mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-07-16 02:22:14 -05:00
[GH-ISSUE #3375] HTTP 400 error in /api/devices/knowndevice endpoint
#18315
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @hectorm on GitHub (Mar 26, 2023).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/3375
Subject of the issue
After dani-garcia/vaultwarden#3329, the
/api/devices/knowndeviceendpoint returns an HTTP 400 error when receiving a base64 encoded string without padding in theX-Request-Emailheader.It seems that the Bitwarden client removes the padding of base64 encoded strings:
https://github.com/bitwarden/clients/blob/web-v2023.3.0/libs/common/src/misc/utils.ts#L142
Deployment environment
Steps to reproduce
Enter the email in the web vault.
Expected behaviour
No error returned.
Actual behaviour
The
/api/devices/knowndeviceendpoint returns an HTTP 400 error and the following content is printed in the server logs:Troubleshooting data
Request preview (base64 without padding)
Request preview (base64 with padding)
@BlackDex commented on GitHub (Mar 26, 2023):
Thanks for the detailed report.
It is strange as we do use Base64Url also.
Not yet checked detailed info this.
While it probably isn't a big deal, since that feature currently is only used for triggering password less login if I'm correct. It still shouldn't fail. All my test accounts didn't seem to trigger this.
@3XC1T3D commented on GitHub (Mar 27, 2023):
Hi,
we are issuing the same Warning in the logs of vaultwarden.
Beste regards
@MaxXor commented on GitHub (Mar 31, 2023):
I'm a bit hesitant to update because of this. Does this actually affect the browser plugin that you can no longer log in or just a warning with no further impact?