[PR #2354] [MERGED] Update login API code and update crates to fix CVE #3080

New issue

Closed

opened 2026-03-03 09:25:46 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 09:25:46 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/2354
Author: @BlackDex
Created: 3/3/2022
Status: ✅ Merged
Merged: 3/13/2022
Merged by: @dani-garcia

Base: main ← Head: multi-account-login

📝 Commits (1)

c4d565b Update login API code

📊 Changes

14 files changed (+126 additions, -132 deletions)

View changed files

📝 Cargo.lock (+67 -75)
📝 Cargo.toml (+7 -7)
➕ migrations/mysql/2022-03-02-210038_update_devices_primary_key/down.sql (+0 -0)
➕ migrations/mysql/2022-03-02-210038_update_devices_primary_key/up.sql (+4 -0)
➕ migrations/postgresql/2022-03-02-210038_update_devices_primary_key/down.sql (+0 -0)
➕ migrations/postgresql/2022-03-02-210038_update_devices_primary_key/up.sql (+4 -0)
➕ migrations/sqlite/2022-03-02-210038_update_devices_primary_key/down.sql (+0 -0)
➕ migrations/sqlite/2022-03-02-210038_update_devices_primary_key/up.sql (+23 -0)
📝 src/api/identity.rs (+4 -13)
📝 src/auth.rs (+7 -11)
📝 src/db/models/device.rs (+7 -23)
📝 src/db/schemas/mysql/schema.rs (+1 -1)
📝 src/db/schemas/postgresql/schema.rs (+1 -1)
📝 src/db/schemas/sqlite/schema.rs (+1 -1)

📄 Description

Updated jsonwebtoken to latest version
Trim username received from the login form ( Fixes https://github.com/dani-garcia/vaultwarden/issues/2348 )
Make uuid and user_uuid a combined primary key for the devices table ( Fixes https://github.com/dani-garcia/vaultwarden/issues/2295 )
Updated crates including regex which contains a CVE ( https://blog.rust-lang.org/2022/03/08/cve-2022-24713.html )

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/2354 **Author:** [@BlackDex](https://github.com/BlackDex) **Created:** 3/3/2022 **Status:** ✅ Merged **Merged:** 3/13/2022 **Merged by:** [@dani-garcia](https://github.com/dani-garcia) **Base:** `main` ← **Head:** `multi-account-login` --- ### 📝 Commits (1) - [`c4d565b`](https://github.com/dani-garcia/vaultwarden/commit/c4d565b15bfdf34b3278d964a9da53e082fed680) Update login API code ### 📊 Changes **14 files changed** (+126 additions, -132 deletions) <details> <summary>View changed files</summary> 📝 `Cargo.lock` (+67 -75) 📝 `Cargo.toml` (+7 -7) ➕ `migrations/mysql/2022-03-02-210038_update_devices_primary_key/down.sql` (+0 -0) ➕ `migrations/mysql/2022-03-02-210038_update_devices_primary_key/up.sql` (+4 -0) ➕ `migrations/postgresql/2022-03-02-210038_update_devices_primary_key/down.sql` (+0 -0) ➕ `migrations/postgresql/2022-03-02-210038_update_devices_primary_key/up.sql` (+4 -0) ➕ `migrations/sqlite/2022-03-02-210038_update_devices_primary_key/down.sql` (+0 -0) ➕ `migrations/sqlite/2022-03-02-210038_update_devices_primary_key/up.sql` (+23 -0) 📝 `src/api/identity.rs` (+4 -13) 📝 `src/auth.rs` (+7 -11) 📝 `src/db/models/device.rs` (+7 -23) 📝 `src/db/schemas/mysql/schema.rs` (+1 -1) 📝 `src/db/schemas/postgresql/schema.rs` (+1 -1) 📝 `src/db/schemas/sqlite/schema.rs` (+1 -1) </details> ### 📄 Description - Updated jsonwebtoken to latest version - Trim `username` received from the login form ( Fixes https://github.com/dani-garcia/vaultwarden/issues/2348 ) - Make uuid and user_uuid a combined primary key for the devices table ( Fixes https://github.com/dani-garcia/vaultwarden/issues/2295 ) - Updated crates including regex which contains a CVE ( https://blog.rust-lang.org/2022/03/08/cve-2022-24713.html ) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>