[PR #5176] [MERGED] More authrequest fixes #32590

Closed
opened 2026-06-20 19:23:34 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/5176
Author: @dani-garcia
Created: 11/11/2024
Status: Merged
Merged: 11/11/2024
Merged by: @BlackDex

Base: mainHead: more_authrequest_fixes


📝 Commits (1)

📊 Changes

2 files changed (+47 additions, -36 deletions)

View changed files

📝 src/api/core/accounts.rs (+13 -10)
📝 src/api/identity.rs (+34 -26)

📄 Description

We were checking the user uuid against the authrequest uuid, which would always fail and error out.

Fixes https://github.com/dani-garcia/vaultwarden/issues/5174

I've also noticed that we were rotating the user password hash when login in with auth request (where instead of the password, a randomly generated access code is used), this could lead to inoperable accounts.

Also tried to delete the auth requests after they were used or denied, rather than waiting for the timer to clear them up.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/5176 **Author:** [@dani-garcia](https://github.com/dani-garcia) **Created:** 11/11/2024 **Status:** ✅ Merged **Merged:** 11/11/2024 **Merged by:** [@BlackDex](https://github.com/BlackDex) **Base:** `main` ← **Head:** `more_authrequest_fixes` --- ### 📝 Commits (1) - [`c4cdfd7`](https://github.com/dani-garcia/vaultwarden/commit/c4cdfd7cbeda3f675d7ac0e0947897c5a8ec2482) More authrequest fixes ### 📊 Changes **2 files changed** (+47 additions, -36 deletions) <details> <summary>View changed files</summary> 📝 `src/api/core/accounts.rs` (+13 -10) 📝 `src/api/identity.rs` (+34 -26) </details> ### 📄 Description We were checking the user uuid against the authrequest uuid, which would always fail and error out. Fixes https://github.com/dani-garcia/vaultwarden/issues/5174 I've also noticed that we were rotating the user password hash when login in with auth request (where instead of the password, a randomly generated access code is used), this could lead to inoperable accounts. Also tried to delete the auth requests after they were used or denied, rather than waiting for the timer to clear them up. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-06-20 19:23:34 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#32590