starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-02-05 00:29:40 +03:00
Code Issues 32 Packages Projects Releases 10 Wiki Activity

Bitwarden Android app crashes when trying to login on Vaultwarden #1403

New Issue
Closed
opened 2026-02-05 00:50:18 +03:00 by OVERLORD · 0 comments
OVERLORD commented 2026-02-05 00:50:18 +03:00
Owner
Copy Link

Originally created by @e7d on GitHub (Nov 6, 2022).

Subject of the issue

Bitwarden Android application (version 2022.10.1) crashes during login against Vaultwarden version 1.26.0.

Deployment environment

  • Vaultwarden version: v1.26.0
  • Web-vault version: v2022.10.0
  • Running within Docker: true (Base: Debian)
  • Environment settings overridden: true
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Database type: SQLite
  • Database version: 3.35.4
  • Clients used:
  • Reverse proxy and version:
  • Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN

{
  "_duo_akey": "***",
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*****.****.***.**",
  "domain_origin": "*****://*****.****.***.**",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 5 * * * *",
  "emergency_request_timeout_schedule": "0 5 * * * *",
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "e7d's Vault",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "password_hints_allowed": true,
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_explicit_tls": null,
  "smtp_from": "*****@*********.***.**",
  "smtp_from_name": "e7d's Vault",
  "smtp_host": "****.*************.***",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "**************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}
  • vaultwarden version:
    • 1.26.0
  • Install method:
    • Docker compose
docker-compose.yml 
services:
  vaultwarden:
    environment:
      - ADMIN_TOKEN=<REDACTED>
      - DOMAIN=<REDACTED>
      # - LOG_LEVEL=debug
      # - EXTENDED_LOGGING=true
      - SIGNUPS_ALLOWED=false
      - WEBSOCKET_ENABLED=true
    image: vaultwarden/server
    labels:
      - traefik.enable=true
      - traefik.docker.network=vaultwarden
      - traefik.http.routers.vaultwarden.entrypoints=websecure
      - traefik.http.routers.vaultwarden.middlewares=https-headers@file
      - traefik.http.routers.vaultwarden.rule=Host(`<REDACTED>`, `<REDACTED>`)
      - traefik.http.routers.vaultwarden.service=vaultwarden
      - traefik.http.routers.vaultwarden.tls.certresolver=le
      - traefik.http.services.vaultwarden.loadbalancer.server.port=80
      - traefik.http.routers.vaultwarden_notifications.entrypoints=websecure
      - traefik.http.routers.vaultwarden_notifications.middlewares=https-headers@file
      - traefik.http.routers.vaultwarden_notifications.rule=Host(`<REDACTED>`, `<REDACTED>`) && Path(`/notifications/hub`)
      - traefik.http.routers.vaultwarden_notifications.service=vaultwarden_notifications
      - traefik.http.routers.vaultwarden_notifications.tls.certresolver=le
      - traefik.http.services.vaultwarden_notifications.loadbalancer.server.port=3012
    logging:
      driver: loki
      options:
        loki-url: "http://localhost:3100/loki/api/v1/push"
    networks:
      - vaultwarden
    ports:
      - "8659:80"
    restart: always
    tmpfs:
      - /data/icon_cache
      - /data/tmp
    volumes:
      - vaultwarden_data:/data

networks:
  vaultwarden:
    external: true

volumes:
  vaultwarden_data:
    external: true

  • Clients used:

    • Android version 1.26.0.

  • Reverse proxy and version:

    • Traefik v2.8.1 with domain through WAN
    • Direct traffic via IP through LAN

  • MySQL/MariaDB or PostgreSQL version:

    • N/A

  • Other relevant details:

    • Clearing cache data from the Android app did not help.
    • Clearing all data from the Android app did not help.
    • Uninstalling then installing back the Android app did not help.
    • Deauthorizing all sessions of the user from the Admin panel did not help.
    • All the following other clients are not affected, wether its a "come-back" log in, or a first time log in:
      • Chrome browser with integrated web app
      • Bitwarden Chrome extension
      • Bitwarden Windows application
      • Bitwarden Flatpak application (on Fedora)
    • This problem affects my phone (Pixel 5) and my Tablet (Lenovo P11), but not my wife's one (OnePlus 7) as her login token is still valid.
      • At least, as I did not disconnected her application as it still works for her, she can still log back in without any issue for now.
    • Finally, the application always crashes, wether the inputted email exists in the database or not.

Steps to reproduce

  1. Open Bitwarden on Android.
  2. Click the cog on the top-right, set the server URL paramater, then click Save.
  3. Fill the Email address field with valid data, then click Continue.

Expected behaviour

To be able to login with Vaultwarden using the latest Android app.

Actual behaviour

The android app crashes after submitting the email address.
The behavior is the same, be it via WAN on proxied domain (https://<REDACTED-DOMAIN>/), or via LAN on direct IP (http://<REDACTED-IP>:8659/).

Troubleshooting data

The log of the request received and sent back by Vaultwarden when thae Android app crashes:

vaultwarden-vaultwarden-1  | [2022-11-06 13:13:55.724][request][INFO] GET /api/devices/knowndevice/<REDACTED-EMAIL>/<REDACTED-UUID>
vaultwarden-vaultwarden-1  | [2022-11-06 13:13:55.724][_][WARN] Response was `None`.
vaultwarden-vaultwarden-1  | [2022-11-06 13:13:55.724][_][WARN] Responding with registered (api_not_found) /api 404 catcher.
vaultwarden-vaultwarden-1  | [2022-11-06 13:13:55.724][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
vaultwarden-vaultwarden-1  | [2022-11-06 13:43:55.458][request][INFO] GET /api/devices/knowndevice/<OTHER-REDACTED-EMAIL>/<REDACTED-UUID>
vaultwarden-vaultwarden-1  | [2022-11-06 13:43:55.459][_][WARN] Response was `None`.
vaultwarden-vaultwarden-1  | [2022-11-06 13:43:55.459][_][WARN] Responding with registered (api_not_found) /api 404 catcher.
vaultwarden-vaultwarden-1  | [2022-11-06 13:43:55.459][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
vaultwarden-vaultwarden-1  | [2022-11-06 13:46:44.805][request][INFO] GET /api/devices/knowndevice/<OTHER-INVALID-REDACTED-EMAIL>/<REDACTED-UUID>
vaultwarden-vaultwarden-1  | [2022-11-06 13:46:44.806][_][WARN] Response was `None`.
vaultwarden-vaultwarden-1  | [2022-11-06 13:46:44.806][_][WARN] Responding with registered (api_not_found) /api 404 catcher.
vaultwarden-vaultwarden-1  | [2022-11-06 13:46:44.806][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found

Notes:

  • The <REDACTED-UUID> seems to reflect the used device, as it is the same whatever the account I try to log in.
  • The <REDACTED-UUID> resets and changes when I reset the Android Application data, or when i uninstall it then install it again.
Originally created by @e7d on GitHub (Nov 6, 2022). <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue Bitwarden Android application (version 2022.10.1) crashes during login against Vaultwarden version 1.26.0. ### Deployment environment * Vaultwarden version: v1.26.0 * Web-vault version: v2022.10.0 * Running within Docker: true (Base: Debian) * Environment settings overridden: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.35.4 * Clients used: * Reverse proxy and version: * Other relevant information: #### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN ```json { "_duo_akey": "***", "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*****.****.***.**", "domain_origin": "*****://*****.****.***.**", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 5 * * * *", "emergency_request_timeout_schedule": "0 5 * * * *", "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_expiration_hours": 120, "invitation_org_name": "e7d's Vault", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "password_hints_allowed": true, "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": null, "smtp_from": "*****@*********.***.**", "smtp_from_name": "e7d's Vault", "smtp_host": "****.*************.***", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "**************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> * vaultwarden version: * 1.26.0 <!-- How the server was installed: Docker image, OS package, built from source, etc. --> * Install method: * Docker compose <details><summary>docker-compose.yml</summary> ```yml services: vaultwarden: environment: - ADMIN_TOKEN=<REDACTED> - DOMAIN=<REDACTED> # - LOG_LEVEL=debug # - EXTENDED_LOGGING=true - SIGNUPS_ALLOWED=false - WEBSOCKET_ENABLED=true image: vaultwarden/server labels: - traefik.enable=true - traefik.docker.network=vaultwarden - traefik.http.routers.vaultwarden.entrypoints=websecure - traefik.http.routers.vaultwarden.middlewares=https-headers@file - traefik.http.routers.vaultwarden.rule=Host(`<REDACTED>`, `<REDACTED>`) - traefik.http.routers.vaultwarden.service=vaultwarden - traefik.http.routers.vaultwarden.tls.certresolver=le - traefik.http.services.vaultwarden.loadbalancer.server.port=80 - traefik.http.routers.vaultwarden_notifications.entrypoints=websecure - traefik.http.routers.vaultwarden_notifications.middlewares=https-headers@file - traefik.http.routers.vaultwarden_notifications.rule=Host(`<REDACTED>`, `<REDACTED>`) && Path(`/notifications/hub`) - traefik.http.routers.vaultwarden_notifications.service=vaultwarden_notifications - traefik.http.routers.vaultwarden_notifications.tls.certresolver=le - traefik.http.services.vaultwarden_notifications.loadbalancer.server.port=3012 logging: driver: loki options: loki-url: "http://localhost:3100/loki/api/v1/push" networks: - vaultwarden ports: - "8659:80" restart: always tmpfs: - /data/icon_cache - /data/tmp volumes: - vaultwarden_data:/data networks: vaultwarden: external: true volumes: vaultwarden_data: external: true ``` </details> * Clients used: <!-- web vault, desktop, Android, iOS, etc. (if applicable) --> * Android version 1.26.0. * Reverse proxy and version: <!-- if applicable --> * Traefik v2.8.1 with domain through WAN * Direct traffic via IP through LAN * MySQL/MariaDB or PostgreSQL version: <!-- if applicable --> * N/A * Other relevant details: * Clearing cache data from the Android app did not help. * Clearing all data from the Android app did not help. * Uninstalling then installing back the Android app did not help. * Deauthorizing all sessions of the user from the Admin panel did not help. * All the following other clients are not affected, wether its a "come-back" log in, or a first time log in: * Chrome browser with integrated web app * Bitwarden Chrome extension * Bitwarden Windows application * Bitwarden Flatpak application (on Fedora) * This problem affects my phone (Pixel 5) and my Tablet (Lenovo P11), but not my wife's one (OnePlus 7) as her login token is still valid. * At least, as I did not disconnected her application as it still works for her, she can still log back in without any issue for now. * Finally, the application always crashes, wether the inputted email exists in the database or not. ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> 1. Open Bitwarden on Android. 2. Click the cog on the top-right, set the `server URL` paramater, then click `Save`. 3. Fill the `Email address` field with valid data, then click `Continue`. ### Expected behaviour To be able to login with Vaultwarden using the latest Android app. ### Actual behaviour The android app crashes after submitting the email address. The behavior is the same, be it via WAN on proxied domain (`https://<REDACTED-DOMAIN>/`), or via LAN on direct IP (`http://<REDACTED-IP>:8659/`). ### Troubleshooting data <!-- Share any log files, screenshots, or other relevant troubleshooting data --> The log of the request received and sent back by Vaultwarden when thae Android app crashes: ```log vaultwarden-vaultwarden-1 | [2022-11-06 13:13:55.724][request][INFO] GET /api/devices/knowndevice/<REDACTED-EMAIL>/<REDACTED-UUID> vaultwarden-vaultwarden-1 | [2022-11-06 13:13:55.724][_][WARN] Response was `None`. vaultwarden-vaultwarden-1 | [2022-11-06 13:13:55.724][_][WARN] Responding with registered (api_not_found) /api 404 catcher. vaultwarden-vaultwarden-1 | [2022-11-06 13:13:55.724][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found vaultwarden-vaultwarden-1 | [2022-11-06 13:43:55.458][request][INFO] GET /api/devices/knowndevice/<OTHER-REDACTED-EMAIL>/<REDACTED-UUID> vaultwarden-vaultwarden-1 | [2022-11-06 13:43:55.459][_][WARN] Response was `None`. vaultwarden-vaultwarden-1 | [2022-11-06 13:43:55.459][_][WARN] Responding with registered (api_not_found) /api 404 catcher. vaultwarden-vaultwarden-1 | [2022-11-06 13:43:55.459][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found vaultwarden-vaultwarden-1 | [2022-11-06 13:46:44.805][request][INFO] GET /api/devices/knowndevice/<OTHER-INVALID-REDACTED-EMAIL>/<REDACTED-UUID> vaultwarden-vaultwarden-1 | [2022-11-06 13:46:44.806][_][WARN] Response was `None`. vaultwarden-vaultwarden-1 | [2022-11-06 13:46:44.806][_][WARN] Responding with registered (api_not_found) /api 404 catcher. vaultwarden-vaultwarden-1 | [2022-11-06 13:46:44.806][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found ``` Notes: * The `<REDACTED-UUID>` seems to reflect the used device, as it is the same whatever the account I try to log in. * The `<REDACTED-UUID>` resets and changes when I reset the Android Application data, or when i uninstall it then install it again.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
troubleshooting
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#1403
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?