WARN log messages when accessing the admin page

kennymc.c · March 31, 2023, 5:12pm

Since the last update to 1.28.0 I have noticed the following warning message in the log of Vaultwarden whenever I access the admin page or log out of it:

[2023-03-31 19:04:06.058][rocket::server::_][WARN] Responding with registered (admin_login) /admin 401 catcher.

However, I have no problems with the actual login. What is the reason for these messages?

stefan0xC · April 1, 2023, 6:20am

From which version did you update? Because this change was already part of the 1.27.0 release.

In order to implement the redirection to the login page (i.e. for other pages in the admin panel like opening /admin/organizations/overview) we switched from Rocket’s forwarding mechanism to explicit error catching:

github.com/dani-garcia/vaultwarden

redirect to admin login page when forward fails

dani-garcia:main ← stefan0xC:forward-to-admin-login

opened 11:47AM - 02 Nov 22 UTC

stefan0xC

+57 -53

Currently, if the admin guard fails the user will get a 404 page instead of bein…g forwarded to the login page. This change addresses issues like #2880 and #2883 by implementing a default forward catcher for all admin pages so this comment is correct: https://github.com/dani-garcia/vaultwarden/blob/f60a6929a9a289bd39c38eeb793ebf54c4d88199/src/api/admin.rs#L656

So now the server checks if you are authorized already and displays the login page (with the information which page you tried to open) in case you are not.

#[catch(401)]
fn admin_login(request: &Request<'_>) -> ApiResult<Html<String>> {
    if request.format() == Some(&MediaType::JSON) {
        err_code!("Authorization failed.", Status::Unauthorized.code);
    }
    let redirect = request.segments::<std::path::PathBuf>(0..).unwrap_or_default().display().to_string();
    render_admin_login(None, Some(redirect))
}

Without that we would have needed to either implement a fallback like this for each path so the forwarding would work:.

#[get("/", rank = 2)]
fn admin_login() -> ApiResult<Html<String>> {
    render_admin_login(None)
}

Or to handle the logic for non-existent paths ourselves (if we didn’t want to get rid of missing paths / 404 errors under /admin)

kennymc.c · April 1, 2023, 1:01pm

Perhaps I have not noticed it until now. Can the message then be ignored? Since they appear as a warning, I was wondering if I need to change something in my configuration. I think it is the normal state when visiting the admin page and not logged in.

kennymc.c · April 4, 2023, 5:35pm

Another message that I have noticed:

[2023-04-04 19:32:04.648][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.

ramsesderzweite · April 11, 2023, 5:33am

I updated from version 1.27.x to version 1.28.0 and then to 1.28.1. Just successfully changed the clear text ADMIN_TOKEN to an argon2 based token using the docker command line and the Admin panel. Login works fine, but I also get the following warnings in the vaultwarden log files, when login into the admin interface:

11.04.2023 7:20:53 /--------------------------------------------------------------------
11.04.2023 7:20:53 | Starting Vaultwarden |
11.04.2023 7:20:53 | Version 1.28.1 |
11.04.2023 7:20:53 |--------------------------------------------------------------------|
11.04.2023 7:20:53 | This is an unofficial Bitwarden implementation, DO NOT use the |
11.04.2023 7:20:53 | official channels to report bugs/features, regardless of client. |
11.04.2023 7:20:53 | Send usage/configuration questions or feature requests to: |
11.04.2023 7:20:53 | dani-garcia/vaultwarden · Discussions · GitHub or |
11.04.2023 7:20:53 | https://vaultwarden.discourse.group/ |
11.04.2023 7:20:53 | Report suspected bugs/issues in the software itself at: |
11.04.2023 7:20:53 | Sign in to GitHub · GitHub |
11.04.2023 7:20:53 --------------------------------------------------------------------/
11.04.2023 7:20:53
11.04.2023 7:20:53 [INFO] Using saved config from data/config.json for configuration.
11.04.2023 7:20:53
11.04.2023 7:20:53 [WARNING] The following environment variables are being overriden by the config.json file.
11.04.2023 7:20:53 [WARNING] Please use the admin panel to make changes to them:
11.04.2023 7:20:53 [WARNING] ADMIN_TOKEN
11.04.2023 7:20:53
11.04.2023 7:21:11 [2023-04-11 05:21:11.742][vaultwarden::api::admin::][WARN] Request guard AdminToken failed: “Unauthorized”.
11.04.2023 7:21:11 [2023-04-11 05:21:11.742][rocket::server::][WARN] Responding with registered (admin_login) /admin 401 catcher.
11.04.2023 7:21:11 [2023-04-11 05:21:11.742][vaultwarden::api::admin][ERROR] Authorization failed.
11.04.2023 7:21:13 [2023-04-11 05:21:13.050][vaultwarden::api::admin::][WARN] Request guard AdminToken failed: “Unauthorized”.
11.04.2023 7:21:13 [2023-04-11 05:21:13.050][rocket::server::][WARN] Responding with registered (admin_login) /admin 401 catcher.
11.04.2023 7:24:34 [2023-04-11 05:24:34.654][vaultwarden::api::admin::][WARN] Request guard AdminToken failed: “Unauthorized”.
11.04.2023 7:24:34 [2023-04-11 05:24:34.654][rocket::server::][WARN] Responding with registered (admin_login) /admin 401 catcher.

Is there anything left I need to reconfigure to get rid of these?
Please note: WEBSOCKET_ENABLED=false

Topic		Replies	Views
Vaultwarden 1.25.1 WARN in log Help	3	513	July 20, 2022
Log Files admin page Help	1	320	September 21, 2022
Unable to access the admin page (docker) Help	5	1621	May 14, 2023
Vaultwarden 1.32.6, 1.32.7 error logs using admin dashboard Help	1	99	December 20, 2024
Rocket::server::_ ERROR Help	2	602	April 28, 2023

WARN log messages when accessing the admin page

Related topics