Mirrors/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-03-10 04:03:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,982 Commits 3 Branches 79 Tags
ecdb18fcde34743833fad40a2b8510b4e25a8cd1
Commit Graph

2982 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Timshel
ecdb18fcde Add 30s cache to SSO exchange_refresh_token (#6866) 
Co-authored-by: Timshel <timshel@users.noreply.github.com>
 2026-03-09 18:10:06 +01:00
pasarenicu
df25d316d6 Add Webauthn related origins flag to known flags. (#6900) 
support pm-30529-webauthn-related-origins flag
 2026-03-09 18:06:41 +01:00
Chris Kruger
747286dccd fix: add ForcePasswordReset to api key login (#6904) 2026-03-09 18:04:17 +01:00
DerPlayer2001
e60105411b Feat(config): add feature flag for Safari account switching (#6891) 
This enables the use of the Feature from this PR https://github.com/bitwarden/clients/pull/18339
 2026-03-09 17:57:10 +01:00
Ken Watanabe
937857a0bc Merge commit from fork 
* Fix WebAuthn backup flag update before signature verification

* fix format rust file

* Add test for migration update

* Remove webauthn test
 2026-03-09 17:50:21 +01:00
Stefan Melmuk
ba55191676 apply policies only to confirmed members (#6892) 2026-03-04 06:58:39 +01:00
Mathijs van Veluw
c555f7d198 Misc organization fixes (#6867) 1.35.4 2026-02-23 21:52:44 +01:00
proofofcopilot
74819b95bd fix(send_invite): add orgSsoIdentifier if sso_only is enabled (#6824) 2026-02-23 20:28:12 +01:00
Stefan Melmuk
da2af3d362 hide remember 2fa token (#6852) 2026-02-23 20:27:40 +01:00
Mathijs van Veluw
1583fe4af3 Update Rust and Crates and GHA (#6843) 
- Update Rust to v1.93.1
- Updated all the crates
  Adjust changes needed for the newer `rand` crate
- Updated GitHub Actions

Signed-off-by: BlackDex <black.dex@gmail.com>
 2026-02-18 00:17:20 +01:00
Mathijs van Veluw
36f0620fd1 Fix org-details issue (#6811) 
Fix an issue where it was possible for users who were not eligible to access all org ciphers to be able to download and extract the encrypted contents.
Only Managers with full access and Admins and Owners should be able to access this endpoint.

This change will block and prevent access for other users.

Signed-off-by: BlackDex <black.dex@gmail.com>
1.35.3 		2026-02-10 20:34:30 +01:00
Mathijs van Veluw
3cd2d4afe7 Update crates and web-vault (#6810) 
Signed-off-by: BlackDex <black.dex@gmail.com>
 2026-02-10 20:24:35 +01:00
Mathijs van Veluw
d09c45bb63 Misc updates, crates, rust, js, gha, vault (#6799) 2026-02-08 19:24:20 +01:00
Stefan Melmuk
feecfb20da fix error message for purging auth requests (#6776) 2026-02-01 22:35:55 +01:00
Timshel
347279a12c Empty AccountKeys when no private key (#6761) 
Co-authored-by: Timshel <timshel@users.noreply.github.com>
 2026-02-01 22:35:22 +01:00
Helmut K. C. Tessarek
7f65a254b3 refactor: improve tooltips in diagnostics page (#6765) 
The term "seems to" is used too loosely in many of the tooltips, but in
these 2 instances it is wrong wording.
An update is either available or not. If there is no update, one could
argue that "seems to" is valid, since the Internet could be down to
check for a new version. But in this situation the update is availble.
It is impossible that an update seems to be available.
 2026-02-01 22:35:03 +01:00
Mathijs van Veluw
cc80f689ed Update crates, web-vault, js, workflows (#6749) 
- Updated all crates
- Updated web-vault to v2025.12.2
- Updated all JavaScript files
- Updated all GitHub Action Workflows
  Also added the `concurrency` option to all workflows.

Signed-off-by: BlackDex <black.dex@gmail.com>
 2026-01-22 23:40:39 +01:00
Stefan Melmuk
4737192853 fix email as 2fa with auth requests (#6736) 
* fix email as 2fa with auth requests

* increase expiry time of auth_requests to 15 minutes
 2026-01-22 23:25:11 +01:00
Stefan Melmuk
0c6817cb4e hide password hints via CSS (#6726) 2026-01-18 15:25:20 +01:00
Stefan Melmuk
25a71d913f use email instead of empty name for webauhn (#6733) 
* if empty use email instead of name for webauhn

* use email as display name if name is empty
 2026-01-18 15:23:21 +01:00
Mathijs van Veluw
b2cd556f3e Fix User API Key login (#6712) 
When using the latest Bitwarden CLI and logging in using the API Key, it expects some extra fields, same as for normal login.
This PR adds those fields and login is possible again via API Key.

Fixes #6709

Signed-off-by: BlackDex <black.dex@gmail.com>
 2026-01-14 13:11:43 +01:00
Mathijs van Veluw
4352fffeec Fix web-vault version check and update web-vault (#6686) 1.35.2 2026-01-09 13:21:10 +01:00
Stefan Melmuk
8d08697cf8 improve sso callback path (#6676) 
* normalize base_url for sso_callback_path

* clean url when embedding images
 2026-01-06 17:10:00 +00:00
Stefan Melmuk
9f1df42259 allow MasterPasswordHash for Android (#6673) 2026-01-06 14:24:05 +00:00
Stefan Melmuk
1e1f9957cd return no content with status code 204 (#6665) 2026-01-05 18:52:24 +00:00
Stefan Melmuk
bf37657c08 update web-vault to fix org creation (#6646) 2026-01-01 16:52:11 +00:00
Daniel García
3e2cef7e8b Try old refresh token if we fail to decode jwt (#6629) 1.35.1 2025-12-29 22:54:51 +01:00
Mathijs van Veluw
2af9d21158 Misc updates (#6627) 
- Update crates and toml
- Update web-vault to v2025.12.1
- Update workflows

Signed-off-by: BlackDex <black.dex@gmail.com>
 2025-12-29 22:27:12 +01:00
Daniel
c4f6c4e63b Re-add alpine tag (#6626) 
- fixes https://github.com/dani-garcia/vaultwarden/issues/6619
- also optimize the process while at it
 2025-12-29 22:25:15 +01:00
Daniel García
eb2a56aea1 Update lockfile (#6600) 2025-12-28 01:07:17 +01:00
Daniel García
a4907f3539 Add wrapped named variants to UserDecryptionOptions (#6598) 1.35.0 2025-12-27 23:35:04 +01:00
Daniel
8801b47d80 Remove unnecessary output sharing between jobs (#6555) 
Split step into 2 parts, since only 1 part is needed in the build job
 2025-12-23 16:27:53 +01:00
Daniel
1ae9dc4119 Simplify binary extraction (#6554) 2025-12-23 16:26:28 +01:00
Mathijs van Veluw
02377eeac8 Update crates (#6585) 
Signed-off-by: BlackDex <black.dex@gmail.com>
 2025-12-23 16:25:56 +01:00
Mathijs van Veluw
d9c75508c2 Fix posting cipher with readonly collections (#6578) 
* Fix posting cipher with readonly collections

This fix will check if a collection is writeable for the user, and if not error out early instead of creating the cipher first and leaving it.
It will also save some database transactions.

Fixes #6562

Signed-off-by: BlackDex <black.dex@gmail.com>

* Adjust code to delete on error

Signed-off-by: BlackDex <black.dex@gmail.com>

---------

Signed-off-by: BlackDex <black.dex@gmail.com>
 2025-12-21 18:51:58 +01:00
Mathijs van Veluw
0ab7784b06 Update web-vault to v2025.12.0 (#6577) 
Updated web-vault
Updated one crate

Signed-off-by: BlackDex <black.dex@gmail.com>
 2025-12-21 00:01:30 +01:00
Daniel García
5c91058ba0 Add UserDecryptionOptions on /sync too (#6574) 2025-12-20 00:37:46 +01:00
Mathijs van Veluw
229b58fe4e Update crates and Rust (#6551) 
* Update crates and Rust

- Updated all the crates
- Updated Rust to v1.92.0
- Updated to Alpine v3.23
- Adjusted some nightly clippy lints

Signed-off-by: BlackDex <black.dex@gmail.com>

* Add new updates

Signed-off-by: BlackDex <black.dex@gmail.com>

* Updated more crates and fix mariadb

Updated more crates
Also removed older MariaDB library since Diesel has fixed this in the v2.3.5 version.

Signed-off-by: BlackDex <black.dex@gmail.com>

* Fix icon-fetch error

Signed-off-by: BlackDex <black.dex@gmail.com>

* Update GHA workflows

Signed-off-by: BlackDex <black.dex@gmail.com>

---------

Signed-off-by: BlackDex <black.dex@gmail.com>
 2025-12-19 17:38:13 +01:00
Daniel García
061d320c7f Add new accountKeys and masterPasswordUnlock fields (#6572) 
* Add new accountKeys and masterPasswordUnlock fields

* Fmt
 2025-12-19 13:34:43 +01:00
Stefan Melmuk
2c73c6c2f2 support UriMatchDefaults policy (#6570) 2025-12-19 12:07:58 +01:00
Daniel
b920caf285 Revert to gzip compression (#6566) 
- zstd support has been added in Docker v23
- Debian Bookworm/Bullseye ships with Docker v20.10
- Revert for now to maintain compatibility with older releases
 2025-12-19 12:07:05 +01:00
Stefan Melmuk
57bdab1550 add empty /api/tasks endpoint (#6557) 2025-12-14 15:32:21 +01:00
Daniel
b77c01b8bb Further fixes for the release workflow (#6533) 2025-12-07 16:07:07 +01:00
Mathijs van Veluw
9cca120fb3 Fix release workflow (#6532) 2025-12-07 13:12:05 +01:00
Stefan Melmuk
4ad8baf7be fix email as 2fa for sso (#6495) 
* fix email as 2fa for sso

* allow saving device without updating `updated_at`

* check if email is some

* allow device to be saved in postgresql

* use twofactor_incomplete table

* no need to update device.updated_at
 2025-12-06 22:22:33 +01:00
Timshel
8f689d8795 Improve sso auth flow (#6205) 
Co-authored-by: Timshel <timshel@users.noreply.github.com>
 2025-12-06 22:20:04 +01:00
Timshel
2d91a9460b Fix admin invite with SSO (#6498) 
Co-authored-by: Timshel <timshel@users.noreply.github.com>
 2025-12-06 22:14:20 +01:00
Timshel
e81e6a5060 Android want response property in camelCase (#6513) 
Co-authored-by: Timshel <timshel@480s>
 2025-12-06 22:13:51 +01:00
Timshel
76d0856bbe Org.put_policy type not in body anymore (#6514) 
Co-authored-by: Timshel <timshel@480s>
 2025-12-06 22:12:46 +01:00
Timshel
f0e79fd391 Iterate over tags on release (#6518) 
Co-authored-by: Timshel <timshel@480s>
 2025-12-06 22:12:25 +01:00