starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-25 17:25:57 +03:00
Code Issues 39 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #1238] Cannot configure 2FA using OTP / Yubikey/ U2F #871

New issue
Closed
opened 2026-03-03 02:04:13 +03:00 by kerem · 7 comments
kerem commented 2026-03-03 02:04:13 +03:00
Owner
Copy link

Originally created by @o2droid on GitHub (Nov 24, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1238

Cannot configure 2FA using OTP / Yubikey/ U2F

I cannot configure any of those 2FA. After trying to savce changes, I'm logout with error "Unexpected error occured" and "Your login session has expired". I cannot also login to android app as it timeouts me just after login.

Your environment

Debian 10.6, docker installed using apt

  • Bitwarden_rs version: docker image, latest (2.16.1)
  • Install method: using bitwarden_rs wiki
  • Clients used: Firefox, Edge
  • Reverse proxy and version: apache with location redirect (also tried without)
  • Version of mysql/postgresql: N/A
  • Other relevant information: Bitwarden RS run options:
    -e YUBICO_CLIENT_ID=###########-e YUBICO_SECRET_KEY=###########-e ADMIN_TOKEN=########### -e LOG_FILE=/data/bitwarden.log -e SMTP_HOST=smtp.gmail.com -e SMTP_FROM=########### -e SMTP_PORT=587 -e SMTP_USERNAME=########### -e SMTP_PASSWORD=########### -e SMTP_SSL=true -e SMTP_AUTH_MECHANISM="Plain","Login","Xoauth2" -e DOMAIN=https://###########/bw -e EXTENDED_LOGGING=true -e LOG_TIMESTAMP_FORMAT="%Y-%m-%d %H:%M:%S.%3f" -e TZ=Europe/Warsaw -p 880:80 bitwardenrs/server:latest

Steps to reproduce

Just try to configure 2FA.

Expected behaviour

2FA should be configured

Actual behaviour

I'm logout with error "Unexpected error occured" and "Your login session has expired".

Relevant logs

No additional logs.

Originally created by @o2droid on GitHub (Nov 24, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1238 Cannot configure 2FA using OTP / Yubikey/ U2F I cannot configure any of those 2FA. After trying to savce changes, I'm logout with error "Unexpected error occured" and "Your login session has expired". I cannot also login to android app as it timeouts me just after login. ### Your environment Debian 10.6, docker installed using apt * Bitwarden_rs version: docker image, latest (2.16.1) * Install method: using bitwarden_rs wiki * Clients used: Firefox, Edge * Reverse proxy and version: apache with location redirect (also tried without) * Version of mysql/postgresql: N/A * Other relevant information: Bitwarden RS run options: -e YUBICO_CLIENT_ID=###########-e YUBICO_SECRET_KEY=###########-e ADMIN_TOKEN=########### -e LOG_FILE=/data/bitwarden.log -e SMTP_HOST=smtp.gmail.com -e SMTP_FROM=########### -e SMTP_PORT=587 -e SMTP_USERNAME=########### -e SMTP_PASSWORD=########### -e SMTP_SSL=true -e SMTP_AUTH_MECHANISM="Plain","Login","Xoauth2" -e DOMAIN=https://###########/bw -e EXTENDED_LOGGING=true -e LOG_TIMESTAMP_FORMAT="%Y-%m-%d %H:%M:%S.%3f" -e TZ=Europe/Warsaw -p 880:80 bitwardenrs/server:latest ### Steps to reproduce Just try to configure 2FA. ### Expected behaviour 2FA should be configured ### Actual behaviour I'm logout with error "Unexpected error occured" and "Your login session has expired". ### Relevant logs No additional logs.
kerem 2026-03-03 02:04:13 +03:00
kerem commented 2026-03-03 02:04:14 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (Nov 25, 2020):

Could you provide a bit more details? Like the logging during this error? That would help.

<!-- gh-comment-id:733965372 --> @BlackDex commented on GitHub (Nov 25, 2020): Could you provide a bit more details? Like the logging during this error? That would help.
kerem commented 2026-03-03 02:04:14 +03:00
Author
Owner
Copy link

@o2droid commented on GitHub (Nov 26, 2020):

I checked it once again - looking also on all Apache proxy logs and found the issue - I forgot that I'm using modsecurity for my instalaltion. It turned out that one of the default rules blocked requests with PUT type which is non standard. I did a whitelist by adding SecRuleRemoveById 911100 in Apache conf location for BitWarden_RS.

Maybe it is worth to add this to some faq. Also, is it possible to use POST instead of PUT?

<!-- gh-comment-id:734116793 --> @o2droid commented on GitHub (Nov 26, 2020): I checked it once again - looking also on all Apache proxy logs and found the issue - I forgot that I'm using modsecurity for my instalaltion. It turned out that one of the default rules blocked requests with PUT type which is non standard. I did a whitelist by adding `SecRuleRemoveById 911100` in Apache conf location for BitWarden_RS. Maybe it is worth to add this to some faq. Also, is it possible to use POST instead of PUT?
kerem commented 2026-03-03 02:04:15 +03:00
Author
Owner
Copy link

@jjlin commented on GitHub (Nov 26, 2020):

PUT is totally standard, as is DELETE, which you'll also need to allow. If you're going to run a WAF, it's your responsibility to make sure your rules are appropriate for the applications you run.

<!-- gh-comment-id:734158197 --> @jjlin commented on GitHub (Nov 26, 2020): `PUT` is totally standard, as is `DELETE`, which you'll also need to allow. If you're going to run a WAF, it's your responsibility to make sure your rules are appropriate for the applications you run.
kerem commented 2026-03-03 02:04:15 +03:00
Author
Owner
Copy link

@o2droid commented on GitHub (Nov 26, 2020):

PUT is totally standard, as is DELETE, which you'll also need to allow. If you're going to run a WAF, it's your responsibility to make sure your rules are appropriate for the applications you run.

Thanks, you're right - I just forgot that I'm running WAF (since long time), that's why maybe its worth to mention it on Wiki.
For which operations DELETE could be required?

<!-- gh-comment-id:734160325 --> @o2droid commented on GitHub (Nov 26, 2020): > > > `PUT` is totally standard, as is `DELETE`, which you'll also need to allow. If you're going to run a WAF, it's your responsibility to make sure your rules are appropriate for the applications you run. Thanks, you're right - I just forgot that I'm running WAF (since long time), that's why maybe its worth to mention it on Wiki. For which operations DELETE could be required?
kerem commented 2026-03-03 02:04:15 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (Nov 26, 2020):

For deleting entries, users, orgs, collections, etc...

<!-- gh-comment-id:734306412 --> @BlackDex commented on GitHub (Nov 26, 2020): For deleting entries, users, orgs, collections, etc...
kerem commented 2026-03-03 02:04:15 +03:00
Author
Owner
Copy link

@o2droid commented on GitHub (Nov 26, 2020):

For deleting entries, users, orgs, collections, etc...

Just checked - it seems, that delete of entry goes using PUT request :)

<!-- gh-comment-id:734339162 --> @o2droid commented on GitHub (Nov 26, 2020): > > > For deleting entries, users, orgs, collections, etc... Just checked - it seems, that delete of entry goes using PUT request :)
kerem commented 2026-03-03 02:04:15 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (Nov 28, 2020):

Um, i don't know where you are seeing that, but there are definitely DELETE request, so i think adding DELETE to the allow list is needed.
Like the following for example, to delete a folder.
github.com/dani-garcia/bitwarden_rs@be1ddb4203/src/api/core/folders.rs (L98)

Methods used are: POST, GET, PUT, DELETE.

Anyway's. I'm going to close this ticket, since this is not an issue with bitwarden_rs.

<!-- gh-comment-id:735270255 --> @BlackDex commented on GitHub (Nov 28, 2020): Um, i don't know where you are seeing that, but there are definitely DELETE request, so i think adding DELETE to the allow list is needed. Like the following for example, to delete a folder. https://github.com/dani-garcia/bitwarden_rs/blob/be1ddb4203d47331a141a8916c7067c8be7ebd3d/src/api/core/folders.rs#L98 Methods used are: POST, GET, PUT, DELETE. Anyway's. I'm going to close this ticket, since this is not an issue with bitwarden_rs.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
revert-7033-patch-1
cached-config-operations
test_dylint
1.35.7
1.35.6
1.35.5
1.35.4
1.35.3
1.35.2
1.35.1
1.35.0
1.34.3
1.34.2
1.34.1
1.34.0
1.33.2
1.33.1
1.33.0
1.32.7
1.32.6
1.32.5
1.32.4
1.32.3
1.32.2
1.32.1
1.32.0
1.31.0
1.30.5
1.30.4
1.30.3
1.30.2
1.30.1
1.30.0
1.29.2
1.29.1
1.29.0
1.28.1
1.28.0
1.27.0
1.26.0
1.25.2
1.25.1
1.25.0
1.24.0
1.23.1
1.23.0
1.22.2
1.22.1
1.22.0
1.21.0
1.20.0
1.19.0
1.18.0
1.17.0
1.16.3
1.16.2
1.16.1
1.16.0
1.15.1
1.15.0
1.14.2
1.14.1
1.14
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.1
1.9.0
1.8.0
1.7.0
1.6.1
1.6.0
1.5.0
1.4.0
1.3.0
1.2.0
1.1.0
1.0.0
0.13.0
0.12.0
0.11.0
0.10.0
0.9.0
Labels
Clear labels   
SSO

   
Third party

   
better for forum

   
bug

   
bug

   
documentation

   
duplicate

   
enhancement

   
future Vault

   
future Vault

   
future Vault

   
good first issue

   
help wanted

   
low priority

   
notes

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
troubleshooting

   
wontfix
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden#871
No description provided.