starred/vaultwarden

Fork 0

mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-26 01:35:54 +03:00

[GH-ISSUE #1081] MySQL backend: Cannot share cipher with organisation #767

New issue

Closed

opened 2026-03-03 02:03:00 +03:00 by kerem · 3 comments

kerem commented

2026-03-03 02:03:00 +03:00

Owner

Originally created by @smerschjohann on GitHub (Aug 3, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1081

Subject of the issue

If bitwarden_rs is used with mysql backend, it is not possible to share existing ciphers with an organisation.

Your environment

Server Installed 1.16.1
Server Latest 1.16.1
Web Installed 2.15.1
Web Latest 2.15.1

Bitwarden_rs version: In Openshift environment using docker image: bitwardenrs/server-mysql:1.16.1

Install method

Clients used: bitwarden app and chrome extension (irrelevant, server issue)
Reverse proxy and version: -
Version of mysql/postgresql: mariadb 10.5.4

Steps to reproduce

Install using the mentioned docker container.
Create a user account
Create an organisation
Add a cipher in your user account
Use the share method to move it to the organisation. This will fail with "cannot save cipher"

Expected behaviour

The cipher can be moved to the organisation.

Actual behaviour

the cipher cannot be stored because of a constraint violation.

Relevant logs

[2020-08-03 08:33:23.633][request][INFO] PUT /api/ciphers/6d708d14-07be-47f1-beee-2d2c4b83c5cd/share
[2020-08-03 08:33:23.646][error][ERROR] Error saving cipher.
[CAUSE] DatabaseError(
    ForeignKeyViolation,
    "Cannot delete or update a parent row: a foreign key constraint fails (`bitwarden`.`ciphers_collections`, CONSTRAINT `ciphers_collections_ibfk_1` FOREIGN KEY (`cipher_uuid`) REFERENCES `ciphers` (`uuid`))",
)
[2020-08-03 08:44:54.592][response][INFO] PUT /api/ciphers/<uuid>/share (put_cipher_share) => 400 Bad Request

If the contraint is divided in update and delete constraints, it turns out that the delete contraint is violated:

[2020-08-03 08:53:44.893][request][INFO] PUT /api/ciphers/10d228e6-4f28-4cba-a4fd-52944646fc04/share
[2020-08-03 08:53:44.907][error][ERROR] Error saving cipher.
[CAUSE] DatabaseError(
    ForeignKeyViolation,
    "Cannot delete or update a parent row: a foreign key constraint fails (`bitwarden`.`ciphers_collections`, CONSTRAINT `delete_check` FOREIGN KEY (`cipher_uuid`) REFERENCES `ciphers` (`uuid`) ON UPDATE NO ACTION)",
)
[2020-08-03 08:53:44.907][response][INFO] PUT /api/ciphers/<uuid>/share (put_cipher_share) => 400 Bad Request

It seems that the server wants to recreate the cipher in the database instead of updating it. By trying that, it violated the key constraints of the ciphers_collections.
It apperas that the folder_collection is also affected.

Originally created by @smerschjohann on GitHub (Aug 3, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1081 ### Subject of the issue If bitwarden_rs is used with mysql backend, it is not possible to share existing ciphers with an organisation. ### Your environment Server Installed 1.16.1 Server Latest 1.16.1 Web Installed 2.15.1 Web Latest 2.15.1 Bitwarden_rs version: In Openshift environment using docker image: bitwardenrs/server-mysql:1.16.1 ### Install method * Clients used: bitwarden app and chrome extension (irrelevant, server issue) * Reverse proxy and version: - * Version of mysql/postgresql: mariadb 10.5.4 ### Steps to reproduce 1. Install using the mentioned docker container. 2. Create a user account 3. Create an organisation 4. Add a cipher in your user account 5. Use the share method to move it to the organisation. This will fail with "cannot save cipher" ### Expected behaviour The cipher can be moved to the organisation. ### Actual behaviour the cipher cannot be stored because of a constraint violation. ### Relevant logs ``` [2020-08-03 08:33:23.633][request][INFO] PUT /api/ciphers/6d708d14-07be-47f1-beee-2d2c4b83c5cd/share [2020-08-03 08:33:23.646][error][ERROR] Error saving cipher. [CAUSE] DatabaseError( ForeignKeyViolation, "Cannot delete or update a parent row: a foreign key constraint fails (`bitwarden`.`ciphers_collections`, CONSTRAINT `ciphers_collections_ibfk_1` FOREIGN KEY (`cipher_uuid`) REFERENCES `ciphers` (`uuid`))", ) [2020-08-03 08:44:54.592][response][INFO] PUT /api/ciphers/<uuid>/share (put_cipher_share) => 400 Bad Request ``` If the contraint is divided in update and delete constraints, it turns out that the delete contraint is violated: ``` [2020-08-03 08:53:44.893][request][INFO] PUT /api/ciphers/10d228e6-4f28-4cba-a4fd-52944646fc04/share [2020-08-03 08:53:44.907][error][ERROR] Error saving cipher. [CAUSE] DatabaseError( ForeignKeyViolation, "Cannot delete or update a parent row: a foreign key constraint fails (`bitwarden`.`ciphers_collections`, CONSTRAINT `delete_check` FOREIGN KEY (`cipher_uuid`) REFERENCES `ciphers` (`uuid`) ON UPDATE NO ACTION)", ) [2020-08-03 08:53:44.907][response][INFO] PUT /api/ciphers/<uuid>/share (put_cipher_share) => 400 Bad Request ```` It seems that the server wants to recreate the cipher in the database instead of updating it. By trying that, it violated the key constraints of the *ciphers_collections*. It apperas that the *folder_collection* is also affected.

kerem closed this issue

2026-03-03 02:03:00 +03:00

kerem commented

2026-03-03 02:03:01 +03:00

Author

Owner

@smerschjohann commented on GitHub (Aug 3, 2020):

A possible workaround for now: Delete the constraint on the collection tables

@smerschjohann commented on GitHub (Aug 3, 2020): A possible workaround for now: Delete the constraint on the collection tables

kerem commented

2026-03-03 02:03:01 +03:00

Author

Owner

@smerschjohann commented on GitHub (Aug 3, 2020):

The issue is the use of replace_into in all of the save() methods: github.com/dani-garcia/bitwarden_rs@f724addf9a/src/db/models/user.rs (L186)

github.com/dani-garcia/bitwarden_rs@f724addf9a/src/db/models/cipher.rs (L207)

replace_into checks for constraint violations on delete: If there are foreign keys, ON DELETE action will be activated by REPLACE..

Instead of REPLACE INTO, the use of INSERT ... ON DUPLICATE KEY UPDATE should fix the problem, but it seems unavailable in the diesel sdk.
I think it cannot be done in a single statement using that framework.

@smerschjohann commented on GitHub (Aug 3, 2020): The issue is the use of replace_into in all of the save() methods: https://github.com/dani-garcia/bitwarden_rs/blob/f724addf9ac972a04f536262ed21a7e6c1da0660/src/db/models/user.rs#L186 https://github.com/dani-garcia/bitwarden_rs/blob/f724addf9ac972a04f536262ed21a7e6c1da0660/src/db/models/cipher.rs#L207 replace_into checks for constraint violations on delete: [If there are foreign keys, ON DELETE action will be activated by REPLACE.](https://mariadb.com/kb/en/replace/). Instead of `REPLACE INTO`, the use of `INSERT ... ON DUPLICATE KEY UPDATE` should fix the problem, but it seems unavailable in the diesel sdk. I think it cannot be done in a single statement using that framework.

kerem commented

2026-03-03 02:03:01 +03:00

Author

Owner

@jobec commented on GitHub (Aug 9, 2020):

As with #1065 , if you switch to MariaDB 10.3 (e.g. image mariadb:10.3) I'm guessing it'll be fixed.

@jobec commented on GitHub (Aug 9, 2020): As with #1065 , if you switch to MariaDB 10.3 (e.g. image `mariadb:10.3`) I'm guessing it'll be fixed.

kerem referenced this issue

2026-03-03 08:53:11 +03:00

[PR #868] [MERGED] Add backend support for alternate base dir (subdir/subpath) hosting #2811