Merge pull request #148 from mprasil/beta

Merge Beta to master
dani-garcia · Aug 21, 2018 · 1c57c9d · 1c57c9d
2 parents bd20d87 + 69a1825
commit 1c57c9d
Show file tree

Hide file tree

Showing 19 changed files with 457 additions and 216 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,24 +1,24 @@
 [package]
 name = "bitwarden_rs"
-version = "0.13.0"
+version = "1.0.0"
 authors = ["Daniel García <dani-garcia@users.noreply.github.com>"]
 
 [dependencies]
 # Web framework for nightly with a focus on ease-of-use, expressibility, and speed.
-rocket = { version = "0.3.14", features = ["tls"] }
-rocket_codegen = "0.3.14"
-rocket_contrib = "0.3.14"
+rocket = { version = "0.3.15", features = ["tls"] }
+rocket_codegen = "0.3.15"
+rocket_contrib = "0.3.15"
 
 # HTTP client
 reqwest = "0.8.6"
 
 # multipart/form-data support
-multipart = "0.14.2"
+multipart = "0.15.0"
 
 # A generic serialization/deserialization framework
 serde = "1.0.70"
 serde_derive = "1.0.70"
-serde_json = "1.0.22"
+serde_json = "1.0.24"
 
 # A safe, extensible ORM and Query builder
 diesel = { version = "1.3.2", features = ["sqlite", "chrono", "r2d2"] }
@@ -52,7 +52,7 @@ u2f = "0.1.2"
 dotenv = { version = "0.13.0", default-features = false }
 
 # Lazy static macro
-lazy_static = "1.0.1"
+lazy_static = "1.0.2"
 
 # Numerical libraries
 num-traits = "0.2.5"
@@ -63,4 +63,4 @@ num-derive = "0.2.2"
 jsonwebtoken = { path = "libs/jsonwebtoken" }
 
 # Version 0.1.2 from crates.io lacks a commit that fixes a certificate error
-u2f = { git = 'https://github.com/wisespace-io/u2f-rs', rev = '193de35093a44' }
+u2f = { git = 'https://github.com/wisespace-io/u2f-rs', rev = '193de35093a44' }
diff --git a/Dockerfile b/Dockerfile
@@ -2,31 +2,27 @@
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM node:9-alpine as vault
+FROM node:8-alpine as vault
 
-ENV VAULT_VERSION "1.27.0"
-ENV URL "https://github.com/bitwarden/web/archive/v${VAULT_VERSION}.tar.gz"
+ENV VAULT_VERSION "v2.1.1"
+
+ENV URL "https://github.com/bitwarden/web.git"
 
 RUN apk add --update-cache --upgrade \
     curl \
     git \
-    tar \
-    && npm install -g \
-        gulp-cli \
-        gulp
-
-RUN mkdir /web-build \
-    && cd /web-build \
-    && curl -L "${URL}" | tar -xvz --strip-components=1
+    tar
 
+RUN git clone -b $VAULT_VERSION --depth 1 $URL web-build
 WORKDIR /web-build
 
-COPY /docker/settings.Production.json /web-build/
+COPY /docker/set-vault-baseurl.patch /web-build/    
+RUN git apply set-vault-baseurl.patch
+
+RUN npm run sub:init && npm install
 
-RUN git config --global url."https://github.com/".insteadOf ssh://git@github.com/ \
-    && npm install \
-    && gulp dist:selfHosted \
-    && mv dist /web-vault
+RUN npm run dist \
+    && mv build /web-vault
 
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because

diff --git a/docker/set-vault-baseurl.patch b/docker/set-vault-baseurl.patch
@@ -0,0 +1,23 @@
+--- a/src/app/services/services.module.ts
++++ b/src/app/services/services.module.ts
+@@ -116,17 +116,15 @@ const exportService = new ExportService(folderService, cipherService, apiService
+ const importService = new ImportService(cipherService, folderService, apiService, i18nService, collectionService);
+ const auditService = new AuditService(cryptoFunctionService, apiService);
+
+-const analytics = new Analytics(window, () => platformUtilsService.isDev() || platformUtilsService.isSelfHost(),
++const analytics = new Analytics(window, () => platformUtilsService.isDev() || platformUtilsService.isSelfHost() || true,
+     platformUtilsService, storageService, appIdService);
+ containerService.attachToWindow(window);
+
+ export function initFactory(): Function {
+     return async () => {
+         await (storageService as HtmlStorageService).init();
+-        const isDev = platformUtilsService.isDev();
+-        if (!isDev && platformUtilsService.isSelfHost()) {
+-            environmentService.baseUrl = window.location.origin;
+-        }
++        const isDev = false;
++        environmentService.baseUrl = window.location.origin;
+         await apiService.setUrls({
+             base: isDev ? null : window.location.origin,
+             api: isDev ? 'http://localhost:4000' : null,
diff --git a/docker/settings.Production.json b/docker/settings.Production.json
diff --git a/rust-toolchain b/rust-toolchain
@@ -1 +1 @@
-nightly-2018-06-26
+nightly-2018-07-18
diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs
@@ -73,6 +73,11 @@ struct ProfileData {
     Name: String,
 }
 
+#[put("/accounts/profile", data = "<data>")]
+fn put_profile(data: JsonUpcase<ProfileData>, headers: Headers, conn: DbConn) -> JsonResult {
+    post_profile(data, headers, conn)
+}
+
 #[post("/accounts/profile", data = "<data>")]
 fn post_profile(data: JsonUpcase<ProfileData>, headers: Headers, conn: DbConn) -> JsonResult {
     let data: ProfileData = data.into_inner().data;

diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs
@@ -87,6 +87,8 @@ fn get_cipher_details(uuid: String, headers: Headers, conn: DbConn) -> JsonResul
 #[derive(Deserialize, Debug)]
 #[allow(non_snake_case)]
 struct CipherData {
+    // Id is optional as it is included only in bulk share
+    Id: Option<String>,
     // Folder id is not included in import
     FolderId: Option<String>,
     // TODO: Some of these might appear all the time, no need for Option
@@ -242,12 +244,21 @@ fn post_ciphers_import(data: JsonUpcase<ImportData>, headers: Headers, conn: DbC
         cipher.move_to_folder(folder_uuid, &headers.user.uuid.clone(), &conn).ok();
     }
 
-    Ok(())
+    let mut user = headers.user;
+    match user.update_revision(&conn) {
+        Ok(()) => Ok(()),
+        Err(_) => err!("Failed to update the revision, please log out and log back in to finish import.")
+    }
+}
+
+
+#[put("/ciphers/<uuid>/admin", data = "<data>")]
+fn put_cipher_admin(uuid: String, data: JsonUpcase<CipherData>, headers: Headers, conn: DbConn) -> JsonResult {
+    put_cipher(uuid, data, headers, conn)
 }
 
 #[post("/ciphers/<uuid>/admin", data = "<data>")]
 fn post_cipher_admin(uuid: String, data: JsonUpcase<CipherData>, headers: Headers, conn: DbConn) -> JsonResult {
-    // TODO: Implement this correctly
     post_cipher(uuid, data, headers, conn)
 }
 
@@ -285,6 +296,11 @@ fn post_collections_update(uuid: String, data: JsonUpcase<CollectionsAdminData>,
     post_collections_admin(uuid, data, headers, conn)
 }
 
+#[put("/ciphers/<uuid>/collections-admin", data = "<data>")]
+fn put_collections_admin(uuid: String, data: JsonUpcase<CollectionsAdminData>, headers: Headers, conn: DbConn) -> EmptyResult {
+    post_collections_admin(uuid, data, headers, conn)
+}
+
 #[post("/ciphers/<uuid>/collections-admin", data = "<data>")]
 fn post_collections_admin(uuid: String, data: JsonUpcase<CollectionsAdminData>, headers: Headers, conn: DbConn) -> EmptyResult {
     let data: CollectionsAdminData = data.into_inner().data;
@@ -332,6 +348,65 @@ struct ShareCipherData {
 fn post_cipher_share(uuid: String, data: JsonUpcase<ShareCipherData>, headers: Headers, conn: DbConn) -> JsonResult {
     let data: ShareCipherData = data.into_inner().data;
 
+    share_cipher_by_uuid(&uuid, data, &headers, &conn)
+}
+
+#[put("/ciphers/<uuid>/share", data = "<data>")]
+fn put_cipher_share(uuid: String, data: JsonUpcase<ShareCipherData>, headers: Headers, conn: DbConn) -> JsonResult {
+    let data: ShareCipherData = data.into_inner().data;
+
+    share_cipher_by_uuid(&uuid, data, &headers, &conn)
+}
+
+#[derive(Deserialize)]
+#[allow(non_snake_case)]
+struct ShareSelectedCipherData {
+    Ciphers: Vec<CipherData>,
+    CollectionIds: Vec<String>
+}
+
+#[put("/ciphers/share", data = "<data>")]
+fn put_cipher_share_seleted(data: JsonUpcase<ShareSelectedCipherData>, headers: Headers, conn: DbConn) -> EmptyResult {
+    let mut data: ShareSelectedCipherData = data.into_inner().data;
+    let mut cipher_ids: Vec<String> = Vec::new();
+
+    if data.Ciphers.len() == 0 {
+        err!("You must select at least one cipher.")
+    }
+
+    if data.CollectionIds.len() == 0 {
+        err!("You must select at least one collection.")
+    }
+
+    for cipher in data.Ciphers.iter() {
+        match cipher.Id {
+            Some(ref id) => cipher_ids.push(id.to_string()),
+            None => err!("Request missing ids field")
+        };
+    }
+
+    let attachments = Attachment::find_by_ciphers(cipher_ids, &conn);
+
+    if attachments.len() > 0 {
+        err!("Ciphers should not have any attachments.")
+    }
+
+    while let Some(cipher) = data.Ciphers.pop() {
+        let mut shared_cipher_data = ShareCipherData {
+            Cipher: cipher,
+            CollectionIds: data.CollectionIds.clone()
+        };
+
+        match shared_cipher_data.Cipher.Id.take() {
+            Some(id) => share_cipher_by_uuid(&id, shared_cipher_data , &headers, &conn)?,
+            None => err!("Request missing ids field")
+        };
+    }
+
+    Ok(())
+}
+
+fn share_cipher_by_uuid(uuid: &str, data: ShareCipherData, headers: &Headers, conn: &DbConn) -> JsonResult {
     let mut cipher = match Cipher::find_by_uuid(&uuid, &conn) {
         Some(cipher) => {
             if cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) {
@@ -456,7 +531,7 @@ fn delete_cipher(uuid: String, headers: Headers, conn: DbConn) -> EmptyResult {
     _delete_cipher_by_uuid(&uuid, &headers, &conn)
 }
 
-#[post("/ciphers/delete", data = "<data>")]
+#[delete("/ciphers", data = "<data>")]
 fn delete_cipher_selected(data: JsonUpcase<Value>, headers: Headers, conn: DbConn) -> EmptyResult {
     let data: Value = data.into_inner().data;
 
@@ -477,6 +552,11 @@ fn delete_cipher_selected(data: JsonUpcase<Value>, headers: Headers, conn: DbCon
     Ok(())
 }
 
+#[post("/ciphers/delete", data = "<data>")]
+fn delete_cipher_selected_post(data: JsonUpcase<Value>, headers: Headers, conn: DbConn) -> EmptyResult {
+    delete_cipher_selected(data, headers, conn)
+}
+
 #[post("/ciphers/move", data = "<data>")]
 fn move_cipher_selected(data: JsonUpcase<Value>, headers: Headers, conn: DbConn) -> EmptyResult {
     let data = data.into_inner().data;
@@ -529,6 +609,11 @@ fn move_cipher_selected(data: JsonUpcase<Value>, headers: Headers, conn: DbConn)
     Ok(())
 }
 
+#[put("/ciphers/move", data = "<data>")]
+fn move_cipher_selected_put(data: JsonUpcase<Value>, headers: Headers, conn: DbConn) -> EmptyResult {
+    move_cipher_selected(data, headers, conn)
+}
+
 #[post("/ciphers/purge", data = "<data>")]
 fn delete_all(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn) -> EmptyResult {
     let data: PasswordData = data.into_inner().data;

diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs
@@ -14,6 +14,7 @@ pub fn routes() -> Vec<Route> {
     routes![
         register,
         profile,
+        put_profile,
         post_profile,
         get_public_keys,
         post_keys,
@@ -32,6 +33,7 @@ pub fn routes() -> Vec<Route> {
         get_cipher_admin,
         get_cipher_details,
         post_ciphers,
+        put_cipher_admin,
         post_ciphers_admin,
         post_ciphers_import,
         post_attachment,
@@ -42,14 +44,18 @@ pub fn routes() -> Vec<Route> {
         delete_attachment,
         post_cipher_admin,
         post_cipher_share,
+        put_cipher_share,
+        put_cipher_share_seleted,
         post_cipher,
         put_cipher,
         delete_cipher_post,
         delete_cipher_post_admin,
         delete_cipher,
         delete_cipher_selected,
+        delete_cipher_selected_post,
         delete_all,
         move_cipher_selected,
+        move_cipher_selected_put,
 
         get_folders,
         get_folder,
@@ -63,33 +69,44 @@ pub fn routes() -> Vec<Route> {
         get_recover,
         recover,
         disable_twofactor,
+        disable_twofactor_put,
         generate_authenticator,
         activate_authenticator,
+        activate_authenticator_put,
         generate_u2f,
         activate_u2f,
+        activate_u2f_put,
 
         get_organization,
         create_organization,
         delete_organization,
+        post_delete_organization,
         leave_organization,
         get_user_collections,
         get_org_collections,
         get_org_collection_detail,
         get_collection_users,
+        put_organization,
         post_organization,
         post_organization_collections,
+        delete_organization_collection_user,
         post_organization_collection_delete_user,
         post_organization_collection_update,
+        put_organization_collection_update,
+        delete_organization_collection,
         post_organization_collection_delete,
         post_collections_update,
         post_collections_admin,
+        put_collections_admin,
         get_org_details,
         get_org_users,
         send_invite,
         confirm_invite,
         get_user,
         edit_user,
+        put_organization_user,
         delete_user,
+        post_delete_user,
 
         clear_device_token,
         put_device_token,