Bad request trying to log from vault web

[tairosonloa]

Hi everyone,

First thanks for your job with the API, I think you are doing a good job here.

I'm trying to enable 2FA on my account, and I think the only way to achieve it is via vault web (correct me if I'm wrong*), so I'm trying to log to the bitwarden-go API from the web.

I know bitwarden-go API is well configured because I can connect from my Android APP and browser extension.

So, I'm running the vault web on a laptop with a public IP. I tried running it from sources of bitwarden web GitHub repo and also from @shackra Dockerfile as he told in #12. This is my settings.json

{
    "appSettings": {
        "apiUri": "https://myserver.tld/api",
        "identityUri": "https://myserver.tld/identity",
        "iconsUri": "https://icons.bitwarden.com",
        "stripeKey": "pk_test_KPoCfZXu7mznb9uSCPZ2JpTD",
        "braintreeKey": "sandbox_r72q8jq6_9pnxkwm75f87sdc2",
        "whitelistDomains": [
            "my-server-ip",
            "my-server-ip:9001",
            "myserver.tld"
        ]
    }
}

And I'm running bitwarden-go with
./bitwarden-go -disableRegistration -host 127.0.0.1 -port 9001 -vaultURL my-laptop-public-ip:4001

I'm running bitwarden-go API behind and nginx proxy as follow:

server {
    # Listen over https on port 443
    listen 443 ssl;
    listen [::]:443 ssl;

   # Some SSl config
   # ....

    server_name myserver.tld;

    # Reverse https proxy
    location / {
        proxy_pass         http://127.0.0.1:9001/;
        proxy_redirect     off;

        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    }
}

And when I open the vault web on my laptop and try to log in I get an error message which says "Errors have occurred: An unexpected error has occurred.". I press F12 to see console output and it says:

Failed to load resource: the server responded with a status of 400 (Bad Request)
    myserver.tld/identity/connect/token:1

Failed to load https://myserver.tld/identity/connect/token: Response to preflight request
doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on
the requested resource. Origin 'http://localhost:4001' is therefore not allowed access. The
response had HTTP status code 400.
    :4001/#/:1

If you can help me I'll apreciate it a lot.

* I can try to do a petition to bitwarden-go API with postman or similar to set 2FA. I really only want the web to enable 2FA and I'll forget the web after that.

[ptman]

What do you have running on :4001? Have you tried adding an access-control-allow-origin header in nginx? https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin ?

[tairosonloa]

Thanks for the help @ptman. I have running on port 4001 (on my laptop localhost) the vault web. I tried adding this line to location / nginx config:

proxy_set_header   Access-Control-Allow-Origin  *;

And then I restarted nginx, but I still get the same error on my chrome developer terminal. I also had a look on the bitwarden-go trace, and it says Login without grant_type when I tried to log in from the vault web.

So, to remove complications, I tried to serve vault web from my server instead of from my laptop (the same server where is bitwarden-go). I rerun bitwarden-go with the new value for -vaultURL and now, I get a different error, which says

Failed to load resource: the server responded with a status of 405 (Method Not Allowed)
    :<vault-web-port>/identity/connect/token:1 

And I don't have any message on bitwarden-go trace. I think I must try to enable POST http methods in some way in nginx. I tried with error_page 405 =200 $uri; but didn't work.