diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs index da7189428f..94bdc485a6 100644 --- a/src/api/core/ciphers.rs +++ b/src/api/core/ciphers.rs @@ -150,7 +150,6 @@ async fn sync(data: SyncData, headers: Headers, mut conn: DbConn) -> Json "ciphers": ciphers_json, "domains": domains_json, "sends": sends_json, - "unofficialServer": true, "object": "sync" })) } diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index afd2d388d3..30e9265d89 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -363,6 +363,7 @@ async fn get_org_collections_details(org_id: &str, headers: ManagerHeadersLoose, json_object["users"] = json!(users); json_object["groups"] = json!(groups); json_object["object"] = json!("collectionAccessDetails"); + json_object["unmanaged"] = json!(false); data.push(json_object) } diff --git a/src/api/identity.rs b/src/api/identity.rs index 4244d68d59..672f128c3c 100644 --- a/src/api/identity.rs +++ b/src/api/identity.rs @@ -120,16 +120,8 @@ async fn _refresh_login(data: ConnectData, conn: &mut DbConn) -> JsonResult { "expires_in": expires_in, "token_type": "Bearer", "refresh_token": device.refresh_token, - "Key": user.akey, - "PrivateKey": user.private_key, - "Kdf": user.client_kdf_type, - "KdfIterations": user.client_kdf_iter, - "KdfMemory": user.client_kdf_memory, - "KdfParallelism": user.client_kdf_parallelism, - "ResetMasterPassword": false, // TODO: according to official server seems something like: user.password_hash.is_empty(), but would need testing "scope": scope, - "unofficialServer": true, }); Ok(Json(result)) @@ -342,7 +334,6 @@ async fn _password_login( "MasterPasswordPolicy": master_password_policy, "scope": scope, - "unofficialServer": true, "UserDecryptionOptions": { "HasMasterPassword": !user.password_hash.is_empty(), "Object": "userDecryptionOptions" @@ -461,9 +452,8 @@ async fn _user_api_key_login( "KdfIterations": user.client_kdf_iter, "KdfMemory": user.client_kdf_memory, "KdfParallelism": user.client_kdf_parallelism, - "ResetMasterPassword": false, // TODO: Same as above + "ResetMasterPassword": false, // TODO: according to official server seems something like: user.password_hash.is_empty(), but would need testing "scope": "api", - "unofficialServer": true, }); Ok(Json(result)) @@ -495,7 +485,6 @@ async fn _organization_api_key_login(data: ConnectData, conn: &mut DbConn, ip: & "expires_in": 3600, "token_type": "Bearer", "scope": "api.organization", - "unofficialServer": true, }))) } diff --git a/src/db/models/collection.rs b/src/db/models/collection.rs index 7fb17c663c..a26f22c72e 100644 --- a/src/db/models/collection.rs +++ b/src/db/models/collection.rs @@ -81,8 +81,8 @@ impl Collection { let (read_only, hide_passwords, can_manage) = if let Some(cipher_sync_data) = cipher_sync_data { match cipher_sync_data.user_organizations.get(&self.org_uuid) { // Only for Manager types Bitwarden returns true for the can_manage option - // Owners and Admins always have false, but they can manage all collections anyway - Some(uo) if uo.has_full_access() => (false, false, uo.atype == UserOrgType::Manager), + // Owners and Admins always have true + Some(uo) if uo.has_full_access() => (false, false, uo.atype >= UserOrgType::Manager), Some(uo) => { // Only let a manager manage collections when the have full read/write access let is_manager = uo.atype == UserOrgType::Manager; @@ -98,7 +98,7 @@ impl Collection { } } else { match UserOrganization::find_confirmed_by_user_and_org(user_uuid, &self.org_uuid, conn).await { - Some(ou) if ou.has_full_access() => (false, false, ou.atype == UserOrgType::Manager), + Some(ou) if ou.has_full_access() => (false, false, ou.atype >= UserOrgType::Manager), Some(ou) => { let is_manager = ou.atype == UserOrgType::Manager; let read_only = !self.is_writable_by_user(user_uuid, conn).await; diff --git a/src/db/models/group.rs b/src/db/models/group.rs index 6e2db0889c..66ad338a51 100644 --- a/src/db/models/group.rs +++ b/src/db/models/group.rs @@ -82,7 +82,7 @@ impl Group { "id": entry.collections_uuid, "readOnly": entry.read_only, "hidePasswords": entry.hide_passwords, - "manage": *user_org_type == UserOrgType::Manager && !entry.read_only && !entry.hide_passwords + "manage": *user_org_type >= UserOrgType::Admin || (*user_org_type == UserOrgType::Manager && !entry.read_only && !entry.hide_passwords) }) }) .collect(); diff --git a/src/db/models/organization.rs b/src/db/models/organization.rs index e59c1b05ca..21c241bf8d 100644 --- a/src/db/models/organization.rs +++ b/src/db/models/organization.rs @@ -161,7 +161,6 @@ impl Organization { "identifier": null, // not supported by us "name": self.name, "seats": null, - "maxAutoscaleSeats": null, "maxCollections": null, "maxStorageGb": i16::MAX, // The value doesn't matter, we don't check server-side "use2fa": true, @@ -374,7 +373,6 @@ impl UserOrganization { "identifier": null, // Not supported "name": org.name, "seats": null, - "maxAutoscaleSeats": null, "maxCollections": null, "usersGetPremium": true, "use2fa": true, @@ -411,7 +409,7 @@ impl UserOrganization { "familySponsorshipValidUntil": null, "familySponsorshipToDelete": null, "accessSecretsManager": false, - "limitCollectionCreationDeletion": true, + "limitCollectionCreationDeletion": false, // This should be set to true only when we can handle roles like createNewCollections "allowAdminAccessToAllCollectionItems": true, "flexibleCollections": false, @@ -477,7 +475,7 @@ impl UserOrganization { .into_iter() .filter_map(|c| { let (read_only, hide_passwords, can_manage) = if self.has_full_access() { - (false, false, self.atype == UserOrgType::Manager) + (false, false, self.atype >= UserOrgType::Manager) } else if let Some(cu) = cu.get(&c.uuid) { ( cu.read_only,