[PR #5188] Some more authrequest changes #2645

New Issue

OVERLORD · 2025-10-09T18:08:52+03:00

OVERLORD commented

2025-10-09 18:08:52 +03:00

Original Pull Request: https://github.com/dani-garcia/vaultwarden/pull/5188

State: closed
Merged: Yes

Previously we weren't setting the response date anywhere, it doesn't seem used but might as well return it just in case.
If an authentication request was approved already, we don't allow to do it again. This is to match with what Bitwarden is doing, though I don't think there's a way to actually do it or exploit it somehow.
Added an explicit time limit for the auth requests, previously we relied on our scheduled job to clean them up, and a user could technically disable that.

**Original Pull Request:** https://github.com/dani-garcia/vaultwarden/pull/5188 **State:** closed **Merged:** Yes --- - Previously we weren't setting the response date anywhere, it doesn't seem used but might as well return it just in case. - If an authentication request was approved already, we don't allow to do it again. This is to match with what Bitwarden is doing, though I don't think there's a way to actually do it or exploit it somehow. - Added an explicit time limit for the auth requests, previously we relied on our scheduled job to clean them up, and a user could technically disable that.

OVERLORD added the pull-request label 2025-10-09 18:08:52 +03:00

OVERLORD closed this issue

2025-10-09 18:08:53 +03:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#2645