aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel GarcĂ­a <[email protected]>2024-11-14 22:16:43 +0100
committerGitHub <[email protected]>2024-11-14 22:16:43 +0100
commitf819e6c728dcbf9a3a27fb603c76e8ea7697953d (patch)
tree4ddd1ecf7243ff9d0f5f7ca9a08d64926edf45f3
parent6765b21bacd88b9a7b9fc4b042207524ace31719 (diff)
parentff33534c07ba05184fbb2adf562334ac56686c55 (diff)
downloadvaultwarden-f819e6c728dcbf9a3a27fb603c76e8ea7697953d.tar.gz
vaultwarden-f819e6c728dcbf9a3a27fb603c76e8ea7697953d.zip
Merge branch 'main' into ssh_keys
-rw-r--r--.env.template7
-rw-r--r--src/api/core/accounts.rs2
-rw-r--r--src/api/core/organizations.rs8
-rw-r--r--src/config.rs8
-rw-r--r--src/db/models/group.rs6
5 files changed, 16 insertions, 15 deletions
diff --git a/.env.template b/.env.template
index 2530345e..62ce5258 100644
--- a/.env.template
+++ b/.env.template
@@ -280,12 +280,13 @@
## The default for new users. If changed, it will be updated during login for existing users.
# PASSWORD_ITERATIONS=600000
-## Controls whether users can set password hints. This setting applies globally to all users.
+## Controls whether users can set or show password hints. This setting applies globally to all users.
# PASSWORD_HINTS_ALLOWED=true
## Controls whether a password hint should be shown directly in the web page if
-## SMTP service is not configured. Not recommended for publicly-accessible instances
-## as this provides unauthenticated access to potentially sensitive data.
+## SMTP service is not configured and password hints are allowed.
+## Not recommended for publicly-accessible instances because this provides
+## unauthenticated access to potentially sensitive data.
# SHOW_PASSWORD_HINT=false
#########################
diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs
index fca01d80..1e89ea93 100644
--- a/src/api/core/accounts.rs
+++ b/src/api/core/accounts.rs
@@ -905,7 +905,7 @@ struct PasswordHintData {
#[post("/accounts/password-hint", data = "<data>")]
async fn password_hint(data: Json<PasswordHintData>, mut conn: DbConn) -> EmptyResult {
- if !CONFIG.mail_enabled() || !CONFIG.show_password_hint() {
+ if !CONFIG.password_hints_allowed() || (!CONFIG.mail_enabled() && !CONFIG.show_password_hint()) {
err!("This server is not configured to provide password hints.");
}
diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs
index 551676d6..7ee6a089 100644
--- a/src/api/core/organizations.rs
+++ b/src/api/core/organizations.rs
@@ -2305,14 +2305,14 @@ async fn _restore_organization_user(
}
#[get("/organizations/<org_id>/groups")]
-async fn get_groups(org_id: &str, headers: ManagerHeadersLoose, mut conn: DbConn) -> JsonResult {
+async fn get_groups(org_id: &str, _headers: ManagerHeadersLoose, mut conn: DbConn) -> JsonResult {
let groups: Vec<Value> = if CONFIG.org_groups_enabled() {
// Group::find_by_organization(&org_id, &mut conn).await.iter().map(Group::to_json).collect::<Value>()
let groups = Group::find_by_organization(org_id, &mut conn).await;
let mut groups_json = Vec::with_capacity(groups.len());
for g in groups {
- groups_json.push(g.to_json_details(&headers.org_user.atype, &mut conn).await)
+ groups_json.push(g.to_json_details(&mut conn).await)
}
groups_json
} else {
@@ -2500,7 +2500,7 @@ async fn add_update_group(
}
#[get("/organizations/<_org_id>/groups/<group_id>/details")]
-async fn get_group_details(_org_id: &str, group_id: &str, headers: AdminHeaders, mut conn: DbConn) -> JsonResult {
+async fn get_group_details(_org_id: &str, group_id: &str, _headers: AdminHeaders, mut conn: DbConn) -> JsonResult {
if !CONFIG.org_groups_enabled() {
err!("Group support is disabled");
}
@@ -2510,7 +2510,7 @@ async fn get_group_details(_org_id: &str, group_id: &str, headers: AdminHeaders,
_ => err!("Group could not be found!"),
};
- Ok(Json(group.to_json_details(&(headers.org_user_type as i32), &mut conn).await))
+ Ok(Json(group.to_json_details(&mut conn).await))
}
#[post("/organizations/<org_id>/groups/<group_id>/delete")]
diff --git a/src/config.rs b/src/config.rs
index 5a8ec85b..e4e80927 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -497,11 +497,11 @@ make_config! {
/// Password iterations |> Number of server-side passwords hashing iterations for the password hash.
/// The default for new users. If changed, it will be updated during login for existing users.
password_iterations: i32, true, def, 600_000;
- /// Allow password hints |> Controls whether users can set password hints. This setting applies globally to all users.
+ /// Allow password hints |> Controls whether users can set or show password hints. This setting applies globally to all users.
password_hints_allowed: bool, true, def, true;
- /// Show password hint |> Controls whether a password hint should be shown directly in the web page
- /// if SMTP service is not configured. Not recommended for publicly-accessible instances as this
- /// provides unauthenticated access to potentially sensitive data.
+ /// Show password hint (Know the risks!) |> Controls whether a password hint should be shown directly in the web page
+ /// if SMTP service is not configured and password hints are allowed. Not recommended for publicly-accessible instances
+ /// because this provides unauthenticated access to potentially sensitive data.
show_password_hint: bool, true, def, false;
/// Admin token/Argon2 PHC |> The plain text token or Argon2 PHC string used to authenticate in this very same page. Changing it here will not deauthorize the current session!
diff --git a/src/db/models/group.rs b/src/db/models/group.rs
index 66ad338a..e226512d 100644
--- a/src/db/models/group.rs
+++ b/src/db/models/group.rs
@@ -1,4 +1,4 @@
-use super::{User, UserOrgType, UserOrganization};
+use super::{User, UserOrganization};
use crate::api::EmptyResult;
use crate::db::DbConn;
use crate::error::MapResult;
@@ -73,7 +73,7 @@ impl Group {
})
}
- pub async fn to_json_details(&self, user_org_type: &i32, conn: &mut DbConn) -> Value {
+ pub async fn to_json_details(&self, conn: &mut DbConn) -> Value {
let collections_groups: Vec<Value> = CollectionGroup::find_by_group(&self.uuid, conn)
.await
.iter()
@@ -82,7 +82,7 @@ impl Group {
"id": entry.collections_uuid,
"readOnly": entry.read_only,
"hidePasswords": entry.hide_passwords,
- "manage": *user_org_type >= UserOrgType::Admin || (*user_org_type == UserOrgType::Manager && !entry.read_only && !entry.hide_passwords)
+ "manage": false
})
})
.collect();