Browse Source

Implement cipher key encryption (#3990)

pull/3994/head
Daniel García 1 year ago
committed by GitHub
parent
commit
cb4b683dcd
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 0
      migrations/mysql/2023-10-21-221242_add_cipher_key/down.sql
  2. 2
      migrations/mysql/2023-10-21-221242_add_cipher_key/up.sql
  3. 0
      migrations/postgresql/2023-10-21-221242_add_cipher_key/down.sql
  4. 2
      migrations/postgresql/2023-10-21-221242_add_cipher_key/up.sql
  5. 0
      migrations/sqlite/2023-10-21-221242_add_cipher_key/down.sql
  6. 2
      migrations/sqlite/2023-10-21-221242_add_cipher_key/up.sql
  7. 3
      src/api/core/ciphers.rs
  8. 13
      src/api/core/mod.rs
  9. 5
      src/db/models/cipher.rs
  10. 1
      src/db/schemas/mysql/schema.rs
  11. 1
      src/db/schemas/postgresql/schema.rs
  12. 1
      src/db/schemas/sqlite/schema.rs

0
migrations/mysql/2023-10-21-221242_add_cipher_key/down.sql

2
migrations/mysql/2023-10-21-221242_add_cipher_key/up.sql

@ -0,0 +1,2 @@
ALTER TABLE ciphers
ADD COLUMN "key" TEXT;

0
migrations/postgresql/2023-10-21-221242_add_cipher_key/down.sql

2
migrations/postgresql/2023-10-21-221242_add_cipher_key/up.sql

@ -0,0 +1,2 @@
ALTER TABLE ciphers
ADD COLUMN "key" TEXT;

0
migrations/sqlite/2023-10-21-221242_add_cipher_key/down.sql

2
migrations/sqlite/2023-10-21-221242_add_cipher_key/up.sql

@ -0,0 +1,2 @@
ALTER TABLE ciphers
ADD COLUMN "key" TEXT;

3
src/api/core/ciphers.rs

@ -206,6 +206,8 @@ pub struct CipherData {
// TODO: Some of these might appear all the time, no need for Option
OrganizationId: Option<String>,
Key: Option<String>,
/*
Login = 1,
SecureNote = 2,
@ -483,6 +485,7 @@ pub async fn update_cipher_from_data(
None => err!("Data missing"),
};
cipher.key = data.Key;
cipher.name = data.Name;
cipher.notes = data.Notes;
cipher.fields = data.Fields.map(|f| _clean_cipher_data(f).to_string());

13
src/api/core/mod.rs

@ -194,7 +194,12 @@ fn version() -> Json<&'static str> {
fn config() -> Json<Value> {
let domain = crate::CONFIG.domain();
Json(json!({
"version": crate::VERSION,
// Note: The clients use this version to handle backwards compatibility concerns
// This means they expect a version that closely matches the Bitwarden server version
// We should make sure that we keep this updated when we support the new server features
// Version history:
// - Individual cipher key encryption: 2023.9.1
"version": "2023.9.1",
"gitHash": option_env!("GIT_REV"),
"server": {
"name": "Vaultwarden",
@ -207,6 +212,12 @@ fn config() -> Json<Value> {
"notifications": format!("{domain}/notifications"),
"sso": "",
},
"featureStates": {
// Any feature flags that we want the clients to use
// Can check the enabled ones at:
// https://vault.bitwarden.com/api/config
"autofill-v2": true
},
"object": "config",
}))
}

5
src/db/models/cipher.rs

@ -23,6 +23,8 @@ db_object! {
pub user_uuid: Option<String>,
pub organization_uuid: Option<String>,
pub key: Option<String>,
/*
Login = 1,
SecureNote = 2,
@ -62,6 +64,8 @@ impl Cipher {
user_uuid: None,
organization_uuid: None,
key: None,
atype,
name,
@ -203,6 +207,7 @@ impl Cipher {
"DeletedDate": self.deleted_at.map_or(Value::Null, |d| Value::String(format_date(&d))),
"Reprompt": self.reprompt.unwrap_or(RepromptType::None as i32),
"OrganizationId": self.organization_uuid,
"Key": self.key,
"Attachments": attachments_json,
// We have UseTotp set to true by default within the Organization model.
// This variable together with UsersGetPremium is used to show or hide the TOTP counter.

1
src/db/schemas/mysql/schema.rs

@ -15,6 +15,7 @@ table! {
updated_at -> Datetime,
user_uuid -> Nullable<Text>,
organization_uuid -> Nullable<Text>,
key -> Nullable<Text>,
atype -> Integer,
name -> Text,
notes -> Nullable<Text>,

1
src/db/schemas/postgresql/schema.rs

@ -15,6 +15,7 @@ table! {
updated_at -> Timestamp,
user_uuid -> Nullable<Text>,
organization_uuid -> Nullable<Text>,
key -> Nullable<Text>,
atype -> Integer,
name -> Text,
notes -> Nullable<Text>,

1
src/db/schemas/sqlite/schema.rs

@ -15,6 +15,7 @@ table! {
updated_at -> Timestamp,
user_uuid -> Nullable<Text>,
organization_uuid -> Nullable<Text>,
key -> Nullable<Text>,
atype -> Integer,
name -> Text,
notes -> Nullable<Text>,

Loading…
Cancel
Save