vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README
commit cb4b683dcd51eff4508bcf50e34d657b8d2225d4
parent 6eaf1319227158df7724d25f53bf03f7c1a52bc1
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Mon, 23 Oct 2023 00:18:14 +0200

Implement cipher key encryption (#3990)


Diffstat:

Amigrations/mysql/2023-10-21-221242_add_cipher_key/down.sql | 0


Amigrations/mysql/2023-10-21-221242_add_cipher_key/up.sql | 2++


Amigrations/postgresql/2023-10-21-221242_add_cipher_key/down.sql | 0


Amigrations/postgresql/2023-10-21-221242_add_cipher_key/up.sql | 2++


Amigrations/sqlite/2023-10-21-221242_add_cipher_key/down.sql | 0


Amigrations/sqlite/2023-10-21-221242_add_cipher_key/up.sql | 2++


Msrc/api/core/ciphers.rs | 3+++


Msrc/api/core/mod.rs | 13++++++++++++-


Msrc/db/models/cipher.rs | 5+++++


Msrc/db/schemas/mysql/schema.rs | 1+


Msrc/db/schemas/postgresql/schema.rs | 1+


Msrc/db/schemas/sqlite/schema.rs | 1+


12 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/migrations/mysql/2023-10-21-221242_add_cipher_key/down.sql b/migrations/mysql/2023-10-21-221242_add_cipher_key/down.sql
diff --git a/migrations/mysql/2023-10-21-221242_add_cipher_key/up.sql b/migrations/mysql/2023-10-21-221242_add_cipher_key/up.sql
@@ -0,0 +1,2 @@
+ALTER TABLE ciphers 
+ADD COLUMN "key" TEXT;
diff --git a/migrations/postgresql/2023-10-21-221242_add_cipher_key/down.sql b/migrations/postgresql/2023-10-21-221242_add_cipher_key/down.sql
diff --git a/migrations/postgresql/2023-10-21-221242_add_cipher_key/up.sql b/migrations/postgresql/2023-10-21-221242_add_cipher_key/up.sql
@@ -0,0 +1,2 @@
+ALTER TABLE ciphers
+ADD COLUMN "key" TEXT;
diff --git a/migrations/sqlite/2023-10-21-221242_add_cipher_key/down.sql b/migrations/sqlite/2023-10-21-221242_add_cipher_key/down.sql
diff --git a/migrations/sqlite/2023-10-21-221242_add_cipher_key/up.sql b/migrations/sqlite/2023-10-21-221242_add_cipher_key/up.sql
@@ -0,0 +1,2 @@
+ALTER TABLE ciphers
+ADD COLUMN "key" TEXT;
diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs
@@ -206,6 +206,8 @@ pub struct CipherData {
     // TODO: Some of these might appear all the time, no need for Option
     OrganizationId: Option<String>,
 
+    Key: Option<String>,
+
     /*
     Login = 1,
     SecureNote = 2,
@@ -483,6 +485,7 @@ pub async fn update_cipher_from_data(
         None => err!("Data missing"),
     };
 
+    cipher.key = data.Key;
     cipher.name = data.Name;
     cipher.notes = data.Notes;
     cipher.fields = data.Fields.map(|f| _clean_cipher_data(f).to_string());
diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs
@@ -194,7 +194,12 @@ fn version() -> Json<&'static str> {
 fn config() -> Json<Value> {
     let domain = crate::CONFIG.domain();
     Json(json!({
-        "version": crate::VERSION,
+        // Note: The clients use this version to handle backwards compatibility concerns
+        // This means they expect a version that closely matches the Bitwarden server version
+        // We should make sure that we keep this updated when we support the new server features
+        // Version history:
+        // - Individual cipher key encryption: 2023.9.1
+        "version": "2023.9.1",
         "gitHash": option_env!("GIT_REV"),
         "server": {
           "name": "Vaultwarden",
@@ -207,6 +212,12 @@ fn config() -> Json<Value> {
           "notifications": format!("{domain}/notifications"),
           "sso": "",
         },
+        "featureStates": {
+          // Any feature flags that we want the clients to use
+          // Can check the enabled ones at:
+          // https://vault.bitwarden.com/api/config
+          "autofill-v2": true
+        },
         "object": "config",
     }))
 }
diff --git a/src/db/models/cipher.rs b/src/db/models/cipher.rs
@@ -23,6 +23,8 @@ db_object! {
         pub user_uuid: Option<String>,
         pub organization_uuid: Option<String>,
 
+        pub key: Option<String>,
+
         /*
         Login = 1,
         SecureNote = 2,
@@ -62,6 +64,8 @@ impl Cipher {
             user_uuid: None,
             organization_uuid: None,
 
+            key: None,
+
             atype,
             name,
 
@@ -203,6 +207,7 @@ impl Cipher {
             "DeletedDate": self.deleted_at.map_or(Value::Null, |d| Value::String(format_date(&d))),
             "Reprompt": self.reprompt.unwrap_or(RepromptType::None as i32),
             "OrganizationId": self.organization_uuid,
+            "Key": self.key,
             "Attachments": attachments_json,
             // We have UseTotp set to true by default within the Organization model.
             // This variable together with UsersGetPremium is used to show or hide the TOTP counter.
diff --git a/src/db/schemas/mysql/schema.rs b/src/db/schemas/mysql/schema.rs
@@ -15,6 +15,7 @@ table! {
         updated_at -> Datetime,
         user_uuid -> Nullable<Text>,
         organization_uuid -> Nullable<Text>,
+        key -> Nullable<Text>,
         atype -> Integer,
         name -> Text,
         notes -> Nullable<Text>,
diff --git a/src/db/schemas/postgresql/schema.rs b/src/db/schemas/postgresql/schema.rs
@@ -15,6 +15,7 @@ table! {
         updated_at -> Timestamp,
         user_uuid -> Nullable<Text>,
         organization_uuid -> Nullable<Text>,
+        key -> Nullable<Text>,
         atype -> Integer,
         name -> Text,
         notes -> Nullable<Text>,
diff --git a/src/db/schemas/sqlite/schema.rs b/src/db/schemas/sqlite/schema.rs
@@ -15,6 +15,7 @@ table! {
         updated_at -> Timestamp,
         user_uuid -> Nullable<Text>,
         organization_uuid -> Nullable<Text>,
+        key -> Nullable<Text>,
         atype -> Integer,
         name -> Text,
         notes -> Nullable<Text>,