lettre', rev = '245c600c82ee18b766e8729f005ff453a55dce34' }
+rocket = { git = 'https://github.com/SergioBenitez/Rocket', rev = '1010f6a2a88fac899dec0cd2f642156908038a53' }
+rocket_contrib = { git = 'https://github.com/SergioBenitez/Rocket', rev = '1010f6a2a88fac899dec0cd2f642156908038a53' }
 
 # For favicon extraction from main website
 data-url = { git = 'https://github.com/servo/rust-url', package="data-url", rev = '7f1bd6ce1c2fde599a757302a843a60e714c5f72' }

docker/Dockerfile.j2

@@ -27,17 +27,17 @@
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-{% set vault_image_hash = "sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554" %}
+{% set vault_image_hash = "sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5" %}
 {% raw %}
 #  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
 #  It can be viewed in multiple ways:
 #  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
 #  - From the console, with the following commands:
-#      docker pull bitwardenrs/web-vault:v2.13.2b
-#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#      docker pull bitwardenrs/web-vault:v2.14.0
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.14.0
 #
 #  - To do the opposite, and get the tag from the hash, you can do:
-#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5
 {% endraw %}
 FROM bitwardenrs/web-vault@{{ vault_image_hash }} as vault
 

docker/aarch64/mysql/Dockerfile

@@ -10,12 +10,12 @@
 #  It can be viewed in multiple ways:
 #  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
 #  - From the console, with the following commands:
-#      docker pull bitwardenrs/web-vault:v2.13.2b
-#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#      docker pull bitwardenrs/web-vault:v2.14.0
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.14.0
 #
 #  - To do the opposite, and get the tag from the hash, you can do:
-#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
-FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5
+FROM bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5 as vault
 
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because

docker/aarch64/sqlite/Dockerfile

@@ -10,12 +10,12 @@
 #  It can be viewed in multiple ways:
 #  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
 #  - From the console, with the following commands:
-#      docker pull bitwardenrs/web-vault:v2.13.2b
-#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#      docker pull bitwardenrs/web-vault:v2.14.0
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.14.0
 #
 #  - To do the opposite, and get the tag from the hash, you can do:
-#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
-FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5
+FROM bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5 as vault
 
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because

docker/amd64/mysql/Dockerfile

@@ -10,12 +10,12 @@
 #  It can be viewed in multiple ways:
 #  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
 #  - From the console, with the following commands:
-#      docker pull bitwardenrs/web-vault:v2.13.2b
-#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#      docker pull bitwardenrs/web-vault:v2.14.0
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.14.0
 #
 #  - To do the opposite, and get the tag from the hash, you can do:
-#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
-FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5
+FROM bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5 as vault
 
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because

docker/amd64/mysql/Dockerfile.alpine

@@ -10,12 +10,12 @@
 #  It can be viewed in multiple ways:
 #  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
 #  - From the console, with the following commands:
-#      docker pull bitwardenrs/web-vault:v2.13.2b
-#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#      docker pull bitwardenrs/web-vault:v2.14.0
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.14.0
 #
 #  - To do the opposite, and get the tag from the hash, you can do:
-#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
-FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5
+FROM bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5 as vault
 
 ########################## BUILD IMAGE  ##########################
 # Musl build image for statically compiled binary

docker/amd64/postgresql/Dockerfile

@@ -10,12 +10,12 @@
 #  It can be viewed in multiple ways:
 #  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
 #  - From the console, with the following commands:
-#      docker pull bitwardenrs/web-vault:v2.13.2b
-#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#      docker pull bitwardenrs/web-vault:v2.14.0
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.14.0
 #
 #  - To do the opposite, and get the tag from the hash, you can do:
-#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
-FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5
+FROM bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5 as vault
 
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because

docker/amd64/postgresql/Dockerfile.alpine

@@ -10,12 +10,12 @@
 #  It can be viewed in multiple ways:
 #  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
 #  - From the console, with the following commands:
-#      docker pull bitwardenrs/web-vault:v2.13.2b
-#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#      docker pull bitwardenrs/web-vault:v2.14.0
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.14.0
 #
 #  - To do the opposite, and get the tag from the hash, you can do:
-#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
-FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5
+FROM bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5 as vault
 
 ########################## BUILD IMAGE  ##########################
 # Musl build image for statically compiled binary

docker/amd64/sqlite/Dockerfile

@@ -10,12 +10,12 @@
 #  It can be viewed in multiple ways:
 #  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
 #  - From the console, with the following commands:
-#      docker pull bitwardenrs/web-vault:v2.13.2b
-#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#      docker pull bitwardenrs/web-vault:v2.14.0
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.14.0
 #
 #  - To do the opposite, and get the tag from the hash, you can do:
-#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
-FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5
+FROM bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5 as vault
 
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because

docker/amd64/sqlite/Dockerfile.alpine

@@ -10,12 +10,12 @@
 #  It can be viewed in multiple ways:
 #  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
 #  - From the console, with the following commands:
-#      docker pull bitwardenrs/web-vault:v2.13.2b
-#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#      docker pull bitwardenrs/web-vault:v2.14.0
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.14.0
 #
 #  - To do the opposite, and get the tag from the hash, you can do:
-#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
-FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5
+FROM bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5 as vault
 
 ########################## BUILD IMAGE  ##########################
 # Musl build image for statically compiled binary

docker/armv6/mysql/Dockerfile

@@ -10,12 +10,12 @@
 #  It can be viewed in multiple ways:
 #  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
 #  - From the console, with the following commands:
-#      docker pull bitwardenrs/web-vault:v2.13.2b
-#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#      docker pull bitwardenrs/web-vault:v2.14.0
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.14.0
 #
 #  - To do the opposite, and get the tag from the hash, you can do:
-#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
-FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5
+FROM bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5 as vault
 
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because

docker/armv6/sqlite/Dockerfile

@@ -10,12 +10,12 @@
 #  It can be viewed in multiple ways:
 #  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
 #  - From the console, with the following commands:
-#      docker pull bitwardenrs/web-vault:v2.13.2b
-#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#      docker pull bitwardenrs/web-vault:v2.14.0
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.14.0
 #
 #  - To do the opposite, and get the tag from the hash, you can do:
-#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
-FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5
+FROM bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5 as vault
 
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because

docker/armv7/mysql/Dockerfile

@@ -10,12 +10,12 @@
 #  It can be viewed in multiple ways:
 #  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
 #  - From the console, with the following commands:
-#      docker pull bitwardenrs/web-vault:v2.13.2b
-#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#      docker pull bitwardenrs/web-vault:v2.14.0
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.14.0
 #
 #  - To do the opposite, and get the tag from the hash, you can do:
-#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
-FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5
+FROM bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5 as vault
 
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because

docker/armv7/sqlite/Dockerfile

@@ -10,12 +10,12 @@
 #  It can be viewed in multiple ways:
 #  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
 #  - From the console, with the following commands:
-#      docker pull bitwardenrs/web-vault:v2.13.2b
-#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.13.2b
+#      docker pull bitwardenrs/web-vault:v2.14.0
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.14.0
 #
 #  - To do the opposite, and get the tag from the hash, you can do:
-#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554
-FROM bitwardenrs/web-vault@sha256:f32c555a2bc3ee6bc0718319b1e8057c10ef889cf7231f0ff217af98486da554 as vault
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5
+FROM bitwardenrs/web-vault@sha256:c62e0b8698562e03fe2759374f3ecd760d9612e4eaf0af4583f231ebf05d6df5 as vault
 
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because

migrations/mysql/2020-04-09-235005_add_cipher_delete_date/down.sql

@@ -0,0 +1 @@
+

migrations/mysql/2020-04-09-235005_add_cipher_delete_date/up.sql

@@ -0,0 +1,3 @@
+ALTER TABLE ciphers
+    ADD COLUMN
+    deleted_at DATETIME;

migrations/postgresql/2020-04-09-235005_add_cipher_delete_date/down.sql

@@ -0,0 +1 @@
+

migrations/postgresql/2020-04-09-235005_add_cipher_delete_date/up.sql

@@ -0,0 +1,3 @@
+ALTER TABLE ciphers
+    ADD COLUMN
+    deleted_at TIMESTAMP;

migrations/sqlite/2020-04-09-235005_add_cipher_delete_date/down.sql

@@ -0,0 +1 @@
+

migrations/sqlite/2020-04-09-235005_add_cipher_delete_date/up.sql

@@ -0,0 +1,3 @@
+ALTER TABLE ciphers
+    ADD COLUMN
+    deleted_at DATETIME;

rust-toolchain

@@ -1 +1 @@
-nightly-2020-04-08
+nightly-2020-05-31

src/api/admin.rs

@@ -1,5 +1,6 @@
 use once_cell::sync::Lazy;
 use serde_json::Value;
+use serde::de::DeserializeOwned;
 use std::process::Command;
 
 use rocket::http::{Cookie, Cookies, SameSite};
@@ -14,6 +15,7 @@ use crate::config::ConfigBuilder;
 use crate::db::{backup_database, models::*, DbConn};
 use crate::error::Error;
 use crate::mail;
+use crate::util::get_display_size;
 use crate::CONFIG;
 
 pub fn routes() -> Vec<Route> {
@@ -23,7 +25,7 @@ pub fn routes() -> Vec<Route> {
 
     routes![
         admin_login,
-        get_users,
+        get_users_json,
         post_admin_login,
         admin_page,
         invite_user,
@@ -36,6 +38,9 @@ pub fn routes() -> Vec<Route> {
         delete_config,
         backup_db,
         test_smtp,
+        users_overview,
+        organizations_overview,
+        diagnostics,
     ]
 }
 
@@ -57,6 +62,14 @@ fn admin_path() -> String {
     format!("{}{}", CONFIG.domain_path(), ADMIN_PATH)
 }
 
+/// Used for `Location` response headers, which must specify an absolute URI
+/// (see https://tools.ietf.org/html/rfc2616#section-14.30).
+fn admin_url() -> String {
+    // Don't use CONFIG.domain() directly, since the user may want to keep a
+    // trailing slash there, particularly when running under a subpath.
+    format!("{}{}{}", CONFIG.domain_origin(), CONFIG.domain_path(), ADMIN_PATH)
+}
+
 #[get("/", rank = 2)]
 fn admin_login(flash: Option<FlashMessage>) -> ApiResult<Html<String>> {
     // If there is an error, show it
@@ -81,7 +94,7 @@ fn post_admin_login(data: Form<LoginForm>, mut cookies: Cookies, ip: ClientIp) -
     if !_validate_token(&data.token) {
         error!("Invalid admin token. IP: {}", ip.ip);
         Err(Flash::error(
-            Redirect::to(admin_path()),
+            Redirect::to(admin_url()),
             "Invalid admin token, please try again.",
         ))
     } else {
@@ -97,7 +110,7 @@ fn post_admin_login(data: Form<LoginForm>, mut cookies: Cookies, ip: ClientIp) -
             .finish();
 
         cookies.add(cookie);
-        Ok(Redirect::to(admin_path()))
+        Ok(Redirect::to(admin_url()))
     }
 }
 
@@ -112,7 +125,9 @@ fn _validate_token(token: &str) -> bool {
 struct AdminTemplateData {
     page_content: String,
     version: Option<&'static str>,
-    users: Vec<Value>,
+    users: Option<Vec<Value>>,
+    organizations: Option<Vec<Value>>,
+    diagnostics: Option<Value>,
     config: Value,
     can_backup: bool,
     logged_in: bool,
@@ -120,15 +135,59 @@ struct AdminTemplateData {
 }
 
 impl AdminTemplateData {
-    fn new(users: Vec<Value>) -> Self {
+    fn new() -> Self {
         Self {
-            page_content: String::from("admin/page"),
+            page_content: String::from("admin/settings"),
             version: VERSION,
-            users,
             config: CONFIG.prepare_json(),
             can_backup: *CAN_BACKUP,
             logged_in: true,
             urlpath: CONFIG.domain_path(),
+            users: None,
+            organizations: None,
+            diagnostics: None,
+        }
+    }
+
+    fn users(users: Vec<Value>) -> Self {
+        Self {
+            page_content: String::from("admin/users"),
+            version: VERSION,
+            users: Some(users),
+            config: CONFIG.prepare_json(),
+            can_backup: *CAN_BACKUP,
+            logged_in: true,
+            urlpath: CONFIG.domain_path(),
+            organizations: None,
+            diagnostics: None,
+        }
+    }
+
+    fn organizations(organizations: Vec<Value>) -> Self {
+        Self {
+            page_content: String::from("admin/organizations"),
+            version: VERSION,
+            organizations: Some(organizations),
+            config: CONFIG.prepare_json(),
+            can_backup: *CAN_BACKUP,
+            logged_in: true,
+            urlpath: CONFIG.domain_path(),
+            users: None,
+            diagnostics: None,
+        }
+    }
+
+    fn diagnostics(diagnostics: Value) -> Self {
+        Self {
+            page_content: String::from("admin/diagnostics"),
+            version: VERSION,
+            organizations: None,
+            config: CONFIG.prepare_json(),
+            can_backup: *CAN_BACKUP,
+            logged_in: true,
+            urlpath: CONFIG.domain_path(),
+            users: None,
+            diagnostics: Some(diagnostics),
         }
     }
 
@@ -138,11 +197,8 @@ impl AdminTemplateData {
 }
 
 #[get("/", rank = 1)]
-fn admin_page(_token: AdminToken, conn: DbConn) -> ApiResult<Html<String>> {
-    let users = User::get_all(&conn);
-    let users_json: Vec<Value> = users.iter().map(|u| u.to_json(&conn)).collect();
-
-    let text = AdminTemplateData::new(users_json).render()?;
+fn admin_page(_token: AdminToken, _conn: DbConn) -> ApiResult<Html<String>> {
+    let text = AdminTemplateData::new().render()?;
     Ok(Html(text))
 }
 
@@ -174,10 +230,9 @@ fn invite_user(data: Json<InviteData>, _token: AdminToken, conn: DbConn) -> Empt
 #[post("/test/smtp", data = "<data>")]
 fn test_smtp(data: Json<InviteData>, _token: AdminToken) -> EmptyResult {
     let data: InviteData = data.into_inner();
-    let email = data.email.clone();
 
     if CONFIG.mail_enabled() {
-        mail::send_test(&email)
+        mail::send_test(&data.email)
     } else {
         err!("Mail is not enabled")
     }
@@ -186,17 +241,33 @@ fn test_smtp(data: Json<InviteData>, _token: AdminToken) -> EmptyResult {
 #[get("/logout")]
 fn logout(mut cookies: Cookies) -> Result<Redirect, ()> {
     cookies.remove(Cookie::named(COOKIE_NAME));
-    Ok(Redirect::to(admin_path()))
+    Ok(Redirect::to(admin_url()))
 }
 
 #[get("/users")]
-fn get_users(_token: AdminToken, conn: DbConn) -> JsonResult {
+fn get_users_json(_token: AdminToken, conn: DbConn) -> JsonResult {
     let users = User::get_all(&conn);
     let users_json: Vec<Value> = users.iter().map(|u| u.to_json(&conn)).collect();
 
     Ok(Json(Value::Array(users_json)))
 }
 
+#[get("/users/overview")]
+fn users_overview(_token: AdminToken, conn: DbConn) -> ApiResult<Html<String>> {
+    let users = User::get_all(&conn);
+    let users_json: Vec<Value> = users.iter()
+    .map(|u| {
+        let mut usr = u.to_json(&conn);
+        usr["cipher_count"] = json!(Cipher::count_owned_by_user(&u.uuid, &conn));
+        usr["attachment_count"] = json!(Attachment::count_by_user(&u.uuid, &conn));
+        usr["attachment_size"] = json!(get_display_size(Attachment::size_by_user(&u.uuid, &conn) as i32));
+        usr
+    }).collect();
+
+    let text = AdminTemplateData::users(users_json).render()?;
+    Ok(Html(text))
+}
+
 #[post("/users/<uuid>/delete")]
 fn delete_user(uuid: String, _token: AdminToken, conn: DbConn) -> EmptyResult {
     let user = match User::find_by_uuid(&uuid, &conn) {
@@ -237,6 +308,109 @@ fn update_revision_users(_token: AdminToken, conn: DbConn) -> EmptyResult {
     User::update_all_revisions(&conn)
 }
 
+#[get("/organizations/overview")]
+fn organizations_overview(_token: AdminToken, conn: DbConn) -> ApiResult<Html<String>> {
+    let organizations = Organization::get_all(&conn);
+    let organizations_json: Vec<Value> = organizations.iter().map(|o| {
+        let mut org = o.to_json();
+        org["user_count"] = json!(UserOrganization::count_by_org(&o.uuid, &conn));
+        org["cipher_count"] = json!(Cipher::count_by_org(&o.uuid, &conn));
+        org["attachment_count"] = json!(Attachment::count_by_org(&o.uuid, &conn));
+        org["attachment_size"] = json!(get_display_size(Attachment::size_by_org(&o.uuid, &conn) as i32));
+        org
+    }).collect();
+
+    let text = AdminTemplateData::organizations(organizations_json).render()?;
+    Ok(Html(text))
+}
+
+#[derive(Deserialize)]
+struct WebVaultVersion {
+    version: String,
+}
+
+#[derive(Deserialize)]
+struct GitRelease {
+    tag_name: String,
+}
+
+#[derive(Deserialize)]
+struct GitCommit {
+    sha: String,
+}
+
+fn get_github_api<T: DeserializeOwned>(url: &str) -> Result<T, Error> {
+    use reqwest::{header::USER_AGENT, blocking::Client};
+    use std::time::Duration;
+    let github_api = Client::builder().build()?;
+
+    Ok(
+        github_api.get(url)
+        .timeout(Duration::from_secs(10))
+        .header(USER_AGENT, "Bitwarden_RS")
+        .send()?
+        .error_for_status()?
+        .json::<T>()?
+    )
+}
+
+#[get("/diagnostics")]
+fn diagnostics(_token: AdminToken, _conn: DbConn) -> ApiResult<Html<String>> {
+    use std::net::ToSocketAddrs;
+    use chrono::prelude::*;
+    use crate::util::read_file_string;
+
+    let vault_version_path = format!("{}/{}", CONFIG.web_vault_folder(), "version.json");
+    let vault_version_str = read_file_string(&vault_version_path)?;
+    let web_vault_version: WebVaultVersion = serde_json::from_str(&vault_version_str)?;
+
+    let github_ips = ("github.com", 0).to_socket_addrs().map(|mut i| i.next());
+    let (dns_resolved, dns_ok) = match github_ips {
+        Ok(Some(a)) => (a.ip().to_string(), true),
+        _ => ("Could not resolve domain name.".to_string(), false),
+    };
+
+    // If the DNS Check failed, do not even attempt to check for new versions since we were not able to resolve github.com
+    let (latest_release, latest_commit, latest_web_build) = if dns_ok {
+        (
+            match get_github_api::<GitRelease>("https://api.github.com/repos/dani-garcia/bitwarden_rs/releases/latest") {
+                Ok(r) => r.tag_name,
+                _ => "-".to_string()
+            },
+            match get_github_api::<GitCommit>("https://api.github.com/repos/dani-garcia/bitwarden_rs/commits/master") {
+                Ok(mut c) => {
+                    c.sha.truncate(8);
+                    c.sha
+                },
+                _ => "-".to_string()
+            },
+            match get_github_api::<GitRelease>("https://api.github.com/repos/dani-garcia/bw_web_builds/releases/latest") {
+                Ok(r) => r.tag_name.trim_start_matches('v').to_string(),
+                _ => "-".to_string()
+            },
+        )
+    } else {
+        ("-".to_string(), "-".to_string(), "-".to_string())
+    };
+    
+    // Run the date check as the last item right before filling the json.
+    // This should ensure that the time difference between the browser and the server is as minimal as possible.
+    let dt = Utc::now();
+    let server_time = dt.format("%Y-%m-%d %H:%M:%S").to_string();
+
+    let diagnostics_json = json!({
+        "dns_resolved": dns_resolved,
+        "server_time": server_time,
+        "web_vault_version": web_vault_version.version,
+        "latest_release": latest_release,
+        "latest_commit": latest_commit,
+        "latest_web_build": latest_web_build,
+    });
+
+    let text = AdminTemplateData::diagnostics(diagnostics_json).render()?;
+    Ok(Html(text))
+}
+
 #[post("/config", data = "<data>")]
 fn post_config(data: Json<ConfigBuilder>, _token: AdminToken) -> EmptyResult {
     let data: ConfigBuilder = data.into_inner();

src/api/core/accounts.rs

@@ -68,7 +68,7 @@ fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> EmptyResult {
     let mut user = match User::find_by_mail(&data.Email, &conn) {
         Some(user) => {
             if !user.password_hash.is_empty() {
-                if CONFIG.signups_allowed() {
+                if CONFIG.is_signup_allowed(&data.Email) {
                     err!("User already exists")
                 } else {
                     err!("Registration not allowed or user already exists")
@@ -89,14 +89,17 @@ fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> EmptyResult {
                 }
 
                 user
-            } else if CONFIG.signups_allowed() {
+            } else if CONFIG.is_signup_allowed(&data.Email) {
                 err!("Account with this email already exists")
             } else {
                 err!("Registration not allowed or user already exists")
             }
         }
         None => {
-            if CONFIG.signups_allowed() || Invitation::take(&data.Email, &conn) || CONFIG.can_signup_user(&data.Email) {
+            // Order is important here; the invitation check must come first
+            // because the bitwarden_rs admin can invite anyone, regardless
+            // of other signup restrictions.
+            if Invitation::take(&data.Email, &conn) || CONFIG.is_signup_allowed(&data.Email) {
                 User::new(data.Email.clone())
             } else {
                 err!("Registration not allowed or user already exists")
@@ -207,7 +210,12 @@ fn post_keys(data: JsonUpcase<KeysData>, headers: Headers, conn: DbConn) -> Json
     user.public_key = Some(data.PublicKey);
 
     user.save(&conn)?;
-    Ok(Json(user.to_json(&conn)))
+
+    Ok(Json(json!({
+        "PrivateKey": user.private_key,
+        "PublicKey": user.public_key,
+        "Object":"keys"
+    })))
 }
 
 #[derive(Deserialize)]
@@ -371,8 +379,8 @@ fn post_email_token(data: JsonUpcase<EmailTokenData>, headers: Headers, conn: Db
         err!("Email already in use");
     }
 
-    if !CONFIG.signups_allowed() && !CONFIG.can_signup_user(&data.NewEmail) {
-        err!("Email cannot be changed to this address");
+    if !CONFIG.is_email_domain_allowed(&data.NewEmail) {
+        err!("Email domain not allowed");
     }
 
     let token = crypto::generate_token(6)?;

src/api/core/ciphers.rs

@@ -49,10 +49,16 @@ pub fn routes() -> Vec<Route> {
         put_cipher,
         delete_cipher_post,
         delete_cipher_post_admin,
+        delete_cipher_put,
+        delete_cipher_put_admin,
         delete_cipher,
         delete_cipher_admin,
         delete_cipher_selected,
         delete_cipher_selected_post,
+        delete_cipher_selected_put,
+        restore_cipher_put,
+        restore_cipher_put_admin,
+        restore_cipher_selected,
         delete_all,
         move_cipher_selected,
         move_cipher_selected_put,
@@ -268,7 +274,10 @@ pub fn update_cipher_from_data(
             };
 
             if saved_att.cipher_uuid != cipher.uuid {
-                err!("Attachment is not owned by the cipher")
+                // Warn and break here since cloning ciphers provides attachment data but will not be cloned.
+                // If we error out here it will break the whole cloning and causes empty ciphers to appear.
+                warn!("Attachment is not owned by the cipher");
+                break;
             }
 
             saved_att.akey = Some(attachment.Key);
@@ -761,11 +770,7 @@ fn post_attachment_admin(
     post_attachment(uuid, data, content_type, headers, conn, nt)
 }
 
-#[post(
-    "/ciphers/<uuid>/attachment/<attachment_id>/share",
-    format = "multipart/form-data",
-    data = "<data>"
-)]
+#[post("/ciphers/<uuid>/attachment/<attachment_id>/share", format = "multipart/form-data", data = "<data>")]
 fn post_attachment_share(
     uuid: String,
     attachment_id: String,
@@ -819,48 +824,62 @@ fn delete_attachment_admin(
 
 #[post("/ciphers/<uuid>/delete")]
 fn delete_cipher_post(uuid: String, headers: Headers, conn: DbConn, nt: Notify) -> EmptyResult {
-    _delete_cipher_by_uuid(&uuid, &headers, &conn, &nt)
+    _delete_cipher_by_uuid(&uuid, &headers, &conn, false, &nt)
 }
 
 #[post("/ciphers/<uuid>/delete-admin")]
 fn delete_cipher_post_admin(uuid: String, headers: Headers, conn: DbConn, nt: Notify) -> EmptyResult {
-    _delete_cipher_by_uuid(&uuid, &headers, &conn, &nt)
+    _delete_cipher_by_uuid(&uuid, &headers, &conn, false, &nt)
+}
+
+#[put("/ciphers/<uuid>/delete")]
+fn delete_cipher_put(uuid: String, headers: Headers, conn: DbConn, nt: Notify) -> EmptyResult {
+    _delete_cipher_by_uuid(&uuid, &headers, &conn, true, &nt)
+}
+
+#[put("/ciphers/<uuid>/delete-admin")]
+fn delete_cipher_put_admin(uuid: String, headers: Headers, conn: DbConn, nt: Notify) -> EmptyResult {
+    _delete_cipher_by_uuid(&uuid, &headers, &conn, true, &nt)
 }
 
 #[delete("/ciphers/<uuid>")]
 fn delete_cipher(uuid: String, headers: Headers, conn: DbConn, nt: Notify) -> EmptyResult {
-    _delete_cipher_by_uuid(&uuid, &headers, &conn, &nt)
+    _delete_cipher_by_uuid(&uuid, &headers, &conn, false, &nt)
 }
 
 #[delete("/ciphers/<uuid>/admin")]
 fn delete_cipher_admin(uuid: String, headers: Headers, conn: DbConn, nt: Notify) -> EmptyResult {
-    _delete_cipher_by_uuid(&uuid, &headers, &conn, &nt)
+    _delete_cipher_by_uuid(&uuid, &headers, &conn, false, &nt)
 }
 
 #[delete("/ciphers", data = "<data>")]
 fn delete_cipher_selected(data: JsonUpcase<Value>, headers: Headers, conn: DbConn, nt: Notify) -> EmptyResult {
-    let data: Value = data.into_inner().data;
-
-    let uuids = match data.get("Ids") {
-        Some(ids) => match ids.as_array() {
-            Some(ids) => ids.iter().filter_map(Value::as_str),
-            None => err!("Posted ids field is not an array"),
-        },
-        None => err!("Request missing ids field"),
-    };
-
-    for uuid in uuids {
-        if let error @ Err(_) = _delete_cipher_by_uuid(uuid, &headers, &conn, &nt) {
-            return error;
-        };
-    }
-
-    Ok(())
+    _delete_multiple_ciphers(data, headers, conn, false, nt)
 }
 
 #[post("/ciphers/delete", data = "<data>")]
 fn delete_cipher_selected_post(data: JsonUpcase<Value>, headers: Headers, conn: DbConn, nt: Notify) -> EmptyResult {
-    delete_cipher_selected(data, headers, conn, nt)
+    _delete_multiple_ciphers(data, headers, conn, false, nt)
+}
+
+#[put("/ciphers/delete", data = "<data>")]
+fn delete_cipher_selected_put(data: JsonUpcase<Value>, headers: Headers, conn: DbConn, nt: Notify) -> EmptyResult {
+    _delete_multiple_ciphers(data, headers, conn, true, nt)
+}
+
+#[put("/ciphers/<uuid>/restore")]
+fn restore_cipher_put(uuid: String, headers: Headers, conn: DbConn, nt: Notify) -> EmptyResult {
+    _restore_cipher_by_uuid(&uuid, &headers, &conn, &nt)
+}
+
+#[put("/ciphers/<uuid>/restore-admin")]
+fn restore_cipher_put_admin(uuid: String, headers: Headers, conn: DbConn, nt: Notify) -> EmptyResult {
+    _restore_cipher_by_uuid(&uuid, &headers, &conn, &nt)
+}
+
+#[put("/ciphers/restore", data = "<data>")]
+fn restore_cipher_selected(data: JsonUpcase<Value>, headers: Headers, conn: DbConn, nt: Notify) -> EmptyResult {
+    _restore_multiple_ciphers(data, headers, conn, nt)
 }
 
 #[derive(Deserialize)]
@@ -974,8 +993,8 @@ fn delete_all(
     }
 }
 
-fn _delete_cipher_by_uuid(uuid: &str, headers: &Headers, conn: &DbConn, nt: &Notify) -> EmptyResult {
-    let cipher = match Cipher::find_by_uuid(&uuid, &conn) {
+fn _delete_cipher_by_uuid(uuid: &str, headers: &Headers, conn: &DbConn, soft_delete: bool, nt: &Notify) -> EmptyResult {
+    let mut cipher = match Cipher::find_by_uuid(&uuid, &conn) {
         Some(cipher) => cipher,
         None => err!("Cipher doesn't exist"),
     };
@@ -984,11 +1003,74 @@ fn _delete_cipher_by_uuid(uuid: &str, headers: &Headers, conn: &DbConn, nt: &Not
         err!("Cipher can't be deleted by user")
     }
 
-    cipher.delete(&conn)?;
+    if soft_delete {
+        cipher.deleted_at = Some(chrono::Utc::now().naive_utc());
+        cipher.save(&conn)?;
+    } else {
+        cipher.delete(&conn)?;
+    }
+
     nt.send_cipher_update(UpdateType::CipherDelete, &cipher, &cipher.update_users_revision(&conn));
     Ok(())
 }
 
+fn _delete_multiple_ciphers(data: JsonUpcase<Value>, headers: Headers, conn: DbConn, soft_delete: bool, nt: Notify) -> EmptyResult {
+    let data: Value = data.into_inner().data;
+
+    let uuids = match data.get("Ids") {
+        Some(ids) => match ids.as_array() {
+            Some(ids) => ids.iter().filter_map(Value::as_str),
+            None => err!("Posted ids field is not an array"),
+        },
+        None => err!("Request missing ids field"),
+    };
+
+    for uuid in uuids {
+        if let error @ Err(_) = _delete_cipher_by_uuid(uuid, &headers, &conn, soft_delete, &nt) {
+            return error;
+        };
+    }
+
+    Ok(())
+}
+
+fn _restore_cipher_by_uuid(uuid: &str, headers: &Headers, conn: &DbConn, nt: &Notify) -> EmptyResult {
+    let mut cipher = match Cipher::find_by_uuid(&uuid, &conn) {
+        Some(cipher) => cipher,
+        None => err!("Cipher doesn't exist"),
+    };
+
+    if !cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) {
+        err!("Cipher can't be restored by user")
+    }
+
+    cipher.deleted_at = None;
+    cipher.save(&conn)?;
+
+    nt.send_cipher_update(UpdateType::CipherUpdate, &cipher, &cipher.update_users_revision(&conn));
+    Ok(())
+}
+
+fn _restore_multiple_ciphers(data: JsonUpcase<Value>, headers: Headers, conn: DbConn, nt: Notify) -> EmptyResult {
+    let data: Value = data.into_inner().data;
+
+    let uuids = match data.get("Ids") {
+        Some(ids) => match ids.as_array() {
+            Some(ids) => ids.iter().filter_map(Value::as_str),
+            None => err!("Posted ids field is not an array"),
+        },
+        None => err!("Request missing ids field"),
+    };
+
+    for uuid in uuids {
+        if let error @ Err(_) = _restore_cipher_by_uuid(uuid, &headers, &conn, &nt) {
+            return error;
+        };
+    }
+
+    Ok(())
+}
+
 fn _delete_cipher_attachment_by_id(
     uuid: &str,
     attachment_id: &str,

src/api/core/folders.rs

@@ -50,7 +50,6 @@ fn get_folder(uuid: String, headers: Headers, conn: DbConn) -> JsonResult {
 
 #[derive(Deserialize)]
 #[allow(non_snake_case)]
-
 pub struct FolderData {
     pub Name: String,
 }

src/api/core/mod.rs

@@ -2,7 +2,7 @@ mod accounts;
 mod ciphers;
 mod folders;
 mod organizations;
-pub(crate) mod two_factor;
+pub mod two_factor;
 
 pub fn routes() -> Vec<Route> {
     let mut mod_routes = routes![

src/api/core/organizations.rs

@@ -374,7 +374,7 @@ fn get_collection_users(org_id: String, coll_id: String, _headers: AdminHeaders,
         .map(|col_user| {
             UserOrganization::find_by_user_and_org(&col_user.user_uuid, &org_id, &conn)
                 .unwrap()
-                .to_json_collection_user_details(col_user.read_only)
+                .to_json_read_only(col_user.read_only)
         })
         .collect();
 
@@ -485,7 +485,11 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
         let user = match User::find_by_mail(&email, &conn) {
             None => {
                 if !CONFIG.invitations_allowed() {
-                    err!(format!("User email does not exist: {}", email))
+                    err!(format!("User does not exist: {}", email))
+                }
+
+                if !CONFIG.is_email_domain_allowed(&email) {
+                    err!("Email domain not eligible for invitations")
                 }
 
                 if !CONFIG.mail_enabled() {
@@ -978,4 +982,4 @@ fn put_policy(org_id: String, pol_type: i32, data: Json<PolicyData>, _headers: A
     policy.save(&conn)?;
 
     Ok(Json(policy.to_json()))
-}
+}

src/api/core/two_factor/authenticator.rs

@@ -4,7 +4,7 @@ use rocket_contrib::json::Json;
 
 use crate::api::core::two_factor::_generate_recover_code;
 use crate::api::{EmptyResult, JsonResult, JsonUpcase, NumberOrString, PasswordData};
-use crate::auth::Headers;
+use crate::auth::{ClientIp, Headers};
 use crate::crypto;
 use crate::db::{
     models::{TwoFactor, TwoFactorType},
@@ -20,6 +20,7 @@ pub fn routes() -> Vec<Route> {
         activate_authenticator_put,
     ]
 }
+
 #[post("/two-factor/get-authenticator", data = "<data>")]
 fn generate_authenticator(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn) -> JsonResult {
     let data: PasswordData = data.into_inner().data;
@@ -53,7 +54,12 @@ struct EnableAuthenticatorData {
 }
 
 #[post("/two-factor/authenticator", data = "<data>")]
-fn activate_authenticator(data: JsonUpcase<EnableAuthenticatorData>, headers: Headers, conn: DbConn) -> JsonResult {
+fn activate_authenticator(
+    data: JsonUpcase<EnableAuthenticatorData>,
+    headers: Headers,
+    ip: ClientIp,
+    conn: DbConn,
+) -> JsonResult {
     let data: EnableAuthenticatorData = data.into_inner().data;
     let password_hash = data.MasterPasswordHash;
     let key = data.Key;
@@ -76,7 +82,7 @@ fn activate_authenticator(data: JsonUpcase<EnableAuthenticatorData>, headers: He
     }
 
     // Validate the token provided with the key, and save new twofactor
-    validate_totp_code(&user.uuid, token, &key.to_uppercase(), &conn)?;
+    validate_totp_code(&user.uuid, token, &key.to_uppercase(), &ip, &conn)?;
 
     _generate_recover_code(&mut user, &conn);
 
@@ -88,20 +94,31 @@ fn activate_authenticator(data: JsonUpcase<EnableAuthenticatorData>, headers: He
 }
 
 #[put("/two-factor/authenticator", data = "<data>")]
-fn activate_authenticator_put(data: JsonUpcase<EnableAuthenticatorData>, headers: Headers, conn: DbConn) -> JsonResult {
-    activate_authenticator(data, headers, conn)
+fn activate_authenticator_put(
+    data: JsonUpcase<EnableAuthenticatorData>,
+    headers: Headers,
+    ip: ClientIp,
+    conn: DbConn,
+) -> JsonResult {
+    activate_authenticator(data, headers, ip, conn)
 }
 
-pub fn validate_totp_code_str(user_uuid: &str, totp_code: &str, secret: &str, conn: &DbConn) -> EmptyResult {
+pub fn validate_totp_code_str(
+    user_uuid: &str,
+    totp_code: &str,
+    secret: &str,
+    ip: &ClientIp,
+    conn: &DbConn,
+) -> EmptyResult {
     let totp_code: u64 = match totp_code.parse() {
         Ok(code) => code,
         _ => err!("TOTP code is not a number"),
     };
 
-    validate_totp_code(user_uuid, totp_code, secret, &conn)
+    validate_totp_code(user_uuid, totp_code, secret, ip, &conn)
 }
 
-pub fn validate_totp_code(user_uuid: &str, totp_code: u64, secret: &str, conn: &DbConn) -> EmptyResult {
+pub fn validate_totp_code(user_uuid: &str, totp_code: u64, secret: &str, ip: &ClientIp, conn: &DbConn) -> EmptyResult {
     use oath::{totp_raw_custom_time, HashType};
 
     let decoded_secret = match BASE32.decode(secret.as_bytes()) {
@@ -143,11 +160,22 @@ pub fn validate_totp_code(user_uuid: &str, totp_code: u64, secret: &str, conn: &
             twofactor.save(&conn)?;
             return Ok(());
         } else if generated == totp_code && time_step <= twofactor.last_used as i64 {
-            warn!("This or a TOTP code within {} steps back and forward has already been used!", steps);
-            err!(format!("Invalid TOTP code! Server time: {}", current_time.format("%F %T UTC")));
+            warn!(
+                "This or a TOTP code within {} steps back and forward has already been used!",
+                steps
+            );
+            err!(format!(
+                "Invalid TOTP code! Server time: {} IP: {}",
+                current_time.format("%F %T UTC"),
+                ip.ip
+            ));
         }
     }
 
     // Else no valide code received, deny access
-    err!(format!("Invalid TOTP code! Server time: {}", current_time.format("%F %T UTC")));
+    err!(format!(
+        "Invalid TOTP code! Server time: {} IP: {}",
+        current_time.format("%F %T UTC"),
+        ip.ip
+    ));
 }

src/api/core/two_factor/duo.rs

@@ -2,7 +2,6 @@ use chrono::Utc;
 use data_encoding::BASE64;
 use rocket::Route;
 use rocket_contrib::json::Json;
-use serde_json;
 
 use crate::api::core::two_factor::_generate_recover_code;
 use crate::api::{ApiResult, EmptyResult, JsonResult, JsonUpcase, PasswordData};

src/api/core/two_factor/email.rs

@@ -1,6 +1,5 @@
 use rocket::Route;
 use rocket_contrib::json::Json;
-use serde_json;
 
 use crate::api::core::two_factor::_generate_recover_code;
 use crate::api::{EmptyResult, JsonResult, JsonUpcase, PasswordData};

src/api/core/two_factor/mod.rs

@@ -1,7 +1,6 @@
 use data_encoding::BASE32;
 use rocket::Route;
 use rocket_contrib::json::Json;
-use serde_json;
 use serde_json::Value;
 
 use crate::api::{JsonResult, JsonUpcase, NumberOrString, PasswordData};
@@ -12,11 +11,11 @@ use crate::db::{
     DbConn,
 };
 
-pub(crate) mod authenticator;
-pub(crate) mod duo;
-pub(crate) mod email;
-pub(crate) mod u2f;
-pub(crate) mod yubikey;
+pub mod authenticator;
+pub mod duo;
+pub mod email;
+pub mod u2f;
+pub mod yubikey;
 
 pub fn routes() -> Vec<Route> {
     let mut routes = routes![
@@ -39,7 +38,7 @@ pub fn routes() -> Vec<Route> {
 #[get("/two-factor")]
 fn get_twofactor(headers: Headers, conn: DbConn) -> JsonResult {
     let twofactors = TwoFactor::find_by_user(&headers.user.uuid, &conn);
-    let twofactors_json: Vec<Value> = twofactors.iter().map(TwoFactor::to_json_list).collect();
+    let twofactors_json: Vec<Value> = twofactors.iter().map(TwoFactor::to_json_provider).collect();
 
     Ok(Json(json!({
         "Data": twofactors_json,

src/api/core/two_factor/u2f.rs

@@ -1,7 +1,6 @@
 use once_cell::sync::Lazy;
 use rocket::Route;
 use rocket_contrib::json::Json;
-use serde_json;
 use serde_json::Value;
 use u2f::messages::{RegisterResponse, SignResponse, U2fSignRequest};
 use u2f::protocol::{Challenge, U2f};

src/api/core/two_factor/yubikey.rs

@@ -1,6 +1,5 @@
 use rocket::Route;
 use rocket_contrib::json::Json;
-use serde_json;
 use serde_json::Value;
 use yubico::config::Config;
 use yubico::verify;

src/api/icons.rs

@@ -182,7 +182,7 @@ struct Icon {
 }
 
 impl Icon {
-    fn new(priority: u8, href: String) -> Self {
+    const fn new(priority: u8, href: String) -> Self {
         Self { href, priority }
     }
 }
@@ -213,7 +213,7 @@ fn get_icon_url(domain: &str) -> Result<(Vec<Icon>, String), Error> {
     let mut cookie_str = String::new();
 
     let resp = get_page(&ssldomain).or_else(|_| get_page(&httpdomain));
-    if let Ok(mut content) = resp {
+    if let Ok(content) = resp {
         // Extract the URL from the respose in case redirects occured (like @ gitlab.com)
         let url = content.url().clone();
 
@@ -235,7 +235,7 @@ fn get_icon_url(domain: &str) -> Result<(Vec<Icon>, String), Error> {
 
         // 512KB should be more than enough for the HTML, though as we only really need
         // the HTML header, it could potentially be reduced even further
-        let limited_reader = crate::util::LimitedReader::new(&mut content, 512 * 1024);
+        let limited_reader = content.take(512 * 1024);
 
         let soup = Soup::from_reader(limited_reader)?;
         // Search for and filter

src/api/identity.rs

@@ -38,7 +38,7 @@ fn login(data: Form<ConnectData>, conn: DbConn, ip: ClientIp) -> JsonResult {
             _check_is_some(&data.device_name, "device_name cannot be blank")?;
             _check_is_some(&data.device_type, "device_type cannot be blank")?;
 
-            _password_login(data, conn, ip)
+            _password_login(data, conn, &ip)
         }
         t => err!("Invalid type", t),
     }
@@ -71,7 +71,7 @@ fn _refresh_login(data: ConnectData, conn: DbConn) -> JsonResult {
     })))
 }
 
-fn _password_login(data: ConnectData, conn: DbConn, ip: ClientIp) -> JsonResult {
+fn _password_login(data: ConnectData, conn: DbConn, ip: &ClientIp) -> JsonResult {
     // Validate scope
     let scope = data.scope.as_ref().unwrap();
     if scope != "api offline_access" {
@@ -127,7 +127,7 @@ fn _password_login(data: ConnectData, conn: DbConn, ip: ClientIp) -> JsonResult
 
     let (mut device, new_device) = get_device(&data, &conn, &user);
 
-    let twofactor_token = twofactor_auth(&user.uuid, &data, &mut device, &conn)?;
+    let twofactor_token = twofactor_auth(&user.uuid, &data, &mut device, &ip, &conn)?;
 
     if CONFIG.mail_enabled() && new_device {
         if let Err(e) = mail::send_new_device_logged_in(&user.email, &ip.ip.to_string(), &device.updated_at, &device.name) {
@@ -197,6 +197,7 @@ fn twofactor_auth(
     user_uuid: &str,
     data: &ConnectData,
     device: &mut Device,
+    ip: &ClientIp,
     conn: &DbConn,
 ) -> ApiResult<Option<String>> {
     let twofactors = TwoFactor::find_by_user(user_uuid, conn);
@@ -216,8 +217,7 @@ fn twofactor_auth(
 
     let selected_twofactor = twofactors
         .into_iter()
-        .filter(|tf| tf.atype == selected_id && tf.enabled)
-        .nth(0);
+        .find(|tf| tf.atype == selected_id && tf.enabled);
 
     use crate::api::core::two_factor as _tf;
     use crate::crypto::ct_eq;
@@ -226,7 +226,7 @@ fn twofactor_auth(
     let mut remember = data.two_factor_remember.unwrap_or(0);
 
     match TwoFactorType::from_i32(selected_id) {
-        Some(TwoFactorType::Authenticator) => _tf::authenticator::validate_totp_code_str(user_uuid, twofactor_code, &selected_data?, conn)?,
+        Some(TwoFactorType::Authenticator) => _tf::authenticator::validate_totp_code_str(user_uuid, twofactor_code, &selected_data?, ip, conn)?,
         Some(TwoFactorType::U2f) => _tf::u2f::validate_u2f_login(user_uuid, twofactor_code, conn)?,
         Some(TwoFactorType::YubiKey) => _tf::yubikey::validate_yubikey_login(twofactor_code, &selected_data?)?,
         Some(TwoFactorType::Duo) => _tf::duo::validate_duo_login(data.username.as_ref().unwrap(), twofactor_code, conn)?,

src/api/mod.rs

@@ -1,5 +1,5 @@
 mod admin;
-pub(crate) mod core;
+pub mod core;
 mod icons;
 mod identity;
 mod notifications;

src/api/notifications.rs

@@ -159,11 +159,12 @@ impl Handler for WSHandler {
 
         let (_id, access_token) = match path.split('?').nth(1) {
             Some(params) => {
-                let mut params_iter = params.split('&').take(2);
+                let params_iter = params.split('&').take(2);
 
                 let mut id = None;
                 let mut access_token = None;
-                while let Some(val) = params_iter.next() {
+                
+                for val in params_iter {
                     if val.starts_with(ID_KEY) {
                         id = Some(&val[ID_KEY.len()..]);
                     } else if val.starts_with(ACCESS_TOKEN_KEY) {
@@ -260,7 +261,9 @@ impl Factory for WSFactory {
         // Remove handler
         if let Some(user_uuid) = &handler.user_uuid {
             if let Some(mut user_conn) = self.users.map.get_mut(user_uuid) {
-                user_conn.remove_item(&handler.out);
+                if let Some(pos) = user_conn.iter().position(|x| x == &handler.out) {
+                    user_conn.remove(pos);
+                }
             }
         }
     }

src/api/web.rs

@@ -78,6 +78,7 @@ fn static_files(filename: String) -> Result<Content<&'static [u8]>, Error> {
     match filename.as_ref() {
         "mail-github.png" => Ok(Content(ContentType::PNG, include_bytes!("../static/images/mail-github.png"))),
         "logo-gray.png" => Ok(Content(ContentType::PNG, include_bytes!("../static/images/logo-gray.png"))),
+        "shield-white.png" => Ok(Content(ContentType::PNG, include_bytes!("../static/images/shield-white.png"))),
         "error-x.svg" => Ok(Content(ContentType::SVG, include_bytes!("../static/images/error-x.svg"))),
         "hibp.png" => Ok(Content(ContentType::PNG, include_bytes!("../static/images/hibp.png"))),
 

src/config.rs

@@ -112,6 +112,8 @@ macro_rules! make_config {
                 )+)+
                 config.domain_set = _domain_set;
 
+                config.signups_domains_whitelist = config.signups_domains_whitelist.trim().to_lowercase();
+
                 config
             }
         }
@@ -133,7 +135,6 @@ macro_rules! make_config {
                     (inner._env.build(), inner.config.clone())
                 };
 
-
                 fn _get_form_type(rust_type: &str) -> &'static str {
                     match rust_type {
                         "Pass" => "password",
@@ -263,7 +264,7 @@ make_config! {
         /// $ICON_CACHE_FOLDER, but it won't produce any external network request. Needs to set $ICON_CACHE_TTL to 0,
         /// otherwise it will delete them and they won't be downloaded again.
         disable_icon_download:  bool,   true,   def,    false;
-        /// Allow new signups |> Controls if new users can register. Note that while this is disabled, users could still be invited
+        /// Allow new signups |> Controls whether new users can register. Users can be invited by the bitwarden_rs admin even if this is disabled
         signups_allowed:        bool,   true,   def,    true;
         /// Require email verification on signups. This will prevent logins from succeeding until the address has been verified
         signups_verify:         bool,   true,   def,    false;
@@ -271,9 +272,9 @@ make_config! {
         signups_verify_resend_time: u64, true,  def,    3_600;
         /// If signups require email verification, limit how many emails are automatically sent when login is attempted (0 means no limit)
         signups_verify_resend_limit: u32, true, def,    6;
-        /// Allow signups only from this list of comma-separated domains
+        /// Email domain whitelist |> Allow signups only from this list of comma-separated domains, even when signups are otherwise disabled
         signups_domains_whitelist: String, true, def,   "".to_string();
-        /// Allow invitations |> Controls whether users can be invited by organization admins, even when signups are disabled
+        /// Allow invitations |> Controls whether users can be invited by organization admins, even when signups are otherwise disabled
         invitations_allowed:    bool,   true,   def,    true;
         /// Password iterations |> Number of server-side passwords hashing iterations.
         /// The changes only apply when a user changes their password. Not recommended to lower the value
@@ -428,6 +429,11 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> {
         err!("DOMAIN variable needs to contain the protocol (http, https). Use 'http[s]://bw.example.com' instead of 'bw.example.com'"); 
     }
 
+    let whitelist = &cfg.signups_domains_whitelist;
+    if !whitelist.is_empty() && whitelist.split(',').any(|d| d.trim().is_empty()) {
+        err!("`SIGNUPS_DOMAINS_WHITELIST` contains empty tokens");
+    }
+
     if let Some(ref token) = cfg.admin_token {
         if token.trim().is_empty() && !cfg.disable_admin_token {
             println!("[WARNING] `ADMIN_TOKEN` is enabled but has an empty value, so the admin page will be disabled.");
@@ -552,18 +558,30 @@ impl Config {
         self.update_config(builder)
     }
 
-    pub fn can_signup_user(&self, email: &str) -> bool {
+    /// Tests whether an email's domain is allowed. A domain is allowed if it
+    /// is in signups_domains_whitelist, or if no whitelist is set (so there
+    /// are no domain restrictions in effect).
+    pub fn is_email_domain_allowed(&self, email: &str) -> bool {
         let e: Vec<&str> = email.rsplitn(2, '@').collect();
         if e.len() != 2 || e[0].is_empty() || e[1].is_empty() {
             warn!("Failed to parse email address '{}'", email);
             return false;
         }
+        let email_domain = e[0].to_lowercase();
+        let whitelist = self.signups_domains_whitelist();
 
-        // Allow signups if the whitelist is empty/not configured
-        // (it doesn't contain any domains), or if it matches at least
-        // one domain.
-        let whitelist_str = self.signups_domains_whitelist();
-        ( whitelist_str.is_empty() && CONFIG.signups_allowed() )|| whitelist_str.split(',').filter(|s| !s.is_empty()).any(|d| d == e[0])
+        whitelist.is_empty() || whitelist.split(',').any(|d| d.trim() == email_domain)
+    }
+
+    /// Tests whether signup is allowed for an email address, taking into
+    /// account the signups_allowed and signups_domains_whitelist settings.
+    pub fn is_signup_allowed(&self, email: &str) -> bool {
+        if !self.signups_domains_whitelist().is_empty() {
+            // The whitelist setting overrides the signups_allowed setting.
+            self.is_email_domain_allowed(email)
+        } else {
+            self.signups_allowed()
+        }
     }
 
     pub fn delete_user_config(&self) -> Result<(), Error> {
@@ -622,7 +640,7 @@ impl Config {
     pub fn is_admin_token_set(&self) -> bool {
         let token = self.admin_token();
 
-        !token.is_none() && !token.unwrap().trim().is_empty()
+        token.is_some() && !token.unwrap().trim().is_empty()
     }
 
     pub fn render_template<T: serde::ser::Serialize>(
@@ -682,7 +700,10 @@ where
 
     reg!("admin/base");
     reg!("admin/login");
-    reg!("admin/page");
+    reg!("admin/settings");
+    reg!("admin/users");
+    reg!("admin/organizations");
+    reg!("admin/diagnostics");
 
     // And then load user templates to overwrite the defaults
     // Use .hbs extension for the files

src/db/models/attachment.rs

@@ -5,6 +5,7 @@ use crate::CONFIG;
 
 #[derive(Debug, Identifiable, Queryable, Insertable, Associations, AsChangeset)]
 #[table_name = "attachments"]
+#[changeset_options(treat_none_as_null="true")]
 #[belongs_to(Cipher, foreign_key = "cipher_uuid")]
 #[primary_key(id)]
 pub struct Attachment {
@@ -17,7 +18,7 @@ pub struct Attachment {
 
 /// Local methods
 impl Attachment {
-    pub fn new(id: String, cipher_uuid: String, file_name: String, file_size: i32) -> Self {
+    pub const fn new(id: String, cipher_uuid: String, file_name: String, file_size: i32) -> Self {
         Self {
             id,
             cipher_uuid,
@@ -51,7 +52,6 @@ impl Attachment {
 
 use crate::db::schema::{attachments, ciphers};
 use crate::db::DbConn;
-use diesel;
 use diesel::prelude::*;
 
 use crate::api::EmptyResult;
@@ -130,6 +130,16 @@ impl Attachment {
         result.unwrap_or(0)
     }
 
+    pub fn count_by_user(user_uuid: &str, conn: &DbConn) -> i64 {
+        attachments::table
+            .left_join(ciphers::table.on(ciphers::uuid.eq(attachments::cipher_uuid)))
+            .filter(ciphers::user_uuid.eq(user_uuid))
+            .count()
+            .first::<i64>(&**conn)
+            .ok()
+            .unwrap_or(0)
+    }
+
     pub fn size_by_org(org_uuid: &str, conn: &DbConn) -> i64 {
         let result: Option<i64> = attachments::table
             .left_join(ciphers::table.on(ciphers::uuid.eq(attachments::cipher_uuid)))
@@ -140,4 +150,14 @@ impl Attachment {
 
         result.unwrap_or(0)
     }
+
+    pub fn count_by_org(org_uuid: &str, conn: &DbConn) -> i64 {
+        attachments::table
+            .left_join(ciphers::table.on(ciphers::uuid.eq(attachments::cipher_uuid)))
+            .filter(ciphers::organization_uuid.eq(org_uuid))
+            .count()
+            .first(&**conn)
+            .ok()
+            .unwrap_or(0)
+    }
 }

src/db/models/cipher.rs

@@ -7,6 +7,7 @@ use super::{
 
 #[derive(Debug, Identifiable, Queryable, Insertable, Associations, AsChangeset)]
 #[table_name = "ciphers"]
+#[changeset_options(treat_none_as_null="true")]
 #[belongs_to(User, foreign_key = "user_uuid")]
 #[belongs_to(Organization, foreign_key = "organization_uuid")]
 #[primary_key(uuid)]
@@ -33,6 +34,7 @@ pub struct Cipher {
 
     pub favorite: bool,
     pub password_history: Option<String>,
+    pub deleted_at: Option<NaiveDateTime>,
 }
 
 /// Local methods
@@ -57,13 +59,13 @@ impl Cipher {
 
             data: String::new(),
             password_history: None,
+            deleted_at: None,
         }
     }
 }
 
 use crate::db::schema::*;
 use crate::db::DbConn;
-use diesel;
 use diesel::prelude::*;
 
 use crate::api::EmptyResult;
@@ -107,6 +109,7 @@ impl Cipher {
             "Id": self.uuid,
             "Type": self.atype,
             "RevisionDate": format_date(&self.updated_at),
+            "DeletedDate": self.deleted_at.map_or(Value::Null, |d| Value::String(format_date(&d))),
             "FolderId": self.get_folder_uuid(&user_uuid, &conn),
             "Favorite": self.favorite,
             "OrganizationId": self.organization_uuid,
@@ -352,12 +355,30 @@ impl Cipher {
         .load::<Self>(&**conn).expect("Error loading ciphers")
     }
 
+    pub fn count_owned_by_user(user_uuid: &str, conn: &DbConn) -> i64 {
+        ciphers::table
+        .filter(ciphers::user_uuid.eq(user_uuid))
+        .count()
+        .first::<i64>(&**conn)
+        .ok()
+        .unwrap_or(0)
+    }
+
     pub fn find_by_org(org_uuid: &str, conn: &DbConn) -> Vec<Self> {
         ciphers::table
             .filter(ciphers::organization_uuid.eq(org_uuid))
             .load::<Self>(&**conn).expect("Error loading ciphers")
     }
 
+    pub fn count_by_org(org_uuid: &str, conn: &DbConn) -> i64 {
+        ciphers::table
+            .filter(ciphers::organization_uuid.eq(org_uuid))
+            .count()
+            .first::<i64>(&**conn)
+            .ok()
+            .unwrap_or(0)
+    }
+
     pub fn find_by_folder(folder_uuid: &str, conn: &DbConn) -> Vec<Self> {
         folders_ciphers::table.inner_join(ciphers::table)
             .filter(folders_ciphers::folder_uuid.eq(folder_uuid))

src/db/models/collection.rs

@@ -35,7 +35,6 @@ impl Collection {
 
 use crate::db::schema::*;
 use crate::db::DbConn;
-use diesel;
 use diesel::prelude::*;
 
 use crate::api::EmptyResult;

src/db/models/device.rs

@@ -5,6 +5,7 @@ use crate::CONFIG;
 
 #[derive(Debug, Identifiable, Queryable, Insertable, Associations, AsChangeset)]
 #[table_name = "devices"]
+#[changeset_options(treat_none_as_null="true")]
 #[belongs_to(User, foreign_key = "user_uuid")]
 #[primary_key(uuid)]
 pub struct Device {
@@ -76,7 +77,6 @@ impl Device {
         let orguser: Vec<_> = orgs.iter().filter(|o| o.atype == 2).map(|o| o.org_uuid.clone()).collect();
         let orgmanager: Vec<_> = orgs.iter().filter(|o| o.atype == 3).map(|o| o.org_uuid.clone()).collect();
 
-
         // Create the JWT claims struct, to send to the client
         use crate::auth::{encode_jwt, LoginJWTClaims, DEFAULT_VALIDITY, JWT_LOGIN_ISSUER};
         let claims = LoginJWTClaims {
@@ -107,7 +107,6 @@ impl Device {
 
 use crate::db::schema::devices;
 use crate::db::DbConn;
-use diesel;
 use diesel::prelude::*;
 
 use crate::api::EmptyResult;

src/db/models/folder.rs

@@ -63,7 +63,6 @@ impl FolderCipher {
 
 use crate::db::schema::{folders, folders_ciphers};
 use crate::db::DbConn;
-use diesel;
 use diesel::prelude::*;
 
 use crate::api::EmptyResult;

src/db/models/org_policy.rs

@@ -1,4 +1,3 @@
-use diesel;
 use diesel::prelude::*;
 use serde_json::Value;
 
@@ -22,7 +21,7 @@ pub struct OrgPolicy {
 }
 
 #[allow(dead_code)]
-#[derive(FromPrimitive)]
+#[derive(num_derive::FromPrimitive)]
 pub enum OrgPolicyType {
     TwoFactorAuthentication = 0,
     MasterPassword = 1,

src/db/models/organization.rs

@@ -34,7 +34,7 @@ pub enum UserOrgStatus {
 }
 
 #[derive(Copy, Clone, PartialEq, Eq)]
-#[derive(FromPrimitive)]
+#[derive(num_derive::FromPrimitive)]
 pub enum UserOrgType {
     Owner = 0,
     Admin = 1,
@@ -165,9 +165,9 @@ impl Organization {
             "UsePolicies": true,
 
             "BusinessName": null,
-            "BusinessAddress1":	null,
-            "BusinessAddress2":	null,
-            "BusinessAddress3":	null,
+            "BusinessAddress1": null,
+            "BusinessAddress2": null,
+            "BusinessAddress3": null,
             "BusinessCountry": null,
             "BusinessTaxNumber": null,
 
@@ -198,7 +198,6 @@ impl UserOrganization {
 
 use crate::db::schema::{ciphers_collections, organizations, users_collections, users_organizations};
 use crate::db::DbConn;
-use diesel;
 use diesel::prelude::*;
 
 use crate::api::EmptyResult;
@@ -256,6 +255,10 @@ impl Organization {
             .first::<Self>(&**conn)
             .ok()
     }
+
+    pub fn get_all(conn: &DbConn) -> Vec<Self> {
+        organizations::table.load::<Self>(&**conn).expect("Error loading organizations")
+    }
 }
 
 impl UserOrganization {
@@ -275,6 +278,8 @@ impl UserOrganization {
             "UseGroups": false,
             "UseTotp": true,
             "UsePolicies": true,
+            "UseApi": false,
+            "SelfHost": true,
 
             "MaxStorageGb": 10, // The value doesn't matter, we don't check server-side
 
@@ -305,7 +310,7 @@ impl UserOrganization {
         })
     }
 
-    pub fn to_json_collection_user_details(&self, read_only: bool) -> Value {
+    pub fn to_json_read_only(&self, read_only: bool) -> Value {
         json!({
             "Id": self.uuid,
             "ReadOnly": read_only
@@ -432,6 +437,15 @@ impl UserOrganization {
             .expect("Error loading user organizations")
     }
 
+    pub fn count_by_org(org_uuid: &str, conn: &DbConn) -> i64 {
+        users_organizations::table
+            .filter(users_organizations::org_uuid.eq(org_uuid))
+            .count()
+            .first::<i64>(&**conn)
+            .ok()
+            .unwrap_or(0)
+    }
+
     pub fn find_by_org_and_type(org_uuid: &str, atype: i32, conn: &DbConn) -> Vec<Self> {
         users_organizations::table
             .filter(users_organizations::org_uuid.eq(org_uuid))

src/db/models/two_factor.rs

@@ -1,4 +1,3 @@
-use diesel;
 use diesel::prelude::*;
 use serde_json::Value;
 
@@ -23,7 +22,7 @@ pub struct TwoFactor {
 }
 
 #[allow(dead_code)]
-#[derive(FromPrimitive)]
+#[derive(num_derive::FromPrimitive)]
 pub enum TwoFactorType {
     Authenticator = 0,
     Email = 1,
@@ -60,7 +59,7 @@ impl TwoFactor {
         })
     }
 
-    pub fn to_json_list(&self) -> Value {
+    pub fn to_json_provider(&self) -> Value {
         json!({
             "Enabled": self.enabled,
             "Type": self.atype,

src/db/models/user.rs

@@ -6,6 +6,7 @@ use crate::CONFIG;
 
 #[derive(Debug, Identifiable, Queryable, Insertable, AsChangeset)]
 #[table_name = "users"]
+#[changeset_options(treat_none_as_null="true")]
 #[primary_key(uuid)]
 pub struct User {
     pub uuid: String,
@@ -120,7 +121,6 @@ impl User {
 use super::{Cipher, Device, Folder, TwoFactor, UserOrgType, UserOrganization};
 use crate::db::schema::{invitations, users};
 use crate::db::DbConn;
-use diesel;
 use diesel::prelude::*;
 
 use crate::api::EmptyResult;
@@ -274,7 +274,7 @@ pub struct Invitation {
 }
 
 impl Invitation {
-    pub fn new(email: String) -> Self {
+    pub const fn new(email: String) -> Self {
         Self { email }
     }
 

src/db/schemas/mysql/schema.rs

@@ -22,6 +22,7 @@ table! {
         data -> Text,
         favorite -> Bool,
         password_history -> Nullable<Text>,
+        deleted_at -> Nullable<Datetime>,
     }
 }
 

src/db/schemas/postgresql/schema.rs

@@ -22,6 +22,7 @@ table! {
         data -> Text,
         favorite -> Bool,
         password_history -> Nullable<Text>,
+        deleted_at -> Nullable<Timestamp>,
     }
 }
 

src/db/schemas/sqlite/schema.rs

@@ -22,6 +22,7 @@ table! {
         data -> Text,
         favorite -> Bool,
         password_history -> Nullable<Text>,
+        deleted_at -> Nullable<Timestamp>,
     }
 }
 

src/error.rs

@@ -7,7 +7,6 @@ macro_rules! make_error {
     ( $( $name:ident ( $ty:ty ): $src_fn:expr, $usr_msg_fun:expr ),+ $(,)? ) => {
         const BAD_REQUEST: u16 = 400;
 
-        #[derive(Display)]
         pub enum ErrorKind { $($name( $ty )),+ }
         pub struct Error { message: String, error: ErrorKind, error_code: u16 }
 
@@ -46,9 +45,13 @@ use std::option::NoneError as NoneErr;
 use std::time::SystemTimeError as TimeErr;
 use u2f::u2ferror::U2fError as U2fErr;
 use yubico::yubicoerror::YubicoError as YubiErr;
-use lettre::smtp::error::Error as LettreErr;
 
-#[derive(Display, Serialize)]
+use lettre::address::AddressError as AddrErr;
+use lettre::error::Error as LettreErr;
+use lettre::message::mime::FromStrError as FromStrErr;
+use lettre::transport::smtp::error::Error as SmtpErr;
+
+#[derive(Serialize)]
 pub struct Empty {}
 
 // Error struct
@@ -74,7 +77,11 @@ make_error! {
     ReqError(ReqErr):     _has_source, _api_error,
     RegexError(RegexErr): _has_source, _api_error,
     YubiError(YubiErr):   _has_source, _api_error,
-    LetreErr(LettreErr):  _has_source, _api_error,
+
+    LetreError(LettreErr):    _has_source, _api_error,
+    AddressError(AddrErr):    _has_source, _api_error,
+    SmtpError(SmtpErr):       _has_source, _api_error,
+    FromStrError(FromStrErr): _has_source, _api_error,
 }
 
 // This is implemented by hand because NoneError doesn't implement neither Display nor Error
@@ -118,7 +125,7 @@ impl Error {
         self
     }
 
-    pub fn with_code(mut self, code: u16) -> Self {
+    pub const fn with_code(mut self, code: u16) -> Self {
         self.error_code = code;
         self
     }
@@ -146,7 +153,7 @@ impl<S> MapResult<S> for Option<S> {
     }
 }
 
-fn _has_source<T>(e: T) -> Option<T> {
+const fn _has_source<T>(e: T) -> Option<T> {
     Some(e)
 }
 fn _no_source<T, S>(_: T) -> Option<S> {

src/mail.rs

@@ -1,13 +1,11 @@
-use lettre::smtp::authentication::Credentials;
-use lettre::smtp::authentication::Mechanism as SmtpAuthMechanism;
-use lettre::smtp::ConnectionReuseParameters;
-use lettre::{
-    builder::{EmailBuilder, MimeMultipartType, PartBuilder},
-    ClientSecurity, ClientTlsParameters, SmtpClient, SmtpTransport, Transport,
-};
+use std::str::FromStr;
+
+use lettre::message::{header, Mailbox, Message, MultiPart, SinglePart};
+use lettre::transport::smtp::authentication::{Credentials, Mechanism as SmtpAuthMechanism};
+use lettre::{Address, SmtpTransport, Tls, TlsParameters, Transport};
+
 use native_tls::{Protocol, TlsConnector};
 use percent_encoding::{percent_encode, NON_ALPHANUMERIC};
-use quoted_printable::encode_to_str;
 
 use crate::api::EmptyResult;
 use crate::auth::{encode_jwt, generate_delete_claims, generate_invite_claims, generate_verify_email_claims};
@@ -24,43 +22,40 @@ fn mailer() -> SmtpTransport {
             .build()
             .unwrap();
 
-        let params = ClientTlsParameters::new(host.clone(), tls);
+        let params = TlsParameters::new(host.clone(), tls);
 
         if CONFIG.smtp_explicit_tls() {
-            ClientSecurity::Wrapper(params)
+            Tls::Wrapper(params)
         } else {
-            ClientSecurity::Required(params)
+            Tls::Required(params)
         }
     } else {
-        ClientSecurity::None
+        Tls::None
     };
 
     use std::time::Duration;
 
-    let smtp_client = SmtpClient::new((host.as_str(), CONFIG.smtp_port()), client_security).unwrap();
+    let smtp_client = SmtpTransport::builder(host).port(CONFIG.smtp_port()).tls(client_security);
 
-    let smtp_client = match (&CONFIG.smtp_username(), &CONFIG.smtp_password()) {
-        (Some(user), Some(pass)) => smtp_client.credentials(Credentials::new(user.clone(), pass.clone())),
+    let smtp_client = match (CONFIG.smtp_username(), CONFIG.smtp_password()) {
+        (Some(user), Some(pass)) => smtp_client.credentials(Credentials::new(user, pass)),
         _ => smtp_client,
     };
 
     let smtp_client = match CONFIG.smtp_auth_mechanism() {
         Some(mechanism) => {
-            let correct_mechanism = format!("\"{}\"", crate::util::upcase_first(&mechanism.trim_matches('"')));
+            let correct_mechanism = format!("\"{}\"", crate::util::upcase_first(mechanism.trim_matches('"')));
 
+            // TODO: Allow more than one mechanism
             match serde_json::from_str::<SmtpAuthMechanism>(&correct_mechanism) {
-                Ok(auth_mechanism) => smtp_client.authentication_mechanism(auth_mechanism),
+                Ok(auth_mechanism) => smtp_client.authentication(vec![auth_mechanism]),
                 _ => panic!("Failure to parse mechanism. Is it proper Json? Eg. `\"Plain\"` not `Plain`"),
             }
         }
         _ => smtp_client,
     };
 
-    smtp_client
-        .smtp_utf8(true)
-        .timeout(Some(Duration::from_secs(CONFIG.smtp_timeout())))
-        .connection_reuse(ConnectionReuseParameters::NoReuse)
-        .transport()
+    smtp_client.timeout(Some(Duration::from_secs(CONFIG.smtp_timeout()))).build()
 }
 
 fn get_text(template_name: &'static str, data: serde_json::Value) -> Result<(String, String, String), Error> {
@@ -95,7 +90,7 @@ pub fn send_password_hint(address: &str, hint: Option<String>) -> EmptyResult {
 
     let (subject, body_html, body_text) = get_text(template_name, json!({ "hint": hint, "url": CONFIG.domain() }))?;
 
-    send_email(&address, &subject, &body_html, &body_text)
+    send_email(address, &subject, &body_html, &body_text)
 }
 
 pub fn send_delete_account(address: &str, uuid: &str) -> EmptyResult {
@@ -112,7 +107,7 @@ pub fn send_delete_account(address: &str, uuid: &str) -> EmptyResult {
         }),
     )?;
 
-    send_email(&address, &subject, &body_html, &body_text)
+    send_email(address, &subject, &body_html, &body_text)
 }
 
 pub fn send_verify_email(address: &str, uuid: &str) -> EmptyResult {
@@ -129,7 +124,7 @@ pub fn send_verify_email(address: &str, uuid: &str) -> EmptyResult {
         }),
     )?;
 
-    send_email(&address, &subject, &body_html, &body_text)
+    send_email(address, &subject, &body_html, &body_text)
 }
 
 pub fn send_welcome(address: &str) -> EmptyResult {
@@ -140,7 +135,7 @@ pub fn send_welcome(address: &str) -> EmptyResult {
         }),
     )?;
 
-    send_email(&address, &subject, &body_html, &body_text)
+    send_email(address, &subject, &body_html, &body_text)
 }
 
 pub fn send_welcome_must_verify(address: &str, uuid: &str) -> EmptyResult {
@@ -156,7 +151,7 @@ pub fn send_welcome_must_verify(address: &str, uuid: &str) -> EmptyResult {
         }),
     )?;
 
-    send_email(&address, &subject, &body_html, &body_text)
+    send_email(address, &subject, &body_html, &body_text)
 }
 
 pub fn send_invite(
@@ -188,7 +183,7 @@ pub fn send_invite(
         }),
     )?;
 
-    send_email(&address, &subject, &body_html, &body_text)
+    send_email(address, &subject, &body_html, &body_text)
 }
 
 pub fn send_invite_accepted(new_user_email: &str, address: &str, org_name: &str) -> EmptyResult {
@@ -201,7 +196,7 @@ pub fn send_invite_accepted(new_user_email: &str, address: &str, org_name: &str)
         }),
     )?;
 
-    send_email(&address, &subject, &body_html, &body_text)
+    send_email(address, &subject, &body_html, &body_text)
 }
 
 pub fn send_invite_confirmed(address: &str, org_name: &str) -> EmptyResult {
@@ -213,7 +208,7 @@ pub fn send_invite_confirmed(address: &str, org_name: &str) -> EmptyResult {
         }),
     )?;
 
-    send_email(&address, &subject, &body_html, &body_text)
+    send_email(address, &subject, &body_html, &body_text)
 }
 
 pub fn send_new_device_logged_in(address: &str, ip: &str, dt: &NaiveDateTime, device: &str) -> EmptyResult {
@@ -232,7 +227,7 @@ pub fn send_new_device_logged_in(address: &str, ip: &str, dt: &NaiveDateTime, de
         }),
     )?;
 
-    send_email(&address, &subject, &body_html, &body_text)
+    send_email(address, &subject, &body_html, &body_text)
 }
 
 pub fn send_token(address: &str, token: &str) -> EmptyResult {
@@ -244,7 +239,7 @@ pub fn send_token(address: &str, token: &str) -> EmptyResult {
         }),
     )?;
 
-    send_email(&address, &subject, &body_html, &body_text)
+    send_email(address, &subject, &body_html, &body_text)
 }
 
 pub fn send_change_email(address: &str, token: &str) -> EmptyResult {
@@ -256,7 +251,7 @@ pub fn send_change_email(address: &str, token: &str) -> EmptyResult {
         }),
     )?;
 
-    send_email(&address, &subject, &body_html, &body_text)
+    send_email(address, &subject, &body_html, &body_text)
 }
 
 pub fn send_test(address: &str) -> EmptyResult {
@@ -267,7 +262,7 @@ pub fn send_test(address: &str) -> EmptyResult {
         }),
     )?;
 
-    send_email(&address, &subject, &body_html, &body_text)
+    send_email(address, &subject, &body_html, &body_text)
 }
 
 fn send_email(address: &str, subject: &str, body_html: &str, body_text: &str) -> EmptyResult {
@@ -283,38 +278,35 @@ fn send_email(address: &str, subject: &str, body_html: &str, body_text: &str) ->
 
     let address = format!("{}@{}", address_split[1], domain_puny);
 
-    let html = PartBuilder::new()
-        .body(encode_to_str(body_html))
-        .header(("Content-Type", "text/html; charset=utf-8"))
-        .header(("Content-Transfer-Encoding", "quoted-printable"))
-        .build();
+    let data = MultiPart::mixed()
+        .multipart(
+            MultiPart::alternative()
+                .singlepart(
+                    SinglePart::quoted_printable()
+                        .header(header::ContentType("text/plain; charset=utf-8".parse()?))
+                        .body(body_text),
+                )
+                .multipart(
+                    MultiPart::related().singlepart(
+                        SinglePart::quoted_printable()
+                            .header(header::ContentType("text/html; charset=utf-8".parse()?))
+                            .body(body_html),
+                    )
+                    // .singlepart(SinglePart::base64() -- Inline files would go here
+                ),
+        )
+        // .singlepart(SinglePart::base64()  -- Attachments would go here
+        ;
 
-    let text = PartBuilder::new()
-        .body(encode_to_str(body_text))
-        .header(("Content-Type", "text/plain; charset=utf-8"))
-        .header(("Content-Transfer-Encoding", "quoted-printable"))
-        .build();
-
-    let alternative = PartBuilder::new()
-        .message_type(MimeMultipartType::Alternative)
-        .child(text)
-        .child(html);
-
-    let email = EmailBuilder::new()
-        .to(address)
-        .from((CONFIG.smtp_from().as_str(), CONFIG.smtp_from_name().as_str()))
+    let email = Message::builder()
+        .to(Mailbox::new(None, Address::from_str(&address)?))
+        .from(Mailbox::new(
+            Some(CONFIG.smtp_from_name()),
+            Address::from_str(&CONFIG.smtp_from())?,
+        ))
         .subject(subject)
-        .child(alternative.build())
-        .build()
-        .map_err(|e| Error::new("Error building email", e.to_string()))?;
+        .multipart(data)?;
 
-    let mut transport = mailer();
-
-    let result = transport.send(email);
-
-    // Explicitly close the connection, in case of error
-    transport.close();
-    
-    result?;
+    let _ = mailer().send(&email)?;
     Ok(())
 }

src/main.rs

@@ -1,4 +1,5 @@
-#![feature(proc_macro_hygiene, vec_remove_item, try_trait, ip)]
+#![forbid(unsafe_code)]
+#![feature(proc_macro_hygiene, try_trait, ip)]
 #![recursion_limit = "256"]
 
 extern crate openssl;
@@ -14,12 +15,6 @@ extern crate log;
 extern crate diesel;
 #[macro_use]
 extern crate diesel_migrations;
-#[macro_use]
-extern crate derive_more;
-#[macro_use]
-extern crate num_derive;
-
-extern crate backtrace;
 
 use std::{
     fs::create_dir_all,
@@ -108,7 +103,10 @@ fn launch_info() {
     println!("|--------------------------------------------------------------------|");
     println!("| This is an *unofficial* Bitwarden implementation, DO NOT use the   |");
     println!("| official channels to report bugs/features, regardless of client.   |");
-    println!("| Report URL: https://github.com/dani-garcia/bitwarden_rs/issues/new |");
+    println!("| Send usage/configuration questions or feature requests to:         |");
+    println!("|   https://bitwardenrs.discourse.group/                             |");
+    println!("| Report suspected bugs/issues in the software itself at:            |");
+    println!("|   https://github.com/dani-garcia/bitwarden_rs/issues/new           |");
     println!("\\--------------------------------------------------------------------/\n");
 }
 

src/static/global_domains.json

@@ -108,7 +108,9 @@
       "microsoftonline.com",
       "office365.com",
       "microsoftstore.com",
-      "xbox.com"
+      "xbox.com",
+      "azure.com",
+      "windowsazure.com"
     ],
     "Excluded": false
   },
@@ -126,8 +128,7 @@
     "Type": 12,
     "Domains": [
       "overture.com",
-      "yahoo.com",
-      "flickr.com"
+      "yahoo.com"
     ],
     "Excluded": false
   },
@@ -192,7 +193,6 @@
       "amazon.it",
       "amazon.com.au",
       "amazon.co.nz",
-      "amazon.co.jp",
       "amazon.in"
     ],
     "Excluded": false
@@ -777,69 +777,69 @@
     "Excluded": false
   },
   {
-  	"Type": 76,
-  	"Domains": [
-  		"docusign.com",
-  		"docusign.net"
-  	],
-  	"Excluded": false
+    "Type": 76,
+    "Domains": [
+      "docusign.com",
+      "docusign.net"
+    ],
+    "Excluded": false
   },
   {
-  	"Type": 77,
-  	"Domains": [
-  		"envato.com",
-  		"themeforest.net",
-  		"codecanyon.net",
-  		"videohive.net",
-  		"audiojungle.net",
-  		"graphicriver.net",
-  		"photodune.net",
-  		"3docean.net"
-  	],
-  	"Excluded": false
+    "Type": 77,
+    "Domains": [
+      "envato.com",
+      "themeforest.net",
+      "codecanyon.net",
+      "videohive.net",
+      "audiojungle.net",
+      "graphicriver.net",
+      "photodune.net",
+      "3docean.net"
+    ],
+    "Excluded": false
   },
   {
-  	"Type": 78,
-  	"Domains": [
-  		"x10hosting.com",
-  		"x10premium.com"
-  	],
-  	"Excluded": false
+    "Type": 78,
+    "Domains": [
+      "x10hosting.com",
+      "x10premium.com"
+    ],
+    "Excluded": false
   },
   {
-  	"Type": 79,
-  	"Domains": [
-  		"dnsomatic.com",
-  		"opendns.com",
-  		"umbrella.com"
-  	],
-  	"Excluded": false
+    "Type": 79,
+    "Domains": [
+      "dnsomatic.com",
+      "opendns.com",
+      "umbrella.com"
+    ],
+    "Excluded": false
   },
   {
-  	"Type": 80,
-  	"Domains": [
-  		"cagreatamerica.com",
-  		"canadaswonderland.com",
-  		"carowinds.com",
-  		"cedarfair.com",
-  		"cedarpoint.com",
-  		"dorneypark.com",
-  		"kingsdominion.com",
-  		"knotts.com",
-  		"miadventure.com",
-  		"schlitterbahn.com",
-  		"valleyfair.com",
-  		"visitkingsisland.com",
-  		"worldsoffun.com"
-  	],
-  	"Excluded": false
+    "Type": 80,
+    "Domains": [
+      "cagreatamerica.com",
+      "canadaswonderland.com",
+      "carowinds.com",
+      "cedarfair.com",
+      "cedarpoint.com",
+      "dorneypark.com",
+      "kingsdominion.com",
+      "knotts.com",
+      "miadventure.com",
+      "schlitterbahn.com",
+      "valleyfair.com",
+      "visitkingsisland.com",
+      "worldsoffun.com"
+    ],
+    "Excluded": false
   },
   {
-  	"Type": 81,
-  	"Domains": [
-  		"ubnt.com",
-  		"ui.com"
-  	],
-  	"Excluded": false
+    "Type": 81,
+    "Domains": [
+      "ubnt.com",
+      "ui.com"
+    ],
+    "Excluded": false
   }
 ]

src/static/templates/admin/base.hbs

@@ -1,67 +1,127 @@
 <!DOCTYPE html>
 <html lang="en">
-
 <head>
-    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+    <meta http-equiv="content-type" content="text/html; charset=UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
+    <meta name="robots" content="noindex,nofollow" />
     <title>Bitwarden_rs Admin Panel</title>
-
     <link rel="stylesheet" href="{{urlpath}}/bwrs_static/bootstrap.css" />
-    <script src="{{urlpath}}/bwrs_static/bootstrap-native-v4.js"></script>
-    <script src="{{urlpath}}/bwrs_static/md5.js"></script>
-    <script src="{{urlpath}}/bwrs_static/identicon.js"></script>
     <style>
         body {
-            padding-top: 70px;
+            padding-top: 75px;
         }
-
-        @media (max-width:768px) {
-            body {
-                padding-top: 190px;
-            }
-
-            .container {
-                max-width: 100%;
-            }
-        }
-
         img {
             width: 48px;
             height: 48px;
         }
+        .navbar img {
+            height: 24px;
+            width: auto;
+        }
     </style>
+    <script src="{{urlpath}}/bwrs_static/md5.js"></script>
+    <script src="{{urlpath}}/bwrs_static/identicon.js"></script>
+    <script>
+        function reload() { window.location.reload(); }
+        function msg(text, reload_page = true) {
+            text && alert(text);
+            reload_page && reload();
+        }
+        function identicon(email) {
+            const data = new Identicon(md5(email), { size: 48, format: 'svg' });
+            return "data:image/svg+xml;base64," + data.toString();
+        }
+        function toggleVis(input_id) {
+            const elem = document.getElementById(input_id);
+            const type = elem.getAttribute("type");
+            if (type === "text") {
+                elem.setAttribute("type", "password");
+            } else {
+                elem.setAttribute("type", "text");
+            }
+            return false;
+        }
+        function _post(url, successMsg, errMsg, body, reload_page = true) {
+            fetch(url, {
+                method: 'POST',
+                body: body,
+                mode: "same-origin",
+                credentials: "same-origin",
+                headers: { "Content-Type": "application/json" }
+            }).then( resp => {
+                if (resp.ok) { msg(successMsg, reload_page); return Promise.reject({error: false}); }
+                respStatus = resp.status;
+                respStatusText = resp.statusText;
+                return resp.text();
+            }).then( respText => {
+                try {
+                    const respJson = JSON.parse(respText);
+                    return respJson ? respJson.ErrorModel.Message : "Unknown error";
+                } catch (e) {
+                    return Promise.reject({body:respStatus + ' - ' + respStatusText, error: true});
+                }
+            }).then( apiMsg => {
+                msg(errMsg + "\n" + apiMsg, reload_page);
+            }).catch( e => {
+                if (e.error === false) { return true; }
+                else { msg(errMsg + "\n" + e.body, reload_page); }
+            });
+        }
+    </script>
+
 </head>
 
 <body class="bg-light">
-    <nav class="navbar navbar-expand-sm navbar-dark bg-dark fixed-top shadow">
-        <a class="navbar-brand" href="#">Bitwarden_rs</a>
-        <div class="navbar-collapse">
-            <ul class="navbar-nav">
-                <li class="nav-item active">
-                    <a class="nav-link" href="{{urlpath}}/admin">Admin Panel</a>
-                </li>
-                <li class="nav-item">
-                    <a class="nav-link" href="{{urlpath}}/">Vault</a>
-                </li>
-            </ul>
+    <nav class="navbar navbar-expand-md navbar-dark bg-dark mb-4 shadow fixed-top">
+        <div class="container">
+            <a class="navbar-brand" href="{{urlpath}}/admin"><img class="pr-1" src="{{urlpath}}/bwrs_static/shield-white.png">Bitwarden_rs Admin</a>
+            <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarCollapse"
+                    aria-controls="navbarCollapse" aria-expanded="false" aria-label="Toggle navigation">
+                <span class="navbar-toggler-icon"></span>
+            </button>
+            <div class="collapse navbar-collapse" id="navbarCollapse">
+                <ul class="navbar-nav mr-auto">
+                {{#if logged_in}}
+                    <li class="nav-item">
+                        <a class="nav-link" href="{{urlpath}}/admin">Settings</a>
+                    </li>
+                    <li class="nav-item">
+                        <a class="nav-link" href="{{urlpath}}/admin/users/overview">Users</a>
+                    </li>
+                    <li class="nav-item">
+                        <a class="nav-link" href="{{urlpath}}/admin/organizations/overview">Organizations</a>
+                    </li>
+                    <li class="nav-item">
+                        <a class="nav-link" href="{{urlpath}}/admin/diagnostics">Diagnostics</a>
+                    </li>
+                {{/if}}
+                    <li class="nav-item">
+                        <a class="nav-link" href="{{urlpath}}/">Vault</a>
+                    </li>
+                </ul>
+
+                {{#if logged_in}}
+                    <a class="btn btn-sm btn-secondary" href="{{urlpath}}/admin/logout">Log Out</a>
+                {{/if}}
+            </div>
         </div>
-
-        <ul class="navbar-nav">
-            {{#if version}}
-            <li class="nav-item">
-                <span class="navbar-text mr-2">Version: {{version}}</span>
-            </li>
-            {{/if}}
-
-            {{#if logged_in}}
-            <li class="nav-item">
-                <a class="nav-link" href="{{urlpath}}/admin/logout">Log Out</a>
-            </li>
-            {{/if}}
-        </ul>
     </nav>
 
     {{> (page_content) }}
-</body>
 
-</html>
+    <!-- This script needs to be at the bottom, else it will fail! -->
+    <script>
+        // get current URL path and assign 'active' class to the correct nav-item
+        (function () {
+            var pathname = window.location.pathname;
+            if (pathname === "") return;
+            var navItem = document.querySelectorAll('.navbar-nav .nav-item a[href="'+pathname+'"]');
+            if (navItem.length === 1) {
+                navItem[0].parentElement.className = navItem[0].parentElement.className + ' active';
+            }
+        })();
+    </script>
+    <!-- This script needs to be at the bottom, else it will fail! -->
+    <script src="{{urlpath}}/bwrs_static/bootstrap-native-v4.js"></script>
+</body>
+</html>

src/static/templates/admin/diagnostics.hbs

@@ -0,0 +1,150 @@
+<main class="container">
+    <div id="diagnostics-block" class="my-3 p-3 bg-white rounded shadow">
+        <h6 class="border-bottom pb-2 mb-2">Diagnostics</h6>
+
+        <h3>Version</h3>
+        <div class="row">
+            <div class="col-md">
+                <dl class="row">
+                    <dt class="col-sm-5">Server Installed
+                        <span class="badge badge-success d-none" id="server-success" title="Latest version is installed.">Ok</span>
+                        <span class="badge badge-warning d-none" id="server-warning" title="There seems to be an update available.">Update</span>
+                        <span class="badge badge-info d-none" id="server-branch" title="This is a branched version.">Branched</span>
+                    </dt>
+                    <dd class="col-sm-7">
+                        <span id="server-installed">{{version}}</span>
+                    </dd>
+                    <dt class="col-sm-5">Server Latest
+                        <span class="badge badge-danger d-none" id="server-failed" title="Unable to determine latest version.">Unknown</span>
+                    </dt>
+                    <dd class="col-sm-7">
+                        <span id="server-latest">{{diagnostics.latest_release}}<span id="server-latest-commit" class="d-none">-{{diagnostics.latest_commit}}</span></span>
+                    </dd>
+                    <dt class="col-sm-5">Web Installed
+                        <span class="badge badge-success d-none" id="web-success" title="Latest version is installed.">Ok</span>
+                        <span class="badge badge-warning d-none" id="web-warning" title="There seems to be an update available.">Update</span>
+                    </dt>
+                    <dd class="col-sm-7">
+                        <span id="web-installed">{{diagnostics.web_vault_version}}</span>
+                    </dd>
+                    <dt class="col-sm-5">Web Latest
+                        <span class="badge badge-danger d-none" id="web-failed" title="Unable to determine latest version.">Unknown</span>
+                    </dt>
+                    <dd class="col-sm-7">
+                        <span id="web-latest">{{diagnostics.latest_web_build}}</span>
+                    </dd>
+                </dl>
+            </div>
+        </div>
+
+        <h3>Checks</h3>
+        <div class="row">
+            <div class="col-md">
+                <dl class="row">
+                    <dt class="col-sm-5">DNS (github.com)
+                        <span class="badge badge-success d-none" id="dns-success" title="DNS Resolving works!">Ok</span>
+                        <span class="badge badge-danger d-none" id="dns-warning" title="DNS Resolving failed. Please fix.">Error</span>
+                    </dt>
+                    <dd class="col-sm-7">
+                        <span id="dns-resolved">{{diagnostics.dns_resolved}}</span>
+                    </dd>
+
+                    <dt class="col-sm-5">Date & Time (UTC)
+                        <span class="badge badge-success d-none" id="time-success" title="Time offsets seem to be correct.">Ok</span>
+                        <span class="badge badge-danger d-none" id="time-warning" title="Time offsets are too mouch at drift.">Error</span>
+                    </dt>
+                    <dd class="col-sm-7">
+                        <span id="time-server" class="d-block"><b>Server:</b> <span id="time-server-string">{{diagnostics.server_time}}</span></span>
+                        <span id="time-browser" class="d-block"><b>Browser:</b> <span id="time-browser-string"></span></span>
+                    </dd>
+                </dl>
+            </div>
+        </div>
+    </div>
+</main>
+
+<script>
+    (() => {
+        const d = new Date();
+        const year = d.getUTCFullYear();
+        const month = String(d.getUTCMonth()+1).padStart(2, '0');
+        const day = String(d.getUTCDate()).padStart(2, '0');
+        const hour = String(d.getUTCHours()).padStart(2, '0');
+        const minute = String(d.getUTCMinutes()).padStart(2, '0');
+        const seconds = String(d.getUTCSeconds()).padStart(2, '0');
+        const browserUTC = year + '-' + month + '-' + day + ' ' + hour + ':' + minute + ':' + seconds;
+        document.getElementById("time-browser-string").innerText = browserUTC;
+
+        const serverUTC = document.getElementById("time-server-string").innerText;
+        const timeDrift = (Date.parse(serverUTC) - Date.parse(browserUTC)) / 1000;
+        if (timeDrift > 30 || timeDrift < -30) {
+            document.getElementById('time-warning').classList.remove('d-none');
+        } else {
+            document.getElementById('time-success').classList.remove('d-none');
+        }
+
+        // Check if the output is a valid IP
+        const isValidIp = value => (/^(?:(?:^|\.)(?:2(?:5[0-5]|[0-4]\d)|1?\d?\d)){4}$/.test(value) ? true : false);
+        if (isValidIp(document.getElementById('dns-resolved').innerText)) {
+            document.getElementById('dns-success').classList.remove('d-none');
+        } else {
+            document.getElementById('dns-warning').classList.remove('d-none');
+        }
+
+        let serverInstalled = document.getElementById('server-installed').innerText;
+        let serverLatest = document.getElementById('server-latest').innerText;
+        let serverLatestCommit = document.getElementById('server-latest-commit').innerText.replace('-', '');
+        if (serverInstalled.indexOf('-') !== -1 && serverLatest !== '-' && serverLatestCommit !== '-') {
+            document.getElementById('server-latest-commit').classList.remove('d-none');
+        }
+
+        const webInstalled = document.getElementById('web-installed').innerText;
+        const webLatest = document.getElementById('web-latest').innerText;
+
+        checkVersions('server', serverInstalled, serverLatest, serverLatestCommit);
+        checkVersions('web', webInstalled, webLatest);
+
+        function checkVersions(platform, installed, latest, commit=null) {
+            if (installed === '-' || latest === '-') {
+                document.getElementById(platform + '-failed').classList.remove('d-none');
+                return;
+            }
+
+            // Only check basic versions, no commit revisions
+            if (commit === null || installed.indexOf('-') === -1) {
+                if (installed !== latest) {
+                    document.getElementById(platform + '-warning').classList.remove('d-none');
+                } else {
+                    document.getElementById(platform + '-success').classList.remove('d-none');
+                }
+            } else {
+                // Check if this is a branched version.
+                const branchRegex = /(?:\s)\((.*?)\)/;
+                const branchMatch = installed.match(branchRegex);
+                if (branchMatch !== null) {
+                    document.getElementById(platform + '-branch').classList.remove('d-none');
+                }
+
+                // This will remove branch info and check if there is a commit hash
+                const installedRegex = /(\d+\.\d+\.\d+)-(\w+)/;
+                const instMatch = installed.match(installedRegex);
+
+                // It could be that a new tagged version has the same commit hash.
+                // In this case the version is the same but only the number is different
+                if (instMatch !== null) {
+                    if (instMatch[2] === commit) {
+                        // The commit hashes are the same, so latest version is installed
+                        document.getElementById(platform + '-success').classList.remove('d-none');
+                        return;
+                    }
+                }
+
+                if (installed === latest) {
+                    document.getElementById(platform + '-success').classList.remove('d-none');
+                } else {
+                    document.getElementById(platform + '-warning').classList.remove('d-none');
+                }
+            }
+        }
+    })();
+</script>

src/static/templates/admin/organizations.hbs

@@ -0,0 +1,51 @@
+<main class="container">
+    <div id="organizations-block" class="my-3 p-3 bg-white rounded shadow">
+        <h6 class="border-bottom pb-2 mb-0">Organizations</h6>
+
+        <div class="table-responsive-xl small">
+            <table class="table table-sm table-striped table-hover">
+                <thead>
+                    <tr>
+                        <th style="width: 24px;" colspan="2">Organization</th>
+                        <th>Users</th>
+                        <th>Items</th>
+                        <th>Attachments</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    {{#each organizations}}
+                    <tr>
+                        <td><img class="rounded identicon" data-src="{{Id}}"></td>
+                        <td>
+                            <strong>{{Name}}</strong>
+                            <span class="mr-2">({{BillingEmail}})</span>
+                            <span class="d-block">
+                                <span class="badge badge-success">{{Id}}</span>
+                            </span>
+                        </td>
+                        <td>
+                            <span class="d-block">{{user_count}}</span>
+                        </td>
+                        <td>
+                            <span class="d-block">{{cipher_count}}</span>
+                        </td>
+                        <td>
+                            <span class="d-block"><strong>Amount:</strong> {{attachment_count}}</span>
+                            {{#if attachment_count}}
+                            <span class="d-block"><strong>Size:</strong> {{attachment_size}}</span>
+                            {{/if}}
+                        </td>
+                    </tr>
+                    {{/each}}
+                </tbody>
+            </table>
+        </div>
+        
+    </div>
+</main>
+
+<script>
+    document.querySelectorAll("img.identicon").forEach(function (e, i) {
+        e.src = identicon(e.dataset.src);
+    });
+</script>

src/static/templates/admin/settings.hbs

@@ -1,68 +1,4 @@
 <main class="container">
-    <div id="users-block" class="my-3 p-3 bg-white rounded shadow">
-        <h6 class="border-bottom pb-2 mb-0">Registered Users</h6>
-
-        <div id="users-list">
-            {{#each users}}
-            <div class="media pt-3">
-                <img class="mr-2 rounded identicon" data-src="{{Email}}">
-                <div class="media-body pb-3 mb-0 small border-bottom">
-                    <div class="row justify-content-between">
-                        <div class="col">
-                            <strong>{{Name}}</strong>
-                            {{#if TwoFactorEnabled}}
-                            <span class="badge badge-success ml-2">2FA</span>
-                            {{/if}}
-                            {{#case _Status 1}}
-                            <span class="badge badge-warning ml-2">Invited</span>
-                            {{/case}}
-                            <span class="d-block">{{Email}}</span>
-                        </div>
-                        <div class="col">
-                            <strong> Organizations: </strong>
-                            <span class="d-block">
-                                {{#each Organizations}}
-                                <span class="badge badge-primary" data-orgtype="{{Type}}">{{Name}}</span>
-                                {{/each}}
-                            </span>
-                        </div>
-                        <div style="flex: 0 0 300px; font-size: 90%; text-align: right; padding-right: 15px">
-                            {{#if TwoFactorEnabled}}
-                            <a class="mr-2" href="#" onclick='remove2fa({{jsesc Id}})'>Remove all 2FA</a>
-                            {{/if}}
-
-                            <a class="mr-2" href="#" onclick='deauthUser({{jsesc Id}})'>Deauthorize sessions</a>
-                            <a class="mr-2" href="#" onclick='deleteUser({{jsesc Id}}, {{jsesc Email}})'>Delete User</a>
-                        </div>
-                    </div>
-                </div>
-            </div>
-            {{/each}}
-
-        </div>
-
-        <div class="mt-3">
-            <button type="button" class="btn btn-sm btn-link" onclick="updateRevisions();"
-                title="Force all clients to fetch new data next time they connect. Useful after restoring a backup to remove any stale data.">
-                Force clients to resync
-            </button>
-
-            <button type="button" class="btn btn-sm btn-primary float-right" onclick="reload();">Reload users</button>
-        </div>
-    </div>
-
-    <div id="invite-form-block" class="align-items-center p-3 mb-3 text-white-50 bg-secondary rounded shadow">
-        <div>
-            <h6 class="mb-0 text-white">Invite User</h6>
-            <small>Email:</small>
-
-            <form class="form-inline" id="invite-form" onsubmit="inviteUser(); return false;">
-                <input type="email" class="form-control w-50 mr-2" id="email-invite" placeholder="Enter email">
-                <button type="submit" class="btn btn-primary">Invite</button>
-            </form>
-        </div>
-    </div>
-
     <div id="config-block" class="align-items-center p-3 mb-3 bg-secondary rounded shadow">
         <div>
             <h6 class="text-white mb-3">Configuration</h6>
@@ -202,90 +138,6 @@
 </style>
 
 <script>
-    function reload() { window.location.reload(); }
-    function msg(text, reload_page = true) {
-        text && alert(text);
-        reload_page && reload();
-    }
-    function identicon(email) {
-        const data = new Identicon(md5(email), { size: 48, format: 'svg' });
-        return "data:image/svg+xml;base64," + data.toString();
-    }
-    function toggleVis(input_id) {
-        const elem = document.getElementById(input_id);
-        const type = elem.getAttribute("type");
-        if (type === "text") {
-            elem.setAttribute("type", "password");
-        } else {
-            elem.setAttribute("type", "text");
-        }
-        return false;
-    }
-    function _post(url, successMsg, errMsg, body, reload_page = true) {
-        fetch(url, {
-            method: 'POST',
-            body: body,
-            mode: "same-origin",
-            credentials: "same-origin",
-            headers: { "Content-Type": "application/json" }
-        }).then( resp => {
-            if (resp.ok) { msg(successMsg, reload_page); return Promise.reject({error: false}); }
-            respStatus = resp.status;
-            respStatusText = resp.statusText;
-            return resp.text();
-        }).then( respText => {
-            try {
-                const respJson = JSON.parse(respText);
-                return respJson ? respJson.ErrorModel.Message : "Unknown error";
-            } catch (e) {
-                return Promise.reject({body:respStatus + ' - ' + respStatusText, error: true});
-            }
-        }).then( apiMsg => {
-            msg(errMsg + "\n" + apiMsg, reload_page);
-        }).catch( e => {
-            if (e.error === false) { return true; }
-            else { msg(errMsg + "\n" + e.body, reload_page); }
-        });
-    }
-    function deleteUser(id, mail) {
-        var input_mail = prompt("To delete user '" + mail + "', please type the email below")
-        if (input_mail != null) {
-            if (input_mail == mail) {
-                _post("{{urlpath}}/admin/users/" + id + "/delete",
-                    "User deleted correctly",
-                    "Error deleting user");
-            } else {
-                alert("Wrong email, please try again")
-            }
-        }
-        return false;
-    }
-    function remove2fa(id) {
-        _post("{{urlpath}}/admin/users/" + id + "/remove-2fa",
-            "2FA removed correctly",
-            "Error removing 2FA");
-        return false;
-    }
-    function deauthUser(id) {
-        _post("{{urlpath}}/admin/users/" + id + "/deauth",
-            "Sessions deauthorized correctly",
-            "Error deauthorizing sessions");
-        return false;
-    }
-    function updateRevisions() {
-        _post("{{urlpath}}/admin/users/update_revision",
-            "Success, clients will sync next time they connect",
-            "Error forcing clients to sync");
-        return false;
-    }
-    function inviteUser() {
-        inv = document.getElementById("email-invite");
-        data = JSON.stringify({ "email": inv.value });
-        inv.value = "";
-        _post("{{urlpath}}/admin/invite/", "User invited correctly",
-            "Error inviting user", data);
-        return false;
-    }
     function smtpTest() {
         test_email = document.getElementById("smtp-test-email");
         data = JSON.stringify({ "email": test_email.value });
@@ -348,23 +200,6 @@
         onChange(); // Trigger the event initially
         checkbox.addEventListener("change", onChange);
     }
-    let OrgTypes = {
-        "0": { "name": "Owner", "color": "orange" },
-        "1": { "name": "Admin", "color": "blueviolet" },
-        "2": { "name": "User", "color": "blue" },
-        "3": { "name": "Manager", "color": "green" },
-    };
-
-    document.querySelectorAll("img.identicon").forEach(function (e, i) {
-        e.src = identicon(e.dataset.src);
-    });
-
-    document.querySelectorAll("[data-orgtype]").forEach(function (e, i) {
-        let orgtype = OrgTypes[e.dataset.orgtype];
-        e.style.backgroundColor = orgtype.color;
-        e.title = orgtype.name;
-    });
-
     // These are formatted because otherwise the
     // VSCode formatter breaks But they still work
     // {{#each config}} {{#if grouptoggle}}

src/static/templates/admin/users.hbs

@@ -0,0 +1,143 @@
+<main class="container">
+    <div id="users-block" class="my-3 p-3 bg-white rounded shadow">
+        <h6 class="border-bottom pb-2 mb-0">Registered Users</h6>
+
+        <div class="table-responsive-xl small">
+            <table class="table table-sm table-striped table-hover">
+                <thead>
+                    <tr>
+                        <th style="width: 24px;">User</th>
+                        <th></th>
+                        <th style="width:60px; min-width: 60px;">Items</th>
+                        <th>Attachments</th>
+                        <th style="min-width: 140px;">Organizations</th>
+                        <th style="width: 140px; min-width: 140px;">Actions</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    {{#each users}}
+                    <tr>
+                        <td><img class="mr-2 rounded identicon" data-src="{{Email}}"></td>
+                        <td>
+                            <strong>{{Name}}</strong>
+                            <span class="d-block">{{Email}}</span>
+                            <span class="d-block">
+                                {{#if TwoFactorEnabled}}
+                                    <span class="badge badge-success mr-2" title="2FA is enabled">2FA</span>
+                                {{/if}}
+                                {{#case _Status 1}}
+                                    <span class="badge badge-warning mr-2" title="User is invited">Invited</span>
+                                {{/case}}
+                                {{#if EmailVerified}}
+                                    <span class="badge badge-success mr-2" title="Email has been verified">Verified</span>
+                                {{/if}}
+                            </span>
+                        </td>
+                        <td>
+                            <span class="d-block">{{cipher_count}}</span>
+                        </td>
+                        <td>
+                            <span class="d-block"><strong>Amount:</strong> {{attachment_count}}</span>
+                            {{#if attachment_count}}
+                            <span class="d-block"><strong>Size:</strong> {{attachment_size}}</span>
+                            {{/if}}
+                        </td>
+                        <td>
+                            {{#each Organizations}}
+                            <span class="badge badge-primary" data-orgtype="{{Type}}">{{Name}}</span>
+                            {{/each}}
+                        </td>
+                        <td style="font-size: 90%; text-align: right; padding-right: 15px">
+                            {{#if TwoFactorEnabled}}
+                            <a class="d-block" href="#" onclick='remove2fa({{jsesc Id}})'>Remove all 2FA</a>
+                            {{/if}}
+                            <a class="d-block" href="#" onclick='deauthUser({{jsesc Id}})'>Deauthorize sessions</a>
+                            <a class="d-block" href="#" onclick='deleteUser({{jsesc Id}}, {{jsesc Email}})'>Delete User</a>
+                        </td>
+                    </tr>
+                    {{/each}}
+                </tbody>
+            </table>
+        </div>
+
+        <div class="mt-3">
+            <button type="button" class="btn btn-sm btn-danger" onclick="updateRevisions();"
+                title="Force all clients to fetch new data next time they connect. Useful after restoring a backup to remove any stale data.">
+                Force clients to resync
+            </button>
+
+            <button type="button" class="btn btn-sm btn-primary float-right" onclick="reload();">Reload users</button>
+        </div>
+    </div>
+
+    <div id="invite-form-block" class="align-items-center p-3 mb-3 text-white-50 bg-secondary rounded shadow">
+        <div>
+            <h6 class="mb-0 text-white">Invite User</h6>
+            <small>Email:</small>
+
+            <form class="form-inline" id="invite-form" onsubmit="inviteUser(); return false;">
+                <input type="email" class="form-control w-50 mr-2" id="email-invite" placeholder="Enter email">
+                <button type="submit" class="btn btn-primary">Invite</button>
+            </form>
+        </div>
+    </div>
+</main>
+
+<script>
+    function deleteUser(id, mail) {
+        var input_mail = prompt("To delete user '" + mail + "', please type the email below")
+        if (input_mail != null) {
+            if (input_mail == mail) {
+                _post("{{urlpath}}/admin/users/" + id + "/delete",
+                    "User deleted correctly",
+                    "Error deleting user");
+            } else {
+                alert("Wrong email, please try again")
+            }
+        }
+        return false;
+    }
+    function remove2fa(id) {
+        _post("{{urlpath}}/admin/users/" + id + "/remove-2fa",
+            "2FA removed correctly",
+            "Error removing 2FA");
+        return false;
+    }
+    function deauthUser(id) {
+        _post("{{urlpath}}/admin/users/" + id + "/deauth",
+            "Sessions deauthorized correctly",
+            "Error deauthorizing sessions");
+        return false;
+    }
+    function updateRevisions() {
+        _post("{{urlpath}}/admin/users/update_revision",
+            "Success, clients will sync next time they connect",
+            "Error forcing clients to sync");
+        return false;
+    }
+    function inviteUser() {
+        inv = document.getElementById("email-invite");
+        data = JSON.stringify({ "email": inv.value });
+        inv.value = "";
+        _post("{{urlpath}}/admin/invite/", "User invited correctly",
+            "Error inviting user", data);
+        return false;
+    }
+
+    let OrgTypes = {
+        "0": { "name": "Owner", "color": "orange" },
+        "1": { "name": "Admin", "color": "blueviolet" },
+        "2": { "name": "User", "color": "blue" },
+        "3": { "name": "Manager", "color": "green" },
+    };
+
+    document.querySelectorAll("img.identicon").forEach(function (e, i) {
+        e.src = identicon(e.dataset.src);
+    });
+
+    document.querySelectorAll("[data-orgtype]").forEach(function (e, i) {
+        let orgtype = OrgTypes[e.dataset.orgtype];
+        e.style.backgroundColor = orgtype.color;
+        e.title = orgtype.name;
+    });
+</script>

src/static/templates/email/change_email.html.hbs

@@ -87,7 +87,7 @@ Your Email Change
          </tr>
          <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
             <td class="container" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;" valign="top">
-               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;">
+               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: max-content;">
                   <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
                      <td class="content" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; display: block; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 0; line-height: 0; margin: 0 auto; max-width: 600px; padding-bottom: 20px;" valign="top">
                         <table class="main" width="100%" cellpadding="0" cellspacing="0" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; margin: 0; -webkit-text-size-adjust: none; border: 1px solid #e9e9e9; border-radius: 3px;" bgcolor="white">

src/static/templates/email/delete_account.html.hbs

@@ -87,7 +87,7 @@ Delete Your Account
          </tr>
          <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
             <td class="container" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;" valign="top">
-               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;">
+               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: max-content;">
                   <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
                      <td class="content" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; display: block; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 0; line-height: 0; margin: 0 auto; max-width: 600px; padding-bottom: 20px;" valign="top">
                         <table class="main" width="100%" cellpadding="0" cellspacing="0" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; margin: 0; -webkit-text-size-adjust: none; border: 1px solid #e9e9e9; border-radius: 3px;" bgcolor="white">

src/static/templates/email/invite_accepted.hbs

@@ -1,4 +1,4 @@
-Invitation accepted
+Invitation to {{{org_name}}} accepted
 <!---------------->
 <html>
 <p>

src/static/templates/email/invite_accepted.html.hbs

@@ -1,4 +1,4 @@
-Invitation accepted
+Invitation to {{{org_name}}} accepted
 <!---------------->
 <html xmlns="http://www.w3.org/1999/xhtml" xmlns="http://www.w3.org/1999/xhtml" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
    <head>
@@ -87,7 +87,7 @@ Invitation accepted
          </tr>
          <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
             <td class="container" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;" valign="top">
-               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;">
+               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: max-content;">
                   <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
                      <td class="content" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; display: block; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 0; line-height: 0; margin: 0 auto; max-width: 600px; padding-bottom: 20px;" valign="top">
                         <table class="main" width="100%" cellpadding="0" cellspacing="0" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; margin: 0; -webkit-text-size-adjust: none; border: 1px solid #e9e9e9; border-radius: 3px;" bgcolor="white">

src/static/templates/email/invite_confirmed.hbs

@@ -1,4 +1,4 @@
-Invitation to {{org_name}} confirmed
+Invitation to {{{org_name}}} confirmed
 <!---------------->
 <html>
 <p>

src/static/templates/email/invite_confirmed.html.hbs

@@ -1,4 +1,4 @@
-Invitation to {{org_name}} confirmed
+Invitation to {{{org_name}}} confirmed
 <!---------------->
 <html xmlns="http://www.w3.org/1999/xhtml" xmlns="http://www.w3.org/1999/xhtml" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
    <head>
@@ -87,7 +87,7 @@ Invitation to {{org_name}} confirmed
          </tr>
          <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
             <td class="container" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;" valign="top">
-               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;">
+               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: max-content;">
                   <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
                      <td class="content" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; display: block; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 0; line-height: 0; margin: 0 auto; max-width: 600px; padding-bottom: 20px;" valign="top">
                         <table class="main" width="100%" cellpadding="0" cellspacing="0" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; margin: 0; -webkit-text-size-adjust: none; border: 1px solid #e9e9e9; border-radius: 3px;" bgcolor="white">

src/static/templates/email/new_device_logged_in.hbs

@@ -1,4 +1,4 @@
-New Device Logged In From {{device}}
+New Device Logged In From {{{device}}}
 <!---------------->
 <html>
 <p>

src/static/templates/email/new_device_logged_in.html.hbs

@@ -1,4 +1,4 @@
-New Device Logged In From {{device}}
+New Device Logged In From {{{device}}}
 <!---------------->
 <html xmlns="http://www.w3.org/1999/xhtml" xmlns="http://www.w3.org/1999/xhtml" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
    <head>
@@ -87,7 +87,7 @@ New Device Logged In From {{device}}
          </tr>
          <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
             <td class="container" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;" valign="top">
-               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;">
+               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: max-content;">
                   <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
                      <td class="content" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; display: block; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 0; line-height: 0; margin: 0 auto; max-width: 600px; padding-bottom: 20px;" valign="top">
                         <table class="main" width="100%" cellpadding="0" cellspacing="0" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; margin: 0; -webkit-text-size-adjust: none; border: 1px solid #e9e9e9; border-radius: 3px;" bgcolor="white">

src/static/templates/email/pw_hint_none.html.hbs

@@ -87,7 +87,7 @@ Sorry, you have no password hint...
          </tr>
          <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
             <td class="container" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;" valign="top">
-               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;">
+               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: max-content;">
                   <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
                      <td class="content" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; display: block; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 0; line-height: 0; margin: 0 auto; max-width: 600px; padding-bottom: 20px;" valign="top">
                         <table class="main" width="100%" cellpadding="0" cellspacing="0" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; margin: 0; -webkit-text-size-adjust: none; border: 1px solid #e9e9e9; border-radius: 3px;" bgcolor="white">

src/static/templates/email/pw_hint_some.html.hbs

@@ -87,7 +87,7 @@ Your master password hint
          </tr>
          <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
             <td class="container" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;" valign="top">
-               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;">
+               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: max-content;">
                   <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
                      <td class="content" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; display: block; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 0; line-height: 0; margin: 0 auto; max-width: 600px; padding-bottom: 20px;" valign="top">
                         <table class="main" width="100%" cellpadding="0" cellspacing="0" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; margin: 0; -webkit-text-size-adjust: none; border: 1px solid #e9e9e9; border-radius: 3px;" bgcolor="white">

src/static/templates/email/send_org_invite.hbs

@@ -1,4 +1,4 @@
-Join {{org_name}}
+Join {{{org_name}}}
 <!---------------->
 <html>
 <p>

src/static/templates/email/send_org_invite.html.hbs

@@ -1,4 +1,4 @@
-Join {{org_name}}
+Join {{{org_name}}}
 <!---------------->
 <html xmlns="http://www.w3.org/1999/xhtml" xmlns="http://www.w3.org/1999/xhtml" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
    <head>
@@ -87,7 +87,7 @@ Join {{org_name}}
          </tr>
          <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
             <td class="container" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;" valign="top">
-               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;">
+               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: max-content;">
                   <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
                      <td class="content" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; display: block; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 0; line-height: 0; margin: 0 auto; max-width: 600px; padding-bottom: 20px;" valign="top">
                         <table class="main" width="100%" cellpadding="0" cellspacing="0" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; margin: 0; -webkit-text-size-adjust: none; border: 1px solid #e9e9e9; border-radius: 3px;" bgcolor="white">

src/static/templates/email/smtp_test.html.hbs

@@ -87,7 +87,7 @@ Bitwarden_rs SMTP Test
          </tr>
          <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
             <td class="container" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;" valign="top">
-               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;">
+               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: max-content;">
                   <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
                      <td class="content" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; display: block; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 0; line-height: 0; margin: 0 auto; max-width: 600px; padding-bottom: 20px;" valign="top">
                         <table class="main" width="100%" cellpadding="0" cellspacing="0" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; margin: 0; -webkit-text-size-adjust: none; border: 1px solid #e9e9e9; border-radius: 3px;" bgcolor="white">

src/static/templates/email/twofactor_email.html.hbs

@@ -42,7 +42,7 @@ Your Two-step Login Verification Code
     body {
         background-color: #f6f6f6;
     }
-    @media only screen and (max-width: 600px) {
+    @media only screen and (max-width: 410px) {
         body {
             padding: 0 !important;
         }
@@ -86,10 +86,10 @@ Your Two-step Login Verification Code
         </td>
     </tr>
     <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
-        <td class="container" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;" valign="top">
-            <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;">
+        <td class="container" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 410px !important; width: 410px;" valign="top">
+            <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 410px !important; width: max-content;">
                 <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
-                    <td class="content" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; display: block; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 0; line-height: 0; margin: 0 auto; max-width: 600px; padding-bottom: 20px;" valign="top">
+                    <td class="content" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; display: block; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 0; line-height: 0; margin: 0 auto; max-width: 410px; padding-bottom: 20px;" valign="top">
                         <table class="main" width="100%" cellpadding="0" cellspacing="0" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; margin: 0; -webkit-text-size-adjust: none; border: 1px solid #e9e9e9; border-radius: 3px;" bgcolor="white">
                             <tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
                                 <td class="content-wrap" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 20px; -webkit-text-size-adjust: none;" valign="top">

src/static/templates/email/verify_email.html.hbs

@@ -87,7 +87,7 @@ Verify Your Email
          </tr>
          <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
             <td class="container" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;" valign="top">
-               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;">
+               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: max-content;">
                   <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
                      <td class="content" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; display: block; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 0; line-height: 0; margin: 0 auto; max-width: 600px; padding-bottom: 20px;" valign="top">
                         <table class="main" width="100%" cellpadding="0" cellspacing="0" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; margin: 0; -webkit-text-size-adjust: none; border: 1px solid #e9e9e9; border-radius: 3px;" bgcolor="white">

src/static/templates/email/welcome.html.hbs

@@ -87,7 +87,7 @@ Welcome
          </tr>
          <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
             <td class="container" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;" valign="top">
-               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;">
+               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: max-content;">
                   <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
                      <td class="content" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; display: block; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 0; line-height: 0; margin: 0 auto; max-width: 600px; padding-bottom: 20px;" valign="top">
                         <table class="main" width="100%" cellpadding="0" cellspacing="0" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; margin: 0; -webkit-text-size-adjust: none; border: 1px solid #e9e9e9; border-radius: 3px;" bgcolor="white">

src/static/templates/email/welcome_must_verify.html.hbs

@@ -87,7 +87,7 @@ Welcome
          </tr>
          <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
             <td class="container" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;" valign="top">
-               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: 600px;">
+               <table cellpadding="0" cellspacing="0" class="container-table" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; clear: both !important; color: #333; display: block !important; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0 auto; max-width: 600px !important; width: max-content;">
                   <tr style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0;">
                      <td class="content" align="center" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #333; display: block; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 0; line-height: 0; margin: 0 auto; max-width: 600px; padding-bottom: 20px;" valign="top">
                         <table class="main" width="100%" cellpadding="0" cellspacing="0" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; margin: 0; -webkit-text-size-adjust: none; border: 1px solid #e9e9e9; border-radius: 3px;" bgcolor="white">

src/util.rs

@@ -65,13 +65,13 @@ impl Fairing for CORS {
         let req_headers = request.headers();
 
         // We need to explicitly get the Origin header for Access-Control-Allow-Origin
-        let req_allow_origin = CORS::valid_url(CORS::get_header(&req_headers, "Origin"));
+        let req_allow_origin = CORS::valid_url(CORS::get_header(req_headers, "Origin"));
 
         response.set_header(Header::new("Access-Control-Allow-Origin", req_allow_origin));
 
         if request.method() == Method::Options {
-            let req_allow_headers = CORS::get_header(&req_headers, "Access-Control-Request-Headers");
-            let req_allow_method = CORS::get_header(&req_headers, "Access-Control-Request-Method");
+            let req_allow_headers = CORS::get_header(req_headers, "Access-Control-Request-Headers");
+            let req_allow_method = CORS::get_header(req_headers, "Access-Control-Request-Method");
 
             response.set_header(Header::new("Access-Control-Allow-Methods", req_allow_method));
             response.set_header(Header::new("Access-Control-Allow-Headers", req_allow_headers));
@@ -86,14 +86,14 @@ impl Fairing for CORS {
 pub struct Cached<R>(R, &'static str);
 
 impl<R> Cached<R> {
-    pub fn long(r: R) -> Cached<R> {
+    pub const fn long(r: R) -> Cached<R> {
         // 7 days
-        Cached(r, "public, max-age=604800")
+        Self(r, "public, max-age=604800")
     }
 
-    pub fn short(r: R) -> Cached<R> {
+    pub const fn short(r: R) -> Cached<R> {
         // 10 minutes
-        Cached(r, "public, max-age=600")
+        Self(r, "public, max-age=600")
     }
 }
 
@@ -177,7 +177,7 @@ impl Fairing for BetterLogging {
         let uri_subpath = request.uri().path().trim_start_matches(&CONFIG.domain_path());
         if self.0 || LOGGED_ROUTES.iter().any(|r| uri_subpath.starts_with(r)) {
             let status = response.status();
-            if let Some(ref route) = request.route() {
+            if let Some(route) = request.route() {
                 info!(target: "response", "{} => {} {}", route, status.code, status.reason)
             } else {
                 info!(target: "response", "{} {}", status.code, status.reason)
@@ -227,33 +227,6 @@ pub fn delete_file(path: &str) -> IOResult<()> {
     res
 }
 
-pub struct LimitedReader<'a> {
-    reader: &'a mut dyn std::io::Read,
-    limit: usize, // In bytes
-    count: usize,
-}
-impl<'a> LimitedReader<'a> {
-    pub fn new(reader: &'a mut dyn std::io::Read, limit: usize) -> LimitedReader<'a> {
-        LimitedReader {
-            reader,
-            limit,
-            count: 0,
-        }
-    }
-}
-
-impl<'a> std::io::Read for LimitedReader<'a> {
-    fn read(&mut self, buf: &mut [u8]) -> std::io::Result<usize> {
-        self.count += buf.len();
-
-        if self.count > self.limit {
-            Ok(0) // End of the read
-        } else {
-            self.reader.read(buf)
-        }
-    }
-}
-
 const UNITS: [&str; 6] = ["bytes", "KB", "MB", "GB", "TB", "PB"];
 
 pub fn get_display_size(size: i32) -> String {
@@ -269,9 +242,7 @@ pub fn get_display_size(size: i32) -> String {
         }
     }
 
-    // Round to two decimals
-    size = (size * 100.).round() / 100.;
-    format!("{} {}", size, UNITS[unit_counter])
+    format!("{:.2} {}", size, UNITS[unit_counter])
 }
 
 pub fn get_uuid() -> String {