Modifications for easier testing

This reverts commit ce5b4df289defefb8802a74d125a2bdd08a6c509.
Timshel · Mar 27, 2024 · 965ab89 · 965ab89
1 parent 61dc63d
commit 965ab89
Show file tree

Hide file tree

Showing 24 changed files with 18,775 additions and 284 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -14,7 +14,7 @@ jobs:
   # We will skip this check if we are creating a tag, because that has the same hash as a previous run already.
   skip_check:
     runs-on: ubuntu-22.04
-    if: ${{ github.repository == 'dani-garcia/vaultwarden' }}
+    if: ${{ github.repository == 'timshel/vaultwarden' }}
     outputs:
       should_skip: ${{ steps.skip_check.outputs.should_skip }}
     steps:
@@ -28,9 +28,10 @@ jobs:
 
   docker-build:
     runs-on: ubuntu-22.04
+    environment: main
     timeout-minutes: 120
     needs: skip_check
-    if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }}
+    if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'timshel/vaultwarden' }}
     # Start a local docker registry to extract the final Alpine static build binaries
     services:
       registry:
@@ -168,7 +169,7 @@ jobs:
         if: ${{ matrix.base_image == 'alpine' }}
         shell: bash
         run: |
-          echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}localhost:5000/vaultwarden/server" | tee -a "${GITHUB_ENV}"
+          echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}localhost:5000/timshel/vaultwarden" | tee -a "${GITHUB_ENV}"
 
       - name: Bake ${{ matrix.base_image }} containers
         uses: docker/bake-action@849707117b03d39aba7924c50a10376a69e88d7d # v4.1.0
@@ -204,28 +205,28 @@ jobs:
           # This is needed because using different platforms doesn't trigger a new pull/download
 
           # Extract amd64 binary
-          docker create --name amd64 --platform=linux/amd64 "vaultwarden/server:${EXTRACT_TAG}-alpine"
+          docker create --name amd64 --platform=linux/amd64 "timshel/vaultwarden:${EXTRACT_TAG}-alpine"
           docker cp amd64:/vaultwarden vaultwarden-amd64
           docker rm --force amd64
-          docker rmi --force "vaultwarden/server:${EXTRACT_TAG}-alpine"
+          docker rmi --force "timshel/vaultwarden:${EXTRACT_TAG}-alpine"
 
           # Extract arm64 binary
-          docker create --name arm64 --platform=linux/arm64 "vaultwarden/server:${EXTRACT_TAG}-alpine"
+          docker create --name arm64 --platform=linux/arm64 "timshel/vaultwarden:${EXTRACT_TAG}-alpine"
           docker cp arm64:/vaultwarden vaultwarden-arm64
           docker rm --force arm64
-          docker rmi --force "vaultwarden/server:${EXTRACT_TAG}-alpine"
+          docker rmi --force "timshel/vaultwarden:${EXTRACT_TAG}-alpine"
 
           # Extract armv7 binary
-          docker create --name armv7 --platform=linux/arm/v7 "vaultwarden/server:${EXTRACT_TAG}-alpine"
+          docker create --name armv7 --platform=linux/arm/v7 "timshel/vaultwarden:${EXTRACT_TAG}-alpine"
           docker cp armv7:/vaultwarden vaultwarden-armv7
           docker rm --force armv7
-          docker rmi --force "vaultwarden/server:${EXTRACT_TAG}-alpine"
+          docker rmi --force "timshel/vaultwarden:${EXTRACT_TAG}-alpine"
 
           # Extract armv6 binary
-          docker create --name armv6 --platform=linux/arm/v6 "vaultwarden/server:${EXTRACT_TAG}-alpine"
+          docker create --name armv6 --platform=linux/arm/v6 "timshel/vaultwarden:${EXTRACT_TAG}-alpine"
           docker cp armv6:/vaultwarden vaultwarden-armv6
           docker rm --force armv6
-          docker rmi --force "vaultwarden/server:${EXTRACT_TAG}-alpine"
+          docker rmi --force "timshel/vaultwarden:${EXTRACT_TAG}-alpine"
 
       # Upload artifacts to Github Actions
       - name: "Upload amd64 artifact"

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,102 @@
+# Changelog
+
+## 1.30.5-6
+
+  - Fix lower case issue which generated invalid "your email has changed" (thx @tribut).
+
+## 1.30.5-5
+
+  - Add `SSO_ORGANIZATIONS_ID_MAPPING` to map a Provider group `id` to a Vaultwarden organization `uuid`.
+
+## 1.30.5-4
+
+  - Rebased on latest from [dani-garcia:main](https://github.com/dani-garcia/vaultwarden/tree/main)
+  - Move docker release to [timshel](https://hub.docker.com/repository/docker/timshel/vaultwarden/general)
+  - Split the `experimental` version to a separate [repository](https://hub.docker.com/repository/docker/timshel/oidcwarden/general).
+
+## 1.30.5-3
+
+  - Fix `ForeignKeyViolation` when trying to delete sso user.
+
+## 1.30.5-2
+
+  - Store SSO identifier to prevent account takeover
+
+## 1.30.5-1
+
+  - Rebased on latest from `dani-garcia/vaultwarden`
+
+## 1.30.3-2
+
+  - Add `SSO_CLIENT_CACHE_EXPIRATION` config, to optionally cache the calls to the OpenID discovery endpoint.
+  - Add a `scope` and `iss` in the oidc redirection to try to fix the IOS login failure.
+
+## 1.30.3-1
+
+  - Add `SSO_PKCE` config, disabled for now will probably be activated by defaut in next release.
+
+## 1.30.2-7
+
+ - Reduce default `refresh_validity` to 7 days (reset with each `access_token` refresh, so act as an idle timer).
+   Apply to non sso login and SSO which return a non JWT token with no expiration information.
+ - Roll the already present `Device.refresh_token` which will invalidate past `refresh_token` (SSO and non SSO login).
+ - Remove the `openidconnect` cache since it's not [recommended](https://github.com/ramosbugs/openidconnect-rs/issues/25).
+
+## 1.30.2-6
+
+ - Add `SSO_AUDIENCE_TRUSTED` config to allow to trust additionnal audience.
+
+## 1.30.2-5
+
+ - Fix mysql migration `2024-02-14-170000_add_state_to_sso_nonce`
+
+## 1.30.2-4
+
+ - Upgrade [oidc_web_builds](https://github.com/Timshel/oidc_web_builds) version to `v2024.1.2-6`
+ - Use `openidconnect` to validate Id Token claims
+ - Remove `SSO_KEY_FILEPATH` should not be useful now
+ - Add `SSO_DEBUG_TOKENS` to log Id/Access/Refresh token to debug
+ - Hardcoded redircetion url
+ - Switch to reading the roles and groups Claims from the Id Token
+
+## 1.30.2-3
+
+ - Add `SSO_AUTHORIZE_EXTRA_PARAMS` to add extra parameter to the authorize redirection (needed to obtain a `refresh_token` with Google Auth).
+
+## 1.30.2-2
+
+ - Fix non jwt `acess_token` check when there is no `refresh_token`
+ - Add `SSO_AUTH_ONLY_NOT_SESSION` to use SSO only for auth not the session lifecycle.
+
+## 1.30.2-1
+
+ - Update [oidc_web_builds](https://github.com/Timshel/oidc_web_builds) version to `v2024.1.2-4` which move the org invite patch to the `button` release (which is expected to be merged in VW).
+ - Remove the `sso_acceptall_invites` setting
+ - Allow to override log level for specific target
+
+## 1.30.1-11
+
+ - Encode redirect url parameters and add `debug` logging.
+
+## 1.30.1-10
+
+ - Keep old prevalidate endpoint for Mobile apps
+
+## 1.30.1-9
+
+ - Add non jwt access_token support
+
+## 1.30.1-8
+
+ - Prevalidate endpoint change in Bitwarden WebVault [web-v2024.1.2](https://github.com/bitwarden/clients/tree/web-v2024.1.2/apps/web)
+ - Add support for `experimental` front-end which stop sending the Master password hash to the server
+ - Fix the in docker images
+
+## 1.30.1-7
+
+ - Switch user invitation status to `Confirmed` on when user login not before (cf https://github.com/Timshel/vaultwarden/issues/17)
+ - Return a 404 when user has no `public_key`, will prevent confirming the user in case previous fix is insufficient.
+
+## 1.30.1-6
+
+ - Ensure the token endpoint always return a `refresh_token` (cf https://github.com/Timshel/vaultwarden/issues/16)