From d3449bfa00cff40dc1f9ef349c9c6524e78f64e1 Mon Sep 17 00:00:00 2001 From: Jeremy Lin Date: Tue, 11 May 2021 22:51:12 -0700 Subject: [PATCH] Add support for hiding the sender's email address in Bitwarden Sends Note: The original Vaultwarden implementation of Bitwarden Send would always hide the email address, while the upstream implementation would always show it. Upstream PR: https://github.com/bitwarden/server/pull/1234 --- .../2021-05-11-205202_add_hide_email/down.sql | 0 .../2021-05-11-205202_add_hide_email/up.sql | 2 ++ .../2021-05-11-205202_add_hide_email/down.sql | 0 .../2021-05-11-205202_add_hide_email/up.sql | 2 ++ .../2021-05-11-205202_add_hide_email/down.sql | 0 .../2021-05-11-205202_add_hide_email/up.sql | 2 ++ src/api/core/sends.rs | 5 ++++- src/db/models/send.rs | 22 ++++++++++++++++++- src/db/schemas/mysql/schema.rs | 1 + src/db/schemas/postgresql/schema.rs | 1 + src/db/schemas/sqlite/schema.rs | 1 + 11 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 migrations/mysql/2021-05-11-205202_add_hide_email/down.sql create mode 100644 migrations/mysql/2021-05-11-205202_add_hide_email/up.sql create mode 100644 migrations/postgresql/2021-05-11-205202_add_hide_email/down.sql create mode 100644 migrations/postgresql/2021-05-11-205202_add_hide_email/up.sql create mode 100644 migrations/sqlite/2021-05-11-205202_add_hide_email/down.sql create mode 100644 migrations/sqlite/2021-05-11-205202_add_hide_email/up.sql diff --git a/migrations/mysql/2021-05-11-205202_add_hide_email/down.sql b/migrations/mysql/2021-05-11-205202_add_hide_email/down.sql new file mode 100644 index 00000000..e69de29b diff --git a/migrations/mysql/2021-05-11-205202_add_hide_email/up.sql b/migrations/mysql/2021-05-11-205202_add_hide_email/up.sql new file mode 100644 index 00000000..4d6e0225 --- /dev/null +++ b/migrations/mysql/2021-05-11-205202_add_hide_email/up.sql @@ -0,0 +1,2 @@ +ALTER TABLE sends +ADD COLUMN hide_email BOOLEAN; diff --git a/migrations/postgresql/2021-05-11-205202_add_hide_email/down.sql b/migrations/postgresql/2021-05-11-205202_add_hide_email/down.sql new file mode 100644 index 00000000..e69de29b diff --git a/migrations/postgresql/2021-05-11-205202_add_hide_email/up.sql b/migrations/postgresql/2021-05-11-205202_add_hide_email/up.sql new file mode 100644 index 00000000..4d6e0225 --- /dev/null +++ b/migrations/postgresql/2021-05-11-205202_add_hide_email/up.sql @@ -0,0 +1,2 @@ +ALTER TABLE sends +ADD COLUMN hide_email BOOLEAN; diff --git a/migrations/sqlite/2021-05-11-205202_add_hide_email/down.sql b/migrations/sqlite/2021-05-11-205202_add_hide_email/down.sql new file mode 100644 index 00000000..e69de29b diff --git a/migrations/sqlite/2021-05-11-205202_add_hide_email/up.sql b/migrations/sqlite/2021-05-11-205202_add_hide_email/up.sql new file mode 100644 index 00000000..4d6e0225 --- /dev/null +++ b/migrations/sqlite/2021-05-11-205202_add_hide_email/up.sql @@ -0,0 +1,2 @@ +ALTER TABLE sends +ADD COLUMN hide_email BOOLEAN; diff --git a/src/api/core/sends.rs b/src/api/core/sends.rs index 4cedf055..21ddfcd6 100644 --- a/src/api/core/sends.rs +++ b/src/api/core/sends.rs @@ -38,6 +38,7 @@ pub struct SendData { pub ExpirationDate: Option>, pub DeletionDate: DateTime, pub Disabled: bool, + pub HideEmail: Option, // Data field pub Name: String, @@ -88,6 +89,7 @@ fn create_send(data: SendData, user_uuid: String) -> ApiResult { send.max_access_count = data.MaxAccessCount; send.expiration_date = data.ExpirationDate.map(|d| d.naive_utc()); send.disabled = data.Disabled; + send.hide_email = data.HideEmail; send.atype = data.Type; send.set_password(data.Password.as_deref()); @@ -243,7 +245,7 @@ fn post_access(access_id: String, data: JsonUpcase, conn: DbConn send.save(&conn)?; - Ok(Json(send.to_json_access())) + Ok(Json(send.to_json_access(&conn))) } #[post("/sends//access/file/", data = "")] @@ -340,6 +342,7 @@ fn put_send(id: String, data: JsonUpcase, headers: Headers, conn: DbCo send.notes = data.Notes; send.max_access_count = data.MaxAccessCount; send.expiration_date = data.ExpirationDate.map(|d| d.naive_utc()); + send.hide_email = data.HideEmail; send.disabled = data.Disabled; // Only change the value if it's present diff --git a/src/db/models/send.rs b/src/db/models/send.rs index 0644b1e1..20c7cc50 100644 --- a/src/db/models/send.rs +++ b/src/db/models/send.rs @@ -36,6 +36,7 @@ db_object! { pub deletion_date: NaiveDateTime, pub disabled: bool, + pub hide_email: Option, } } @@ -73,6 +74,7 @@ impl Send { deletion_date, disabled: false, + hide_email: None, } } @@ -101,6 +103,22 @@ impl Send { } } + pub fn creator_identifier(&self, conn: &DbConn) -> Option { + if let Some(hide_email) = self.hide_email { + if hide_email { + return None; + } + } + + if let Some(user_uuid) = &self.user_uuid { + if let Some(user) = User::find_by_uuid(user_uuid, conn) { + return Some(user.email); + } + } + + None + } + pub fn to_json(&self) -> Value { use crate::util::format_date; use data_encoding::BASE64URL_NOPAD; @@ -123,6 +141,7 @@ impl Send { "AccessCount": self.access_count, "Password": self.password_hash.as_deref().map(|h| BASE64URL_NOPAD.encode(h)), "Disabled": self.disabled, + "HideEmail": self.hide_email, "RevisionDate": format_date(&self.revision_date), "ExpirationDate": self.expiration_date.as_ref().map(format_date), @@ -131,7 +150,7 @@ impl Send { }) } - pub fn to_json_access(&self) -> Value { + pub fn to_json_access(&self, conn: &DbConn) -> Value { use crate::util::format_date; let data: Value = serde_json::from_str(&self.data).unwrap_or_default(); @@ -145,6 +164,7 @@ impl Send { "File": if self.atype == SendType::File as i32 { Some(&data) } else { None }, "ExpirationDate": self.expiration_date.as_ref().map(format_date), + "CreatorIdentifier": self.creator_identifier(conn), "Object": "send-access", }) } diff --git a/src/db/schemas/mysql/schema.rs b/src/db/schemas/mysql/schema.rs index 346b2959..f99a000e 100644 --- a/src/db/schemas/mysql/schema.rs +++ b/src/db/schemas/mysql/schema.rs @@ -122,6 +122,7 @@ table! { expiration_date -> Nullable, deletion_date -> Datetime, disabled -> Bool, + hide_email -> Nullable, } } diff --git a/src/db/schemas/postgresql/schema.rs b/src/db/schemas/postgresql/schema.rs index f8e1e9fe..b06f5684 100644 --- a/src/db/schemas/postgresql/schema.rs +++ b/src/db/schemas/postgresql/schema.rs @@ -122,6 +122,7 @@ table! { expiration_date -> Nullable, deletion_date -> Timestamp, disabled -> Bool, + hide_email -> Nullable, } } diff --git a/src/db/schemas/sqlite/schema.rs b/src/db/schemas/sqlite/schema.rs index f8e1e9fe..b06f5684 100644 --- a/src/db/schemas/sqlite/schema.rs +++ b/src/db/schemas/sqlite/schema.rs @@ -122,6 +122,7 @@ table! { expiration_date -> Nullable, deletion_date -> Timestamp, disabled -> Bool, + hide_email -> Nullable, } }