[SOLVED] "error saving twofactor"?

Help
1

Hi all,

I am getting an “error saving twofactor” when I try to log into my selfhosted Vaultwarden instance (installed via DietPi) after inserting the verification code.
The instance has been working well for months, but suddenly I am logged out of all clients (browser extension, phone, selfhosted webentry), asking to login again, and on all clients the same error.

It does seem that the verification code provider (in my case Google Authenticator) is working well as any other code outside the required time window results in a ‘invalid TOTP code message’ as expected.

I think I do know what may have caused this as I have taken a peek this morning into the sqlite dbase using the Linux desktop application ‘DB Browser for Sqlite’. I do not think I have made any changes, but may have inadvertently done so. Possibly a question of rights management with respect to the database (owner = “vaultwarden”; group = “vaultwarden”, which is as other files in that folder however)?

  • Can this be corrected easily?
  • Can I override 2FA by a change in the database perhaps?
    Any help is appreciated.

Edit: I tried to remove 2FA via the admin panel and also get a similar error message via that route: ¨Error removing 2FA undefined¨

Edit: Indeed turns out to be a permission issue. Both the shm and wal file of the db were owned by root. Changed that (back) to vaultwarden, and problem solved.

My support string is as follows:

### Your environment (Generated via diagnostics page)
* Vaultwarden version: v
* Web-vault version: v2.20.4b
* Running within Docker: false
* Environment settings overridden: false
* Uses a reverse proxy: false
* Internet access: true
* Internet access via a proxy: false
* DNS Check: true
* Time Check: true
* Domain Configuration Check: false
* HTTPS Check: false
* Database type: SQLite
* Database version: 3.35.4
* Clients used: 
* Reverse proxy and version: 
* Other relevant information: 

### Config (Generated via diagnostics page)
<details><summary>Show Running Config</summary>

**Environment settings which are overridden:** 


```json
{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "/mnt/dietpi_userdata/vaultwarden/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "/mnt/dietpi_userdata/vaultwarden",
  "database_max_conns": 10,
  "database_url": "/***/***************/***********/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "****://*********",
  "domain_origin": "****://*********",
  "domain_path": "",
  "domain_set": false,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "/mnt/dietpi_userdata/vaultwarden/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "org_attachment_limit": null,
  "org_creation_users": "",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "/mnt/dietpi_userdata/vaultwarden/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "/mnt/dietpi_userdata/vaultwarden/sends",
  "show_password_hint": true,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_explicit_tls": false,
  "smtp_from": "",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": null,
  "smtp_password": null,
  "smtp_port": 587,
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": null,
  "templates_folder": "/mnt/dietpi_userdata/vaultwarden/templates",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": false,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}