Open marius opened 1 month ago
Hi @marius,
Thank you for this report. Could you please walk me through how you set that script up?
Thank you in advance,
/usr/libexec/vaultwarden-restore-test
#!/bin/bash
source /etc/resticenv
VAULT_PASSWORD=example123
set -Eeuxo pipefail
cleanup() {
rc=$?
cd /
docker stop $CONTAINER
bw logout || true
rm -r "$WORKDIR"
exit $rc
}
WORKDIR=$(mktemp -d)
if [[ ! -d "$WORKDIR" ]]; then
echo "Could not create temp dir"
exit 1
fi
cd $WORKDIR
trap cleanup EXIT
export RESTIC_PROGRESS_FPS=0.05
PARAMS='--limit-download=4000 --limit-upload=4000 --verbose'
SNAPSHOT=$(restic $PARAMS --json snapshots --tag=docker latest)
ID=$(echo $SNAPSHOT | jq -r '.[].id')
DATETIME=$(echo $SNAPSHOT | jq -r '.[].time')
TIMESTAMP=$(date --date "$DATETIME" '+%s')
if [ "$TIMESTAMP" -lt "$(date --date '2 days ago' '+%s')" ]; then
echo "Snapshot too old"
exit 1
fi
restic $PARAMS restore --tag=docker --include=docker/vaultwarden --target=. "$ID" 2>&1 | cat
IC=$(sqlite3 ${WORKDIR}/tank/.zfs/snapshot/backup/docker/vaultwarden/db.sqlite3 "PRAGMA integrity_check")
if [ "$IC" != ok ]; then
echo "Integrity check of the database failed"
exit 1
fi
docker pull vaultwarden/server
CONTAINER=$(docker run -d -it --rm --name vaultwarden-restore-test -v ${WORKDIR}/tank/.zfs/snapshot/backup/docker/vaultwarden:/data -p 127.0.0.1:55555:80 vaultwarden/server)
# Make sure we are not logged in
bw logout || true
bw config server http://127.0.0.1:55555
set +x
SESSION=$(echo $VAULT_PASSWORD | bw --raw login test@example.com)
set -x
PASSWORD=$(bw list items --session=$SESSION | jq -r '.[0].login.password')
if [ "$PASSWORD" != restore-test ]; then
echo "Password did not match: $PASSWORD != restore-test"
exit 1
fi
LENGTH=$(bw list items --session=$SESSION | jq '. | length')
if [ "$LENGTH" -ne 1 ]; then
echo "Number of items != 1"
exit 1
fi
/etc/systemd/system/vaultwarden-restore-test.service
[Unit]
Description=Restore a backup of Vaultwarden and test it
[Service]
Type=oneshot
ExecStart=/usr/libexec/vaultwarden-restore-test
/etc/systemd/system/vaultwarden-restore-test.timer
[Unit]
Description=Run vaultwarden-restore-test regularly
[Timer]
OnCalendar=09:38
[Install]
WantedBy=timers.target
That "vaultwarden-restore-test" file is really scary, with the password stored in plain text in a file that is likely set to be readable by everyone. And echoing VAULT_PASSWORD which may have syntactic suger in it like pound signs, &, quote marks, or semi-colons is just begging for password management pain in the shell scripting, in ways unlikely to occur on a normal command line.
Well, this is, of course, a restore-test account, and the password doesn't contain any weird characters.
Hi @marius,
Thank you for your patience. This matter has been escalated for further investigation; If you have any additional information that you think may assist, please feel free to post it below.
Thank you again,
I have the same issue with version 2024.7.2
of the Windows CLI.
Version 2024.6.0
works fine, so I reverted back to that one. Same symptoms as @marius is experiencing.
Command:
bw config server https://vault.bitwarden.eu --response
Steps To Reproduce
I'm running the bitwarden CLI client in a script started by systemd to do a restore test of a backup.
Now every time I run
bw config server http://127.0.0.1:55555
I getLogout required before server config update.
even when runningbw logout
right before the command (it saysYou are not logged in.
). When running the same commands in a normal user shell things work as expexted.bw
is installed via Snap on Ubuntu 24.04.Reverting back to the previous version fixed the issue:
Expected Result
It should just work like in version 2024.6.0.
Actual Result
Error
Logout required before server config update.
Screenshots or Videos
No response
Additional Context
I think the problem was introduced by https://github.com/bitwarden/clients/pull/9347
Operating System
Linux
Operating System Version
Ubuntu 24.04
Shell
Bash
Build Version
2024.6.1
Issue Tracking Info