diff options
author | Daniel GarcĂa <[email protected]> | 2023-10-23 00:18:14 +0200 |
---|---|---|
committer | GitHub <[email protected]> | 2023-10-23 00:18:14 +0200 |
commit | cb4b683dcd51eff4508bcf50e34d657b8d2225d4 (patch) | |
tree | e57f1041f6161eed11cc618a80849e1f06f32b3a | |
parent | 6eaf1319227158df7724d25f53bf03f7c1a52bc1 (diff) | |
download | vaultwarden-cb4b683dcd51eff4508bcf50e34d657b8d2225d4.tar.gz vaultwarden-cb4b683dcd51eff4508bcf50e34d657b8d2225d4.zip |
Implement cipher key encryption (#3990)
-rw-r--r-- | migrations/mysql/2023-10-21-221242_add_cipher_key/down.sql | 0 | ||||
-rw-r--r-- | migrations/mysql/2023-10-21-221242_add_cipher_key/up.sql | 2 | ||||
-rw-r--r-- | migrations/postgresql/2023-10-21-221242_add_cipher_key/down.sql | 0 | ||||
-rw-r--r-- | migrations/postgresql/2023-10-21-221242_add_cipher_key/up.sql | 2 | ||||
-rw-r--r-- | migrations/sqlite/2023-10-21-221242_add_cipher_key/down.sql | 0 | ||||
-rw-r--r-- | migrations/sqlite/2023-10-21-221242_add_cipher_key/up.sql | 2 | ||||
-rw-r--r-- | src/api/core/ciphers.rs | 3 | ||||
-rw-r--r-- | src/api/core/mod.rs | 13 | ||||
-rw-r--r-- | src/db/models/cipher.rs | 5 | ||||
-rw-r--r-- | src/db/schemas/mysql/schema.rs | 1 | ||||
-rw-r--r-- | src/db/schemas/postgresql/schema.rs | 1 | ||||
-rw-r--r-- | src/db/schemas/sqlite/schema.rs | 1 |
12 files changed, 29 insertions, 1 deletions
diff --git a/migrations/mysql/2023-10-21-221242_add_cipher_key/down.sql b/migrations/mysql/2023-10-21-221242_add_cipher_key/down.sql new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/migrations/mysql/2023-10-21-221242_add_cipher_key/down.sql diff --git a/migrations/mysql/2023-10-21-221242_add_cipher_key/up.sql b/migrations/mysql/2023-10-21-221242_add_cipher_key/up.sql new file mode 100644 index 00000000..717ff374 --- /dev/null +++ b/migrations/mysql/2023-10-21-221242_add_cipher_key/up.sql @@ -0,0 +1,2 @@ +ALTER TABLE ciphers +ADD COLUMN "key" TEXT; diff --git a/migrations/postgresql/2023-10-21-221242_add_cipher_key/down.sql b/migrations/postgresql/2023-10-21-221242_add_cipher_key/down.sql new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/migrations/postgresql/2023-10-21-221242_add_cipher_key/down.sql diff --git a/migrations/postgresql/2023-10-21-221242_add_cipher_key/up.sql b/migrations/postgresql/2023-10-21-221242_add_cipher_key/up.sql new file mode 100644 index 00000000..1b060b60 --- /dev/null +++ b/migrations/postgresql/2023-10-21-221242_add_cipher_key/up.sql @@ -0,0 +1,2 @@ +ALTER TABLE ciphers +ADD COLUMN "key" TEXT; diff --git a/migrations/sqlite/2023-10-21-221242_add_cipher_key/down.sql b/migrations/sqlite/2023-10-21-221242_add_cipher_key/down.sql new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/migrations/sqlite/2023-10-21-221242_add_cipher_key/down.sql diff --git a/migrations/sqlite/2023-10-21-221242_add_cipher_key/up.sql b/migrations/sqlite/2023-10-21-221242_add_cipher_key/up.sql new file mode 100644 index 00000000..1b060b60 --- /dev/null +++ b/migrations/sqlite/2023-10-21-221242_add_cipher_key/up.sql @@ -0,0 +1,2 @@ +ALTER TABLE ciphers +ADD COLUMN "key" TEXT; diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs index 43e007ab..b9f3ef63 100644 --- a/src/api/core/ciphers.rs +++ b/src/api/core/ciphers.rs @@ -206,6 +206,8 @@ pub struct CipherData { // TODO: Some of these might appear all the time, no need for Option OrganizationId: Option<String>, + Key: Option<String>, + /* Login = 1, SecureNote = 2, @@ -483,6 +485,7 @@ pub async fn update_cipher_from_data( None => err!("Data missing"), }; + cipher.key = data.Key; cipher.name = data.Name; cipher.notes = data.Notes; cipher.fields = data.Fields.map(|f| _clean_cipher_data(f).to_string()); diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs index f1424688..62a60197 100644 --- a/src/api/core/mod.rs +++ b/src/api/core/mod.rs @@ -194,7 +194,12 @@ fn version() -> Json<&'static str> { fn config() -> Json<Value> { let domain = crate::CONFIG.domain(); Json(json!({ - "version": crate::VERSION, + // Note: The clients use this version to handle backwards compatibility concerns + // This means they expect a version that closely matches the Bitwarden server version + // We should make sure that we keep this updated when we support the new server features + // Version history: + // - Individual cipher key encryption: 2023.9.1 + "version": "2023.9.1", "gitHash": option_env!("GIT_REV"), "server": { "name": "Vaultwarden", @@ -207,6 +212,12 @@ fn config() -> Json<Value> { "notifications": format!("{domain}/notifications"), "sso": "", }, + "featureStates": { + // Any feature flags that we want the clients to use + // Can check the enabled ones at: + // https://vault.bitwarden.com/api/config + "autofill-v2": true + }, "object": "config", })) } diff --git a/src/db/models/cipher.rs b/src/db/models/cipher.rs index f76490b4..6bc98b90 100644 --- a/src/db/models/cipher.rs +++ b/src/db/models/cipher.rs @@ -23,6 +23,8 @@ db_object! { pub user_uuid: Option<String>, pub organization_uuid: Option<String>, + pub key: Option<String>, + /* Login = 1, SecureNote = 2, @@ -62,6 +64,8 @@ impl Cipher { user_uuid: None, organization_uuid: None, + key: None, + atype, name, @@ -203,6 +207,7 @@ impl Cipher { "DeletedDate": self.deleted_at.map_or(Value::Null, |d| Value::String(format_date(&d))), "Reprompt": self.reprompt.unwrap_or(RepromptType::None as i32), "OrganizationId": self.organization_uuid, + "Key": self.key, "Attachments": attachments_json, // We have UseTotp set to true by default within the Organization model. // This variable together with UsersGetPremium is used to show or hide the TOTP counter. diff --git a/src/db/schemas/mysql/schema.rs b/src/db/schemas/mysql/schema.rs index f1a001fd..d10c9fcf 100644 --- a/src/db/schemas/mysql/schema.rs +++ b/src/db/schemas/mysql/schema.rs @@ -15,6 +15,7 @@ table! { updated_at -> Datetime, user_uuid -> Nullable<Text>, organization_uuid -> Nullable<Text>, + key -> Nullable<Text>, atype -> Integer, name -> Text, notes -> Nullable<Text>, diff --git a/src/db/schemas/postgresql/schema.rs b/src/db/schemas/postgresql/schema.rs index 64786fb9..518a7c03 100644 --- a/src/db/schemas/postgresql/schema.rs +++ b/src/db/schemas/postgresql/schema.rs @@ -15,6 +15,7 @@ table! { updated_at -> Timestamp, user_uuid -> Nullable<Text>, organization_uuid -> Nullable<Text>, + key -> Nullable<Text>, atype -> Integer, name -> Text, notes -> Nullable<Text>, diff --git a/src/db/schemas/sqlite/schema.rs b/src/db/schemas/sqlite/schema.rs index 64786fb9..518a7c03 100644 --- a/src/db/schemas/sqlite/schema.rs +++ b/src/db/schemas/sqlite/schema.rs @@ -15,6 +15,7 @@ table! { updated_at -> Timestamp, user_uuid -> Nullable<Text>, organization_uuid -> Nullable<Text>, + key -> Nullable<Text>, atype -> Integer, name -> Text, notes -> Nullable<Text>, |