More authrequest fixes #848

New Issue

MrUnknownDE · 2026-04-06T00:01:31+02:00

MrUnknownDE commented

2026-04-06 00:01:31 +02:00

Originally created by @dani-garcia on 11/11/2024

We were checking the user uuid against the authrequest uuid, which would always fail and error out.

Fixes https://github.com/dani-garcia/vaultwarden/issues/5174

I've also noticed that we were rotating the user password hash when login in with auth request (where instead of the password, a randomly generated access code is used), this could lead to inoperable accounts.

Also tried to delete the auth requests after they were used or denied, rather than waiting for the timer to clear them up.

*Originally created by @dani-garcia on 11/11/2024* We were checking the user uuid against the authrequest uuid, which would always fail and error out. Fixes https://github.com/dani-garcia/vaultwarden/issues/5174 I've also noticed that we were rotating the user password hash when login in with auth request (where instead of the password, a randomly generated access code is used), this could lead to inoperable accounts. Also tried to delete the auth requests after they were used or denied, rather than waiting for the timer to clear them up.

MrUnknownDE closed this issue

2026-04-06 00:01:31 +02:00

Sign in to join this conversation.

No Label

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#848