Emergency access: none present but creating shows error 'already invited' #1231

New Issue

Closed

opened 2026-02-05 00:20:45 +03:00 by OVERLORD · 1 comment

OVERLORD commented 2026-02-05 00:20:45 +03:00

Owner

Copy Link

Originally created by @juriansluiman on GitHub (Mar 16, 2022).

Subject of the issue

My emergency access list is empty. However, I tried creating one several times (this might be related to #2209 where I made an SMTP error during emergency access configuration).

I start with an empty contact list:

When I have entered all info and submit, vaultwarden says the entry already exists

I think there's a database entry but as info is missing it isn't displayed. If I enter a new address, that mail gets delivered (but still my list remains empty).

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.24.0
• Web-vault version: v2.25.1
• Running within Docker: true (Base: Alpine)
• Environment settings overridden: true
• Uses a reverse proxy: true
• IP Header check: true (X-Real-IP)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Database type: SQLite
• Database version: 3.35.4
• Clients used:
• Reverse proxy and version:
• Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, SIGNUPS_DOMAINS_WHITELIST, SHOW_PASSWORD_HINT, ADMIN_TOKEN, SMTP_HOST, SMTP_SSL, SMTP_EXPLICIT_TLS, SMTP_PORT, SMTP_FROM, SMTP_USERNAME, SMTP_PASSWORD

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_max_conns": 10,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*****.****.**",
  "domain_origin": "*****://*****.****.**",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 5 * * * *",
  "emergency_request_timeout_schedule": "0 5 * * * *",
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 307,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_org_name": "vault.slui.mn",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": "/bitwarden.log",
  "log_level": "trace",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "****.**",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": true,
  "smtp_explicit_tls": false,
  "smtp_from": "*****@****.**",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "****.********.***",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": "******@****.**",
  "templates_folder": "data/templates",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Steps to reproduce

1. Open vaultwarden
2. Go to settings > emergency access
3. Add new contact & submit
4. Result is error, while expecting to add the new contact

Troubleshooting data

Some relevant logs from my docker image:

POST /api/emergency-access/invite
    => Matched: POST /api/emergency-access/invite (send_invite)
Error: Grantee user already invited: xxx@example.com
    => Outcome: Success
POST /api/emergency-access/invite (send_invite) => 400 Bad Request
    => Response succeeded.
POST /api/emergency-access/invite application/json; charset=utf-8:
POST /api/emergency-access/invite
    => Matched: POST /api/emergency-access/invite (send_invite)
    => Outcome: Success
POST /api/emergency-access/invite (send_invite) => 200 OK
    => Response succeeded.
thread '<unnamed>' panicked at 'Grantee user not found.', src/db/models/emergency_access.rs:96:50
GET /api/emergency-access/trusted application/json:
GET /api/emergency-access/trusted
    => Matched: GET /api/emergency-access/trusted (get_contacts)

Note the first error I tried to add account xxx@example.com while already present in database. In the second error (Grantee user not found) I submit a new address and the email got delivered but the web interface still shows nothing.

If I open the SQLite file, I see the records in the table emergency_access, but I'm a bit hesitated to clear that table and hope the issue will resolve automatically.

Originally created by @juriansluiman on GitHub (Mar 16, 2022). ### Subject of the issue My emergency access list is empty. However, I tried creating one several times (this might be related to #2209 where I made an SMTP error during emergency access configuration). I start with an empty contact list:  When I have entered all info and submit, vaultwarden says the entry already exists  I _think_ there's a database entry but as info is missing it isn't displayed. If I enter a new address, that mail gets delivered (but still my list remains empty). ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.24.0 * Web-vault version: v2.25.1 * Running within Docker: true (Base: Alpine) * Environment settings overridden: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.35.4 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** DOMAIN, SIGNUPS_ALLOWED, SIGNUPS_DOMAINS_WHITELIST, SHOW_PASSWORD_HINT, ADMIN_TOKEN, SMTP_HOST, SMTP_SSL, SMTP_EXPLICIT_TLS, SMTP_PORT, SMTP_FROM, SMTP_USERNAME, SMTP_PASSWORD ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_ip_header_enabled": true, "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_max_conns": 10, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*****.****.**", "domain_origin": "*****://*****.****.**", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 5 * * * *", "emergency_request_timeout_schedule": "0 5 * * * *", "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 307, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_org_name": "vault.slui.mn", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": "/bitwarden.log", "log_level": "trace", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "****.**", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": true, "smtp_explicit_tls": false, "smtp_from": "*****@****.**", "smtp_from_name": "Vaultwarden", "smtp_host": "****.********.***", "smtp_password": "***", "smtp_port": 587, "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": "******@****.**", "templates_folder": "data/templates", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Steps to reproduce 1. Open vaultwarden 2. Go to settings > emergency access 3. Add new contact & submit 4. Result is error, while expecting to add the new contact ### Troubleshooting data Some relevant logs from my docker image: ```cmd POST /api/emergency-access/invite => Matched: POST /api/emergency-access/invite (send_invite) Error: Grantee user already invited: xxx@example.com => Outcome: Success POST /api/emergency-access/invite (send_invite) => 400 Bad Request => Response succeeded. POST /api/emergency-access/invite application/json; charset=utf-8: POST /api/emergency-access/invite => Matched: POST /api/emergency-access/invite (send_invite) => Outcome: Success POST /api/emergency-access/invite (send_invite) => 200 OK => Response succeeded. thread '<unnamed>' panicked at 'Grantee user not found.', src/db/models/emergency_access.rs:96:50 GET /api/emergency-access/trusted application/json: GET /api/emergency-access/trusted => Matched: GET /api/emergency-access/trusted (get_contacts) ``` Note the first error I tried to add account `xxx@example.com` while already present in database. In the second error (Grantee user not found) I submit a new address and the email got delivered but the web interface still shows nothing. If I open the SQLite file, I see the records in the table emergency_access, but I'm a bit hesitated to clear that table and hope the issue will resolve automatically.

OVERLORD added the questiontroubleshooting labels 2026-02-05 00:20:45 +03:00

OVERLORD closed this issue 2026-02-05 00:20:46 +03:00

OVERLORD commented 2026-02-05 00:20:51 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Mar 18, 2022):

The strange thing is, i also see a 400 Bad Request during the invite.
Not sure what that Bad Request is returning.

In theory you should be able to clear-out the emergency_access table.
Also check if that mail address is located within the invitations table, and if so, remove it from there too.

After that try again.
Also, be sure to make a backup of the database before you continue, in case something goes wrong.

@BlackDex commented on GitHub (Mar 18, 2022): The strange thing is, i also see a `400 Bad Request` during the invite. Not sure what that `Bad Request` is returning. In theory you should be able to clear-out the `emergency_access` table. Also check if that mail address is located within the `invitations` table, and if so, remove it from there too. After that try again. Also, be sure to make a backup of the database before you continue, in case something goes wrong.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label question troubleshooting

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#1231