de86aa671e
Fix Key Rotation during password change
When ticking the 'Also rotate my account's encryption key' box, the key
rotated ciphers are posted after the change of password.
During the password change the security stamp was reseted which made
the posted key's return an invalid auth. This reset is needed to prevent other clients from still being able to read/write.
This fixes this by adding a new database column which stores a stamp exception which includes the allowed route and the current security stamp before it gets reseted.
When the security stamp check fails it will check if there is a stamp exception and tries to match the route and security stamp.
Currently it only allows for one exception. But if needed we could expand it by using a Vec<UserStampException> and change the functions accordingly.
fixes #1240
4 years ago
b41a0d840c
Correction of verify_email error message
5 years ago
c64560016e
Add /api/accounts/verify-password endpoint
If for some reason the hashed password is cleared from memory within a
bitwarden client it will try to verify the password at the server side.
This endpoint was missing.
Resolves #1156
5 years ago
668d5c23dc
Removed try_trait and some formatting, particularly around imports
5 years ago
a314933557
Allow email changes for existing accounts even when signups are disabled
5 years ago
5571a5d8ed
Update post_keys to return a keys response model
5 years ago
c2a324e5da
Clean up domain whitelist logic
* Make `SIGNUPS_DOMAINS_WHITELIST` override the `SIGNUPS_ALLOWED` setting.
Otherwise, a common pitfall is to set `SIGNUPS_DOMAINS_WHITELIST` without
realizing that `SIGNUPS_ALLOWED=false` must also be set.
* Whitespace is now accepted in `SIGNUPS_DOMAINS_WHITELIST`. That is,
`foo.com, bar.com` is now equivalent to `foo.com,bar.com`.
* Add validation on `SIGNUPS_DOMAINS_WHITELIST`. For example, `foo.com,`
is rejected as containing an empty token.
5 years ago
912e1f93b7
Fix some lints
5 years ago
bd1e8be328
Implement change-email, email-verification, account-recovery, and welcome notifications
6 years ago
64d6f72e6c
Add the ability to disable signups, but allow signups from a whitelist
This feature can be enabled by setting SIGNUPS_ALLOWED=false and
providing a comma-separated list of whitelisted domains in
SIGNUPS_DOMAINS_WHITELIST.
Fixes #727
6 years ago
00a11b1b78
Stop leaking usernames when SIGNUPS_ALLOWED=false
This fixes #691 - respond in less specific way to not leak the
fact that user is already registered on the server.
6 years ago
e22e290f67
Fix key and type variable names for mysql
6 years ago
6027b969f5
Delete old devices when deauthorizing user sessions
6 years ago
86ed75bf7c
Config can now be serialized / deserialized
6 years ago
a1dc47b826
Change config to thread-safe system, needed for a future config panel.
Improved some two factor methods.
6 years ago
834c847746
Implement admin JWT cookie, separate JWT issuers for each type of token and migrate admin page to handlebars template
6 years ago
4309df8334
Only create invitations when SMTP is disabled, and ignore invitations if we have a token.
Disallow users from accepting invitation twice
6 years ago
5f49ecd7f3
Updated dependencies to use u2f crate directly, and some style changes
6 years ago
30e768613b
Start using rustfmt and some style changes to make some lines shorter
6 years ago
2bb0b15e04
Implemented better errors for JWT
6 years ago
250a2b340f
Use new Errors in latest changes
6 years ago
6a99849a1e
Implemented proper error handling, now we can do `user.save($conn)?;` and it works.
In the future, maybe we can do the same with the `find_by_id` methods that return an Option.
6 years ago
2cd736ab81
Validate JWT if a user registers with SMTP invites enabled
6 years ago
26bf7bc12f
Use upstream jslib invite/registration workflow
6 years ago
9479108fb7
Remove CONFIG.email_invitations
6 years ago
4910b14d57
Implement email invitations and registration workflow
6 years ago
94810c106a
Migrate to rust 2018 edition
7 years ago
f71f10eac6
Implemented key rotation with the latest vault
7 years ago
c673370103
Updated bw_rs to Rocket version 0.4-rc1
7 years ago
e985221b50
User::save() should return QueryResult instead of bool
7 years ago
64f6c60bfd
Organization::save() and UserOrganization::save() should return QueryResult instead of bool
7 years ago
a28caa33ef
Implement poor man's admin panel
7 years ago
7112c86471
Updated dependencies, removed valid mail check (now done by lettre), and updated global domains file
7 years ago
ebb66c374e
Implement KDF iterations change ( Fixes #195 )
7 years ago
f7951b44ba
Add alias for DELETE call on accounts
7 years ago
b75ba216d1
Return default prelogin values when the user doesn't exist
7 years ago
8651df8c2a
Fixed some lint issues
7 years ago
3e1afb139c
Remove unnecessary return
7 years ago
c1cd4d9a6b
Modify User::new to be keyless and paswordless
7 years ago
ec05f14f5a
Implement poor man's invitation via Organization invitation
7 years ago
37d88be2be
return an error when email adress for password hint is not valid
7 years ago
1c641d7635
Special messages when user has no password hint
7 years ago
e2ab2f7306
Save None instead of empty password hint
7 years ago
8d1ee859f2
Implemented basic support for prelogin and notification negotiation
7 years ago
9e63985b28
Check email validity before using it for password hint sending
7 years ago
12a2dc0901
Add PUT alias for profile update
7 years ago
d68f57cbba
Fix password hint showing logic
7 years ago
812387e586
SMTP integration, send password hint by email.
7 years ago
58c1545707
Return revision date in miliseconds ( fixes #127 )
7 years ago
d3b4b10d18
Add a explaination to the password hint message #85
7 years ago
BlackDex
Fabian van Steen
Daniel García
Jeremy Lin
theycallmesteve
tomuta
Miro Prasil
Emil Madsen
Nick Fox
janost
Miroslav Prasil
Jean-Christophe BEGUE
Jean-Christophe BEGUE