vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit d3449bfa00cff40dc1f9ef349c9c6524e78f64e1
parent e9ee8ac2fa4ea4bafdacd479c06acea0b53aac37
Author: Jeremy Lin <jeremy.lin@gmail.com>
Date:   Tue, 11 May 2021 22:51:12 -0700

Add support for hiding the sender's email address in Bitwarden Sends

Note: The original Vaultwarden implementation of Bitwarden Send would always
hide the email address, while the upstream implementation would always show it.

Upstream PR: https://github.com/bitwarden/server/pull/1234

Diffstat:
Amigrations/mysql/2021-05-11-205202_add_hide_email/down.sql | 0
Amigrations/mysql/2021-05-11-205202_add_hide_email/up.sql | 2++
Amigrations/postgresql/2021-05-11-205202_add_hide_email/down.sql | 0
Amigrations/postgresql/2021-05-11-205202_add_hide_email/up.sql | 2++
Amigrations/sqlite/2021-05-11-205202_add_hide_email/down.sql | 0
Amigrations/sqlite/2021-05-11-205202_add_hide_email/up.sql | 2++
Msrc/api/core/sends.rs | 5++++-
Msrc/db/models/send.rs | 22+++++++++++++++++++++-
Msrc/db/schemas/mysql/schema.rs | 1+
Msrc/db/schemas/postgresql/schema.rs | 1+
Msrc/db/schemas/sqlite/schema.rs | 1+
11 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/migrations/mysql/2021-05-11-205202_add_hide_email/down.sql b/migrations/mysql/2021-05-11-205202_add_hide_email/down.sql diff --git a/migrations/mysql/2021-05-11-205202_add_hide_email/up.sql b/migrations/mysql/2021-05-11-205202_add_hide_email/up.sql @@ -0,0 +1,2 @@ +ALTER TABLE sends +ADD COLUMN hide_email BOOLEAN; diff --git a/migrations/postgresql/2021-05-11-205202_add_hide_email/down.sql b/migrations/postgresql/2021-05-11-205202_add_hide_email/down.sql diff --git a/migrations/postgresql/2021-05-11-205202_add_hide_email/up.sql b/migrations/postgresql/2021-05-11-205202_add_hide_email/up.sql @@ -0,0 +1,2 @@ +ALTER TABLE sends +ADD COLUMN hide_email BOOLEAN; diff --git a/migrations/sqlite/2021-05-11-205202_add_hide_email/down.sql b/migrations/sqlite/2021-05-11-205202_add_hide_email/down.sql diff --git a/migrations/sqlite/2021-05-11-205202_add_hide_email/up.sql b/migrations/sqlite/2021-05-11-205202_add_hide_email/up.sql @@ -0,0 +1,2 @@ +ALTER TABLE sends +ADD COLUMN hide_email BOOLEAN; diff --git a/src/api/core/sends.rs b/src/api/core/sends.rs @@ -38,6 +38,7 @@ pub struct SendData { pub ExpirationDate: Option<DateTime<Utc>>, pub DeletionDate: DateTime<Utc>, pub Disabled: bool, + pub HideEmail: Option<bool>, // Data field pub Name: String, @@ -88,6 +89,7 @@ fn create_send(data: SendData, user_uuid: String) -> ApiResult<Send> { send.max_access_count = data.MaxAccessCount; send.expiration_date = data.ExpirationDate.map(|d| d.naive_utc()); send.disabled = data.Disabled; + send.hide_email = data.HideEmail; send.atype = data.Type; send.set_password(data.Password.as_deref()); @@ -243,7 +245,7 @@ fn post_access(access_id: String, data: JsonUpcase<SendAccessData>, conn: DbConn send.save(&conn)?; - Ok(Json(send.to_json_access())) + Ok(Json(send.to_json_access(&conn))) } #[post("/sends/<send_id>/access/file/<file_id>", data = "<data>")] @@ -340,6 +342,7 @@ fn put_send(id: String, data: JsonUpcase<SendData>, headers: Headers, conn: DbCo send.notes = data.Notes; send.max_access_count = data.MaxAccessCount; send.expiration_date = data.ExpirationDate.map(|d| d.naive_utc()); + send.hide_email = data.HideEmail; send.disabled = data.Disabled; // Only change the value if it's present diff --git a/src/db/models/send.rs b/src/db/models/send.rs @@ -36,6 +36,7 @@ db_object! { pub deletion_date: NaiveDateTime, pub disabled: bool, + pub hide_email: Option<bool>, } } @@ -73,6 +74,7 @@ impl Send { deletion_date, disabled: false, + hide_email: None, } } @@ -101,6 +103,22 @@ impl Send { } } + pub fn creator_identifier(&self, conn: &DbConn) -> Option<String> { + if let Some(hide_email) = self.hide_email { + if hide_email { + return None; + } + } + + if let Some(user_uuid) = &self.user_uuid { + if let Some(user) = User::find_by_uuid(user_uuid, conn) { + return Some(user.email); + } + } + + None + } + pub fn to_json(&self) -> Value { use crate::util::format_date; use data_encoding::BASE64URL_NOPAD; @@ -123,6 +141,7 @@ impl Send { "AccessCount": self.access_count, "Password": self.password_hash.as_deref().map(|h| BASE64URL_NOPAD.encode(h)), "Disabled": self.disabled, + "HideEmail": self.hide_email, "RevisionDate": format_date(&self.revision_date), "ExpirationDate": self.expiration_date.as_ref().map(format_date), @@ -131,7 +150,7 @@ impl Send { }) } - pub fn to_json_access(&self) -> Value { + pub fn to_json_access(&self, conn: &DbConn) -> Value { use crate::util::format_date; let data: Value = serde_json::from_str(&self.data).unwrap_or_default(); @@ -145,6 +164,7 @@ impl Send { "File": if self.atype == SendType::File as i32 { Some(&data) } else { None }, "ExpirationDate": self.expiration_date.as_ref().map(format_date), + "CreatorIdentifier": self.creator_identifier(conn), "Object": "send-access", }) } diff --git a/src/db/schemas/mysql/schema.rs b/src/db/schemas/mysql/schema.rs @@ -122,6 +122,7 @@ table! { expiration_date -> Nullable<Datetime>, deletion_date -> Datetime, disabled -> Bool, + hide_email -> Nullable<Bool>, } } diff --git a/src/db/schemas/postgresql/schema.rs b/src/db/schemas/postgresql/schema.rs @@ -122,6 +122,7 @@ table! { expiration_date -> Nullable<Timestamp>, deletion_date -> Timestamp, disabled -> Bool, + hide_email -> Nullable<Bool>, } } diff --git a/src/db/schemas/sqlite/schema.rs b/src/db/schemas/sqlite/schema.rs @@ -122,6 +122,7 @@ table! { expiration_date -> Nullable<Timestamp>, deletion_date -> Timestamp, disabled -> Bool, + hide_email -> Nullable<Bool>, } }