Error 404 when submitting account creation form #1111

New Issue

Closed

opened 2026-02-04 23:56:20 +03:00 by OVERLORD · 3 comments

OVERLORD commented 2026-02-04 23:56:20 +03:00

Owner

Copy Link

Originally created by @remiflament on GitHub (Sep 13, 2021).

Subject of the issue

When a user is invited to join an organization he receives an email link and fill the account creation form, it results in a 404 error.
The user can only see

Deployment environment

• vaultwarden version: official container vaultwarden/server:1.22.2

• Install method: Docker container pulled from hub.docker.com

• Clients used: Web vault: tested with Chrome 93 & Firefox 92

• Reverse proxy and version: No reverse proxy

• MySQL/MariaDB or PostgreSQL version: PostgreSQL 12 managed in GCP

• Other relevant details: The Vaultwarden app in running on Cloud Run on GCP - Works perfectly since end of 2020. This bug is recent and was initially found on 1.22.0. I updated to check if its fix it, but not.

Steps to reproduce

Here my modified parameters from the defaults values
USER_ATTACHMENT_LIMIT 0
ORG_ATTACHMENT_LIMIT 0
DATABASE_URL postgresql://user:pass@ip:port/bitwardenrs
SMTP_HOST smtp.confidential.com
SMTP_PORT XXX
SMTP_SSL true
SMTP_USERNAME user@confidential.com
SMTP_PASSWORD confidentialpasswordkey
SMTP_FROM bitwardenrs@confidential.com
DOMAIN https://bitwarden.confidential.com/
ADMIN_TOKEN TOKENADMINXXXX
SMTP_FROM_NAME Bitwarden
SIGNUPS_ALLOWED true
SIGNUPS_DOMAINS_WHITELIST confidential.com

I go to the organization page and invite people to join me.

They receive email link to join and click on it. Fill the form and get the 404 message in red, see above of this issue.

Expected behaviour

The form should be sent and the account created.

Actual behaviour

404 error when submitting the account creation form.

Troubleshooting data

---

Thank you for this project!

Originally created by @remiflament on GitHub (Sep 13, 2021). <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue <!-- Describe your issue here. --> When a user is invited to join an organization he receives an email link and fill the account creation form, it results in a 404 error. The user can only see  ### Deployment environment <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> * vaultwarden version: official container vaultwarden/server:1.22.2 <!-- How the server was installed: Docker image, OS package, built from source, etc. --> * Install method: Docker container pulled from hub.docker.com * Clients used: <!-- web vault, desktop, Android, iOS, etc. (if applicable) --> Web vault: tested with Chrome 93 & Firefox 92 * Reverse proxy and version: <!-- if applicable --> No reverse proxy * MySQL/MariaDB or PostgreSQL version: <!-- if applicable --> PostgreSQL 12 managed in GCP * Other relevant details: The Vaultwarden app in running on Cloud Run on GCP - Works perfectly since end of 2020. This bug is recent and **was initially found on 1.22.0**. I updated to check if its fix it, but not. ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> Here my modified parameters from the defaults values USER_ATTACHMENT_LIMIT 0 ORG_ATTACHMENT_LIMIT 0 DATABASE_URL postgresql://user:pass@ip:port/bitwardenrs SMTP_HOST smtp.confidential.com SMTP_PORT XXX SMTP_SSL true SMTP_USERNAME user@confidential.com SMTP_PASSWORD confidentialpasswordkey SMTP_FROM bitwardenrs@confidential.com DOMAIN https://bitwarden.confidential.com/ ADMIN_TOKEN TOKENADMINXXXX SMTP_FROM_NAME Bitwarden SIGNUPS_ALLOWED true SIGNUPS_DOMAINS_WHITELIST confidential.com I go to the organization page and invite people to join me.  They receive email link to join and click on it. Fill the form and get the 404 message in red, see above of this issue.   ### Expected behaviour <!-- Tell us what you expected to happen --> The form should be sent and the account created. ### Actual behaviour <!-- Tell us what actually happened --> 404 error when submitting the account creation form. ### Troubleshooting data <!-- Share any log files, screenshots, or other relevant troubleshooting data --> ----------------------------------------------- Thank you for this project!

OVERLORD closed this issue 2026-02-04 23:56:23 +03:00

OVERLORD commented 2026-02-04 23:56:27 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Sep 13, 2021):

Please provide the Support String you can generate on the /admin/diagnostics page.
Also, could you provide the log lines from vaultwarden when you try to execute this action?
And if possible increase the log_level to debug so that we would have a bit more information available.

Thanks.

@BlackDex commented on GitHub (Sep 13, 2021): Please provide the `Support String` you can generate on the /admin/diagnostics page. Also, could you provide the log lines from vaultwarden when you try to execute this action? And if possible increase the log_level to debug so that we would have a bit more information available. Thanks.

OVERLORD commented 2026-02-04 23:56:34 +03:00

Author

Owner

Copy Link

@remiflament commented on GitHub (Sep 13, 2021):

Copy paste of Support String

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.22.2
• Web-vault version: v2.21.1
• Running within Docker: false
• Environment settings overridden: false
• Uses a reverse proxy: true
• IP Header check: false (X-Forwarded-For)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Database type: PostgreSQL
• Database version: PostgreSQL 12.7 on x86_64-pc-linux-gnu, compiled by Debian clang version 10.0.1 , 64-bit
• Clients used:
• Reverse proxy and version:
• Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden:

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_max_conns": 10,
  "database_url": "**********://****:***************@**.**.**.*:****/***********",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://***********.********.*****/",
  "domain_origin": "*****://***********.********.*****",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "debug",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "org_attachment_limit": 0,
  "org_creation_users": "",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": true,
  "signups_domains_whitelist": "********.**",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_explicit_tls": false,
  "smtp_from": "***********@********.*****",
  "smtp_from_name": "Bitwarden",
  "smtp_host": "****-*****.**********.***",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": "******@********.**",
  "templates_folder": "data/templates",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": 0,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": false,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

set the debug_level to debug

I attach the few logs I get, they are all info level, zero debug log output with the action.

The action is: re-invite the member. Click on the new link to create account. Fill the form. Submit it.

re-invit

Thank you

@remiflament commented on GitHub (Sep 13, 2021): Copy paste of `Support String` ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.22.2 * Web-vault version: v2.21.1 * Running within Docker: false * Environment settings overridden: false * Uses a reverse proxy: true * IP Header check: false (X-Forwarded-For) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: PostgreSQL * Database version: PostgreSQL 12.7 on x86_64-pc-linux-gnu, compiled by Debian clang version 10.0.1 , 64-bit * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_ip_header_enabled": true, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_max_conns": 10, "database_url": "**********://****:***************@**.**.**.*:****/***********", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://***********.********.*****/", "domain_origin": "*****://***********.********.*****", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "debug", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "org_attachment_limit": 0, "org_creation_users": "", "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": true, "signups_domains_whitelist": "********.**", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": false, "smtp_from": "***********@********.*****", "smtp_from_name": "Bitwarden", "smtp_host": "****-*****.**********.***", "smtp_password": "***", "smtp_port": 587, "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": "******@********.**", "templates_folder": "data/templates", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": 0, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": false, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> set the debug_level to `debug` I attach the few logs I get, they are all `info` level, zero debug log output with the action. The action is: re-invite the member. Click on the new link to create account. Fill the form. Submit it. re-invit     Thank you

OVERLORD commented 2026-02-04 23:56:41 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Sep 13, 2021):

I don't know what you are running which alters the URL's, but that ?_se= part shouldn't be there.
So it looks like something is altering your URL's in a non compatible way.

As this does work for me without an issues.
I suggest to try this in an incognito/private browser (without any extensions if possible) and try it again.

@BlackDex commented on GitHub (Sep 13, 2021): I don't know what you are running which alters the URL's, but that `?_se=` part shouldn't be there. So it looks like something is altering your URL's in a non compatible way. As this does work for me without an issues. I suggest to try this in an incognito/private browser (without any extensions if possible) and try it again.

OVERLORD referenced this issue 2026-02-05 05:00:52 +03:00

[PR #1111] [MERGED] Generate tokens more simply and uniformly #2858

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#1111