From f8906c5575e769dc195a79b4d56a5a3e72d7edef Mon Sep 17 00:00:00 2001 From: toto-xoxo <85445598+toto-xoxo@users.noreply.github.com> Date: Fri, 4 Aug 2023 17:00:22 +0200 Subject: [PATCH 01/11] add selection of data region for push --- .env.template | 2 ++ src/api/push.rs | 2 +- src/config.rs | 22 ++++++++++++++++++++-- 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/.env.template b/.env.template index 3c177a2608..029ab36b13 100644 --- a/.env.template +++ b/.env.template @@ -80,8 +80,10 @@ # PUSH_ENABLED=true # PUSH_INSTALLATION_ID=CHANGEME # PUSH_INSTALLATION_KEY=CHANGEME +# PUSH_RELAY_REGION=us ## Don't change this unless you know what you're doing. # PUSH_RELAY_URI=https://push.bitwarden.com +# IDENTITY_URI=https://identity.bitwarden.com ## Controls whether users are allowed to create Bitwarden Sends. ## This setting applies globally to all users. diff --git a/src/api/push.rs b/src/api/push.rs index 3b0a573bee..b6c52abbf0 100644 --- a/src/api/push.rs +++ b/src/api/push.rs @@ -50,7 +50,7 @@ async fn get_auth_push_token() -> ApiResult { ("client_secret", &client_secret), ]; - let res = match get_reqwest_client().post("https://identity.bitwarden.com/connect/token").form(¶ms).send().await + let res = match get_reqwest_client().post(CONFIG.identity_uri()).form(¶ms).send().await { Ok(r) => r, Err(e) => err!(format!("Error getting push token from bitwarden server: {e}")), diff --git a/src/config.rs b/src/config.rs index 041e89a731..758aff83cf 100644 --- a/src/config.rs +++ b/src/config.rs @@ -380,8 +380,26 @@ make_config! { push { /// Enable push notifications push_enabled: bool, false, def, false; - /// Push relay base uri - push_relay_uri: String, false, def, "https://push.bitwarden.com".to_string(); + /// Push relay region |> The data region from https://bitwarden.com/host + push_relay_region: String, false, def, "us".to_string(); + /// Push relay uri + push_relay_uri: String, false, auto, |c| { + let relay_region = match c.push_relay_region.as_str() { + "us" => "com", + "eu" => "eu", + _ => "com", // Default to US if the region is not recognized + }; + format!("https://push.bitwarden.{}", relay_region) + }; + /// Identity uri + identity_uri: String, false, auto, |c| { + let relay_region = match c.push_relay_region.as_str() { + "us" => "com", + "eu" => "eu", + _ => "com", // Default to US if the region is not recognized + }; + format!("https://identity.bitwarden.{}", relay_region) + }; /// Installation id |> The installation id from https://bitwarden.com/host push_installation_id: Pass, false, def, String::new(); /// Installation key |> The installation key from https://bitwarden.com/host From 6c9c97d17ea89edafb6f9052902a227ce8dca377 Mon Sep 17 00:00:00 2001 From: toto-xoxo <85445598+toto-xoxo@users.noreply.github.com> Date: Fri, 4 Aug 2023 19:56:46 +0200 Subject: [PATCH 02/11] fix cargo check + rewrite config + add check url --- .env.template | 3 --- src/api/push.rs | 3 +-- src/config.rs | 46 +++++++++++++++++++++++++++++++++------------- 3 files changed, 34 insertions(+), 18 deletions(-) diff --git a/.env.template b/.env.template index 029ab36b13..0a7cbed34a 100644 --- a/.env.template +++ b/.env.template @@ -81,9 +81,6 @@ # PUSH_INSTALLATION_ID=CHANGEME # PUSH_INSTALLATION_KEY=CHANGEME # PUSH_RELAY_REGION=us -## Don't change this unless you know what you're doing. -# PUSH_RELAY_URI=https://push.bitwarden.com -# IDENTITY_URI=https://identity.bitwarden.com ## Controls whether users are allowed to create Bitwarden Sends. ## This setting applies globally to all users. diff --git a/src/api/push.rs b/src/api/push.rs index b6c52abbf0..31fe97aa6f 100644 --- a/src/api/push.rs +++ b/src/api/push.rs @@ -50,8 +50,7 @@ async fn get_auth_push_token() -> ApiResult { ("client_secret", &client_secret), ]; - let res = match get_reqwest_client().post(CONFIG.identity_uri()).form(¶ms).send().await - { + let res = match get_reqwest_client().post(CONFIG.push_identity_uri()).form(¶ms).send().await { Ok(r) => r, Err(e) => err!(format!("Error getting push token from bitwarden server: {e}")), }; diff --git a/src/config.rs b/src/config.rs index 758aff83cf..87635e8183 100644 --- a/src/config.rs +++ b/src/config.rs @@ -380,25 +380,25 @@ make_config! { push { /// Enable push notifications push_enabled: bool, false, def, false; - /// Push relay region |> The data region from https://bitwarden.com/host + /// Push relay region push_relay_region: String, false, def, "us".to_string(); /// Push relay uri push_relay_uri: String, false, auto, |c| { - let relay_region = match c.push_relay_region.as_str() { - "us" => "com", - "eu" => "eu", - _ => "com", // Default to US if the region is not recognized + let push_relay_uri = match c.push_relay_region.as_str() { + "us" => "https://push.bitwarden.com".to_string(), + "eu" => "https://push.bitwarden.eu".to_string(), + _ => "https://push.bitwarden.com".to_string(), // Default to "us" region }; - format!("https://push.bitwarden.{}", relay_region) + return push_relay_uri; }; - /// Identity uri - identity_uri: String, false, auto, |c| { - let relay_region = match c.push_relay_region.as_str() { - "us" => "com", - "eu" => "eu", - _ => "com", // Default to US if the region is not recognized + /// Push identity uri + push_identity_uri: String, false, auto, |c| { + let push_identity_uri = match c.push_relay_region.as_str() { + "us" => "https://identity.bitwarden.com".to_string(), + "eu" => "https://identity.bitwarden.eu".to_string(), + _ => "https://identity.bitwarden.com".to_string(), // Default to "us" region }; - format!("https://identity.bitwarden.{}", relay_region) + return push_identity_uri; }; /// Installation id |> The installation id from https://bitwarden.com/host push_installation_id: Pass, false, def, String::new(); @@ -769,6 +769,26 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> { ) } + if cfg.push_enabled { + let push_relay_uri = cfg.push_relay_uri.to_lowercase(); + if !push_relay_uri.starts_with("https://") { + err!("`PUSH_RELAY_URI` must start with 'https://'.") + } + + if let Err(_) = Url::parse(&push_relay_uri) { + err!("Invalid URL format for `PUSH_RELAY_URI`."); + } + + let push_identity_uri = cfg.push_identity_uri.to_lowercase(); + if !push_identity_uri.starts_with("https://") { + err!("`PUSH_IDENTITY_URI` must start with 'https://'.") + } + + if let Err(_) = Url::parse(&push_identity_uri) { + err!("Invalid URL format for `PUSH_IDENTITY_URI`."); + } + } + if cfg._enable_duo && (cfg.duo_host.is_some() || cfg.duo_ikey.is_some() || cfg.duo_skey.is_some()) && !(cfg.duo_host.is_some() && cfg.duo_ikey.is_some() && cfg.duo_skey.is_some()) From 4e6cb2a871198b8325a52733b974fb1ec57b09e4 Mon Sep 17 00:00:00 2001 From: toto-xoxo <85445598+toto-xoxo@users.noreply.github.com> Date: Fri, 4 Aug 2023 20:19:15 +0200 Subject: [PATCH 03/11] fix clippy error --- src/config.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/config.rs b/src/config.rs index 87635e8183..900c85d0e9 100644 --- a/src/config.rs +++ b/src/config.rs @@ -389,7 +389,7 @@ make_config! { "eu" => "https://push.bitwarden.eu".to_string(), _ => "https://push.bitwarden.com".to_string(), // Default to "us" region }; - return push_relay_uri; + push_relay_uri }; /// Push identity uri push_identity_uri: String, false, auto, |c| { @@ -398,7 +398,7 @@ make_config! { "eu" => "https://identity.bitwarden.eu".to_string(), _ => "https://identity.bitwarden.com".to_string(), // Default to "us" region }; - return push_identity_uri; + push_identity_uri }; /// Installation id |> The installation id from https://bitwarden.com/host push_installation_id: Pass, false, def, String::new(); @@ -775,7 +775,7 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> { err!("`PUSH_RELAY_URI` must start with 'https://'.") } - if let Err(_) = Url::parse(&push_relay_uri) { + if Url::parse(&push_relay_uri).is_err() { err!("Invalid URL format for `PUSH_RELAY_URI`."); } @@ -784,7 +784,7 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> { err!("`PUSH_IDENTITY_URI` must start with 'https://'.") } - if let Err(_) = Url::parse(&push_identity_uri) { + if Url::parse(&push_identity_uri).is_err() { err!("Invalid URL format for `PUSH_IDENTITY_URI`."); } } From 1fdc8e274504acac38dbcbfa4d67e4430250f4ca Mon Sep 17 00:00:00 2001 From: toto-xoxo <85445598+toto-xoxo@users.noreply.github.com> Date: Thu, 23 Nov 2023 14:01:36 +0100 Subject: [PATCH 04/11] add comment in .env.template, adapt config.rs --- .env.template | 7 +++++-- src/config.rs | 20 ++------------------ 2 files changed, 7 insertions(+), 20 deletions(-) diff --git a/.env.template b/.env.template index 0a7cbed34a..1705cc805e 100644 --- a/.env.template +++ b/.env.template @@ -77,10 +77,13 @@ # WEBSOCKET_PORT=3012 ## Enables push notifications (requires key and id from https://bitwarden.com/host) +## If you choose "European Union" Data Region, uncomment PUSH_RELAY_URI and PUSH_IDENTITY_URI then replace .com by .eu # PUSH_ENABLED=true # PUSH_INSTALLATION_ID=CHANGEME # PUSH_INSTALLATION_KEY=CHANGEME -# PUSH_RELAY_REGION=us +## Don't change this unless you know what you're doing. +# PUSH_RELAY_URI=https://push.bitwarden.com +# PUSH_IDENTITY_URI=https://identity.bitwarden.com ## Controls whether users are allowed to create Bitwarden Sends. ## This setting applies globally to all users. @@ -450,4 +453,4 @@ ## HaveIBeenPwned API Key, request it here: https://haveibeenpwned.com/API/Key # HIBP_API_KEY= -# vim: syntax=ini +# vim: syntax=ini \ No newline at end of file diff --git a/src/config.rs b/src/config.rs index 900c85d0e9..4b382ee556 100644 --- a/src/config.rs +++ b/src/config.rs @@ -380,26 +380,10 @@ make_config! { push { /// Enable push notifications push_enabled: bool, false, def, false; - /// Push relay region - push_relay_region: String, false, def, "us".to_string(); /// Push relay uri - push_relay_uri: String, false, auto, |c| { - let push_relay_uri = match c.push_relay_region.as_str() { - "us" => "https://push.bitwarden.com".to_string(), - "eu" => "https://push.bitwarden.eu".to_string(), - _ => "https://push.bitwarden.com".to_string(), // Default to "us" region - }; - push_relay_uri - }; + push_relay_uri: String, false, def, "https://push.bitwarden.com".to_string(); /// Push identity uri - push_identity_uri: String, false, auto, |c| { - let push_identity_uri = match c.push_relay_region.as_str() { - "us" => "https://identity.bitwarden.com".to_string(), - "eu" => "https://identity.bitwarden.eu".to_string(), - _ => "https://identity.bitwarden.com".to_string(), // Default to "us" region - }; - push_identity_uri - }; + push_identity_uri: String, false, def, "https://identity.bitwarden.com".to_string(); /// Installation id |> The installation id from https://bitwarden.com/host push_installation_id: Pass, false, def, String::new(); /// Installation key |> The installation key from https://bitwarden.com/host From e08e059b988608477476454050a927702f8577f6 Mon Sep 17 00:00:00 2001 From: THONY <85445598+toto-xoxo@users.noreply.github.com> Date: Thu, 23 Nov 2023 14:50:00 +0100 Subject: [PATCH 05/11] Update .env.template Co-authored-by: William Desportes --- .env.template | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.env.template b/.env.template index 1705cc805e..68c436e8fd 100644 --- a/.env.template +++ b/.env.template @@ -30,10 +30,6 @@ ## Define the size of the connection pool used for connecting to the database. # DATABASE_MAX_CONNS=10 -## Database timeout -## Timeout when acquiring database connection -# DATABASE_TIMEOUT=30 - ## Database connection initialization ## Allows SQL statements to be run whenever a new database connection is created. ## This is mainly useful for connection-scoped pragmas. From 85244a4ac9a4e89b3a8df487df62d996d9f72dc3 Mon Sep 17 00:00:00 2001 From: THONY <85445598+toto-xoxo@users.noreply.github.com> Date: Thu, 23 Nov 2023 14:55:22 +0100 Subject: [PATCH 06/11] Update .env.template Co-authored-by: William Desportes --- .env.template | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.env.template b/.env.template index 68c436e8fd..8aad043657 100644 --- a/.env.template +++ b/.env.template @@ -95,10 +95,6 @@ ## Disabled by default. Also check the EVENT_CLEANUP_SCHEDULE and EVENTS_DAYS_RETAIN settings. # ORG_EVENTS_ENABLED=false -## Controls whether users can change their email. -## This setting applies globally to all users -# EMAIL_CHANGE_ALLOWED=true - ## Number of days to retain events stored in the database. ## If unset (the default), events are kept indefinitely and the scheduled job is disabled! # EVENTS_DAYS_RETAIN= From 27536dedda477b93074ff0acdae8fe7e62f73bfe Mon Sep 17 00:00:00 2001 From: toto-xoxo <85445598+toto-xoxo@users.noreply.github.com> Date: Thu, 23 Nov 2023 15:19:30 +0100 Subject: [PATCH 07/11] Revert "Update .env.template" This reverts commit 5bed974ba7b9f481792d2228834585f053d47dc3. --- .env.template | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.env.template b/.env.template index 8aad043657..68c436e8fd 100644 --- a/.env.template +++ b/.env.template @@ -95,6 +95,10 @@ ## Disabled by default. Also check the EVENT_CLEANUP_SCHEDULE and EVENTS_DAYS_RETAIN settings. # ORG_EVENTS_ENABLED=false +## Controls whether users can change their email. +## This setting applies globally to all users +# EMAIL_CHANGE_ALLOWED=true + ## Number of days to retain events stored in the database. ## If unset (the default), events are kept indefinitely and the scheduled job is disabled! # EVENTS_DAYS_RETAIN= From 802998b6fb96eb5f9281bd411fcb64a187b689d3 Mon Sep 17 00:00:00 2001 From: toto-xoxo <85445598+toto-xoxo@users.noreply.github.com> Date: Thu, 23 Nov 2023 15:20:04 +0100 Subject: [PATCH 08/11] Revert "Update .env.template" This reverts commit 0760eff95dfaf2a9cf97bb25f6cf7660bdf55173. --- .env.template | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.env.template b/.env.template index 68c436e8fd..1705cc805e 100644 --- a/.env.template +++ b/.env.template @@ -30,6 +30,10 @@ ## Define the size of the connection pool used for connecting to the database. # DATABASE_MAX_CONNS=10 +## Database timeout +## Timeout when acquiring database connection +# DATABASE_TIMEOUT=30 + ## Database connection initialization ## Allows SQL statements to be run whenever a new database connection is created. ## This is mainly useful for connection-scoped pragmas. From 826f866841a9bb9b9905a6dfa870ae46e46b240f Mon Sep 17 00:00:00 2001 From: toto-xoxo <85445598+toto-xoxo@users.noreply.github.com> Date: Thu, 23 Nov 2023 15:34:56 +0100 Subject: [PATCH 09/11] fix /connect/token to push identity --- src/api/push.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/api/push.rs b/src/api/push.rs index 31fe97aa6f..c39a17b4af 100644 --- a/src/api/push.rs +++ b/src/api/push.rs @@ -50,7 +50,7 @@ async fn get_auth_push_token() -> ApiResult { ("client_secret", &client_secret), ]; - let res = match get_reqwest_client().post(CONFIG.push_identity_uri()).form(¶ms).send().await { + let res = match get_reqwest_client().post(&format!("{}/connect/token", CONFIG.push_identity_uri())).form(¶ms).send().await { Ok(r) => r, Err(e) => err!(format!("Error getting push token from bitwarden server: {e}")), }; From 71478da60bde29eb5b653a0d465f37feccbaa969 Mon Sep 17 00:00:00 2001 From: toto-xoxo <85445598+toto-xoxo@users.noreply.github.com> Date: Thu, 23 Nov 2023 15:42:57 +0100 Subject: [PATCH 10/11] fix /connect/token to push identity --- src/api/push.rs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/api/push.rs b/src/api/push.rs index c39a17b4af..7497b2490c 100644 --- a/src/api/push.rs +++ b/src/api/push.rs @@ -50,7 +50,12 @@ async fn get_auth_push_token() -> ApiResult { ("client_secret", &client_secret), ]; - let res = match get_reqwest_client().post(&format!("{}/connect/token", CONFIG.push_identity_uri())).form(¶ms).send().await { + let res = match get_reqwest_client() + .post(&format!("{}/connect/token", CONFIG.push_identity_uri())) + .form(¶ms) + .send() + .await + { Ok(r) => r, Err(e) => err!(format!("Error getting push token from bitwarden server: {e}")), }; From 9f619a54eef74970cc7a0580c3d7ab43994a4f76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garc=C3=ADa?= Date: Mon, 1 Jan 2024 15:57:03 +0100 Subject: [PATCH 11/11] Fixed formatting when solving merge conflicts --- src/config.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/config.rs b/src/config.rs index 87180ce853..116adc9804 100644 --- a/src/config.rs +++ b/src/config.rs @@ -775,7 +775,7 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> { err!("Invalid URL format for `PUSH_IDENTITY_URI`."); } } - + const KNOWN_FLAGS: &[&str] = &["autofill-overlay", "autofill-v2", "browser-fileless-import", "fido2-vault-credentials"]; for flag in parse_experimental_client_feature_flags(&cfg.experimental_client_feature_flags).keys() {