Update u2f to 0.2, which requires OpenSSL but also might solve the problems we've had with certificates.

The rust image doesn't need installing curl or tar, so removed. Also collapsed ENV lines.

Cargo.toml

@@ -14,7 +14,7 @@ build = "build.rs"
 # Empty to keep compatibility, prefer to set USE_SYSLOG=true
 enable_syslog = []
 mysql = ["diesel/mysql", "diesel_migrations/mysql"]
-postgresql = ["diesel/postgres", "diesel_migrations/postgres", "openssl"]
+postgresql = ["diesel/postgres", "diesel_migrations/postgres"]
 sqlite = ["diesel/sqlite", "diesel_migrations/sqlite", "libsqlite3-sys"]
 
 [target."cfg(not(windows))".dependencies]
@@ -75,7 +75,7 @@ data-encoding = "2.1.2"
 jsonwebtoken = "6.0.1"
 
 # U2F library
-u2f = "0.1.6"
+u2f = "0.2.0"
 
 # Yubico Library
 yubico = { version = "0.7.1", features = ["online-tokio"], default-features = false }
@@ -107,8 +107,8 @@ soup = "0.4.1"
 regex = "1.3.3"
 data-url = "0.1.0"
 
-# Required for SSL support for PostgreSQL
+# Used by U2F, JWT and Postgres
-openssl = { version = "0.10.26", optional = true }
+openssl = "0.10.26"
 
 # URL encoding library
 percent-encoding = "2.1.0"

docker/Dockerfile.j2

@@ -36,21 +36,10 @@ ENV VAULT_VERSION "v2.12.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
 {% if "alpine" in vault_stage_base_image %}
-RUN apk add --no-cache --upgrade \
+RUN apk add --no-cache --upgrade curl tar
-    curl \
-    tar
 {% else %}
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
-
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        curl \
-        tar
 {% endif %}
 
 RUN mkdir /web-vault
@@ -88,10 +77,7 @@ ARG DB=postgresql
 
 {% endif %}
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/aarch64/mysql/Dockerfile

@@ -12,16 +12,7 @@ ENV VAULT_VERSION "v2.12.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
-
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        curl \
-        tar
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -40,10 +31,7 @@ FROM rust:1.40 as build
 ARG DB=mysql
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/aarch64/sqlite/Dockerfile

@@ -12,16 +12,7 @@ ENV VAULT_VERSION "v2.12.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
-
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        curl \
-        tar
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -40,10 +31,7 @@ FROM rust:1.40 as build
 ARG DB=sqlite
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/amd64/mysql/Dockerfile

@@ -12,16 +12,7 @@ ENV VAULT_VERSION "v2.12.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
-
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        curl \
-        tar
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -40,10 +31,7 @@ FROM rust:1.40 as build
 ARG DB=mysql
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/amd64/mysql/Dockerfile.alpine

@@ -11,9 +11,7 @@ ENV VAULT_VERSION "v2.12.0b"
 
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
-RUN apk add --no-cache --upgrade \
+RUN apk add --no-cache --upgrade curl tar
-    curl \
-    tar
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -31,10 +29,7 @@ FROM clux/muslrust:nightly-2019-12-19 as build
 ARG DB=mysql
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/amd64/postgresql/Dockerfile

@@ -12,16 +12,7 @@ ENV VAULT_VERSION "v2.12.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
-
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        curl \
-        tar
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -40,10 +31,7 @@ FROM rust:1.40 as build
 ARG DB=postgresql
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/amd64/postgresql/Dockerfile.alpine

@@ -11,9 +11,7 @@ ENV VAULT_VERSION "v2.12.0b"
 
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
-RUN apk add --no-cache --upgrade \
+RUN apk add --no-cache --upgrade curl tar
-    curl \
-    tar
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -31,10 +29,7 @@ FROM clux/muslrust:nightly-2019-12-19 as build
 ARG DB=postgresql
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/amd64/sqlite/Dockerfile

@@ -12,16 +12,7 @@ ENV VAULT_VERSION "v2.12.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
-
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        curl \
-        tar
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -40,10 +31,7 @@ FROM rust:1.40 as build
 ARG DB=sqlite
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/amd64/sqlite/Dockerfile.alpine

@@ -11,9 +11,7 @@ ENV VAULT_VERSION "v2.12.0b"
 
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
-RUN apk add --no-cache --upgrade \
+RUN apk add --no-cache --upgrade curl tar
-    curl \
-    tar
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -31,10 +29,7 @@ FROM clux/muslrust:nightly-2019-12-19 as build
 ARG DB=sqlite
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/armv6/mysql/Dockerfile

@@ -12,16 +12,7 @@ ENV VAULT_VERSION "v2.12.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
-
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        curl \
-        tar
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -40,10 +31,7 @@ FROM rust:1.40 as build
 ARG DB=mysql
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/armv6/sqlite/Dockerfile

@@ -12,16 +12,7 @@ ENV VAULT_VERSION "v2.12.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
-
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        curl \
-        tar
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -40,10 +31,7 @@ FROM rust:1.40 as build
 ARG DB=sqlite
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/armv7/mysql/Dockerfile

@@ -12,16 +12,7 @@ ENV VAULT_VERSION "v2.12.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
-
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        curl \
-        tar
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -40,10 +31,7 @@ FROM rust:1.40 as build
 ARG DB=mysql
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/armv7/sqlite/Dockerfile

@@ -12,16 +12,7 @@ ENV VAULT_VERSION "v2.12.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
-
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        curl \
-        tar
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -40,10 +31,7 @@ FROM rust:1.40 as build
 ARG DB=sqlite
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

src/api/core/two_factor/u2f.rs

@@ -92,6 +92,7 @@ struct RegistrationDef {
     key_handle: Vec<u8>,
     pub_key: Vec<u8>,
     attestation_cert: Option<Vec<u8>>,
+    device_name: Option<String>,
 }
 
 #[derive(Serialize, Deserialize)]