vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README
commit b5a057f063431210d6640786fef097589e9fb049
parent e7e0717f5b31a292aed9144f9df2b9b31d82c35c
Author: Miroslav Prasil <miroslav@prasil.info>
Date:   Fri, 10 Aug 2018 21:43:16 +0100

Merge branch 'master' into beta

Diffstat:

M.env | 3+++


Msrc/api/core/accounts.rs | 25++++++++++++++++++++++++-


Msrc/api/core/mod.rs | 1+


Msrc/main.rs | 3+++


4 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/.env b/.env
@@ -27,6 +27,9 @@
 ## The change only applies when the password is changed
 # PASSWORD_ITERATIONS=100000
 
+## Whether password hint should be sent into the error response when the client request it
+# SHOW_PASSWORD_HINT=true
+
 ## Domain settings
 ## The domain must match the address from where you access the server
 ## Unless you are using U2F, or having problems with attachments not downloading, there is no need to change this
diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs
@@ -244,6 +244,29 @@ fn delete_account(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn
 
 #[get("/accounts/revision-date")]
 fn revision_date(headers: Headers) -> String {
-    let revision_date = headers.user.updated_at.timestamp();
+    let revision_date = headers.user.updated_at.timestamp_millis();
     revision_date.to_string()
 }
+
+#[derive(Deserialize)]
+#[allow(non_snake_case)]
+struct PasswordHintData {
+    Email: String,
+}
+
+#[post("/accounts/password-hint", data = "<data>")]
+fn password_hint(data: JsonUpcase<PasswordHintData>, conn: DbConn) -> EmptyResult {
+    let data: PasswordHintData = data.into_inner().data;
+
+    if !CONFIG.show_password_hint {
+        return Ok(())
+    }
+
+    match User::find_by_mail(&data.Email, &conn) {
+        Some(user) => {
+            let hint = user.password_hint.to_owned().unwrap_or_default();
+            err!(format!("Your password hint is: {}", hint))
+        },
+        None => Ok(()),
+    }
+}
diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs
@@ -23,6 +23,7 @@ pub fn routes() -> Vec<Route> {
         post_email,
         delete_account,
         revision_date,
+        password_hint,
 
         sync,
 
diff --git a/src/main.rs b/src/main.rs
@@ -170,6 +170,7 @@ pub struct Config {
     local_icon_extractor: bool,
     signups_allowed: bool,
     password_iterations: i32,
+    show_password_hint: bool,
     domain: String,
     domain_set: bool,
 }
@@ -198,6 +199,8 @@ impl Config {
             local_icon_extractor: util::parse_option_string(env::var("LOCAL_ICON_EXTRACTOR").ok()).unwrap_or(false),
             signups_allowed: util::parse_option_string(env::var("SIGNUPS_ALLOWED").ok()).unwrap_or(true),
             password_iterations: util::parse_option_string(env::var("PASSWORD_ITERATIONS").ok()).unwrap_or(100_000),
+            show_password_hint: util::parse_option_string(env::var("SHOW_PASSWORD_HINT").ok()).unwrap_or(true),
+
             domain_set: domain.is_ok(),
             domain: domain.unwrap_or("http://localhost".into()),
         }