starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-12-11 09:13:02 +03:00
Code Issues 429 Packages Projects Releases 10 Wiki Activity

Organization — Two-step login enforcement doesn't work #1341

New Issue
Closed
opened 2025-10-09 17:11:57 +03:00 by OVERLORD · 2 comments
OVERLORD commented 2025-10-09 17:11:57 +03:00
Owner
Copy Link

Originally created by @guillaume-u on GitHub.

Even if I've set "Two-step login" enable in an organization policy.
New user (via an invitation) can join this organization without Two-Step login configured on their account.

  • Vaultwarden version: latest stable v1.22.1
  • Installed method : Build from source
  • Client : web vault

Steps to reproduce

  • Vaultwarden was started via "./vaultwarden" or via systemd.

  • Create a new organization

  • Set the policy "Two-step Login" to enable

  • Invite a new user (as "user" or "manager")

  • Create the new account (by following the invitation email) — without setting a two-step factor.

  • Accept the user in the organization.

Expected behaviour

  • A user without a Two-step login enabled, should not be able to join a organization with "Two-step login" setting enabled.

Actual behaviour

  • A user without a Two-step login enable can join an organization with "Two-step login" enabled.
Originally created by @guillaume-u on GitHub. Even if I've set "Two-step login" enable in an organization policy. New user (via an invitation) can join this organization without Two-Step login configured on their account. * Vaultwarden version: latest stable v1.22.1 * Installed method : Build from source * Client : web vault ### Steps to reproduce * Vaultwarden was started via "./vaultwarden" or via systemd. * Create a new organization * Set the policy "Two-step Login" to enable * Invite a new user (as "user" or "manager") * Create the new account (by following the invitation email) — without setting a two-step factor. * Accept the user in the organization. ### Expected behaviour * A user without a Two-step login enabled, should not be able to join a organization with "Two-step login" setting enabled. ### Actual behaviour * A user without a Two-step login enable can join an organization with "Two-step login" enabled.
OVERLORD commented 2025-10-09 17:11:59 +03:00
Author
Owner
Copy Link

@bokkabonga commented on GitHub:

There is an existing PR for this which is pending a review and checks, as far as i know. See #1604

@bokkabonga commented on GitHub: There is an existing PR for this which is pending a review and checks, as far as i know. See #1604
OVERLORD commented 2025-10-09 17:11:59 +03:00
Author
Owner
Copy Link

@guillaume-u commented on GitHub:

You're right, it's the same issue as #981

Sorry.

Guillaume.

@guillaume-u commented on GitHub: You're right, it's the same issue as #981 Sorry. Guillaume.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
bug
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
troubleshooting
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#1341
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?