mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-07-17 01:12:27 -05:00
[PR #7381] Don't block the login response on the new-device email #37072
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/dani-garcia/vaultwarden/pull/7381
Author: @maximilize
Created: 6/28/2026
Status: 🔄 Open
Base:
main← Head:fix/5856-new-device-email-async📝 Commits (1)
055cb61Don't block the login response on the new-device email📊 Changes
2 files changed (+47 additions, -29 deletions)
View changed files
📝
src/api/identity.rs(+37 -25)📝
src/mail.rs(+10 -4)📄 Description
Fixes #5856.
When a new device logs in and SMTP is enabled,
authenticated_response(anduser_api_key_login) awaitedsend_new_device_logged_inbefore building the HTTP response. A slow SMTP server therefore delays the login response, and since the Bitwarden clients time out at ~10s (Android, empirically), slow mail turns a successful login into a client-side error / very slow first login.The notification only needs to block when
require_device_emailis enabled — there a send failure must abort the login. When it's disabled (the default) the email is best-effort (the error was already only logged), so there's no reason to make the user wait on it.This adds a
send_new_device_emailhelper that:err!path whenrequire_device_emailis enabled, andtokio::task::spawn, mirroring the fire-and-forget pattern already used for push inpush.rs) when it's disabled, so a slow SMTP server can no longer block the login response.send_new_device_logged_innow takes the device name + type by value instead of&Device, so the spawned task can own everything it needs (Deviceisn'tClone). Both call sites —authenticated_response(which covers password + SSO login) anduser_api_key_login— go through the helper. Logging behavior in the best-effort branch is unchanged (the error is stillerror!-logged, now from within the task).Validated with
cargo fmt --check,cargo clippy --features sqlite -- -D warnings, andcargo test --features sqlitein a cleanrust:1.96container.Note: I didn't add an automated test for "response returns before SMTP completes" — the existing suite has no harness for the login HTTP path against a slow mail server. Verification is by code review plus the existing tests staying green; the change is a contained await→spawn for the best-effort branch only.
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.