2FA login recovery broken #1426

New Issue

Closed

opened 2026-02-05 00:54:45 +03:00 by OVERLORD · 1 comment

OVERLORD commented 2026-02-05 00:54:45 +03:00

Owner

Copy Link

Originally created by @richardmeilinger on GitHub (Dec 14, 2022).

The 2FA recovery is broken using the most recent docker image testing
It works fine with the latest docker image.

[2022-12-14 11:18:11.510][request][INFO] POST /identity/accounts/prelogin
[2022-12-14 11:18:11.511][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK
[2022-12-14 11:18:11.558][request][INFO] POST /api/two-factor/recover
[2022-12-14 11:18:11.558][auth][ERROR] Unauthorized Error: No access token provided
[2022-12-14 11:18:11.558][_][WARN] Request guard `Headers` failed: "No access token provided".
[2022-12-14 11:18:11.558][_][WARN] No 401 catcher registered. Using Rocket default.
[2022-12-14 11:18:11.558][response][INFO] (recover) POST /api/two-factor/recover => 401 Unauthorized

Originally created by @richardmeilinger on GitHub (Dec 14, 2022). The 2FA recovery is broken using the most recent docker image `testing` It works fine with the `latest` docker image.  ``` [2022-12-14 11:18:11.510][request][INFO] POST /identity/accounts/prelogin [2022-12-14 11:18:11.511][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK [2022-12-14 11:18:11.558][request][INFO] POST /api/two-factor/recover [2022-12-14 11:18:11.558][auth][ERROR] Unauthorized Error: No access token provided [2022-12-14 11:18:11.558][_][WARN] Request guard `Headers` failed: "No access token provided". [2022-12-14 11:18:11.558][_][WARN] No 401 catcher registered. Using Rocket default. [2022-12-14 11:18:11.558][response][INFO] (recover) POST /api/two-factor/recover => 401 Unauthorized ```

OVERLORD added the bug label 2026-02-05 00:54:45 +03:00

OVERLORD closed this issue 2026-02-05 00:54:50 +03:00

OVERLORD commented 2026-02-05 00:54:53 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Dec 14, 2022):

Looks like they changed the workflow there to. Before you first needed to login, and then you could enter the recovery token. Now they combined them.

Thanks for the report.

@BlackDex commented on GitHub (Dec 14, 2022): Looks like they changed the workflow there to. Before you first needed to login, and then you could enter the recovery token. Now they combined them. Thanks for the report.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#1426