starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-26 01:35:54 +03:00
Code Issues 39 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #898] Bug: Signups_domains_whitelist does not wrk #642

New issue
Closed
opened 2026-03-03 02:01:37 +03:00 by kerem · 8 comments
kerem commented 2026-03-03 02:01:37 +03:00
Owner
Copy link

Originally created by @Brainscrewer on GitHub (Mar 9, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/898

Subject of the issue

The 'Allow signups only from this list of comma-separated domains'-feature does not work as intended. If you only have added '@company.com' as allowed e-mailadress you can still register with @gmail.com for example.

Your environment

  • Bitwarden_rs version: Version: 1.13.1-161cccca
  • Install method: Docker
  • Clients used:
  • Reverse proxy and version:
  • Version of mysql/postgresql:
  • Other relevant information:

Steps to reproduce

Default configuration.

Expected behaviour

@company.com should only be able to register if configured.

Actual behaviour

Any e-mailaddress can be used to register.

Relevant logs

Originally created by @Brainscrewer on GitHub (Mar 9, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/898 <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unneccessary for your issue, feel free to remove them. Remember to hide/obfuscate personal and confidential information, such as names, global IP/DNS adresses and especially passwords, if neccessary. --> ### Subject of the issue <!-- Describe your issue here.--> The 'Allow signups only from this list of comma-separated domains'-feature does not work as intended. If you only have added '@company.com' as allowed e-mailadress you can still register with @gmail.com for example. ### Your environment <!-- The version number, obtained from the logs or the admin page --> * Bitwarden_rs version: Version: 1.13.1-161cccca <!-- How the server was installed: Docker image / package / built from source --> * Install method: Docker * Clients used: <!-- if applicable --> * Reverse proxy and version: <!-- if applicable --> * Version of mysql/postgresql: <!-- if applicable --> * Other relevant information: ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start bitwarden_rs? --> Default configuration. ### Expected behaviour <!-- Tell us what should happen --> @company.com should only be able to register if configured. ### Actual behaviour <!-- Tell us what happens instead --> Any e-mailaddress can be used to register. ### Relevant logs <!-- Share some logfiles, screenshots or output of relevant programs with us. -->
kerem closed this issue 2026-03-03 02:01:38 +03:00
kerem commented 2026-03-03 02:01:38 +03:00
Author
Owner
Copy link

@tomuta commented on GitHub (Mar 11, 2020):

I suspect this is a configuration issue. Domain names do not contain an '@' symbol. It is not an email address whitelist. See the examples in the documentation:

github.com/dani-garcia/bitwarden_rs@70f3ab8ec3/.env.template (L113-L115)

Can you share the exact value you're using for SIGNUPS_DOMAINS_WHITELIST?

<!-- gh-comment-id:597404665 --> @tomuta commented on GitHub (Mar 11, 2020): I suspect this is a configuration issue. Domain names do not contain an '@' symbol. It is not an email address whitelist. See the examples in the documentation: https://github.com/dani-garcia/bitwarden_rs/blob/70f3ab8ec3d6ccfd8ec8c71c888459de484d9b43/.env.template#L113-L115 Can you share the exact value you're using for `SIGNUPS_DOMAINS_WHITELIST`?
kerem commented 2026-03-03 02:01:38 +03:00
Author
Owner
Copy link

@jjlin commented on GitHub (Mar 11, 2020):

@Brainscrewer Take a look at https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-registration-of-new-users.

<!-- gh-comment-id:597405911 --> @jjlin commented on GitHub (Mar 11, 2020): @Brainscrewer Take a look at https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-registration-of-new-users.
kerem commented 2026-03-03 02:01:39 +03:00
Author
Owner
Copy link

@Brainscrewer commented on GitHub (Mar 11, 2020):

@tomuta @jjlin thanks for your reply. My config looks the following:

SIGNUPS_ALLOWED | false
INVITATIONS_ALLOWED | false
SIGNUPS_DOMAINS_WHITELIST | company.nl

Even with these values set, it's still possible to register an account using a Gmail-account.

<!-- gh-comment-id:597562644 --> @Brainscrewer commented on GitHub (Mar 11, 2020): @tomuta @jjlin thanks for your reply. My config looks the following: SIGNUPS_ALLOWED | false INVITATIONS_ALLOWED | false SIGNUPS_DOMAINS_WHITELIST | company.nl Even with these values set, it's still possible to register an account using a Gmail-account.
kerem commented 2026-03-03 02:01:39 +03:00
Author
Owner
Copy link

@jjlin commented on GitHub (Mar 11, 2020):

@Brainscrewer Check whether you have a config.json file in your data dir. The values in this file override the values of any corresponding env vars you have set.

<!-- gh-comment-id:597805352 --> @jjlin commented on GitHub (Mar 11, 2020): @Brainscrewer Check whether you have a `config.json` file in your data dir. The values in this file override the values of any corresponding env vars you have set.
kerem commented 2026-03-03 02:01:39 +03:00
Author
Owner
Copy link

@Brainscrewer commented on GitHub (Mar 12, 2020):

@jjlin Oh wow, thanks for poiting that out! Only after you poiting that out I actually found out that information is posted on the admin-page as well, doh. After changing the values to the correct values on the admin panel everything seems to be working. Closing this issue.

<!-- gh-comment-id:598068668 --> @Brainscrewer commented on GitHub (Mar 12, 2020): @jjlin Oh wow, thanks for poiting that out! Only after you poiting that out I actually found out that information is posted on the admin-page as well, doh. After changing the values to the correct values on the admin panel everything seems to be working. Closing this issue.
kerem commented 2026-03-03 02:01:39 +03:00
Author
Owner
Copy link

@tbluemel commented on GitHub (Mar 12, 2020):

It feels like this should really be fixed. At a minimum I would expect either warnings or an startup error if bitwarden detects mismatches between config.json and the environment variables. Silently preferring one over the other may have severe security complications, e.g. the administrator thought they fixed a bad setup, but the change didn't actually get applied.

I feel like we either should re-open this bug or create a new one, and add code to check for configuration mismatch and reject running, or at a minimum log a big fat warning.

<!-- gh-comment-id:598275789 --> @tbluemel commented on GitHub (Mar 12, 2020): It feels like this should really be fixed. At a minimum I would expect either warnings or an startup error if bitwarden detects mismatches between config.json and the environment variables. Silently preferring one over the other may have severe security complications, e.g. the administrator *thought* they fixed a bad setup, but the change didn't actually get applied. I feel like we either should re-open this bug or create a new one, and add code to check for configuration mismatch and reject running, or at a minimum log a big fat warning.
kerem commented 2026-03-03 02:01:39 +03:00
Author
Owner
Copy link

@mqus commented on GitHub (Mar 12, 2020):

I agree and want to add that a similar warning should be at the top of .env.template, too.

<!-- gh-comment-id:598370838 --> @mqus commented on GitHub (Mar 12, 2020): I agree and want to add that a similar warning should be at the top of `.env.template`, too.
kerem commented 2026-03-03 02:01:39 +03:00
Author
Owner
Copy link

@Brainscrewer commented on GitHub (Mar 12, 2020):

Some additional checking and/or more explicit warnings would be nice, yes.

<!-- gh-comment-id:598424152 --> @Brainscrewer commented on GitHub (Mar 12, 2020): Some additional checking and/or more explicit warnings would be nice, yes.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
revert-7033-patch-1
cached-config-operations
test_dylint
1.35.8
1.35.7
1.35.6
1.35.5
1.35.4
1.35.3
1.35.2
1.35.1
1.35.0
1.34.3
1.34.2
1.34.1
1.34.0
1.33.2
1.33.1
1.33.0
1.32.7
1.32.6
1.32.5
1.32.4
1.32.3
1.32.2
1.32.1
1.32.0
1.31.0
1.30.5
1.30.4
1.30.3
1.30.2
1.30.1
1.30.0
1.29.2
1.29.1
1.29.0
1.28.1
1.28.0
1.27.0
1.26.0
1.25.2
1.25.1
1.25.0
1.24.0
1.23.1
1.23.0
1.22.2
1.22.1
1.22.0
1.21.0
1.20.0
1.19.0
1.18.0
1.17.0
1.16.3
1.16.2
1.16.1
1.16.0
1.15.1
1.15.0
1.14.2
1.14.1
1.14
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.1
1.9.0
1.8.0
1.7.0
1.6.1
1.6.0
1.5.0
1.4.0
1.3.0
1.2.0
1.1.0
1.0.0
0.13.0
0.12.0
0.11.0
0.10.0
0.9.0
Labels
Clear labels   
SSO

   
Third party

   
better for forum

   
bug

   
bug

   
documentation

   
duplicate

   
enhancement

   
future Vault

   
future Vault

   
future Vault

   
good first issue

   
help wanted

   
low priority

   
notes

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
troubleshooting

   
wontfix
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden#642
No description provided.