search

dani-garcia / vaultwarden

Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
GNU Affero General Public License v3.0
38.97k stars 1.89k forks source link

Organization - Push Notifications not working correctly #4915

Closed ghost closed 2 months ago

ghost commented 2 months ago

Vaultwarden Support String

Your environment (Generated via diagnostics page)

Config (Generated via diagnostics page)

Show Running Config **Environment settings which are overridden:** DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": false, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "cid:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*****************************", "domain_origin": "*****://*****************************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "fido2-vault-credentials", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": false, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "*********************", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "push_enabled": true, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": true, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "*********************", "smtp_from_name": "Vaultwarden", "smtp_host": "**************", "smtp_password": "***", "smtp_port": ***, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "*********************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ```

Vaultwarden Build Version

v.1.32.0

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

Synology DSM-Proxy (nginx-proxy)

Host/Server Operating System

NAS/SAN

Operating System Version

DSM 7.2

Clients

Browser Extension, Desktop, iOS

Client Version

No response

Steps To Reproduce

Preparation: You need an organization and should have Bitwarden installed on iOS and macOS.

  1. Open Bitwarden (official macOS App Store version) on Mac, log in and show your items.
  2. Open Bitwarden on iOS, log in and show your items.
  3. On iOS device: Create a new Item in your Organization with Name "TEST"
  4. Save Item on iOS Bitwarden App. RESULT: iOS App shows new created Item, this Item is pushed and Mac App shows new Item immediately as well!!! WORK AS DESIGNED.

NOW VICE VERSA:

  1. Open Bitwarden (official iOS App Store version) on iOS, log in and show your items.
  2. Open Bitwarden on macOS, log in and show your items.
  3. On macOS device (or Web Vault): Create a new Item in your Organization with Name "TEST2"
  4. Save Item on macOS Bitwarden App (or Web Vault). RESULT: macOS App shows new created Item, this Item is !!! NOT !!! pushed and iOS App do not show new Item. ONLY manual refresh shows this Item called "TEST2" ISSUE?

FOLDER Sync via Push work! ITEM Sync NOT!

Expected Result

If a new Item is created in Web Vault or official macOS App Bitwarden, the sync should work, despite the device. The one way is already working, see 'Steps to Reproduce'. So the Other Way should also work. Maybe, this is not implemented right now: https://github.com/dani-garcia/vaultwarden/blob/248e561b3fe6a8172751374df980c6cd43c841d5/src/api/push.rs#L153-L156

EXPECTED RESULT IS: Creating an Item on Bitwarden for macOS or inside the Web Vault, the Sync / Push Notification should be sent to the iOS Device.

Maybe a setting in the Admin Panel / Section or a Variable, that can be defined as TRUE is useful in the YAML File, if Push could be an issue for larger organizations...

Actual Result

The Item can actually not synced via Push from Mac Bitwarden App to iOS Bitwarden app. From iOS to Mac, every is working.

Logs

No response

Screenshots or Videos

No response

Additional Context

If one way is working, the other one should be working as well... ;) Please make this working, otherwise Organizations and Sync is one big issue and makes Vaultwarden not useful...

BlackDex commented 2 months ago

That is not going to happen. We try to follow Bitwarden's way of working on most items to keep compatible with there clients.

That goes the same for this in my opinion. They do not send pushes to organizational owned ciphers. See here: https://github.com/bitwarden/server/blob/f5caecc6d685b65f483793415e0bd1d656bff251/src/Core/Services/Implementations/NotificationHubPushNotificationService.cs#L68...L76

Also, this project is granted to allow usage of there relay and that is not a right but a privilege. Going to abuse that privilege will certainly get it revoked in the future.

Also keep in mind that Vaultwarden didn't had push for a long time, and it seemed to work well then also.

I can understand that it might be inconvenient, but it works as designed and i agree with the comments of Bitwarden.

Going to close this as works as intended.

ghost commented 2 months ago

I really understand this, but the question then would be: Is this a bug on Bitwarden? Make it sense to open a ticket there?

Because the question is still not answered: Why it is working one way (iOS to macOS), but not working the other one (macOS to iOS)?

Following the Bitwarden's comment (and I can understand that) means, it should not work for both ways, right? Or do I have a mistake in my thinking?

BlackDex commented 2 months ago

It is really simple. Push notifications are not WebSocket notifications.

And WebSocket connections are only notified when people are actually connected, not if they have registered a mobile device which would be the case for Organizations.

If there are 1000 users in an org and all have a mobile, and all need this notification, that is going to take up a lot of resources via the Push framework. Also calculating the access is difficult, same for us we still might have an issue with group/collection access and making sure the access is correct.

Bitwarden has a free version including limited organizations and you can invite 2 users and test it there. If it also does not work there you can report issue. I would not do this based upon using Vaultwarden as that will end-up into the trash-bin.

Looking at the issues, there already was an issue opened and also closed (by the reporter him self) which pointed to the exact same part of the code as i did, https://github.com/bitwarden/server/issues/220.

Also, according to the documentation org items are not synced automatically, see https://bitwarden.com/help/vault-sync/#automatic-sync

So creating an issue/feature request might be an option. But i do not think that will be on the top of there list.

ghost commented 2 months ago

Thanks for the explanation. :) Then I will go this way...

f0ff886f commented 2 months ago

Does this apply only for organizations or also for "My Vault"? I am curious I have the exact same behaviour as this bug with the new iOS app, but including items that are shown under "My Vault" (which I don't think is an organization).

The non-beta app (the old one) worked fine here, I change an item in the webvault and I see it immediately on my phone. Here, only from phone -> macOS app / webvault works, the other way not (and webvault <-> macOS app always works).

Not sure if this is the same thing or not, but this is the first ticket I saw that accurately describes the behaviour :)

BlackDex commented 2 months ago

The new iOS app (And also Android) seems to have issues in general with Push notifications.