starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-12-09 09:13:02 +03:00
Code Issues 429 Packages Projects Releases 10 Wiki Activity

Organization - Push Notifications not working correctly #391

New Issue
Closed
opened 2025-10-09 16:26:40 +03:00 by OVERLORD · 6 comments
OVERLORD commented 2025-10-09 16:26:40 +03:00
Owner
Copy Link

Originally created by @ghost on GitHub.

Vaultwarden Support String

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.32.0
  • Web-vault version: v2024.6.2b
  • OS/Arch: linux/x86_64
  • Running within a container: true (Base: Debian)
  • Environment settings overridden: true
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Browser/Server Time Check: true
  • Server/NTP Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Database type: SQLite
  • Database version: 3.46.0
  • Clients used:
  • Reverse proxy and version:
  • Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": false,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "cid:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*****************************",
  "domain_origin": "*****://*****************************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "fido2-vault-credentials",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": false,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "*********************",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": true,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": true,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "*********************",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "**************",
  "smtp_password": "***",
  "smtp_port": ***,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "*********************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Vaultwarden Build Version

v.1.32.0

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

Synology DSM-Proxy (nginx-proxy)

Host/Server Operating System

NAS/SAN

Operating System Version

DSM 7.2

Clients

Browser Extension, Desktop, iOS

Client Version

No response

Steps To Reproduce

Preparation: You need an organization and should have Bitwarden installed on iOS and macOS.

  1. Open Bitwarden (official macOS App Store version) on Mac, log in and show your items.
  2. Open Bitwarden on iOS, log in and show your items.
  3. On iOS device: Create a new Item in your Organization with Name "TEST"
  4. Save Item on iOS Bitwarden App.
    RESULT: iOS App shows new created Item, this Item is pushed and Mac App shows new Item immediately as well!!!
    WORK AS DESIGNED.

NOW VICE VERSA:

  1. Open Bitwarden (official iOS App Store version) on iOS, log in and show your items.
  2. Open Bitwarden on macOS, log in and show your items.
  3. On macOS device (or Web Vault): Create a new Item in your Organization with Name "TEST2"
  4. Save Item on macOS Bitwarden App (or Web Vault).
    RESULT: macOS App shows new created Item, this Item is !!! NOT !!! pushed and iOS App do not show new Item. ONLY manual refresh shows this Item called "TEST2"
    ISSUE?

FOLDER Sync via Push work! ITEM Sync NOT!

Expected Result

If a new Item is created in Web Vault or official macOS App Bitwarden, the sync should work, despite the device. The one way is already working, see 'Steps to Reproduce'. So the Other Way should also work.
Maybe, this is not implemented right now:
248e561b3f/src/api/push.rs (L153-L156)

EXPECTED RESULT IS:
Creating an Item on Bitwarden for macOS or inside the Web Vault, the Sync / Push Notification should be sent to the iOS Device.

Maybe a setting in the Admin Panel / Section or a Variable, that can be defined as TRUE is useful in the YAML File, if Push could be an issue for larger organizations...

Actual Result

The Item can actually not synced via Push from Mac Bitwarden App to iOS Bitwarden app.
From iOS to Mac, every is working.

Logs

No response

Screenshots or Videos

No response

Additional Context

If one way is working, the other one should be working as well... ;)
Please make this working, otherwise Organizations and Sync is one big issue and makes Vaultwarden not useful...

Originally created by @ghost on GitHub. ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.32.0 * Web-vault version: v2024.6.2b * OS/Arch: linux/x86_64 * Running within a container: true (Base: Debian) * Environment settings overridden: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.46.0 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": false, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "cid:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*****************************", "domain_origin": "*****://*****************************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "fido2-vault-credentials", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": false, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "*********************", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "push_enabled": true, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": true, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "*********************", "smtp_from_name": "Vaultwarden", "smtp_host": "**************", "smtp_password": "***", "smtp_port": ***, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "*********************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Vaultwarden Build Version v.1.32.0 ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy Synology DSM-Proxy (nginx-proxy) ### Host/Server Operating System NAS/SAN ### Operating System Version DSM 7.2 ### Clients Browser Extension, Desktop, iOS ### Client Version _No response_ ### Steps To Reproduce Preparation: You need an organization and should have Bitwarden installed on iOS and macOS. 1. Open Bitwarden (official macOS App Store version) on Mac, log in and show your items. 2. Open Bitwarden on iOS, log in and show your items. 3. On iOS device: Create a new Item in your Organization with Name "TEST" 4. Save Item on iOS Bitwarden App. RESULT: iOS App shows new created Item, this Item is pushed and Mac App shows new Item immediately as well!!! WORK AS DESIGNED. NOW VICE VERSA: 1. Open Bitwarden (official iOS App Store version) on iOS, log in and show your items. 2. Open Bitwarden on macOS, log in and show your items. 3. On macOS device (or Web Vault): Create a new Item in your Organization with Name "TEST2" 4. Save Item on macOS Bitwarden App (or Web Vault). RESULT: macOS App shows new created Item, this Item is !!! NOT !!! pushed and iOS App do not show new Item. ONLY manual refresh shows this Item called "TEST2" ISSUE? FOLDER Sync via Push work! ITEM Sync NOT! ### Expected Result If a new Item is created in Web Vault or official macOS App Bitwarden, the sync should work, despite the device. The one way is already working, see 'Steps to Reproduce'. So the Other Way should also work. Maybe, this is not implemented right now: https://github.com/dani-garcia/vaultwarden/blob/248e561b3fe6a8172751374df980c6cd43c841d5/src/api/push.rs#L153-L156 EXPECTED RESULT IS: Creating an Item on Bitwarden for macOS or inside the Web Vault, the Sync / Push Notification should be sent to the iOS Device. Maybe a setting in the Admin Panel / Section or a Variable, that can be defined as TRUE is useful in the YAML File, if Push could be an issue for larger organizations... ### Actual Result The Item can actually not synced via Push from Mac Bitwarden App to iOS Bitwarden app. From iOS to Mac, every is working. ### Logs _No response_ ### Screenshots or Videos _No response_ ### Additional Context If one way is working, the other one should be working as well... ;) Please make this working, otherwise Organizations and Sync is one big issue and makes Vaultwarden not useful...
OVERLORD added the bug label 2025-10-09 16:26:40 +03:00
OVERLORD commented 2025-10-09 16:26:44 +03:00
Author
Owner
Copy Link

@f0ff886f commented on GitHub:

Does this apply only for organizations or also for "My Vault"? I am curious I have the exact same behaviour as this bug with the new iOS app, but including items that are shown under "My Vault" (which I don't think is an organization).

The non-beta app (the old one) worked fine here, I change an item in the webvault and I see it immediately on my phone. Here, only from phone -> macOS app / webvault works, the other way not (and webvault <-> macOS app always works).

Not sure if this is the same thing or not, but this is the first ticket I saw that accurately describes the behaviour :)

@f0ff886f commented on GitHub: Does this apply only for organizations or also for "My Vault"? I am curious I have the exact same behaviour as this bug with the new iOS app, but including items that are shown under "My Vault" (which I don't think is an organization). The non-beta app (the old one) worked fine here, I change an item in the webvault and I see it immediately on my phone. Here, only from phone -> macOS app / webvault works, the other way not (and webvault <-> macOS app always works). Not sure if this is the same thing or not, but this is the first ticket I saw that accurately describes the behaviour :)
OVERLORD commented 2025-10-09 16:26:45 +03:00
Author
Owner
Copy Link

@ghost commented on GitHub:

I really understand this, but the question then would be:
Is this a bug on Bitwarden? Make it sense to open a ticket there?

Because the question is still not answered:
Why it is working one way (iOS to macOS), but not working the other one (macOS to iOS)?

Following the Bitwarden's comment (and I can understand that) means, it should not work for both ways, right? Or do I have a mistake in my thinking?

@ghost commented on GitHub: I really understand this, but the question then would be: Is this a bug on Bitwarden? Make it sense to open a ticket there? Because the question is still not answered: Why it is working one way (iOS to macOS), but not working the other one (macOS to iOS)? Following the Bitwarden's comment (and I can understand that) means, it should not work for both ways, right? Or do I have a mistake in my thinking?
OVERLORD commented 2025-10-09 16:26:46 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub:

It is really simple. Push notifications are not WebSocket notifications.

And WebSocket connections are only notified when people are actually connected, not if they have registered a mobile device which would be the case for Organizations.

If there are 1000 users in an org and all have a mobile, and all need this notification, that is going to take up a lot of resources via the Push framework. Also calculating the access is difficult, same for us we still might have an issue with group/collection access and making sure the access is correct.

Bitwarden has a free version including limited organizations and you can invite 2 users and test it there. If it also does not work there you can report issue. I would not do this based upon using Vaultwarden as that will end-up into the trash-bin.

Looking at the issues, there already was an issue opened and also closed (by the reporter him self) which pointed to the exact same part of the code as i did, https://github.com/bitwarden/server/issues/220.

Also, according to the documentation org items are not synced automatically, see https://bitwarden.com/help/vault-sync/#automatic-sync

So creating an issue/feature request might be an option. But i do not think that will be on the top of there list.

@BlackDex commented on GitHub: It is really simple. Push notifications are not WebSocket notifications. And WebSocket connections are only notified when people are actually connected, not if they have registered a mobile device which would be the case for Organizations. If there are 1000 users in an org and all have a mobile, and all need this notification, that is going to take up a lot of resources via the Push framework. Also calculating the access is difficult, same for us we still might have an issue with group/collection access and making sure the access is correct. Bitwarden has a free version including limited organizations and you can invite 2 users and test it there. If it also does not work there you can report issue. I would not do this based upon using Vaultwarden as that will end-up into the trash-bin. Looking at the issues, there already was an issue opened and also closed (by the reporter him self) which pointed to the exact same part of the code as i did, https://github.com/bitwarden/server/issues/220. Also, according to the documentation org items are not synced automatically, see https://bitwarden.com/help/vault-sync/#automatic-sync So creating an issue/feature request might be an option. But i do not think that will be on the top of there list.
OVERLORD commented 2025-10-09 16:26:46 +03:00
Author
Owner
Copy Link

@ghost commented on GitHub:

Thanks for the explanation. :)
Then I will go this way...

@ghost commented on GitHub: Thanks for the explanation. :) Then I will go this way...
OVERLORD commented 2025-10-09 16:26:47 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub:

That is not going to happen. We try to follow Bitwarden's way of working on most items to keep compatible with there clients.

That goes the same for this in my opinion. They do not send pushes to organizational owned ciphers. See here:
f5caecc6d6/src/Core/Services/Implementations/NotificationHubPushNotificationService.cs (L68...L76)

Also, this project is granted to allow usage of there relay and that is not a right but a privilege. Going to abuse that privilege will certainly get it revoked in the future.

Also keep in mind that Vaultwarden didn't had push for a long time, and it seemed to work well then also.

I can understand that it might be inconvenient, but it works as designed and i agree with the comments of Bitwarden.

Going to close this as works as intended.

@BlackDex commented on GitHub: That is not going to happen. We try to follow Bitwarden's way of working on most items to keep compatible with there clients. That goes the same for this in my opinion. They do not send pushes to organizational owned ciphers. See here: https://github.com/bitwarden/server/blob/f5caecc6d685b65f483793415e0bd1d656bff251/src/Core/Services/Implementations/NotificationHubPushNotificationService.cs#L68...L76 Also, this project is granted to allow usage of there relay and that is not a right but a privilege. Going to abuse that privilege will certainly get it revoked in the future. Also keep in mind that Vaultwarden didn't had push for a long time, and it seemed to work well then also. I can understand that it might be inconvenient, but it works as designed and i agree with the comments of Bitwarden. Going to close this as works as intended.
OVERLORD commented 2025-10-09 16:26:48 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub:

The new iOS app (And also Android) seems to have issues in general with Push notifications.

@BlackDex commented on GitHub: The new iOS app (And also Android) seems to have issues in general with Push notifications.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
bug
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
troubleshooting
wontfix
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#391
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?