starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-25 17:25:57 +03:00
Code Issues 39 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #85] Password hints not available #43

New issue
Closed
opened 2026-03-03 01:24:07 +03:00 by kerem · 17 comments
kerem commented 2026-03-03 01:24:07 +03:00
Owner
Copy link

Originally created by @opcod3 on GitHub (Jul 15, 2018).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/85

The api endpoint for getting password hints appears to be unimplemented. When either through a client or through the webapp, a user requests a password hint an Errors have occurred message pops up.

The server log reports:

POST /api/accounts/password-hint application/json; charset=UTF-8:
    => Error: No matching routes for POST /api/accounts/password-hint application/json; charset=UTF-8.
    => Warning: Responding with 404 Not Found catcher.
    => Response succeeded.
Originally created by @opcod3 on GitHub (Jul 15, 2018). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/85 The api endpoint for getting password hints appears to be unimplemented. When either through a client or through the webapp, a user requests a password hint an `Errors have occurred` message pops up. The server log reports: ``` POST /api/accounts/password-hint application/json; charset=UTF-8: => Error: No matching routes for POST /api/accounts/password-hint application/json; charset=UTF-8. => Warning: Responding with 404 Not Found catcher. => Response succeeded. ```
kerem 2026-03-03 01:24:07 +03:00
kerem commented 2026-03-03 01:24:08 +03:00
Author
Owner
Copy link

@mprasil commented on GitHub (Jul 15, 2018):

We do save the hint on account creation and we also have find_by_mail implemented for User, so this one should be fairly easy to implement.

<!-- gh-comment-id:405094125 --> @mprasil commented on GitHub (Jul 15, 2018): We do save the hint on account creation and we also have `find_by_mail` implemented for `User`, so this one should be fairly easy to implement.
kerem commented 2026-03-03 01:24:08 +03:00
Author
Owner
Copy link

@dani-garcia commented on GitHub (Jul 15, 2018):

The problem is I think that endpoint just sends an email to the user and doesn't return anything, so I'm not sure we can implement it in any way without SMTP support first.

<!-- gh-comment-id:405095559 --> @dani-garcia commented on GitHub (Jul 15, 2018): The problem is I think that endpoint just sends an email to the user and doesn't return anything, so I'm not sure we can implement it in any way without SMTP support first.
kerem commented 2026-03-03 01:24:08 +03:00
Author
Owner
Copy link

@mprasil commented on GitHub (Jul 15, 2018):

Oh, that makes things a bit more complicated. Maybe we could return an error with the hint as error message then?

<!-- gh-comment-id:405095700 --> @mprasil commented on GitHub (Jul 15, 2018): Oh, that makes things a bit more complicated. Maybe we could return an error with the hint as error message then?
kerem commented 2026-03-03 01:24:08 +03:00
Author
Owner
Copy link

@dani-garcia commented on GitHub (Jul 15, 2018):

That could be possible, it depends on if the web-vault actually shows the error message sent, because in some cases it just shows a generic error message.

<!-- gh-comment-id:405095986 --> @dani-garcia commented on GitHub (Jul 15, 2018): That could be possible, it depends on if the web-vault actually shows the error message sent, because in some cases it just shows a generic error message.
kerem commented 2026-03-03 01:24:08 +03:00
Author
Owner
Copy link

@stammw commented on GitHub (Aug 8, 2018):

Hello,

I'd like to try to solve this one, I'm really excited to try contributing to a rocket-rs based project!

Should I implement it returning the hint into the error response, or could I try to implement a minimal SMTP support ? Following these implementation and configuration ?

<!-- gh-comment-id:411375803 --> @stammw commented on GitHub (Aug 8, 2018): Hello, I'd like to try to solve this one, I'm really excited to try contributing to a rocket-rs based project! Should I implement it returning the hint into the error response, or could I try to implement a minimal SMTP support ? Following these [implementation](https://github.com/bitwarden/core/blob/b2e6b49b14a98cc2b315a1017cf3473eddba0f33/src/Core/Services/Implementations/HandlebarsMailService.cs#L108) and [configuration](https://github.com/bitwarden/core/blob/master/util/Setup/EnvironmentFileBuilder.cs#L57) ?
kerem commented 2026-03-03 01:24:08 +03:00
Author
Owner
Copy link

@mprasil commented on GitHub (Aug 8, 2018):

Hey, why not both? 😄

Returning the hint in error message is unverified concept. We're not sure the client will display it, but if it's same as the other endpoints, it should. It should be fairly easy to test and implement though, so I'd advise to start with this.

The smtp implementation is going to be quite a lot of code. For example we need to add email verification first otherwise the api could be abused for spam. Also we need to make sure all of this will stay optional.

<!-- gh-comment-id:411381541 --> @mprasil commented on GitHub (Aug 8, 2018): Hey, why not both? 😄 Returning the hint in error message is unverified concept. We're not sure the client will display it, but if it's same as the other endpoints, it should. It should be fairly easy to test and implement though, so I'd advise to start with this. The smtp implementation is going to be quite a lot of code. For example we need to add email verification first otherwise the api could be abused for spam. Also we need to make sure all of this will stay optional.
kerem commented 2026-03-03 01:24:08 +03:00
Author
Owner
Copy link

@opcod3 commented on GitHub (Aug 8, 2018):

If it is possible to have the client display a custom error message, how about having the server optionally display the hint there? I know it's quite insecure but it could still be useful for small/single user installations where you are mindful of the hint being public, so it's something that meaningful only to you. This would allow forgetful people, like me, to still get hints without the trouble of setting up SMTP.

<!-- gh-comment-id:411404495 --> @opcod3 commented on GitHub (Aug 8, 2018): If it is possible to have the client display a custom error message, how about having the server optionally display the hint there? I know it's quite insecure but it could still be useful for small/single user installations where you are mindful of the hint being public, so it's something that meaningful only to you. This would allow forgetful people, like me, to still get hints without the trouble of setting up SMTP.
kerem commented 2026-03-03 01:24:09 +03:00
Author
Owner
Copy link

@mprasil commented on GitHub (Aug 8, 2018):

Yeah, that's the idea behind the first approach. Server can return error json data with the message as one of the fields. Normally the handler on the client side shows the message as an error notification.

<!-- gh-comment-id:411414505 --> @mprasil commented on GitHub (Aug 8, 2018): Yeah, that's the idea behind the first approach. Server can return error json data with the message as one of the fields. Normally the handler on the client side shows the message as an error notification.
kerem commented 2026-03-03 01:24:09 +03:00
Author
Owner
Copy link

@stammw commented on GitHub (Aug 9, 2018):

In what form should the option be handled? There can be a boolean option like "show password hint", or the controller could return the hint only in the case of absence of a valid SMTP configuration?

<!-- gh-comment-id:411649111 --> @stammw commented on GitHub (Aug 9, 2018): In what form should the option be handled? There can be a boolean option like "show password hint", or the controller could return the hint only in the case of absence of a valid SMTP configuration?
kerem commented 2026-03-03 01:24:09 +03:00
Author
Owner
Copy link

@mprasil commented on GitHub (Aug 9, 2018):

I think separate option (can default to true) would be better. Some people might still want to use this hint hack even with smtp available.

<!-- gh-comment-id:411736035 --> @mprasil commented on GitHub (Aug 9, 2018): I think separate option (can default to true) would be better. Some people might still want to use this hint hack even with smtp available.
kerem commented 2026-03-03 01:24:09 +03:00
Author
Owner
Copy link

@stammw commented on GitHub (Aug 10, 2018):

As mprasil pointed out, the web-vault 2.x doesn't show the error message. This hack will then be useless.

Should I try to implement SMTP then ?

<!-- gh-comment-id:412101670 --> @stammw commented on GitHub (Aug 10, 2018): As mprasil pointed out, the web-vault 2.x doesn't show the error message. This hack will then be useless. Should I try to implement SMTP then ?
kerem commented 2026-03-03 01:24:09 +03:00
Author
Owner
Copy link

@mprasil commented on GitHub (Aug 12, 2018):

There's a lot of functionality that would benefit from SMTP, but it's probably a bit more involved implementation to do that. If you feel like working on this @stammw and as long as it's optional, I'm sure the PR would be appreciated.

<!-- gh-comment-id:412372153 --> @mprasil commented on GitHub (Aug 12, 2018): There's a lot of functionality that would benefit from SMTP, but it's probably a bit more involved implementation to do that. If you feel like working on this @stammw and as long as it's optional, I'm sure the PR would be appreciated.
kerem commented 2026-03-03 01:24:09 +03:00
Author
Owner
Copy link

@stammw commented on GitHub (Aug 13, 2018):

Great,

I was planning to dive into a SMTP integration with letter and handlebars.

I'll be on working on that this week!

<!-- gh-comment-id:412471020 --> @stammw commented on GitHub (Aug 13, 2018): Great, I was planning to dive into a SMTP integration with [letter](https://github.com/lettre/lettre) and [handlebars](https://github.com/sunng87/handlebars-rust). I'll be on working on that this week!
kerem commented 2026-03-03 01:24:09 +03:00
Author
Owner
Copy link

@mprasil commented on GitHub (Sep 3, 2018):

Note that we've fixed an issue some time ago to show password hints via error message even in Vault 2.0, so I'm removing the "requires SMTP" tag as the feature currently works. The PR #137 is for extending the functionality to also support sending the hint via email.

<!-- gh-comment-id:418097580 --> @mprasil commented on GitHub (Sep 3, 2018): Note that we've [fixed an issue](https://github.com/dani-garcia/bitwarden_rs/commit/b3f3fd81aca91b0d14b71b5a3feea1cf298436cc) some time ago to show password hints via error message even in Vault 2.0, so I'm removing the "requires SMTP" tag as the feature currently works. The PR #137 is for extending the functionality to also support sending the hint via email.
kerem commented 2026-03-03 01:24:09 +03:00
Author
Owner
Copy link

@mprasil commented on GitHub (Sep 11, 2018):

Now that #137 is merged, we just need to add appropriate documentation.

<!-- gh-comment-id:420294896 --> @mprasil commented on GitHub (Sep 11, 2018): Now that #137 is merged, we just need to add appropriate documentation.
kerem commented 2026-03-03 01:24:09 +03:00
Author
Owner
Copy link

@stammw commented on GitHub (Sep 12, 2018):

I hope that #175 will do the job :).

<!-- gh-comment-id:420768440 --> @stammw commented on GitHub (Sep 12, 2018): I hope that #175 will do the job :).
kerem commented 2026-03-03 01:24:09 +03:00
Author
Owner
Copy link

@mprasil commented on GitHub (Sep 13, 2018):

Now that it's merged, I think we can finally close this! Great work @stammw and everyone else.

<!-- gh-comment-id:421131212 --> @mprasil commented on GitHub (Sep 13, 2018): Now that it's merged, I think we can finally close this! Great work @stammw and everyone else.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
revert-7033-patch-1
cached-config-operations
test_dylint
1.35.7
1.35.6
1.35.5
1.35.4
1.35.3
1.35.2
1.35.1
1.35.0
1.34.3
1.34.2
1.34.1
1.34.0
1.33.2
1.33.1
1.33.0
1.32.7
1.32.6
1.32.5
1.32.4
1.32.3
1.32.2
1.32.1
1.32.0
1.31.0
1.30.5
1.30.4
1.30.3
1.30.2
1.30.1
1.30.0
1.29.2
1.29.1
1.29.0
1.28.1
1.28.0
1.27.0
1.26.0
1.25.2
1.25.1
1.25.0
1.24.0
1.23.1
1.23.0
1.22.2
1.22.1
1.22.0
1.21.0
1.20.0
1.19.0
1.18.0
1.17.0
1.16.3
1.16.2
1.16.1
1.16.0
1.15.1
1.15.0
1.14.2
1.14.1
1.14
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.1
1.9.0
1.8.0
1.7.0
1.6.1
1.6.0
1.5.0
1.4.0
1.3.0
1.2.0
1.1.0
1.0.0
0.13.0
0.12.0
0.11.0
0.10.0
0.9.0
Labels
Clear labels   
SSO

   
Third party

   
better for forum

   
bug

   
bug

   
documentation

   
duplicate

   
enhancement

   
future Vault

   
future Vault

   
future Vault

   
good first issue

   
help wanted

   
low priority

   
notes

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
troubleshooting

   
wontfix
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden#43
No description provided.