Change email of an account #2355

New Issue

Closed

opened 2025-10-09 18:01:15 +03:00 by OVERLORD · 7 comments

OVERLORD commented 2025-10-09 18:01:15 +03:00

Owner

Copy Link

Originally created by @blacs30 on GitHub.

I am running the latest tag of mprasil's bitwarden docker image.

When I want to change my email address I get asked to enter a code that is supposedly sent to me via mail.
I don't a receive a mail and on the missing features email is listed so I don't expect mails.

Question:
Is there a way to change the accounts email addres?

Originally created by @blacs30 on GitHub. I am running the latest tag of mprasil's bitwarden docker image. When I want to change my email address I get asked to enter a code that is supposedly sent to me via mail. I don't a receive a mail and on the missing features email is listed so I don't expect mails. Question: Is there a way to change the accounts email addres?

OVERLORD added the enhancementdocumentation labels 2025-10-09 18:01:15 +03:00

OVERLORD closed this issue 2025-10-09 18:01:16 +03:00

OVERLORD commented 2025-10-09 18:01:17 +03:00

Author

Owner

Copy Link

@krankur commented on GitHub:

Not sure if I understand the above conversation fully. As per my understanding, if the user wants to change their email, they need to:

• Go to the "My account" screen
• In the "Change Email" section, enter "Master Password" and "New Email"
• Click ''Continue"

On clicking "Continue", the server API that is called (api/accounts/email-token), should update the email. But this doesn't seem right, as the user will be asked to enter the code on clicking "Continue", which will cause confusion. So, am I missing something here?

@krankur commented on GitHub: Not sure if I understand the above conversation fully. As per my understanding, if the user wants to change their email, they need to: - Go to the "My account" screen - In the "Change Email" section, enter "Master Password" and "New Email" - Click ''Continue" On clicking "Continue", the server API that is called (`api/accounts/email-token`), should update the email. But this doesn't seem right, as the user will be asked to enter the code on clicking "Continue", which will cause confusion. So, am I missing something here?

OVERLORD commented 2025-10-09 18:01:17 +03:00

Author

Owner

Copy Link

@blacs30 commented on GitHub:

From my perspective (user and admin of that bitwarden instance) a direct change would be acceptable.
If I would host an instance for a lot of people and it's more publicly accessible then an email verification code would make sense for security reasons but I understand that this would be a complete different dimension of time and code.

@blacs30 commented on GitHub: From my perspective (user and admin of that bitwarden instance) a direct change would be acceptable. If I would host an instance for a lot of people and it's more publicly accessible then an email verification code would make sense for security reasons but I understand that this would be a complete different dimension of time and code.

OVERLORD commented 2025-10-09 18:01:18 +03:00

Author

Owner

Copy Link

@mprasil commented on GitHub:

There is a handler post_email_token that handles this, it seems to verify your password and some other stuff, but it doesn't really change anything. We need to implement that maybe. We don't have email sending functionality so I guess we could just change it straight away?

@mprasil commented on GitHub: There is a [handler](https://github.com/dani-garcia/bitwarden_rs/blob/56b3afa77ca12aba6c3d11edf30b8b16378cbfe5/src/api/core/accounts.rs#L163) `post_email_token` that handles this, it seems to verify your password and some other stuff, but it doesn't really change anything. We need to implement that maybe. We don't have email sending functionality so I guess we could just change it straight away?

OVERLORD commented 2025-10-09 18:01:18 +03:00

Author

Owner

Copy Link

@mprasil commented on GitHub:

@krankur you're right it's going to be confusing, but the suggested way to go about it (without implementing and requiring SMTP) would be to just change the email straight away as it is sent and ignore the token part completely.Sure, people will be confused, but at least the email is changed.

@mprasil commented on GitHub: @krankur you're right it's going to be confusing, but the suggested way to go about it (without implementing and requiring SMTP) would be to just change the email straight away as it is sent and ignore the token part completely.Sure, people will be confused, but at least the email is changed.

OVERLORD commented 2025-10-09 18:01:19 +03:00

Author

Owner

Copy Link

@mprasil commented on GitHub:

Well we don't use that email for anything at all really. It's more like an username and bitwarden_rs wouldn't even mind if it wasn't valid email address. So I guess there's little harm in not validating it other than one user can "steal" the account with his email if such email wasn't already registered.

If we decide to just change the email here, it should be pretty simple change.

@mprasil commented on GitHub: Well we don't use that email for anything at all really. It's more like an username and bitwarden_rs wouldn't even mind if it wasn't valid email address. So I guess there's little harm in not validating it other than one user can "steal" the account with his email if such email wasn't already registered. If we decide to just change the email here, it should be pretty simple change.

OVERLORD commented 2025-10-09 18:01:20 +03:00

Author

Owner

Copy Link

@mprasil commented on GitHub:

Documentation has been added in #133. I'm going to resolve this. If anyone feels like they need to get the token via email, please file a separate issue.

@mprasil commented on GitHub: Documentation has been added in #133. I'm going to resolve this. If anyone feels like they need to get the token via email, please file a separate issue.

OVERLORD commented 2025-10-09 18:01:20 +03:00

Author

Owner

Copy Link

@mprasil commented on GitHub:

Okay, so it turns out this was already implemented. (without the email verification)

When you want to change your email, you just need to enter any random token when prompted. We should probably document this functionality.

@mprasil commented on GitHub: Okay, so it turns out this was already [implemented](https://github.com/dani-garcia/bitwarden_rs/commit/1c45c2ec3a716392997b5f60dbbdde77385a7fb2). (without the email verification) When you want to change your email, you just need to enter any random token when prompted. We should probably document this functionality.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

test_dylint

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

better for forum

bug

bug

bug

documentation

duplicate

enhancement

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

SSO

Third party

troubleshooting

troubleshooting

wontfix

No Label documentation enhancement

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#2355