Merge pull request #406 from shauder/feature/disable-admin-token

Allow the Admin token to be disabled in the advanced menu

.env.template

@@ -69,6 +69,7 @@
 ## One option is to use 'openssl rand -base64 48'
 ## If not set, the admin panel is disabled
 # ADMIN_TOKEN=Vy2VyYTTsKPv8W5aEOWUbB/Bt3DEKePbHmI4m9VcemUMS2rEviDowNAFqYi1xjmp
+# DISABLE_ADMIN_TOKEN=false
 
 ## Invitations org admins to invite users, even when signups are disabled
 # INVITATIONS_ALLOWED=true

src/api/admin.rs

@@ -15,7 +15,7 @@ use crate::mail;
 use crate::CONFIG;
 
 pub fn routes() -> Vec<Route> {
-    if CONFIG.admin_token().is_none() {
+    if CONFIG.admin_token().is_none() && !CONFIG.disable_admin_token() {
         return routes![admin_disabled];
     }
 
@@ -194,6 +194,10 @@ impl<'a, 'r> FromRequest<'a, 'r> for AdminToken {
     type Error = &'static str;
 
     fn from_request(request: &'a Request<'r>) -> request::Outcome<Self, Self::Error> {
+        if CONFIG.disable_admin_token() {
+            Outcome::Success(AdminToken {})
+        }
+        else {
             let mut cookies = request.cookies();
 
             let access_token = match cookies.get(COOKIE_NAME) {
@@ -216,3 +220,4 @@ impl<'a, 'r> FromRequest<'a, 'r> for AdminToken {
             Outcome::Success(AdminToken {})
         }
     }
+}

src/config.rs

@@ -269,6 +269,9 @@ make_config! {
 
         /// Enable DB WAL |> Turning this off might lead to worse performance, but might help if using bitwarden_rs on some exotic filesystems, that do not support WAL. Please make sure you read project wiki on the topic before changing this setting.
         enable_db_wal:          bool,   false,  def,    true;
+
+        /// Disable Admin Token (Know the risks!) |> Disables the Admin Token for the admin page so you may use your own auth in-front
+        disable_admin_token:    bool,   true,   def,    false;
     },
 
     /// Yubikey settings