Update bitwarden_rs.env

conf/bitwarden_rs.env

@@ -37,14 +37,10 @@ WEBSOCKET_ENABLED=true
 WEBSOCKET_ADDRESS=127.0.0.1
 WEBSOCKET_PORT=__WEBSOCKET_PORT__
 
-## Enable extended logging
-## This shows timestamps and allows logging to file and to syslog
-### To enable logging to file, use the LOG_FILE env variable
-### To enable syslog, use the USE_SYSLOG env variable
+## Enable extended logging, which shows timestamps and targets in the logs
 # EXTENDED_LOGGING=true
 
 ## Logging to file
-## This requires extended logging
 ## It's recommended to also set 'ROCKET_CLI_COLORS=off'
 LOG_FILE=/var/log/__APP__/__APP__.log
 
@@ -56,7 +52,8 @@ LOG_FILE=/var/log/__APP__/__APP__.log
 ## Log level
 ## Change the verbosity of the log output
 ## Valid values are "trace", "debug", "info", "warn", "error" and "off"
-## This requires extended logging
+## Setting it to "trace" or "debug" would also show logs for mounted 
+## routes and static file, websocket and alive requests
 # LOG_LEVEL=Info
 
 ## Enable WAL for the DB
@@ -95,6 +92,24 @@ LOG_FILE=/var/log/__APP__/__APP__.log
 ## Controls if new users can register
 SIGNUPS_ALLOWED=false
 
+## Controls if new users need to verify their email address upon registration
+## Note that setting this option to true prevents logins until the email address has been verified!
+## The welcome email will include a verification link, and login attempts will periodically
+## trigger another verification email to be sent.
+# SIGNUPS_VERIFY=false
+
+## If SIGNUPS_VERIFY is set to true, this limits how many seconds after the last time
+## an email verification link has been sent another verification email will be sent
+# SIGNUPS_VERIFY_RESEND_TIME=3600
+
+## If SIGNUPS_VERIFY is set to true, this limits how many times an email verification
+## email will be re-sent upon an attempted login.
+# SIGNUPS_VERIFY_RESEND_LIMIT=6
+
+## Controls if new users from a list of comma-separated domains can register
+## even if SIGNUPS_ALLOWED is set to false
+# SIGNUPS_DOMAINS_WHITELIST=example.com,example.net,example.org
+
 ## Token for the admin interface, preferably use a long random string
 ## One option is to use 'openssl rand -base64 48'
 ## If not set, the admin panel is disabled
@@ -140,6 +155,18 @@ DOMAIN=https://__DOMAIN__
 ## After that, you should be able to follow the rest of the guide linked above,
 ## ignoring the fields that ask for the values that you already configured beforehand.
 
+## Authenticator Settings
+## Disable authenticator time drifted codes to be valid.
+## TOTP codes of the previous and next 30 seconds will be invalid
+## 
+## According to the RFC6238 (https://tools.ietf.org/html/rfc6238),
+## we allow by default the TOTP code which was valid one step back and one in the future.
+## This can however allow attackers to be a bit more lucky with there attempts because there are 3 valid codes.
+## You can disable this, so that only the current TOTP Code is allowed.
+## Keep in mind that when a sever drifts out of time, valid codes could be marked as invalid.
+## In any case, if a code has been used it can not be used again, also codes which predates it will be invalid.
+# AUTHENTICATOR_DISABLE_TIME_DRIFT = false
+
 ## Rocket specific settings, check Rocket documentation to learn more
 # ROCKET_ENV=staging
 ROCKET_ADDRESS=127.0.0.1 # Enable this to test mobile app
@@ -157,3 +184,4 @@ SMTP_SSL=false
 # SMTP_USERNAME=username
 # SMTP_PASSWORD=password
 # SMTP_AUTH_MECHANISM="Plain"
+# SMTP_TIMEOUT=15