Commit Graph

46 Commits

Author SHA1 Message Date
Daniel García 70f3ab8ec3 Migrate lazy_static to once_cell, less macro magic and slightly faster 2020-03-09 22:04:03 +01:00
BlackDex 5a974c7b94 Added SMTP test button in the admin gui
- Added a test button for checking the e-mail settings.
- Fixed a bug with the _post JavaScript function:
  A function was overwriten with a variable and errors were not handled
correctly like a 500 for example.
2020-02-26 16:49:56 +01:00
Daniel García 2f4a9865e1 Use absolute paths in the admin page 2020-02-22 17:49:33 +01:00
Jeremy Lin 29a0795219 Add backend support for alternate base dir (subdir/subpath) hosting
To use this, include a path in the `DOMAIN` URL, e.g.:

* `DOMAIN=https://example.com/custom-path`
* `DOMAIN=https://example.com/multiple/levels/are/ok`
2020-02-18 21:27:00 -08:00
Miroslav Prasil 0a72c4b6db Do not disable invitations via admin API
This was brought up today:

https://github.com/dani-garcia/bitwarden_rs/issues/752#issuecomment-586715073

I don't think it makes much sense in checking whether admin has the
right to send invitation as admin can change the setting anyway.

Removing the condition allows users to forbid regular users from
inviting new users to server while still preserving the option to do so
via the admin API.
2020-02-16 15:01:07 +00:00
Daniel García 8867626de8 Add option to change invitation org name, fixes #825
Add option to allow additional iframe ancestors, fixes #843
Sort the rocket routes before printing them
2020-02-04 22:14:50 +01:00
Daniel García a0ece3754b Formatting 2019-12-27 18:37:14 +01:00
Daniel García 0d32179d07 Logout button in admin page 2019-12-01 21:15:14 +01:00
Miro Prasil d6e9af909b Remove the unnecessary check for sqlite
The binary we use is called `sqlite3` so no need to check for other
name variants as we won't use those anyways.
2019-10-01 10:40:22 +01:00
Miro Prasil acdd42935b Add sqlite binary into the docker images
This is done to enable backup functionality in the admin interface while
we're waiting for the libsqlite-sys 0.17 to bubble up in the upstream
dependencies. Then we can start using `VACUUM INTO`

This also extends the check for the sqlite binary to also try `sqlite3`
as this is the name of the binary in baseimage distributions we use.
2019-09-30 13:54:06 +01:00
Daniel García 026f9da035 Allow removing users two factors 2019-08-21 17:13:06 +02:00
Daniel García 5710703c50 Make sure the backup option only appears when using sqlite 2019-06-02 00:08:52 +02:00
TheMardy ef551f4cc6 Create Backup funcitonality
Added create backup functionality to the admin panel
2019-05-03 15:46:29 +02:00
Daniel García 874f5c34bd Formatting 2019-04-26 22:08:26 +02:00
Daniel García 2e12114350 Always create the user when inviting from admin panel 2019-04-12 23:44:49 +02:00
ViViDboarder d3a8a278e6 Add new endpoint for retrieving all users 2019-04-11 11:24:53 -07:00
Daniel García 43f9038325 Add option to force resync clients in admin panel 2019-03-07 21:08:33 +01:00
Daniel García 0718a090e1 Trim spaces from admin token during authentication and validate that the admin panel token is not empty 2019-03-07 20:21:50 +01:00
Daniel García 04922f6aa0 Some formatting and dependency updates 2019-03-03 16:11:55 +01:00
Дамјан Георгиевски 473f8b8e31 remove some unneeded mutability 2019-02-22 20:25:50 +01:00
Shane Faulkner 8b5b06c3d1 Allow the Admin token to be disabled in the advanced menu 2019-02-20 14:56:08 -06:00
Daniel García 6027b969f5 Delete old devices when deauthorizing user sessions 2019-02-16 23:06:26 +01:00
Daniel García 9636f33fdb Implement constant time equal check for admin, 2fa recover and 2fa remember tokens 2019-02-11 23:45:55 +01:00
Daniel García 28d1588e73 Show version in admin panel 2019-02-10 16:02:46 +01:00
Daniel García f3b1a5ff3e Error when admin panel is disabled 2019-02-10 15:26:19 +01:00
Daniel García ef63342e20 Add reset user config button 2019-02-06 17:34:32 +01:00
Daniel García 3db815b969 Implemented config form and fixed config priority 2019-02-06 17:34:30 +01:00
Daniel García ade293cf52 Save config 2019-02-06 17:34:29 +01:00
Daniel García 877408b808 Implement basic config loading and updating. No save to file yet. 2019-02-06 17:34:29 +01:00
Daniel García 86ed75bf7c Config can now be serialized / deserialized 2019-02-06 17:34:29 +01:00
Daniel García c0e350b734 Disable icon downloads, accept optional query after icon href, format and clippy fixes 2019-01-28 23:58:32 +01:00
Daniel García 69036cc6a4 Add disabled user badge (no password) and deauthorize button to admin page. 2019-01-26 19:28:54 +01:00
Daniel García a1dc47b826 Change config to thread-safe system, needed for a future config panel.
Improved some two factor methods.
2019-01-25 18:24:57 +01:00
Daniel García bfd93e5b13 Show organizations in admin panel, implement reload templates option 2019-01-20 17:43:56 +01:00
Daniel García a797459560 Implement HIBP check [WIP].
Add extra security attributes to admin cookie.
Error handling.
2019-01-20 15:36:33 +01:00
Daniel García 6cbb683f99 Rename admin templates to match email 2019-01-19 22:59:32 +01:00
Daniel García 92bbb98d48 Created base template 2019-01-19 22:12:52 +01:00
Daniel García 834c847746 Implement admin JWT cookie, separate JWT issuers for each type of token and migrate admin page to handlebars template 2019-01-19 21:41:49 +01:00
Daniel García a0a08c4c5a Include IP in invalid admin token error 2019-01-08 16:17:18 +01:00
Daniel García 4309df8334 Only create invitations when SMTP is disabled, and ignore invitations if we have a token.
Disallow users from accepting invitation twice
2019-01-08 15:42:26 +01:00
Nick Fox 0a74e79cea Refactor generate_invite_claims, make org_name and org_id optional 2019-01-05 23:03:49 -05:00
Nick Fox cec28a85ac Update admin page to work with new invitation flow 2019-01-04 10:32:51 -05:00
Daniel García b2fc0499f6 Finish invite functionality, and remove virtual organization 2018-12-30 21:40:26 +01:00
Daniel García 6a99849a1e Implemented proper error handling, now we can do user.save($conn)?; and it works.
In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
2018-12-30 21:31:12 +01:00
Daniel García 1b5134dfe2 Fixed delete user when 2FA is enabled, implemented delete user for admin panel, and the front-end part for invite user. Secured admin panel behind a configurable token. 2018-12-30 21:31:11 +01:00
Daniel García 5fecf09631 Initial version of admin panel, list users and reload user list works. No serious auth method yet, password is 'token123' 2018-12-30 21:31:11 +01:00