-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encryption key rotation fails with 500 error #8453
Comments
As an addition, i tested this with a Self-Hosted 6a0f6e1d where it seems to break. |
Hello @BlackDex, Thank you for reporting this. I tested this in the cloud Web App 2024.3.0 using Firefox 123.0.1, and I was able to successfully rotate the account's encryption key. I recommend that you create a Support ticket so we'd have a look at this together, and please also include a link to this GitHub report in the body of your ticket. Alternatively, you can seek assistance from other Bitwarden users in our Community Forums, if you wish. We use GitHub to track bugs and other development related matters; This GitHub report will be closed at this point. Thank you again, |
@SergeantConfused I am a bit confused here. I do not need support. I'm reporting an issue/bug here. I did some more testing. Used an empty account which is part of an organization, and when i try to rotate the key, it seems to also rotate the organization owned ciphers and sends those too. That in the end causes a failure i think. When i create a user which is not part of an organization, it works just fine. Looking at the logs below, it doesn't seem to have anything to do with the folders, but rather the ciphers not owned by the user, but by the organization.
|
v2023.12.x seems to not send org ciphers, v2024.1.x seems to, and it fails using a Self-Hosted instance (unified). |
Not having debugged it thoroughly, but just having done brief triage, it seems to be (accidentally?) introduced in #6881. Before: clients/apps/web/src/app/auth/settings/change-password.component.ts Lines 244 to 252 in 28de943
After: clients/apps/web/src/app/auth/key-rotation/user-key-rotation.service.ts Lines 104 to 116 in f987153
which seems to be missing a check for the orgId, which lines up with @BlackDex's observation. |
To replicate the issue with the folders I think you need a self-hosted instance that has the feature flag Until clients/apps/web/src/app/auth/settings/change-password.component.ts Lines 235 to 242 in 8d90085
web-v2024.1.0 the empty folder is sent clients/apps/web/src/app/auth/key-rotation/user-key-rotation.service.ts Lines 118 to 130 in dbf0f1e
|
No need for any folder too be created. It does this on a fresh account to. The problem probably is that the self hosted do not have that feature flag in the config, but it still receives the data in that format. And therefore it probably breaks by trying to update or actually add the org ciphers as a user cipher, and that causes a duplicate index/foreign key error. |
Steps To Reproduce
Settings
>Security
>Master password
Also rotate my account's encryption key
Change master password
It produces a 500 error.
Expected Result
Rotated encryption key succeeded.
Actual Result
It fails.
Screenshots or Videos
No response
Additional Context
The
folders
array contains anid
withnull
. The folder count is also 1 more than the account actually has.Operating System
Linux
Operating System Version
n/a
Web Browser
Firefox
Browser Version
125.0b3
Build Version
2024.3.0
Issue Tracking Info
The text was updated successfully, but these errors were encountered: