Revert "[pull] main from dani-garcia:main (#64)"

This reverts commit ade3859.

.env.template

@@ -259,13 +259,9 @@
 ## A comma-separated list means only those users can create orgs:
 # ORG_CREATION_USERS=admin1@example.com,admin2@example.com
 
-## Token for the admin interface, preferably an Argon2 PCH string
-## Vaultwarden has a built-in generator by calling `vaultwarden hash`
-## For details see: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token
+## Token for the admin interface, preferably use a long random string
+## One option is to use 'openssl rand -base64 48'
 ## If not set, the admin panel is disabled
-## New Argon2 PHC string
-# ADMIN_TOKEN='$argon2id$v=19$m=65540,t=3,p=4$MmeKRnGK5RW5mJS7h3TOL89GrpLPXJPAtTK8FTqj9HM$DqsstvoSAETl9YhnsXbf43WeaUwJC6JhViIvuPoig78'
-## Old plain text string (Will generate warnings in favor of Argon2)
 # ADMIN_TOKEN=Vy2VyYTTsKPv8W5aEOWUbB/Bt3DEKePbHmI4m9VcemUMS2rEviDowNAFqYi1xjmp
 
 ## Enable this to bypass the admin panel security. This option is only
@@ -302,9 +298,9 @@
 ## This setting applies globally to all users.
 # INCOMPLETE_2FA_TIME_LIMIT=3
 
-## Number of server-side passwords hashing iterations for the password hash.
-## The default for new users. If changed, it will be updated during login for existing users.
-# PASSWORD_ITERATIONS=350000
+## Controls the PBBKDF password iterations to apply on the server
+## The change only applies when the password is changed
+# PASSWORD_ITERATIONS=100000
 
 ## Controls whether users can set password hints. This setting applies globally to all users.
 # PASSWORD_HINTS_ALLOWED=true
@@ -339,9 +335,6 @@
 ## Allow a burst of requests of up to this size, while maintaining the average indicated by `ADMIN_RATELIMIT_SECONDS`.
 # ADMIN_RATELIMIT_MAX_BURST=3
 
-## Set the lifetime of admin sessions to this value (in minutes).
-# ADMIN_SESSION_LIFETIME=20
-
 ## Yubico (Yubikey) Settings
 ## Set your Client ID and Secret Key for Yubikey OTP
 ## You can generate it here: https://upgrade.yubico.com/getapikey/
@@ -380,7 +373,7 @@
 # ROCKET_WORKERS=10
 # ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}
 
-## Mail specific settings, set SMTP_FROM and either SMTP_HOST or USE_SENDMAIL to enable the mail service.
+## Mail specific settings, set SMTP_HOST and SMTP_FROM to enable the mail service.
 ## To make sure the email links are pointing to the correct host, set the DOMAIN variable.
 ## Note: if SMTP_USERNAME is specified, SMTP_PASSWORD is mandatory
 # SMTP_HOST=smtp.domain.tld
@@ -392,11 +385,6 @@
 # SMTP_PASSWORD=password
 # SMTP_TIMEOUT=15
 
-# Whether to send mail via the `sendmail` command
-# USE_SENDMAIL=false
-# Which sendmail command to use. The one found in the $PATH is used if not specified.
-# SENDMAIL_COMMAND="/path/to/sendmail"
-
 ## Defaults for SSL is "Plain" and "Login" and nothing for Non-SSL connections.
 ## Possible values: ["Plain", "Login", "Xoauth2"].
 ## Multiple options need to be separated by a comma ','.

.github/workflows/build.yml

@@ -9,8 +9,6 @@ on:
       - "Cargo.*"
       - "build.rs"
       - "rust-toolchain"
-      - "rustfmt.toml"
-      - "diesel.toml"
   pull_request:
     paths:
       - ".github/workflows/build.yml"
@@ -19,8 +17,6 @@ on:
       - "Cargo.*"
       - "build.rs"
       - "rust-toolchain"
-      - "rustfmt.toml"
-      - "diesel.toml"
 
 jobs:
   build:
@@ -30,66 +26,60 @@ jobs:
     # This is done globally to prevent rebuilds when the RUSTFLAGS env variable changes.
     env:
       RUSTFLAGS: "-D warnings"
-      CARGO_REGISTRIES_CRATES_IO_PROTOCOL: git # Use the old git protocol until it is stable probably in 1.68 or 1.69. MSRV needs to be at this before removed.
     strategy:
       fail-fast: false
       matrix:
         channel:
           - "rust-toolchain" # The version defined in rust-toolchain
           - "msrv" # The supported MSRV
+        include:
+          - channel: "msrv"
+            version: "1.61.0"
 
     name: Build and Test ${{ matrix.channel }}
 
     steps:
       # Checkout the repo
       - name: "Checkout"
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
       # End Checkout the repo
 
-
       # Install dependencies
       - name: "Install dependencies Ubuntu"
         run: sudo apt-get update && sudo apt-get install -y --no-install-recommends openssl sqlite build-essential libmariadb-dev-compat libpq-dev libssl-dev pkg-config
       # End Install dependencies
 
-
       # Determine rust-toolchain version
       - name: Init Variables
         id: toolchain
         shell: bash
+        if: ${{ matrix.channel == 'rust-toolchain' }}
         run: |
-          if [[ "${{ matrix.channel }}" == 'rust-toolchain' ]]; then
-            RUST_TOOLCHAIN="$(cat rust-toolchain)"
-          elif [[ "${{ matrix.channel }}" == 'msrv' ]]; then
-            RUST_TOOLCHAIN="$(grep -oP 'rust-version.*"(\K.*?)(?=")' Cargo.toml)"
-          else
-            RUST_TOOLCHAIN="${{ matrix.channel }}"
-          fi
+          RUST_TOOLCHAIN="$(cat rust-toolchain)"
           echo "RUST_TOOLCHAIN=${RUST_TOOLCHAIN}" | tee -a "${GITHUB_OUTPUT}"
       # End Determine rust-toolchain version
 
-
-      # Only install the clippy and rustfmt components on the default rust-toolchain
+      # Uses the rust-toolchain file to determine version
       - name: "Install rust-toolchain version"
-        uses: dtolnay/rust-toolchain@fc3253060d0c959bea12a59f10f8391454a0b02d # master @ 2023-03-21 - 06:36 GMT+1
+        uses: dtolnay/rust-toolchain@55c7845fad90d0ae8b2e83715cb900e5e861e8cb # master @ 2022-10-25 - 21:40 GMT+2
         if: ${{ matrix.channel == 'rust-toolchain' }}
         with:
           toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
           components: clippy, rustfmt
       # End Uses the rust-toolchain file to determine version
 
 
-      # Install the any other channel to be used for which we do not execute clippy and rustfmt
+      # Install the MSRV channel to be used
       - name: "Install MSRV version"
-        uses: dtolnay/rust-toolchain@fc3253060d0c959bea12a59f10f8391454a0b02d # master @ 2023-03-21 - 06:36 GMT+1
+        uses: dtolnay/rust-toolchain@55c7845fad90d0ae8b2e83715cb900e5e861e8cb # master @ 2022-10-25 - 21:40 GMT+2
         if: ${{ matrix.channel != 'rust-toolchain' }}
         with:
-          toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
+          toolchain: ${{ matrix.version }}
       # End Install the MSRV channel to be used
 
 
       # Enable Rust Caching
-      - uses: Swatinem/rust-cache@6fd3edff6979b79f87531400ad694fb7f2c84b1f # v2.2.1
+      - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0
       # End Enable Rust Caching
 
 
@@ -194,7 +184,7 @@ jobs:
 
       # Upload artifact to Github Actions
       - name: "Upload artifact"
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
         if: ${{ matrix.channel == 'rust-toolchain' }}
         with:
           name: vaultwarden

.github/workflows/hadolint.yml

@@ -13,7 +13,7 @@ jobs:
     steps:
       # Checkout the repo
       - name: Checkout
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
       # End Checkout the repo
 
 

.github/workflows/release.yml

@@ -48,23 +48,11 @@ jobs:
         ports:
           - 5000:5000
     env:
-      # Use BuildKit (https://docs.docker.com/build/buildkit/) for better
-      # build performance and the ability to copy extended file attributes
-      # (e.g., for executable capabilities) across build phases.
-      DOCKER_BUILDKIT: 1
+      DOCKER_BUILDKIT: 1 # Disabled for now, but we should look at this because it will speedup building!
+      # DOCKER_REPO/secrets.DOCKERHUB_REPO needs to be 'index.docker.io/<user>/<repo>'
+      DOCKER_REPO: ${{ secrets.DOCKERHUB_REPO }}
       SOURCE_COMMIT: ${{ github.sha }}
       SOURCE_REPOSITORY_URL: "https://github.com/${{ github.repository }}"
-      # The *_REPO variables need to be configured as repository variables
-      # Append `/settings/variables/actions` to your repo url
-      # DOCKERHUB_REPO needs to be 'index.docker.io/<user>/<repo>'
-      # Check for Docker hub credentials in secrets
-      HAVE_DOCKERHUB_LOGIN: ${{ vars.DOCKERHUB_REPO != '' && secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
-      # GHCR_REPO needs to be 'ghcr.io/<user>/<repo>'
-      # Check for Github credentials in secrets
-      HAVE_GHCR_LOGIN: ${{ vars.GHCR_REPO != '' && github.repository_owner != '' && secrets.GITHUB_TOKEN != '' }}
-      # QUAY_REPO needs to be 'quay.io/<user>/<repo>'
-      # Check for Quay.io credentials in secrets
-      HAVE_QUAY_LOGIN: ${{ vars.QUAY_REPO != '' && secrets.QUAY_USERNAME != '' && secrets.QUAY_TOKEN != '' }}
     if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }}
     strategy:
       matrix:
@@ -73,10 +61,17 @@ jobs:
     steps:
       # Checkout the repo
       - name: Checkout
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
         with:
           fetch-depth: 0
 
+      # Login to Docker Hub
+      - name: Login to Docker Hub
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
       # Determine Docker Tag
       - name: Init Variables
         id: vars
@@ -90,146 +85,34 @@ jobs:
           fi
       # End Determine Docker Tag
 
-      # Login to Docker Hub
-      - name: Login to Docker Hub
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-        if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }}
-
-      # Login to GitHub Container Registry
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-        if: ${{ env.HAVE_GHCR_LOGIN == 'true' }}
-
-      # Login to Quay.io
-      - name: Login to Quay.io
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
-        with:
-          registry: quay.io
-          username: ${{ secrets.QUAY_USERNAME }}
-          password: ${{ secrets.QUAY_TOKEN }}
-        if: ${{ env.HAVE_QUAY_LOGIN == 'true' }}
-
-      # Debian
-
-      # Docker Hub
-      - name: Build Debian based images (docker.io)
-        shell: bash
-        env:
-          DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
-          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
-        run: |
-          ./hooks/build
-        if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
-
-      - name: Push Debian based images (docker.io)
-        shell: bash
-        env:
-          DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
-          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
-        run: |
-          ./hooks/push
-        if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
-
-      # GitHub Container Registry
-      - name: Build Debian based images (ghcr.io)
-        shell: bash
-        env:
-          DOCKER_REPO: "${{ vars.GHCR_REPO }}"
-          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
-        run: |
-          ./hooks/build
-        if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }}
-
-      - name: Push Debian based images (ghcr.io)
-        shell: bash
-        env:
-          DOCKER_REPO: "${{ vars.GHCR_REPO }}"
-          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
-        run: |
-          ./hooks/push
-        if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }}
-
-      # Quay.io
-      - name: Build Debian based images (quay.io)
+      - name: Build Debian based images
         shell: bash
         env:
-          DOCKER_REPO: "${{ vars.QUAY_REPO }}"
           DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
         run: |
           ./hooks/build
-        if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }}
+        if: ${{ matrix.base_image == 'debian' }}
 
-      - name: Push Debian based images (quay.io)
+      - name: Push Debian based images
         shell: bash
         env:
-          DOCKER_REPO: "${{ vars.QUAY_REPO }}"
           DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
         run: |
           ./hooks/push
-        if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }}
-
-      # Alpine
-
-      # Docker Hub
-      - name: Build Alpine based images (docker.io)
-        shell: bash
-        env:
-          DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
-          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
-        run: |
-          ./hooks/build
-        if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
-
-      - name: Push Alpine based images (docker.io)
-        shell: bash
-        env:
-          DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
-          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
-        run: |
-          ./hooks/push
-        if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
-
-      # GitHub Container Registry
-      - name: Build Alpine based images (ghcr.io)
-        shell: bash
-        env:
-          DOCKER_REPO: "${{ vars.GHCR_REPO }}"
-          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
-        run: |
-          ./hooks/build
-        if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }}
-
-      - name: Push Alpine based images (ghcr.io)
-        shell: bash
-        env:
-          DOCKER_REPO: "${{ vars.GHCR_REPO }}"
-          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
-        run: |
-          ./hooks/push
-        if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }}
+        if: ${{ matrix.base_image == 'debian' }}
 
-      # Quay.io
-      - name: Build Alpine based images (quay.io)
+      - name: Build Alpine based images
         shell: bash
         env:
-          DOCKER_REPO: "${{ vars.QUAY_REPO }}"
           DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
         run: |
           ./hooks/build
-        if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }}
+        if: ${{ matrix.base_image == 'alpine' }}
 
-      - name: Push Alpine based images (quay.io)
+      - name: Push Alpine based images
         shell: bash
         env:
-          DOCKER_REPO: "${{ vars.QUAY_REPO }}"
           DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
         run: |
           ./hooks/push
-        if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }}
+        if: ${{ matrix.base_image == 'alpine' }}

.hadolint.yaml

@@ -3,9 +3,5 @@ ignored:
   - DL3008
   # disable explicit version for apk install
   - DL3018
-  # disable check for consecutive `RUN` instructions
-  - DL3059
 trustedRegistries:
   - docker.io
-  - ghcr.io
-  - quay.io