search

dani-garcia / vaultwarden

Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
GNU Affero General Public License v3.0
36.78k stars 1.79k forks source link

Attachements always exceed Size Limit #937

Closed bokkabonga closed 4 years ago

bokkabonga commented 4 years ago

Subject of the issue

Attachements wont be uploaded with Error "Attachment size limit exceeded with this file: SizeLimit" even with SizeLimit beeing set above the file SIze.

Your environment

Steps to reproduce

Set per User attachement Limit to 1000KB. Tried it in the admin page as well as in the docker-compose. Tried to upload files way below this limit, which throws the error above.

Expected behaviour

The attachement should be abloaded.

Actual behaviour

Uploading the attachement gets rejected by the error "Attachment size limit exceeded with this file: SizeLimit".

Relevant logs

[2020-03-30 12:52:36][multipart::server][INFO] Multipart::withboundary(, "----WebKitFormBoundaryzCinABGOv5R6D0d0") [2020-03-30 12:52:36][error][ERROR] Attachment size limit exceeded with this file: SizeLimit [2020-03-30 12:52:36][response][INFO] POST /api/ciphers//attachment multipart/form-data (post_attachment) => 400 Bad Request

manofthepeace commented 4 years ago

The size limit is not per attachment, but total, per user or org. So 1000kb means in total you cannot have files that are more than 1000kb. ex. 2x500kb then you cannot upload anymore.

BlackDex commented 4 years ago

I don't know exactly what is shown to the user in the web-interface or clients, but if it is the same as "Attachment size limit exceeded with this file: SizeLimit" Then we could change this to be a bit better. Now it looks like the specific attachment is to large, instead of the total allowed size has been reached.

Also, an upload limit per file is a bit tricky, since the file gets encrypted and probably will increase in size.

You can limit the upload size a bit if you limit the request/body size in the reverse-proxy, but you should take into account that there will be some overhead because of headers, and encryption.

And if you do this for the whole site/api, then items like importing or re-ncrypting/password change will probably fail also.

bokkabonga commented 4 years ago

Thanks for the answers so far! I really appreciate your help.

The size limit is not per attachment, but total, per user or org. So 1000kb means in total you cannot have files that are more than 1000kb. ex. 2x500kb then you cannot upload anymore.

Yeah I already knew this. The size limit per user is set to 1000kb for testing and no files have been uploaded so far. Still i can´t upload a single file, even if it is a 2kb .txt

Concerning what BlackDex said: I am totally fine with a limit per user, i actually prefer it over a limit per file. However it doesn´t seem to work at the moment.