Hello,
I recently installed Bitwarden_RS. If a user has two factor authentication enabled, the login fails from the Android-App and from the Web-Vault. It is not possible to enter a token. The server-time is correct. If the user only has enabled e-mail verification, an e-mail with a code is send.
My environment:
Bitwarden_RS version: 1.15.0-52ed8e4d
Bitwarden Web version: 2.14.0
Install method: Docker image
Reverse proxy: Apache/2.4.38 (Debian Buster)
Relevant logs:
[2020-06-14 20:04:48][request][INFO] POST /api/accounts/prelogin
[2020-06-14 20:04:48][response][INFO] POST /api/accounts/prelogin (prelogin) => 200 OK
[2020-06-14 20:04:48][request][INFO] POST /identity/connect/token
[2020-06-14 20:04:48][error][ERROR] 2FA token not provided
[2020-06-14 20:04:48][response][INFO] POST /identity/connect/token (login) => 400 Bad Request
So what exactly happens when the login fails? Screenshots would be helpful.
Your logs look normal. 2FA login is supposed to return 400 initially, after which the client is supposed to prompt the user for the 2FA token and retry the login.
The message “an unknown error has occurred” is shown.
There is simply no option to enter a token. The same happens with different browsers/devices and in the app.
Thanks
Open the browser dev tools (pressing F12 usually works), then try logging in via the web vault and see if that provides any further insight into what’s going wrong.
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>
Well, that would explain why your apps aren’t prompting for 2FA. You’ll need to share more details of your config then, like probably the reverse proxy, and anything else that might be unusual.
Hi, thanks for your response.
I found the error .
My Reverse Proxy is a Apache2 Webserver, with PHP-FPM. The option ProxyErrorOverride on was enabled for the vHost of the password manager and caused this issue.
So it was an problem with the reverse proxy.
Thanks for helping.