Comments (8)
It works for me, at least when using testing
.
I suggest to test that version, but it actually looks like the either the token is expired or not correct, or something else during the login is incorrect.
from vaultwarden.
The vault was initially created by me. I set another account as owner, later.
I already tried every available role to get access with my account, again.
What do you mean? Did the other owner change your role? Kicked you out of the organization?
How did you try to get access? Did you add yourself in the database? Did you change your role in the /admin/users/overview
page? Also can you please post the support string from the /admin/diagnostics
page?
from vaultwarden.
Also, the only way i can get this message via the web-vault is by setting a users as manager/admin/owner, with that user go to the org interface, open the collection creation form. With the other user demote that user to user again.
Fill in the form and and submit, that will generate the error, but that is expected.
from vaultwarden.
It works for me, at least when using
testing
.I suggest to test that version, but it actually looks like the either the token is expired or not correct, or something else during the login is incorrect.
I can confirm that it works in testing.
I can also confirm that I like the new interface π
from vaultwarden.
What do you mean? Did the other owner change your role? Kicked you out of the organization? How did you try to get access? Did you add yourself in the database? Did you change your role in the
/admin/users/overview
page? Also can you please post the support string from the/admin/diagnostics
page?
I created the Vault using my personal account. Later, I created an account for administrative tasks, gave it the owner role and set my personal account as user.
When I tried to create a collection using my personal account I ran into the issue for the first time. To fix it I tried to give me admin, then manager, then owner. I changed the roles using /organizations/xxx-xxx-xxx-xxx-xxx/members
, later using /admin/users/overview
.
Your environment (Generated via diagnostics page)
- Vaultwarden version: v1.30.5
- Web-vault version: v2024.1.2b
- OS/Arch: linux/x86_64
- Running within a container: true (Base: Debian)
- Environment settings overridden: true
- Uses a reverse proxy: true
- IP Header check: true (X-Real-IP)
- Internet access: true
- Internet access via a proxy: false
- DNS Check: true
- Browser/Server Time Check: true
- Server/NTP Time Check: true
- Domain Configuration Check: true
- HTTPS Check: true
- Database type: SQLite
- Database version: 3.44.0
- Clients used:
- Reverse proxy and version:
- Other relevant information:
Config (Generated via diagnostics page)
Show Running Config
Environment settings which are overridden: ADMIN_TOKEN
{
"_duo_akey": null,
"_enable_duo": true,
"_enable_email_2fa": false,
"_enable_smtp": true,
"_enable_yubico": true,
"_icon_service_csp": "",
"_icon_service_url": "",
"_ip_header_enabled": true,
"_smtp_img_src": "cid:",
"admin_ratelimit_max_burst": 3,
"admin_ratelimit_seconds": 300,
"admin_session_lifetime": 20,
"admin_token": "***",
"allowed_iframe_ancestors": "",
"attachments_folder": "data/attachments",
"auth_request_purge_schedule": "30 * * * * *",
"authenticator_disable_time_drift": false,
"data_folder": "data",
"database_conn_init": "",
"database_max_conns": 10,
"database_timeout": 30,
"database_url": "***************",
"db_connection_retries": 15,
"disable_2fa_remember": false,
"disable_admin_token": false,
"disable_icon_download": false,
"domain": "*****://***********************************",
"domain_origin": "*****://***********************************",
"domain_path": "",
"domain_set": true,
"duo_host": null,
"duo_ikey": null,
"duo_skey": null,
"email_attempts_limit": 3,
"email_change_allowed": true,
"email_expiration_time": 600,
"email_token_size": 6,
"emergency_access_allowed": false,
"emergency_notification_reminder_schedule": "0 3 * * * *",
"emergency_request_timeout_schedule": "0 7 * * * *",
"enable_db_wal": true,
"event_cleanup_schedule": "0 10 0 * * *",
"events_days_retain": null,
"experimental_client_feature_flags": "fido2-vault-credentials",
"extended_logging": true,
"helo_name": null,
"hibp_api_key": null,
"icon_blacklist_non_global_ips": true,
"icon_blacklist_regex": null,
"icon_cache_folder": "data/icon_cache",
"icon_cache_negttl": 259200,
"icon_cache_ttl": 2592000,
"icon_download_timeout": 10,
"icon_redirect_code": 302,
"icon_service": "internal",
"incomplete_2fa_schedule": "30 * * * * *",
"incomplete_2fa_time_limit": 3,
"invitation_expiration_hours": 120,
"invitation_org_name": "**********************",
"invitations_allowed": false,
"ip_header": "X-Real-IP",
"job_poll_interval_ms": 30000,
"log_file": null,
"log_level": "Info",
"log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
"login_ratelimit_max_burst": 10,
"login_ratelimit_seconds": 60,
"org_attachment_limit": null,
"org_creation_users": "",
"org_events_enabled": false,
"org_groups_enabled": false,
"password_hints_allowed": false,
"password_iterations": 600000,
"push_enabled": true,
"push_identity_uri": "https://identity.bitwarden.eu",
"push_installation_id": "***",
"push_installation_key": "***",
"push_relay_uri": "https://push.bitwarden.eu",
"reload_templates": false,
"require_device_email": false,
"rsa_key_filename": "data/rsa_key",
"send_purge_schedule": "0 5 * * * *",
"sendmail_command": null,
"sends_allowed": true,
"sends_folder": "data/sends",
"show_password_hint": false,
"signups_allowed": false,
"signups_domains_whitelist": "",
"signups_verify": false,
"signups_verify_resend_limit": 6,
"signups_verify_resend_time": 3600,
"smtp_accept_invalid_certs": false,
"smtp_accept_invalid_hostnames": false,
"smtp_auth_mechanism": null,
"smtp_debug": false,
"smtp_embed_images": true,
"smtp_explicit_tls": null,
"smtp_from": "***************************",
"smtp_from_name": "**********************************",
"smtp_host": "***********************************************",
"smtp_password": null,
"smtp_port": 25,
"smtp_security": "starttls",
"smtp_ssl": null,
"smtp_timeout": 15,
"smtp_username": null,
"templates_folder": "data/templates",
"tmp_folder": "data/tmp",
"trash_auto_delete_days": null,
"trash_purge_schedule": "0 5 0 * * *",
"use_sendmail": false,
"use_syslog": false,
"user_attachment_limit": null,
"user_send_limit": null,
"web_vault_enabled": true,
"web_vault_folder": "web-vault/",
"websocket_address": "0.0.0.0",
"websocket_enabled": false,
"websocket_port": 3012,
"yubico_client_id": null,
"yubico_secret_key": null,
"yubico_server": null
}
from vaultwarden.
So, what i see here is what i described in my previous post. You changed your personal member account to a user level. Users are not allowed to create collections, which is why you see that message.
If you have a special admin user to manage the organization, you need to use that user to make those changes.
Else, give your personal member account manager rights, which is the least privileged level, but that is still able to create collections.
Vaultwarden does a valid and correct check for these privileges and that is why you get that message.
Since we are not able to reproduce this without actually braking it in a way it should be broken, and your description too me seems that this was also the case I'm going to close this issue.
The solution is to make sure you granted the organization member the correct permission level to allow these actions.
from vaultwarden.
So, what i see here is what i described in my previous post. You changed your personal member account to a user level. Users are not allowed to create collections, which is why you see that message.
If you have a special admin user to manage the organization, you need to use that user to make those changes. Else, give your personal member account manager rights, which is the least privileged level, but that is still able to create collections.
Vaultwarden does a valid and correct check for these privileges and that is why you get that message. Since we are not able to reproduce this without actually braking it in a way it should be broken, and your description too me seems that this was also the case I'm going to close this issue.
The solution is to make sure you granted the organization member the correct permission level to allow these actions.
But, even when I set my peronal account back to owner, as described above, I get this error. In testing it works fine.
from vaultwarden.
I now "fixed" the issue by removing my aacount from the vault an re-add it again.
from vaultwarden.
Related Issues (20)
- Feature Request: User-based Permissions for βSendβ Feature HOT 1
- Mobile Push Notification registration returns HTTP 405 for EU data region HOT 11
- User invite from server administration is not working HOT 4
- Invalid Refresh Token HOT 1
- Error running migrations: QueryError(DieselMigrationName HOT 1
- WEB_VAULT_ENABLED can not be changed from ENV_FILE, but it is implied that it can be
- Warm users about access key leakage in access logs HOT 4
- v2024.5.0 doesn't allow one to enroll in account recovery HOT 3
- Missing Icons HOT 4
- Cannot re-send invitation to organisation when invitations_allowed==false HOT 2
- Import errors with KeePass 1.0 CSV
- Does not compile with rust 1.79 HOT 2
- DB schema: Foreign keys invalid
- Biometrics error while using Passkeys HOT 25
- Cannot Login Using Bitwarden Mobile Native HOT 11
- Convoluted cloudflare tunnel instructions (No insult intended just curious). HOT 2
- Account name not appearing when using a passkey on Android HOT 3
- Chrome extension fails CORS due to missing origin HOT 1
- <USERNAME> tag required in regex in fail2ban setup docs
- Creation, edits and delete of entries slow 5+ seconds each HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vaultwarden.