Merge branch 'main' of https://github.com/dani-garcia/vaultwarden

# Conflicts: # .github/workflows/release.yml # hooks/build # src/main.rs
nekowarden · Nov 29, 2023 · 7994727 · 7994727
2 parents 2e8b835 + 4883650
commit 7994727
Show file tree

Hide file tree

Showing 180 changed files with 17,728 additions and 13,166 deletions.
diff --git a/.env.template b/.env.template
@@ -30,6 +30,10 @@
 ## Define the size of the connection pool used for connecting to the database.
 # DATABASE_MAX_CONNS=10
 
+## Database timeout
+## Timeout when acquiring database connection
+# DATABASE_TIMEOUT=30
+
 ## Database connection initialization
 ## Allows SQL statements to be run whenever a new database connection is created.
 ## This is mainly useful for connection-scoped pragmas.
@@ -72,6 +76,13 @@
 # WEBSOCKET_ADDRESS=0.0.0.0
 # WEBSOCKET_PORT=3012
 
+## Enables push notifications (requires key and id from https://bitwarden.com/host)
+# PUSH_ENABLED=true
+# PUSH_INSTALLATION_ID=CHANGEME
+# PUSH_INSTALLATION_KEY=CHANGEME
+## Don't change this unless you know what you're doing.
+# PUSH_RELAY_URI=https://push.bitwarden.com
+
 ## Controls whether users are allowed to create Bitwarden Sends.
 ## This setting applies globally to all users.
 ## To control this on a per-org basis instead, use the "Disable Send" org policy.
@@ -86,6 +97,10 @@
 ## Disabled by default. Also check the EVENT_CLEANUP_SCHEDULE and EVENTS_DAYS_RETAIN settings.
 # ORG_EVENTS_ENABLED=false
 
+## Controls whether users can change their email.
+## This setting applies globally to all users
+# EMAIL_CHANGE_ALLOWED=true
+
 ## Number of days to retain events stored in the database.
 ## If unset (the default), events are kept indefinitely and the scheduled job is disabled!
 # EVENTS_DAYS_RETAIN=
@@ -259,9 +274,15 @@
 ## A comma-separated list means only those users can create orgs:
 # ORG_CREATION_USERS=admin1@example.com,admin2@example.com
 
-## Token for the admin interface, preferably use a long random string
-## One option is to use 'openssl rand -base64 48'
+## Token for the admin interface, preferably an Argon2 PCH string
+## Vaultwarden has a built-in generator by calling `vaultwarden hash`
+## For details see: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token
 ## If not set, the admin panel is disabled
+## New Argon2 PHC string
+## Note that for some environments, like docker-compose you need to escape all the dollar signs `$` with an extra dollar sign like `$$`
+## Also, use single quotes (') instead of double quotes (") to enclose the string when needed
+# ADMIN_TOKEN='$argon2id$v=19$m=65540,t=3,p=4$MmeKRnGK5RW5mJS7h3TOL89GrpLPXJPAtTK8FTqj9HM$DqsstvoSAETl9YhnsXbf43WeaUwJC6JhViIvuPoig78'
+## Old plain text string (Will generate warnings in favor of Argon2)
 # ADMIN_TOKEN=Vy2VyYTTsKPv8W5aEOWUbB/Bt3DEKePbHmI4m9VcemUMS2rEviDowNAFqYi1xjmp
 
 ## Enable this to bypass the admin panel security. This option is only
@@ -335,6 +356,9 @@
 ## Allow a burst of requests of up to this size, while maintaining the average indicated by `ADMIN_RATELIMIT_SECONDS`.
 # ADMIN_RATELIMIT_MAX_BURST=3
 
+## Set the lifetime of admin sessions to this value (in minutes).
+# ADMIN_SESSION_LIFETIME=20
+
 ## Yubico (Yubikey) Settings
 ## Set your Client ID and Secret Key for Yubikey OTP
 ## You can generate it here: https://upgrade.yubico.com/getapikey/
@@ -373,7 +397,7 @@
 # ROCKET_WORKERS=10
 # ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}
 
-## Mail specific settings, set SMTP_HOST and SMTP_FROM to enable the mail service.
+## Mail specific settings, set SMTP_FROM and either SMTP_HOST or USE_SENDMAIL to enable the mail service.
 ## To make sure the email links are pointing to the correct host, set the DOMAIN variable.
 ## Note: if SMTP_USERNAME is specified, SMTP_PASSWORD is mandatory
 # SMTP_HOST=smtp.domain.tld
@@ -385,6 +409,11 @@
 # SMTP_PASSWORD=password
 # SMTP_TIMEOUT=15
 
+# Whether to send mail via the `sendmail` command
+# USE_SENDMAIL=false
+# Which sendmail command to use. The one found in the $PATH is used if not specified.
+# SENDMAIL_COMMAND="/path/to/sendmail"
+
 ## Defaults for SSL is "Plain" and "Login" and nothing for Non-SSL connections.
 ## Possible values: ["Plain", "Login", "Xoauth2"].
 ## Multiple options need to be separated by a comma ','.

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -8,19 +8,27 @@ on:
       - "migrations/**"
       - "Cargo.*"
       - "build.rs"
-      - "rust-toolchain"
+      - "rust-toolchain.toml"
+      - "rustfmt.toml"
+      - "diesel.toml"
+      - "docker/Dockerfile.j2"
+      - "docker/DockerSettings.yaml"
   pull_request:
     paths:
       - ".github/workflows/build.yml"
       - "src/**"
       - "migrations/**"
       - "Cargo.*"
       - "build.rs"
-      - "rust-toolchain"
+      - "rust-toolchain.toml"
+      - "rustfmt.toml"
+      - "diesel.toml"
+      - "docker/Dockerfile.j2"
+      - "docker/DockerSettings.yaml"
 
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     timeout-minutes: 120
     # Make warnings errors, this is to prevent warnings slipping through.
     # This is done globally to prevent rebuilds when the RUSTFLAGS env variable changes.
@@ -32,56 +40,63 @@ jobs:
         channel:
           - "rust-toolchain" # The version defined in rust-toolchain
           - "msrv" # The supported MSRV
-        include:
-          - channel: "msrv"
-            version: "1.61.0"
 
     name: Build and Test ${{ matrix.channel }}
 
     steps:
       # Checkout the repo
       - name: "Checkout"
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
       # End Checkout the repo
 
+
       # Install dependencies
       - name: "Install dependencies Ubuntu"
-        run: sudo apt-get update && sudo apt-get install -y --no-install-recommends openssl sqlite build-essential libmariadb-dev-compat libpq-dev libssl-dev pkg-config
+        run: sudo apt-get update && sudo apt-get install -y --no-install-recommends openssl build-essential libmariadb-dev-compat libpq-dev libssl-dev pkg-config
       # End Install dependencies
 
+
       # Determine rust-toolchain version
       - name: Init Variables
         id: toolchain
         shell: bash
-        if: ${{ matrix.channel == 'rust-toolchain' }}
         run: |
-          RUST_TOOLCHAIN="$(cat rust-toolchain)"
+          if [[ "${{ matrix.channel }}" == 'rust-toolchain' ]]; then
+            RUST_TOOLCHAIN="$(grep -oP 'channel.*"(\K.*?)(?=")' rust-toolchain.toml)"
+          elif [[ "${{ matrix.channel }}" == 'msrv' ]]; then
+            RUST_TOOLCHAIN="$(grep -oP 'rust-version.*"(\K.*?)(?=")' Cargo.toml)"
+          else
+            RUST_TOOLCHAIN="${{ matrix.channel }}"
+          fi
           echo "RUST_TOOLCHAIN=${RUST_TOOLCHAIN}" | tee -a "${GITHUB_OUTPUT}"
       # End Determine rust-toolchain version
 
-      # Uses the rust-toolchain file to determine version
+
+      # Only install the clippy and rustfmt components on the default rust-toolchain
       - name: "Install rust-toolchain version"
-        uses: dtolnay/rust-toolchain@55c7845fad90d0ae8b2e83715cb900e5e861e8cb # master @ 2022-10-25 - 21:40 GMT+2
+        uses: dtolnay/rust-toolchain@439cf607258077187679211f12aa6f19af4a0af7 # master @ 2023-09-19 - 05:31 PM GMT+2
         if: ${{ matrix.channel == 'rust-toolchain' }}
         with:
           toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
           components: clippy, rustfmt
       # End Uses the rust-toolchain file to determine version
 
 
-      # Install the MSRV channel to be used
+      # Install the any other channel to be used for which we do not execute clippy and rustfmt
       - name: "Install MSRV version"
-        uses: dtolnay/rust-toolchain@55c7845fad90d0ae8b2e83715cb900e5e861e8cb # master @ 2022-10-25 - 21:40 GMT+2
+        uses: dtolnay/rust-toolchain@439cf607258077187679211f12aa6f19af4a0af7 # master @ 2023-09-19 - 05:31 PM GMT+2
         if: ${{ matrix.channel != 'rust-toolchain' }}
         with:
-          toolchain: ${{ matrix.version }}
+          toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
       # End Install the MSRV channel to be used
 
-
-      # Enable Rust Caching
-      - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0
-      # End Enable Rust Caching
-
+      # Set the current matrix toolchain version as default
+      - name: "Set toolchain ${{steps.toolchain.outputs.RUST_TOOLCHAIN}} as default"
+        run: |
+          # Remove the rust-toolchain.toml
+          rm rust-toolchain.toml
+          # Set the default
+          rustup default ${{steps.toolchain.outputs.RUST_TOOLCHAIN}}
 
       # Show environment
       - name: "Show environment"
@@ -90,47 +105,55 @@ jobs:
           cargo -vV
       # End Show environment
 
+      # Enable Rust Caching
+      - uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 # v2.7.0
+        with:
+          # Use a custom prefix-key to force a fresh start. This is sometimes needed with bigger changes.
+          # Like changing the build host from Ubuntu 20.04 to 22.04 for example.
+          # Only update when really needed! Use a <year>.<month>[.<inc>] format.
+          prefix-key: "v2023.07-rust"
+      # End Enable Rust Caching
 
-      # Run cargo tests (In release mode to speed up future builds)
+      # Run cargo tests
       # First test all features together, afterwards test them separately.
       - name: "test features: sqlite,mysql,postgresql,enable_mimalloc"
         id: test_sqlite_mysql_postgresql_mimalloc
         if: $${{ always() }}
         run: |
-          cargo test --release --features sqlite,mysql,postgresql,enable_mimalloc
+          cargo test --features sqlite,mysql,postgresql,enable_mimalloc
 
       - name: "test features: sqlite,mysql,postgresql"
         id: test_sqlite_mysql_postgresql
         if: $${{ always() }}
         run: |
-          cargo test --release --features sqlite,mysql,postgresql
+          cargo test --features sqlite,mysql,postgresql
 
       - name: "test features: sqlite"
         id: test_sqlite
         if: $${{ always() }}
         run: |
-          cargo test --release --features sqlite
+          cargo test --features sqlite
 
       - name: "test features: mysql"
         id: test_mysql
         if: $${{ always() }}
         run: |
-          cargo test --release --features mysql
+          cargo test --features mysql
 
       - name: "test features: postgresql"
         id: test_postgresql
         if: $${{ always() }}
         run: |
-          cargo test --release --features postgresql
+          cargo test --features postgresql
       # End Run cargo tests
 
 
-      # Run cargo clippy, and fail on warnings (In release mode to speed up future builds)
+      # Run cargo clippy, and fail on warnings
       - name: "clippy features: sqlite,mysql,postgresql,enable_mimalloc"
         id: clippy
         if: ${{ always() && matrix.channel == 'rust-toolchain' }}
         run: |
-          cargo clippy --release --features sqlite,mysql,postgresql,enable_mimalloc -- -D warnings
+          cargo clippy --features sqlite,mysql,postgresql,enable_mimalloc -- -D warnings
       # End Run cargo clippy
 
 
@@ -172,21 +195,3 @@ jobs:
         run: |
           echo "### :tada: Checks Passed!" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
-
-
-      # Build the binary to upload to the artifacts
-      - name: "build features: sqlite,mysql,postgresql"
-        if: ${{ matrix.channel == 'rust-toolchain' }}
-        run: |
-          cargo build --release --features sqlite,mysql,postgresql
-      # End Build the binary
-
-
-      # Upload artifact to Github Actions
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
-        if: ${{ matrix.channel == 'rust-toolchain' }}
-        with:
-          name: vaultwarden
-          path: target/release/vaultwarden
-      # End Upload artifact to Github Actions
diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml
@@ -8,15 +8,14 @@ on: [
 jobs:
   hadolint:
     name: Validate Dockerfile syntax
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     timeout-minutes: 30
     steps:
       # Checkout the repo
       - name: Checkout
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
       # End Checkout the repo
 
-
       # Download hadolint - https://github.com/hadolint/hadolint/releases
       - name: Download hadolint
         shell: bash
@@ -30,5 +29,5 @@ jobs:
       # Test Dockerfiles
       - name: Run hadolint
         shell: bash
-        run:  git ls-files --exclude='docker/*/Dockerfile*' --ignored --cached | xargs hadolint
+        run: hadolint docker/Dockerfile.{debian,alpine}
       # End Test Dockerfiles