diff options
author | Daniel GarcĂa <[email protected]> | 2024-11-14 22:16:43 +0100 |
---|---|---|
committer | GitHub <[email protected]> | 2024-11-14 22:16:43 +0100 |
commit | f819e6c728dcbf9a3a27fb603c76e8ea7697953d (patch) | |
tree | 4ddd1ecf7243ff9d0f5f7ca9a08d64926edf45f3 | |
parent | 6765b21bacd88b9a7b9fc4b042207524ace31719 (diff) | |
parent | ff33534c07ba05184fbb2adf562334ac56686c55 (diff) | |
download | vaultwarden-f819e6c728dcbf9a3a27fb603c76e8ea7697953d.tar.gz vaultwarden-f819e6c728dcbf9a3a27fb603c76e8ea7697953d.zip |
Merge branch 'main' into ssh_keys
-rw-r--r-- | .env.template | 7 | ||||
-rw-r--r-- | src/api/core/accounts.rs | 2 | ||||
-rw-r--r-- | src/api/core/organizations.rs | 8 | ||||
-rw-r--r-- | src/config.rs | 8 | ||||
-rw-r--r-- | src/db/models/group.rs | 6 |
5 files changed, 16 insertions, 15 deletions
diff --git a/.env.template b/.env.template index 2530345e..62ce5258 100644 --- a/.env.template +++ b/.env.template @@ -280,12 +280,13 @@ ## The default for new users. If changed, it will be updated during login for existing users. # PASSWORD_ITERATIONS=600000 -## Controls whether users can set password hints. This setting applies globally to all users. +## Controls whether users can set or show password hints. This setting applies globally to all users. # PASSWORD_HINTS_ALLOWED=true ## Controls whether a password hint should be shown directly in the web page if -## SMTP service is not configured. Not recommended for publicly-accessible instances -## as this provides unauthenticated access to potentially sensitive data. +## SMTP service is not configured and password hints are allowed. +## Not recommended for publicly-accessible instances because this provides +## unauthenticated access to potentially sensitive data. # SHOW_PASSWORD_HINT=false ######################### diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index fca01d80..1e89ea93 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -905,7 +905,7 @@ struct PasswordHintData { #[post("/accounts/password-hint", data = "<data>")] async fn password_hint(data: Json<PasswordHintData>, mut conn: DbConn) -> EmptyResult { - if !CONFIG.mail_enabled() || !CONFIG.show_password_hint() { + if !CONFIG.password_hints_allowed() || (!CONFIG.mail_enabled() && !CONFIG.show_password_hint()) { err!("This server is not configured to provide password hints."); } diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index 551676d6..7ee6a089 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -2305,14 +2305,14 @@ async fn _restore_organization_user( } #[get("/organizations/<org_id>/groups")] -async fn get_groups(org_id: &str, headers: ManagerHeadersLoose, mut conn: DbConn) -> JsonResult { +async fn get_groups(org_id: &str, _headers: ManagerHeadersLoose, mut conn: DbConn) -> JsonResult { let groups: Vec<Value> = if CONFIG.org_groups_enabled() { // Group::find_by_organization(&org_id, &mut conn).await.iter().map(Group::to_json).collect::<Value>() let groups = Group::find_by_organization(org_id, &mut conn).await; let mut groups_json = Vec::with_capacity(groups.len()); for g in groups { - groups_json.push(g.to_json_details(&headers.org_user.atype, &mut conn).await) + groups_json.push(g.to_json_details(&mut conn).await) } groups_json } else { @@ -2500,7 +2500,7 @@ async fn add_update_group( } #[get("/organizations/<_org_id>/groups/<group_id>/details")] -async fn get_group_details(_org_id: &str, group_id: &str, headers: AdminHeaders, mut conn: DbConn) -> JsonResult { +async fn get_group_details(_org_id: &str, group_id: &str, _headers: AdminHeaders, mut conn: DbConn) -> JsonResult { if !CONFIG.org_groups_enabled() { err!("Group support is disabled"); } @@ -2510,7 +2510,7 @@ async fn get_group_details(_org_id: &str, group_id: &str, headers: AdminHeaders, _ => err!("Group could not be found!"), }; - Ok(Json(group.to_json_details(&(headers.org_user_type as i32), &mut conn).await)) + Ok(Json(group.to_json_details(&mut conn).await)) } #[post("/organizations/<org_id>/groups/<group_id>/delete")] diff --git a/src/config.rs b/src/config.rs index 5a8ec85b..e4e80927 100644 --- a/src/config.rs +++ b/src/config.rs @@ -497,11 +497,11 @@ make_config! { /// Password iterations |> Number of server-side passwords hashing iterations for the password hash. /// The default for new users. If changed, it will be updated during login for existing users. password_iterations: i32, true, def, 600_000; - /// Allow password hints |> Controls whether users can set password hints. This setting applies globally to all users. + /// Allow password hints |> Controls whether users can set or show password hints. This setting applies globally to all users. password_hints_allowed: bool, true, def, true; - /// Show password hint |> Controls whether a password hint should be shown directly in the web page - /// if SMTP service is not configured. Not recommended for publicly-accessible instances as this - /// provides unauthenticated access to potentially sensitive data. + /// Show password hint (Know the risks!) |> Controls whether a password hint should be shown directly in the web page + /// if SMTP service is not configured and password hints are allowed. Not recommended for publicly-accessible instances + /// because this provides unauthenticated access to potentially sensitive data. show_password_hint: bool, true, def, false; /// Admin token/Argon2 PHC |> The plain text token or Argon2 PHC string used to authenticate in this very same page. Changing it here will not deauthorize the current session! diff --git a/src/db/models/group.rs b/src/db/models/group.rs index 66ad338a..e226512d 100644 --- a/src/db/models/group.rs +++ b/src/db/models/group.rs @@ -1,4 +1,4 @@ -use super::{User, UserOrgType, UserOrganization}; +use super::{User, UserOrganization}; use crate::api::EmptyResult; use crate::db::DbConn; use crate::error::MapResult; @@ -73,7 +73,7 @@ impl Group { }) } - pub async fn to_json_details(&self, user_org_type: &i32, conn: &mut DbConn) -> Value { + pub async fn to_json_details(&self, conn: &mut DbConn) -> Value { let collections_groups: Vec<Value> = CollectionGroup::find_by_group(&self.uuid, conn) .await .iter() @@ -82,7 +82,7 @@ impl Group { "id": entry.collections_uuid, "readOnly": entry.read_only, "hidePasswords": entry.hide_passwords, - "manage": *user_org_type >= UserOrgType::Admin || (*user_org_type == UserOrgType::Manager && !entry.read_only && !entry.hide_passwords) + "manage": false }) }) .collect(); |