vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 97f9eb13200a7876d231b6f6d3e9a9498d8721b4
parent 53cc8a65af6140a1c53d4db4e21b97c0b2261b51
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Sun, 24 Oct 2021 21:50:26 +0200

Update dependencies

Diffstat:
MCargo.lock | 92+++++++++++++++++++++++++++++--------------------------------------------------
MCargo.toml | 6+++---
Msrc/api/core/two_factor/webauthn.rs | 9+++++----
3 files changed, 42 insertions(+), 65 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock @@ -74,9 +74,9 @@ checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" [[package]] name = "backtrace" -version = "0.3.61" +version = "0.3.62" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7a905d892734eea339e896738c14b9afce22b5318f64b951e70bf3844419b01" +checksum = "091bcdf2da9950f96aa522681ce805e6857f6ca8df73833d35736ab2dc78e152" dependencies = [ "addr2line", "cc", @@ -208,9 +208,9 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.7.1" +version = "3.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9df67f7bf9ef8498769f994239c45613ef0c5899415fb58e9add412d2c1a538" +checksum = "8f1e260c3a9040a7c19a12468758f4c16f31a81a1fe087482be9570ec864bb6c" [[package]] name = "byte-tools" @@ -334,22 +334,6 @@ dependencies = [ [[package]] name = "cookie_store" -version = "0.12.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3818dfca4b0cb5211a659bbcbb94225b7127407b2b135e650d717bfb78ab10d3" -dependencies = [ - "cookie 0.14.4", - "idna 0.2.3", - "log 0.4.14", - "publicsuffix 1.5.6", - "serde", - "serde_json", - "time 0.2.27", - "url 2.2.2", -] - -[[package]] -name = "cookie_store" version = "0.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "55b4ac5559dd39f7bdc516f769cb412b151585d8886d216871a8435ed7f862cd" @@ -357,7 +341,7 @@ dependencies = [ "cookie 0.15.1", "idna 0.2.3", "log 0.4.14", - "publicsuffix 2.1.1", + "publicsuffix", "serde", "serde_json", "time 0.2.27", @@ -819,9 +803,9 @@ checksum = "9b919933a397b79c37e33b77bb2aa3dc8eb6e165ad809e58ff75bc7db2e34574" [[package]] name = "h2" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c06815895acec637cd6ed6e9662c935b866d20a106f8361892893a7d9234964" +checksum = "7fd819562fcebdac5afc5c113c3ec36f902840b70fd4fc458799c8ce4607ae55" dependencies = [ "bytes 1.1.0", "fnv", @@ -838,9 +822,9 @@ dependencies = [ [[package]] name = "half" -version = "1.8.0" +version = "1.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac5956d4e63858efaec57e0d6c1c2f6a41e1487f830314a324ccd7e2223a7ca0" +checksum = "eabb4a44450da02c90444cf74558da904edde8fb4e9035a9a6a4e15445af0bd7" [[package]] name = "handlebars" @@ -930,9 +914,9 @@ dependencies = [ [[package]] name = "http-body" -version = "0.4.3" +version = "0.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "399c583b2979440c60be0821a6199eca73bc3c8dcd9d070d75ac726e2c6186e5" +checksum = "1ff4f84919677303da5f147645dbea6b1881f368d03ac84e1dc09031ebd7b2c6" dependencies = [ "bytes 1.1.0", "http", @@ -972,9 +956,9 @@ dependencies = [ [[package]] name = "hyper" -version = "0.14.13" +version = "0.14.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15d1cfb9e4f68655fa04c01f59edb405b6074a0f7118ea881e5026e4a1cd8593" +checksum = "2b91bb1f221b6ea1f1e4371216b70f40748774c2fb5971b450c07773fb92d26b" dependencies = [ "bytes 1.1.0", "futures-channel", @@ -1013,7 +997,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905" dependencies = [ "bytes 1.1.0", - "hyper 0.14.13", + "hyper 0.14.14", "native-tls", "tokio", "tokio-native-tls", @@ -1165,9 +1149,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.104" +version = "0.2.105" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b2f96d100e1cf1929e7719b7edb3b90ab5298072638fccd77be9ce942ecdfce" +checksum = "869d572136620d55835903746bcb5cdc54cb2851fd0aeec53220b4bb65ef3013" [[package]] name = "libsqlite3-sys" @@ -1536,9 +1520,9 @@ dependencies = [ [[package]] name = "object" -version = "0.26.2" +version = "0.27.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39f37e50073ccad23b6d09bcb5b263f4e76d3bb6038e4a3c08e52162ffa8abc2" +checksum = "67ac1d3f9a1d3616fd9a60c8d74296f22406a238b6a72f5cc1e6f314df4ffbf9" dependencies = [ "memchr", ] @@ -1878,15 +1862,15 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "pkg-config" -version = "0.3.20" +version = "0.3.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7c9b1041b4387893b91ee6746cddfc28516aff326a3519fb2adf820932c5e6cb" +checksum = "12295df4f294471248581bc09bef3c38a5e46f1e36d6a37353621a0c6c357e1f" [[package]] name = "ppv-lite86" -version = "0.2.14" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3ca011bd0129ff4ae15cd04c4eef202cadf6c51c21e47aba319b4e0501db741" +checksum = "ed0cfbc8191465bed66e1718596ee0b0b35d5ee1f41c5df2189d0fe8bde535ba" [[package]] name = "pq-sys" @@ -1941,16 +1925,6 @@ checksum = "66b398073e7cdd6f05934389a8f5961e3aabfa66675b6f440df4e2c793d51a4f" [[package]] name = "publicsuffix" -version = "1.5.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95b4ce31ff0a27d93c8de1849cf58162283752f065a90d508f1105fa6c9a213f" -dependencies = [ - "idna 0.2.3", - "url 2.2.2", -] - -[[package]] -name = "publicsuffix" version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "292972edad6bbecc137ab84c5e36421a4a6c979ea31d3cc73540dd04315b33e1" @@ -2179,21 +2153,21 @@ dependencies = [ [[package]] name = "reqwest" -version = "0.11.5" +version = "0.11.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51c732d463dd300362ffb44b7b125f299c23d2990411a4253824630ebc7467fb" +checksum = "66d2927ca2f685faf0fc620ac4834690d29e7abb153add10f5812eef20b5e280" dependencies = [ "async-compression", "base64 0.13.0", "bytes 1.1.0", - "cookie 0.14.4", - "cookie_store 0.12.0", + "cookie 0.15.1", + "cookie_store", "encoding_rs", "futures-core", "futures-util", "http", "http-body", - "hyper 0.14.13", + "hyper 0.14.14", "hyper-tls", "ipnet", "js-sys", @@ -3107,6 +3081,7 @@ dependencies = [ "idna 0.2.3", "matches", "percent-encoding 2.1.0", + "serde", ] [[package]] @@ -3134,7 +3109,7 @@ dependencies = [ "chrono", "chrono-tz", "cookie 0.15.1", - "cookie_store 0.15.0", + "cookie_store", "data-encoding", "data-url", "diesel", @@ -3308,9 +3283,9 @@ dependencies = [ [[package]] name = "webauthn-rs" -version = "0.3.0-alpha.12" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2f0d5ca4abfa92dc6288971feafaa7e341b9ec10b76febaea03db0fc1b58a21d" +checksum = "5275a4ed4cd88814475b5ec51b84886eb17691fd3171f565581eca91d3489a10" dependencies = [ "base64 0.13.0", "log 0.4.14", @@ -3323,6 +3298,7 @@ dependencies = [ "serde_derive", "serde_json", "thiserror", + "url 2.2.2", ] [[package]] @@ -3414,9 +3390,9 @@ checksum = "85e60b0d1b5f99db2556934e21937020776a5d31520bf169e851ac44e6420214" [[package]] name = "xml5ever" -version = "0.16.1" +version = "0.16.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b1b52e6e8614d4a58b8e70cf51ec0cc21b256ad8206708bcff8139b5bbd6a59" +checksum = "9234163818fd8e2418fcde330655e757900d4236acd8cc70fef345ef91f6d865" dependencies = [ "log 0.4.14", "mac", diff --git a/Cargo.toml b/Cargo.toml @@ -34,7 +34,7 @@ rocket = { version = "=0.5.0-dev", features = ["tls"], default-features = false rocket_contrib = "=0.5.0-dev" # HTTP client -reqwest = { version = "0.11.5", features = ["blocking", "json", "gzip", "brotli", "socks", "cookies"] } +reqwest = { version = "0.11.6", features = ["blocking", "json", "gzip", "brotli", "socks", "cookies"] } # Used for custom short lived cookie jar cookie = "0.15.1" @@ -95,7 +95,7 @@ jsonwebtoken = "7.2.0" # U2F library u2f = "0.2.0" -webauthn-rs = "0.3.0-alpha.12" +webauthn-rs = "0.3.0" # Yubico Library yubico = { version = "0.10.0", features = ["online-tokio"], default-features = false } @@ -135,7 +135,7 @@ idna = "0.2.3" pico-args = "0.4.2" # Logging panics to logfile instead stderr only -backtrace = "0.3.61" +backtrace = "0.3.62" # Macro ident concatenation paste = "1.0.5" diff --git a/src/api/core/two_factor/webauthn.rs b/src/api/core/two_factor/webauthn.rs @@ -1,6 +1,7 @@ use rocket::Route; use rocket_contrib::json::Json; use serde_json::Value; +use url::Url; use webauthn_rs::{base64_data::Base64UrlSafeData, proto::*, AuthenticationState, RegistrationState, Webauthn}; use crate::{ @@ -22,7 +23,7 @@ pub fn routes() -> Vec<Route> { struct WebauthnConfig { url: String, - origin: String, + origin: Url, rpid: String, } @@ -31,13 +32,13 @@ impl WebauthnConfig { let domain = CONFIG.domain(); let domain_origin = CONFIG.domain_origin(); Webauthn::new(Self { - rpid: reqwest::Url::parse(&domain) + rpid: Url::parse(&domain) .map(|u| u.domain().map(str::to_owned)) .ok() .flatten() .unwrap_or_default(), url: domain, - origin: domain_origin, + origin: Url::parse(&domain_origin).unwrap(), }) } } @@ -47,7 +48,7 @@ impl webauthn_rs::WebauthnConfig for WebauthnConfig { &self.url } - fn get_origin(&self) -> &str { + fn get_origin(&self) -> &Url { &self.origin }