search

dani-garcia / vaultwarden

Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
GNU Affero General Public License v3.0
37.35k stars 1.82k forks source link

Fix public api for domains with path prefix #4500

Closed FDHoho007 closed 4 months ago

FDHoho007 commented 5 months ago

Vaultwarden is currently unable to handle the Bitwarden Directory Connector when the base domain includes a path prefix. Example: DOMAIN=https://example.com/ -> works DOMAIN=https://example.com/vault/ -> doesn't work Vaultwarden rejects the token issued seconds before with the error message "Token not issued by this server". This message is thrown when the token issuer check fails. When a organization api token is issued, the iss attribute follows the scheme "domain_origin|scope". But when the issuer is checked in api/core/public.rs, the iss attribute is expected to contain "domain|scope". When using a domain with path prefix this leads to conflicts. To fix this I replaced the domain check through a domain_origin check as issued in auth.rs.

BlackDex commented 4 months ago

@FDHoho007 Thanks for the PR :). Good find!