OTP code not accepted when login with device

pquantin commented 1 week ago

Vaultwarden Support String

Your environment (Generated via diagnostics page)

Vaultwarden version: v1.32.4-ba48ca68
Web-vault version: v2024.6.2c
OS/Arch: linux/x86_64
Running within a container: true (Base: Alpine)
Environment settings overridden: true
Uses a reverse proxy: true
IP Header check: true (X-Real-IP)
Internet access: true
Internet access via a proxy: false
DNS Check: true
Browser/Server Time Check: true
Server/NTP Time Check: true
Domain Configuration Check: true
HTTPS Check: true
Database type: SQLite
Database version: 3.47.0
Clients used:
Reverse proxy and version:
Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

**Environment settings which are overridden:** ADMIN_TOKEN, YUBICO_CLIENT_ID, YUBICO_SECRET_KEY ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "cid:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://************************", "domain_origin": "*****://************************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "fido2-vault-credentials", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": "/data/vaultwarden.log", "log_level": "info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": true, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 100000, "push_enabled": true, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "************************", "smtp_from_name": "Vaultwarden", "smtp_host": "**************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "************************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": 30, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": "96472", "yubico_secret_key": "***", "yubico_server": null } ```

Vaultwarden Build Version

1.32.4-ba48ca68

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

Synology reverse proxy

Host/Server Operating System

Linux

Operating System Version

Synology DSM 7.2.2

Clients

Web Vault

Client Version

No response

Steps To Reproduce

when trying to connect using 'login with device' and entering the OTP code, the following 'Auth request not found. Try again..' error appears in the log.

Expected Result

OTP code is accepted when using login with device

Actual Result

OTP code is systematically rejected when using login with device

Logs

[2024-11-12 14:17:39.082][request][INFO] POST /api/auth-requests/
[2024-11-12 14:17:39.084][response][INFO] (post_auth_request) POST /api/auth-requests => 200 OK
[2024-11-12 14:17:39.108][request][INFO] GET /notifications/anonymous-hub?Token=77dc6812-229c-407c-bb54-
[2024-11-12 14:17:39.108][vaultwarden::api::notifications][INFO] Accepting Anonymous Rocket WS connection from 192.168.0.1
[2024-11-12 14:17:39.108][response][INFO] (anonymous_websockets_hub) GET /notifications/anonymous-hub?<token..> => 200 OK
[2024-11-12 14:17:48.281][request][INFO] GET /api/auth-requests/
[2024-11-12 14:17:48.282][response][INFO] (get_auth_requests) GET /api/auth-requests => 200 OK
[2024-11-12 14:17:49.289][request][INFO] GET /api/auth-requests/77dc6812-229c-407c-bb54-1894514f18ae
[2024-11-12 14:17:49.291][response][INFO] (get_auth_request) GET /api/auth-requests/<uuid> => 200 OK
[2024-11-12 14:17:50.572][request][INFO] GET /api/auth-requests/77dc6812-229c-407c-bb54-1894514f18ae
[2024-11-12 14:17:50.573][response][INFO] (get_auth_request) GET /api/auth-requests/<uuid> => 200 OK
[2024-11-12 14:17:50.941][request][INFO] PUT /api/auth-requests/77dc6812-229c-407c-bb54-1894514f18ae
[2024-11-12 14:17:50.942][response][INFO] (put_auth_request) PUT /api/auth-requests/<uuid> => 200 OK
[2024-11-12 14:17:50.991][request][INFO] GET /api/auth-requests/77dc6812-229c-407c-bb54-1894514f18ae/response?code=5DF3rdPrDikuBbFWazAccABA4
[2024-11-12 14:17:50.991][response][INFO] (get_auth_request_response) GET /api/auth-requests/<uuid>/response?<code> => 200 OK
[2024-11-12 14:17:51.134][request][INFO] POST /identity/connect/token
[2024-11-12 14:17:51.136][error][ERROR] 2FA token not provided
[2024-11-12 14:17:51.136][response][INFO] (login) POST /identity/connect/token => 400 Bad Request
[2024-11-12 14:17:51.200][vaultwarden::api::notifications][INFO] Closing WS connection from 192.168.0.1
[2024-11-12 14:17:51.240][request][INFO] GET /api/auth-requests/
[2024-11-12 14:17:51.241][response][INFO] (get_auth_requests) GET /api/auth-requests => 200 OK
[2024-11-12 14:18:12.880][request][INFO] POST /identity/connect/token
[2024-11-12 14:18:12.881][vaultwarden::api::identity][ERROR] Auth request not found. Try again.. IP: 192.168.0.1. Username: XXX@XXX.com.
[2024-11-12 14:18:12.881][response][INFO] (login) POST /identity/connect/token => 400 Bad Request

Screenshots or Videos

No response

Additional Context

No response

BlackDex commented 1 week ago

Fixed via #5184.

If you want you can test it by pulling the new testing image.

pquantin commented 1 week ago

Thanks for the fast fix, I will pull the newest image.

dani-garcia / vaultwarden