1
0
Fork 0
vaultwarden-test/migrations/mysql
BlackDex de86aa671e Fix Key Rotation during password change
When ticking the 'Also rotate my account's encryption key' box, the key
rotated ciphers are posted after the change of password.

During the password change the security stamp was reseted which made
the posted key's return an invalid auth. This reset is needed to prevent other clients from still being able to read/write.

This fixes this by adding a new database column which stores a stamp exception which includes the allowed route and the current security stamp before it gets reseted.
When the security stamp check fails it will check if there is a stamp exception and tries to match the route and security stamp.

Currently it only allows for one exception. But if needed we could expand it by using a Vec<UserStampException> and change the functions accordingly.

fixes #1240
2020-12-14 19:58:23 +01:00
..
2018-01-14-171611_create_tables user char(36) for uuid columns 2019-05-27 17:20:20 +02:00
2018-02-17-205753_create_collections_and_orgs user char(36) for uuid columns 2019-05-27 17:20:20 +02:00
2018-04-27-155151_create_users_ciphers user char(36) for uuid columns 2019-05-27 17:20:20 +02:00
2018-05-08-161616_create_collection_cipher_map user char(36) for uuid columns 2019-05-27 17:20:20 +02:00
2018-05-25-232323_update_attachments_reference user char(36) for uuid columns 2019-05-27 17:20:20 +02:00
2018-06-01-112529_update_devices_twofactor_remember initial mysql support 2019-05-26 23:03:05 +02:00
2018-07-11-181453_create_u2f_twofactor user char(36) for uuid columns 2019-05-27 17:20:20 +02:00
2018-08-27-172114_update_ciphers initial mysql support 2019-05-26 23:03:05 +02:00
2018-09-10-111213_add_invites initial mysql support 2019-05-26 23:03:05 +02:00
2018-09-19-144557_add_kdf_columns Updated client kdf iterations to 100000 and fixed some lints 2019-09-05 21:56:12 +02:00
2018-11-27-152651_add_att_key_columns initial mysql support 2019-05-26 23:03:05 +02:00
2019-05-26-216651_rename_key_and_type_columns initial mysql support 2019-05-26 23:03:05 +02:00
2019-10-10-083032_add_column_to_twofactor Updated authenticator TOTP 2019-10-10 17:32:20 +02:00
2019-11-17-011009_add_email_verification Implement change-email, email-verification, account-recovery, and welcome notifications 2019-11-24 22:28:49 -07:00
2020-03-13-205045_add_policy_table Initial version of policies 2020-03-14 13:32:28 +01:00
2020-04-09-235005_add_cipher_delete_date Initial support for soft deletes 2020-04-17 22:35:27 +02:00
2020-07-01-214531_add_hide_passwords Add support for hiding passwords in a collection 2020-07-02 21:51:20 -07:00
2020-08-02-025025_add_favorites_table Transfer favorite status for user-owned ciphers 2020-08-22 17:14:05 -07:00
2020-11-30-224000_add_user_enabled Implement admin ability to enable/disable users 2020-11-30 23:12:56 +01:00
2020-12-09-173101_add_stamp_exception Fix Key Rotation during password change 2020-12-14 19:58:23 +01:00