bitwardentools icon indicating copy to clipboard operation
bitwardentools copied to clipboard

Published 20 hours ago verified publisher icon corpusops

Admin page requests end in NotFounds (vaultwarden)

Open eklipse18 opened this issue 1 year ago • 5 comments

As the title mentions, any function that calls the adminr function always results in a 404 not found, as the request is not properly authenticated. The admin page on vaultwarden uses cookies to authenticate the admin, but the adminr function does not do so. I wrote a quick fix for this problem:

    res = requests.post(
        f'{self.server}/admin',
        data=f'token={admin_password}',
        headers={
            "content-type": "application/x-www-form-urlencoded"
        },
        allow_redirects=False
    )

    headers = {
        'cookie': res.headers.get('set-cookie')
    }

We then need to pass these headers into the call.

One problem with this approach is timeouts, requesting too many tokens very quickly leads to a timeout, which I think can be fixed by only updating the cookie if the request is a 404 and then retrying the request.

eklipse18 avatar Sep 29 '22 15:09 eklipse18

Also a small request, is it possible for me to submit this as a pull request in October? It will help me progress in Hacktoberfest.

eklipse18 avatar Sep 29 '22 15:09 eklipse18

Also while I'm at it, I think you could also add an invite_user method. It's a POST admin request at /admin/invite if you want to just invite them for account creation and a POST request at /api/organizations/<org id>/users/invite for invitation to a specific organization

eklipse18 avatar Sep 29 '22 19:09 eklipse18

Feel free to open PR for both but for part 1; im a bit surprised, basicauth is just working here to send requests to /admin. Are you using really using vaultwarden and which version?

For the invitation, i see you may not have noticed the add_user_to_organization method which only covers the "org invite" part. So you can add another method to handle the "whole instance" invitation use case.

kiorky avatar Oct 07 '22 10:10 kiorky

For the first bit, I'm using vaultwarden version 2022.6.2. I did a bit of tinkering in DevTools which is how I found that it authenticates using cookies and not basicauth. For the invite function, I didn't see theadd_user_to_organization method in the documentation over here.

eklipse18 avatar Oct 07 '22 17:10 eklipse18

I did a bit of tinkering in DevTools which is how I found that it authenticates using cookies and not basicauth

normally both are supported.

kiorky avatar Oct 07 '22 19:10 kiorky