Comments (17)
Great,
I was planning to dive into a SMTP integration with letter and handlebars.
I'll be on working on that this week!
from vaultwarden.
I hope that #175 will do the job :).
from vaultwarden.
We do save the hint on account creation and we also have find_by_mail
implemented for User
, so this one should be fairly easy to implement.
from vaultwarden.
The problem is I think that endpoint just sends an email to the user and doesn't return anything, so I'm not sure we can implement it in any way without SMTP support first.
from vaultwarden.
Oh, that makes things a bit more complicated. Maybe we could return an error with the hint as error message then?
from vaultwarden.
That could be possible, it depends on if the web-vault actually shows the error message sent, because in some cases it just shows a generic error message.
from vaultwarden.
Hello,
I'd like to try to solve this one, I'm really excited to try contributing to a rocket-rs based project!
Should I implement it returning the hint into the error response, or could I try to implement a minimal SMTP support ? Following these implementation and configuration ?
from vaultwarden.
Hey, why not both? 😄
Returning the hint in error message is unverified concept. We're not sure the client will display it, but if it's same as the other endpoints, it should. It should be fairly easy to test and implement though, so I'd advise to start with this.
The smtp implementation is going to be quite a lot of code. For example we need to add email verification first otherwise the api could be abused for spam. Also we need to make sure all of this will stay optional.
from vaultwarden.
If it is possible to have the client display a custom error message, how about having the server optionally display the hint there? I know it's quite insecure but it could still be useful for small/single user installations where you are mindful of the hint being public, so it's something that meaningful only to you. This would allow forgetful people, like me, to still get hints without the trouble of setting up SMTP.
from vaultwarden.
Yeah, that's the idea behind the first approach. Server can return error json data with the message as one of the fields. Normally the handler on the client side shows the message as an error notification.
from vaultwarden.
In what form should the option be handled? There can be a boolean option like "show password hint", or the controller could return the hint only in the case of absence of a valid SMTP configuration?
from vaultwarden.
I think separate option (can default to true) would be better. Some people might still want to use this hint hack even with smtp available.
from vaultwarden.
As mprasil pointed out, the web-vault 2.x doesn't show the error message. This hack will then be useless.
Should I try to implement SMTP then ?
from vaultwarden.
There's a lot of functionality that would benefit from SMTP, but it's probably a bit more involved implementation to do that. If you feel like working on this @stammw and as long as it's optional, I'm sure the PR would be appreciated.
from vaultwarden.
Note that we've fixed an issue some time ago to show password hints via error message even in Vault 2.0, so I'm removing the "requires SMTP" tag as the feature currently works. The PR #137 is for extending the functionality to also support sending the hint via email.
from vaultwarden.
Now that #137 is merged, we just need to add appropriate documentation.
from vaultwarden.
Now that it's merged, I think we can finally close this! Great work @stammw and everyone else.
from vaultwarden.
Related Issues (20)
- Can't Sync clients? HOT 2
- admin diagnostics page: update badges not consistent HOT 4
- Year 2038 problem HOT 7
- Feature Request: Read Only Config Changeable through UI HOT 3
- after unlocking web ui organizations do not show up HOT 2
- Can't log in on android with FIDO2 WebAuthn enabled
- Not starting after updating
- Sync issues with passkeys? HOT 3
- Attachments don't obey UMASK environment variable
- Cannot login to Desktop and Mobile clients with Cloudflare ZT Tunnels HOT 22
- docker container crash after start.
- WebAuthn specification violations HOT 10
- Bugs in wiki, maybe
- Can't login after migrating db from mysql to postgresql using pgloader HOT 1
- Single Orginization policy erroneously removed all members from org HOT 8
- Unable to login from web, desktop-app & browser-plugin: OTP expected but never quested
- Create Attachment with Bitwarden CLI
- GET /api/config --> [response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
- Unable to download icon: reqwest::Error DecompressError HOT 7
- Testing version differ from latest commit in diagnostic admin panel HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vaultwarden.