starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-02-05 00:29:40 +03:00
Code Issues 32 Packages Projects Releases 10 Wiki Activity

Can't grant access for user to any collections in organisation #792

New Issue
Closed
opened 2026-02-04 22:41:36 +03:00 by OVERLORD · 13 comments
OVERLORD commented 2026-02-04 22:41:36 +03:00
Owner
Copy Link

Originally created by @jirireischig on GitHub (Sep 2, 2020).

Subject of the issue

It's not possible to grant access only for any selected collections in organisation.

Your environment

  • Bitwarden_rs version: 1.16.3
  • Install method: rpm package
  • Clients used: web
  • Reverse proxy and version: no
  • Version of mysql/postgresql: MariaDB 10.4.14
  • Other relevant information:

Steps to reproduce

Go to organisation - Manage - edit some user and check option "This user can access only the selected collections" and click on Save button.

Expected behaviour

Save new options.

Actual behaviour

Got error:
"An error has occurred.
An unexpected error has occurred."

Relevant logs

From browser developer tools:
Request method PUT, URL: https://bitwarden/api/organizations/111/users/222 return status code 422
Request payload:
{"collections":[{"id":"333","readOnly":false}],"accessAll":false,"type":2}

Originally created by @jirireischig on GitHub (Sep 2, 2020). ### Subject of the issue It's not possible to grant access only for any selected collections in organisation. ### Your environment * Bitwarden_rs version: 1.16.3 * Install method: rpm package * Clients used: web * Reverse proxy and version: no * Version of mysql/postgresql: MariaDB 10.4.14 * Other relevant information: ### Steps to reproduce Go to organisation - Manage - edit some user and check option "This user can access only the selected collections" and click on Save button. ### Expected behaviour Save new options. ### Actual behaviour Got error: "An error has occurred. An unexpected error has occurred." ### Relevant logs From browser developer tools: Request method PUT, URL: https://bitwarden/api/organizations/111/users/222 return status code 422 Request payload: {"collections":[{"id":"333","readOnly":false}],"accessAll":false,"type":2}
OVERLORD added the bugtroubleshooting labels 2026-02-04 22:41:36 +03:00
OVERLORD commented 2026-02-04 22:41:46 +03:00
Author
Owner
Copy Link

@dani-garcia commented on GitHub (Sep 13, 2020):

Do you get a more specific error in the server logs?

@dani-garcia commented on GitHub (Sep 13, 2020): Do you get a more specific error in the server logs?
OVERLORD commented 2026-02-04 22:41:49 +03:00
Author
Owner
Copy Link

@jirireischig commented on GitHub (Sep 13, 2020):

I got this when log level is debug:

Sep 13 22:23:37 bitwarden_rs[11845]: [2020-09-13 22:23:37.366][request][INFO] PUT /api/organizations/111/users/222
Sep 13 22:23:37 bitwarden_rs[11845]: [2020-09-13 22:23:37.366][request][INFO] PUT /api/organizations/111/users/1222
Sep 13 22:23:37 v bitwarden_rs[11845]: [2020-09-13 22:23:37.367][response][INFO] PUT /api/organizations/<org_id>/users/<org_user_id> (put_organization_user) => 422 Unprocessable Entity
Sep 13 22:23:37 bitwarden_rs[11845]: [2020-09-13 22:23:37.367][response][INFO] PUT /api/organizations/<org_id>/users/<org_user_id> (put_organization_user) => 422 Unprocessable Entity

@jirireischig commented on GitHub (Sep 13, 2020): I got this when log level is debug: Sep 13 22:23:37 bitwarden_rs[11845]: [2020-09-13 22:23:37.366][request][INFO] PUT /api/organizations/111/users/222 Sep 13 22:23:37 bitwarden_rs[11845]: [2020-09-13 22:23:37.366][request][INFO] PUT /api/organizations/111/users/1222 Sep 13 22:23:37 v bitwarden_rs[11845]: [2020-09-13 22:23:37.367][response][INFO] PUT /api/organizations/<org_id>/users/<org_user_id> (put_organization_user) => 422 Unprocessable Entity Sep 13 22:23:37 bitwarden_rs[11845]: [2020-09-13 22:23:37.367][response][INFO] PUT /api/organizations/<org_id>/users/<org_user_id> (put_organization_user) => 422 Unprocessable Entity
OVERLORD commented 2026-02-04 22:41:57 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Sep 23, 2020):

You do not have a reverse proxy infront right?
Is the certificate valid? Do you see any errors within the developer console of the browser (F12)?

@BlackDex commented on GitHub (Sep 23, 2020): You do not have a reverse proxy infront right? Is the certificate valid? Do you see any errors within the developer console of the browser (F12)?
OVERLORD commented 2026-02-04 22:42:00 +03:00
Author
Owner
Copy Link

@jirireischig commented on GitHub (Sep 24, 2020):

I have Apache as webserver with this virtual server conf:

RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /notifications/hub(.*) ws://127.0.0.1:3012/$1 [P,L]
ProxyPass / http://127.0.0.1:8000/
ProxyPreserveHost On
ProxyRequests Off
RequestHeader set X-Real-IP %{REMOTE_ADDR}s

Errors from developer console:
zone.js:1152 PUT https://bitwarden/api/organizations/111/users/222 422 (anonymous) @ zone.js:1152 t.scheduleTask @ zone.js:410 onScheduleTask @ zone.js:301 t.scheduleTask @ zone.js:404 e.scheduleTask @ zone.js:238 e.scheduleMacroTask @ zone.js:261 (anonymous) @ zone.js:1147 t @ zone.js:910 Zone.__load_patch.t.fetch @ zone.js:1146 n.nativeFetch @ api.service.ts:980 n.fetch @ api.service.ts:976 (anonymous) @ api.service.ts:1020 (anonymous) @ main.aa3935c25f8c6ad51441.js:1 (anonymous) @ main.aa3935c25f8c6ad51441.js:1 i @ main.aa3935c25f8c6ad51441.js:1 t.invoke @ zone.js:391 onInvoke @ core.js:17289 t.invoke @ zone.js:390 e.run @ zone.js:150 (anonymous) @ zone.js:889 t.invokeTask @ zone.js:423 onInvokeTask @ core.js:17280 t.invokeTask @ zone.js:422 e.runTask @ zone.js:195 y @ zone.js:601 e.invokeTask @ zone.js:502 h @ zone.js:1744 v @ zone.js:1770

@jirireischig commented on GitHub (Sep 24, 2020): I have Apache as webserver with this virtual server conf: RewriteEngine On RewriteCond %{HTTP:Upgrade} =websocket [NC] RewriteRule /notifications/hub(.*) ws://127.0.0.1:3012/$1 [P,L] ProxyPass / http://127.0.0.1:8000/ ProxyPreserveHost On ProxyRequests Off RequestHeader set X-Real-IP %{REMOTE_ADDR}s Errors from developer console: ` zone.js:1152 PUT https://bitwarden/api/organizations/111/users/222 422 (anonymous) @ zone.js:1152 t.scheduleTask @ zone.js:410 onScheduleTask @ zone.js:301 t.scheduleTask @ zone.js:404 e.scheduleTask @ zone.js:238 e.scheduleMacroTask @ zone.js:261 (anonymous) @ zone.js:1147 t @ zone.js:910 Zone.__load_patch.t.fetch @ zone.js:1146 n.nativeFetch @ api.service.ts:980 n.fetch @ api.service.ts:976 (anonymous) @ api.service.ts:1020 (anonymous) @ main.aa3935c25f8c6ad51441.js:1 (anonymous) @ main.aa3935c25f8c6ad51441.js:1 i @ main.aa3935c25f8c6ad51441.js:1 t.invoke @ zone.js:391 onInvoke @ core.js:17289 t.invoke @ zone.js:390 e.run @ zone.js:150 (anonymous) @ zone.js:889 t.invokeTask @ zone.js:423 onInvokeTask @ core.js:17280 t.invokeTask @ zone.js:422 e.runTask @ zone.js:195 y @ zone.js:601 e.invokeTask @ zone.js:502 h @ zone.js:1744 v @ zone.js:1770 `
OVERLORD commented 2026-02-04 22:42:12 +03:00
Author
Owner
Copy Link

@jkey commented on GitHub (Oct 1, 2020):

We have the same problem here too. We use a Nginx as reverse proxy which also terminates the SSL. I get this from the log.

Oct 01 08:07:48 SRV-BITWARDEN bitwarden_rs[1785]: [2020-10-01 08:07:48.868][ws::handler][DEBUG] Handler received:
Oct 01 08:07:48 SRV-BITWARDEN bitwarden_rs[1785]: <FRAME>
Oct 01 08:07:48 SRV-BITWARDEN bitwarden_rs[1785]: final: true
Oct 01 08:07:48 SRV-BITWARDEN bitwarden_rs[1785]: reserved: false false false
Oct 01 08:07:48 SRV-BITWARDEN bitwarden_rs[1785]: opcode: BINARY
Oct 01 08:07:48 SRV-BITWARDEN bitwarden_rs[1785]: length: 5
Oct 01 08:07:48 SRV-BITWARDEN bitwarden_rs[1785]: payload length: 3
Oct 01 08:07:48 SRV-BITWARDEN bitwarden_rs[1785]: payload: 0x2916
Oct 01 08:07:56 SRV-BITWARDEN bitwarden_rs[1785]: [2020-10-01 08:07:56.009][request][INFO] POST /api/organizations/0cb3fd5a-2be1-46cd-b17f-4e23f20c09f6/users/invite
Oct 01 08:07:56 SRV-BITWARDEN bitwarden_rs[1785]: [2020-10-01 08:07:56.009][request][INFO] POST /api/organizations/0cb3fd5a-2be1-46cd-b17f-4e23f20c09f6/users/invite
Oct 01 08:07:56 SRV-BITWARDEN bitwarden_rs[1785]: [2020-10-01 08:07:56.011][response][INFO] POST /api/organizations/<org_id>/users/invite (send_invite) => 422 Unprocessable Entity
Oct 01 08:07:56 SRV-BITWARDEN bitwarden_rs[1785]: [2020-10-01 08:07:56.011][response][INFO] POST /api/organizations/<org_id>/users/invite (send_invite) => 422 Unprocessable Entity
@jkey commented on GitHub (Oct 1, 2020): We have the same problem here too. We use a Nginx as reverse proxy which also terminates the SSL. I get this from the log. ``` Oct 01 08:07:48 SRV-BITWARDEN bitwarden_rs[1785]: [2020-10-01 08:07:48.868][ws::handler][DEBUG] Handler received: Oct 01 08:07:48 SRV-BITWARDEN bitwarden_rs[1785]: <FRAME> Oct 01 08:07:48 SRV-BITWARDEN bitwarden_rs[1785]: final: true Oct 01 08:07:48 SRV-BITWARDEN bitwarden_rs[1785]: reserved: false false false Oct 01 08:07:48 SRV-BITWARDEN bitwarden_rs[1785]: opcode: BINARY Oct 01 08:07:48 SRV-BITWARDEN bitwarden_rs[1785]: length: 5 Oct 01 08:07:48 SRV-BITWARDEN bitwarden_rs[1785]: payload length: 3 Oct 01 08:07:48 SRV-BITWARDEN bitwarden_rs[1785]: payload: 0x2916 Oct 01 08:07:56 SRV-BITWARDEN bitwarden_rs[1785]: [2020-10-01 08:07:56.009][request][INFO] POST /api/organizations/0cb3fd5a-2be1-46cd-b17f-4e23f20c09f6/users/invite Oct 01 08:07:56 SRV-BITWARDEN bitwarden_rs[1785]: [2020-10-01 08:07:56.009][request][INFO] POST /api/organizations/0cb3fd5a-2be1-46cd-b17f-4e23f20c09f6/users/invite Oct 01 08:07:56 SRV-BITWARDEN bitwarden_rs[1785]: [2020-10-01 08:07:56.011][response][INFO] POST /api/organizations/<org_id>/users/invite (send_invite) => 422 Unprocessable Entity Oct 01 08:07:56 SRV-BITWARDEN bitwarden_rs[1785]: [2020-10-01 08:07:56.011][response][INFO] POST /api/organizations/<org_id>/users/invite (send_invite) => 422 Unprocessable Entity ```
OVERLORD commented 2026-02-04 22:42:15 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Nov 18, 2020):

@jkey and @jirireischig do you still have this issue? If so, could you please try to set the log_level to either debug or even trace and see if there is some useful information over there?

@BlackDex commented on GitHub (Nov 18, 2020): @jkey and @jirireischig do you still have this issue? If so, could you please try to set the log_level to either debug or even trace and see if there is some useful information over there?
OVERLORD commented 2026-02-04 22:42:18 +03:00
Author
Owner
Copy Link

@jirireischig commented on GitHub (Nov 18, 2020):

Yes, I have.

Lines from log after I click "Save" button with LOG_LEVEL=debug in config:

Nov 18 15:57:26  bitwarden_rs[5332]: [2020-11-18 15:57:26.425][request][INFO] PUT /api/organizations/111/users/222
Nov 18 15:57:26  bitwarden_rs[5332]: [2020-11-18 15:57:26.425][request][INFO] PUT /api/organizations/111/users222
Nov 18 15:57:26  bitwarden_rs[5332]: [2020-11-18 15:57:26.427][response][INFO] PUT /api/organizations/<org_id>/users/<org_user_id> (put_organization_user) => 422 Unprocessable Entity
Nov 18 15:57:26  bitwarden_rs[5332]: [2020-11-18 15:57:26.427][response][INFO] PUT /api/organizations/<org_id>/users/<org_user_id> (put_organization_user) => 422 Unprocessable Entity
@jirireischig commented on GitHub (Nov 18, 2020): Yes, I have. Lines from log after I click "Save" button with LOG_LEVEL=debug in config: ``` Nov 18 15:57:26 bitwarden_rs[5332]: [2020-11-18 15:57:26.425][request][INFO] PUT /api/organizations/111/users/222 Nov 18 15:57:26 bitwarden_rs[5332]: [2020-11-18 15:57:26.425][request][INFO] PUT /api/organizations/111/users222 Nov 18 15:57:26 bitwarden_rs[5332]: [2020-11-18 15:57:26.427][response][INFO] PUT /api/organizations/<org_id>/users/<org_user_id> (put_organization_user) => 422 Unprocessable Entity Nov 18 15:57:26 bitwarden_rs[5332]: [2020-11-18 15:57:26.427][response][INFO] PUT /api/organizations/<org_id>/users/<org_user_id> (put_organization_user) => 422 Unprocessable Entity ```
OVERLORD commented 2026-02-04 22:42:23 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Nov 18, 2020):

@jkey and @jirireischig i tested this exact scenario but i can't seem to be able to reproduce this.
Are you able to provide some more information using the Developer Tools of the browser like Chrome or Firefox by pressing F12.
After you have opened the Developer Console/Tools do the following.

  1. Go to the organization > manage > collections
  2. Go to the network tab in the developer tools.
  3. Clear the console output by pressing the clear/trashcan icon.
  4. Now make your changes which cause the issue to happen.
  5. In the output below you should see something like the screenshot i took.
  6. Could you provide the details of the PUT line like headers and requests output displayed on the lower right?

image

Thanks in advance for the info, this hopefully helps us to find the issue.

@BlackDex commented on GitHub (Nov 18, 2020): @jkey and @jirireischig i tested this exact scenario but i can't seem to be able to reproduce this. Are you able to provide some more information using the Developer Tools of the browser like Chrome or Firefox by pressing F12. After you have opened the Developer Console/Tools do the following. 1. Go to the organization > manage > collections 2. Go to the network tab in the developer tools. 3. Clear the console output by pressing the clear/trashcan icon. 4. Now make your changes which cause the issue to happen. 5. In the output below you should see something like the screenshot i took. 6. Could you provide the details of the PUT line like headers and requests output displayed on the lower right? ![image](https://user-images.githubusercontent.com/610450/99570139-ce3dea80-29d1-11eb-9f12-e84e89391843.png) Thanks in advance for the info, this hopefully helps us to find the issue.
OVERLORD commented 2026-02-04 22:42:28 +03:00
Author
Owner
Copy Link

@jirireischig commented on GitHub (Nov 19, 2020):

Dear @BlackDex, thank you for your instructions, but this info is already in my issue report :-)

@jirireischig commented on GitHub (Nov 19, 2020): Dear @BlackDex, thank you for your instructions, but this info is already in my issue report :-)
OVERLORD commented 2026-02-04 22:42:30 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Nov 20, 2020):

@jirireischig Ah sorry missed that one.
But, i have installed Apache on my dev machine and used the same config. But i'm not able to reproduce this same error at all.
Is there maybe something else globally configured in Apache2 HTTPD which could cause this?

Also, to get even more info, else i think we are not going to get to the bottom of this, is try enable LOG_LEVEL=trace.
This should also show the incoming headers.

From that trace i would like to know the following lines which are BEFORE [response][INFO] PUT /api/organizations/<org_id>/users/<org_user_id> (put_organization_user) =>

[hyper::http::h1][TRACE] try_parse(
[hyper::header][TRACE] raw header: "Accept-Encoding"=
[hyper::header][TRACE] raw header: "content-type"=
[hyper::header][TRACE] raw header: "Content-Length"=
[hyper::http::h1][TRACE] Sized read, remaining=
[hyper::http::h1][TRACE] Sized read:
[hyper::http::h1][TRACE] Sized read, remaining=

The [hyper::http::h1][TRACE] try_parse( is the most important for me actually.

If you want to decode that info i suggest to use something like https://www.rapidtables.com/convert/number/ascii-hex-bin-dec-converter.html and past all the numbers including the , in the decimal area.

From that i would like to have all as much info as you are comfortable with.
But the most important there would be the last part of that which should contains the posted data.
Because i think it breaks somewhere there.

@BlackDex commented on GitHub (Nov 20, 2020): @jirireischig Ah sorry missed that one. But, i have installed Apache on my dev machine and used the same config. But i'm not able to reproduce this same error at all. Is there maybe something else globally configured in Apache2 HTTPD which could cause this? Also, to get even more info, else i think we are not going to get to the bottom of this, is try enable LOG_LEVEL=trace. This should also show the incoming headers. From that trace i would like to know the following lines which are **BEFORE** `[response][INFO] PUT /api/organizations/<org_id>/users/<org_user_id> (put_organization_user) =>` `[hyper::http::h1][TRACE] try_parse(` `[hyper::header][TRACE] raw header: "Accept-Encoding"=` `[hyper::header][TRACE] raw header: "content-type"=` `[hyper::header][TRACE] raw header: "Content-Length"=` `[hyper::http::h1][TRACE] Sized read, remaining=` `[hyper::http::h1][TRACE] Sized read:` `[hyper::http::h1][TRACE] Sized read, remaining=` The `[hyper::http::h1][TRACE] try_parse(` is the most important for me actually. If you want to decode that info i suggest to use something like https://www.rapidtables.com/convert/number/ascii-hex-bin-dec-converter.html and past all the numbers including the `,` in the decimal area. From that i would like to have all as much info as you are comfortable with. But the most important there would be the last part of that which should contains the posted data. Because i think it breaks somewhere there.
OVERLORD commented 2026-02-04 22:42:33 +03:00
Author
Owner
Copy Link

@jirireischig commented on GitHub (Nov 20, 2020):

@BlackDex thank you for your time.
Log with LOG_LEVEL=trace after click on "Save" button is here: https://cloud.ecn.cz/index.php/s/e2fHap8E3SXoR8N

@jirireischig commented on GitHub (Nov 20, 2020): @BlackDex thank you for your time. Log with LOG_LEVEL=trace after click on "Save" button is here: https://cloud.ecn.cz/index.php/s/e2fHap8E3SXoR8N
OVERLORD commented 2026-02-04 22:42:39 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Nov 20, 2020):

@jirireischig,Thanks for that.
I think it is something i have missed regarding your previous posts which probably contained the right info already.
But it seems that you are using an older web-vault and a newer bitwarden_rs backend version.

The web-vault is not sending the hidden password features with it, while bitwarden_rs server needs this information.
I suggest to upgrade both to the latest version to fix your issue.

The latest web-vault for bitwarden_rs is v2.16.1: https://github.com/dani-garcia/bw_web_builds/releases/tag/v2.16.1
The latest bitwarden_rs is v1.17.0

@BlackDex commented on GitHub (Nov 20, 2020): @jirireischig,Thanks for that. I think it is something i have missed regarding your previous posts which probably contained the right info already. But it seems that you are using an older web-vault and a newer bitwarden_rs backend version. The web-vault is not sending the hidden password features with it, while bitwarden_rs server needs this information. I suggest to upgrade both to the latest version to fix your issue. The latest web-vault for bitwarden_rs is v2.16.1: https://github.com/dani-garcia/bw_web_builds/releases/tag/v2.16.1 The latest bitwarden_rs is v1.17.0
OVERLORD commented 2026-02-04 22:42:43 +03:00
Author
Owner
Copy Link

@jirireischig commented on GitHub (Nov 20, 2020):

Dear @BlackDex you are right. I have old version of web-vault for bitwarden_rs.
I'm using https://github.com/MrMEEE/bitwarden_rs_rpm which don't update it yet.
Everything look like OK with v2.16.1 version.
Thank you very mych for your help and work.

@jirireischig commented on GitHub (Nov 20, 2020): Dear @BlackDex you are right. I have old version of web-vault for bitwarden_rs. I'm using https://github.com/MrMEEE/bitwarden_rs_rpm which don't update it yet. Everything look like OK with v2.16.1 version. Thank you very mych for your help and work.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
troubleshooting
wontfix
No Label bug troubleshooting
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#792
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?