Commit Graph

54 Commits

Author SHA1 Message Date
BlackDex ffdcafa044 Fix WebAuthn issues and some small updates
- Updated some packages
- Updated code related to package updates.
- Disabled User Verification enforcement when WebAuthn Key sends UV=1
  This makes it compatible with upstream and resolves #1840
- Fixed a bug where removing an individual WebAuthn key deleted the wrong key.
2021-07-25 14:49:55 +02:00
Daniel García 4f08167d6f Merge branch '2fa_enforcement' of https://github.com/olivierIllogika/bitwarden_rs into olivierIllogika-2fa_enforcement 2021-07-15 19:27:36 +02:00
Daniel García 46e0f3c43a Load RSA keys as pem format directly, and using openssl crate, backported from async branch 2021-06-25 20:53:26 +02:00
Daniel García 9254cf9d9c Fix clippy lints 2021-06-19 22:02:03 +02:00
Daniel García c380d9c379 Support for webauthn and u2f->webauthn migrations 2021-06-16 19:06:40 +02:00
Olivier Martin e3c4609c2a Merge commit '3da44a8d30e76f48b84f5b888e0b33427037037c' into 2fa_enforcement 2021-04-27 21:44:32 -04:00
Daniel García 34ea10475d Project renaming 2021-04-27 23:18:32 +02:00
Olivier Martin 89a68741d6 ran cargo fmt --all 2021-04-16 14:49:59 -04:00
Olivier Martin 2421d49d9a Merge branch 'master' of github.com:dani-garcia/bitwarden_rs into 2fa_enforcement
# Conflicts:
#	src/db/models/org_policy.rs
#	src/db/models/organization.rs
2021-04-16 14:29:28 -04:00
Daniel García 305de2e2cd Format the changes from merge to master 2021-04-15 18:30:23 +02:00
Daniel García 95d906bdbb Merge branch 'master' into fmt 2021-04-15 18:24:04 +02:00
Olivier Martin 1db37bf3d0 make error toast display detailed message
replace invite accept error message with the one from upstream
check if config mail is enabled
2021-04-12 21:54:57 -04:00
Olivier Martin d75a80bd2d Resolves dani-garcia/bitwarden_rs#981
* a user without 2fa trying to join a 2fa org will fail, but user gets an email to enable 2fa
* a user disabling 2fa will be removed from 2fa orgs; user gets an email for each org
* an org enabling 2fa policy will remove users without 2fa; users get an email
2021-04-11 22:57:17 -04:00
Jake Howard 3ab90259f2 Modify rustfmt file 2021-04-06 21:54:42 +01:00
Jake Howard 155109dea1 Extract client creation to a single place 2021-04-06 21:04:37 +01:00
Jake Howard 93c881a7a9 Reflow some lines manually 2021-03-31 21:45:05 +01:00
Jake Howard 0af3956abd Run cargo fmt on codebase 2021-03-31 21:18:35 +01:00
Jake Howard 3e5971b9db Remove unnecessary result return types 2021-03-27 15:07:26 +00:00
Jake Howard 6b1daeba05 Implement From over Into
https://rust-lang.github.io/rust-clippy/master/index.html#from_over_into
2021-03-27 14:19:57 +00:00
Daniel García 668d5c23dc Removed try_trait and some formatting, particularly around imports 2020-07-14 18:34:22 +02:00
Daniel García 0807783388 Add ip on totp miss 2020-05-14 00:19:50 +02:00
theycallmesteve dfdf4473ea Rename to_json_list to to_json_provder to reflect the response model 2020-05-08 13:36:35 -04:00
theycallmesteve 632f4d5453 Whitespace fixes 2020-05-07 18:02:37 -04:00
Daniel García 9cca64003a Remove unused dependency and simple feature, update dependencies and fix some clippy lints 2020-05-03 17:24:51 +02:00
Jeremy Lin 6cd8512bbd Fix Duo auth failure with non-lowercased email addresses 2020-04-07 20:40:51 -07:00
BlackDex 1b4b40c95d Updated reqwest to the latest version.
- Use the blocking client (no async).
- Disabled gzip.
- use_sys_proxy is now default.
2020-03-14 23:12:45 +01:00
Daniel García 70f3ab8ec3 Migrate lazy_static to once_cell, less macro magic and slightly faster 2020-03-09 22:04:03 +01:00
Daniel García f5916ec396 Fix backwards indices 2020-01-30 22:33:50 +01:00
Daniel García def174a517 Convert email domains to punycode 2020-01-30 22:11:53 +01:00
Daniel García 84ed185579 Update u2f to 0.2, which requires OpenSSL but also might solve the problems we've had with certificates.
The rust image doesn't need installing curl or tar, so removed. Also collapsed ENV lines.
2020-01-19 21:34:13 +01:00
Daniel García e274af6e3d Print current server time when failing TOTP, and use chrono as the rest of the server 2019-12-27 18:42:14 +01:00
Daniel García a0ece3754b Formatting 2019-12-27 18:37:14 +01:00
Daniel García adc443ea80 Add endpoint to delete specific U2F key 2019-12-01 21:41:46 +01:00
Daniel García 12928b832c Fix broken tests 2019-11-30 23:30:35 +01:00
tomuta bd1e8be328 Implement change-email, email-verification, account-recovery, and welcome notifications 2019-11-24 22:28:49 -07:00
BlackDex 3f6809bcdf Fixed issue/request #705
Added a config option to disable time drifted totp codes.
Default is false, since this is what the RFC recommends.
2019-11-07 17:11:29 +01:00
Daniel García e449912f05 Generate recovery codes for email and duo 2019-11-02 18:31:50 +01:00
Daniel García d29b6bee28 Remove unnecessary clones and other clippy fixes 2019-11-02 17:39:01 +01:00
vpl 2edecf34ff Use user_uuid instead of mut twofactor 2019-10-15 21:20:19 +02:00
vpl 18bc8331f9 Send email when preparing 2FA JsonError 2019-10-15 21:19:49 +02:00
BlackDex 603a964579 Fixed issue #663.
During the 2fa activation there is no twofactor record yet.
Changed the layout a bit so that it will generate a new twofactor record
when it does not exists yet. Else it will just update the already
existing record.
2019-10-14 00:32:44 +02:00
BlackDex 9466f02696 Recoded TOTP time drift validation 2019-10-12 15:28:28 +02:00
BlackDex ebf40099f2 Updated authenticator TOTP
- Added security check for previouse used codes
- Allow TOTP codes with 1 step back and forward when there is a time
drift. This means in total 3 codes could be valid. But only newer codes
then the previouse used codes are excepted after that.
2019-10-10 17:32:20 +02:00
Daniel García df8114f8be Updated client kdf iterations to 100000 and fixed some lints 2019-09-05 21:56:12 +02:00
Daniel García e3404dd322 Use the local scripts instead of cloudflare, remove jquery and update config so disabling a master toggle doesn't remove the values 2019-08-31 17:47:52 +02:00
Daniel García bfc517ee80 Remove unused warning 2019-08-31 17:26:16 +02:00
vpl 5d50b1ee3c Merge remote-tracking branch 'upstream/master' into email-codes 2019-08-26 21:38:45 +02:00
vpl c99df1c310 Compare token using crypto::ct_eq 2019-08-26 20:26:59 +02:00
vpl 591ae10144 Get token from single u64 2019-08-26 20:26:54 +02:00
vpl ad2225b6e5 Add configuration options for Email 2FA 2019-08-10 22:39:04 +02:00