starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-12-09 09:13:02 +03:00
Code Issues 429 Packages Projects Releases 10 Wiki Activity

Firefox extension login: Unexpected error #218

New Issue
Closed
opened 2025-10-09 16:18:13 +03:00 by OVERLORD · 0 comments
OVERLORD commented 2025-10-09 16:18:13 +03:00
Owner
Copy Link

Originally created by @jwefers on GitHub.

Vaultwarden Support String

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.33.2
  • Web-vault version: v2025.1.1
  • OS/Arch: linux/x86_64
  • Running within a container: true (Base: Debian)
  • Database type: SQLite
  • Database version: 3.48.0
  • Environment settings overridden!: true
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Browser/Server Time Check: true
  • Server/NTP Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Websocket Check: true
  • HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*****************",
  "domain_origin": "*****://*****************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "fido2-vault-credentials",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 2,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": false,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": true,
  "signups_verify_resend_limit": 2,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "***********************************",
  "smtp_from_name": "Vaultwarden xxx",
  "smtp_host": "**************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "***********************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": 86,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Vaultwarden Build Version

1.33.2

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

traefik 3.3.3

Host/Server Operating System

Linux

Operating System Version

Linux, Windows,

Clients

Browser Extension

Client Version

Firefox 135.0

Steps To Reproduce

Dear VW team,

Login on Firefox extension on any OS fails with "unexpected error". Desktop client works fine. This is the case for multiple weeks, but i didn't have time to investigate yet.

Steps:

  1. Open extension
  2. Enter self-hosted URL
  3. enter username
  4. Enter password
  5. Screenshot below.

Image

I do not get as far as being prompted for 2FA.

Expected Result

Reaching 2FA prompt, then successfully logged in

Actual Result

Unexpected error after entering Master password

Logs

vaultwarden  | [2025-02-11 05:46:19.852][request][INFO] GET /api/config
vaultwarden  | [2025-02-11 05:46:19.878][response][INFO] (config) GET /api/config => 200 OK
vaultwarden  | [2025-02-11 05:46:20.021][request][INFO] POST /identity/connect/token
vaultwarden  | [2025-02-11 05:46:20.078][response][INFO] (login) POST /identity/connect/token => 200 OK
vaultwarden  | [2025-02-11 05:46:20.658][request][INFO] GET /api/sync?excludeDomains=true
vaultwarden  | [2025-02-11 05:46:20.821][response][INFO] (sync) GET /api/sync?<data..> => 200 OK
vaultwarden  | [2025-02-11 05:46:22.129][request][INFO] GET /api/config
vaultwarden  | [2025-02-11 05:46:22.129][response][INFO] (config) GET /api/config => 200 OK
vaultwarden  | [2025-02-11 05:46:55.865][request][INFO] GET /api/devices/knowndevice
vaultwarden  | [2025-02-11 05:46:55.879][response][INFO] (get_known_device) GET /api/devices/knowndevice => 200 OK
vaultwarden  | [2025-02-11 05:46:59.465][request][INFO] POST /identity/accounts/prelogin
vaultwarden  | [2025-02-11 05:46:59.468][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK
vaultwarden  | [2025-02-11 05:46:59.704][request][INFO] POST /identity/connect/token
vaultwarden  | [2025-02-11 05:47:00.282][error][ERROR] 2FA token not provided
vaultwarden  | [2025-02-11 05:47:00.283][response][INFO] (login) POST /identity/connect/token => 400 Bad Request

Screenshots or Videos

Extension logs in FF debugging console:
Image

Additional Context

So the client sends an apparently empty or broken /connect/token request and the server returns 400 with "no 2FA token provided". In addition, i get an email "Incomplete Two-Step Login from Firefox" - but it happens within milliseconds.

Logging in to bitwarden.com from FF extension works fine.

For comparison, the vaultwarden server log for a successful login from the Bitwarden Linux Desktop Client (2025.1.4):

vaultwarden  | [2025-02-11 06:01:40.597][request][INFO] GET /api/devices/knowndevice
vaultwarden  | [2025-02-11 06:01:40.599][response][INFO] (get_known_device) GET /api/devices/knowndevice => 200 OK
vaultwarden  | [2025-02-11 06:01:47.261][request][INFO] POST /identity/accounts/prelogin
vaultwarden  | [2025-02-11 06:01:47.263][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK
vaultwarden  | [2025-02-11 06:01:47.466][request][INFO] POST /identity/connect/token
vaultwarden  | [2025-02-11 06:01:48.014][vaultwarden::api::identity][INFO] User <censored>@<censored> logged in successfully. IP: 192.168.144.1
vaultwarden  | [2025-02-11 06:01:48.014][response][INFO] (login) POST /identity/connect/token => 200 OK
vaultwarden  | [2025-02-11 06:01:48.451][request][INFO] GET /api/config
vaultwarden  | [2025-02-11 06:01:48.453][response][INFO] (config) GET /api/config => 200 OK
vaultwarden  | [2025-02-11 06:01:48.477][request][INFO] POST /identity/connect/token
vaultwarden  | [2025-02-11 06:01:48.486][request][INFO] GET /notifications/hub?access_token=ey<censored>
vaultwarden  | [2025-02-11 06:01:48.487][vaultwarden::api::notifications][INFO] Accepting Rocket WS connection from 192.168.144.1
vaultwarden  | [2025-02-11 06:01:48.487][response][INFO] (login) POST /identity/connect/token => 200 OK
...
Originally created by @jwefers on GitHub. ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.33.2 * Web-vault version: v2025.1.1 * OS/Arch: linux/x86_64 * Running within a container: true (Base: Debian) * Database type: SQLite * Database version: 3.48.0 * Environment settings overridden!: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Websocket Check: true * HTTP Response Checks: true ### Config & Details (Generated via diagnostics page) <details><summary>Show Config & Details</summary> **Environment settings which are overridden:** DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN **Config:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "***:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_connect_src": "", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*****************", "domain_origin": "*****://*****************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "fido2-vault-credentials", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 2, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": false, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "push_enabled": false, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": true, "signups_verify_resend_limit": 2, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "***********************************", "smtp_from_name": "Vaultwarden xxx", "smtp_host": "**************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "***********************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": 86, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Vaultwarden Build Version 1.33.2 ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy traefik 3.3.3 ### Host/Server Operating System Linux ### Operating System Version Linux, Windows, ### Clients Browser Extension ### Client Version Firefox 135.0 ### Steps To Reproduce Dear VW team, Login on Firefox extension on any OS fails with "unexpected error". Desktop client works fine. This is the case for multiple weeks, but i didn't have time to investigate yet. Steps: 1. Open extension 2. Enter self-hosted URL 3. enter username 4. Enter password 5. Screenshot below. ![Image](https://github.com/user-attachments/assets/70eee7f9-4af7-4e3b-853e-5d22d7048273) I do not get as far as being prompted for 2FA. ### Expected Result Reaching 2FA prompt, then successfully logged in ### Actual Result Unexpected error after entering Master password ### Logs ```text vaultwarden | [2025-02-11 05:46:19.852][request][INFO] GET /api/config vaultwarden | [2025-02-11 05:46:19.878][response][INFO] (config) GET /api/config => 200 OK vaultwarden | [2025-02-11 05:46:20.021][request][INFO] POST /identity/connect/token vaultwarden | [2025-02-11 05:46:20.078][response][INFO] (login) POST /identity/connect/token => 200 OK vaultwarden | [2025-02-11 05:46:20.658][request][INFO] GET /api/sync?excludeDomains=true vaultwarden | [2025-02-11 05:46:20.821][response][INFO] (sync) GET /api/sync?<data..> => 200 OK vaultwarden | [2025-02-11 05:46:22.129][request][INFO] GET /api/config vaultwarden | [2025-02-11 05:46:22.129][response][INFO] (config) GET /api/config => 200 OK vaultwarden | [2025-02-11 05:46:55.865][request][INFO] GET /api/devices/knowndevice vaultwarden | [2025-02-11 05:46:55.879][response][INFO] (get_known_device) GET /api/devices/knowndevice => 200 OK vaultwarden | [2025-02-11 05:46:59.465][request][INFO] POST /identity/accounts/prelogin vaultwarden | [2025-02-11 05:46:59.468][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK vaultwarden | [2025-02-11 05:46:59.704][request][INFO] POST /identity/connect/token vaultwarden | [2025-02-11 05:47:00.282][error][ERROR] 2FA token not provided vaultwarden | [2025-02-11 05:47:00.283][response][INFO] (login) POST /identity/connect/token => 400 Bad Request ``` ### Screenshots or Videos Extension logs in FF debugging console: ![Image](https://github.com/user-attachments/assets/bb7e62fa-b34e-457a-b0e6-113a56d08cb3) ### Additional Context So the client sends an apparently empty or broken /connect/token request and the server returns 400 with "no 2FA token provided". In addition, i get an email "Incomplete Two-Step Login from Firefox" - but it happens within milliseconds. Logging in to bitwarden.com from FF extension works fine. For comparison, the vaultwarden server log for a successful login from the Bitwarden Linux Desktop Client (2025.1.4): ``` vaultwarden | [2025-02-11 06:01:40.597][request][INFO] GET /api/devices/knowndevice vaultwarden | [2025-02-11 06:01:40.599][response][INFO] (get_known_device) GET /api/devices/knowndevice => 200 OK vaultwarden | [2025-02-11 06:01:47.261][request][INFO] POST /identity/accounts/prelogin vaultwarden | [2025-02-11 06:01:47.263][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK vaultwarden | [2025-02-11 06:01:47.466][request][INFO] POST /identity/connect/token vaultwarden | [2025-02-11 06:01:48.014][vaultwarden::api::identity][INFO] User <censored>@<censored> logged in successfully. IP: 192.168.144.1 vaultwarden | [2025-02-11 06:01:48.014][response][INFO] (login) POST /identity/connect/token => 200 OK vaultwarden | [2025-02-11 06:01:48.451][request][INFO] GET /api/config vaultwarden | [2025-02-11 06:01:48.453][response][INFO] (config) GET /api/config => 200 OK vaultwarden | [2025-02-11 06:01:48.477][request][INFO] POST /identity/connect/token vaultwarden | [2025-02-11 06:01:48.486][request][INFO] GET /notifications/hub?access_token=ey<censored> vaultwarden | [2025-02-11 06:01:48.487][vaultwarden::api::notifications][INFO] Accepting Rocket WS connection from 192.168.144.1 vaultwarden | [2025-02-11 06:01:48.487][response][INFO] (login) POST /identity/connect/token => 200 OK ... ```
OVERLORD added the bug label 2025-10-09 16:18:13 +03:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
bug
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
troubleshooting
wontfix
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#218
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?