mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-07-16 05:34:10 +03:00
2FA error response does not match bitwarden/server #967
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @fugkco on GitHub (Mar 8, 2021).
Subject of the issue
When attempting to do a login to an account that has 2FA enabled, but without the 2FA details, it seems to return the wrong error response. Not just the message, but the whole object is different. I understand that this is likely not a priority considering everything works, but for parity's sake, it would be nice to have this implemented the right way.
I also noticed the MFA token gets cast to u64, which means zeros at the beginning of the token get stripped. I'm not entirely sure if this is an issue but figured it's worth pointing out.
Deployment environment
Your environment (Generated via diagnostics page)
Config (Generated via diagnostics page)
Steps to reproduce
prelogin, thenlogin) but do not specify the MFA token.vault.bitwarden.comExpected behaviour
Actual behaviour
Error response is as follows
Troubleshooting data
@BlackDex commented on GitHub (Jun 21, 2021):
I just checked the code, and verified it with upstream, but it looks like it produces the exact same response for me.
That error message you provided above only happens if you provide the
twoFactorToken*variables during the request.I also get the same kind of response on upstream.
So the order is as follows (for both upstream and vaultwarden).
Expected behaviourjson and you are presented with a form to fill-in your MFA.Actual behaviour, though VaultWarden and Bitwarden have a different layout, the message still shows in a red toast at the top right.I think there is nothing wrong with the implementation on the Vaultwarden side.
Could you try and verify it again? And keep in mind to exclude the
twoFactorToken*variables (or include them in both tries).