[PR #1829] [MERGED] Added web-vault v2.21.x support + some misc fixes #6652

New Issue

Closed

opened 2026-03-07 21:02:29 -06:00 by GiteaMirror · 0 comments

GiteaMirror commented 2026-03-07 21:02:29 -06:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/1829
Author: @BlackDex
Created: 7/4/2021
Status: ✅ Merged
Merged: 7/15/2021
Merged by: @dani-garcia

Base: main ← Head: future-web-vault

---

📝 Commits (2)

• 403f35b Added web-vault v2.21.x support + some misc fixes
• 340d42a Merge branch 'main' into future-web-vault

📊 Changes

18 files changed (+147 additions, -33 deletions)

View changed files

➕ migrations/mysql/2021-07-01-203140_add_password_reset_keys/down.sql (+0 -0)
➕ migrations/mysql/2021-07-01-203140_add_password_reset_keys/up.sql (+5 -0)
➕ migrations/postgresql/2021-07-01-203140_add_password_reset_keys/down.sql (+0 -0)
➕ migrations/postgresql/2021-07-01-203140_add_password_reset_keys/up.sql (+5 -0)
➕ migrations/sqlite/2021-07-01-203140_add_password_reset_keys/down.sql (+0 -0)
➕ migrations/sqlite/2021-07-01-203140_add_password_reset_keys/up.sql (+5 -0)
📝 src/api/core/accounts.rs (+7 -3)
➕ src/api/core/emergency_access.rs (+24 -0)
📝 src/api/core/mod.rs (+2 -0)
📝 src/api/core/organizations.rs (+42 -1)
📝 src/api/core/sends.rs (+4 -4)
📝 src/auth.rs (+13 -2)
📝 src/db/models/organization.rs (+18 -9)
📝 src/db/models/user.rs (+13 -14)
📝 src/db/schemas/mysql/schema.rs (+2 -0)
📝 src/db/schemas/postgresql/schema.rs (+2 -0)
📝 src/db/schemas/sqlite/schema.rs (+2 -0)
📝 src/error.rs (+3 -0)

📄 Description

• The new web-vault v2.21.0+ has support for Master Password Reset. For
  this to work it generates a public/private key-pair which needs to be
  stored in the database. Currently the Master Password Reset is not
  fixed, but there are endpoints which are needed even if we do not
  support this feature (yet). This PR fixes those endpoints, and stores
  the keys already in the database.

• There was an issue when you want to do a key-rotate when you change
  your password, it also called an Emergency Access endpoint, which we do
  not yet support. Because this endpoint failed to reply correctly
  produced some errors, and also prevent the user from being forced to
  logout. This resolves #1826 by adding at least that endpoint.

Because of that extra endpoint check to Emergency Access is done using
an old user stamp, i also modified the stamp exception to allow multiple
rocket routes to be called, and added an expiration timestamp to it.

During these tests i stumbled upon an issue that after my key-change was
done, it triggered the websockets to try and reload my ciphers, because
they were updated. This shouldn't happen when rotating they keys, since
all access should be invalided. Now there will be no websocket
notification for this, which also prevents error toasts.

• Increased Send Size limit to 500MB (with a litle overhead)

As a side note, i tested these changes on both v2.20.4 and v2.21.1 web-vault versions, all keeps working.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/1829 **Author:** [@BlackDex](https://github.com/BlackDex) **Created:** 7/4/2021 **Status:** ✅ Merged **Merged:** 7/15/2021 **Merged by:** [@dani-garcia](https://github.com/dani-garcia) **Base:** `main` ← **Head:** `future-web-vault` --- ### 📝 Commits (2) - [`403f35b`](https://github.com/dani-garcia/vaultwarden/commit/403f35b571ae2abb8e1df118bfa543e35805a52f) Added web-vault v2.21.x support + some misc fixes - [`340d42a`](https://github.com/dani-garcia/vaultwarden/commit/340d42a1ca93eaa7e57da4601db4875ceaa7859f) Merge branch 'main' into future-web-vault ### 📊 Changes **18 files changed** (+147 additions, -33 deletions) <details> <summary>View changed files</summary> ➕ `migrations/mysql/2021-07-01-203140_add_password_reset_keys/down.sql` (+0 -0) ➕ `migrations/mysql/2021-07-01-203140_add_password_reset_keys/up.sql` (+5 -0) ➕ `migrations/postgresql/2021-07-01-203140_add_password_reset_keys/down.sql` (+0 -0) ➕ `migrations/postgresql/2021-07-01-203140_add_password_reset_keys/up.sql` (+5 -0) ➕ `migrations/sqlite/2021-07-01-203140_add_password_reset_keys/down.sql` (+0 -0) ➕ `migrations/sqlite/2021-07-01-203140_add_password_reset_keys/up.sql` (+5 -0) 📝 `src/api/core/accounts.rs` (+7 -3) ➕ `src/api/core/emergency_access.rs` (+24 -0) 📝 `src/api/core/mod.rs` (+2 -0) 📝 `src/api/core/organizations.rs` (+42 -1) 📝 `src/api/core/sends.rs` (+4 -4) 📝 `src/auth.rs` (+13 -2) 📝 `src/db/models/organization.rs` (+18 -9) 📝 `src/db/models/user.rs` (+13 -14) 📝 `src/db/schemas/mysql/schema.rs` (+2 -0) 📝 `src/db/schemas/postgresql/schema.rs` (+2 -0) 📝 `src/db/schemas/sqlite/schema.rs` (+2 -0) 📝 `src/error.rs` (+3 -0) </details> ### 📄 Description - The new web-vault v2.21.0+ has support for Master Password Reset. For this to work it generates a public/private key-pair which needs to be stored in the database. Currently the Master Password Reset is not fixed, but there are endpoints which are needed even if we do not support this feature (yet). This PR fixes those endpoints, and stores the keys already in the database. - There was an issue when you want to do a key-rotate when you change your password, it also called an Emergency Access endpoint, which we do not yet support. Because this endpoint failed to reply correctly produced some errors, and also prevent the user from being forced to logout. This resolves #1826 by adding at least that endpoint. Because of that extra endpoint check to Emergency Access is done using an old user stamp, i also modified the stamp exception to allow multiple rocket routes to be called, and added an expiration timestamp to it. During these tests i stumbled upon an issue that after my key-change was done, it triggered the websockets to try and reload my ciphers, because they were updated. This shouldn't happen when rotating they keys, since all access should be invalided. Now there will be no websocket notification for this, which also prevents error toasts. - Increased Send Size limit to 500MB (with a litle overhead) As a side note, i tested these changes on both v2.20.4 and v2.21.1 web-vault versions, all keeps working. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

GiteaMirror added the pull-request label 2026-03-07 21:02:29 -06:00

GiteaMirror closed this issue 2026-03-07 21:02:29 -06:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

better for forum

bug

documentation

duplicate

enhancement

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

SSO

Third party

troubleshooting

wontfix

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#6652