starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-02-05 00:29:40 +03:00
Code Issues 32 Packages Projects Releases 10 Wiki Activity

MySQL backend: Cannot share cipher with organisation #765

New Issue
Closed
opened 2026-02-04 22:28:45 +03:00 by OVERLORD · 3 comments
OVERLORD commented 2026-02-04 22:28:45 +03:00
Owner
Copy Link

Originally created by @smerschjohann on GitHub (Aug 3, 2020).

Subject of the issue

If bitwarden_rs is used with mysql backend, it is not possible to share existing ciphers with an organisation.

Your environment

Server Installed 1.16.1
Server Latest 1.16.1
Web Installed 2.15.1
Web Latest 2.15.1

Bitwarden_rs version: In Openshift environment using docker image: bitwardenrs/server-mysql:1.16.1

Install method

  • Clients used: bitwarden app and chrome extension (irrelevant, server issue)
  • Reverse proxy and version: -
  • Version of mysql/postgresql: mariadb 10.5.4

Steps to reproduce

  1. Install using the mentioned docker container.
  2. Create a user account
  3. Create an organisation
  4. Add a cipher in your user account
  5. Use the share method to move it to the organisation. This will fail with "cannot save cipher"

Expected behaviour

The cipher can be moved to the organisation.

Actual behaviour

the cipher cannot be stored because of a constraint violation.

Relevant logs

[2020-08-03 08:33:23.633][request][INFO] PUT /api/ciphers/6d708d14-07be-47f1-beee-2d2c4b83c5cd/share
[2020-08-03 08:33:23.646][error][ERROR] Error saving cipher.
[CAUSE] DatabaseError(
    ForeignKeyViolation,
    "Cannot delete or update a parent row: a foreign key constraint fails (`bitwarden`.`ciphers_collections`, CONSTRAINT `ciphers_collections_ibfk_1` FOREIGN KEY (`cipher_uuid`) REFERENCES `ciphers` (`uuid`))",
)
[2020-08-03 08:44:54.592][response][INFO] PUT /api/ciphers/<uuid>/share (put_cipher_share) => 400 Bad Request

If the contraint is divided in update and delete constraints, it turns out that the delete contraint is violated:

[2020-08-03 08:53:44.893][request][INFO] PUT /api/ciphers/10d228e6-4f28-4cba-a4fd-52944646fc04/share
[2020-08-03 08:53:44.907][error][ERROR] Error saving cipher.
[CAUSE] DatabaseError(
    ForeignKeyViolation,
    "Cannot delete or update a parent row: a foreign key constraint fails (`bitwarden`.`ciphers_collections`, CONSTRAINT `delete_check` FOREIGN KEY (`cipher_uuid`) REFERENCES `ciphers` (`uuid`) ON UPDATE NO ACTION)",
)
[2020-08-03 08:53:44.907][response][INFO] PUT /api/ciphers/<uuid>/share (put_cipher_share) => 400 Bad Request

It seems that the server wants to recreate the cipher in the database instead of updating it. By trying that, it violated the key constraints of the ciphers_collections.
It apperas that the folder_collection is also affected.

Originally created by @smerschjohann on GitHub (Aug 3, 2020). ### Subject of the issue If bitwarden_rs is used with mysql backend, it is not possible to share existing ciphers with an organisation. ### Your environment Server Installed 1.16.1 Server Latest 1.16.1 Web Installed 2.15.1 Web Latest 2.15.1 Bitwarden_rs version: In Openshift environment using docker image: bitwardenrs/server-mysql:1.16.1 ### Install method * Clients used: bitwarden app and chrome extension (irrelevant, server issue) * Reverse proxy and version: - * Version of mysql/postgresql: mariadb 10.5.4 ### Steps to reproduce 1. Install using the mentioned docker container. 2. Create a user account 3. Create an organisation 4. Add a cipher in your user account 5. Use the share method to move it to the organisation. This will fail with "cannot save cipher" ### Expected behaviour The cipher can be moved to the organisation. ### Actual behaviour the cipher cannot be stored because of a constraint violation. ### Relevant logs ``` [2020-08-03 08:33:23.633][request][INFO] PUT /api/ciphers/6d708d14-07be-47f1-beee-2d2c4b83c5cd/share [2020-08-03 08:33:23.646][error][ERROR] Error saving cipher. [CAUSE] DatabaseError( ForeignKeyViolation, "Cannot delete or update a parent row: a foreign key constraint fails (`bitwarden`.`ciphers_collections`, CONSTRAINT `ciphers_collections_ibfk_1` FOREIGN KEY (`cipher_uuid`) REFERENCES `ciphers` (`uuid`))", ) [2020-08-03 08:44:54.592][response][INFO] PUT /api/ciphers/<uuid>/share (put_cipher_share) => 400 Bad Request ``` If the contraint is divided in update and delete constraints, it turns out that the delete contraint is violated: ``` [2020-08-03 08:53:44.893][request][INFO] PUT /api/ciphers/10d228e6-4f28-4cba-a4fd-52944646fc04/share [2020-08-03 08:53:44.907][error][ERROR] Error saving cipher. [CAUSE] DatabaseError( ForeignKeyViolation, "Cannot delete or update a parent row: a foreign key constraint fails (`bitwarden`.`ciphers_collections`, CONSTRAINT `delete_check` FOREIGN KEY (`cipher_uuid`) REFERENCES `ciphers` (`uuid`) ON UPDATE NO ACTION)", ) [2020-08-03 08:53:44.907][response][INFO] PUT /api/ciphers/<uuid>/share (put_cipher_share) => 400 Bad Request ```` It seems that the server wants to recreate the cipher in the database instead of updating it. By trying that, it violated the key constraints of the *ciphers_collections*. It apperas that the *folder_collection* is also affected.
OVERLORD commented 2026-02-04 22:28:48 +03:00
Author
Owner
Copy Link

@smerschjohann commented on GitHub (Aug 3, 2020):

A possible workaround for now: Delete the constraint on the collection tables

@smerschjohann commented on GitHub (Aug 3, 2020): A possible workaround for now: Delete the constraint on the collection tables
OVERLORD commented 2026-02-04 22:28:52 +03:00
Author
Owner
Copy Link

@smerschjohann commented on GitHub (Aug 3, 2020):

The issue is the use of replace_into in all of the save() methods: f724addf9a/src/db/models/user.rs (L186)

f724addf9a/src/db/models/cipher.rs (L207)

replace_into checks for constraint violations on delete: If there are foreign keys, ON DELETE action will be activated by REPLACE..

Instead of REPLACE INTO, the use of INSERT ... ON DUPLICATE KEY UPDATE should fix the problem, but it seems unavailable in the diesel sdk.
I think it cannot be done in a single statement using that framework.

@smerschjohann commented on GitHub (Aug 3, 2020): The issue is the use of replace_into in all of the save() methods: https://github.com/dani-garcia/bitwarden_rs/blob/f724addf9ac972a04f536262ed21a7e6c1da0660/src/db/models/user.rs#L186 https://github.com/dani-garcia/bitwarden_rs/blob/f724addf9ac972a04f536262ed21a7e6c1da0660/src/db/models/cipher.rs#L207 replace_into checks for constraint violations on delete: [If there are foreign keys, ON DELETE action will be activated by REPLACE.](https://mariadb.com/kb/en/replace/). Instead of `REPLACE INTO`, the use of `INSERT ... ON DUPLICATE KEY UPDATE` should fix the problem, but it seems unavailable in the diesel sdk. I think it cannot be done in a single statement using that framework.
OVERLORD commented 2026-02-04 22:28:57 +03:00
Author
Owner
Copy Link

@jobec commented on GitHub (Aug 9, 2020):

As with #1065 , if you switch to MariaDB 10.3 (e.g. image mariadb:10.3) I'm guessing it'll be fixed.

@jobec commented on GitHub (Aug 9, 2020): As with #1065 , if you switch to MariaDB 10.3 (e.g. image `mariadb:10.3`) I'm guessing it'll be fixed.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
troubleshooting
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#765
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?