vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit bbd630f1ee8f1f223a075a7d4b424e16cd10e6d9
parent d3a1d875d582534c14422a214d9ee9d340973dc9
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Sat,  2 Sep 2023 14:41:44 +0200

Merge pull request #3831 from BlackDex/fix-3819

Fix Login With Device without MasterPassword
Diffstat:
Amigrations/mysql/2023-09-01-170620_update_auth_request_table/down.sql | 0
Amigrations/mysql/2023-09-01-170620_update_auth_request_table/up.sql | 5+++++
Amigrations/postgresql/2023-09-01-170620_update_auth_request_table/down.sql | 0
Amigrations/postgresql/2023-09-01-170620_update_auth_request_table/up.sql | 5+++++
Amigrations/sqlite/2023-09-01-170620_update_auth_request_table/down.sql | 0
Amigrations/sqlite/2023-09-01-170620_update_auth_request_table/up.sql | 29+++++++++++++++++++++++++++++
Msrc/api/core/accounts.rs | 4++--
Msrc/db/models/auth_request.rs | 8++++----
Msrc/db/schemas/mysql/schema.rs | 5+++--
Msrc/db/schemas/postgresql/schema.rs | 5+++--
Msrc/db/schemas/sqlite/schema.rs | 4++--
11 files changed, 53 insertions(+), 12 deletions(-)

diff --git a/migrations/mysql/2023-09-01-170620_update_auth_request_table/down.sql b/migrations/mysql/2023-09-01-170620_update_auth_request_table/down.sql diff --git a/migrations/mysql/2023-09-01-170620_update_auth_request_table/up.sql b/migrations/mysql/2023-09-01-170620_update_auth_request_table/up.sql @@ -0,0 +1,5 @@ +ALTER TABLE auth_requests +MODIFY master_password_hash TEXT; + +ALTER TABLE auth_requests +MODIFY enc_key TEXT; diff --git a/migrations/postgresql/2023-09-01-170620_update_auth_request_table/down.sql b/migrations/postgresql/2023-09-01-170620_update_auth_request_table/down.sql diff --git a/migrations/postgresql/2023-09-01-170620_update_auth_request_table/up.sql b/migrations/postgresql/2023-09-01-170620_update_auth_request_table/up.sql @@ -0,0 +1,5 @@ +ALTER TABLE auth_requests +ALTER COLUMN master_password_hash DROP NOT NULL; + +ALTER TABLE auth_requests +ALTER COLUMN enc_key DROP NOT NULL; diff --git a/migrations/sqlite/2023-09-01-170620_update_auth_request_table/down.sql b/migrations/sqlite/2023-09-01-170620_update_auth_request_table/down.sql diff --git a/migrations/sqlite/2023-09-01-170620_update_auth_request_table/up.sql b/migrations/sqlite/2023-09-01-170620_update_auth_request_table/up.sql @@ -0,0 +1,29 @@ +-- Create new auth_requests table with master_password_hash as nullable column +CREATE TABLE auth_requests_new ( + uuid TEXT NOT NULL PRIMARY KEY, + user_uuid TEXT NOT NULL, + organization_uuid TEXT, + request_device_identifier TEXT NOT NULL, + device_type INTEGER NOT NULL, + request_ip TEXT NOT NULL, + response_device_id TEXT, + access_code TEXT NOT NULL, + public_key TEXT NOT NULL, + enc_key TEXT, + master_password_hash TEXT, + approved BOOLEAN, + creation_date DATETIME NOT NULL, + response_date DATETIME, + authentication_date DATETIME, + FOREIGN KEY (user_uuid) REFERENCES users (uuid), + FOREIGN KEY (organization_uuid) REFERENCES organizations (uuid) +); + +-- Transfer current data to new table +INSERT INTO auth_requests_new SELECT * FROM auth_requests; + +-- Drop the old table +DROP TABLE auth_requests; + +-- Rename the new table to the original name +ALTER TABLE auth_requests_new RENAME TO auth_requests; diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs @@ -1090,7 +1090,7 @@ async fn get_auth_request(uuid: &str, mut conn: DbConn) -> JsonResult { struct AuthResponseRequest { deviceIdentifier: String, key: String, - masterPasswordHash: String, + masterPasswordHash: Option<String>, requestApproved: bool, } @@ -1111,7 +1111,7 @@ async fn put_auth_request( }; auth_request.approved = Some(data.requestApproved); - auth_request.enc_key = data.key; + auth_request.enc_key = Some(data.key); auth_request.master_password_hash = data.masterPasswordHash; auth_request.response_device_id = Some(data.deviceIdentifier.clone()); auth_request.save(&mut conn).await?; diff --git a/src/db/models/auth_request.rs b/src/db/models/auth_request.rs @@ -20,9 +20,9 @@ db_object! { pub access_code: String, pub public_key: String, - pub enc_key: String, + pub enc_key: Option<String>, - pub master_password_hash: String, + pub master_password_hash: Option<String>, pub approved: Option<bool>, pub creation_date: NaiveDateTime, pub response_date: Option<NaiveDateTime>, @@ -53,8 +53,8 @@ impl AuthRequest { response_device_id: None, access_code, public_key, - enc_key: String::new(), - master_password_hash: String::new(), + enc_key: None, + master_password_hash: None, approved: None, creation_date: now, response_date: None, diff --git a/src/db/schemas/mysql/schema.rs b/src/db/schemas/mysql/schema.rs @@ -297,8 +297,8 @@ table! { response_device_id -> Nullable<Text>, access_code -> Text, public_key -> Text, - enc_key -> Text, - master_password_hash -> Text, + enc_key -> Nullable<Text>, + master_password_hash -> Nullable<Text>, approved -> Nullable<Bool>, creation_date -> Timestamp, response_date -> Nullable<Timestamp>, @@ -324,6 +324,7 @@ joinable!(users_collections -> collections (collection_uuid)); joinable!(users_collections -> users (user_uuid)); joinable!(users_organizations -> organizations (org_uuid)); joinable!(users_organizations -> users (user_uuid)); +joinable!(users_organizations -> ciphers (org_uuid)); joinable!(organization_api_key -> organizations (org_uuid)); joinable!(emergency_access -> users (grantor_uuid)); joinable!(groups -> organizations (organizations_uuid)); diff --git a/src/db/schemas/postgresql/schema.rs b/src/db/schemas/postgresql/schema.rs @@ -297,8 +297,8 @@ table! { response_device_id -> Nullable<Text>, access_code -> Text, public_key -> Text, - enc_key -> Text, - master_password_hash -> Text, + enc_key -> Nullable<Text>, + master_password_hash -> Nullable<Text>, approved -> Nullable<Bool>, creation_date -> Timestamp, response_date -> Nullable<Timestamp>, @@ -324,6 +324,7 @@ joinable!(users_collections -> collections (collection_uuid)); joinable!(users_collections -> users (user_uuid)); joinable!(users_organizations -> organizations (org_uuid)); joinable!(users_organizations -> users (user_uuid)); +joinable!(users_organizations -> ciphers (org_uuid)); joinable!(organization_api_key -> organizations (org_uuid)); joinable!(emergency_access -> users (grantor_uuid)); joinable!(groups -> organizations (organizations_uuid)); diff --git a/src/db/schemas/sqlite/schema.rs b/src/db/schemas/sqlite/schema.rs @@ -297,8 +297,8 @@ table! { response_device_id -> Nullable<Text>, access_code -> Text, public_key -> Text, - enc_key -> Text, - master_password_hash -> Text, + enc_key -> Nullable<Text>, + master_password_hash -> Nullable<Text>, approved -> Nullable<Bool>, creation_date -> Timestamp, response_date -> Nullable<Timestamp>,