starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-12-11 09:13:02 +03:00
Code Issues 429 Packages Projects Releases 10 Wiki Activity

Invite Emergency Contact fails when grantee email is not already registered with an account #1244

New Issue
Closed
opened 2025-10-09 17:08:36 +03:00 by OVERLORD · 1 comment
OVERLORD commented 2025-10-09 17:08:36 +03:00
Owner
Copy Link

Originally created by @tam1m on GitHub.

Subject of the issue

When inviting an emergency contact, the invite fails with
Webinterface:

An error has occurred.
Grantee user does not exist: grantee@email.com.

Docker log:

vaultwarden                  | [2021-12-16 17:25:36.262][request][INFO] POST /api/emergency-access/invite
vaultwarden                  | [2021-12-16 17:25:36.264][vaultwarden::api::core::emergency_access][ERROR] Grantee user does not exist: grantee@email.com
vaultwarden                  | [2021-12-16 17:25:36.264][response][INFO] POST /api/emergency-access/invite (send_invite) => 400 Bad Request

This is not how it is supposed to work as the webinterface states that If they do not have a Bitwarden account already, they will be prompted to create a new account.

Deployment environment

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.23.1
  • Web-vault version: v2.25.0
  • Running within Docker: true (Base: Debian)
  • Environment settings overridden: false
  • Uses a reverse proxy: false
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Time Check: true
  • Domain Configuration Check: false
  • HTTPS Check: true
  • Database type: SQLite
  • Database version: 3.35.4
  • Clients used:
  • Reverse proxy and version:
  • Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden:

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_max_conns": 10,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://**.********.**",
  "domain_origin": "*****://**.********.**",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 5 * * * *",
  "emergency_request_timeout_schedule": "0 5 * * * *",
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_org_name": "vw.baschour.de",
  "invitations_allowed": true,
  "ip_header": "CF-Connecting-IP",
  "job_poll_interval_ms": 30000,
  "log_file": "/data/vaultwarden.log",
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "org_attachment_limit": 2000000,
  "org_creation_users": "",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": true,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_explicit_tls": false,
  "smtp_from": "**@**.********.**",
  "smtp_from_name": "Vaultwarden VPS",
  "smtp_host": "****.*****.***",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": "*.********@*****.***",
  "templates_folder": "data/templates",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": 2000000,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Steps to reproduce

Add emergency contact via webinterface, where the grantees email, is not already registered with an account

Expected behaviour

Vaultwarden sends an email invitation to the grantees email address. Same behaviour as invite to organization

Actual behaviour

Vaultwarden gives the following error message

Webinterface:

An error has occurred.
Grantee user does not exist: grantee@email.com.

Docker log:

vaultwarden                  | [2021-12-16 17:25:36.262][request][INFO] POST /api/emergency-access/invite
vaultwarden                  | [2021-12-16 17:25:36.264][vaultwarden::api::core::emergency_access][ERROR] Grantee user does not exist: grantee@email.com
vaultwarden                  | [2021-12-16 17:25:36.264][response][INFO] POST /api/emergency-access/invite (send_invite) => 400 Bad Request
Originally created by @tam1m on GitHub. <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue When inviting an emergency contact, the invite fails with Webinterface: ``` An error has occurred. Grantee user does not exist: grantee@email.com. ``` Docker log: ``` vaultwarden | [2021-12-16 17:25:36.262][request][INFO] POST /api/emergency-access/invite vaultwarden | [2021-12-16 17:25:36.264][vaultwarden::api::core::emergency_access][ERROR] Grantee user does not exist: grantee@email.com vaultwarden | [2021-12-16 17:25:36.264][response][INFO] POST /api/emergency-access/invite (send_invite) => 400 Bad Request ``` This is not how it is supposed to work as the webinterface states that `If they do not have a Bitwarden account already, they will be prompted to create a new account.` ### Deployment environment <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.23.1 * Web-vault version: v2.25.0 * Running within Docker: true (Base: Debian) * Environment settings overridden: false * Uses a reverse proxy: false * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: false * HTTPS Check: true * Database type: SQLite * Database version: 3.35.4 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_ip_header_enabled": true, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_max_conns": 10, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://**.********.**", "domain_origin": "*****://**.********.**", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 5 * * * *", "emergency_request_timeout_schedule": "0 5 * * * *", "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_org_name": "vw.baschour.de", "invitations_allowed": true, "ip_header": "CF-Connecting-IP", "job_poll_interval_ms": 30000, "log_file": "/data/vaultwarden.log", "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "org_attachment_limit": 2000000, "org_creation_users": "", "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": true, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": false, "smtp_from": "**@**.********.**", "smtp_from_name": "Vaultwarden VPS", "smtp_host": "****.*****.***", "smtp_password": "***", "smtp_port": 587, "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": "*.********@*****.***", "templates_folder": "data/templates", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": 2000000, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> Add emergency contact via webinterface, where the grantees email, is not already registered with an account ### Expected behaviour <!-- Tell us what you expected to happen --> Vaultwarden sends an email invitation to the grantees email address. Same behaviour as invite to organization ### Actual behaviour <!-- Tell us what actually happened --> Vaultwarden gives the following error message Webinterface: ``` An error has occurred. Grantee user does not exist: grantee@email.com. ``` Docker log: ``` vaultwarden | [2021-12-16 17:25:36.262][request][INFO] POST /api/emergency-access/invite vaultwarden | [2021-12-16 17:25:36.264][vaultwarden::api::core::emergency_access][ERROR] Grantee user does not exist: grantee@email.com vaultwarden | [2021-12-16 17:25:36.264][response][INFO] POST /api/emergency-access/invite (send_invite) => 400 Bad Request ```
OVERLORD added the buggood first issueenhancement labels 2025-10-09 17:08:36 +03:00
OVERLORD commented 2025-10-09 17:08:38 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub:

Confirmed. It should check if INVITATIONS_ALLOWED is enabled. Though i could even argue that we may need a different config item for this. Since this would allow anybody who has an account to create new accounts/invites for everybody. While this feature first was only able to be used by Organization Managers, Admins and Owners. Though, basic users were already able to create organizations them selfs, and then invite other uses if this was set to true.

What do you think @dani-garcia and @jjlin ? Should this be a separate config item like EMERGENCY_INVITATIONS_ALLOWED or just use the main one.

@BlackDex commented on GitHub: Confirmed. It should check if `INVITATIONS_ALLOWED` is enabled. Though i could even argue that we may need a different config item for this. Since this would allow anybody who has an account to create new accounts/invites for everybody. While this feature first was only able to be used by Organization Managers, Admins and Owners. Though, basic users were already able to create organizations them selfs, and then invite other uses if this was set to true. What do you think @dani-garcia and @jjlin ? Should this be a separate config item like `EMERGENCY_INVITATIONS_ALLOWED` or just use the main one.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
bug
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
troubleshooting
wontfix
No Label bug enhancement good first issue
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#1244
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?