Daniel García
2b75d81a8b
Ignore unused field
2022-02-27 21:37:24 +01:00
BlackDex
87e08b9e50
Async/Awaited all db methods
...
This is a rather large PR which updates the async branch to have all the
database methods as an async fn.
Some iter/map logic needed to be changed to a stream::iter().then(), but
besides that most changes were just adding async/await where needed.
2022-02-27 21:37:23 +01:00
Daniel García
0b7d6bf6df
Update to rocket 0.5 and made code async, missing updating all db calls, that are currently blocking
2022-02-27 21:36:31 +01:00
Jeremy Lin
8f7900759f
Fix scope
and refresh_token
for API key logins
...
API key logins use a scope of `api`, not `api offline_access`. Since
`offline_access` is not requested, no `refresh_token` is returned either.
2022-01-21 23:10:15 -08:00
Jeremy Lin
69ee4a70b4
Add support for API keys
...
This is mainly useful for CLI-based login automation.
2022-01-21 23:10:11 -08:00
Daniel García
5529264c3f
Basic ratelimit for user login (including 2FA) and admin login
2021-12-22 21:48:49 +01:00
Jeremy Lin
c476e19796
Add email notifications for incomplete 2FA logins
...
An incomplete 2FA login is one where the correct master password was provided,
but the 2FA token or action required to complete the login was not provided
within the configured time limit. This potentially indicates that the user's
master password has been compromised, but the login was blocked by 2FA.
Be aware that the 2FA step can usually still be completed after the email
notification has already been sent out, which could be confusing. Therefore,
the incomplete 2FA time limit should be long enough that this situation would
be unlikely. This feature can also be disabled entirely if desired.
2021-10-28 00:19:43 -07:00
Adam Jones
d014eede9a
feature: Support single organization policy
...
This adds back-end support for the [single organization policy](https://bitwarden.com/help/article/policies/#single-organization ).
2021-10-02 19:30:19 +02:00
Daniel García
9254cf9d9c
Fix clippy lints
2021-06-19 22:02:03 +02:00
Daniel García
c380d9c379
Support for webauthn and u2f->webauthn migrations
2021-06-16 19:06:40 +02:00
Jake Howard
994669fb69
Merge remote-tracking branch 'origin/master' into fmt
2021-04-06 21:55:28 +01:00
Jake Howard
3ab90259f2
Modify rustfmt file
2021-04-06 21:54:42 +01:00
Daniel García
b268c3dd1c
Update web vault and add unnoficialserver response
2021-04-06 20:38:22 +02:00
Jake Howard
0af3956abd
Run cargo fmt
on codebase
2021-03-31 21:18:35 +01:00
janost
043aa27aa3
Implement admin ability to enable/disable users
2020-11-30 23:12:56 +01:00
Daniel García
29c6b145ca
Remove redundant user fetching from login
2020-08-11 16:48:15 +02:00
Daniel García
ad48e9ed0f
Fix unlock on desktop clients
2020-08-04 15:12:04 +02:00
Daniel García
668d5c23dc
Removed try_trait and some formatting, particularly around imports
2020-07-14 18:34:22 +02:00
Jeremy Lin
a28ebcb401
Use local time in email notifications for new device logins
...
In this implementation, the `TZ` environment variable must be set
in order for the formatted output to use a more user-friendly
time zone abbreviation (e.g., `UTC`). Otherwise, the output uses
the time zone's UTC offset (e.g., `+00:00`).
2020-07-07 21:30:18 -07:00
Daniel García
0807783388
Add ip on totp miss
2020-05-14 00:19:50 +02:00
Daniel García
9cca64003a
Remove unused dependency and simple feature, update dependencies and fix some clippy lints
2020-05-03 17:24:51 +02:00
Jeremy Lin
c06162b22f
Handle devicePushToken
...
Mobile push isn't currently supported, but this should get rid of spurious
`Detected unexpected parameter during login: devicepushtoken` warnings.
2020-03-22 15:04:25 -07:00
Daniel García
5cabf4d040
Fix IP not shown when failed login ( Fixes #761 )
2019-12-07 14:38:32 +01:00
Daniel García
912e1f93b7
Fix some lints
2019-12-06 22:12:41 +01:00
tomuta
bd1e8be328
Implement change-email, email-verification, account-recovery, and welcome notifications
2019-11-24 22:28:49 -07:00
vpl
2edecf34ff
Use user_uuid instead of mut twofactor
2019-10-15 21:20:19 +02:00
vpl
18bc8331f9
Send email when preparing 2FA JsonError
2019-10-15 21:19:49 +02:00
BlackDex
ebf40099f2
Updated authenticator TOTP
...
- Added security check for previouse used codes
- Allow TOTP codes with 1 step back and forward when there is a time
drift. This means in total 3 codes could be valid. But only newer codes
then the previouse used codes are excepted after that.
2019-10-10 17:32:20 +02:00
vpl
5d50b1ee3c
Merge remote-tracking branch 'upstream/master' into email-codes
2019-08-26 21:38:45 +02:00
vpl
ee7837d022
Add option to require new device emails
2019-08-19 22:14:00 +02:00
Daniel García
07743e490b
Ignore error sending device email
2019-08-18 19:32:26 +02:00
vpl
6d460b44b0
Use saved token for email 2fa codes
2019-08-04 17:21:57 +02:00
vpl
efd8d9f528
Remove some unused imports, unneeded mut variables
2019-08-04 16:56:41 +02:00
vpl
29aedd388e
Add email code logic and move two_factor into separate modules
2019-08-04 16:56:41 +02:00
vpl
27e0e41835
Add email authenticator logic
2019-08-04 16:56:39 +02:00
vpl
df71f57d86
Move send device email to end of password login
...
Send new device email after two factor authentication.
2019-07-25 21:10:27 +02:00
vpl
60e39a9dd1
Move retrieve/new device from connData to separate function
2019-07-22 12:30:26 +02:00
vpl
bc6a53b847
Add new device email when user logs in
2019-07-22 08:26:24 +02:00
Emil Madsen
e22e290f67
Fix key and type variable names for mysql
2019-05-20 21:24:29 +02:00
Daniel García
253faaf023
Use users duo host when required, instead of always using the global one
2019-04-15 13:07:23 +02:00
Daniel García
8d9827c55f
Implement selection between global config and user settings for duo keys.
2019-04-11 18:40:03 +02:00
Daniel García
754087b990
Add global duo config and document options in .env template
2019-04-07 18:58:15 +02:00
Daniel García
cfbeb56371
Implement user duo, initial version
...
TODO:
- At the moment each user needs to configure a DUO application and input the API keys, we need to check if multiple users can register with the same keys correctly and if so we could implement a global setting.
- Sometimes the Duo frame doesn't load correctly, but canceling, reloading the page and logging in again seems to fix it for me.
2019-04-05 22:09:53 +02:00
Daniel García
7d2bc9e162
Added option to force 2fa at logins and made some changes to two factor code.
...
Added newlines to config options to keep them a reasonable length.
2019-03-03 16:09:15 +01:00
Daniel García
5ee04e31e5
Updated dependencies, removed some unnecessary clones and fixed some lints
2019-02-20 17:54:18 +01:00
Daniel García
9636f33fdb
Implement constant time equal check for admin, 2fa recover and 2fa remember tokens
2019-02-11 23:45:55 +01:00
Daniel García
700e084101
Add 2FA icon to admin panel
2019-01-25 18:50:57 +01:00
Daniel García
a1dc47b826
Change config to thread-safe system, needed for a future config panel.
...
Improved some two factor methods.
2019-01-25 18:24:57 +01:00
Daniel García
30e768613b
Start using rustfmt and some style changes to make some lines shorter
2018-12-30 23:34:31 +01:00
Daniel García
6a99849a1e
Implemented proper error handling, now we can do user.save($conn)?;
and it works.
...
In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
2018-12-30 21:31:12 +01:00