starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-26 01:35:54 +03:00
Code Issues 39 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #4430] Organization invites fail based on keywords such as 'lock' in the email. #1884

New issue
Closed
opened 2026-03-03 02:13:04 +03:00 by kerem · 1 comment
kerem commented 2026-03-03 02:13:04 +03:00
Owner
Copy link

Originally created by @gigaion on GitHub (Mar 16, 2024).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/4430

Subject of the issue

Organization invites fail based on keywords such as 'lock' in the email.

Deployment environment

  • vaultwarden version:
    • Vaultwarden version: 1.30.5

  • Install method:

    • Tested on both latest docker running on either Ubuntu or Debian. Also tested on two separate unrelated installations of vaultwarden.

  • Clients used:

    • Web vault (Join Organization Now) link

  • Reverse proxy and version

    • Tested on both Nginx Proxy Manager (NPM) and Cloudflare Tunnels to verify it wasn't the reverse proxy causing the issue.

  • MySQL/MariaDB or PostgreSQL version:

    • PostgreSQL: Docker Image postgres:14.9

  • Other relevant details:

    • I've discovered a temporary work around to the issue. To get around the problem and have the user join do the following:
  1. Invite user to Organization like usual
  2. Have them create account and use link like normal.
  3. After they login and fail to join organization, have them stay on the logged in tab.
  4. While still logged in, copy the invite link and paste it into the Google Chrome browser URL bar and hit enter.
  5. The page will reload but remain logged in, and the link will work successfully on joining the organization.

I am unsure if this is a bug related specifically to Vaultwarden or the Web Vault code by Bitwarden. Any help by people with resources to test this on Bitwarden official clients would be beneficial in this troubleshooting.

Steps to reproduce

  • Install Vaultwarden like usual
  • Create an organization
  • Invite a user that contains a keyword such as 'lock' in it. In my example i did a username like testlock@input-your-domain-here.com
  • When they go to register using the link, they will be unable to join the organization even after doing the registration.
  • Out of 100+ people invited, there is a possibility this affects more then just the keyword 'lock', and I am actively going to start troubleshooting with another user to see if another blocked keyword exists.

Expected behaviour

  • User should be able to join organization like any other user.

Actual behaviour

  • User organization invite link does nothing for joining organization, unless you do the workaround method.
Originally created by @gigaion on GitHub (Mar 16, 2024). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/4430 ### Subject of the issue Organization invites fail based on keywords such as 'lock' in the email. ### Deployment environment * vaultwarden version: - Vaultwarden version: 1.30.5 <!-- How the server was installed: Docker image, OS package, built from source, etc. --> * Install method: - Tested on both latest docker running on either Ubuntu or Debian. Also tested on two separate unrelated installations of vaultwarden. * Clients used: <!-- web vault, desktop, Android, iOS, etc. (if applicable) --> - Web vault (Join Organization Now) link * Reverse proxy and version - Tested on both Nginx Proxy Manager (NPM) and Cloudflare Tunnels to verify it wasn't the reverse proxy causing the issue. * MySQL/MariaDB or PostgreSQL version: <!-- if applicable --> - PostgreSQL: Docker Image postgres:14.9 * Other relevant details: - I've discovered a temporary work around to the issue. To get around the problem and have the user join do the following: 1. Invite user to Organization like usual 2. Have them create account and use link like normal. 3. After they login and fail to join organization, have them stay on the logged in tab. 4. While still logged in, copy the invite link and paste it into the Google Chrome browser URL bar and hit enter. 5. The page will reload but remain logged in, and the link will work successfully on joining the organization. I am unsure if this is a bug related specifically to Vaultwarden or the Web Vault code by Bitwarden. Any help by people with resources to test this on Bitwarden official clients would be beneficial in this troubleshooting. ### Steps to reproduce - Install Vaultwarden like usual - Create an organization - Invite a user that contains a keyword such as 'lock' in it. In my example i did a username like testlock@input-your-domain-here.com - When they go to register using the link, they will be unable to join the organization even after doing the registration. - Out of 100+ people invited, there is a possibility this affects more then just the keyword 'lock', and I am actively going to start troubleshooting with another user to see if another blocked keyword exists. ### Expected behaviour - User should be able to join organization like any other user. ### Actual behaviour - User organization invite link does nothing for joining organization, unless you do the workaround method.
kerem closed this issue 2026-03-03 02:13:04 +03:00
kerem commented 2026-03-03 02:13:05 +03:00
Author
Owner
Copy link

@stefan0xC commented on GitHub (Mar 17, 2024):

I can't reproduce this (using Firefox). If I invite a user with a "lock" in the email address, open a new tab and open the join link, create an account and login using this join link, the organization invitation is accepted immediately.

To reproduce this I have to create an account and login without using the join link and then open the join link in the same tab. Then after selecting login and signing in again, nothing happens. Only when I then paste the join link again (in the same tab!) the invitation is accepted.

As far as I've looked into it this is an issue with the web vault that according to this comment requires users to be in a logged out state to accept the organization. (And this happens regardless of a specific keyword in the user's email.)

<!-- gh-comment-id:2002303311 --> @stefan0xC commented on GitHub (Mar 17, 2024): I can't reproduce this (using Firefox). If I invite a user with a "lock" in the email address, open a new tab and open the join link, create an account and login using this join link, the organization invitation is accepted immediately. To reproduce this I have to create an account and login without using the join link and then open the join link in the same tab. Then after selecting login and signing in again, nothing happens. Only when I then paste the join link again (in the same tab!) the invitation is accepted. As far as I've looked into it this is an issue with the web vault that [according to this comment requires users to be in a logged out state to accept the organization](https://github.com/bitwarden/clients/blob/web-v2024.2.2/apps/web/src/app/auth/accept-organization.component.ts#L61). (And this happens regardless of a specific keyword in the user's email.)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
revert-7033-patch-1
cached-config-operations
test_dylint
1.35.8
1.35.7
1.35.6
1.35.5
1.35.4
1.35.3
1.35.2
1.35.1
1.35.0
1.34.3
1.34.2
1.34.1
1.34.0
1.33.2
1.33.1
1.33.0
1.32.7
1.32.6
1.32.5
1.32.4
1.32.3
1.32.2
1.32.1
1.32.0
1.31.0
1.30.5
1.30.4
1.30.3
1.30.2
1.30.1
1.30.0
1.29.2
1.29.1
1.29.0
1.28.1
1.28.0
1.27.0
1.26.0
1.25.2
1.25.1
1.25.0
1.24.0
1.23.1
1.23.0
1.22.2
1.22.1
1.22.0
1.21.0
1.20.0
1.19.0
1.18.0
1.17.0
1.16.3
1.16.2
1.16.1
1.16.0
1.15.1
1.15.0
1.14.2
1.14.1
1.14
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.1
1.9.0
1.8.0
1.7.0
1.6.1
1.6.0
1.5.0
1.4.0
1.3.0
1.2.0
1.1.0
1.0.0
0.13.0
0.12.0
0.11.0
0.10.0
0.9.0
Labels
Clear labels   
SSO

   
Third party

   
better for forum

   
bug

   
bug

   
documentation

   
duplicate

   
enhancement

   
future Vault

   
future Vault

   
future Vault

   
good first issue

   
help wanted

   
low priority

   
notes

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
troubleshooting

   
wontfix
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden#1884
No description provided.