diff --git a/Cargo.lock b/Cargo.lock index 6c957a3e..849997c3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3011,9 +3011,9 @@ dependencies = [ [[package]] name = "resolv-conf" -version = "0.7.3" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc7c8f7f733062b66dc1c63f9db168ac0b97a9210e247fa90fdc9ad08f51b302" +checksum = "95325155c684b1c89f7765e30bc1c42e4a6da51ca513615660cb8a62ef9a88e3" [[package]] name = "ring" diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index 542bfbaf..1dfafca8 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -1055,7 +1055,7 @@ pub async fn _prelogin(data: Json, mut conn: DbConn) -> Json/clear-token")] async fn put_clear_device_token(device_id: DeviceId, mut conn: DbConn) -> EmptyResult { // This only clears push token - // https://github.com/bitwarden/core/blob/master/src/Api/Controllers/DevicesController.cs#L109 - // https://github.com/bitwarden/core/blob/master/src/Core/Services/Implementations/DeviceService.cs#L37 + // https://github.com/bitwarden/server/blob/9ebe16587175b1c0e9208f84397bb75d0d595510/src/Api/Controllers/DevicesController.cs#L215 + // https://github.com/bitwarden/server/blob/9ebe16587175b1c0e9208f84397bb75d0d595510/src/Core/Services/Implementations/DeviceService.cs#L37 // This is somehow not implemented in any app, added it in case it is required // 2025: Also, it looks like it only clears the first found device upstream, which is probably faulty. // This because currently multiple accounts could be on the same device/app and that would cause issues. diff --git a/src/api/core/events.rs b/src/api/core/events.rs index 3a7d41f0..597c6ad6 100644 --- a/src/api/core/events.rs +++ b/src/api/core/events.rs @@ -29,7 +29,7 @@ struct EventRange { continuation_token: Option, } -// Upstream: https://github.com/bitwarden/server/blob/9ecf69d9cabce732cf2c57976dd9afa5728578fb/src/Api/Controllers/EventsController.cs#LL84C35-L84C41 +// Upstream: https://github.com/bitwarden/server/blob/9ebe16587175b1c0e9208f84397bb75d0d595510/src/Api/AdminConsole/Controllers/EventsController.cs#L87 #[get("/organizations//events?")] async fn get_org_events( org_id: OrganizationId, @@ -169,8 +169,8 @@ struct EventCollection { } // Upstream: -// https://github.com/bitwarden/server/blob/8a22c0479e987e756ce7412c48a732f9002f0a2d/src/Events/Controllers/CollectController.cs -// https://github.com/bitwarden/server/blob/8a22c0479e987e756ce7412c48a732f9002f0a2d/src/Core/Services/Implementations/EventService.cs +// https://github.com/bitwarden/server/blob/9ebe16587175b1c0e9208f84397bb75d0d595510/src/Events/Controllers/CollectController.cs +// https://github.com/bitwarden/server/blob/9ebe16587175b1c0e9208f84397bb75d0d595510/src/Core/AdminConsole/Services/Implementations/EventService.cs #[post("/collect", format = "application/json", data = "")] async fn post_events_collect(data: Json>, headers: Headers, mut conn: DbConn) -> EmptyResult { if !CONFIG.org_events_enabled() { diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs index 0f452fd5..8942e43b 100644 --- a/src/api/core/mod.rs +++ b/src/api/core/mod.rs @@ -200,9 +200,10 @@ fn get_api_webauthn(_headers: Headers) -> Json { fn config() -> Json { let domain = crate::CONFIG.domain(); // Official available feature flags can be found here: - // Server (v2025.4.2): https://github.com/bitwarden/server/blob/9ad96375153113abff36d28a3465f1c51ea604a0/src/Core/Constants.cs#L102 - // Client (v2025.4.0): https://github.com/bitwarden/clients/blob/c86c73563140412ca8359cad0fedc6f74b29db84/libs/common/src/enums/feature-flag.enum.ts#L10 - // Android (v2025.2.0): https://github.com/bitwarden/android/blob/8cd289cc89f729062f094d47b92c98b09c605e71/app/src/main/java/com/x8bit/bitwarden/data/platform/manager/model/FlagKey.kt#L27 + // Server (v2025.5.0): https://github.com/bitwarden/server/blob/4a7db112a0952c6df8bacf36c317e9c4e58c3651/src/Core/Constants.cs#L102 + // Client (v2025.5.0): https://github.com/bitwarden/clients/blob/9df8a3cc50ed45f52513e62c23fcc8a4b745f078/libs/common/src/enums/feature-flag.enum.ts#L10 + // Android (v2025.4.0): https://github.com/bitwarden/android/blob/bee09de972c3870de0d54a0067996be473ec55c7/app/src/main/java/com/x8bit/bitwarden/data/platform/manager/model/FlagKey.kt#L27 + // iOS (v2025.4.0): https://github.com/bitwarden/ios/blob/956e05db67344c912e3a1b8cb2609165d67da1c9/BitwardenShared/Core/Platform/Models/Enum/FeatureFlag.swift#L7 let mut feature_states = parse_experimental_client_feature_flags(&crate::CONFIG.experimental_client_feature_flags()); // Force the new key rotation feature diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index ec512b8f..a27467ec 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -3112,7 +3112,7 @@ async fn get_organization_public_key( } // Obsolete - Renamed to public-key (2023.8), left for backwards compatibility with older clients -// https://github.com/bitwarden/server/blob/25dc0c9178e3e3584074bbef0d4be827b7c89415/src/Api/AdminConsole/Controllers/OrganizationsController.cs#L463-L468 +// https://github.com/bitwarden/server/blob/9ebe16587175b1c0e9208f84397bb75d0d595510/src/Api/AdminConsole/Controllers/OrganizationsController.cs#L487-L492 #[get("/organizations//keys")] async fn get_organization_keys(org_id: OrganizationId, headers: OrgMemberHeaders, conn: DbConn) -> JsonResult { get_organization_public_key(org_id, headers, conn).await @@ -3203,16 +3203,16 @@ async fn get_reset_password_details( check_reset_password_applicable_and_permissions(&org_id, &member_id, &headers, &mut conn).await?; - // https://github.com/bitwarden/server/blob/3b50ccb9f804efaacdc46bed5b60e5b28eddefcf/src/Api/Models/Response/Organizations/OrganizationUserResponseModel.cs#L111 + // https://github.com/bitwarden/server/blob/9ebe16587175b1c0e9208f84397bb75d0d595510/src/Api/AdminConsole/Models/Response/Organizations/OrganizationUserResponseModel.cs#L190 Ok(Json(json!({ "object": "organizationUserResetPasswordDetails", - "kdf":user.client_kdf_type, - "kdfIterations":user.client_kdf_iter, - "kdfMemory":user.client_kdf_memory, - "kdfParallelism":user.client_kdf_parallelism, - "resetPasswordKey":member.reset_password_key, - "encryptedPrivateKey":org.private_key, - + "organizationUserId": member_id, + "kdf": user.client_kdf_type, + "kdfIterations": user.client_kdf_iter, + "kdfMemory": user.client_kdf_memory, + "kdfParallelism": user.client_kdf_parallelism, + "resetPasswordKey": member.reset_password_key, + "encryptedPrivateKey": org.private_key, }))) } @@ -3300,6 +3300,9 @@ async fn put_reset_password_enrollment( // NOTE: It seems clients can't handle uppercase-first keys!! // We need to convert all keys so they have the first character to be a lowercase. // Else the export will be just an empty JSON file. +// We currently only support exports by members of the Admin or Owner status. +// Vaultwarden does not yet support exporting only managed collections! +// https://github.com/bitwarden/server/blob/9ebe16587175b1c0e9208f84397bb75d0d595510/src/Api/Tools/Controllers/OrganizationExportController.cs#L52 #[get("/organizations//export")] async fn get_org_export(org_id: OrganizationId, headers: AdminHeaders, mut conn: DbConn) -> JsonResult { if org_id != headers.org_id { diff --git a/src/api/core/public.rs b/src/api/core/public.rs index 1c85ae1b..84606de6 100644 --- a/src/api/core/public.rs +++ b/src/api/core/public.rs @@ -46,7 +46,7 @@ struct OrgImportData { #[post("/public/organization/import", data = "")] async fn ldap_import(data: Json, token: PublicToken, mut conn: DbConn) -> EmptyResult { // Most of the logic for this function can be found here - // https://github.com/bitwarden/server/blob/fd892b2ff4547648a276734fb2b14a8abae2c6f5/src/Core/Services/Implementations/OrganizationService.cs#L1797 + // https://github.com/bitwarden/server/blob/9ebe16587175b1c0e9208f84397bb75d0d595510/src/Core/AdminConsole/Services/Implementations/OrganizationService.cs#L1203 let org_id = token.0; let data = data.into_inner(); diff --git a/src/api/core/sends.rs b/src/api/core/sends.rs index e56538c3..e99face4 100644 --- a/src/api/core/sends.rs +++ b/src/api/core/sends.rs @@ -26,7 +26,7 @@ static ANON_PUSH_DEVICE: Lazy = Lazy::new(|| { updated_at: dt, user_uuid: String::from("00000000-0000-0000-0000-000000000000").into(), name: String::new(), - atype: 0, + atype: 14, // 14 == Unknown Browser push_uuid: Some(String::from("00000000-0000-0000-0000-000000000000").into()), push_token: None, refresh_token: String::new(), @@ -220,6 +220,8 @@ struct UploadDataV2<'f> { // @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads (v2). // This method still exists to support older clients, probably need to remove it sometime. // Upstream: https://github.com/bitwarden/server/blob/d0c793c95181dfb1b447eb450f85ba0bfd7ef643/src/Api/Controllers/SendsController.cs#L164-L167 +// 2025: This endpoint doesn't seem to exists anymore in the latest version +// See: https://github.com/bitwarden/server/blob/9ebe16587175b1c0e9208f84397bb75d0d595510/src/Api/Tools/Controllers/SendsController.cs #[post("/sends/file", format = "multipart/form-data", data = "")] async fn post_send_file(data: Form>, headers: Headers, mut conn: DbConn, nt: Notify<'_>) -> JsonResult { enforce_disable_send_policy(&headers, &mut conn).await?; @@ -296,7 +298,7 @@ async fn post_send_file(data: Form>, headers: Headers, mut conn: Ok(Json(send.to_json())) } -// Upstream: https://github.com/bitwarden/server/blob/d0c793c95181dfb1b447eb450f85ba0bfd7ef643/src/Api/Controllers/SendsController.cs#L190 +// Upstream: https://github.com/bitwarden/server/blob/9ebe16587175b1c0e9208f84397bb75d0d595510/src/Api/Tools/Controllers/SendsController.cs#L165 #[post("/sends/file/v2", data = "")] async fn post_send_file_v2(data: Json, headers: Headers, mut conn: DbConn) -> JsonResult { enforce_disable_send_policy(&headers, &mut conn).await?; @@ -367,7 +369,7 @@ pub struct SendFileData { fileName: String, } -// https://github.com/bitwarden/server/blob/66f95d1c443490b653e5a15d32977e2f5a3f9e32/src/Api/Tools/Controllers/SendsController.cs#L250 +// https://github.com/bitwarden/server/blob/9ebe16587175b1c0e9208f84397bb75d0d595510/src/Api/Tools/Controllers/SendsController.cs#L195 #[post("/sends//file/", format = "multipart/form-data", data = "")] async fn post_send_file_v2_data( send_id: SendId, diff --git a/src/api/core/two_factor/authenticator.rs b/src/api/core/two_factor/authenticator.rs index 40b10ffb..e5ffeedc 100644 --- a/src/api/core/two_factor/authenticator.rs +++ b/src/api/core/two_factor/authenticator.rs @@ -37,7 +37,7 @@ async fn generate_authenticator(data: Json, headers: Headers, // Upstream seems to also return `userVerificationToken`, but doesn't seem to be used at all. // It should help prevent TOTP disclosure if someone keeps their vault unlocked. // Since it doesn't seem to be used, and also does not cause any issues, lets leave it out of the response. - // See: https://github.com/bitwarden/server/blob/b00f11fc43c0d5f20a8e224a8f9e3fc4dc23e60e/src/Api/Auth/Controllers/TwoFactorController.cs#L94 + // See: https://github.com/bitwarden/server/blob/9ebe16587175b1c0e9208f84397bb75d0d595510/src/Api/Auth/Controllers/TwoFactorController.cs#L94 Ok(Json(json!({ "enabled": enabled, "key": key, diff --git a/src/api/core/two_factor/duo_oidc.rs b/src/api/core/two_factor/duo_oidc.rs index e554b1d6..ad948a75 100644 --- a/src/api/core/two_factor/duo_oidc.rs +++ b/src/api/core/two_factor/duo_oidc.rs @@ -21,7 +21,7 @@ use url::Url; // The location on this service that Duo should redirect users to. For us, this is a bridge // built in to the Bitwarden clients. -// See: https://github.com/bitwarden/clients/blob/main/apps/web/src/connectors/duo-redirect.ts +// See: https://github.com/bitwarden/clients/blob/5fb46df3415aefced0b52f2db86c873962255448/apps/web/src/connectors/duo-redirect.ts const DUO_REDIRECT_LOCATION: &str = "duo-redirect-connector.html"; // Number of seconds that a JWT we generate for Duo should be valid for. diff --git a/src/db/models/event.rs b/src/db/models/event.rs index 985eca7e..ad82c694 100644 --- a/src/db/models/event.rs +++ b/src/db/models/event.rs @@ -8,9 +8,9 @@ use crate::{api::EmptyResult, db::DbConn, error::MapResult, CONFIG}; // https://bitwarden.com/help/event-logs/ db_object! { - // Upstream: https://github.com/bitwarden/server/blob/8a22c0479e987e756ce7412c48a732f9002f0a2d/src/Core/Services/Implementations/EventService.cs - // Upstream: https://github.com/bitwarden/server/blob/8a22c0479e987e756ce7412c48a732f9002f0a2d/src/Api/Models/Public/Response/EventResponseModel.cs - // Upstream SQL: https://github.com/bitwarden/server/blob/8a22c0479e987e756ce7412c48a732f9002f0a2d/src/Sql/dbo/Tables/Event.sql + // Upstream: https://github.com/bitwarden/server/blob/4195baf1c560b10c00018c6d44f908ad4d77c8b2/src/Core/AdminConsole/Services/Implementations/EventService.cs + // Upstream: https://github.com/bitwarden/server/blob/4195baf1c560b10c00018c6d44f908ad4d77c8b2/src/Api/AdminConsole/Public/Models/Response/EventResponseModel.cs + // Upstream SQL: https://github.com/bitwarden/server/blob/4195baf1c560b10c00018c6d44f908ad4d77c8b2/src/Sql/dbo/Tables/Event.sql #[derive(Identifiable, Queryable, Insertable, AsChangeset)] #[diesel(table_name = event)] #[diesel(treat_none_as_null = true)] @@ -25,7 +25,7 @@ db_object! { pub group_uuid: Option, pub org_user_uuid: Option, pub act_user_uuid: Option, - // Upstream enum: https://github.com/bitwarden/server/blob/8a22c0479e987e756ce7412c48a732f9002f0a2d/src/Core/Enums/DeviceType.cs + // Upstream enum: https://github.com/bitwarden/server/blob/4195baf1c560b10c00018c6d44f908ad4d77c8b2/src/Core/Enums/DeviceType.cs pub device_type: Option, pub ip_address: Option, pub event_date: NaiveDateTime, @@ -36,7 +36,7 @@ db_object! { } } -// Upstream enum: https://github.com/bitwarden/server/blob/8a22c0479e987e756ce7412c48a732f9002f0a2d/src/Core/Enums/EventType.cs +// Upstream enum: https://github.com/bitwarden/server/blob/4195baf1c560b10c00018c6d44f908ad4d77c8b2/src/Core/AdminConsole/Enums/EventType.cs #[derive(Debug, Copy, Clone)] pub enum EventType { // User @@ -72,7 +72,6 @@ pub enum EventType { CipherSoftDeleted = 1115, CipherRestored = 1116, CipherClientToggledCardNumberVisible = 1117, - CipherClientToggledTOTPSeedVisible = 1118, // Collection CollectionCreated = 1300, @@ -88,7 +87,7 @@ pub enum EventType { OrganizationUserInvited = 1500, OrganizationUserConfirmed = 1501, OrganizationUserUpdated = 1502, - OrganizationUserRemoved = 1503, + OrganizationUserRemoved = 1503, // Organization user data was deleted OrganizationUserUpdatedGroups = 1504, // OrganizationUserUnlinkedSso = 1505, // Not supported OrganizationUserResetPasswordEnroll = 1506, @@ -100,8 +99,8 @@ pub enum EventType { OrganizationUserRestored = 1512, OrganizationUserApprovedAuthRequest = 1513, OrganizationUserRejectedAuthRequest = 1514, - OrganizationUserDeleted = 1515, - OrganizationUserLeft = 1516, + OrganizationUserDeleted = 1515, // Both user and organization user data were deleted + OrganizationUserLeft = 1516, // User voluntarily left the organization // Organization OrganizationUpdated = 1600,