github-starred/vaultwarden
2
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-05-22 16:14:20 -05:00
Code Issues 307 Packages Projects Releases 83 Wiki Activity

[GH-ISSUE #6732] Vaultwarden v1.35.2: 2FA setup failing for old users, but working for new users. #15313

New Issue
Closed
opened 2026-04-23 07:11:49 -05:00 by GiteaMirror · 2 comments
GiteaMirror commented 2026-04-23 07:11:49 -05:00
Owner
Copy Link

Originally created by @GN998 on GitHub (Jan 17, 2026).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/6732

Prerequisites

Vaultwarden Support String

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.35.2
  • Web-vault version: v2025.12.1+build.3
  • OS/Arch: linux/x86_64
  • Running within a container: true (Base: Alpine)
  • Database type: PostgreSQL
  • Database version: PostgreSQL 16.11 on x86_64-pc-linux-musl, compiled by gcc (Alpine 14.2.0) 14.2.0, 64-bit
  • Uses config.json: false
  • Uses a reverse proxy: true
  • IP Header check: true (x-forwarded-for)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Browser/Server Time Check: true
  • Server/NTP Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Websocket Check: true
  • HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_idle_timeout": 600,
  "database_max_conns": 10,
  "database_min_conns": 2,
  "database_timeout": 30,
  "database_url": "**********://********************************************************************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "dns_prefer_ipv6": false,
  "domain": "*****://*****************",
  "domain_origin": "*****://*****************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "x-forwarded-for",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "purge_incomplete_sso_auth": "0 20 0 * * *",
  "push_enabled": true,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 3,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "",
  "smtp_from_name": "***********",
  "smtp_host": null,
  "smtp_password": null,
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": null,
  "sso_allow_unknown_email_verification": false,
  "sso_audience_trusted": null,
  "sso_auth_only_not_session": false,
  "sso_authority": "",
  "sso_authorize_extra_params": "",
  "sso_callback_path": "*****://**********************************************",
  "sso_client_cache_expiration": 0,
  "sso_client_id": "",
  "sso_client_secret": "***",
  "sso_debug_tokens": false,
  "sso_enabled": false,
  "sso_master_password_policy": null,
  "sso_only": false,
  "sso_pkce": true,
  "sso_scopes": "email profile",
  "sso_signups_match_email": true,
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": 10240,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": "112958",
  "yubico_secret_key": "***",
  "yubico_server": null
}

Vaultwarden Build Version

vaultwarden/server:1.35.2-alpine

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

openresty:1.21.4.3-3-3-focal

Host/Server Operating System

Linux

Operating System Version

windows 11

Clients

Web Vault

Client Version

edge Vaultwarden Web 2025.12.1

Steps To Reproduce

  1. Use a Vaultwarden instance (PostgreSQL 16.11 backend) that was running version 1.34.3 with existing users created before 2025/12/29.
  2. Progressively update the instance: 1.35.0 -> 1.35.1 -> 1.35.2.
  3. Log in with an existing user account created during the 1.34.3 period.
  4. Navigate to 'Settings' -> 'Two-step Verification' -> 'WebAuthn'.
  5. Attempt to add a new security key.
  6. Observe the web UI displaying the error: "An error has occurred"
  7. Note: Brand new users created directly on v1.35.2 can add WebAuthn/2FA without any issues.

Expected Result

Existing users should be able to manage and add 2FA/WebAuthn methods regardless of when their account was created or which version they originated from.

Actual Result

Timeline: The feature was working perfectly before 2025/12/29 on version 1.34.3.

Observation: The issue appeared after the sequential updates to the 1.35.x branch. It seems like a regression or a database compatibility issue affecting legacy user data.

Error Message: The web UI simply shows "An error has occurred" when clicking the setup button.

Logs

[2026-01-17 18:44:52.730][request][INFO] POST /api/two-factor/get-webauthn-challenge
[2026-01-17 18:44:52.897][error][ERROR] Webauthn.
[CAUSE] InvalidUsername
[2026-01-17 18:44:52.897][response][INFO] (generate_webauthn_challenge) POST /api/two-factor/get-webauthn-challenge => 400 Bad Request

Screenshots or Videos

Image

Additional Context

Image

I have attached a screenshot of the F12 Developer Tools console logs showing the error.

Originally created by @GN998 on GitHub (Jan 17, 2026). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/6732 ### Prerequisites - [x] I have searched the existing **Closed _AND_ Open** [Issues](https://github.com/dani-garcia/vaultwarden/issues?q=is%3Aissue%20) **_AND_** [Discussions](https://github.com/dani-garcia/vaultwarden/discussions?discussions_q=) - [x] I have searched and read the [documentation](https://github.com/dani-garcia/vaultwarden/wiki/) ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.35.2 * Web-vault version: v2025.12.1+build.3 * OS/Arch: linux/x86_64 * Running within a container: true (Base: Alpine) * Database type: PostgreSQL * Database version: PostgreSQL 16.11 on x86_64-pc-linux-musl, compiled by gcc (Alpine 14.2.0) 14.2.0, 64-bit * Uses config.json: false * Uses a reverse proxy: true * IP Header check: true (x-forwarded-for) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Websocket Check: true * HTTP Response Checks: true ### Config & Details (Generated via diagnostics page) <details><summary>Show Config & Details</summary> **Config:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "***:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_connect_src": "", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_idle_timeout": 600, "database_max_conns": 10, "database_min_conns": 2, "database_timeout": 30, "database_url": "**********://********************************************************************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "dns_prefer_ipv6": false, "domain": "*****://*****************", "domain_origin": "*****://*****************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "x-forwarded-for", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "purge_incomplete_sso_auth": "0 20 0 * * *", "push_enabled": true, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 3, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "", "smtp_from_name": "***********", "smtp_host": null, "smtp_password": null, "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": null, "sso_allow_unknown_email_verification": false, "sso_audience_trusted": null, "sso_auth_only_not_session": false, "sso_authority": "", "sso_authorize_extra_params": "", "sso_callback_path": "*****://**********************************************", "sso_client_cache_expiration": 0, "sso_client_id": "", "sso_client_secret": "***", "sso_debug_tokens": false, "sso_enabled": false, "sso_master_password_policy": null, "sso_only": false, "sso_pkce": true, "sso_scopes": "email profile", "sso_signups_match_email": true, "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": 10240, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": "112958", "yubico_secret_key": "***", "yubico_server": null } ``` </details> ### Vaultwarden Build Version vaultwarden/server:1.35.2-alpine ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy openresty:1.21.4.3-3-3-focal ### Host/Server Operating System Linux ### Operating System Version windows 11 ### Clients Web Vault ### Client Version edge Vaultwarden Web 2025.12.1 ### Steps To Reproduce 1. Use a Vaultwarden instance (PostgreSQL 16.11 backend) that was running version 1.34.3 with existing users created before 2025/12/29. 2. Progressively update the instance: 1.35.0 -> 1.35.1 -> 1.35.2. 3. Log in with an existing user account created during the 1.34.3 period. 4. Navigate to 'Settings' -> 'Two-step Verification' -> 'WebAuthn'. 5. Attempt to add a new security key. 6. Observe the web UI displaying the error: "An error has occurred" 7. Note: Brand new users created directly on v1.35.2 can add WebAuthn/2FA without any issues. ### Expected Result Existing users should be able to manage and add 2FA/WebAuthn methods regardless of when their account was created or which version they originated from. ### Actual Result Timeline: The feature was working perfectly before 2025/12/29 on version 1.34.3. Observation: The issue appeared after the sequential updates to the 1.35.x branch. It seems like a regression or a database compatibility issue affecting legacy user data. Error Message: The web UI simply shows "An error has occurred" when clicking the setup button. ### Logs ```text [2026-01-17 18:44:52.730][request][INFO] POST /api/two-factor/get-webauthn-challenge [2026-01-17 18:44:52.897][error][ERROR] Webauthn. [CAUSE] InvalidUsername [2026-01-17 18:44:52.897][response][INFO] (generate_webauthn_challenge) POST /api/two-factor/get-webauthn-challenge => 400 Bad Request ``` ### Screenshots or Videos <img width="1778" height="297" alt="Image" src="https://github.com/user-attachments/assets/241caac2-0659-4a4a-9209-cf4ae0f0981a" /> ### Additional Context <img width="1021" height="272" alt="Image" src="https://github.com/user-attachments/assets/6c719490-22d8-48e4-a11e-20d85b913557" /> I have attached a screenshot of the F12 Developer Tools console logs showing the error.
GiteaMirror added the bug label 2026-04-23 07:11:49 -05:00
GiteaMirror commented 2026-04-23 07:11:50 -05:00
Author
Owner
Copy Link

@stefan0xC commented on GitHub (Jan 18, 2026):

Thanks for the report. I think I found the issue but just to confirm: does the user account where this fails have a user name?

<!-- gh-comment-id:3765179942 --> @stefan0xC commented on GitHub (Jan 18, 2026): Thanks for the report. I think I found the issue but just to confirm: does the user account where this fails have a user name?
GiteaMirror commented 2026-04-23 07:11:51 -05:00
Author
Owner
Copy Link

@GN998 commented on GitHub (Jan 18, 2026):

Thanks for the report. I think I found the issue but just to confirm: does the user account where this fails have a user name?

Thank you for your response; a username has not been configured.

<!-- gh-comment-id:3765323006 --> @GN998 commented on GitHub (Jan 18, 2026): > Thanks for the report. I think I found the issue but just to confirm: does the user account where this fails have a user name? Thank you for your response; a username has not been configured.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
wontfix
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#15313
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?