starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-12-09 09:13:02 +03:00
Code Issues 429 Packages Projects Releases 10 Wiki Activity

Sync lost local client data after rollback of server database #1072

New Issue
Closed
opened 2025-10-09 17:02:53 +03:00 by OVERLORD · 2 comments
OVERLORD commented 2025-10-09 17:02:53 +03:00
Owner
Copy Link

Originally created by @kouhe3 on GitHub.

Subject of the issue

Sync lost local client data after rollback of server database

Deployment environment

  • vaultwarden version:
  • Install method:
### Your environment (Generated via diagnostics page)
* Vaultwarden version: v1.25.2
* Web-vault version: v2022.6.2
* Running within Docker: true (Base: Debian)
* Environment settings overridden: false
* Uses a reverse proxy: true
* IP Header check: true (X-Forwarded-For)
* Internet access: true
* Internet access via a proxy: false
* DNS Check: true
* Time Check: true
* Domain Configuration Check: true
* HTTPS Check: true
* Database type: SQLite
* Database version: 3.35.4
* Clients used: 
* Reverse proxy and version: 
* Other relevant information: 

### Config (Generated via diagnostics page)
<details><summary>Show Running Config</summary>

Environment settings which are overridden: 


json

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "**/.***",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": true,
  "domain": "**",
  "domain_origin": "
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 5 * * * *",
  "emergency_request_timeout_schedule": "0 5 * * * *",
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitations_allowed": true,
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "password_hints_allowed": true,
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": true,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

</details>
  • Clients used: Chrome extension 2022.8.0, Android 2022.6.2(4851)

Steps to reproduce

  1. Update the server version to the latest, and manually synchronize once in the Android client and browser extension. Ensure that the server, Android client, and browser extension data are the same.
  2. Backup the server database and save it as backup_0718
  3. Use the mobile client to add a password for the dns.com website
  4. Sync in browser extension to pull dns.com password
  5. Close the mobile client
  6. Use the browser extension to add an office.com password
  7. Manual sync in browser extension
  8. Wait a few days
  9. Restore the server database to backup_0718
  10. Open the mobile client and synchronize manually
  11. Open the browser extension, sync
  12. Office.com password disappeared

Expected behaviour

I can see office.com password in vaultwarden web and browser extension

Actual behaviour

no office.com password in vaultwarden web and extension

Originally created by @kouhe3 on GitHub. <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue <!-- Describe your issue here. --> Sync lost local client data after rollback of server database ### Deployment environment <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> * vaultwarden version: <!-- How the server was installed: Docker image, OS package, built from source, etc. --> * Install method: ```xml ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.25.2 * Web-vault version: v2022.6.2 * Running within Docker: true (Base: Debian) * Environment settings overridden: false * Uses a reverse proxy: true * IP Header check: true (X-Forwarded-For) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.35.4 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> Environment settings which are overridden: json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "**/.***", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": true, "domain": "**", "domain_origin": " "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 5 * * * *", "emergency_request_timeout_schedule": "0 5 * * * *", "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitations_allowed": true, "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "password_hints_allowed": true, "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": true, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } </details> ``` * Clients used: Chrome extension 2022.8.0, Android 2022.6.2(4851) ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> 0. Update the server version to the latest, and manually synchronize once in the Android client and browser extension. Ensure that the server, Android client, and browser extension data are the same. 1. Backup the server database and save it as backup_0718 2. Use the mobile client to add a password for the dns.com website 3. Sync in browser extension to pull dns.com password 4. Close the mobile client 5. Use the browser extension to add an office.com password 6. Manual sync in browser extension 7. Wait a few days 8. Restore the server database to backup_0718 9. Open the mobile client and synchronize manually 10. Open the browser extension, sync 11. Office.com password disappeared ### Expected behaviour <!-- Tell us what you expected to happen --> I can see office.com password in vaultwarden web and browser extension ### Actual behaviour <!-- Tell us what actually happened --> no office.com password in vaultwarden web and extension
OVERLORD commented 2025-10-09 17:02:55 +03:00
Author
Owner
Copy Link

@kouhe3 commented on GitHub:

I'm guessing there's no real synchronization here, just force pull and force push, whoever's database is newer overwrites the other.

@kouhe3 commented on GitHub: I'm guessing there's no real synchronization here, just force pull and force push, whoever's database is newer overwrites the other.
OVERLORD commented 2025-10-09 17:02:55 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub:

The clients are able to work offline for a while. But if you restored a database which does not contain the office.com password it shouldn't be strange that that password is not there anymore.

Since the tokens where possibly expired the clients tried to refresh which in turn let all clients downloaded the current data.

Within the admin interface the is button at the users overview to Force clients to resync. It also mentions the following Force all clients to fetch new data next time they connect. Useful after restoring a backup to remove any stale data..

So, just one action could tell the server to update the revision, that could be a small change somewhere, maybe the mobile client triggered some update, that would then trigger the other clients to sync there current data.

I don't know if the clients compare the sync and send missing data, looking at what you did here i don't think they do.
And there is something to say for this, because you restored it for a reason probably, and you do not want other clients messing it up again.

@BlackDex commented on GitHub: The clients are able to work offline for a while. But if you restored a database which does not contain the `office.com` password it shouldn't be strange that that password is not there anymore. Since the tokens where possibly expired the clients tried to refresh which in turn let all clients downloaded the current data. Within the admin interface the is button at the users overview to `Force clients to resync`. It also mentions the following _**Force all clients to fetch new data next time they connect. Useful after restoring a backup to remove any stale data.**_. So, just one action could tell the server to update the revision, that could be a small change somewhere, maybe the mobile client triggered some update, that would then trigger the other clients to sync there current data. I don't know if the clients compare the sync and send missing data, looking at what you did here i don't think they do. And there is something to say for this, because you restored it for a reason probably, and you do not want other clients messing it up again.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
bug
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
troubleshooting
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#1072
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?