jcs / rubywarden Goto Github PK

I can connect to the server with all browser extensions, android application and desktop application. But if I want to connect with my iPhone, it tells me that it has a problem with connecting to the server.
I can't see anything in the running console.

Anything I can do to make this work?

The Bitwarden apps already support prompting the user for a 2FA code when the identity server responds to a token request if the user's account has it enabled.

Implement a simple server-side setup which creates the TOTP secret for the user account and shows a QR code to the user.

I would probably like to keep this as a server-side command-line script rather than a web API because I don't want to ever send my master password to the web API.

Setting RACK_ENV to values other than development, deployment, or none makes no sense, as per rackup howto. Setting it to production or test is equal to setting it to none (disabling logging middleware), so it's not the RAILS_ENV replacement for rack apps.
Here are some explanations.
I'm not sure how this should be addressed, maybe using the different env var would be better.

I recently did a git pull of the repo and ran bundle.

Now when I try to sync or create passwords the logs show

2018-10-05 16:59:01 - ActiveRecord::StatementInvalid - Could not find table 'attachments':

If I check via sqlite I can also confirm the table is not there:

sqlite> select * from attachments;
Error: no such table: attachments

Did I somehow miss a step? I have previously done the ActiveRecord migration and rubywarden has been running fine.

I followed the README precisely to install rubywarden on my Ubuntu 16.04 machine (also tried MacOS 10.14):
$ git clone https://github.com/jcs/rubywarden.git
$ cd rubywarden/
$ bundle install
$ mkdir db/production
$ env RUBYWARDEN_ENV=production bundle exec rake db:migrate
$ env RUBYWARDEN_ENV=production ALLOW_SIGNUPS=1 bundle exec rackup -p 4567 config.ru

But when I point my browser to http://127.0.0.1:4567/ I get a 404 (<h1>Not Found</h1>).

So I cannot register a user to import 1password data or whatever. What's missing? On the old Bitwarden-ruby this used to work without a charm.

What's missing?

Thanks!

I recently deleted a folder containing quite a lot of entries using the Bitwarden Desktop-App.

The deletion of the folder itself worked without any issues, however it seems like bitwarden-ruby does not reset the folder-ID of the ciphers in question to NULL.

This causes a minor issue, as the ciphers are still available by searching for them, but they are not listed in the "No Folder"-section.

I manually fixed the issue by updating the database by hand - but it would be probably a good idea to do this automatically in the future and perhaps even offer a migration to fix "orphaned" ciphers.

Hello,

Bitwarden upstream can store file/attachment into a cypher entry, like keepass does.
It could be a ssh key for exemple.

Currently, the API cannot store files/attachments into the sqlite db.

First quick note:

It looks like rubeepass@3,1.0 has been yanked (this version is in the Gemfile.lock file) so I tried using rubeepass 3.1.1 and 3.2.0 but had no luck.

I'm able to successfully run the importer script after doing bundle install --with keepass:

$ sudo -u rubywarden env RACK_ENV=production bundle exec ruby tools/keepass_import.rb -f /tmp/dave.kdbx -u [email protected]
master password for [email protected]: 
master password for /tmp/dave.kdbx: 
...
ready to import? [Y/n] y
successfully imported 291 items

And I can see all of my folders and logins in the bitwarden firefox plugin (awesome!). However, none of the passwords seem to have been decrypted properly. Every single entry I look at says:

[error: cannot decrypt]

for the password.

I'll keep digging into this, but I figure if anyone has any quick ideas what is happening here that would be greatly appreciated.

tools/1password_import.rb:153:in block in <main>': unimplemented: "system.folder.SavedSearch" (RuntimeError) from tools/1password_import.rb:85:in each'
from tools/1password_import.rb:85:in `

I didn't see anywhere on your project where you discussed how sharing passwords works in a self hosted environment. I'm interested in using an alternative to the official .NET application, and your project is the one that I found first.

Are you interested in supporting the non-free tier features (at least sharing)? If not, perhaps I'll try it on my own (I'm not a fan of Ruby, so it'll probably be in Go or Rust). If it's something you're interested in, I could look into it and perhaps submit a PR or something (no guarantees).

Personally, I'm most interested in the sharing feature, but I'm not sure how that's being handled or how the official Bitwarden servers come into play. To be clear, I'm not looking to avoid paying Bitwarden, I just don't want the .NET server code.

After running the server with env RACK_ENV=production bundle exec rackup -p 4567 config.ru and connecting to 127.0.0.1:4567, I only get <h1>Not Found</h1>...

Version 1.2.0
Shell 1.8.4
Renderer 59.0.3071.115
Node 8.2.1
Architecture x64
OS Windows 10 Pro x64

When creating a new identity and hit save the follow fields are not saved: First Name, Middle Name, Last Name, Social Security Number, Passport Number, License Number & Post Code. If I edit the entry they are not visable and if I enter them again and hit save they are also not saved.

Hi,

I'm unable to import some data from 1password, here is the error (bundle gems trace stripped):

Traceback (most recent call last):
  from tools/1password_import.rb:253:in `<main>'
  from tools/1password_import.rb:254:in `block in <main>'
  from tools/1password_import.rb:254:in `each'
  from tools/1password_import.rb:255:in `block (2 levels) in <main>'
  from tools/1password_import.rb:255:in `each'
  from tools/1password_import.rb:257:in `block (3 levels) in <main>'
.bundle/ruby/2.5.0/gems/sqlite3-1.3.13/lib/sqlite3/statement.rb:108:in `step': SQLite3::ConstraintException: NOT NULL constraint failed: ciphers.favorite: INSERT INTO "ciphers" ("uuid", "user_uuid", "type", "data", "favorite", "name", "notes", "fields", "login", "created_at", "updated_at") VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) (ActiveRecord::NotNullViolation)

What is it complaining about? Which one of required fields can be null?

Hello,

I've tryied to deploy the bitwarden web vault, and use the ruby api backend.
For the moment, your server is not fully compatible.

I'm not a ruby developper, so i'm not a really good help, but here is some hint.

When registering with the web vault, the POST command add a new attribute which is :
"key":"yyy",
"keys":
{
"publicKey":"XXXXX"
}
This new attribute "Keys" doesn't seem to be implemented in your code. I've checked the Database schema, and I think the content should go on the public_key colums in the users table.

The 2nd command is when we try to connect with the web vault, all the attributes of the POST command that your api backend is waiting are not sent by the web vault.
Typically, the web vault only send :
client_id
grant_type
password
scope
username.

Is it possible for you to add those complements to your code ?

Easy way to test it is to download the web vault from bitwarden source.
Edit the file settings.Production.json
apiURl : "urlofyourbackend/api"
identityUrl : "urlofyourbackend/identity"
iconsUri : "urlofyourbackend/icons"

Thanks.

Thanks for creating this.

I have got things running in a docker and 2FA works, but trying to import keepass directly fails with the following error;

/usr/local/bundle/gems/rubeepass-3.0.0/lib/rubeepass.rb:404:in read_header': undefined method length' for nil:NilClass (NoMethodError)
from /usr/local/bundle/gems/rubeepass-3.0.0/lib/rubeepass.rb:450:in start_opening' from /usr/local/bundle/gems/rubeepass-3.0.0/lib/rubeepass.rb:277:in open'
from tools/keepass_import.rb:118:in `

'

It asks for my password and then errors immediately.

Database is Argon2 AES 256.

Thanks in advance

The import tools need to constantly be updated when things change and I have no way to test the fixes. It would be helpful to have sample import files (CSVs or whatever) that I can use to test each tool.

Since I don't have access to any of these tools anymore, it would be great if people could supply such files.

Should we wait for update from bitwarden or this is something you have to fix ?

If one wants to add support for favicons, this might prove helpful:

https://www.webmaster-source.com/2013/09/25/finding-a-websites-favicon-with-ruby/

Not sure how much code / librariries are to be used, since retrieving the initial icon might be better done outside of the request-lifecycle and in a background task. Though running a cron task might be enough, or running it as a separate thread in the initial request.

Storing them on the disk shouldn't be a problem, probably under a hash of the domain, because then verifying that the domain doesn't do any file system trickery doesn't have to be done.

after trying some little bits:

• not all websites might have a favicon
• fetching favicons might require following redirects
• fetching favicons in png format requires getting a html response, parsing it and looking for a <link rel="shortcut icon" href="..."> tag in the head section

Hi,
just did a fresh install of rubywarden.
When trying to import my CSV i get the following error:
sudo -u _rubywarden env RUBYWARDEN_ENV=production bundle exec ruby tools/bitwarden_import.rb -f /home/XXX/bitwarden_export_20180924223701.csv -u XXX

/home/_rubywarden is not a directory.
Bundler will use /tmp/bundler/home/XXX' as your home directory temporarily. master password for XXX: converting 1&1 FTP... /var/www/rubywarden/lib/bitwarden.rb:150:in decrypt': invalid mac "V[\xE5\xDAXQ\xB4t(vK\xA4\xD2\xD0\xCEr\xC1\x03\xF6\xE46Pp\xA7T\x8E\xAA\aXF\x8D\xB3" != "\n:\xF0\xCC/\x1E\x9Dv\xAA\xB9\xEEA,\x06\xC6\xF1\x13\xB4\xFBI@\nX\x18\xC1ue\xED\xB2\x91a\xE4" (RuntimeError)
from /var/www/rubywarden/lib/user.rb:44:in encrypt_data_with_master_password_key' from tools/bitwarden_import.rb:38:in encrypt'
from tools/bitwarden_import.rb:126:in block in <main>' from /usr/lib/ruby/2.3.0/csv.rb:1748:in each'
from /usr/lib/ruby/2.3.0/csv.rb:1131:in block in foreach' from /usr/lib/ruby/2.3.0/csv.rb:1282:in open'
from /usr/lib/ruby/2.3.0/csv.rb:1130:in foreach' from tools/bitwarden_import.rb:103:in

'

Hi,

Great initiative you have here. I started to look and could not find how to run this with a local installation of bitwarden. Do you have any guide?

Atm I made a Dockerfile to run this and a script to change the docker-compose setup to use that docker. Would you be interested in having an automated script like https://raw.githubusercontent.com/bitwarden/core/master/scripts/bitwarden.sh to install this project? If yes any suggestions?

Hi,
as it seems, the latest firefox addon fails to sync now against bitwarden-ruby.
Maybe API changes upstream?

Greetings
...
Mike

Could you please explain how to setup let's encrypt cert ?

I tried to migrate from bitwarden-ruby this morning following the directions from https://github.com/jcs/rubywarden/blob/master/AR-MIGRATE.md .

bundle --with migrate worked without problems, after which I ran into the following exception.

bitwarden@pi:~/bitwarden-ruby$ bundle exec ruby tools/migrate_to_ar.rb -e production
/home/bitwarden/.rvm/gems/ruby-2.4.4/gems/sqlite3-1.3.13/lib/sqlite3/database.rb:91:in `initialize': SQLite3::SQLException: no such table: folders: SELECT COUNT(*) FROM "folders" (ActiveRecord::StatementInvalid)
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/sqlite3-1.3.13/lib/sqlite3/database.rb:91:in `new'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/sqlite3-1.3.13/lib/sqlite3/database.rb:91:in `prepare'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/activerecord-5.1.6/lib/active_record/connection_adapters/sqlite3_adapter.rb:212:in `block (2 levels) in exec_query'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/activesupport-5.1.6/lib/active_support/dependencies/interlock.rb:46:in `block in permit_concurrent_loads'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/activesupport-5.1.6/lib/active_support/concurrency/share_lock.rb:185:in `yield_shares'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/activesupport-5.1.6/lib/active_support/dependencies/interlock.rb:45:in `permit_concurrent_loads'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/activerecord-5.1.6/lib/active_record/connection_adapters/sqlite3_adapter.rb:209:in `block in exec_query'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/activerecord-5.1.6/lib/active_record/connection_adapters/abstract_adapter.rb:613:in `block (2 levels) in log'
        from /home/bitwarden/.rvm/rubies/ruby-2.4.4/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/activerecord-5.1.6/lib/active_record/connection_adapters/abstract_adapter.rb:612:in `block in log'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/activesupport-5.1.6/lib/active_support/notifications/instrumenter.rb:21:in `instrument'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/activerecord-5.1.6/lib/active_record/connection_adapters/abstract_adapter.rb:604:in `log'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/activerecord-5.1.6/lib/active_record/connection_adapters/sqlite3_adapter.rb:208:in `exec_query'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/activerecord-5.1.6/lib/active_record/connection_adapters/abstract/database_statements.rb:371:in `select'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/activerecord-5.1.6/lib/active_record/connection_adapters/abstract/database_statements.rb:42:in `select_all'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/activerecord-5.1.6/lib/active_record/connection_adapters/abstract/query_cache.rb:97:in `select_all'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/activerecord-5.1.6/lib/active_record/connection_adapters/abstract/database_statements.rb:49:in `select_one'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/yaml_db-0.7.0/lib/yaml_db/serialization_helper.rb:198:in `table_record_count'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/yaml_db-0.7.0/lib/yaml_db/serialization_helper.rb:172:in `dump_table'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/yaml_db-0.7.0/lib/yaml_db/serialization_helper.rb:158:in `block in dump'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/yaml_db-0.7.0/lib/yaml_db/serialization_helper.rb:156:in `each'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/yaml_db-0.7.0/lib/yaml_db/serialization_helper.rb:156:in `dump'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/yaml_db-0.7.0/lib/yaml_db/serialization_helper.rb:18:in `block in dump'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/yaml_db-0.7.0/lib/yaml_db/serialization_helper.rb:17:in `open'
        from /home/bitwarden/.rvm/gems/ruby-2.4.4/gems/yaml_db-0.7.0/lib/yaml_db/serialization_helper.rb:17:in `dump'
        from tools/migrate_to_ar.rb:50:in `<main>'

Not sure what I can do to fix this. Any help would be appreciated. Thank you!

Hello,

Is it possible to get a more detailled installation guide ? For users who are not familiar with Ruby and Sinatra ?

Thanks.

So I just tried KP import script. It reports successful import of 100 items. But all I see in Bitwarden after import are folders I have in KP with 0 content. Do we have to fix script to work with latest API ?

Have you seen the following error before? Not sure what changed, I tried to upgrade to the latest in master with the sinatra fix.

2018-06-28 17:19:36 - NoMethodError - undefined method `try' for #<Hash:0x00000000005cabe8>:
        /home/warden/src/bitwarden-ruby/lib/dbmodel.rb:65:in `fetch_columns'
        /home/warden/src/bitwarden-ruby/lib/dbmodel.rb:88:in `find_all_by_column'
        /home/warden/src/bitwarden-ruby/lib/dbmodel.rb:104:in `find_by_column'
        /home/warden/src/bitwarden-ruby/lib/dbmodel.rb:23:in `method_missing'
        /home/warden/src/bitwarden-ruby/lib/routes/identity.rb:35:in `block (2 levels) in registered'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1635:in `call'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1635:in `block in compile!'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:992:in `block (3 levels) in route!'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1011:in `route_eval'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:992:in `block (2 levels) in route!'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1040:in `block in process_route'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1038:in `catch'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1038:in `process_route'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:990:in `block in route!'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:989:in `each'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:989:in `route!'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1097:in `block in dispatch!'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `block in invoke'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `catch'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `invoke'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1094:in `dispatch!'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:924:in `block in call!'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `block in invoke'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `catch'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `invoke'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:924:in `call!'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:913:in `call'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/rack-protection-2.0.3/lib/rack/protection/xss_header.rb:18:in `call'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/rack-protection-2.0.3/lib/rack/protection/path_traversal.rb:16:in `call'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/rack-protection-2.0.3/lib/rack/protection/json_csrf.rb:26:in `call'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/rack-protection-2.0.3/lib/rack/protection/base.rb:50:in `call'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/rack-protection-2.0.3/lib/rack/protection/base.rb:50:in `call'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/rack-protection-2.0.3/lib/rack/protection/frame_options.rb:31:in `call'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/rack-2.0.5/lib/rack/logger.rb:15:in `call'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/rack-2.0.5/lib/rack/common_logger.rb:33:in `call'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:231:in `call'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:224:in `call'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/rack-2.0.5/lib/rack/head.rb:12:in `call'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:194:in `call'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1958:in `call'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1502:in `block in call'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1729:in `synchronize'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1502:in `call'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/unicorn-5.3.1/lib/unicorn/http_server.rb:606:in `process_client'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/unicorn-5.3.1/lib/unicorn/http_server.rb:702:in `worker_loop'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/unicorn-5.3.1/lib/unicorn/http_server.rb:549:in `spawn_missing_workers'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/unicorn-5.3.1/lib/unicorn/http_server.rb:142:in `start'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/gems/unicorn-5.3.1/bin/unicorn:126:in `<top (required)>'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/bin/unicorn:23:in `load'
        /home/warden/src/bitwarden-ruby/vendor/bundle/ruby/2.4.0/bin/unicorn:23:in `<main>'
10.0.1.200 - - [28/Jun/2018:17:19:36 +0000] "POST /identity/connect/token HTTP/1.1" 500 30 0.0091

Each importer should come with a file of example data so that tests can be written. I can't manually test any of them so I won't know when they break in the future.

This will make it easier to update them to the new data format (see ae3744e).

I upgraded from bitwarden-ruby to the latest git.
Now when I try to sign in i get invalid username.
`
== 20180324145941 CreateUsers: migrating ======================================
-- create_table(:users, {:id=>:string, :primary_key=>:uuid})
-> 0.0038s
== 20180324145941 CreateUsers: migrated (0.0040s) =============================

== 20180324151103 CreateDevices: migrating ====================================
-- create_table(:devices, {:id=>:string, :primary_key=>:uuid})
-> 0.0037s
-- add_foreign_key(:devices, :users, {:column=>:user_uuid, :primary_key=>:uuid})
-> 0.0000s
-- add_index(:devices, :user_uuid)
-> 0.0014s
== 20180324151103 CreateDevices: migrated (0.0055s) ===========================

== 20180324151113 CreateFolders: migrating ====================================
-- create_table(:folders, {:id=>:string, :primary_key=>:uuid})
-> 0.0007s
-- add_foreign_key(:folders, :users, {:column=>:user_uuid, :primary_key=>:uuid})
-> 0.0000s
-- add_index(:folders, :user_uuid)
-> 0.0008s
== 20180324151113 CreateFolders: migrated (0.0019s) ===========================

== 20180324151117 CreateCiphers: migrating ====================================
-- create_table(:ciphers, {:id=>:string, :primary_key=>:uuid})
-> 0.0011s
-- add_foreign_key(:ciphers, :users, {:column=>:user_uuid, :primary_key=>:uuid})
-> 0.0000s
-- add_index(:ciphers, :user_uuid)
-> 0.0007s
-- add_foreign_key(:ciphers, :folders, {:column=>:folder_uuid, :primary_key=>:uuid})
-> 0.0000s
-- add_index(:ciphers, :folder_uuid)
-> 0.0010s
== 20180324151117 CreateCiphers: migrated (0.0035s) ===========================

== 20180518070354 SetDefaultValueForFavorite: migrating =======================
-- change_column_default(:ciphers, :favorite, false)
-> 0.0211s
-- change_column_null(:ciphers, :favorite, false, false)
-> 0.0270s
== 20180518070354 SetDefaultValueForFavorite: migrated (0.0485s) ==============

== 20180818095054 CreateAttachments: migrating ================================
-- remove_column(:ciphers, :attachments)
-> 0.0266s
-- create_table(:attachments, {:id=>:string, :primary_key=>:uuid})
-> 0.0006s
-- add_foreign_key(:attachments, :ciphers, {:column=>:cipher_uuid, :primary_key=>:uuid})
-> 0.0001s
-- add_index(:attachments, :cipher_uuid)
-> 0.0009s
== 20180818095054 CreateAttachments: migrated (0.0287s) =======================

== 20180818201731 UserKdfIterations: migrating ================================
-- add_column(:users, :kdf_iterations, :integer)
-> 0.0009s
== 20180818201731 UserKdfIterations: migrated (0.0035s) =======================

== 20180818212323 AddUserKdfType: migrating ===================================
-- add_column(:users, :kdf_type, :integer, {:default=>0, :null=>false})
-> 0.0007s
== 20180818212323 AddUserKdfType: migrated (0.0009s) ==========================

[root@dora:~/bitwarden]# env RUBYWARDEN_ENV=production bundle exec rackup -p 4567 config.ru
[2018-10-24 18:00:56] INFO WEBrick 1.3.1
[2018-10-24 18:00:56] INFO ruby 2.4.4 (2018-03-28) [amd64-freebsd11]
[2018-10-24 18:00:56] INFO WEBrick::HTTPServer#start: pid=59455 port=4567
D, [2018-10-24T18:01:16.522873 #59455] DEBUG -- : User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."email" = ? LIMIT ? [["email", "[email protected]"], ["LIMIT", 1]]
192.168.100.1 - - [24/Oct/2018:18:01:16 +0200] "POST /api/accounts/prelogin HTTP/1.1" 200 30 0.0389
D, [2018-10-24T18:01:16.587990 #59455] DEBUG -- : User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."email" = ? LIMIT ? [["email", "[email protected]"], ["LIMIT", 1]]
192.168.100.1 - - [24/Oct/2018:18:01:16 +0200] "POST /identity/connect/token HTTP/1.1" 400 63 0.0073
D, [2018-10-24T18:02:27.732496 #59455] DEBUG -- : User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."email" = ? LIMIT ? [["email", "[email protected]"], ["LIMIT", 1]]
192.168.100.1 - - [24/Oct/2018:18:02:27 +0200] "POST /api/accounts/prelogin HTTP/1.1" 200 30 0.0020
D, [2018-10-24T18:02:27.775818 #59455] DEBUG -- : User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."email" = ? LIMIT ? [["email", "[email protected]"], ["LIMIT", 1]]
192.168.100.1 - - [24/Oct/2018:18:02:27 +0200] "POST /identity/connect/token HTTP/1.1" 400 63 0.0019
`

This one should be fairly easy to implement, might give it a go sometimes later myself.
The POST request is sent to /api/ciphers/delete

Post data is just list of ids:

{"ids":["214081c5-8a00-4e42-811b-fa0b510cf57e","438410c6a-c5a7-473b-9ab5-ffda741d6811"]}

Hi

Great project. I tried to get it running on a dokku host but dokku doesn't like sqlite at all. Any thoughts about supporting postgres/mysql?

Hi,
a first thanks for your work.
Is it also possible to use the bitwarden-web client as frontend for you're backend?

best regards

Heads up/PSA

The new bitwarden update V 1.6.0 breaks connection with local rubywarden installation/database.

Popup window seem to say something about 'un expected toaken < within json at position 0'
Within developer console im getting 'POST https:/ipaddress 404 bendor.js:93392 (not found)'

My other boxes with the older version still working flawlessly

Love your work, I'm assuming you maybe already know about this.

Have you looked at how hard folder support would be? Started messing around with this project today. Thanks for doing this work!

I was excited to stumble upon this project. I believe I've got it up and running on my local machine, however I can't seem to sync any of the apps with the ruby server. When I try to sync from either the desktop app or web browser, it fails to do so. On startup, both the desktop app and Firefox browser extension seem to hang indefinitely with the loading gif until I interact with them.

I see this on the command line when I run the server and then try to connect via an app:

$ env RACK_ENV=production bundle exec rackup -p 4567 config.ru
[2018-03-27 13:57:38] INFO  WEBrick 1.3.1                                      
[2018-03-27 13:57:38] INFO  ruby 2.3.3 (2016-11-21) [x86_64-linux-gnu]         
[2018-03-27 13:57:38] INFO  WEBrick::HTTPServer#start: pid=2503 port=4567      
127.0.0.1 - - [27/Mar/2018:13:57:49 +0100] "POST /identity/connect/token HTTP/1.1" 200 1093 0.0246
127.0.0.1 - - [27/Mar/2018:13:57:49 +0100] "GET /api/sync HTTP/1.1" 200 91577 0.0329

You can see the sync request is returning a 200. However my browser extension seems to always fail to sync and is still showing: Last Sync: 01/01/1970 01:00:00

UPDATE Forgot to mention, I'm on Ubuntu 17.10, just in case that's relevant. And I'm running the server locally as per the instructions in the README. Server URL: http://127.0.0.1:4567

rubeepass is locked at 3.1.0 and this version has been pulled from the gem repository. I helped track down a bug on my operating system with the module that I've verified is fixed in 3.3.0 (actually, getting salsa20 on 0.1.3 is the real fix).

I've attached a diff below that worked for me, but I don't know much about bundler so this may or may not be good.

diff --git a/Gemfile b/Gemfile
index 67e5485..b12e7f3 100644
--- a/Gemfile
+++ b/Gemfile
@@ -25,7 +25,7 @@ gem "minitest"
 gem "rack-test"
 
 group :keepass, :optional => true do
-  gem 'rubeepass', '~> 3.0'
+  gem 'rubeepass', '~> 3.3'
 end
 
 group :migrate, optional: true do
diff --git a/Gemfile.lock b/Gemfile.lock
index 3ec4993..9f71526 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -110,14 +110,15 @@ GEM
     rotp (3.3.1)
     rqrcode (0.10.1)
       chunky_png (~> 1.0)
-    rubeepass (3.1.0)
+    rubeepass (3.3.0)
       djinni (~> 2.2, >= 2.2.4)
       hilighter (~> 1.1, >= 1.2.3)
       json_config (~> 0.1, >= 0.1.4)
       os (~> 1.0, >= 1.0.0)
-      salsa20 (~> 0.1, >= 0.1.2)
+      salsa20 (~> 0.1, >= 0.1.3)
       scoobydoo (~> 0.1, >= 0.1.6)
-    salsa20 (0.1.2)
+      twofish (~> 1.0, >= 1.0.8)
+    salsa20 (0.1.3)
     scoobydoo (0.1.6)
     sinatra (2.0.3)
       mustermann (~> 1.0)
@@ -146,6 +147,7 @@ GEM
     thor (0.20.0)
     thread_safe (0.3.6)
     tilt (2.0.8)
+    twofish (1.0.8)
     tzinfo (1.2.5)
       thread_safe (~> 0.1)
     unicorn (5.4.1)
@@ -172,7 +174,7 @@ DEPENDENCIES
   rake
   rotp
   rqrcode
-  rubeepass (~> 3.0)
+  rubeepass (~> 3.3)
   sinatra (~> 2.0.3)
   sinatra-activerecord (~> 2.0.13)
   sinatra-contrib (~> 2.0.3)
@@ -184,4 +186,4 @@ RUBY VERSION
    ruby 2.4.2p198
 
 BUNDLED WITH
-   1.16.1
+   1.16.5

Hi,

In the 1password export file (1pif), each entry has the structure that includes something like:

{
  secureContents: {
    fields: [*1],
    sections: [{
      fields: [*2],
      title: "<section title>"
    }, ...]
  }
}

In which *1 fields have structures like:

{
  name: "username/password/etc",
  value: "xxx"
}

and *2 fields have structures like:

{
  "k":"concealed/string",
  "n": "<some hex code>",
  "v": "<the value>",
  "t": "<the title of the field>"
}

Type *2 fields can actually contain 2FA secrets and other important information/password.

While currently the 1password_import.rb script doesn't import type *2 fields. *1 fields are handled correctly as custom fields though. I wonder why isn't all type *1 and *2 fields both processed as custom fields.

If the current behavior isn't intended, I'd be glad to add support for the type *2 fields. Please let me know :-)

First of all, awesome project! 1000 times better approach than the .net stuff...

Anyway, I noticed that multiple clients don't sync changes automatically. Looks like it's using websockets for that, as per https://community.bitwarden.com/t/auto-sync-on-all-platformes/355/10

I think the client is trying to set up syncing, but rubywarden doesn't implement that piece:

"POST /notifications/hub/negotiate HTTP/1.1" 404 18 0.0033

I've updated from bitwarden-ruby to lastest master. I followed all the migration stuff and now get an error when trying to log in.

[2018-09-25 16:58:17] INFO  WEBrick 1.4.2
[2018-09-25 16:58:17] INFO  ruby 2.5.1 (2018-03-29) [armv7l-linux-eabihf]
[2018-09-25 16:58:17] INFO  WEBrick::HTTPServer#start: pid=24677 port=9292
D, [2018-09-25T16:59:16.392091 #24677] DEBUG -- :   User Load (1.7ms)  SELECT  "users".* FROM "users" WHERE "users"."email" = ? LIMIT ?  [["email", "[email protected]"], ["LIMIT", 1]]
2018-09-25 16:59:16 - NoMethodError - undefined method `kdf_iterations' for #<User:0x01706a00>:
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/activemodel-5.1.6/lib/active_model/attribute_methods.rb:432:in `method_missing'
        /opt/rubywarden/lib/routes/api.rb:31:in `block (2 levels) in registered'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1635:in `call'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1635:in `block in compile!'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:992:in `block (3 levels) in route!'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1011:in `route_eval'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:992:in `block (2 levels) in route!'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1040:in `block in process_route'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1038:in `catch'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1038:in `process_route'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:990:in `block in route!'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:989:in `each'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:989:in `route!'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1097:in `block in dispatch!'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `block in invoke'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `catch'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `invoke'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1094:in `dispatch!'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:924:in `block in call!'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `block in invoke'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `catch'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `invoke'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:924:in `call!'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:913:in `call'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/rack-protection-2.0.3/lib/rack/protection/xss_header.rb:18:in `call'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/rack-protection-2.0.3/lib/rack/protection/path_traversal.rb:16:in `call'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/rack-protection-2.0.3/lib/rack/protection/json_csrf.rb:26:in `call'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/rack-protection-2.0.3/lib/rack/protection/base.rb:50:in `call'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/rack-protection-2.0.3/lib/rack/protection/base.rb:50:in `call'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/rack-protection-2.0.3/lib/rack/protection/frame_options.rb:31:in `call'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/rack-2.0.5/lib/rack/logger.rb:15:in `call'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:224:in `call'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/rack-2.0.5/lib/rack/head.rb:12:in `call'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:194:in `call'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1958:in `call'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1502:in `block in call'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1729:in `synchronize'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1502:in `call'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/rack-2.0.5/lib/rack/tempfile_reaper.rb:15:in `call'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/rack-2.0.5/lib/rack/common_logger.rb:33:in `call'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:231:in `call'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/rack-2.0.5/lib/rack/chunked.rb:54:in `call'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/rack-2.0.5/lib/rack/content_length.rb:15:in `call'
        /opt/rubywarden/vendor/bundle/ruby/2.5.0/gems/rack-2.0.5/lib/rack/handler/webrick.rb:86:in `service'
        /usr/lib/ruby/2.5.0/webrick/httpserver.rb:140:in `service'
        /usr/lib/ruby/2.5.0/webrick/httpserver.rb:96:in `run'
        /usr/lib/ruby/2.5.0/webrick/server.rb:307:in `block in start_thread'
89.26.13.2 - - [25/Sep/2018:16:59:16 +0200] "POST /api/accounts/prelogin HTTP/1.1" 500 30 0.2874

I'm currently having a look at bringing in activerecord for the db stuff. It would open up the possibility to easily use other db systems. It would also probably simplify serializing data to and from the db in json format.

Some questions came up:

1. The standalone-migrations gem in the current version depends on nearly everything of rails. The question is if that is something that is ok? It handles all the required rake tasks. The alternative is to just implement("copy from examples") the rake tasks.
2. Migrating the current db: As it is, the current db can not be dumped into the ar-schema format since ar does not know how to handle the "STRING" column type, which doesn't even seem to be a valid sqlite column type and sqlite just seems to ignore it. So either just live with the current db and only implement changes to it using the ar-migrations or create a new one using migrations and definitions from rails and then migrate the data only.
3. Should the uuid string primary / foreign keys be used or use the default integer based keys from activerecord and just keep the uuid columns as unique ones?

Hello,
I'm trying to get this running on a fresh install of Lubuntu 18.04 LTS
I have installed ruby via rbenv which appears to be setup correctly.
I have created _rubywarden user and installed the required gem files as necessary.

I am running the command;

sudo -u _rubywarden env RACK_ENV=production bundle exec rake db:migrate

and receive output

env: 'bundle': no such file or directory.

I further installed gems including rake, exec, bundle (in case that was the issue) with same output.

Any reason as to why I would be seeing this issue? I have tried the ol google with no real result.

@jcs Just thought you should know that there are some breaking changes coming to cipher API models.

1. Cipher.Login.Uri on the request and response models is being deprecated in favor of Cipher.Login.Uris, an array of { "Uri": string, "Match": enum }
2. The cipher response model is being updated to better match the request model. Namely:
   • Data prop is being deprecated.
   • Adding: Name, Notes, and Fields to the root object.
   • Adding: Login, Card, Identity, and SecureNote to the root object (their prop values were part of the dynamic Data property in the past).

Our API will handle these changes in a backwards compatible way for a few iterations since outdated client apps will still be expecting the old models for some time.

These changes are already in the Core API project and refactoring is being done in all client apps over the next few days.

Hello,

Unfortunately I don't have the output from the migration tool (I was ssh'd into my server from a virtual terminal, and didn't think to save the output before fixing it), however it was very similar #63, but on the attachments table - here's what it should have been, based on 63's log:

/home/bitwarden/.rvm/gems/ruby-2.4.4/gems/sqlite3-1.3.13/lib/sqlite3/database.rb:91:in `initialize': SQLite3::SQLException: no such table: attachments: SELECT COUNT(*) FROM "attachments" (ActiveRecord::StatementInvalid)

I was able to fix this by checking out e539b67 (before the attachments were implemented, according to the commit log) and running the migration tool, which then ran successfully.

I should also note that I was 25 commits behind origin/master when I pulled (head at the time was ce9d0c4). If the cause isn't obvious and you can't easily recreate it, I'll grab my old database and run the migration again, and grab the error.

I'm having some trouble setting up this service in a FreeNAS 11.1 jail. It's a fresh jail that I haven't tampered with apart from creating a user for bitwarden, installing RVM and with it Ruby 2.4.1. First I tried to use the port of this service but it appears to be outdated and a test was failing so I decided to clone the repo instead. Now all the tests are passing:

[bitwarden@bitwarden /usr/local/www/bitwarden-ruby]$ bundle exec rake test --trace
** Invoke test (first_time)
** Execute test
/usr/local/www/bitwarden-ruby/lib/bitwarden_ruby.rb:17: warning: setting Encoding.default_external
/usr/local/www/bitwarden-ruby/lib/bitwarden_ruby.rb:17: warning: setting Encoding.default_internal
migrating db from version 0
/usr/local/www/bitwarden-ruby/lib/dbmodel.rb:65: warning: instance variable @columns not initialized
/usr/local/www/bitwarden-ruby/lib/dbmodel.rb:65: warning: instance variable @columns not initialized
/usr/local/www/bitwarden-ruby/lib/dbmodel.rb:65: warning: instance variable @columns not initialized
/usr/local/www/bitwarden-ruby/lib/dbmodel.rb:65: warning: instance variable @columns not initialized
Run options: --seed 46684

# Running:

.......................

Finished in 4.791403s, 4.8003 runs/s, 15.2356 assertions/s.

23 runs, 73 assertions, 0 failures, 0 errors, 0 skips

Looks great. Now I run the service:

[bitwarden@bitwarden /usr/local/www/bitwarden-ruby]$ env RACK_ENV=production ALLOW_SIGNUPS=1 bundle exec rackup -p 4567 config.ru
migrating db from version 0
[2018-07-04 23:44:20] INFO  WEBrick 1.3.1
[2018-07-04 23:44:20] INFO  ruby 2.4.1 (2017-03-22) [x86_64-freebsd11.1]
[2018-07-04 23:44:20] INFO  WEBrick::HTTPServer#start: pid=61867 port=4567

Still looks great. Now if I try to create an account I get the following:

[2018-07-04 23:44:28] ERROR bad Request-Line `\x16\x03\x01\x00▒\x01\x00\x00▒\x03\x03▒▒J▒\x054▒t5ݽ"▒S▒▒\x1C`▒▒▒\x1C▒▒▒▒3UDΨb\x00\x00(▒,▒+▒$▒#▒'.
[2018-07-04 23:44:28] ERROR bad URI `r▒▒,▒U▒▒\x05▒▒x▒TaH▒▒є▒▒▒!▒▒▒\x0F\x00\x00.▒,▒+▒$▒#▒'.
[2018-07-04 23:44:28] ERROR bad URI `▒'.

I've tried to create an account via the Bitwarden provided iOS app as well as the Firefox extension but I keep getting these errors.

I thought it might be an encoding issue (I'm still not convinced it isn't) but my $LANG is en_US.UTF-8 and bitwarden_ruby.rb seems to be setting everything to UTF-8 as well judging by:

Encoding.default_internal = Encoding.default_external = Encoding::UTF_8

That said I'm not very fluent in Ruby.

Anyone have a clue what the problem might be?

Hello @jcs,
A new devices entry is saved into DB each time I login with the same device (chrome browser).
By looking at the code, it seems like it should be uniq per enduser device, right?

Hi

The Gemfile has a constraint for ruby to be < 2.5.0.

Is there any known issue in this regard?

rake test does not fail and I see no issue about it.

Thank you

Any plans to make api compatible ?

BItwarden version : 1.8.0

When create new user, the key start with 2 ("2.KjTfuU9IRwQv/pmhqHO3HA=.....") and i get Invalid key

In the register part the key must start with 0
if !params[:key].to_s.match(/^0\..+\|.+/) return validation_error("Invalid key")

I noticed the following in your README:

All items must be re-encrypted server-side if your master password or e-mail address change (not yet supported).

This is inaccurate. Since the introduction of User.Key (generated 512 bit symmetric key) all items are encrypted with AesCbc256_HmacSha256_B64. The unencrypted version of the generated symmetric key never changes and is generated client-side at the time of account creation. If a user changes their master password, only the master key (via PBKDF2) changes and the generated symmetric key value is re-encrypted (but not changed). Because the generated symmetric key doesn't change, no vault items have to be re-encrypted.

I just want to ensure that you are not using the encryption type of AesCbc256_B64 from the master key for items in your vault. AesCbc256_B64 should only be used to encrypt the 512 bit generated symmetric key with the 256 bit master key.

For more info on bitwarden crypto see: https://help.bitwarden.com/crypto.html

#32 makes me think think that it should be safer to have an option to export the whole db in case the extensions/mobile apps stop working again. (Again, huge thanks to @kspearrin for warning us.)

I suggest that we keep the bitwarden format, basically reverse of https://github.com/jcs/bitwarden-ruby/blob/master/tools/bitwarden_import.rb

How to reproduce:

1. Setup clean rubywarden db
2. Start server (allow registration)
3. Register via Android mobile App
4. Stop server
5. Import CSV (common format). Records like:

folder,favorite,type,name,notes,fields,login_uri,login_username,login_password,
web,,login,site.xx,,,https://site.xx,login,"password",

6. Start server
7. Login into app - storage never shown
8. Manual sync doesn't work either (200 OK from server but sync failed message in app)