From 2685099720eb8656a3528ea8ab4c72476466fb19 Mon Sep 17 00:00:00 2001 From: Stefan Melmuk Date: Tue, 27 Sep 2022 10:10:09 +0200 Subject: [PATCH 01/21] allow the removal of non-confirmed owners ensure user_to_edit and user_to_delete are actually confirmed users, before checking if they are the last owner of an organization. --- src/api/core/organizations.rs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index 3934de88..dca4f393 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -999,8 +999,11 @@ async fn edit_user( err!("Only Owners can edit Owner users") } - if user_to_edit.atype == UserOrgType::Owner && new_type != UserOrgType::Owner { - // Removing owner permmission, check that there is at least one other confirmed owner + if user_to_edit.atype == UserOrgType::Owner + && new_type != UserOrgType::Owner + && user_to_edit.status == UserOrgStatus::Confirmed as i32 + { + // Removing owner permission, check that there is at least one other confirmed owner if UserOrganization::count_confirmed_by_org_and_type(&org_id, UserOrgType::Owner, &conn).await <= 1 { err!("Can't delete the last owner") } @@ -1097,7 +1100,7 @@ async fn _delete_user(org_id: &str, org_user_id: &str, headers: &AdminHeaders, c err!("Only Owners can delete Admins or Owners") } - if user_to_delete.atype == UserOrgType::Owner { + if user_to_delete.atype == UserOrgType::Owner && user_to_delete.status == UserOrgStatus::Confirmed as i32 { // Removing owner, check that there is at least one other confirmed owner if UserOrganization::count_confirmed_by_org_and_type(org_id, UserOrgType::Owner, conn).await <= 1 { err!("Can't delete the last owner") From e50edcadfbfd806bd7c71f87a65c3ce78da91861 Mon Sep 17 00:00:00 2001 From: Stefan Melmuk Date: Thu, 6 Oct 2022 21:26:49 +0200 Subject: [PATCH 02/21] v2022.9.2 expects a json response when registering --- src/api/core/accounts.rs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index 35202698..4508c5fd 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -81,7 +81,7 @@ fn enforce_password_hint_setting(password_hint: &Option) -> EmptyResult } #[post("/accounts/register", data = "")] -async fn register(data: JsonUpcase, conn: DbConn) -> EmptyResult { +async fn register(data: JsonUpcase, conn: DbConn) -> JsonResult { let data: RegisterData = data.into_inner().data; let email = data.Email.to_lowercase(); @@ -178,7 +178,10 @@ async fn register(data: JsonUpcase, conn: DbConn) -> EmptyResult { } } - user.save(&conn).await + user.save(&conn).await?; + Ok(Json(json!({ + "registration": "success", + }))) } #[get("/accounts/profile")] From 9132cc4a30eff40e81b7e700c7df45b038f7a38a Mon Sep 17 00:00:00 2001 From: Stefan Melmuk Date: Fri, 7 Oct 2022 06:33:29 +0200 Subject: [PATCH 03/21] return CaptchaBypassToken and register object --- src/api/core/accounts.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index 4508c5fd..429768fc 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -180,7 +180,8 @@ async fn register(data: JsonUpcase, conn: DbConn) -> JsonResult { user.save(&conn).await?; Ok(Json(json!({ - "registration": "success", + "object": "register", + "CaptchaBypassToken": "", }))) } From 0a0f620d0b7982bd5d57b57fe909c02cb0125b48 Mon Sep 17 00:00:00 2001 From: Stefan Melmuk <509385+stefan0xC@users.noreply.github.com> Date: Sat, 8 Oct 2022 10:27:33 +0200 Subject: [PATCH 04/21] return "Object" for consistency Co-authored-by: Jeremy Lin --- src/api/core/accounts.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index 429768fc..a980271b 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -180,7 +180,7 @@ async fn register(data: JsonUpcase, conn: DbConn) -> JsonResult { user.save(&conn).await?; Ok(Json(json!({ - "object": "register", + "Object": "register", "CaptchaBypassToken": "", }))) } From b70316e6d30e4146d637d6f4e269db438c52c346 Mon Sep 17 00:00:00 2001 From: Stefan Melmuk Date: Sat, 8 Oct 2022 18:31:34 +0200 Subject: [PATCH 05/21] make invitation expiration time configurable configure the number of hours after which organization invites, emergency access invites, email verification emails and account deletion requests expire (defaults to 5 days or 120 hours and must be atleast 1) --- .env.template | 4 ++++ src/auth.rs | 12 ++++++++---- src/config.rs | 7 +++++++ 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/.env.template b/.env.template index 66a04343..60b5b73b 100644 --- a/.env.template +++ b/.env.template @@ -245,6 +245,10 @@ ## Name shown in the invitation emails that don't come from a specific organization # INVITATION_ORG_NAME=Vaultwarden +## The number of hours after which an organization invite token, emergency access invite token, +## email verification token and deletion request token will expire (must be at least 1) +# INVITATION_EXPIRATION_HOURS=120 + ## Per-organization attachment storage limit (KB) ## Max kilobytes of attachment storage allowed per organization. ## When this limit is reached, organization members will not be allowed to upload further attachments for ciphers owned by that organization. diff --git a/src/auth.rs b/src/auth.rs index f99fbd39..92445f52 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -148,9 +148,10 @@ pub fn generate_invite_claims( invited_by_email: Option, ) -> InviteJwtClaims { let time_now = Utc::now().naive_utc(); + let expire_hours = i64::from(CONFIG.invitation_expiration_hours()); InviteJwtClaims { nbf: time_now.timestamp(), - exp: (time_now + Duration::days(5)).timestamp(), + exp: (time_now + Duration::hours(expire_hours)).timestamp(), iss: JWT_INVITE_ISSUER.to_string(), sub: uuid, email, @@ -185,9 +186,10 @@ pub fn generate_emergency_access_invite_claims( grantor_email: Option, ) -> EmergencyAccessInviteJwtClaims { let time_now = Utc::now().naive_utc(); + let expire_hours = i64::from(CONFIG.invitation_expiration_hours()); EmergencyAccessInviteJwtClaims { nbf: time_now.timestamp(), - exp: (time_now + Duration::days(5)).timestamp(), + exp: (time_now + Duration::hours(expire_hours)).timestamp(), iss: JWT_EMERGENCY_ACCESS_INVITE_ISSUER.to_string(), sub: uuid, email, @@ -211,9 +213,10 @@ pub struct BasicJwtClaims { pub fn generate_delete_claims(uuid: String) -> BasicJwtClaims { let time_now = Utc::now().naive_utc(); + let expire_hours = i64::from(CONFIG.invitation_expiration_hours()); BasicJwtClaims { nbf: time_now.timestamp(), - exp: (time_now + Duration::days(5)).timestamp(), + exp: (time_now + Duration::hours(expire_hours)).timestamp(), iss: JWT_DELETE_ISSUER.to_string(), sub: uuid, } @@ -221,9 +224,10 @@ pub fn generate_delete_claims(uuid: String) -> BasicJwtClaims { pub fn generate_verify_email_claims(uuid: String) -> BasicJwtClaims { let time_now = Utc::now().naive_utc(); + let expire_hours = i64::from(CONFIG.invitation_expiration_hours()); BasicJwtClaims { nbf: time_now.timestamp(), - exp: (time_now + Duration::days(5)).timestamp(), + exp: (time_now + Duration::hours(expire_hours)).timestamp(), iss: JWT_VERIFYEMAIL_ISSUER.to_string(), sub: uuid, } diff --git a/src/config.rs b/src/config.rs index b8f3246b..1d9e53f5 100644 --- a/src/config.rs +++ b/src/config.rs @@ -430,6 +430,9 @@ make_config! { org_creation_users: String, true, def, "".to_string(); /// Allow invitations |> Controls whether users can be invited by organization admins, even when signups are otherwise disabled invitations_allowed: bool, true, def, true; + /// Invitation token expiration time (in hours) |> The number of hours after which an organization invite token, emergency access invite token, + /// email verification token and deletion request token will expire (must be at least 1) + invitation_expiration_hours: u32, false, def, 120; /// Allow emergency access |> Controls whether users can enable emergency access to their accounts. This setting applies globally to all users. emergency_access_allowed: bool, true, def, true; /// Password iterations |> Number of server-side passwords hashing iterations. @@ -726,6 +729,10 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> { _ => err!("Only HTTP 301/302 and 307/308 redirects are supported"), } + if cfg.invitation_expiration_hours < 1 { + err!("`INVITATION_EXPIRATION_HOURS` has a minimum size of 1") + } + Ok(()) } From ac120be1c6f84028bc8ba476270c07f235e5b6ab Mon Sep 17 00:00:00 2001 From: Stefan Melmuk <509385+stefan0xC@users.noreply.github.com> Date: Sun, 9 Oct 2022 05:50:43 +0200 Subject: [PATCH 06/21] improve spelling of minimum expiration hours check Co-authored-by: Helmut K. C. Tessarek --- src/config.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/config.rs b/src/config.rs index 1d9e53f5..3a2cf958 100644 --- a/src/config.rs +++ b/src/config.rs @@ -730,7 +730,7 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> { } if cfg.invitation_expiration_hours < 1 { - err!("`INVITATION_EXPIRATION_HOURS` has a minimum size of 1") + err!("`INVITATION_EXPIRATION_HOURS` has a minimum duration of 1 hour") } Ok(()) From 475c7b8f1671ba74001bbe50050c1a69931122cb Mon Sep 17 00:00:00 2001 From: Stefan Melmuk Date: Sun, 9 Oct 2022 13:28:41 +0200 Subject: [PATCH 07/21] return more descriptive JWT validation messages --- src/auth.rs | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/src/auth.rs b/src/auth.rs index f99fbd39..c0d2f3e2 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -1,18 +1,14 @@ -// // JWT Handling // use chrono::{Duration, Utc}; use num_traits::FromPrimitive; use once_cell::sync::Lazy; -use jsonwebtoken::{self, Algorithm, DecodingKey, EncodingKey, Header}; +use jsonwebtoken::{self, errors::ErrorKind, Algorithm, DecodingKey, EncodingKey, Header}; use serde::de::DeserializeOwned; use serde::ser::Serialize; -use crate::{ - error::{Error, MapResult}, - CONFIG, -}; +use crate::{error::Error, CONFIG}; const JWT_ALGORITHM: Algorithm = Algorithm::RS256; @@ -61,7 +57,15 @@ fn decode_jwt(token: &str, issuer: String) -> Result Ok(d.claims), + Err(err) => match *err.kind() { + ErrorKind::InvalidToken => err!("Token is invalid"), + ErrorKind::InvalidIssuer => err!("Issuer is invalid"), + ErrorKind::ExpiredSignature => err!("Token has expired"), + _ => err!("Error decoding JWT"), + }, + } } pub fn decode_login(token: &str) -> Result { From 387b5eb2dd647aeb83bf479f5caca8e62729637e Mon Sep 17 00:00:00 2001 From: Stefan Melmuk Date: Tue, 27 Sep 2022 10:10:09 +0200 Subject: [PATCH 08/21] allow the removal of non-confirmed owners ensure user_to_edit and user_to_delete are actually confirmed users, before checking if they are the last owner of an organization. --- src/api/core/organizations.rs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index 3934de88..dca4f393 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -999,8 +999,11 @@ async fn edit_user( err!("Only Owners can edit Owner users") } - if user_to_edit.atype == UserOrgType::Owner && new_type != UserOrgType::Owner { - // Removing owner permmission, check that there is at least one other confirmed owner + if user_to_edit.atype == UserOrgType::Owner + && new_type != UserOrgType::Owner + && user_to_edit.status == UserOrgStatus::Confirmed as i32 + { + // Removing owner permission, check that there is at least one other confirmed owner if UserOrganization::count_confirmed_by_org_and_type(&org_id, UserOrgType::Owner, &conn).await <= 1 { err!("Can't delete the last owner") } @@ -1097,7 +1100,7 @@ async fn _delete_user(org_id: &str, org_user_id: &str, headers: &AdminHeaders, c err!("Only Owners can delete Admins or Owners") } - if user_to_delete.atype == UserOrgType::Owner { + if user_to_delete.atype == UserOrgType::Owner && user_to_delete.status == UserOrgStatus::Confirmed as i32 { // Removing owner, check that there is at least one other confirmed owner if UserOrganization::count_confirmed_by_org_and_type(org_id, UserOrgType::Owner, conn).await <= 1 { err!("Can't delete the last owner") From c915ef815df7c7bf774483d68b470aeff6f28ca4 Mon Sep 17 00:00:00 2001 From: Stefan Melmuk Date: Tue, 27 Sep 2022 10:10:09 +0200 Subject: [PATCH 09/21] allow the removal of non-confirmed owners ensure user_to_edit and user_to_delete are actually confirmed users, before checking if they are the last owner of an organization. --- src/api/core/organizations.rs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index 3934de88..dca4f393 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -999,8 +999,11 @@ async fn edit_user( err!("Only Owners can edit Owner users") } - if user_to_edit.atype == UserOrgType::Owner && new_type != UserOrgType::Owner { - // Removing owner permmission, check that there is at least one other confirmed owner + if user_to_edit.atype == UserOrgType::Owner + && new_type != UserOrgType::Owner + && user_to_edit.status == UserOrgStatus::Confirmed as i32 + { + // Removing owner permission, check that there is at least one other confirmed owner if UserOrganization::count_confirmed_by_org_and_type(&org_id, UserOrgType::Owner, &conn).await <= 1 { err!("Can't delete the last owner") } @@ -1097,7 +1100,7 @@ async fn _delete_user(org_id: &str, org_user_id: &str, headers: &AdminHeaders, c err!("Only Owners can delete Admins or Owners") } - if user_to_delete.atype == UserOrgType::Owner { + if user_to_delete.atype == UserOrgType::Owner && user_to_delete.status == UserOrgStatus::Confirmed as i32 { // Removing owner, check that there is at least one other confirmed owner if UserOrganization::count_confirmed_by_org_and_type(org_id, UserOrgType::Owner, conn).await <= 1 { err!("Can't delete the last owner") From 1a664fba6a85edc32a7e424cdbfc0acd8f4d1ee3 Mon Sep 17 00:00:00 2001 From: Stefan Melmuk Date: Thu, 6 Oct 2022 21:26:49 +0200 Subject: [PATCH 10/21] v2022.9.2 expects a json response when registering --- src/api/core/accounts.rs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index 35202698..4508c5fd 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -81,7 +81,7 @@ fn enforce_password_hint_setting(password_hint: &Option) -> EmptyResult } #[post("/accounts/register", data = "")] -async fn register(data: JsonUpcase, conn: DbConn) -> EmptyResult { +async fn register(data: JsonUpcase, conn: DbConn) -> JsonResult { let data: RegisterData = data.into_inner().data; let email = data.Email.to_lowercase(); @@ -178,7 +178,10 @@ async fn register(data: JsonUpcase, conn: DbConn) -> EmptyResult { } } - user.save(&conn).await + user.save(&conn).await?; + Ok(Json(json!({ + "registration": "success", + }))) } #[get("/accounts/profile")] From 080e38d227a086b1493b58d24d4789d5551de221 Mon Sep 17 00:00:00 2001 From: Stefan Melmuk Date: Fri, 7 Oct 2022 06:33:29 +0200 Subject: [PATCH 11/21] return CaptchaBypassToken and register object --- src/api/core/accounts.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index 4508c5fd..429768fc 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -180,7 +180,8 @@ async fn register(data: JsonUpcase, conn: DbConn) -> JsonResult { user.save(&conn).await?; Ok(Json(json!({ - "registration": "success", + "object": "register", + "CaptchaBypassToken": "", }))) } From cd0c49eaf6c107af4f56223be578f8ed80352a5e Mon Sep 17 00:00:00 2001 From: Stefan Melmuk <509385+stefan0xC@users.noreply.github.com> Date: Sat, 8 Oct 2022 10:27:33 +0200 Subject: [PATCH 12/21] return "Object" for consistency Co-authored-by: Jeremy Lin --- src/api/core/accounts.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index 429768fc..a980271b 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -180,7 +180,7 @@ async fn register(data: JsonUpcase, conn: DbConn) -> JsonResult { user.save(&conn).await?; Ok(Json(json!({ - "object": "register", + "Object": "register", "CaptchaBypassToken": "", }))) } From 2d7ffbf378350872bc38970b4cf9105ee99038b1 Mon Sep 17 00:00:00 2001 From: Stefan Melmuk Date: Tue, 27 Sep 2022 10:10:09 +0200 Subject: [PATCH 13/21] allow the removal of non-confirmed owners ensure user_to_edit and user_to_delete are actually confirmed users, before checking if they are the last owner of an organization. --- src/api/core/organizations.rs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index 3934de88..dca4f393 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -999,8 +999,11 @@ async fn edit_user( err!("Only Owners can edit Owner users") } - if user_to_edit.atype == UserOrgType::Owner && new_type != UserOrgType::Owner { - // Removing owner permmission, check that there is at least one other confirmed owner + if user_to_edit.atype == UserOrgType::Owner + && new_type != UserOrgType::Owner + && user_to_edit.status == UserOrgStatus::Confirmed as i32 + { + // Removing owner permission, check that there is at least one other confirmed owner if UserOrganization::count_confirmed_by_org_and_type(&org_id, UserOrgType::Owner, &conn).await <= 1 { err!("Can't delete the last owner") } @@ -1097,7 +1100,7 @@ async fn _delete_user(org_id: &str, org_user_id: &str, headers: &AdminHeaders, c err!("Only Owners can delete Admins or Owners") } - if user_to_delete.atype == UserOrgType::Owner { + if user_to_delete.atype == UserOrgType::Owner && user_to_delete.status == UserOrgStatus::Confirmed as i32 { // Removing owner, check that there is at least one other confirmed owner if UserOrganization::count_confirmed_by_org_and_type(org_id, UserOrgType::Owner, conn).await <= 1 { err!("Can't delete the last owner") From 1704d14f29c485f90cd6b9c4f06109dd259c6685 Mon Sep 17 00:00:00 2001 From: Stefan Melmuk Date: Thu, 6 Oct 2022 21:26:49 +0200 Subject: [PATCH 14/21] v2022.9.2 expects a json response when registering --- src/api/core/accounts.rs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index 35202698..4508c5fd 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -81,7 +81,7 @@ fn enforce_password_hint_setting(password_hint: &Option) -> EmptyResult } #[post("/accounts/register", data = "")] -async fn register(data: JsonUpcase, conn: DbConn) -> EmptyResult { +async fn register(data: JsonUpcase, conn: DbConn) -> JsonResult { let data: RegisterData = data.into_inner().data; let email = data.Email.to_lowercase(); @@ -178,7 +178,10 @@ async fn register(data: JsonUpcase, conn: DbConn) -> EmptyResult { } } - user.save(&conn).await + user.save(&conn).await?; + Ok(Json(json!({ + "registration": "success", + }))) } #[get("/accounts/profile")] From 2c0742387bd65cd450361a8614903247212556c3 Mon Sep 17 00:00:00 2001 From: Stefan Melmuk Date: Fri, 7 Oct 2022 06:33:29 +0200 Subject: [PATCH 15/21] return CaptchaBypassToken and register object --- src/api/core/accounts.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index 4508c5fd..429768fc 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -180,7 +180,8 @@ async fn register(data: JsonUpcase, conn: DbConn) -> JsonResult { user.save(&conn).await?; Ok(Json(json!({ - "registration": "success", + "object": "register", + "CaptchaBypassToken": "", }))) } From 5b96270874d273a2464e3118229665cf6f1724ee Mon Sep 17 00:00:00 2001 From: Stefan Melmuk <509385+stefan0xC@users.noreply.github.com> Date: Sat, 8 Oct 2022 10:27:33 +0200 Subject: [PATCH 16/21] return "Object" for consistency Co-authored-by: Jeremy Lin --- src/api/core/accounts.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index 429768fc..a980271b 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -180,7 +180,7 @@ async fn register(data: JsonUpcase, conn: DbConn) -> JsonResult { user.save(&conn).await?; Ok(Json(json!({ - "object": "register", + "Object": "register", "CaptchaBypassToken": "", }))) } From c78d383ed12d00256d93e1e11c0a81f6ee2fa208 Mon Sep 17 00:00:00 2001 From: Stefan Melmuk Date: Sat, 8 Oct 2022 18:31:34 +0200 Subject: [PATCH 17/21] make invitation expiration time configurable configure the number of hours after which organization invites, emergency access invites, email verification emails and account deletion requests expire (defaults to 5 days or 120 hours and must be atleast 1) --- .env.template | 4 ++++ src/auth.rs | 12 ++++++++---- src/config.rs | 7 +++++++ 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/.env.template b/.env.template index 66a04343..60b5b73b 100644 --- a/.env.template +++ b/.env.template @@ -245,6 +245,10 @@ ## Name shown in the invitation emails that don't come from a specific organization # INVITATION_ORG_NAME=Vaultwarden +## The number of hours after which an organization invite token, emergency access invite token, +## email verification token and deletion request token will expire (must be at least 1) +# INVITATION_EXPIRATION_HOURS=120 + ## Per-organization attachment storage limit (KB) ## Max kilobytes of attachment storage allowed per organization. ## When this limit is reached, organization members will not be allowed to upload further attachments for ciphers owned by that organization. diff --git a/src/auth.rs b/src/auth.rs index c0d2f3e2..252766db 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -152,9 +152,10 @@ pub fn generate_invite_claims( invited_by_email: Option, ) -> InviteJwtClaims { let time_now = Utc::now().naive_utc(); + let expire_hours = i64::from(CONFIG.invitation_expiration_hours()); InviteJwtClaims { nbf: time_now.timestamp(), - exp: (time_now + Duration::days(5)).timestamp(), + exp: (time_now + Duration::hours(expire_hours)).timestamp(), iss: JWT_INVITE_ISSUER.to_string(), sub: uuid, email, @@ -189,9 +190,10 @@ pub fn generate_emergency_access_invite_claims( grantor_email: Option, ) -> EmergencyAccessInviteJwtClaims { let time_now = Utc::now().naive_utc(); + let expire_hours = i64::from(CONFIG.invitation_expiration_hours()); EmergencyAccessInviteJwtClaims { nbf: time_now.timestamp(), - exp: (time_now + Duration::days(5)).timestamp(), + exp: (time_now + Duration::hours(expire_hours)).timestamp(), iss: JWT_EMERGENCY_ACCESS_INVITE_ISSUER.to_string(), sub: uuid, email, @@ -215,9 +217,10 @@ pub struct BasicJwtClaims { pub fn generate_delete_claims(uuid: String) -> BasicJwtClaims { let time_now = Utc::now().naive_utc(); + let expire_hours = i64::from(CONFIG.invitation_expiration_hours()); BasicJwtClaims { nbf: time_now.timestamp(), - exp: (time_now + Duration::days(5)).timestamp(), + exp: (time_now + Duration::hours(expire_hours)).timestamp(), iss: JWT_DELETE_ISSUER.to_string(), sub: uuid, } @@ -225,9 +228,10 @@ pub fn generate_delete_claims(uuid: String) -> BasicJwtClaims { pub fn generate_verify_email_claims(uuid: String) -> BasicJwtClaims { let time_now = Utc::now().naive_utc(); + let expire_hours = i64::from(CONFIG.invitation_expiration_hours()); BasicJwtClaims { nbf: time_now.timestamp(), - exp: (time_now + Duration::days(5)).timestamp(), + exp: (time_now + Duration::hours(expire_hours)).timestamp(), iss: JWT_VERIFYEMAIL_ISSUER.to_string(), sub: uuid, } diff --git a/src/config.rs b/src/config.rs index b8f3246b..1d9e53f5 100644 --- a/src/config.rs +++ b/src/config.rs @@ -430,6 +430,9 @@ make_config! { org_creation_users: String, true, def, "".to_string(); /// Allow invitations |> Controls whether users can be invited by organization admins, even when signups are otherwise disabled invitations_allowed: bool, true, def, true; + /// Invitation token expiration time (in hours) |> The number of hours after which an organization invite token, emergency access invite token, + /// email verification token and deletion request token will expire (must be at least 1) + invitation_expiration_hours: u32, false, def, 120; /// Allow emergency access |> Controls whether users can enable emergency access to their accounts. This setting applies globally to all users. emergency_access_allowed: bool, true, def, true; /// Password iterations |> Number of server-side passwords hashing iterations. @@ -726,6 +729,10 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> { _ => err!("Only HTTP 301/302 and 307/308 redirects are supported"), } + if cfg.invitation_expiration_hours < 1 { + err!("`INVITATION_EXPIRATION_HOURS` has a minimum size of 1") + } + Ok(()) } From ef4072e4ffb47a1c24fc6c0ac8144231fb1d5cfd Mon Sep 17 00:00:00 2001 From: Stefan Melmuk <509385+stefan0xC@users.noreply.github.com> Date: Sun, 9 Oct 2022 05:50:43 +0200 Subject: [PATCH 18/21] improve spelling of minimum expiration hours check Co-authored-by: Helmut K. C. Tessarek --- src/config.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/config.rs b/src/config.rs index 1d9e53f5..3a2cf958 100644 --- a/src/config.rs +++ b/src/config.rs @@ -730,7 +730,7 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> { } if cfg.invitation_expiration_hours < 1 { - err!("`INVITATION_EXPIRATION_HOURS` has a minimum size of 1") + err!("`INVITATION_EXPIRATION_HOURS` has a minimum duration of 1 hour") } Ok(()) From 4cb59189507a93fa7a896407bc21e29bae451456 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garc=C3=ADa?= Date: Sun, 9 Oct 2022 16:59:58 +0200 Subject: [PATCH 19/21] Update web vault to v2022.9.2 --- docker/Dockerfile.j2 | 4 ++-- docker/amd64/Dockerfile | 12 ++++++------ docker/amd64/Dockerfile.alpine | 12 ++++++------ docker/amd64/Dockerfile.buildx | 12 ++++++------ docker/amd64/Dockerfile.buildx.alpine | 12 ++++++------ docker/arm64/Dockerfile | 12 ++++++------ docker/arm64/Dockerfile.alpine | 12 ++++++------ docker/arm64/Dockerfile.buildx | 12 ++++++------ docker/arm64/Dockerfile.buildx.alpine | 12 ++++++------ docker/armv6/Dockerfile | 12 ++++++------ docker/armv6/Dockerfile.alpine | 12 ++++++------ docker/armv6/Dockerfile.buildx | 12 ++++++------ docker/armv6/Dockerfile.buildx.alpine | 12 ++++++------ docker/armv7/Dockerfile | 12 ++++++------ docker/armv7/Dockerfile.alpine | 12 ++++++------ docker/armv7/Dockerfile.buildx | 12 ++++++------ docker/armv7/Dockerfile.buildx.alpine | 12 ++++++------ 17 files changed, 98 insertions(+), 98 deletions(-) diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2 index cc0cdf17..e4cd9b7d 100644 --- a/docker/Dockerfile.j2 +++ b/docker/Dockerfile.j2 @@ -59,8 +59,8 @@ # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### -{% set vault_version = "v2022.9.0" %} -{% set vault_image_digest = "sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc" %} +{% set vault_version = "v2022.9.2" %} +{% set vault_image_digest = "sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e" %} # The web-vault digest specifies a particular web-vault build on Docker Hub. # Using the digest instead of the tag name provides better security, # as the digest of an image is immutable, whereas a tag name can later diff --git a/docker/amd64/Dockerfile b/docker/amd64/Dockerfile index af15fc9e..0fda2954 100644 --- a/docker/amd64/Dockerfile +++ b/docker/amd64/Dockerfile @@ -16,15 +16,15 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2022.9.0 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.0 -# [vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc] +# $ docker pull vaultwarden/web-vault:v2022.9.2 +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.2 +# [vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc -# [vaultwarden/web-vault:v2022.9.0] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e +# [vaultwarden/web-vault:v2022.9.2] # -FROM vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc as vault +FROM vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e as vault ########################## BUILD IMAGE ########################## FROM rust:1.64-bullseye as build diff --git a/docker/amd64/Dockerfile.alpine b/docker/amd64/Dockerfile.alpine index 18f7f75b..8585e7cb 100644 --- a/docker/amd64/Dockerfile.alpine +++ b/docker/amd64/Dockerfile.alpine @@ -16,15 +16,15 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2022.9.0 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.0 -# [vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc] +# $ docker pull vaultwarden/web-vault:v2022.9.2 +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.2 +# [vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc -# [vaultwarden/web-vault:v2022.9.0] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e +# [vaultwarden/web-vault:v2022.9.2] # -FROM vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc as vault +FROM vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e as vault ########################## BUILD IMAGE ########################## FROM blackdex/rust-musl:x86_64-musl-stable-1.64.0 as build diff --git a/docker/amd64/Dockerfile.buildx b/docker/amd64/Dockerfile.buildx index 0797ec39..ce4116f2 100644 --- a/docker/amd64/Dockerfile.buildx +++ b/docker/amd64/Dockerfile.buildx @@ -16,15 +16,15 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2022.9.0 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.0 -# [vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc] +# $ docker pull vaultwarden/web-vault:v2022.9.2 +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.2 +# [vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc -# [vaultwarden/web-vault:v2022.9.0] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e +# [vaultwarden/web-vault:v2022.9.2] # -FROM vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc as vault +FROM vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e as vault ########################## BUILD IMAGE ########################## FROM rust:1.64-bullseye as build diff --git a/docker/amd64/Dockerfile.buildx.alpine b/docker/amd64/Dockerfile.buildx.alpine index db0c1e04..d497d8e6 100644 --- a/docker/amd64/Dockerfile.buildx.alpine +++ b/docker/amd64/Dockerfile.buildx.alpine @@ -16,15 +16,15 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2022.9.0 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.0 -# [vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc] +# $ docker pull vaultwarden/web-vault:v2022.9.2 +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.2 +# [vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc -# [vaultwarden/web-vault:v2022.9.0] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e +# [vaultwarden/web-vault:v2022.9.2] # -FROM vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc as vault +FROM vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e as vault ########################## BUILD IMAGE ########################## FROM blackdex/rust-musl:x86_64-musl-stable-1.64.0 as build diff --git a/docker/arm64/Dockerfile b/docker/arm64/Dockerfile index feaa27d6..cb804ebe 100644 --- a/docker/arm64/Dockerfile +++ b/docker/arm64/Dockerfile @@ -16,15 +16,15 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2022.9.0 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.0 -# [vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc] +# $ docker pull vaultwarden/web-vault:v2022.9.2 +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.2 +# [vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc -# [vaultwarden/web-vault:v2022.9.0] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e +# [vaultwarden/web-vault:v2022.9.2] # -FROM vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc as vault +FROM vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e as vault ########################## BUILD IMAGE ########################## FROM rust:1.64-bullseye as build diff --git a/docker/arm64/Dockerfile.alpine b/docker/arm64/Dockerfile.alpine index b7750fee..203bfb2f 100644 --- a/docker/arm64/Dockerfile.alpine +++ b/docker/arm64/Dockerfile.alpine @@ -16,15 +16,15 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2022.9.0 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.0 -# [vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc] +# $ docker pull vaultwarden/web-vault:v2022.9.2 +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.2 +# [vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc -# [vaultwarden/web-vault:v2022.9.0] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e +# [vaultwarden/web-vault:v2022.9.2] # -FROM vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc as vault +FROM vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e as vault ########################## BUILD IMAGE ########################## FROM blackdex/rust-musl:aarch64-musl-stable-1.64.0 as build diff --git a/docker/arm64/Dockerfile.buildx b/docker/arm64/Dockerfile.buildx index 026545e2..0b2b3ad6 100644 --- a/docker/arm64/Dockerfile.buildx +++ b/docker/arm64/Dockerfile.buildx @@ -16,15 +16,15 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2022.9.0 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.0 -# [vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc] +# $ docker pull vaultwarden/web-vault:v2022.9.2 +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.2 +# [vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc -# [vaultwarden/web-vault:v2022.9.0] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e +# [vaultwarden/web-vault:v2022.9.2] # -FROM vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc as vault +FROM vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e as vault ########################## BUILD IMAGE ########################## FROM rust:1.64-bullseye as build diff --git a/docker/arm64/Dockerfile.buildx.alpine b/docker/arm64/Dockerfile.buildx.alpine index 94ffb249..32c3d12b 100644 --- a/docker/arm64/Dockerfile.buildx.alpine +++ b/docker/arm64/Dockerfile.buildx.alpine @@ -16,15 +16,15 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2022.9.0 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.0 -# [vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc] +# $ docker pull vaultwarden/web-vault:v2022.9.2 +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.2 +# [vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc -# [vaultwarden/web-vault:v2022.9.0] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e +# [vaultwarden/web-vault:v2022.9.2] # -FROM vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc as vault +FROM vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e as vault ########################## BUILD IMAGE ########################## FROM blackdex/rust-musl:aarch64-musl-stable-1.64.0 as build diff --git a/docker/armv6/Dockerfile b/docker/armv6/Dockerfile index 96210168..b329b925 100644 --- a/docker/armv6/Dockerfile +++ b/docker/armv6/Dockerfile @@ -16,15 +16,15 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2022.9.0 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.0 -# [vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc] +# $ docker pull vaultwarden/web-vault:v2022.9.2 +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.2 +# [vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc -# [vaultwarden/web-vault:v2022.9.0] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e +# [vaultwarden/web-vault:v2022.9.2] # -FROM vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc as vault +FROM vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e as vault ########################## BUILD IMAGE ########################## FROM rust:1.64-bullseye as build diff --git a/docker/armv6/Dockerfile.alpine b/docker/armv6/Dockerfile.alpine index 21b66728..1df53edb 100644 --- a/docker/armv6/Dockerfile.alpine +++ b/docker/armv6/Dockerfile.alpine @@ -16,15 +16,15 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2022.9.0 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.0 -# [vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc] +# $ docker pull vaultwarden/web-vault:v2022.9.2 +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.2 +# [vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc -# [vaultwarden/web-vault:v2022.9.0] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e +# [vaultwarden/web-vault:v2022.9.2] # -FROM vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc as vault +FROM vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e as vault ########################## BUILD IMAGE ########################## FROM blackdex/rust-musl:arm-musleabi-stable-1.64.0 as build diff --git a/docker/armv6/Dockerfile.buildx b/docker/armv6/Dockerfile.buildx index 9797342a..41fa992f 100644 --- a/docker/armv6/Dockerfile.buildx +++ b/docker/armv6/Dockerfile.buildx @@ -16,15 +16,15 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2022.9.0 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.0 -# [vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc] +# $ docker pull vaultwarden/web-vault:v2022.9.2 +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.2 +# [vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc -# [vaultwarden/web-vault:v2022.9.0] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e +# [vaultwarden/web-vault:v2022.9.2] # -FROM vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc as vault +FROM vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e as vault ########################## BUILD IMAGE ########################## FROM rust:1.64-bullseye as build diff --git a/docker/armv6/Dockerfile.buildx.alpine b/docker/armv6/Dockerfile.buildx.alpine index 82d52a7d..6cc1efc4 100644 --- a/docker/armv6/Dockerfile.buildx.alpine +++ b/docker/armv6/Dockerfile.buildx.alpine @@ -16,15 +16,15 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2022.9.0 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.0 -# [vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc] +# $ docker pull vaultwarden/web-vault:v2022.9.2 +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.2 +# [vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc -# [vaultwarden/web-vault:v2022.9.0] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e +# [vaultwarden/web-vault:v2022.9.2] # -FROM vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc as vault +FROM vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e as vault ########################## BUILD IMAGE ########################## FROM blackdex/rust-musl:arm-musleabi-stable-1.64.0 as build diff --git a/docker/armv7/Dockerfile b/docker/armv7/Dockerfile index 07c3e594..69d2161a 100644 --- a/docker/armv7/Dockerfile +++ b/docker/armv7/Dockerfile @@ -16,15 +16,15 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2022.9.0 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.0 -# [vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc] +# $ docker pull vaultwarden/web-vault:v2022.9.2 +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.2 +# [vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc -# [vaultwarden/web-vault:v2022.9.0] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e +# [vaultwarden/web-vault:v2022.9.2] # -FROM vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc as vault +FROM vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e as vault ########################## BUILD IMAGE ########################## FROM rust:1.64-bullseye as build diff --git a/docker/armv7/Dockerfile.alpine b/docker/armv7/Dockerfile.alpine index a51fa9b0..260ca7c9 100644 --- a/docker/armv7/Dockerfile.alpine +++ b/docker/armv7/Dockerfile.alpine @@ -16,15 +16,15 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2022.9.0 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.0 -# [vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc] +# $ docker pull vaultwarden/web-vault:v2022.9.2 +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.2 +# [vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc -# [vaultwarden/web-vault:v2022.9.0] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e +# [vaultwarden/web-vault:v2022.9.2] # -FROM vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc as vault +FROM vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e as vault ########################## BUILD IMAGE ########################## FROM blackdex/rust-musl:armv7-musleabihf-stable-1.64.0 as build diff --git a/docker/armv7/Dockerfile.buildx b/docker/armv7/Dockerfile.buildx index 34e26006..05956095 100644 --- a/docker/armv7/Dockerfile.buildx +++ b/docker/armv7/Dockerfile.buildx @@ -16,15 +16,15 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2022.9.0 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.0 -# [vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc] +# $ docker pull vaultwarden/web-vault:v2022.9.2 +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.2 +# [vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc -# [vaultwarden/web-vault:v2022.9.0] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e +# [vaultwarden/web-vault:v2022.9.2] # -FROM vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc as vault +FROM vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e as vault ########################## BUILD IMAGE ########################## FROM rust:1.64-bullseye as build diff --git a/docker/armv7/Dockerfile.buildx.alpine b/docker/armv7/Dockerfile.buildx.alpine index ffe20bf1..24270bbf 100644 --- a/docker/armv7/Dockerfile.buildx.alpine +++ b/docker/armv7/Dockerfile.buildx.alpine @@ -16,15 +16,15 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2022.9.0 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.0 -# [vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc] +# $ docker pull vaultwarden/web-vault:v2022.9.2 +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2022.9.2 +# [vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc -# [vaultwarden/web-vault:v2022.9.0] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e +# [vaultwarden/web-vault:v2022.9.2] # -FROM vaultwarden/web-vault@sha256:99d21235a64084c9115f4aa3da1298881b8bbf146c0d48d6530b4d685a6a6fbc as vault +FROM vaultwarden/web-vault@sha256:87b34b7525eba133b7f16b9975917362a3ab9f6466d5264c850816a8fc5e629e as vault ########################## BUILD IMAGE ########################## FROM blackdex/rust-musl:armv7-musleabihf-stable-1.64.0 as build From e6c6609e199e4ec861496cf2f3af7b6c6ba2c02e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garc=C3=ADa?= Date: Sun, 9 Oct 2022 17:02:27 +0200 Subject: [PATCH 20/21] 8bit Solutions LLC. -> Bitwarden, Inc. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9af01480..3e25e158 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ Image is based on [Rust implementation of Bitwarden API](https://github.com/dani-garcia/vaultwarden). -**This project is not associated with the [Bitwarden](https://bitwarden.com/) project nor 8bit Solutions LLC.** +**This project is not associated with the [Bitwarden](https://bitwarden.com/) project nor Bitwarden, Inc.** #### ⚠️**IMPORTANT**⚠️: When using this server, please report any bugs or suggestions to us directly (look at the bottom of this page for ways to get in touch), regardless of whatever clients you are using (mobile, desktop, browser...). DO NOT use the official support channels. From 382e6107fe79c0828c7efeb1e05b81cf2a0f2572 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garc=C3=ADa?= Date: Sun, 9 Oct 2022 17:40:45 +0200 Subject: [PATCH 21/21] Update dependencies --- Cargo.lock | 311 ++++++++++++++++++++++++++++++++++++----------------- Cargo.toml | 16 +-- 2 files changed, 219 insertions(+), 108 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b6ea2ad0..4dbbaf15 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -19,30 +19,30 @@ checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" [[package]] name = "aead" -version = "0.4.3" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b613b8e1e3cf911a086f53f03bf286f52fd7a7258e4fa606f0ef220d39d8877" +checksum = "5c192eb8f11fc081b0fe4259ba5af04217d4e0faddd02417310a927911abd7c8" dependencies = [ + "crypto-common", "generic-array", ] [[package]] name = "aes" -version = "0.7.5" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e8b47f52ea9bae42228d07ec09eb676433d7c4ed1ebdf0f1d1c29ed446f1ab8" +checksum = "bfe0133578c0986e1fe3dfcd4af1cc5b2dd6c3dbf534d69916ce16a2701d40ba" dependencies = [ "cfg-if", "cipher", "cpufeatures", - "opaque-debug", ] [[package]] name = "aes-gcm" -version = "0.9.4" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "df5f85a83a7d8b0442b6aa7b504b8212c1733da07b98aae43d4bc21b2cb3cdf6" +checksum = "82e1366e0c69c9f927b1fa5ce2c7bf9eafc8f9268c0b9800729e8b267612447c" dependencies = [ "aead", "aes", @@ -85,20 +85,11 @@ dependencies = [ "libc", ] -[[package]] -name = "ansi_term" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2" -dependencies = [ - "winapi", -] - [[package]] name = "async-compression" -version = "0.3.14" +version = "0.3.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "345fd392ab01f746c717b1357165b76f0b67a60192007b234058c9045fdcf695" +checksum = "942c7cd7ae39e91bde4820d74132e9862e62c2f386c3aa90ccf55949f5bad63a" dependencies = [ "brotli", "flate2", @@ -342,18 +333,29 @@ dependencies = [ [[package]] name = "cipher" -version = "0.3.0" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ee52072ec15386f770805afd189a01c8841be8696bed250fa2f13c4c0d6dfb7" +checksum = "d1873270f8f7942c191139cb8a40fd228da6c3fd2fc376d7e92d47aa14aeb59e" dependencies = [ - "generic-array", + "crypto-common", + "inout", +] + +[[package]] +name = "codespan-reporting" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3538270d33cc669650c4b093848450d380def10c331d38c768e34cac80576e6e" +dependencies = [ + "termcolor", + "unicode-width", ] [[package]] name = "cookie" -version = "0.16.0" +version = "0.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94d4706de1b0fa5b132270cddffa8585166037822e260a944fe161acd137ca05" +checksum = "344adc371239ef32293cb1c4fe519592fcf21206c79c02854320afcdf3ab4917" dependencies = [ "aes-gcm", "base64", @@ -363,7 +365,7 @@ dependencies = [ "rand", "sha2", "subtle", - "time 0.3.14", + "time 0.3.15", "version_check", ] @@ -379,7 +381,7 @@ dependencies = [ "publicsuffix", "serde", "serde_json", - "time 0.3.14", + "time 0.3.15", "url 2.3.1", ] @@ -395,7 +397,7 @@ dependencies = [ "publicsuffix", "serde", "serde_json", - "time 0.3.14", + "time 0.3.15", "url 2.3.1", ] @@ -435,9 +437,9 @@ dependencies = [ [[package]] name = "cron" -version = "0.11.0" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d76219e9243e100d5a37676005f08379297f8addfebc247613299600625c734d" +checksum = "1ff76b51e4c068c52bfd2866e1567bee7c567ae8f24ada09fd4307019e25eab7" dependencies = [ "chrono", "nom", @@ -446,12 +448,11 @@ dependencies = [ [[package]] name = "crossbeam-utils" -version = "0.8.11" +version = "0.8.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51887d4adc7b564537b15adcfb307936f8075dfcd5f00dde9a9f1d29383682bc" +checksum = "edbafec5fa1f196ca66527c1b12c2ec4745ca14b50f1ad8f9f6f720b55d11fac" dependencies = [ "cfg-if", - "once_cell", ] [[package]] @@ -461,14 +462,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" dependencies = [ "generic-array", + "rand_core", "typenum", ] [[package]] name = "ctr" -version = "0.8.0" +version = "0.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "049bb91fb4aaf0e3c7efa6cd5ef877dbbbd15b39dad06d9948de4ec8a75761ea" +checksum = "0369ee1ad671834580515889b80f2ea915f23b8be8d0daa4bbaf2ac5c7590835" dependencies = [ "cipher", ] @@ -483,6 +485,50 @@ dependencies = [ "winapi", ] +[[package]] +name = "cxx" +version = "1.0.78" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "19f39818dcfc97d45b03953c1292efc4e80954e1583c4aa770bac1383e2310a4" +dependencies = [ + "cc", + "cxxbridge-flags", + "cxxbridge-macro", + "link-cplusplus", +] + +[[package]] +name = "cxx-build" +version = "1.0.78" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3e580d70777c116df50c390d1211993f62d40302881e54d4b79727acb83d0199" +dependencies = [ + "cc", + "codespan-reporting", + "once_cell", + "proc-macro2", + "quote", + "scratch", + "syn", +] + +[[package]] +name = "cxxbridge-flags" +version = "1.0.78" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56a46460b88d1cec95112c8c363f0e2c39afdb237f60583b0b36343bf627ea9c" + +[[package]] +name = "cxxbridge-macro" +version = "1.0.78" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "747b608fecf06b0d72d440f27acc99288207324b793be2c17991839f3d4995ea" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "darling" version = "0.13.4" @@ -727,9 +773,9 @@ dependencies = [ [[package]] name = "figment" -version = "0.10.7" +version = "0.10.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e3bd154d9ae2f1bb0ada5b7eebd56529513efa5de7d2fc8c6adf33bc43260cf" +checksum = "4e56602b469b2201400dec66a66aec5a9b8761ee97cd1b8c96ab2483fcc16cc9" dependencies = [ "atomic", "pear", @@ -910,9 +956,9 @@ dependencies = [ [[package]] name = "ghash" -version = "0.4.4" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1583cc1656d7839fd3732b80cf4f38850336cdb9b8ded1cd399ca62958de3c99" +checksum = "d930750de5717d2dd0b8c0d42c076c0e884c81a73e6cab859bbd2339c71e3e40" dependencies = [ "opaque-debug", "polyval", @@ -975,9 +1021,9 @@ checksum = "eabb4a44450da02c90444cf74558da904edde8fb4e9035a9a6a4e15445af0bd7" [[package]] name = "handlebars" -version = "4.3.4" +version = "4.3.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "56b224eaa4987c03c30b251de7ef0c15a6a59f34222905850dbc3026dfb24d5f" +checksum = "433e4ab33f1213cdc25b5fa45c76881240cfe79284cf2b395e8b9e312a30a2fd" dependencies = [ "log", "pest", @@ -1120,17 +1166,28 @@ dependencies = [ [[package]] name = "iana-time-zone" -version = "0.1.50" +version = "0.1.51" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd911b35d940d2bd0bea0f9100068e5b97b51a1cbe13d13382f132e0365257a0" +checksum = "f5a6ef98976b22b3b7f2f3a806f858cb862044cfa66805aa3ad84cb3d3b785ed" dependencies = [ "android_system_properties", "core-foundation-sys", + "iana-time-zone-haiku", "js-sys", "wasm-bindgen", "winapi", ] +[[package]] +name = "iana-time-zone-haiku" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fde6edd6cef363e9359ed3c98ba64590ba9eecba2293eb5a723ab32aee8926aa" +dependencies = [ + "cxx", + "cxx-build", +] + [[package]] name = "ident_case" version = "1.0.1" @@ -1186,6 +1243,15 @@ version = "0.1.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c8fae54786f62fb2918dcfae3d568594e50eb9b5c25bf04371af6fe7516452fb" +[[package]] +name = "inout" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5" +dependencies = [ + "generic-array", +] + [[package]] name = "instant" version = "0.1.12" @@ -1215,9 +1281,9 @@ checksum = "879d54834c8c76457ef4293a689b2a8c59b076067ad77b15efafbb05f92a592b" [[package]] name = "itoa" -version = "1.0.3" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c8af84674fe1f223a982c933a0ee1086ac4d4052aa0fb8060c12c6ad838e754" +checksum = "4217ad341ebadf8d8e724e264f13e593e0648f5b3e94b3896a5df283be015ecc" [[package]] name = "jetscii" @@ -1227,9 +1293,9 @@ checksum = "47f142fe24a9c9944451e8349de0a56af5f3e7226dc46f3ed4d4ecc0b85af75e" [[package]] name = "job_scheduler_ng" -version = "2.0.1" +version = "2.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e488bbc07c44295a7a07bfedfa36c9c77509c2e02599c1b5aef977779afca4d" +checksum = "854c3036c710866ee61a7e1cd7f39988dd077d0d97ce5dd23b0a1f64f3fffb42" dependencies = [ "chrono", "cron", @@ -1295,9 +1361,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.133" +version = "0.2.134" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0f80d65747a3e43d1596c7c5492d95d5edddaabd45a7fcdb02b95f644164966" +checksum = "329c933548736bc49fd575ee68c89e8be4d260064184389a5b77517cddd99ffb" [[package]] name = "libmimalloc-sys" @@ -1319,6 +1385,15 @@ dependencies = [ "vcpkg", ] +[[package]] +name = "link-cplusplus" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9272ab7b96c9046fbc5bc56c06c117cb639fe2d509df0c421cad82d2915cf369" +dependencies = [ + "cc", +] + [[package]] name = "linked-hash-map" version = "0.5.6" @@ -1548,6 +1623,16 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "38bf9645c8b145698bb0b18a4637dcacbc421ea49bef2317e4fd8065a387cf21" +[[package]] +name = "nu-ansi-term" +version = "0.46.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77a8165726e8236064dbb45459242600304b42a5ea24ee2948e18e023bf7ba84" +dependencies = [ + "overload", + "winapi", +] + [[package]] name = "num-bigint" version = "0.4.3" @@ -1631,9 +1716,9 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "openssl" -version = "0.10.41" +version = "0.10.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "618febf65336490dfcf20b73f885f5651a0c89c64c2d4a8c3662585a70bf5bd0" +checksum = "12fc0523e3bd51a692c8850d075d74dc062ccf251c0110668cbd921917118a13" dependencies = [ "bitflags", "cfg-if", @@ -1672,9 +1757,9 @@ dependencies = [ [[package]] name = "openssl-sys" -version = "0.9.75" +version = "0.9.76" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e5f9bd0c2710541a3cda73d6f9ac4f1b240de4ae261065d309dbe73d9dceb42f" +checksum = "5230151e44c0f05157effb743e8d517472843121cf9243e8b81393edb5acd9ce" dependencies = [ "autocfg", "cc", @@ -1684,6 +1769,12 @@ dependencies = [ "vcpkg", ] +[[package]] +name = "overload" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" + [[package]] name = "parking_lot" version = "0.12.1" @@ -1768,9 +1859,9 @@ checksum = "478c572c3d73181ff3c2539045f6eb99e5491218eae919370993b890cdbdd98e" [[package]] name = "pest" -version = "2.3.1" +version = "2.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb779fcf4bb850fbbb0edc96ff6cf34fd90c4b1a112ce042653280d9a7364048" +checksum = "dbc7bc69c062e492337d74d59b120c274fd3d261b6bf6d3207d499b4b379c41a" dependencies = [ "thiserror", "ucd-trie", @@ -1778,9 +1869,9 @@ dependencies = [ [[package]] name = "pest_derive" -version = "2.3.1" +version = "2.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "502b62a6d0245378b04ffe0a7fb4f4419a4815fce813bd8a0ec89a56e07d67b1" +checksum = "60b75706b9642ebcb34dab3bc7750f811609a0eb1dd8b88c2d15bf628c1c65b2" dependencies = [ "pest", "pest_generator", @@ -1788,9 +1879,9 @@ dependencies = [ [[package]] name = "pest_generator" -version = "2.3.1" +version = "2.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "451e629bf49b750254da26132f1a5a9d11fd8a95a3df51d15c4abd1ba154cb6c" +checksum = "f4f9272122f5979a6511a749af9db9bfc810393f63119970d7085fed1c4ea0db" dependencies = [ "pest", "pest_meta", @@ -1801,9 +1892,9 @@ dependencies = [ [[package]] name = "pest_meta" -version = "2.3.1" +version = "2.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bcec162c71c45e269dfc3fc2916eaeb97feab22993a21bcce4721d08cd7801a6" +checksum = "4c8717927f9b79515e565a64fe46c38b8cd0427e64c40680b14a7365ab09ac8d" dependencies = [ "once_cell", "pest", @@ -1875,9 +1966,9 @@ checksum = "1df8c4ec4b0627e53bdf214615ad287367e482558cf84b109250b37464dc03ae" [[package]] name = "polyval" -version = "0.5.3" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8419d2b623c7c0896ff2d5d96e2cb4ede590fed28fcc34934f4c33c036e620a1" +checksum = "7ef234e08c11dfcb2e56f79fd70f6f2eb7f025c0ce2333e82f4f0518ecad30c6" dependencies = [ "cfg-if", "cpufeatures", @@ -1908,9 +1999,9 @@ checksum = "dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5" [[package]] name = "proc-macro2" -version = "1.0.44" +version = "1.0.46" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7bd7356a8122b6c4a24a82b278680c73357984ca2fc79a0f9fa6dea7dced7c58" +checksum = "94e2ef8dbfc347b10c094890f778ee2e36ca9bb4262e86dc99cd217e35f3470b" dependencies = [ "unicode-ident", ] @@ -1936,11 +2027,11 @@ checksum = "33cb294fe86a74cbcf50d4445b37da762029549ebeea341421c7c70370f86cac" [[package]] name = "publicsuffix" -version = "2.2.2" +version = "2.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aeeedb0b429dc462f30ad27ef3de97058b060016f47790c066757be38ef792b4" +checksum = "96a8c1bda5ae1af7f99a2962e49df150414a43d62404644d98dd5c3a93d07457" dependencies = [ - "idna 0.2.3", + "idna 0.3.0", "psl-types", ] @@ -2226,7 +2317,7 @@ dependencies = [ "serde_json", "state", "tempfile", - "time 0.3.14", + "time 0.3.15", "tokio", "tokio-stream", "tokio-util", @@ -2275,7 +2366,7 @@ dependencies = [ "smallvec", "stable-pattern", "state", - "time 0.3.14", + "time 0.3.15", "tokio", "tokio-rustls", "uncased", @@ -2360,6 +2451,12 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" +[[package]] +name = "scratch" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c8132065adcfd6e02db789d9285a0deb2f3fcb04002865ab67d5fb103533898" + [[package]] name = "sct" version = "0.7.0" @@ -2506,7 +2603,7 @@ dependencies = [ "num-bigint", "num-traits", "thiserror", - "time 0.3.14", + "time 0.3.15", ] [[package]] @@ -2526,9 +2623,9 @@ dependencies = [ [[package]] name = "smallvec" -version = "1.9.0" +version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2fd0db749597d91ff862fd1d55ea87f7855a744a8425a64695b6fca237d1dad1" +checksum = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0" [[package]] name = "socket2" @@ -2584,9 +2681,9 @@ checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" [[package]] name = "syn" -version = "1.0.100" +version = "1.0.102" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "52205623b1b0f064a4e71182c3b18ae902267282930c6d5462c91b859668426e" +checksum = "3fcd952facd492f9be3ef0d0b7032a6e442ee9b361d4acc2b1d0c4aaa5f613a1" dependencies = [ "proc-macro2", "quote", @@ -2603,7 +2700,7 @@ dependencies = [ "hostname", "libc", "log", - "time 0.3.14", + "time 0.3.15", ] [[package]] @@ -2620,20 +2717,29 @@ dependencies = [ "winapi", ] +[[package]] +name = "termcolor" +version = "1.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bab24d30b911b2376f3a13cc2cd443142f0c81dda04c118693e35b3835757755" +dependencies = [ + "winapi-util", +] + [[package]] name = "thiserror" -version = "1.0.36" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a99cb8c4b9a8ef0e7907cd3b617cc8dc04d571c4e73c8ae403d80ac160bb122" +checksum = "10deb33631e3c9018b9baf9dcbbc4f737320d2b576bac10f6aefa048fa407e3e" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.36" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3a891860d3c8d66fec8e73ddb3765f90082374dbaaa833407b904a94f1a7eb43" +checksum = "982d17546b47146b28f7c22e3d08465f6b8903d0ea13c1660d9d84a6e7adcdbb" dependencies = [ "proc-macro2", "quote", @@ -2670,9 +2776,9 @@ dependencies = [ [[package]] name = "time" -version = "0.3.14" +version = "0.3.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c3f9a28b618c3a6b9251b6908e9c99e04b9e5c02e6581ccbb67d59c34ef7f9b" +checksum = "d634a985c4d4238ec39cacaed2e7ae552fbd3c476b552c1deac3021b7d7eaf0c" dependencies = [ "itoa", "libc", @@ -2703,9 +2809,9 @@ checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c" [[package]] name = "tokio" -version = "1.21.1" +version = "1.21.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0020c875007ad96677dcc890298f4b942882c5d4eb7cc8f439fc3bf813dc9c95" +checksum = "a9e03c497dc955702ba729190dc4aac6f2a0ce97f913e5b1b5912fc5039d9099" dependencies = [ "autocfg", "bytes", @@ -2713,7 +2819,6 @@ dependencies = [ "memchr", "mio", "num_cpus", - "once_cell", "parking_lot", "pin-project-lite", "signal-hook-registry", @@ -2832,9 +2937,9 @@ checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52" [[package]] name = "tracing" -version = "0.1.36" +version = "0.1.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2fce9567bd60a67d08a16488756721ba392f24f29006402881e43b19aac64307" +checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8" dependencies = [ "cfg-if", "log", @@ -2845,9 +2950,9 @@ dependencies = [ [[package]] name = "tracing-attributes" -version = "0.1.22" +version = "0.1.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "11c75893af559bc8e10716548bdef5cb2b983f8e637db9d0e15126b61b484ee2" +checksum = "4017f8f45139870ca7e672686113917c71c7a6e02d4924eda67186083c03081a" dependencies = [ "proc-macro2", "quote", @@ -2856,9 +2961,9 @@ dependencies = [ [[package]] name = "tracing-core" -version = "0.1.29" +version = "0.1.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5aeea4303076558a00714b823f9ad67d58a3bbda1df83d8827d21193156e22f7" +checksum = "24eb03ba0eab1fd845050058ce5e616558e8f8d8fca633e6b163fe25c797213a" dependencies = [ "once_cell", "valuable", @@ -2877,12 +2982,12 @@ dependencies = [ [[package]] name = "tracing-subscriber" -version = "0.3.15" +version = "0.3.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "60db860322da191b40952ad9affe65ea23e7dd6a5c442c2c42865810c6ab8e6b" +checksum = "a6176eae26dd70d0c919749377897b54a9276bd7061339665dd68777926b5a70" dependencies = [ - "ansi_term", "matchers", + "nu-ansi-term", "once_cell", "regex", "sharded-slab", @@ -3002,9 +3107,9 @@ checksum = "099b7128301d285f79ddd55b9a83d5e6b9e97c92e0ea0daebee7263e932de992" [[package]] name = "unicode-ident" -version = "1.0.4" +version = "1.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dcc811dc4066ac62f84f11307873c4850cb653bfa9b1719cee2bd2204a4bc5dd" +checksum = "6ceab39d59e4c9499d4e5a8ee0e2735b891bb7308ac83dfb4e80cad195c9f6f3" [[package]] name = "unicode-normalization" @@ -3015,6 +3120,12 @@ dependencies = [ "tinyvec", ] +[[package]] +name = "unicode-width" +version = "0.1.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b" + [[package]] name = "unicode-xid" version = "0.2.4" @@ -3023,11 +3134,11 @@ checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" [[package]] name = "universal-hash" -version = "0.4.1" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f214e8f697e925001e66ec2c6e37a4ef93f0f78c2eed7814394e10c62025b05" +checksum = "7d3160b73c9a19f7e2939a2fdad446c57c1bbbbf4d919d3213ff1267a580d8b5" dependencies = [ - "generic-array", + "crypto-common", "subtle", ] @@ -3068,9 +3179,9 @@ checksum = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9" [[package]] name = "uuid" -version = "1.1.2" +version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd6469f4314d5f1ffec476e05f17cc9a78bc7a27a6a857842170bdf8d6f98d2f" +checksum = "feb41e78f93363bb2df8b0e86a2ca30eed7806ea16ea0c790d757cf93f79be83" dependencies = [ "getrandom", ] @@ -3126,7 +3237,7 @@ dependencies = [ "serde", "serde_json", "syslog", - "time 0.3.14", + "time 0.3.15", "tokio", "tokio-tungstenite", "totp-lite", diff --git a/Cargo.toml b/Cargo.toml index 583fe710..f9958821 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -37,7 +37,7 @@ syslog = "6.0.1" # Needs to be v4 until fern is updated # Logging log = "0.4.17" fern = { version = "0.6.1", features = ["syslog-6"] } -tracing = { version = "0.1.36", features = ["log"] } # Needed to have lettre and webauthn-rs trace logging to work +tracing = { version = "0.1.37", features = ["log"] } # Needed to have lettre and webauthn-rs trace logging to work backtrace = "0.3.66" # Logging panics to logfile instead stderr only @@ -61,7 +61,7 @@ dashmap = "5.4.0" # Async futures futures = "0.3.24" -tokio = { version = "1.21.1", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time"] } +tokio = { version = "1.21.2", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time"] } # A generic serialization/deserialization framework serde = { version = "1.0.145", features = ["derive"] } @@ -79,15 +79,15 @@ rand = { version = "0.8.5", features = ["small_rng"] } ring = "0.16.20" # UUID generation -uuid = { version = "1.1.2", features = ["v4"] } +uuid = { version = "1.2.1", features = ["v4"] } # Date and time libraries chrono = { version = "0.4.22", features = ["clock", "serde"], default-features = false } chrono-tz = "0.6.3" -time = "0.3.14" +time = "0.3.15" # Job scheduler -job_scheduler_ng = "2.0.1" +job_scheduler_ng = "2.0.2" # Data encoding library Hex/Base32/Base64 data-encoding = "2.3.2" @@ -112,7 +112,7 @@ lettre = { version = "0.10.1", features = ["smtp-transport", "builder", "serde", percent-encoding = "2.2.0" # URL encoding library used for URL's in the emails # Template library -handlebars = { version = "4.3.4", features = ["dir_source"] } +handlebars = { version = "4.3.5", features = ["dir_source"] } # HTTP client reqwest = { version = "0.11.12", features = ["stream", "json", "gzip", "brotli", "socks", "cookies", "trust-dns"] } @@ -125,11 +125,11 @@ bytes = "1.2.1" cached = "0.39.0" # Used for custom short lived cookie jar during favicon extraction -cookie = "0.16.0" +cookie = "0.16.1" cookie_store = "0.17.0" # Used by U2F, JWT and Postgres -openssl = "0.10.41" +openssl = "0.10.42" # CLI argument parsing pico-args = "0.5.0"