[GH-ISSUE #7146] Cannot confirm user's account #30118

Closed
opened 2026-06-17 09:51:23 -05:00 by GiteaMirror · 5 comments
Owner

Originally created by @smbld on GitHub (Apr 28, 2026).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/7146

Prerequisites

Vaultwarden Support String

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.35.8
  • Web-vault version: v2026.3.1
  • OS/Arch: linux/x86_64
  • Running within a container: true (Base: Debian)
  • Database type: MySQL
  • Database version: 12.2.2-MariaDB-ubu2404
  • Uses config.json: true
  • Uses a reverse proxy: false
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Browser/Server Time Check: true
  • Server/NTP Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Websocket Check: true
  • HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, ORG_CREATION_USERS, EMERGENCY_ACCESS_ALLOWED, EMAIL_CHANGE_ALLOWED, ADMIN_TOKEN, SMTP_HOST, SMTP_SECURITY, SMTP_PORT, SMTP_FROM, SMTP_FROM_NAME

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_idle_timeout": 600,
  "database_max_conns": 10,
  "database_min_conns": 2,
  "database_timeout": 30,
  "database_url": "*****://**************************************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": true,
  "dns_prefer_ipv6": false,
  "domain": "*****://**************",
  "domain_origin": "*****://**************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": false,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": false,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": true,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "ssh-key-vault-item,ssh-agent",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 240,
  "invitation_org_name": "Deret",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": "/data/vault.log",
  "log_level": "info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "***",
  "org_events_enabled": true,
  "org_groups_enabled": true,
  "password_hints_allowed": false,
  "password_iterations": 600000,
  "purge_incomplete_sso_auth": "0 20 0 * * *",
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "********************",
  "smtp_from_name": "*****************",
  "smtp_host": "************************************",
  "smtp_password": null,
  "smtp_port": 25,
  "smtp_security": "off",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": null,
  "sso_allow_unknown_email_verification": false,
  "sso_audience_trusted": null,
  "sso_auth_only_not_session": false,
  "sso_authority": "*****://*******************************************************************",
  "sso_authorize_extra_params": "",
  "sso_callback_path": "*****://*******************************************",
  "sso_client_cache_expiration": 0,
  "sso_client_id": "************************************",
  "sso_client_secret": "***",
  "sso_debug_tokens": false,
  "sso_enabled": true,
  "sso_master_password_policy": null,
  "sso_only": true,
  "sso_pkce": true,
  "sso_scopes": "openid profile offline_access User.Read",
  "sso_signups_match_email": true,
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Vaultwarden Build Version

1.35.8

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

no

Host/Server Operating System

Linux

Operating System Version

Debian 12

Clients

Web Vault

Client Version

No response

Steps To Reproduce

  1. Invite
  2. Accept
  3. From there i see the user's account that are waiting validation but when i click confirm there is no reaction

Expected Result

No errors

Actual Result

Error

Logs

vaultwarden    | [2026-04-28 08:38:20.652][vaultwarden::api::core::accounts][ERROR] User has no public_key
vaultwarden    | [2026-04-28 08:38:20.652][response][INFO] (get_public_keys) GET /api/users/<user_id>/public-key => 404 Not Found

Screenshots or Videos

No response

Additional Context

No response

Originally created by @smbld on GitHub (Apr 28, 2026). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/7146 ### Prerequisites - [x] I have searched the existing **Closed _AND_ Open** [Issues](https://github.com/dani-garcia/vaultwarden/issues?q=is%3Aissue%20) **_AND_** [Discussions](https://github.com/dani-garcia/vaultwarden/discussions?discussions_q=) - [x] I have searched and read the [documentation](https://github.com/dani-garcia/vaultwarden/wiki/) ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.35.8 * Web-vault version: v2026.3.1 * OS/Arch: linux/x86_64 * Running within a container: true (Base: Debian) * Database type: MySQL * Database version: 12.2.2-MariaDB-ubu2404 * Uses config.json: true * Uses a reverse proxy: false * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Websocket Check: true * HTTP Response Checks: true ### Config & Details (Generated via diagnostics page) <details><summary>Show Config & Details</summary> **Environment settings which are overridden:** DOMAIN, SIGNUPS_ALLOWED, ORG_CREATION_USERS, EMERGENCY_ACCESS_ALLOWED, EMAIL_CHANGE_ALLOWED, ADMIN_TOKEN, SMTP_HOST, SMTP_SECURITY, SMTP_PORT, SMTP_FROM, SMTP_FROM_NAME **Config:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "***:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_connect_src": "", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_idle_timeout": 600, "database_max_conns": 10, "database_min_conns": 2, "database_timeout": 30, "database_url": "*****://**************************************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": true, "dns_prefer_ipv6": false, "domain": "*****://**************", "domain_origin": "*****://**************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": false, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": false, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": true, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "ssh-key-vault-item,ssh-agent", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 240, "invitation_org_name": "Deret", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": "/data/vault.log", "log_level": "info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "***", "org_events_enabled": true, "org_groups_enabled": true, "password_hints_allowed": false, "password_iterations": 600000, "purge_incomplete_sso_auth": "0 20 0 * * *", "push_enabled": false, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "********************", "smtp_from_name": "*****************", "smtp_host": "************************************", "smtp_password": null, "smtp_port": 25, "smtp_security": "off", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": null, "sso_allow_unknown_email_verification": false, "sso_audience_trusted": null, "sso_auth_only_not_session": false, "sso_authority": "*****://*******************************************************************", "sso_authorize_extra_params": "", "sso_callback_path": "*****://*******************************************", "sso_client_cache_expiration": 0, "sso_client_id": "************************************", "sso_client_secret": "***", "sso_debug_tokens": false, "sso_enabled": true, "sso_master_password_policy": null, "sso_only": true, "sso_pkce": true, "sso_scopes": "openid profile offline_access User.Read", "sso_signups_match_email": true, "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Vaultwarden Build Version 1.35.8 ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy no ### Host/Server Operating System Linux ### Operating System Version Debian 12 ### Clients Web Vault ### Client Version _No response_ ### Steps To Reproduce 1. Invite 2. Accept 3. From there i see the user's account that are waiting validation but when i click confirm there is no reaction ### Expected Result No errors ### Actual Result Error ### Logs ```text vaultwarden | [2026-04-28 08:38:20.652][vaultwarden::api::core::accounts][ERROR] User has no public_key vaultwarden | [2026-04-28 08:38:20.652][response][INFO] (get_public_keys) GET /api/users/<user_id>/public-key => 404 Not Found ``` ### Screenshots or Videos _No response_ ### Additional Context _No response_
GiteaMirror added the bug label 2026-06-17 09:51:23 -05:00
Author
Owner

@BlackDex commented on GitHub (Apr 28, 2026):

This is linked to your previous report, because of that issue, this issue happens.

<!-- gh-comment-id:4333056749 --> @BlackDex commented on GitHub (Apr 28, 2026): This is linked to your previous report, because of that issue, this issue happens.
Author
Owner

@smbld commented on GitHub (Apr 28, 2026):

Not exactly because the previous report let me confirm the user.
This issue prevent me to confirm the user.

<!-- gh-comment-id:4333417980 --> @smbld commented on GitHub (Apr 28, 2026): Not exactly because the previous report let me confirm the user. This issue prevent me to confirm the user.
Author
Owner

@BlackDex commented on GitHub (Apr 28, 2026):

Did the user excepted the invite already, fully?
Because a public-key is created during registering, if that for some reason failed or had an issue, then that user is not correctly created from the start.

Maybe you can see something in the logs when that user tried to register/create the account?

<!-- gh-comment-id:4333474198 --> @BlackDex commented on GitHub (Apr 28, 2026): Did the user excepted the invite already, fully? Because a public-key is created during registering, if that for some reason failed or had an issue, then that user is not correctly created from the start. Maybe you can see something in the logs when that user tried to register/create the account?
Author
Owner

@smbld commented on GitHub (Apr 28, 2026):

[2026-04-28 15:15:21.335][vaultwarden::mail][ERROR] SMTP 5xx error: permanent error (550): 5.4.1 Recipient address rejected: Access denied, do we need a valid recipient mail when user is registering ? I'm using an internal address with alias on my account but i cannot have alias and the same mail attribute on two different account with Entra so i keep only one at time. Can it be the the root cause?

<!-- gh-comment-id:4335707195 --> @smbld commented on GitHub (Apr 28, 2026): [2026-04-28 15:15:21.335][vaultwarden::mail][ERROR] SMTP 5xx error: permanent error (550): 5.4.1 Recipient address rejected: Access denied, do we need a valid recipient mail when user is registering ? I'm using an internal address with alias on my account but i cannot have alias and the same mail attribute on two different account with Entra so i keep only one at time. Can it be the the root cause?
Author
Owner

@BlackDex commented on GitHub (Apr 28, 2026):

I'm not an SSO expert. But these are the base rules for Bitwarden (And thus also Vaultwarden).
The account needs to be a valid e-mail address, that e-mail address needs to be a valid recipient for emails.
E-Mails are sent for import items like 2FA Fallback, or if someone has emergency-access contact, or master-password-reset is enabled. I think some actions even need some extra validation. So, if SMTP is enabled, you need a valid working e-mail address which can be used to contact the user.

<!-- gh-comment-id:4335834363 --> @BlackDex commented on GitHub (Apr 28, 2026): I'm not an SSO expert. But these are the base rules for Bitwarden (And thus also Vaultwarden). The account needs to be a valid e-mail address, that e-mail address needs to be a valid recipient for emails. E-Mails are sent for import items like 2FA Fallback, or if someone has emergency-access contact, or master-password-reset is enabled. I think some actions even need some extra validation. So, if SMTP is enabled, you need a valid working e-mail address which can be used to contact the user.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#30118