vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit cb4b683dcd51eff4508bcf50e34d657b8d2225d4
parent 6eaf1319227158df7724d25f53bf03f7c1a52bc1
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Mon, 23 Oct 2023 00:18:14 +0200

Implement cipher key encryption (#3990)


Diffstat:
Amigrations/mysql/2023-10-21-221242_add_cipher_key/down.sql | 0
Amigrations/mysql/2023-10-21-221242_add_cipher_key/up.sql | 2++
Amigrations/postgresql/2023-10-21-221242_add_cipher_key/down.sql | 0
Amigrations/postgresql/2023-10-21-221242_add_cipher_key/up.sql | 2++
Amigrations/sqlite/2023-10-21-221242_add_cipher_key/down.sql | 0
Amigrations/sqlite/2023-10-21-221242_add_cipher_key/up.sql | 2++
Msrc/api/core/ciphers.rs | 3+++
Msrc/api/core/mod.rs | 13++++++++++++-
Msrc/db/models/cipher.rs | 5+++++
Msrc/db/schemas/mysql/schema.rs | 1+
Msrc/db/schemas/postgresql/schema.rs | 1+
Msrc/db/schemas/sqlite/schema.rs | 1+
12 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/migrations/mysql/2023-10-21-221242_add_cipher_key/down.sql b/migrations/mysql/2023-10-21-221242_add_cipher_key/down.sql diff --git a/migrations/mysql/2023-10-21-221242_add_cipher_key/up.sql b/migrations/mysql/2023-10-21-221242_add_cipher_key/up.sql @@ -0,0 +1,2 @@ +ALTER TABLE ciphers +ADD COLUMN "key" TEXT; diff --git a/migrations/postgresql/2023-10-21-221242_add_cipher_key/down.sql b/migrations/postgresql/2023-10-21-221242_add_cipher_key/down.sql diff --git a/migrations/postgresql/2023-10-21-221242_add_cipher_key/up.sql b/migrations/postgresql/2023-10-21-221242_add_cipher_key/up.sql @@ -0,0 +1,2 @@ +ALTER TABLE ciphers +ADD COLUMN "key" TEXT; diff --git a/migrations/sqlite/2023-10-21-221242_add_cipher_key/down.sql b/migrations/sqlite/2023-10-21-221242_add_cipher_key/down.sql diff --git a/migrations/sqlite/2023-10-21-221242_add_cipher_key/up.sql b/migrations/sqlite/2023-10-21-221242_add_cipher_key/up.sql @@ -0,0 +1,2 @@ +ALTER TABLE ciphers +ADD COLUMN "key" TEXT; diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs @@ -206,6 +206,8 @@ pub struct CipherData { // TODO: Some of these might appear all the time, no need for Option OrganizationId: Option<String>, + Key: Option<String>, + /* Login = 1, SecureNote = 2, @@ -483,6 +485,7 @@ pub async fn update_cipher_from_data( None => err!("Data missing"), }; + cipher.key = data.Key; cipher.name = data.Name; cipher.notes = data.Notes; cipher.fields = data.Fields.map(|f| _clean_cipher_data(f).to_string()); diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs @@ -194,7 +194,12 @@ fn version() -> Json<&'static str> { fn config() -> Json<Value> { let domain = crate::CONFIG.domain(); Json(json!({ - "version": crate::VERSION, + // Note: The clients use this version to handle backwards compatibility concerns + // This means they expect a version that closely matches the Bitwarden server version + // We should make sure that we keep this updated when we support the new server features + // Version history: + // - Individual cipher key encryption: 2023.9.1 + "version": "2023.9.1", "gitHash": option_env!("GIT_REV"), "server": { "name": "Vaultwarden", @@ -207,6 +212,12 @@ fn config() -> Json<Value> { "notifications": format!("{domain}/notifications"), "sso": "", }, + "featureStates": { + // Any feature flags that we want the clients to use + // Can check the enabled ones at: + // https://vault.bitwarden.com/api/config + "autofill-v2": true + }, "object": "config", })) } diff --git a/src/db/models/cipher.rs b/src/db/models/cipher.rs @@ -23,6 +23,8 @@ db_object! { pub user_uuid: Option<String>, pub organization_uuid: Option<String>, + pub key: Option<String>, + /* Login = 1, SecureNote = 2, @@ -62,6 +64,8 @@ impl Cipher { user_uuid: None, organization_uuid: None, + key: None, + atype, name, @@ -203,6 +207,7 @@ impl Cipher { "DeletedDate": self.deleted_at.map_or(Value::Null, |d| Value::String(format_date(&d))), "Reprompt": self.reprompt.unwrap_or(RepromptType::None as i32), "OrganizationId": self.organization_uuid, + "Key": self.key, "Attachments": attachments_json, // We have UseTotp set to true by default within the Organization model. // This variable together with UsersGetPremium is used to show or hide the TOTP counter. diff --git a/src/db/schemas/mysql/schema.rs b/src/db/schemas/mysql/schema.rs @@ -15,6 +15,7 @@ table! { updated_at -> Datetime, user_uuid -> Nullable<Text>, organization_uuid -> Nullable<Text>, + key -> Nullable<Text>, atype -> Integer, name -> Text, notes -> Nullable<Text>, diff --git a/src/db/schemas/postgresql/schema.rs b/src/db/schemas/postgresql/schema.rs @@ -15,6 +15,7 @@ table! { updated_at -> Timestamp, user_uuid -> Nullable<Text>, organization_uuid -> Nullable<Text>, + key -> Nullable<Text>, atype -> Integer, name -> Text, notes -> Nullable<Text>, diff --git a/src/db/schemas/sqlite/schema.rs b/src/db/schemas/sqlite/schema.rs @@ -15,6 +15,7 @@ table! { updated_at -> Timestamp, user_uuid -> Nullable<Text>, organization_uuid -> Nullable<Text>, + key -> Nullable<Text>, atype -> Integer, name -> Text, notes -> Nullable<Text>,