github-starred/vaultwarden
2
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-03-25 07:41:20 -05:00
Code Issues 79 Packages Projects Releases 78 Wiki Activity

Bug: user can delete itself - will corrupt database #5422

New Issue
Closed
opened 2026-03-07 20:23:39 -06:00 by GiteaMirror · 7 comments
GiteaMirror commented 2026-03-07 20:23:39 -06:00
Owner
Copy Link

Originally created by @lexusburn on GitHub (Nov 27, 2023).

Subject of the issue

A user had lost his master password and had the option to delete his user account (link in password hin email).
This user got a message, that delete wasn't sucessful.
Delete from admin wasn't successful too.

I've got the this error in the logs:
deleting user FOREIGN KEY constraint failed

Deployment environmentt (Generated via diagnostics page)

  • Vaultwarden version: v1.30.1
  • Web-vault version: v2023.10.0
  • OS/Arch: linux/x86_64
  • Running within Docker: true (Base: Debian)
  • Environment settings overridden: true
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Browser/Server Time Check: true
  • Server/NTP Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Database type: SQLite
  • Database version: 3.44.0
  • Clients used:
  • Reverse proxy and version:
  • Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, INVITATIONS_ALLOWED, SHOW_PASSWORD_HINT, ADMIN_TOKEN, YUBICO_CLIENT_ID, YUBICO_SECRET_KEY, SMTP_HOST, SMTP_SECURITY, SMTP_PORT, SMTP_FROM, SMTP_USERNAME, SMTP_PASSWORD

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_smtp_img_src": "cid:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": true,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://****************",
  "domain_origin": "*****://****************",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "11880 Vaultwarden Password Storage",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "********************",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": true,
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "******************",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "*****************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "******",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": "90810",
  "yubico_secret_key": "***",
  "yubico_server": null
}
  • Other relevant details:

Expected behaviour

That the user don't have the option to delete himself.
Or that the option is present, but it works and don't corrupts the (sqlite) database.

Originally created by @lexusburn on GitHub (Nov 27, 2023). <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue A user had lost his master password and had the option to delete his user account (link in password hin email). This user got a message, that delete wasn't sucessful. Delete from admin wasn't successful too. I've got the this error in the logs: deleting user FOREIGN KEY constraint failed ### Deployment environmentt (Generated via diagnostics page) * Vaultwarden version: v1.30.1 * Web-vault version: v2023.10.0 * OS/Arch: linux/x86_64 * Running within Docker: true (Base: Debian) * Environment settings overridden: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.44.0 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** DOMAIN, SIGNUPS_ALLOWED, INVITATIONS_ALLOWED, SHOW_PASSWORD_HINT, ADMIN_TOKEN, YUBICO_CLIENT_ID, YUBICO_SECRET_KEY, SMTP_HOST, SMTP_SECURITY, SMTP_PORT, SMTP_FROM, SMTP_USERNAME, SMTP_PASSWORD ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_smtp_img_src": "cid:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": true, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://****************", "domain_origin": "*****://****************", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_expiration_hours": 120, "invitation_org_name": "11880 Vaultwarden Password Storage", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "********************", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "push_enabled": true, "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "******************", "smtp_from_name": "Vaultwarden", "smtp_host": "*****************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "******", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": "90810", "yubico_secret_key": "***", "yubico_server": null } ``` </details> * Other relevant details: ### Expected behaviour That the user don't have the option to delete himself. Or that the option is present, but it works and don't corrupts the (sqlite) database.
GiteaMirror commented 2026-03-07 20:23:40 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Nov 27, 2023):

Your database probably was corrupted before the user tried to delete his account already. Also manual attempts on the sqlite file could cause this. Same as for shared storage if that is used that could also cause issues.

@BlackDex commented on GitHub (Nov 27, 2023): Your database probably was corrupted before the user tried to delete his account already. Also manual attempts on the sqlite file could cause this. Same as for shared storage if that is used that could also cause issues.
GiteaMirror commented 2026-03-07 20:23:41 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Nov 27, 2023):

First make a backup of the current database before you do anything else.

I would suggest to check https://sqlite.org/recovery.html#recovery_using_the_recover_command_in_the_cli

You could also try to use the backup feature in the admin interface and then after that copy the backup file and use that as the new main database. That might be enough already.

@BlackDex commented on GitHub (Nov 27, 2023): First make a backup of the current database before you do anything else. I would suggest to check https://sqlite.org/recovery.html#recovery_using_the_recover_command_in_the_cli You could also try to use the backup feature in the admin interface and then after that copy the backup file and use that as the new main database. That might be enough already.
GiteaMirror commented 2026-03-07 20:23:42 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Nov 27, 2023):

I also found this which might helps. https://community.home-assistant.io/t/fix-corrupted-malformed-sqlite-database-home-assistant-v2-db/257502

@BlackDex commented on GitHub (Nov 27, 2023): I also found this which might helps. https://community.home-assistant.io/t/fix-corrupted-malformed-sqlite-database-home-assistant-v2-db/257502
GiteaMirror commented 2026-03-07 20:23:43 -06:00
Author
Owner
Copy Link

@lexusburn commented on GitHub (Nov 27, 2023):

Thank you, but i have already a daily backup job running.

The database wasn't corrupt before.
I had restored the backup a few hours before this user had made the action and all was working fine.

I can reproduce the issue:

  • call password hint email
  • use delete user profile link from email
  • got error on this
  • can see the user in admin interface and try to delete from there: error again
@lexusburn commented on GitHub (Nov 27, 2023): Thank you, but i have already a daily backup job running. The database wasn't corrupt before. I had restored the backup a few hours before this user had made the action and all was working fine. I can reproduce the issue: - call password hint email - use delete user profile link from email - got error on this - can see the user in admin interface and try to delete from there: error again
GiteaMirror commented 2026-03-07 20:23:43 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Nov 27, 2023):

How sure are you that the database isn't corrupted, even the backups? Did you checked them with pragma integrity_check;?

Also, what happens if you do not let the user follow the recovery/delete flow? And delete the user directly via the admin Interface. Would be strange if it would work, since both use the same function to do the delete.

Also, i just tested both flows, and both work without an issue.
So this probably is a database issue, either by a strange corruption or manual deletions maybe.

I would still suggest to check the database for integrity.

@BlackDex commented on GitHub (Nov 27, 2023): How sure are you that the database isn't corrupted, even the backups? Did you checked them with `pragma integrity_check;`? Also, what happens if you do not let the user follow the recovery/delete flow? And delete the user directly via the admin Interface. Would be strange if it would work, since both use the same function to do the delete. Also, i just tested both flows, and both work without an issue. So this probably is a database issue, either by a strange corruption or manual deletions maybe. I would still suggest to check the database for integrity.
GiteaMirror commented 2026-03-07 20:23:45 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Dec 6, 2023):

Any chance yet to check for integrity?

The only thing deleting a user and causing an error would be an already (manually) incomplete deletion of that user, or a corrupted database.

@BlackDex commented on GitHub (Dec 6, 2023): Any chance yet to check for integrity? The only thing deleting a user and causing an error would be an already (manually) incomplete deletion of that user, or a corrupted database.
GiteaMirror commented 2026-03-07 20:23:46 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Dec 9, 2023):

Closing this as stale. Please re-open if needed with more details.

@BlackDex commented on GitHub (Dec 9, 2023): Closing this as stale. Please re-open if needed with more details.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#5422
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?