geforkt von mirrored/vaultwarden
de157b2654
Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead of only supporting a plain text string. The hash must be a PHC string which can be generated via the `argon2` CLI **or** via the also built-in hash command in Vaultwarden. You can simply run `vaultwarden hash` to generate a hash based upon a password the user provides them self. Added a warning during startup and within the admin settings panel is the `ADMIN_TOKEN` is not an Argon2 hash. Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash. I have also tested this on my RaspberryPi 2b and there the `Bitwarden` preset takes almost 4.5 seconds to generate/verify the Argon2 hash. Using the `OWASP` preset it is below 1 second, which I think should be fine for low-graded hardware. If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run. They can always use the `argon2` CLI and generate a faster hash. |
||
---|---|---|
.. | ||
404.css | ||
admin.css | ||
admin.js | ||
admin_diagnostics.js | ||
admin_organizations.js | ||
admin_settings.js | ||
admin_users.js | ||
bootstrap-native.js | ||
bootstrap.css | ||
datatables.css | ||
datatables.js | ||
jdenticon.js | ||
jquery-3.6.3.slim.js |