starred/vaultwarden

Fork 0

mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-26 01:35:54 +03:00

[GH-ISSUE #357] Cannot register U2F key #203

New issue

Closed

opened 2026-03-03 01:26:37 +03:00 by kerem · 6 comments

kerem commented

2026-03-03 01:26:37 +03:00

Owner

Originally created by @neoautomata on GitHub (Jan 21, 2019).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/357

I'm unable to register a U2F key.

The javascript console log says:

listening for key...
error: 2

Server side says:

[2019-01-21 19:04:01][rocket::rocket][INFO] POST /api/two-factor/get-u2f-challenge application/json; charset=utf-8:
[2019-01-21 19:04:01][_][INFO] Matched: POST /api/two-factor/get-u2f-challenge (generate_u2f_challenge)
[2019-01-21 19:04:01][_][INFO] Outcome: Success
[2019-01-21 19:04:01][_][INFO] Response succeeded.

I have set the DOMAIN environment variable (including https:// but not port 443). /app-id.json has the correct contents (and includes port 443). I've also set ROCKET_PORT=443.

The SSL cert is from LetsEncypt and shows as valid. I'm using Chrome.

Originally created by @neoautomata on GitHub (Jan 21, 2019). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/357 I'm unable to register a U2F key. The javascript console log says: ``` listening for key... error: 2 ``` Server side says: ``` [2019-01-21 19:04:01][rocket::rocket][INFO] POST /api/two-factor/get-u2f-challenge application/json; charset=utf-8: [2019-01-21 19:04:01][_][INFO] Matched: POST /api/two-factor/get-u2f-challenge (generate_u2f_challenge) [2019-01-21 19:04:01][_][INFO] Outcome: Success [2019-01-21 19:04:01][_][INFO] Response succeeded. ``` I have set the `DOMAIN` environment variable (including `https://` but not port `443`). `/app-id.json` has the correct contents (and includes port `443`). I've also set `ROCKET_PORT=443`. The SSL cert is from LetsEncypt and shows as valid. I'm using Chrome.

kerem closed this issue

2026-03-03 01:26:38 +03:00

kerem commented

2026-03-03 01:26:38 +03:00

Author

Owner

@dani-garcia commented on GitHub (Jan 21, 2019):

Error code 2 is usually because the URLs don't match. If the url in the app-id.json contains the port, then you need to include the port in the browsers URL for it to work.

Also, the app-id.json contains the same value as the DOMAIN var, so I'm not sure how it's possible for it to show the port in the app-id.json if it's not included in the variable.

@dani-garcia commented on GitHub (Jan 21, 2019): Error code 2 is usually because the URLs don't match. If the url in the app-id.json contains the port, then you need to include the port in the browsers URL for it to work. Also, the app-id.json contains the same value as the DOMAIN var, so I'm not sure how it's possible for it to show the port in the app-id.json if it's not included in the variable.

kerem commented

2026-03-03 01:26:38 +03:00

Author

Owner

@neoautomata commented on GitHub (Jan 21, 2019):

I will try changing to another port and see if that works.

The environment variable doesn't include the port though:

# docker inspect -f    '{{range $index, $value := .Config.Env}}{{$value}} {{end}}' bitwarden
SIGNUPS_ALLOWED=false ADMIN_TOKEN=<redacted> ROCKET_TLS={certs="/ssl/certs.pem",key="/ssl/key.pem"} ROCKET_PORT=443 DOMAIN=https://my.tld.com LOG_FILE=/data/bitwarden.log PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ROCKET_ENV=staging ROCKET_WORKERS=10

The app-id.json does:

{"trustedFacets":[{"ids":["https://my.tld.com:443","ios:bundle-id:com.8bit.bitwarden","android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI"],"version":{"major":1,"minor":0}}]}

@neoautomata commented on GitHub (Jan 21, 2019): I will try changing to another port and see if that works. The environment variable doesn't include the port though: ```shell # docker inspect -f '{{range $index, $value := .Config.Env}}{{$value}} {{end}}' bitwarden SIGNUPS_ALLOWED=false ADMIN_TOKEN=<redacted> ROCKET_TLS={certs="/ssl/certs.pem",key="/ssl/key.pem"} ROCKET_PORT=443 DOMAIN=https://my.tld.com LOG_FILE=/data/bitwarden.log PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ROCKET_ENV=staging ROCKET_WORKERS=10 ``` The `app-id.json` does: ``` {"trustedFacets":[{"ids":["https://my.tld.com:443","ios:bundle-id:com.8bit.bitwarden","android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI"],"version":{"major":1,"minor":0}}]} ```

kerem commented

2026-03-03 01:26:38 +03:00

Author

Owner

@neoautomata commented on GitHub (Jan 21, 2019):

It does work when I use a different port. I used 4343 for both ROCKET_PORT and in the DOMAIN.

However, I'd like to run it on the standard port 443. I can't just add :443 to the end of the URL since chrome strips it off. It seems like this is being mistakenly added in app-id.json even though I didn't specify it in DOMAIN.

@neoautomata commented on GitHub (Jan 21, 2019): It does work when I use a different port. I used `4343` for both `ROCKET_PORT` and in the `DOMAIN`. However, I'd like to run it on the standard port `443`. I can't just add `:443` to the end of the URL since chrome strips it off. It seems like this is being mistakenly added in `app-id.json` even though I didn't specify it in `DOMAIN`.

kerem commented

2026-03-03 01:26:39 +03:00

Author

Owner

@dani-garcia commented on GitHub (Jan 21, 2019):

I don't see how that could be happening, in the app-id.json we just copy the DOMAIN var there, if the var doesn't have a port then there shouldn't be a port there.

For me. using:

DOMAIN=https://bw.domain.tld
ROCKET_TLS={certs="data/cert.pem",key="data/key.pem"}
ROCKET_PORT=443

and going to https://bw.domain.tld/app-id.json gets me

{"trustedFacets":[{"ids":["https://bw.domain.tld","ios:bundle-id:com.8bit.bitwarden","android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI"],"version":{"major":1,"minor":0}}]}

@dani-garcia commented on GitHub (Jan 21, 2019): I don't see how that could be happening, in the app-id.json we just copy the DOMAIN var there, if the var doesn't have a port then there shouldn't be a port there. For me. using: ``` DOMAIN=https://bw.domain.tld ROCKET_TLS={certs="data/cert.pem",key="data/key.pem"} ROCKET_PORT=443 ``` and going to `https://bw.domain.tld/app-id.json` gets me ``` {"trustedFacets":[{"ids":["https://bw.domain.tld","ios:bundle-id:com.8bit.bitwarden","android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI"],"version":{"major":1,"minor":0}}]} ```

kerem commented

2026-03-03 01:26:39 +03:00

Author

Owner

@neoautomata commented on GitHub (Jan 21, 2019):

I am also just as confused, especially since I couldn't find any references to ROCKET_PORT or 443 in the code.

I had copy-pasted the parts above, and when I just went back and refreshed on app-id.json to make sure I wasn't crazy the file changed to drop the :443. I can only speculate that there was some kind of caching going on since I think I put an explicit port around this time yesterday when I tried it. That issue seems resolved.

I can get past the part where it asks for a touch. When I click the save button I hit a different error though:

The UI says: An error has occurred. U2fError

Server side it has:

[2019-01-21 20:37:50][rocket::rocket][INFO] PUT /api/two-factor/u2f application/json; charset=utf-8:
[2019-01-21 20:37:50][_][INFO] Matched: PUT /api/two-factor/u2f (activate_u2f_put)
[2019-01-21 20:37:50][bitwarden_rs::error][ERROR] U2fError.
[CAUSE] NotTrustedAnchor
[2019-01-21 20:37:50][_][INFO] Outcome: Success
[2019-01-21 20:37:50][_][INFO] Response succeeded.

This seems to be Issue 272: U2F registration returns NotTrustedAnchor. Feel free to close this one.

Also, thanks for the prompt help, that was super fast and impressive :-)

@neoautomata commented on GitHub (Jan 21, 2019): I am also just as confused, especially since I couldn't find any references to `ROCKET_PORT` or `443` in the code. I had copy-pasted the parts above, and when I just went back and refreshed on `app-id.json` to make sure I wasn't crazy the file changed to drop the `:443`. I can only speculate that there was some kind of caching going on since I think I put an explicit port around this time yesterday when I tried it. That issue seems resolved. I can get past the part where it asks for a touch. When I click the save button I hit a different error though: The UI says: `An error has occurred. U2fError` Server side it has: ``` [2019-01-21 20:37:50][rocket::rocket][INFO] PUT /api/two-factor/u2f application/json; charset=utf-8: [2019-01-21 20:37:50][_][INFO] Matched: PUT /api/two-factor/u2f (activate_u2f_put) [2019-01-21 20:37:50][bitwarden_rs::error][ERROR] U2fError. [CAUSE] NotTrustedAnchor [2019-01-21 20:37:50][_][INFO] Outcome: Success [2019-01-21 20:37:50][_][INFO] Response succeeded. ``` This seems to be [Issue 272: U2F registration returns NotTrustedAnchor](https://github.com/dani-garcia/bitwarden_rs/issues/272). Feel free to close this one. Also, thanks for the prompt help, that was super fast and impressive :-)

kerem commented

2026-03-03 01:26:39 +03:00

Author

Owner

@dani-garcia commented on GitHub (Jan 21, 2019):

Great, we can continue in the other thread for that issue.

@dani-garcia commented on GitHub (Jan 21, 2019): Great, we can continue in the other thread for that issue.

kerem referenced this issue

2026-03-03 08:36:27 +03:00

[PR #221] [MERGED] Disable WebSockets negotiation by default #2673