Users cannot register even when added via the admin interface #36

New Issue

AtHeartEngineer · 2025-07-08T08:38:03-04:00

AtHeartEngineer commented

2025-07-08 08:38:03 -04:00

Originally created by @AlessandroZanatta on 6/16/2025

Vaultwarden Support String

Your environment (Generated via diagnostics page)

Vaultwarden version: v1.34.1
Web-vault version: v2025.5.0
OS/Arch: linux/x86_64
Running within a container: true (Base: Debian)
Database type: SQLite
Database version: 3.49.1
Uses config.json: false
Uses a reverse proxy: false
Internet access: true
Internet access via a proxy: false
DNS Check: true
Browser/Server Time Check: true
Server/NTP Time Check: true
Domain Configuration Check: true
HTTPS Check: false
Websocket Check: true
HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "****://*********",
  "domain_origin": "****://*********",
  "domain_path": "",
  "domain_set": false,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": null,
  "smtp_password": null,
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": null,
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Vaultwarden Build Version

v1.34.0, v1.34.1

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

None

Host/Server Operating System

Linux

Operating System Version

Tested on Debian 12, ArchLinux, Talos

Clients

Web Vault

Client Version

2025.1.1

Steps To Reproduce

Spin up an instance of Vaultwarden as following:

docker run -v data:/data \
  -e SIGNUPS_ALLOWED=false \
  -e ADMIN_TOKEN=asdf \
  -p 80:80 \
  vaultwarden/server:1.34.1

Signups are not allowed, but you can invite users via the admin interface, and they should be able to register on http://<instance>/#/register after being added by an admin (as also indicated in the wiki)
When navigating to http://<instance>/#/register on version 1.34.0 and onwards, you get redirected to http://<instance>/#/signup, which calls the /identity/accounts/register/send-verification-email endpoint, which, with the signup disabled, returns 400

On previous versions, such as 1.33.2 and earlier, there is no redirect to /#/signup, thus allowing to reach the correct endpoints via the Web UI. This may be an issue with a change in the Bitwarden Web UI.

Expected Result

User is not redirected to /#/signup, but gets instead to this form:

instead of this one:

Actual Result

Logs

/--------------------------------------------------------------------\
|                        Starting Vaultwarden                        |
|                           Version 1.34.1                           |
|--------------------------------------------------------------------|
| This is an *unofficial* Bitwarden implementation, DO NOT use the   |
| official channels to report bugs/features, regardless of client.   |
| Send usage/configuration questions or feature requests to:         |
|   https://github.com/dani-garcia/vaultwarden/discussions or        |
|   https://vaultwarden.discourse.group/                             |
| Report suspected bugs/issues in the software itself at:            |
|   https://github.com/dani-garcia/vaultwarden/issues/new            |
\--------------------------------------------------------------------/

[NOTICE] You are using a plain text `ADMIN_TOKEN` which is insecure.
Please generate a secure Argon2 PHC string by using `vaultwarden hash` or `argon2`.
See: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token

[2025-06-16 06:53:13.367][start][INFO] Rocket has launched from http://0.0.0.0:80
[2025-06-16 06:53:34.166][request][INFO] POST /identity/accounts/register/send-verification-email
[2025-06-16 06:53:34.166][vaultwarden::api::identity][ERROR] Registration not allowed or user already exists
[2025-06-16 06:53:34.166][response][INFO] (register_verification_email) POST /identity/accounts/register/send-verification-email => 400 Bad Request
[2025-06-16 06:53:39.189][vaultwarden::api::web::_][WARN] Parameter guard `p: PathBuf` is forwarding: BadStart('.').
[2025-06-16 06:53:41.092][request][INFO] POST /identity/accounts/register/send-verification-email
[2025-06-16 06:53:41.092][vaultwarden::api::identity][ERROR] Registration not allowed or user already exists
[2025-06-16 06:53:41.092][response][INFO] (register_verification_email) POST /identity/accounts/register/send-verification-email => 400 Bad Request

Screenshots or Videos

No response

Additional Context

No response

*Originally created by @AlessandroZanatta on 6/16/2025* ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.34.1 * Web-vault version: v2025.5.0 * OS/Arch: linux/x86_64 * Running within a container: true (Base: Debian) * Database type: SQLite * Database version: 3.49.1 * Uses config.json: false * Uses a reverse proxy: false * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: false * Websocket Check: true * HTTP Response Checks: true ### Config & Details (Generated via diagnostics page) <details><summary>Show Config & Details</summary> **Config:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "***:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_connect_src": "", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "****://*********", "domain_origin": "****://*********", "domain_path": "", "domain_set": false, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "push_enabled": false, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "", "smtp_from_name": "Vaultwarden", "smtp_host": null, "smtp_password": null, "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": null, "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Vaultwarden Build Version v1.34.0, v1.34.1 ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy None ### Host/Server Operating System Linux ### Operating System Version Tested on Debian 12, ArchLinux, Talos ### Clients Web Vault ### Client Version 2025.1.1 ### Steps To Reproduce 1. Spin up an instance of Vaultwarden as following: ```bash docker run -v data:/data \ -e SIGNUPS_ALLOWED=false \ -e ADMIN_TOKEN=asdf \ -p 80:80 \ vaultwarden/server:1.34.1 ``` 2. Signups are not allowed, but you can invite users via the admin interface, and they should be able to register on `http://<instance>/#/register` after being added by an admin (as also indicated [in the wiki](https://github.com/dani-garcia/vaultwarden/wiki/Disable-registration-of-new-users)) 3. When navigating to `http://<instance>/#/register` on version 1.34.0 and onwards, you get redirected to `http://<instance>/#/signup`, which calls the `/identity/accounts/register/send-verification-email` endpoint, which, with the signup disabled, [returns 400](https://github.com/dani-garcia/vaultwarden/blob/72adc239f5a174c1419b30f4aa9a36a63791cff5/src/api/identity.rs#L721) On previous versions, such as 1.33.2 and earlier, there is no redirect to `/#/signup`, thus allowing to reach the correct endpoints via the Web UI. This may be an issue with a change in the Bitwarden Web UI. ### Expected Result User is not redirected to /#/signup, but gets instead to this form: <img width="516" alt="Image" src="https://github.com/user-attachments/assets/9693d401-8729-444d-b988-9f9bcd9acd43" /> instead of this one: <img width="624" alt="Image" src="https://github.com/user-attachments/assets/27320102-ce10-4867-8f61-05d350c9685d" /> ### Actual Result <img width="637" alt="Image" src="https://github.com/user-attachments/assets/76c69a22-847a-49c2-8b0b-358c9d505cf3" /> ### Logs ```text /--------------------------------------------------------------------\ | Starting Vaultwarden | | Version 1.34.1 | |--------------------------------------------------------------------| | This is an *unofficial* Bitwarden implementation, DO NOT use the | | official channels to report bugs/features, regardless of client. | | Send usage/configuration questions or feature requests to: | | https://github.com/dani-garcia/vaultwarden/discussions or | | https://vaultwarden.discourse.group/ | | Report suspected bugs/issues in the software itself at: | | https://github.com/dani-garcia/vaultwarden/issues/new | \--------------------------------------------------------------------/ [NOTICE] You are using a plain text `ADMIN_TOKEN` which is insecure. Please generate a secure Argon2 PHC string by using `vaultwarden hash` or `argon2`. See: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token [2025-06-16 06:53:13.367][start][INFO] Rocket has launched from http://0.0.0.0:80 [2025-06-16 06:53:34.166][request][INFO] POST /identity/accounts/register/send-verification-email [2025-06-16 06:53:34.166][vaultwarden::api::identity][ERROR] Registration not allowed or user already exists [2025-06-16 06:53:34.166][response][INFO] (register_verification_email) POST /identity/accounts/register/send-verification-email => 400 Bad Request [2025-06-16 06:53:39.189][vaultwarden::api::web::_][WARN] Parameter guard `p: PathBuf` is forwarding: BadStart('.'). [2025-06-16 06:53:41.092][request][INFO] POST /identity/accounts/register/send-verification-email [2025-06-16 06:53:41.092][vaultwarden::api::identity][ERROR] Registration not allowed or user already exists [2025-06-16 06:53:41.092][response][INFO] (register_verification_email) POST /identity/accounts/register/send-verification-email => 400 Bad Request ``` ### Screenshots or Videos _No response_ ### Additional Context _No response_

AtHeartEngineer closed this issue

2025-07-08 08:38:03 -04:00

AtHeartEngineer added the bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug labels 2025-07-08 08:38:05 -04:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#36