MirrorHub/bitwarden_rs
0
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden synced 2024-06-26 07:48:20 +02:00
Code Issues Releases Wiki Activity
1748 commits 1 branch 58 tags 20 MiB
Commit graph

72 commits

Author SHA1 Message Date
Daniel García 5529264c3f
Basic ratelimit for user login (including 2FA) and admin login 2021-12-22 21:48:49 +01:00
Jeremy Lin c476e19796 Add email notifications for incomplete 2FA logins 
An incomplete 2FA login is one where the correct master password was provided,
but the 2FA token or action required to complete the login was not provided
within the configured time limit. This potentially indicates that the user's
master password has been compromised, but the login was blocked by 2FA.

Be aware that the 2FA step can usually still be completed after the email
notification has already been sent out, which could be confusing. Therefore,
the incomplete 2FA time limit should be long enough that this situation would
be unlikely. This feature can also be disabled entirely if desired.
 2021-10-28 00:19:43 -07:00
Adam Jones d014eede9a
feature: Support single organization policy 
This adds back-end support for the [single organization policy](https://bitwarden.com/help/article/policies/#single-organization).
 2021-10-02 19:30:19 +02:00
Daniel García 9254cf9d9c
Fix clippy lints 2021-06-19 22:02:03 +02:00
Daniel García c380d9c379
Support for webauthn and u2f->webauthn migrations 2021-06-16 19:06:40 +02:00
Jake Howard 994669fb69
Merge remote-tracking branch 'origin/master' into fmt 2021-04-06 21:55:28 +01:00
Jake Howard 3ab90259f2
Modify rustfmt file 2021-04-06 21:54:42 +01:00
Daniel García b268c3dd1c
Update web vault and add unnoficialserver response 2021-04-06 20:38:22 +02:00
Jake Howard 0af3956abd
Run cargo fmt on codebase 2021-03-31 21:18:35 +01:00
janost 043aa27aa3 Implement admin ability to enable/disable users 2020-11-30 23:12:56 +01:00
Daniel García 29c6b145ca
Remove redundant user fetching from login 2020-08-11 16:48:15 +02:00
Daniel García ad48e9ed0f
Fix unlock on desktop clients 2020-08-04 15:12:04 +02:00
Daniel García 668d5c23dc
Removed try_trait and some formatting, particularly around imports 2020-07-14 18:34:22 +02:00
Jeremy Lin a28ebcb401 Use local time in email notifications for new device logins 
In this implementation, the `TZ` environment variable must be set
in order for the formatted output to use a more user-friendly
time zone abbreviation (e.g., `UTC`). Otherwise, the output uses
the time zone's UTC offset (e.g., `+00:00`).
 2020-07-07 21:30:18 -07:00
Daniel García 0807783388
Add ip on totp miss 2020-05-14 00:19:50 +02:00
Daniel García 9cca64003a
Remove unused dependency and simple feature, update dependencies and fix some clippy lints 2020-05-03 17:24:51 +02:00
Jeremy Lin c06162b22f Handle devicePushToken 
Mobile push isn't currently supported, but this should get rid of spurious
`Detected unexpected parameter during login: devicepushtoken` warnings.
 2020-03-22 15:04:25 -07:00
Daniel García 5cabf4d040
Fix IP not shown when failed login (Fixes #761) 2019-12-07 14:38:32 +01:00
Daniel García 912e1f93b7
Fix some lints 2019-12-06 22:12:41 +01:00
tomuta bd1e8be328 Implement change-email, email-verification, account-recovery, and welcome notifications 2019-11-24 22:28:49 -07:00
vpl 2edecf34ff Use user_uuid instead of mut twofactor 2019-10-15 21:20:19 +02:00
vpl 18bc8331f9 Send email when preparing 2FA JsonError 2019-10-15 21:19:49 +02:00
BlackDex ebf40099f2 Updated authenticator TOTP 
- Added security check for previouse used codes
- Allow TOTP codes with 1 step back and forward when there is a time
drift. This means in total 3 codes could be valid. But only newer codes
then the previouse used codes are excepted after that.
 2019-10-10 17:32:20 +02:00
vpl 5d50b1ee3c Merge remote-tracking branch 'upstream/master' into email-codes 2019-08-26 21:38:45 +02:00
vpl ee7837d022 Add option to require new device emails 2019-08-19 22:14:00 +02:00
Daniel García 07743e490b
Ignore error sending device email 2019-08-18 19:32:26 +02:00
vpl 6d460b44b0 Use saved token for email 2fa codes 2019-08-04 17:21:57 +02:00
vpl efd8d9f528 Remove some unused imports, unneeded mut variables 2019-08-04 16:56:41 +02:00
vpl 29aedd388e Add email code logic and move two_factor into separate modules 2019-08-04 16:56:41 +02:00
vpl 27e0e41835 Add email authenticator logic 2019-08-04 16:56:39 +02:00
vpl df71f57d86 Move send device email to end of password login 
Send new device email after two factor authentication.
 2019-07-25 21:10:27 +02:00
vpl 60e39a9dd1 Move retrieve/new device from connData to separate function 2019-07-22 12:30:26 +02:00
vpl bc6a53b847 Add new device email when user logs in 2019-07-22 08:26:24 +02:00
Emil Madsen e22e290f67 Fix key and type variable names for mysql 2019-05-20 21:24:29 +02:00
Daniel García 253faaf023
Use users duo host when required, instead of always using the global one 2019-04-15 13:07:23 +02:00
Daniel García 8d9827c55f
Implement selection between global config and user settings for duo keys. 2019-04-11 18:40:03 +02:00
Daniel García 754087b990
Add global duo config and document options in .env template 2019-04-07 18:58:15 +02:00
Daniel García cfbeb56371
Implement user duo, initial version 
TODO:
- At the moment each user needs to configure a DUO application and input the API keys, we need to check if multiple users can register with the same keys correctly and if so we could implement a global setting.
- Sometimes the Duo frame doesn't load correctly, but canceling, reloading the page and logging in again seems to fix it for me.
 2019-04-05 22:09:53 +02:00
Daniel García 7d2bc9e162
Added option to force 2fa at logins and made some changes to two factor code. 
Added newlines to config options to keep them a reasonable length.
 2019-03-03 16:09:15 +01:00
Daniel García 5ee04e31e5
Updated dependencies, removed some unnecessary clones and fixed some lints 2019-02-20 17:54:18 +01:00
Daniel García 9636f33fdb
Implement constant time equal check for admin, 2fa recover and 2fa remember tokens 2019-02-11 23:45:55 +01:00
Daniel García 700e084101
Add 2FA icon to admin panel 2019-01-25 18:50:57 +01:00
Daniel García a1dc47b826
Change config to thread-safe system, needed for a future config panel. 
Improved some two factor methods.
 2019-01-25 18:24:57 +01:00
Daniel García 30e768613b
Start using rustfmt and some style changes to make some lines shorter 2018-12-30 23:34:31 +01:00
Daniel García 6a99849a1e
Implemented proper error handling, now we can do user.save($conn)?; and it works. 
In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
 2018-12-30 21:31:12 +01:00
Daniel García 5a9aab1a32
Implement fromform, and ignore case and underscores, fixes #298 2018-12-16 20:00:16 +01:00
algebro e26e2319da Close #264. Usernames and IP addresses are logged on successful authentication 2018-12-11 15:20:06 -05:00
Daniel García 7adc045b80
Updated IP logging to use client_ip, to match old remote behavior. 
Improved error logging, now it won't show a generic error message in some situations.
Removed delete device, which is not needed as it will be overwritten later.
Logged more info when an error occurs saving a device.
Added orgmanager to JWT claims.
 2018-12-09 17:58:38 +01:00
Daniel García 738ad2127b
Fixed some clippy linting issues 2018-12-07 15:01:29 +01:00
Daniel García cb930a0858
Remove some required values during login, now uses default values 2018-12-07 14:32:40 +01:00