[PR #3390] [MERGED] Fix abort on pw reset mail error #3279

New issue

Closed

opened 2026-03-03 09:58:09 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 09:58:09 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/3390
Author: @BlackDex
Created: 3/29/2023
Status: ✅ Merged
Merged: 4/2/2023
Merged by: @dani-garcia

Base: main ← Head: fix-abort-pw-reset-on-mail-error

📝 Commits (1)

2cda54c Fix password reset issues

📊 Changes

1 file changed (+7 additions, -3 deletions)

View changed files

📝 src/api/core/organizations.rs (+7 -3)

📄 Description

There was used a wrong macro to produce an error message when mailing
the user his password was reset failed. It was using error!() which
does not return an Err and aborts the rest of the code.

This resulted in the users password still being resetted, but not being
notified. This PR fixes this by using err!(). Also, do not set the
user object as mutable until it really is needed.

Second, when a user was using the new Argon2id KDF with custom values
like memory and parallelism, that would have rendered the password
incorrect. The endpoint which should return all the data did not
returned all the new Argon2id values. (Thanks to @stefan0xC for spotting the specific culprit).

Fixes #3388

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/3390 **Author:** [@BlackDex](https://github.com/BlackDex) **Created:** 3/29/2023 **Status:** ✅ Merged **Merged:** 4/2/2023 **Merged by:** [@dani-garcia](https://github.com/dani-garcia) **Base:** `main` ← **Head:** `fix-abort-pw-reset-on-mail-error` --- ### 📝 Commits (1) - [`2cda54c`](https://github.com/dani-garcia/vaultwarden/commit/2cda54ceff9fbc2dae0d1d03962fc827e580359e) Fix password reset issues ### 📊 Changes **1 file changed** (+7 additions, -3 deletions) <details> <summary>View changed files</summary> 📝 `src/api/core/organizations.rs` (+7 -3) </details> ### 📄 Description There was used a wrong macro to produce an error message when mailing the user his password was reset failed. It was using `error!()` which does not return an `Err` and aborts the rest of the code. This resulted in the users password still being resetted, but not being notified. This PR fixes this by using `err!()`. Also, do not set the user object as mutable until it really is needed. Second, when a user was using the new Argon2id KDF with custom values like memory and parallelism, that would have rendered the password incorrect. The endpoint which should return all the data did not returned all the new Argon2id values. (Thanks to @stefan0xC for spotting the specific culprit). Fixes #3388 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>