2018-02-15 00:53:11 +01:00
|
|
|
use chrono::{NaiveDateTime, Utc};
|
2018-02-10 01:00:55 +01:00
|
|
|
|
2023-06-02 21:36:15 +02:00
|
|
|
use crate::{crypto, CONFIG};
|
2023-08-04 21:12:23 +02:00
|
|
|
use core::fmt;
|
2018-02-15 00:40:34 +01:00
|
|
|
|
2020-08-18 17:15:44 +02:00
|
|
|
db_object! {
|
2022-05-04 21:13:05 +02:00
|
|
|
#[derive(Identifiable, Queryable, Insertable, AsChangeset)]
|
2022-05-20 23:39:47 +02:00
|
|
|
#[diesel(table_name = devices)]
|
|
|
|
#[diesel(treat_none_as_null = true)]
|
|
|
|
#[diesel(primary_key(uuid, user_uuid))]
|
2020-08-18 17:15:44 +02:00
|
|
|
pub struct Device {
|
|
|
|
pub uuid: String,
|
|
|
|
pub created_at: NaiveDateTime,
|
|
|
|
pub updated_at: NaiveDateTime,
|
|
|
|
|
|
|
|
pub user_uuid: String,
|
|
|
|
|
|
|
|
pub name: String,
|
2023-06-11 13:28:18 +02:00
|
|
|
pub atype: i32, // https://github.com/bitwarden/server/blob/master/src/Core/Enums/DeviceType.cs
|
|
|
|
pub push_uuid: Option<String>,
|
2020-08-18 17:15:44 +02:00
|
|
|
pub push_token: Option<String>,
|
|
|
|
|
|
|
|
pub refresh_token: String,
|
|
|
|
|
|
|
|
pub twofactor_remember: Option<String>,
|
|
|
|
}
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/// Local methods
|
|
|
|
impl Device {
|
2019-05-20 21:12:41 +02:00
|
|
|
pub fn new(uuid: String, user_uuid: String, name: String, atype: i32) -> Self {
|
2018-02-10 01:00:55 +01:00
|
|
|
let now = Utc::now().naive_utc();
|
|
|
|
|
2018-02-15 00:40:34 +01:00
|
|
|
Self {
|
2018-02-10 01:00:55 +01:00
|
|
|
uuid,
|
|
|
|
created_at: now,
|
|
|
|
updated_at: now,
|
|
|
|
|
|
|
|
user_uuid,
|
|
|
|
name,
|
2019-05-20 21:12:41 +02:00
|
|
|
atype,
|
2018-02-10 01:00:55 +01:00
|
|
|
|
2023-06-11 13:28:18 +02:00
|
|
|
push_uuid: None,
|
2018-02-10 01:00:55 +01:00
|
|
|
push_token: None,
|
|
|
|
refresh_token: String::new(),
|
2018-06-01 15:08:03 +02:00
|
|
|
twofactor_remember: None,
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-07-12 21:46:50 +02:00
|
|
|
pub fn refresh_twofactor_remember(&mut self) -> String {
|
2018-12-30 23:34:31 +01:00
|
|
|
use data_encoding::BASE64;
|
2022-11-11 10:55:04 +01:00
|
|
|
let twofactor_remember = crypto::encode_random_bytes::<180>(BASE64);
|
2018-07-12 21:46:50 +02:00
|
|
|
self.twofactor_remember = Some(twofactor_remember.clone());
|
|
|
|
|
|
|
|
twofactor_remember
|
2018-06-01 15:08:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
pub fn delete_twofactor_remember(&mut self) {
|
|
|
|
self.twofactor_remember = None;
|
|
|
|
}
|
|
|
|
|
2023-12-13 17:49:35 +01:00
|
|
|
pub fn refresh_tokens(&mut self, user: &super::User, scope: Vec<String>) -> (String, i64) {
|
2018-02-10 01:00:55 +01:00
|
|
|
// If there is no refresh token, we create one
|
|
|
|
if self.refresh_token.is_empty() {
|
2018-12-30 23:34:31 +01:00
|
|
|
use data_encoding::BASE64URL;
|
2022-11-11 10:55:04 +01:00
|
|
|
self.refresh_token = crypto::encode_random_bytes::<64>(BASE64URL);
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// Update the expiration of the device and the last update date
|
2024-03-19 19:47:30 +01:00
|
|
|
let time_now = Utc::now();
|
|
|
|
self.updated_at = time_now.naive_utc();
|
2018-02-10 01:00:55 +01:00
|
|
|
|
2023-12-13 17:49:35 +01:00
|
|
|
// ---
|
|
|
|
// Disabled these keys to be added to the JWT since they could cause the JWT to get too large
|
|
|
|
// Also These key/value pairs are not used anywhere by either Vaultwarden or Bitwarden Clients
|
|
|
|
// Because these might get used in the future, and they are added by the Bitwarden Server, lets keep it, but then commented out
|
|
|
|
// ---
|
|
|
|
// fn arg: orgs: Vec<super::UserOrganization>,
|
|
|
|
// ---
|
|
|
|
// let orgowner: Vec<_> = orgs.iter().filter(|o| o.atype == 0).map(|o| o.org_uuid.clone()).collect();
|
|
|
|
// let orgadmin: Vec<_> = orgs.iter().filter(|o| o.atype == 1).map(|o| o.org_uuid.clone()).collect();
|
|
|
|
// let orguser: Vec<_> = orgs.iter().filter(|o| o.atype == 2).map(|o| o.org_uuid.clone()).collect();
|
|
|
|
// let orgmanager: Vec<_> = orgs.iter().filter(|o| o.atype == 3).map(|o| o.org_uuid.clone()).collect();
|
2018-04-24 22:01:55 +02:00
|
|
|
|
2018-02-10 01:00:55 +01:00
|
|
|
// Create the JWT claims struct, to send to the client
|
2021-03-27 15:26:32 +01:00
|
|
|
use crate::auth::{encode_jwt, LoginJwtClaims, DEFAULT_VALIDITY, JWT_LOGIN_ISSUER};
|
|
|
|
let claims = LoginJwtClaims {
|
2018-02-10 01:00:55 +01:00
|
|
|
nbf: time_now.timestamp(),
|
|
|
|
exp: (time_now + *DEFAULT_VALIDITY).timestamp(),
|
2019-01-19 21:36:34 +01:00
|
|
|
iss: JWT_LOGIN_ISSUER.to_string(),
|
2022-07-10 16:39:38 +02:00
|
|
|
sub: user.uuid.clone(),
|
2018-04-24 22:01:55 +02:00
|
|
|
|
2018-02-10 01:00:55 +01:00
|
|
|
premium: true,
|
2022-07-10 16:39:38 +02:00
|
|
|
name: user.name.clone(),
|
|
|
|
email: user.email.clone(),
|
2019-11-25 06:28:49 +01:00
|
|
|
email_verified: !CONFIG.mail_enabled() || user.verified_at.is_some(),
|
2018-04-24 22:01:55 +02:00
|
|
|
|
2023-12-13 17:49:35 +01:00
|
|
|
// ---
|
|
|
|
// Disabled these keys to be added to the JWT since they could cause the JWT to get too large
|
|
|
|
// Also These key/value pairs are not used anywhere by either Vaultwarden or Bitwarden Clients
|
|
|
|
// Because these might get used in the future, and they are added by the Bitwarden Server, lets keep it, but then commented out
|
|
|
|
// See: https://github.com/dani-garcia/vaultwarden/issues/4156
|
|
|
|
// ---
|
|
|
|
// orgowner,
|
|
|
|
// orgadmin,
|
|
|
|
// orguser,
|
|
|
|
// orgmanager,
|
2022-07-10 16:39:38 +02:00
|
|
|
sstamp: user.security_stamp.clone(),
|
|
|
|
device: self.uuid.clone(),
|
2022-01-21 06:50:58 +01:00
|
|
|
scope,
|
2018-02-10 01:00:55 +01:00
|
|
|
amr: vec!["Application".into()],
|
|
|
|
};
|
|
|
|
|
|
|
|
(encode_jwt(&claims), DEFAULT_VALIDITY.num_seconds())
|
|
|
|
}
|
2024-01-30 19:14:25 +01:00
|
|
|
|
|
|
|
pub fn is_push_device(&self) -> bool {
|
|
|
|
matches!(DeviceType::from_i32(self.atype), DeviceType::Android | DeviceType::Ios)
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn is_registered(&self) -> bool {
|
|
|
|
self.push_uuid.is_some()
|
|
|
|
}
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
|
|
|
|
2018-12-30 23:34:31 +01:00
|
|
|
use crate::db::DbConn;
|
2018-02-10 01:00:55 +01:00
|
|
|
|
2018-12-19 21:52:53 +01:00
|
|
|
use crate::api::EmptyResult;
|
|
|
|
use crate::error::MapResult;
|
|
|
|
|
2018-02-10 01:00:55 +01:00
|
|
|
/// Database methods
|
|
|
|
impl Device {
|
2022-05-20 23:39:47 +02:00
|
|
|
pub async fn save(&mut self, conn: &mut DbConn) -> EmptyResult {
|
2019-09-12 22:12:22 +02:00
|
|
|
self.updated_at = Utc::now().naive_utc();
|
|
|
|
|
2021-03-27 15:26:32 +01:00
|
|
|
db_run! { conn:
|
2020-08-18 17:15:44 +02:00
|
|
|
sqlite, mysql {
|
|
|
|
crate::util::retry(
|
|
|
|
|| diesel::replace_into(devices::table).values(DeviceDb::to_db(self)).execute(conn),
|
|
|
|
10,
|
|
|
|
).map_res("Error saving device")
|
|
|
|
}
|
|
|
|
postgresql {
|
|
|
|
let value = DeviceDb::to_db(self);
|
|
|
|
crate::util::retry(
|
2022-03-03 21:00:10 +01:00
|
|
|
|| diesel::insert_into(devices::table).values(&value).on_conflict((devices::uuid, devices::user_uuid)).do_update().set(&value).execute(conn),
|
2020-08-18 17:15:44 +02:00
|
|
|
10,
|
|
|
|
).map_res("Error saving device")
|
|
|
|
}
|
|
|
|
}
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
|
|
|
|
2022-05-20 23:39:47 +02:00
|
|
|
pub async fn delete_all_by_user(user_uuid: &str, conn: &mut DbConn) -> EmptyResult {
|
2020-08-18 17:15:44 +02:00
|
|
|
db_run! { conn: {
|
2022-03-03 21:00:10 +01:00
|
|
|
diesel::delete(devices::table.filter(devices::user_uuid.eq(user_uuid)))
|
2020-08-18 17:15:44 +02:00
|
|
|
.execute(conn)
|
2022-03-03 21:00:10 +01:00
|
|
|
.map_res("Error removing devices for user")
|
2020-08-18 17:15:44 +02:00
|
|
|
}}
|
2018-10-12 16:20:10 +02:00
|
|
|
}
|
|
|
|
|
2022-05-20 23:39:47 +02:00
|
|
|
pub async fn find_by_uuid_and_user(uuid: &str, user_uuid: &str, conn: &mut DbConn) -> Option<Self> {
|
2020-08-18 17:15:44 +02:00
|
|
|
db_run! { conn: {
|
|
|
|
devices::table
|
|
|
|
.filter(devices::uuid.eq(uuid))
|
2022-03-03 21:00:10 +01:00
|
|
|
.filter(devices::user_uuid.eq(user_uuid))
|
2020-08-18 17:15:44 +02:00
|
|
|
.first::<DeviceDb>(conn)
|
|
|
|
.ok()
|
|
|
|
.from_db()
|
|
|
|
}}
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
|
|
|
|
2023-06-11 13:28:18 +02:00
|
|
|
pub async fn find_by_user(user_uuid: &str, conn: &mut DbConn) -> Vec<Self> {
|
|
|
|
db_run! { conn: {
|
|
|
|
devices::table
|
|
|
|
.filter(devices::user_uuid.eq(user_uuid))
|
|
|
|
.load::<DeviceDb>(conn)
|
|
|
|
.expect("Error loading devices")
|
|
|
|
.from_db()
|
|
|
|
}}
|
|
|
|
}
|
|
|
|
|
|
|
|
pub async fn find_by_uuid(uuid: &str, conn: &mut DbConn) -> Option<Self> {
|
|
|
|
db_run! { conn: {
|
|
|
|
devices::table
|
|
|
|
.filter(devices::uuid.eq(uuid))
|
|
|
|
.first::<DeviceDb>(conn)
|
|
|
|
.ok()
|
|
|
|
.from_db()
|
|
|
|
}}
|
|
|
|
}
|
|
|
|
|
|
|
|
pub async fn clear_push_token_by_uuid(uuid: &str, conn: &mut DbConn) -> EmptyResult {
|
|
|
|
db_run! { conn: {
|
|
|
|
diesel::update(devices::table)
|
|
|
|
.filter(devices::uuid.eq(uuid))
|
|
|
|
.set(devices::push_token.eq::<Option<String>>(None))
|
|
|
|
.execute(conn)
|
|
|
|
.map_res("Error removing push token")
|
|
|
|
}}
|
|
|
|
}
|
2022-05-20 23:39:47 +02:00
|
|
|
pub async fn find_by_refresh_token(refresh_token: &str, conn: &mut DbConn) -> Option<Self> {
|
2020-08-18 17:15:44 +02:00
|
|
|
db_run! { conn: {
|
|
|
|
devices::table
|
|
|
|
.filter(devices::refresh_token.eq(refresh_token))
|
|
|
|
.first::<DeviceDb>(conn)
|
|
|
|
.ok()
|
|
|
|
.from_db()
|
|
|
|
}}
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
2018-02-15 19:05:57 +01:00
|
|
|
|
2022-05-20 23:39:47 +02:00
|
|
|
pub async fn find_latest_active_by_user(user_uuid: &str, conn: &mut DbConn) -> Option<Self> {
|
2020-11-30 22:00:51 +01:00
|
|
|
db_run! { conn: {
|
|
|
|
devices::table
|
|
|
|
.filter(devices::user_uuid.eq(user_uuid))
|
|
|
|
.order(devices::updated_at.desc())
|
|
|
|
.first::<DeviceDb>(conn)
|
|
|
|
.ok()
|
|
|
|
.from_db()
|
|
|
|
}}
|
|
|
|
}
|
2024-01-30 19:14:25 +01:00
|
|
|
|
2023-06-16 23:34:16 +02:00
|
|
|
pub async fn find_push_devices_by_user(user_uuid: &str, conn: &mut DbConn) -> Vec<Self> {
|
2023-06-11 13:28:18 +02:00
|
|
|
db_run! { conn: {
|
|
|
|
devices::table
|
|
|
|
.filter(devices::user_uuid.eq(user_uuid))
|
|
|
|
.filter(devices::push_token.is_not_null())
|
|
|
|
.load::<DeviceDb>(conn)
|
|
|
|
.expect("Error loading push devices")
|
|
|
|
.from_db()
|
|
|
|
}}
|
|
|
|
}
|
2023-06-16 23:34:16 +02:00
|
|
|
|
|
|
|
pub async fn check_user_has_push_device(user_uuid: &str, conn: &mut DbConn) -> bool {
|
|
|
|
db_run! { conn: {
|
|
|
|
devices::table
|
|
|
|
.filter(devices::user_uuid.eq(user_uuid))
|
|
|
|
.filter(devices::push_token.is_not_null())
|
|
|
|
.count()
|
|
|
|
.first::<i64>(conn)
|
|
|
|
.ok()
|
|
|
|
.unwrap_or(0) != 0
|
|
|
|
}}
|
|
|
|
}
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
2023-08-04 21:12:23 +02:00
|
|
|
|
|
|
|
pub enum DeviceType {
|
|
|
|
Android = 0,
|
|
|
|
Ios = 1,
|
|
|
|
ChromeExtension = 2,
|
|
|
|
FirefoxExtension = 3,
|
|
|
|
OperaExtension = 4,
|
|
|
|
EdgeExtension = 5,
|
|
|
|
WindowsDesktop = 6,
|
|
|
|
MacOsDesktop = 7,
|
|
|
|
LinuxDesktop = 8,
|
|
|
|
ChromeBrowser = 9,
|
|
|
|
FirefoxBrowser = 10,
|
|
|
|
OperaBrowser = 11,
|
|
|
|
EdgeBrowser = 12,
|
|
|
|
IEBrowser = 13,
|
|
|
|
UnknownBrowser = 14,
|
|
|
|
AndroidAmazon = 15,
|
|
|
|
Uwp = 16,
|
|
|
|
SafariBrowser = 17,
|
|
|
|
VivaldiBrowser = 18,
|
|
|
|
VivaldiExtension = 19,
|
|
|
|
SafariExtension = 20,
|
|
|
|
Sdk = 21,
|
|
|
|
Server = 22,
|
|
|
|
}
|
|
|
|
|
|
|
|
impl fmt::Display for DeviceType {
|
|
|
|
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
|
|
|
|
match self {
|
|
|
|
DeviceType::Android => write!(f, "Android"),
|
|
|
|
DeviceType::Ios => write!(f, "iOS"),
|
|
|
|
DeviceType::ChromeExtension => write!(f, "Chrome Extension"),
|
|
|
|
DeviceType::FirefoxExtension => write!(f, "Firefox Extension"),
|
|
|
|
DeviceType::OperaExtension => write!(f, "Opera Extension"),
|
|
|
|
DeviceType::EdgeExtension => write!(f, "Edge Extension"),
|
|
|
|
DeviceType::WindowsDesktop => write!(f, "Windows Desktop"),
|
|
|
|
DeviceType::MacOsDesktop => write!(f, "MacOS Desktop"),
|
|
|
|
DeviceType::LinuxDesktop => write!(f, "Linux Desktop"),
|
|
|
|
DeviceType::ChromeBrowser => write!(f, "Chrome Browser"),
|
|
|
|
DeviceType::FirefoxBrowser => write!(f, "Firefox Browser"),
|
|
|
|
DeviceType::OperaBrowser => write!(f, "Opera Browser"),
|
|
|
|
DeviceType::EdgeBrowser => write!(f, "Edge Browser"),
|
|
|
|
DeviceType::IEBrowser => write!(f, "Internet Explorer"),
|
|
|
|
DeviceType::UnknownBrowser => write!(f, "Unknown Browser"),
|
|
|
|
DeviceType::AndroidAmazon => write!(f, "Android Amazon"),
|
|
|
|
DeviceType::Uwp => write!(f, "UWP"),
|
|
|
|
DeviceType::SafariBrowser => write!(f, "Safari Browser"),
|
|
|
|
DeviceType::VivaldiBrowser => write!(f, "Vivaldi Browser"),
|
|
|
|
DeviceType::VivaldiExtension => write!(f, "Vivaldi Extension"),
|
|
|
|
DeviceType::SafariExtension => write!(f, "Safari Extension"),
|
|
|
|
DeviceType::Sdk => write!(f, "SDK"),
|
|
|
|
DeviceType::Server => write!(f, "Server"),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
impl DeviceType {
|
|
|
|
pub fn from_i32(value: i32) -> DeviceType {
|
|
|
|
match value {
|
|
|
|
0 => DeviceType::Android,
|
|
|
|
1 => DeviceType::Ios,
|
|
|
|
2 => DeviceType::ChromeExtension,
|
|
|
|
3 => DeviceType::FirefoxExtension,
|
|
|
|
4 => DeviceType::OperaExtension,
|
|
|
|
5 => DeviceType::EdgeExtension,
|
|
|
|
6 => DeviceType::WindowsDesktop,
|
|
|
|
7 => DeviceType::MacOsDesktop,
|
|
|
|
8 => DeviceType::LinuxDesktop,
|
|
|
|
9 => DeviceType::ChromeBrowser,
|
|
|
|
10 => DeviceType::FirefoxBrowser,
|
|
|
|
11 => DeviceType::OperaBrowser,
|
|
|
|
12 => DeviceType::EdgeBrowser,
|
|
|
|
13 => DeviceType::IEBrowser,
|
|
|
|
14 => DeviceType::UnknownBrowser,
|
|
|
|
15 => DeviceType::AndroidAmazon,
|
|
|
|
16 => DeviceType::Uwp,
|
|
|
|
17 => DeviceType::SafariBrowser,
|
|
|
|
18 => DeviceType::VivaldiBrowser,
|
|
|
|
19 => DeviceType::VivaldiExtension,
|
|
|
|
20 => DeviceType::SafariExtension,
|
|
|
|
21 => DeviceType::Sdk,
|
|
|
|
22 => DeviceType::Server,
|
|
|
|
_ => DeviceType::UnknownBrowser,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|