dani-garcia/vaultwarden

[META] Feature Requests

Open

#246 opened on Nov 9, 2018

View on GitHub
 (248 comments) (128 reactions) (0 assignees)Rust (60,267 stars) (2,786 forks)batch import
enhancementhelp wantednotes

Description

To avoid cluttering the issue tracker with feature requests, please comment any requests here and we'll keep a list.

When available, I've linked a related issue or comment to add context to the request.

Authentication

Database support

Admin page

  • Allow disabling users so they can't log in, without deleting their data. (Added via #1247)
  • 2FA support
  • Hashed secret
  • one-time-email login (a.k.a. Bitwarden style)
  • Add option to remove 2FA devices from users (#431)
  • Add option to set default cipher URL matching (#432)
  • Show more user info? (organizations and their user status in them, last connected date...)
    • Show organizations per user
    • Show the amount of attachments
    • Show the amount of chipers
    • Last login date (Added via #1245)
    • Multiple other items
  • Vaultwarden version info and update notification?
    • Version information and updates can be found in the admin panel /admin/diagnostics
    • Notifications about several items.
    • Compare time of the server/host/container and the browser with NTP.
  • Keep changed settings in the form instead of reset them on input/submit error (See #4017)

Security

  • Set a configurable limit for the 2FA remember token, upstream uses 30 days (Maybe use JWT?).
  • Lock accounts after X login failures, configurable. (Rate limiting is a better option, else this would give people with bad intentions the option to lock everybody out from the specific vault)
  • Rate limiting of API requests Either by documentation using third party tools, firewall, reverse proxy etc.. Or maybe built in without to much hassel #723
  • Rate limiting logins both admin and vault (Added via #2165)
  • Do not run the container as root user (See #4358)

Docker images

  • Debian based both ARM and AMD64
    • SQLite
    • MySQL
    • PostgreSQL
    • Multi Database
  • Alpine based images (static/musl)
    • SQLite
    • MySQL (Added via #2172)
    • PostgreSQL (Added via #1252 and #2172)

Other

  • My Items support as documented here https://bitwarden.com/blog/bring-complete-reporting-and-centralized-control-to-your-organization-vault/ (See: #6579 )
  • Add XoAuth2 support to fetch the token from the SMTP Provider and refresh used by Google or Microsoft
  • Verify database collation to prevent issues (See: #1182 and #1184)
  • Batch all the bulk database operations in the same transaction (import ciphers, move selected ciphers, purge vault, etc.)
  • Make email and U2F use the same domain-guessing used by attachments
  • Groups support #245 (NOTE (2022-12-15): This feature has some known issues! - Added via #2846)
  • Manager support (Added via #1136)
  • Log rotation / management #305
  • Run Vaultwarden at suburl #241
  • Audit log #229 (Added via: #2868 )
  • Push notifications #126 (Added via #3304)
    • Workaround: WebSockets provide notifications in web vault and browser extensions (maybe desktop app too?)
  • Implement Recover and Delete:
    • calls this endpoint /api/accounts/delete-recover with {"email":"provided@email.address"} param
    • we need to generate email that will provide a link to delete the account with some token to verify email ownership
    • Workaround: Delete user from admin panel and let them create new account
  • Add Custom Role support for granular control of user permissions (https://bitwarden.com/help/article/user-types-access-control/#custom-role)
  • Add Personal Ownership support (https://bitwarden.com/help/article/policies/#personal-ownership) (Added via #1326)
  • Add Organizational Admin Password Reset support (https://bitwarden.com/help/admin-reset/) (See: #1820)
  • Add Bitwarden Public API endpoints (https://bitwarden.com/help/public-api/) (Needs: Org API Key support) (Partially added to support Bitwarden Directory Connector v2022.11.0)
  • Run WebSockets on the same port as HTTP (third-party depends on Rocket support) (See: #685 / #2917) (Added via #3404)

If anyone wants to help implementing these features, we are available here or on the matrix channel to help guide you as much as we can.

Contributor guide

Tech stack
rustsqldocker
Domain
backend
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
5
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
over 1 week
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
active
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
mostly clear
Prerequisites
RustDatabase knowledge
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
10
Research direction
This is a meta issue tracking many feature requests for Vaultwarden, a Rust based Bitwarden server. It is not a single actionable task; first time contributors should select one uncompleted item from the list, such as OAuth/SSO or database migration, and then examine any linked issues or pull requests for context. Discussing the chosen feature on the issue or matrix channel is recommended before starting implementation.