diff --git a/.hadolint.yaml b/.hadolint.yaml new file mode 100644 index 0000000..fb06a7c --- /dev/null +++ b/.hadolint.yaml @@ -0,0 +1,9 @@ +ignored: + # Disable Multiple consecutive `RUN` instructions check. + - DL3059 + # Disable pipefail check + - DL4006 + # Disable Shellcheck Quote check + - SC2046 +trustedRegistries: + - docker.io diff --git a/Dockerfile b/Dockerfile index f510573..00fb1df 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,10 @@ # docker cp $image_id:/bw_web_vault.tar.gz . # docker rm $image_id -FROM node:14.16.0-buster as build +FROM node:14-buster as build + +# Update NPM - Matching the bitwarden/web GH Action Workflow. +RUN npm -g install npm@7 # Prepare the folder to enable non-root, otherwise npm will refuse to run the postinstall RUN mkdir /vault @@ -22,14 +25,14 @@ USER node # Can be a tag, release, but prefer a commit hash because it's not changeable # https://github.com/bitwarden/web/commit/$VAULT_VERSION # -# Using https://github.com/bitwarden/web/releases/tag/v2.20.4 -ARG VAULT_VERSION=daf641e978ea381cc744a4b7265e64de338101d1 +# Using https://github.com/bitwarden/web/releases/tag/v2.21.1 +ARG VAULT_VERSION=62cd45030ad5b0a0bdbd08f0579f8ffac91a48a4 RUN git clone https://github.com/bitwarden/web.git /vault WORKDIR /vault -RUN git checkout "$VAULT_VERSION" -RUN git submodule update --recursive --init +RUN git checkout "$VAULT_VERSION" && \ + git submodule update --recursive --init COPY --chown=node:node patches /patches COPY --chown=node:node apply_patches.sh /apply_patches.sh @@ -37,8 +40,8 @@ COPY --chown=node:node apply_patches.sh /apply_patches.sh RUN bash /apply_patches.sh # Build -RUN npm install -RUN npm audit fix +RUN npm ci +RUN npm audit fix || true RUN npm run dist RUN printf '{"version":"%s"}' \ @@ -55,6 +58,7 @@ RUN tar -czvf "bw_web_vault.tar.gz" web-vault --owner=0 --group=0 # We copy the final result as a separate empty image so there's no need to download all the intermediate steps # The result is included both uncompressed and as a tar.gz, to be able to use it in the docker images and the github releases directly FROM scratch +# hadolint ignore=DL3010 COPY --from=build /vault/bw_web_vault.tar.gz /bw_web_vault.tar.gz COPY --from=build /vault/web-vault /web-vault # Added so docker create works, can't actually run a scratch image diff --git a/package_web_vault.sh b/package_web_vault.sh index 1ca3387..2ac50bb 100755 --- a/package_web_vault.sh +++ b/package_web_vault.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -o pipefail -o errexit # Error handling @@ -18,11 +18,13 @@ VAULT_FOLDER=web-vault OUTPUT_FOLDER=builds OUTPUT_NAME="$OUTPUT_FOLDER/bw_web_$VAULT_VERSION.tar.gz" +npm install npm@7 + mkdir -p "$OUTPUT_FOLDER" # If this is the first time, clone the project if [ ! -d "$VAULT_FOLDER" ]; then - git clone --recurse-submodules https://github.com/bitwarden/web.git "$VAULT_FOLDER" + git clone https://github.com/bitwarden/web.git "$VAULT_FOLDER" fi cd $VAULT_FOLDER @@ -31,7 +33,7 @@ cd $VAULT_FOLDER git checkout -f # Update branch -git fetch --tags +git fetch --tags --all git pull origin master # Checkput the branch we want @@ -45,8 +47,8 @@ git submodule update --recursive --init . ../apply_patches.sh # Build -npm install -npm audit fix +npm ci +npm audit fix || true npm run dist # Delete debugging map files, optional @@ -54,10 +56,10 @@ npm run dist # Create bwrs-version.json with the latest tag from the remote repo. printf '{"version":"%s"}' \ - $(git -c 'versionsort.suffix=-' ls-remote --tags --sort='v:refname' https://github.com/dani-garcia/bw_web_builds.git 'v*' | tail -n1 | sed -E 's#.*?refs/tags/v##') \ + "$(git -c 'versionsort.suffix=-' ls-remote --tags --sort='v:refname' https://github.com/dani-garcia/bw_web_builds.git 'v*' | tail -n1 | sed -E 's#.*?refs/tags/v##')" \ > build/bwrs-version.json # Prepare the final archives mv build web-vault tar -czvf "../$OUTPUT_NAME" web-vault --owner=0 --group=0 -mv web-vault build \ No newline at end of file +mv web-vault build diff --git a/patches/v2.21.1.patch b/patches/v2.21.1.patch new file mode 100644 index 0000000..a3ac3bd --- /dev/null +++ b/patches/v2.21.1.patch @@ -0,0 +1,278 @@ +Submodule jslib contains modified content +diff --git a/jslib/angular/src/components/register.component.ts b/jslib/angular/src/components/register.component.ts +index 53ec3c8..a6c9150 100644 +--- a/jslib/angular/src/components/register.component.ts ++++ b/jslib/angular/src/components/register.component.ts +@@ -24,7 +24,7 @@ export class RegisterComponent { + formPromise: Promise; + masterPasswordScore: number; + referenceData: ReferenceEventRequest; +- showTerms = true; ++ showTerms = false; + acceptPolicies: boolean = false; + + protected successRoute = 'login'; +@@ -35,7 +35,7 @@ export class RegisterComponent { + protected apiService: ApiService, protected stateService: StateService, + protected platformUtilsService: PlatformUtilsService, + protected passwordGenerationService: PasswordGenerationService) { +- this.showTerms = !platformUtilsService.isSelfHost(); ++ this.showTerms = false; + } + + get masterPasswordScoreWidth() { +@@ -69,6 +69,12 @@ export class RegisterComponent { + } + + async submit() { ++ if (typeof crypto.subtle === 'undefined') { ++ this.platformUtilsService.showToast('error', "This browser requires HTTPS to use the web vault", ++ "Check the Vaultwarden wiki for details on how to enable it"); ++ return; ++ } ++ + if (!this.acceptPolicies && this.showTerms) { + this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'), + this.i18nService.t('acceptPoliciesError')); +@@ -130,6 +136,7 @@ export class RegisterComponent { + this.hint, encKey[1].encryptedString, kdf, kdfIterations, this.referenceData); + request.keys = new KeysRequest(keys[0], keys[1].encryptedString); + const orgInvite = await this.stateService.get('orgInvitation'); ++ console.log(orgInvite); + if (orgInvite != null && orgInvite.token != null && orgInvite.organizationUserId != null) { + request.token = orgInvite.token; + request.organizationUserId = orgInvite.organizationUserId; +diff --git a/src/404.html b/src/404.html +index eba36375..cb8883ec 100644 +--- a/src/404.html ++++ b/src/404.html +@@ -41,10 +41,10 @@ + +

+

You can return to the web vault, check our status page +- or contact us.

++ or contact us.

+ +
+- © Copyright 2021 Bitwarden, Inc. ++ © Copyright 2021 Bitwarden, Inc. (Powered by Vaultwarden) +
+ + +diff --git a/src/app/app.component.ts b/src/app/app.component.ts +index 2922cf09..8f2be1ad 100644 +--- a/src/app/app.component.ts ++++ b/src/app/app.component.ts +@@ -146,6 +146,10 @@ export class AppComponent implements OnDestroy, OnInit { + } + break; + case 'showToast': ++ if (typeof message.text === "string" && typeof crypto.subtle === 'undefined') { ++ message.title="This browser requires HTTPS to use the web vault"; ++ message.text="Check the Vaultwarden wiki for details on how to enable it"; ++ } + this.showToast(message); + break; + case 'setFullWidth': +diff --git a/src/app/layouts/footer.component.html b/src/app/layouts/footer.component.html +index b001b9e3..c1bd2ac8 100644 +--- a/src/app/layouts/footer.component.html ++++ b/src/app/layouts/footer.component.html +@@ -1,7 +1,7 @@ +
+
+
+- © {{year}}, Bitwarden Inc. ++ © {{year}}, Bitwarden Inc. (Powered by Vaultwarden) +
+
+
+diff --git a/src/app/layouts/frontend-layout.component.html b/src/app/layouts/frontend-layout.component.html +index 4c2c4ca1..dc990b22 100644 +--- a/src/app/layouts/frontend-layout.component.html ++++ b/src/app/layouts/frontend-layout.component.html +@@ -1,5 +1,5 @@ + +
+- © {{year}}, Bitwarden Inc. ++ © {{year}}, Bitwarden Inc. (Powered by Vaultwarden) +
{{'versionNumber' | i18n : version}} +
+diff --git a/src/app/layouts/navbar.component.html b/src/app/layouts/navbar.component.html +index b28897c9..524764c6 100644 +--- a/src/app/layouts/navbar.component.html ++++ b/src/app/layouts/navbar.component.html +@@ -38,7 +38,7 @@ + + {{'myAccount' | i18n}} + +- ++ + + {{'getHelp' | i18n}} + +diff --git a/src/app/organizations/settings/organization-subscription.component.ts b/src/app/organizations/settings/organization-subscription.component.ts +index 5ac864b3..a405ea37 100644 +--- a/src/app/organizations/settings/organization-subscription.component.ts ++++ b/src/app/organizations/settings/organization-subscription.component.ts +@@ -105,7 +105,7 @@ export class OrganizationSubscriptionComponent implements OnInit { + const contactSupport = await this.platformUtilsService.showDialog(this.i18nService.t('changeBillingPlanDesc'), + this.i18nService.t('changeBillingPlan'), this.i18nService.t('contactSupport'), this.i18nService.t('close')); + if (contactSupport) { +- this.platformUtilsService.launchUri('https://bitwarden.com/contact'); ++ this.platformUtilsService.launchUri('https://github.com/dani-garcia/vaultwarden'); + } + } + +diff --git a/src/app/send/access.component.html b/src/app/send/access.component.html +index 84944a2b..b736bbe4 100644 +--- a/src/app/send/access.component.html ++++ b/src/app/send/access.component.html +@@ -82,10 +82,7 @@ +
+

{{'sendAccessTaglineProductDesc' | i18n}}
+ {{'sendAccessTaglineLearnMore' | i18n}} Bitwarden Send +- {{'sendAccessTaglineOr' | i18n}} {{'sendAccessTaglineSignUp' | i18n}} +- {{'sendAccessTaglineTryToday' | i18n}} ++ href="https://www.bitwarden.com/products/send/" target="_blank">Bitwarden Send. +

+
+
+diff --git a/src/app/services/services.module.ts b/src/app/services/services.module.ts +index 231edc51..6e5dc329 100644 +--- a/src/app/services/services.module.ts ++++ b/src/app/services/services.module.ts +@@ -142,18 +142,25 @@ const passwordRepromptService = new PasswordRepromptService(i18nService, cryptoS + containerService.attachToWindow(window); + + export function initFactory(): Function { ++ function getBaseUrl() { ++ // If the base URL is `https://bitwarden.example.com/base/path/`, ++ // `window.location.href` should have one of the following forms: ++ // ++ // - `https://bitwarden.example.com/base/path/` ++ // - `https://bitwarden.example.com/base/path/#/some/route[?queryParam=...]` ++ // ++ // We want to get to just `https://bitwarden.example.com/base/path`. ++ let baseUrl = window.location.href; ++ baseUrl = baseUrl.replace(/#.*/, ''); // Strip off `#` and everything after. ++ baseUrl = baseUrl.replace(/\/+$/, ''); // Trim any trailing `/` chars. ++ return baseUrl; ++ } + return async () => { + await (storageService as HtmlStorageService).init(); + +- if (process.env.ENV !== 'production' || platformUtilsService.isSelfHost()) { +- environmentService.baseUrl = window.location.origin; +- } else { +- environmentService.notificationsUrl = 'https://notifications.bitwarden.com'; +- environmentService.enterpriseUrl = 'https://portal.bitwarden.com'; +- } +- ++ environmentService.baseUrl = getBaseUrl(); + apiService.setUrls({ +- base: window.location.origin, ++ base: environmentService.baseUrl, + api: null, + identity: null, + events: null, +diff --git a/src/app/vault/vault.component.ts b/src/app/vault/vault.component.ts +index 41216ead..70dec887 100644 +--- a/src/app/vault/vault.component.ts ++++ b/src/app/vault/vault.component.ts +@@ -80,9 +80,7 @@ export class VaultComponent implements OnInit, OnDestroy { + async ngOnInit() { + this.showVerifyEmail = !(await this.tokenService.getEmailVerified()); + this.showBrowserOutdated = window.navigator.userAgent.indexOf('MSIE') !== -1; +- this.trashCleanupWarning = this.i18nService.t( +- this.platformUtilsService.isSelfHost() ? 'trashCleanupWarningSelfHosted' : 'trashCleanupWarning' +- ); ++ this.trashCleanupWarning = this.i18nService.t('trashCleanupWarningSelfHosted'); + + const queryParamsSub = this.route.queryParams.subscribe(async params => { + await this.syncService.fullSync(false); +diff --git a/src/scss/styles.scss b/src/scss/styles.scss +index 598fea83..f5ed4253 100644 +--- a/src/scss/styles.scss ++++ b/src/scss/styles.scss +@@ -1,5 +1,59 @@ + @import "../css/webfonts.css"; + ++/**** START Bitwarden_RS CHANGES ****/ ++/* This combines all selectors extending it into one */ ++%bwrs-hide { display: none !important; } ++ ++/* This allows searching for the combined style in the browsers dev-tools (look into the head tag) */ ++#bwrs-hide, head { @extend %bwrs-hide; } ++ ++/* Hide any link pointing to billing */ ++a[href$="/settings/billing"] { @extend %bwrs-hide; } ++ ++/* Hide any link pointing to subscriptions */ ++a[href$="/settings/subscription"] { @extend %bwrs-hide; } ++ ++/* Hide any link pointing to emergency access */ ++a[href$="/settings/emergency-access"] { @extend %bwrs-hide; } ++ ++/* Hide the `Enterprise Single Sign-On` button on the login page */ ++a[href$="/sso"] { @extend %bwrs-hide; } ++ ++/* Hide the info box that advertises Bitwarden Send */ ++app-send-info.d-block { @extend %bwrs-hide; } ++ ++/* Hide Two-Factor menu in Organization settings */ ++app-org-settings a[href$="/settings/two-factor"] { @extend %bwrs-hide; } ++ ++/* Hide organization plans */ ++app-organization-plans > form > div.form-check { @extend %bwrs-hide; } ++app-organization-plans > form > h2.mt-5 { @extend %bwrs-hide; } ++ ++/* Hide the `API Key` section under `My Account` */ ++app-account > div:nth-child(9), ++app-account > p, ++app-account > button:nth-child(11), ++app-account > button:nth-child(12) { ++ @extend %bwrs-hide; ++} ++ ++/* Hide the radio button and label for the `Custom` org user type */ ++#userTypeCustom, label[for^=userTypeCustom] { ++ @extend %bwrs-hide; ++} ++ ++/* Hide the warning that policy config is moving to Business Portal */ ++app-org-policies > app-callout { @extend %bwrs-hide; } ++ ++/* Hide `Single Organization` policy */ ++app-org-policies > table > tbody > tr:nth-child(4) { @extend %bwrs-hide; } ++ ++/* Hide Tax Info and Form in Organization settings */ ++app-org-account > div.secondary-header:nth-child(3) { @extend %bwrs-hide; } ++app-org-account > div.secondary-header:nth-child(3) + p { @extend %bwrs-hide; } ++app-org-account > div.secondary-header:nth-child(3) + p + form { @extend %bwrs-hide; } ++/**** END Bitwarden_RS CHANGES ****/ ++ + $primary: #175DDC; + $primary-accent: #1252A3; + $secondary: #ced4da; +diff --git a/src/services/webPlatformUtils.service.ts b/src/services/webPlatformUtils.service.ts +index e3aeea39..6e7ed1e0 100644 +--- a/src/services/webPlatformUtils.service.ts ++++ b/src/services/webPlatformUtils.service.ts +@@ -249,11 +249,12 @@ export class WebPlatformUtilsService implements PlatformUtilsService { + } + + isDev(): boolean { +- return process.env.ENV === 'development'; ++ return false; + } + ++ // Even though Vaultwarden is self-hosted, returning true ends up enabling various license checks. + isSelfHost(): boolean { +- return process.env.SELF_HOST.toString() === 'true'; ++ return false; + } + + copyToClipboard(text: string, options?: any): void | boolean {