vaultwarden

dahjah/vaultwarden

Fork 0

mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-06-04 06:24:58 -06:00

Commit Graph

Author	SHA1	Message	Date
Mathijs van Veluw	07569a06da	Update crates and workflows and some fixes (#6508 ) Some checks failed Build / Build and Test ${{ matrix.channel }} (msrv) (push) Has been cancelled Details Build / Build and Test ${{ matrix.channel }} (rust-toolchain) (push) Has been cancelled Details Check templates / Validate docker templates (push) Has been cancelled Details Hadolint / Validate Dockerfile syntax (push) Has been cancelled Details Release / Build Vaultwarden containers (amd64, alpine) (push) Has been cancelled Details Release / Build Vaultwarden containers (amd64, debian) (push) Has been cancelled Details Release / Build Vaultwarden containers (arm/v6, alpine) (push) Has been cancelled Details Release / Build Vaultwarden containers (arm/v6, debian) (push) Has been cancelled Details Release / Build Vaultwarden containers (arm/v7, alpine) (push) Has been cancelled Details Release / Build Vaultwarden containers (arm/v7, debian) (push) Has been cancelled Details Release / Build Vaultwarden containers (arm64, alpine) (push) Has been cancelled Details Release / Build Vaultwarden containers (arm64, debian) (push) Has been cancelled Details Trivy / Trivy Scan (push) Has been cancelled Details Code Spell Checking / Run typos spell checking (push) Has been cancelled Details Security Analysis with zizmor / Run zizmor (push) Has been cancelled Details Release / Merge manifests (alpine) (push) Has been cancelled Details Release / Merge manifests (debian) (push) Has been cancelled Details - Updated all the crates except for Diesel. Diesel is pinned at v2.3.3 since newer versions break MySQL/MariaDB. - Updated all the GHA workflows - Fixed an issue with a migration breaking on an empty MySQL/MariaDB database. Signed-off-by: BlackDex <black.dex@gmail.com>	2025-11-30 15:16:23 +01:00
Timshel	cff6c2b3af	SSO using OpenID Connect (#3899 ) * Add SSO functionality using OpenID Connect Co-authored-by: Pablo Ovelleiro Corral <mail@pablo.tools> Co-authored-by: Stuart Heap <sheap13@gmail.com> Co-authored-by: Alex Moore <skiepp@my-dockerfarm.cloud> Co-authored-by: Brian Munro <brian.alexander.munro@gmail.com> Co-authored-by: Jacques B. <timshel@github.com> * Improvements and error handling * Stop rolling device token * Add playwright tests * Activate PKCE by default * Ensure result order when searching for sso_user * add SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION * Toggle SSO button in scss * Base64 encode state before sending it to providers * Prevent disabled User from SSO login * Review fixes * Remove unused UserOrganization.invited_by_email * Split SsoUser::find_by_identifier_or_email * api::Accounts::verify_password add the policy even if it's ignored * Disable signups if SSO_ONLY is activated * Add verifiedDate to organizations::get_org_domain_sso_details * Review fixes * Remove OrganizationId guard from get_master_password_policy * Add wrapper type OIDCCode OIDCState OIDCIdentifier * Membership::confirm_user_invitations fix and tests * Allow set-password only if account is unitialized * Review fixes * Prevent accepting another user invitation * Log password change event on SSO account creation * Unify master password policy resolution * Upgrade openidconnect to 4.0.0 * Revert "Remove unused UserOrganization.invited_by_email" This reverts commit 548e19995e141314af98a10d170ea7371f02fab4. * Process org enrollment in accounts::post_set_password * Improve tests * Pass the claim invited_by_email in case it was not in db * Add Slack configuration hints * Fix playwright tests * Skip broken tests * Add sso identifier in admin user panel * Remove duplicate expiration check, add a log * Augment mobile refresh_token validity * Rauthy configuration hints * Fix playwright tests * Playwright upgrade and conf improvement * Playwright tests improvements * 2FA email and device creation change * Fix and improve Playwright tests * Minor improvements * Fix enforceOnLogin org policies * Run playwright sso tests against correct db * PKCE should now work with Zitadel * Playwright upgrade maildev to use MailBuffer.expect * Upgrades playwright tests deps * Check email_verified in id_token and user_info * Add sso verified endpoint for v2025.6.0 * Fix playwright tests * Create a separate sso_client * Upgrade openidconnect to 4.0.1 * Server settings for login fields toggle * Use only css for login fields * Fix playwright test * Review fix * More review fix * Perform same checks when setting kdf --------- Co-authored-by: Felix Eckhofer <felix@eckhofer.com> Co-authored-by: Pablo Ovelleiro Corral <mail@pablo.tools> Co-authored-by: Stuart Heap <sheap13@gmail.com> Co-authored-by: Alex Moore <skiepp@my-dockerfarm.cloud> Co-authored-by: Brian Munro <brian.alexander.munro@gmail.com> Co-authored-by: Jacques B. <timshel@github.com> Co-authored-by: Timshel <timshel@480s>	2025-08-08 23:22:22 +02:00

Author

SHA1

Message

Date

Mathijs van Veluw

07569a06da

Update crates and workflows and some fixes (#6508 )

Build / Build and Test ${{ matrix.channel }} (msrv) (push) Has been cancelled

Details

Build / Build and Test ${{ matrix.channel }} (rust-toolchain) (push) Has been cancelled

Details

Check templates / Validate docker templates (push) Has been cancelled

Details

Hadolint / Validate Dockerfile syntax (push) Has been cancelled

Details

Release / Build Vaultwarden containers (amd64, alpine) (push) Has been cancelled

Details

Release / Build Vaultwarden containers (amd64, debian) (push) Has been cancelled

Details

Release / Build Vaultwarden containers (arm/v6, alpine) (push) Has been cancelled

Details

Release / Build Vaultwarden containers (arm/v6, debian) (push) Has been cancelled

Details

Release / Build Vaultwarden containers (arm/v7, alpine) (push) Has been cancelled

Details

Release / Build Vaultwarden containers (arm/v7, debian) (push) Has been cancelled

Details

Release / Build Vaultwarden containers (arm64, alpine) (push) Has been cancelled

Details

Release / Build Vaultwarden containers (arm64, debian) (push) Has been cancelled

Details

Trivy / Trivy Scan (push) Has been cancelled

Details

Code Spell Checking / Run typos spell checking (push) Has been cancelled

Details

Security Analysis with zizmor / Run zizmor (push) Has been cancelled

Details

Release / Merge manifests (alpine) (push) Has been cancelled

Details

Release / Merge manifests (debian) (push) Has been cancelled

Details

- Updated all the crates except for Diesel.
  Diesel is pinned at v2.3.3 since newer versions break MySQL/MariaDB.
- Updated all the GHA workflows
- Fixed an issue with a migration breaking on an empty MySQL/MariaDB database.

Signed-off-by: BlackDex <black.dex@gmail.com>

2025-11-30 15:16:23 +01:00

Timshel

cff6c2b3af

SSO using OpenID Connect (#3899 )

* Add SSO functionality using OpenID Connect

Co-authored-by: Pablo Ovelleiro Corral <mail@pablo.tools>
Co-authored-by: Stuart Heap <sheap13@gmail.com>
Co-authored-by: Alex Moore <skiepp@my-dockerfarm.cloud>
Co-authored-by: Brian Munro <brian.alexander.munro@gmail.com>
Co-authored-by: Jacques B. <timshel@github.com>

* Improvements and error handling

* Stop rolling device token

* Add playwright tests

* Activate PKCE by default

* Ensure result order when searching for sso_user

* add SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION

* Toggle SSO button in scss

* Base64 encode state before sending it to providers

* Prevent disabled User from SSO login

* Review fixes

* Remove unused UserOrganization.invited_by_email

* Split SsoUser::find_by_identifier_or_email

* api::Accounts::verify_password add the policy even if it's ignored

* Disable signups if SSO_ONLY is activated

* Add verifiedDate to organizations::get_org_domain_sso_details

* Review fixes

* Remove OrganizationId guard from get_master_password_policy

* Add wrapper type OIDCCode OIDCState OIDCIdentifier

* Membership::confirm_user_invitations fix and tests

* Allow set-password only if account is unitialized

* Review fixes

* Prevent accepting another user invitation

* Log password change event on SSO account creation

* Unify master password policy resolution

* Upgrade openidconnect to 4.0.0

* Revert "Remove unused UserOrganization.invited_by_email"

This reverts commit 548e19995e141314af98a10d170ea7371f02fab4.

* Process org enrollment in accounts::post_set_password

* Improve tests

* Pass the claim invited_by_email in case it was not in db

* Add Slack configuration hints

* Fix playwright tests

* Skip broken tests

* Add sso identifier in admin user panel

* Remove duplicate expiration check, add a log

* Augment mobile refresh_token validity

* Rauthy configuration hints

* Fix playwright tests

* Playwright upgrade and conf improvement

* Playwright tests improvements

* 2FA email and device creation change

* Fix and improve Playwright tests

* Minor improvements

* Fix enforceOnLogin org policies

* Run playwright sso tests against correct db

* PKCE should now work with Zitadel

* Playwright upgrade maildev to use MailBuffer.expect

* Upgrades playwright tests deps

* Check email_verified in id_token and user_info

* Add sso verified endpoint for v2025.6.0

* Fix playwright tests

* Create a separate sso_client

* Upgrade openidconnect to 4.0.1

* Server settings for login fields toggle

* Use only css for login fields

* Fix playwright test

* Review fix

* More review fix

* Perform same checks when setting kdf

---------

Co-authored-by: Felix Eckhofer <felix@eckhofer.com>
Co-authored-by: Pablo Ovelleiro Corral <mail@pablo.tools>
Co-authored-by: Stuart Heap <sheap13@gmail.com>
Co-authored-by: Alex Moore <skiepp@my-dockerfarm.cloud>
Co-authored-by: Brian Munro <brian.alexander.munro@gmail.com>
Co-authored-by: Jacques B. <timshel@github.com>
Co-authored-by: Timshel <timshel@480s>

2025-08-08 23:22:22 +02:00

2 Commits