Merge pull request #406 from shauder/feature/disable-admin-token

Allow the Admin token to be disabled in the advanced menu
This commit is contained in:
Daniel García 2019-02-20 23:06:52 +01:00 committed by GitHub
commit 5794969f5b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 29 additions and 20 deletions

View file

@ -69,6 +69,7 @@
## One option is to use 'openssl rand -base64 48'
## If not set, the admin panel is disabled
# ADMIN_TOKEN=Vy2VyYTTsKPv8W5aEOWUbB/Bt3DEKePbHmI4m9VcemUMS2rEviDowNAFqYi1xjmp
# DISABLE_ADMIN_TOKEN=false
## Invitations org admins to invite users, even when signups are disabled
# INVITATIONS_ALLOWED=true

View file

@ -15,7 +15,7 @@ use crate::mail;
use crate::CONFIG;
pub fn routes() -> Vec<Route> {
if CONFIG.admin_token().is_none() {
if CONFIG.admin_token().is_none() && !CONFIG.disable_admin_token() {
return routes![admin_disabled];
}
@ -194,6 +194,10 @@ impl<'a, 'r> FromRequest<'a, 'r> for AdminToken {
type Error = &'static str;
fn from_request(request: &'a Request<'r>) -> request::Outcome<Self, Self::Error> {
if CONFIG.disable_admin_token() {
Outcome::Success(AdminToken {})
}
else {
let mut cookies = request.cookies();
let access_token = match cookies.get(COOKIE_NAME) {
@ -215,4 +219,5 @@ impl<'a, 'r> FromRequest<'a, 'r> for AdminToken {
Outcome::Success(AdminToken {})
}
}
}

View file

@ -269,6 +269,9 @@ make_config! {
/// Enable DB WAL |> Turning this off might lead to worse performance, but might help if using bitwarden_rs on some exotic filesystems, that do not support WAL. Please make sure you read project wiki on the topic before changing this setting.
enable_db_wal: bool, false, def, true;
/// Disable Admin Token (Know the risks!) |> Disables the Admin Token for the admin page so you may use your own auth in-front
disable_admin_token: bool, true, def, false;
},
/// Yubikey settings