Added web-vault v2.21.x support + some misc fixes

- The new web-vault v2.21.0+ has support for Master Password Reset. For
this to work it generates a public/private key-pair which needs to be
stored in the database. Currently the Master Password Reset is not
fixed, but there are endpoints which are needed even if we do not
support this feature (yet). This PR fixes those endpoints, and stores
the keys already in the database.

- There was an issue when you want to do a key-rotate when you change
your password, it also called an Emergency Access endpoint, which we do
not yet support. Because this endpoint failed to reply correctly
produced some errors, and also prevent the user from being forced to
logout. This resolves #1826 by adding at least that endpoint.

Because of that extra endpoint check to Emergency Access is done using
an old user stamp, i also modified the stamp exception to allow multiple
rocket routes to be called, and added an expiration timestamp to it.

During these tests i stumbled upon an issue that after my key-change was
done, it triggered the websockets to try and reload my ciphers, because
they were updated. This shouldn't happen when rotating they keys, since
all access should be invalided. Now there will be no websocket
notification for this, which also prevents error toasts.

- Increased Send Size limit to 500MB (with a litle overhead)

As a side note, i tested these changes on both v2.20.4 and v2.21.1 web-vault versions, all keeps working.

5 files changed, 37 insertions, 23 deletions

diff --git a/src/db/models/organization.rs b/src/db/models/organization.rs
index e0c87977..f628d95f 100644
--- a/src/db/models/organization.rs
+++ b/src/db/models/organization.rs
@@ -12,6 +12,8 @@ db_object! {
         pub uuid: String,
         pub name: String,
         pub billing_email: String,
+        pub private_key: Option<String>,
+        pub public_key: Option<String>,
     }
 
     #[derive(Identifiable, Queryable, Insertable, AsChangeset)]
@@ -122,12 +124,13 @@ impl PartialOrd<UserOrgType> for i32 {
 
 /// Local methods
 impl Organization {
-    pub fn new(name: String, billing_email: String) -> Self {
+    pub fn new(name: String, billing_email: String, private_key: Option<String>, public_key: Option<String>) -> Self {
         Self {
             uuid: crate::util::get_uuid(),
-
             name,
             billing_email,
+            private_key,
+            public_key,
         }
     }
 
@@ -140,14 +143,16 @@ impl Organization {
             "MaxCollections": 10, // The value doesn't matter, we don't check server-side
             "MaxStorageGb": 10, // The value doesn't matter, we don't check server-side
             "Use2fa": true,
-            "UseDirectory": false,
-            "UseEvents": false,
-            "UseGroups": false,
+            "UseDirectory": false, // Is supported, but this value isn't checked anywhere (yet)
+            "UseEvents": false, // not supported by us
+            "UseGroups": false, // not supported by us
             "UseTotp": true,
             "UsePolicies": true,
             "UseSso": false, // We do not support SSO
             "SelfHost": true,
             "UseApi": false, // not supported by us
+            "HasPublicAndPrivateKeys": self.private_key.is_some() && self.public_key.is_some(),
+            "ResetPasswordEnrolled": false, // not supported by us
 
             "BusinessName": null,
             "BusinessAddress1": null,
@@ -269,13 +274,15 @@ impl UserOrganization {
             "UsersGetPremium": true,
 
             "Use2fa": true,
-            "UseDirectory": false,
-            "UseEvents": false,
-            "UseGroups": false,
+            "UseDirectory": false, // Is supported, but this value isn't checked anywhere (yet)
+            "UseEvents": false, // not supported by us
+            "UseGroups": false, // not supported by us
             "UseTotp": true,
             "UsePolicies": true,
             "UseApi": false, // not supported by us
             "SelfHost": true,
+            "HasPublicAndPrivateKeys": org.private_key.is_some() && org.public_key.is_some(),
+            "ResetPasswordEnrolled": false, // not supported by us
             "SsoBound": false, // We do not support SSO
             "UseSso": false, // We do not support SSO
             // TODO: Add support for Business Portal
@@ -293,10 +300,12 @@ impl UserOrganization {
             //     "AccessReports": false,
             //     "ManageAllCollections": false,
             //     "ManageAssignedCollections": false,
+            //     "ManageCiphers": false,
             //     "ManageGroups": false,
             //     "ManagePolicies": false,
+            //     "ManageResetPassword": false,
             //     "ManageSso": false,
-            //     "ManageUsers": false
+            //     "ManageUsers": false,
             // },
 
             "MaxStorageGb": 10, // The value doesn't matter, we don't check server-side
diff --git a/src/db/models/user.rs b/src/db/models/user.rs
index 5b2e1131..b370d356 100644
--- a/src/db/models/user.rs
+++ b/src/db/models/user.rs
@@ -1,4 +1,4 @@
-use chrono::{NaiveDateTime, Utc};
+use chrono::{Duration, NaiveDateTime, Utc};
 use serde_json::Value;
 
 use crate::crypto;
@@ -63,8 +63,9 @@ enum UserStatus {
 
 #[derive(Serialize, Deserialize)]
 pub struct UserStampException {
-    pub route: String,
+    pub routes: Vec<String>,
     pub security_stamp: String,
+    pub expire: i64,
 }
 
 /// Local methods
@@ -135,9 +136,11 @@ impl User {
     /// # Arguments
     ///
     /// * `password` - A str which contains a hashed version of the users master password.
-    /// * `allow_next_route` - A Option<&str> with the function name of the next allowed (rocket) route.
+    /// * `allow_next_route` - A Option<Vec<String>> with the function names of the next allowed (rocket) routes.
+    ///                       These routes are able to use the previous stamp id for the next 2 minutes.
+    ///                       After these 2 minutes this stamp will expire.
     ///
-    pub fn set_password(&mut self, password: &str, allow_next_route: Option<&str>) {
+    pub fn set_password(&mut self, password: &str, allow_next_route: Option<Vec<String>>) {
         self.password_hash = crypto::hash_password(password.as_bytes(), &self.salt, self.password_iterations as u32);
 
         if let Some(route) = allow_next_route {
@@ -154,24 +157,20 @@ impl User {
     /// Set the stamp_exception to only allow a subsequent request matching a specific route using the current security-stamp.
     ///
     /// # Arguments
-    /// * `route_exception` - A str with the function name of the next allowed (rocket) route.
+    /// * `route_exception` - A Vec<String> with the function names of the next allowed (rocket) routes.
+    ///                       These routes are able to use the previous stamp id for the next 2 minutes.
+    ///                       After these 2 minutes this stamp will expire.
     ///
-    /// ### Future
-    /// In the future it could be posible that we need more of these exception routes.
-    /// In that case we could use an Vec<UserStampException> and add multiple exceptions.
-    pub fn set_stamp_exception(&mut self, route_exception: &str) {
+    pub fn set_stamp_exception(&mut self, route_exception: Vec<String>) {
         let stamp_exception = UserStampException {
-            route: route_exception.to_string(),
+            routes: route_exception,
             security_stamp: self.security_stamp.to_string(),
+            expire: (Utc::now().naive_utc() + Duration::minutes(2)).timestamp(),
         };
         self.stamp_exception = Some(serde_json::to_string(&stamp_exception).unwrap_or_default());
     }
 
     /// Resets the stamp_exception to prevent re-use of the previous security-stamp
-    ///
-    /// ### Future
-    /// In the future it could be posible that we need more of these exception routes.
-    /// In that case we could use an Vec<UserStampException> and add multiple exceptions.
     pub fn reset_stamp_exception(&mut self) {
         self.stamp_exception = None;
     }
diff --git a/src/db/schemas/mysql/schema.rs b/src/db/schemas/mysql/schema.rs
index ad1ddbc1..149d2267 100644
--- a/src/db/schemas/mysql/schema.rs
+++ b/src/db/schemas/mysql/schema.rs
@@ -100,6 +100,8 @@ table! {
         uuid -> Text,
         name -> Text,
         billing_email -> Text,
+        private_key -> Nullable<Text>,
+        public_key -> Nullable<Text>,
     }
 }
 
diff --git a/src/db/schemas/postgresql/schema.rs b/src/db/schemas/postgresql/schema.rs
index 8964da89..8feb2eb2 100644
--- a/src/db/schemas/postgresql/schema.rs
+++ b/src/db/schemas/postgresql/schema.rs
@@ -100,6 +100,8 @@ table! {
         uuid -> Text,
         name -> Text,
         billing_email -> Text,
+        private_key -> Nullable<Text>,
+        public_key -> Nullable<Text>,
     }
 }
 
diff --git a/src/db/schemas/sqlite/schema.rs b/src/db/schemas/sqlite/schema.rs
index 8964da89..8feb2eb2 100644
--- a/src/db/schemas/sqlite/schema.rs
+++ b/src/db/schemas/sqlite/schema.rs
@@ -100,6 +100,8 @@ table! {
         uuid -> Text,
         name -> Text,
         billing_email -> Text,
+        private_key -> Nullable<Text>,
+        public_key -> Nullable<Text>,
     }
 }