- Jul 08, 2024
-
-
Mathijs van Veluw authored
- Add missing `Headers` parameter for some functions This allowed any request from allowing these endpoints by not validating the user correctly. - Changed the functions to retreive the emergency access record by using the user uuid which calls the endpoint, instead of validating afterwards. This is more secure and prevents the need of an if check.
-
Mathijs van Veluw authored
- Updated the crates Removed the patch for mimalloc - Updated the web-vault to v2024.5.1b The reason for not updating to v2024.6.x is that there are several items not working correctly or need some more research.
-
Daniel authored
- faster builds than with gzip (the default)
-
- Jul 04, 2024
-
-
Stefan Melmuk authored
* add group support for Cipher::get_collections() join group infos assigned to a collection to check whether user has been given access to all collections via any group or they have access to a specific collection via any group membership * fix Collection::is_writable_by_user() prevent side effects if groups are disabled * differentiate the /collection endpoints * return cipherDetails on post_collections_update() * add collections_v2 endpoint
-
Daniel authored
-
Mathijs van Veluw authored
During import you are able to select an existing folder, or with Bitwarden exports it can contain existing folders already. In either case it didn't matter, we always created new folders. Bitwarden uses the same UUID of the selected or existing folders if they are already there. This PR fixes this by using the same behaviour. Fixes #4700
-
- Jul 03, 2024
-
-
Mathijs van Veluw authored
Collections were not visible in the organization view. This was because the `flexibleCollections` was set to `true` Found an issue with loading some old created Secure Notes which had `{}` or `{"type":null}` as there `data` value. This isn't allowed. When detected, replace it with `{"type":0}` Fixes #4682 Fixes #4590
-
- Jun 24, 2024
-
-
Daniel García authored
-
Daniel authored
- libatomic linking for armv6 has been fixed in https://github.com/purpleprotocol/mimalloc_rust/commit/992c9da4c5afba7fbf4c5815c43c8f0fbd2a8da6
-
Daniel García authored
-
- Jun 23, 2024
-
-
Daniel García authored
* Change API inputs/outputs and structs to camelCase * Fix fields and password history * Use convert_json_key_lcase_first * Make sends lowercase * Update admin and templates * Update org revoke * Fix sends expecting size to be a string on mobile * Convert two-factor providers to string
-
- Jun 20, 2024
-
-
Daniel García authored
-
Daniel García authored
-
- Jun 19, 2024
-
-
Mathijs van Veluw authored
- Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
-
- Jun 16, 2024
-
-
Daniel García authored
* Update rust and remove unused header values * Missed one unused var
-
- May 25, 2024
-
-
Mathijs van Veluw authored
- Updated JS/CSS dependencies - Fixed a small issue regarding DNS IP detection fixes #3946 fixes #3947
-
Timshel authored
-
Stefan Melmuk authored
-
Daniel authored
- needed to add double quotes, otherwise it was parsed as 3.2 instead of 3.20
-
Daniel authored
-
Mathijs van Veluw authored
- Update crates including rocket and rocket_ws
-
- May 19, 2024
-
-
FDHoho007 authored
-
Stefan Melmuk authored
-
Daniel authored
Move some ARGs closer to the build stage (potentially improving caching) Remove redundant COPY commands Remove redundant RUN command Move CARGO_HOME's "&&" operator to the first line (improves consistency)
-
Rich Purnell authored
-
Mathijs van Veluw authored
* Update Rust and crates - Updated Rust to v1.78.0 - Updated crates * Update web-vault to v2024.5.0
-
- Apr 27, 2024
-
-
Daniel García authored
-
Stefan Melmuk authored
* fix emergency access invites with no mail when mail is disabled instead of accepting emergency access for all invited users automatically, we only accept if the user already exists on registration of a new account any open emergency access invitations will be accepted, if mail is disabled also prevent invited emergency access contacts to register if emergency access is disabled (this is only relevant for when mail is enabled, if mail is disabled they should have an Invitation entry) * delete emergency access invitations if an invited user is deleted in the /admin panel their emergency access invitation will remain in the database which causes the to_json_grantee_details fn to panic * improve missing emergency access grantees instead of returning an empty emergency access contact the entry should not be added to the list. also the error handling can be improved a bit.
-
Stefan Melmuk authored
* refactor get_org_collections_details * improve access to collection check * fix get_org_collection_detail too
-
Kristof Mattei authored
-
Mathijs van Veluw authored
There was a PR (#4370) to add i686/i386 support for Vaultwarden. That specific PR was not a viable way of adding this. This PR adds extra architectures for Debian based containers which we will not support by default. Those images will not be build and pushed to our container registries. Added the following architectures: - linux/386 - linux/ppc64le - linux/s390x Again, there will be no major support for these architectures, but it will allow people who use these architectures to build a Debian based binary more easily
-
Daniel García authored
-
- Apr 26, 2024
-
-
Mathijs van Veluw authored
* Update Crate and Rust - Updated all crates - Updated Rust to the latest patch version * Updated GitHub Actions
-
- Apr 06, 2024
-
-
Mathijs van Veluw authored
Key rotation was changed since 2024.1.x. Multiple other items were added to be rotated like password-reset and emergency-access data to be part of just one POST instead of having multiple. See: https://github.com/dani-garcia/bw_web_builds/pull/157
-
Mathijs van Veluw authored
- Updated all crates including reqwest - Fixed some clippy lints reported by nightly Rust
-
Stefan Melmuk authored
* update web-vault to v2024.3.0 * update web-vault to v2024.3.1
-
- Mar 23, 2024
-
-
Daniel García authored
-
Mathijs van Veluw authored
- Updated Rust to v1.77.0 - Updated several crates The `reqwest` update included `trust-dns` > `hickory-dns` changes. Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate. - Fixed a new clippy warning
-
- Mar 19, 2024
-
-
Mathijs van Veluw authored
- Updated sqlite crate - Updated chrono crate The latter needed a lot of changes done, mostly `Duration` to `TimeDelta`. And some changes on how to use Naive.
-
guangwu authored
Signed-off-by: guoguangwu <guoguangwug@gmail.com>
-