Can't create accounts

My goal is to set up a password safe service at home for the family. I am trying the latest Bitwarden_RS Docker image on an ARMv7-based computer, an Odroid C1+ running Ubuntu 16.

My problem is that I can’t create accounts. While I successfully configured the mail server (Postfix running on the same Odroid) and can send a test email, the Submit button on the Create Account page has no effect. By this I mean that nothing appears in the container log (log level is set to Debug in config.json), nothing in the mail log, and I even trace traffic on the docker0 bridge, where nothing happens either. The Submit button seems to be fake. The Cancel button works and brings me back to the login page.

When I try to login with a non-existing user, I get the message “This browser requires HTTPS to use the web vault; Check the bitwarden_rs wiki for details on how to enable it”. I wonder if this is related to my problem?

The relevant settings are: Allow new signups TRUE, Require email verification on signups FALSE, Allow invitations TRUE.

Thus my questions:

  1. How can I troubleshoot the non-working Submit button?
  2. Are there other methods of adding users to the Bitwarden service? After all, I don’t plan to make that service public and don’t require self-service sign-ups.

I am in the same situation as you (a Bitwarden system for family).

I cannot discuss the mail registration part but I add the members through https://bitwarden.my.domain/admin. It requires an admin token set in the docker-compose.yml file (or -e if you start manually).

You then get access to a web interface where you can add users:

As for HTTPS I do not know either, I access the Bitwarden container though a reverse proxy based on caddy (there is an instruction on how to configure it in the Botwarden wiki), this automatically takes care of the HTTPS part (Caddy is a fantastic web server - that I run in a docker container as well to easily proxify all my web containers).

I think however that you should enable HTTPS as it may interfere with web browser extensions (that may expect to hot a https:// address)

Thanks! I had seen the admin users page, but I don’t see where users are added. Is there a button somewhere that I missed?

I did notice that I can invite users. That works, but when I click on the link in the invitation email, again I have the choice to log on or create an account. I.e. same as before.

Since it was some time I created users, I did the whole path again, screenshots are below. Sorry if this is obvious and I missed something in your question.

I went to the admin page and invited a new user via their email (the button is at the very bottom of the page). That user received an email

After clicking the Join … they are redirected to the Bitwarden server:

image

Here they choose “Create Account”

After Submit, they are immediately redirected to the login page (with their login filled in)

Now when I go back to the admin page and hit “reload users” (a button down right) I now see that the new user (which then needs to be added to the right group etc.)

Sorry, I missed that part in your question. This is indeed surprising as in my case the Submit button brings me to the login page.

Do you have any ad blockers? I found that sometimes they block some JS libs that are used when submitting some pages (this is a far fetched shot but I cannot think of anything else)

Thank you. Your remark about ad blockers made me try other browsers. Some work, some don’t: Success with Safari and Firefox on an ipad, Firefox on Fedora. Failure with the browsers I tried on Android (Chrome and Firefox) as well as Windows (Firefox, Vivaldi, Chrome).

So the problem lies somewhere in the Bitwarden RS code and the way certain browser/OS combinations communicate with the server. Not knowing too much about client-side programming, this will be a hard one for me to troubleshoot. I definitely want to use the password vault with Android phones and Windows PCs. Perhaps I will raise an issue on Github.

Again thanks, you put me on the right track.

Below a more detailed description of the problem.

Yes, the problem is that the Submit button in the Create Account page doesn’t work. There is a subtle reaction, though: When I click the button, it changes its frame, and after 30 seconds or a minute the frame reverts to its original form:

buttons

That is the only reaction I get. And the new account is not created. As I said, the Cancel button closes the Create Account dialog as expected.

When I use one of the browsers that work, the button’s frame changes as well, for a fraction of a second, before I get the message that the account has been created.

HTTPS is required, as stated in the error message.

I use BW on Windows 10 (Chrome, FF) and Android phones.

Can you try in Chrome to right-click on the Submit button (before clicking on it) and choose Inspect? In the new window you will see a Console tab.

Then press Submit and see if there are any error messages.

It may indeed be https and how some browsers are lax on its use. You will need it anyway to expose BW. Si it is worth seeing up.

The Caddy way (with caddy in a docker container) was the simplest for me (I used apache before and it was a nightmare compared to caddy). I also use it as a proxy to all my web based containers.

Ah, great feedback. Indeed: Plenty of CSS-related errors when displaying the Account Creation page. When I hit the Submit button, I get what looks like a stack trace, in red. This is Firefox 83.0 on Windows.

Chrome also produces a stacktrace. The precise error message is different, but looks similar (a null pointer in a promise).

No errors at all using Firefox 66.0.4 on Fedora 28. The account is created without https.

Perhaps the meaning of the errors is obvious to the experts. I am listing them here. First Chrome Version 86.0.4240.198 (Official Build) (64-bit):

core.js:4127 ERROR Error: Uncaught (in promise): TypeError: Cannot read property 'importKey' of null
TypeError: Cannot read property 'importKey' of null
    at e.<anonymous> (webCryptoFunction.service.ts:47)
    at main.cd3fdd91e1a63cf3ead5.js:1
    at Object.next (main.cd3fdd91e1a63cf3ead5.js:1)
    at main.cd3fdd91e1a63cf3ead5.js:1
    at new t (zone.js:913)
    at r (main.cd3fdd91e1a63cf3ead5.js:1)
    at e.pbkdf2 (main.cd3fdd91e1a63cf3ead5.js:1)
    at e.<anonymous> (crypto.service.ts:315)
    at main.cd3fdd91e1a63cf3ead5.js:1
    at Object.next (main.cd3fdd91e1a63cf3ead5.js:1)
    at w (zone.js:832)
    at zone.js:739
    at s (main.cd3fdd91e1a63cf3ead5.js:1)
    at t.invoke (zone.js:386)
    at Object.onInvoke (core.js:28144)
    at t.invoke (zone.js:385)
    at e.run (zone.js:143)
    at zone.js:891
    at t.invokeTask (zone.js:421)
    at Object.onInvokeTask (core.js:28132)

Then Firefox 83.0:

ERROR Error: Uncaught (in promise): TypeError: this.subtle is null
l</e.prototype.pbkdf2/</<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:2304449
s/</<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:2303469
s/<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:2303574
r</<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:2302486
t@http://192.168.1.16:8080/app/polyfills.cd3fdd91e1a63cf3ead5.js:21:2940
r<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:2302231
l</e.prototype.pbkdf2@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:2304036
w</e.prototype.makeKey/</<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:1826308
s/</<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:1819193
s/<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:1819298
o</<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:1818210
t@http://192.168.1.16:8080/app/polyfills.cd3fdd91e1a63cf3ead5.js:21:2940
o<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:1817955
w</e.prototype.makeKey@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:1826040
l</e.prototype.submit/</<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:2015669
s/</<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:2012822
s/<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:2012927
r</<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:2011839
t@http://192.168.1.16:8080/app/polyfills.cd3fdd91e1a63cf3ead5.js:21:2940
r<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:2011584
l</e.prototype.submit@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:2014179
$</t.prototype.submit/</<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:807463
s/</<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:796778
s/<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:796883
o</<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:795795
t@http://192.168.1.16:8080/app/polyfills.cd3fdd91e1a63cf3ead5.js:21:2940
o<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:795540
$</t.prototype.submit@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:807202
template/<@http://192.168.1.16:8080/app/main.cd3fdd91e1a63cf3ead5.js:1:810586
vu@http://192.168.1.16:8080/app/vendor.cd3fdd91e1a63cf3ead5.js:668:1432
i@http://192.168.1.16:8080/app/vendor.cd3fdd91e1a63cf3ead5.js:668:1596
cy</t.prototype.subscribe/a<@http://192.168.1.16:8080/app/vendor.cd3fdd91e1a63cf3ead5.js:990:710
d</t.prototype.__tryOrUnsub@http://192.168.1.16:8080/app/vendor.cd3fdd91e1a63cf3ead5.js:1746:3251
d</t.prototype.next@http://192.168.1.16:8080/app/vendor.cd3fdd91e1a63cf3ead5.js:1746:2396
u</t.prototype._next@http://192.168.1.16:8080/app/vendor.cd3fdd91e1a63cf3ead5.js:1746:1472
u</t.prototype.next@http://192.168.1.16:8080/app/vendor.cd3fdd91e1a63cf3ead5.js:1746:1143
d</t.prototype.next@http://192.168.1.16:8080/app/vendor.cd3fdd91e1a63cf3ead5.js:1920:40538
cy</t.prototype.emit@http://192.168.1.16:8080/app/vendor.cd3fdd91e1a63cf3ead5.js:990:174
Ee</t.prototype.onSubmit@http://192.168.1.16:8080/app/vendor.cd3fdd91e1a63cf3ead5.js:1724:18506
hostBindings/<@http://192.168.1.16:8080/app/vendor.cd3fdd91e1a63cf3ead5.js:1724:19562
vu@http://192.168.1.16:8080/app/vendor.cd3fdd91e1a63cf3ead5.js:668:1432
i@http://192.168.1.16:8080/app/vendor.cd3fdd91e1a63cf3ead5.js:668:1596
P/<@http://192.168.1.16:8080/app/vendor.cd3fdd91e1a63cf3ead5.js:1850:3655
o/</f</t.prototype.invokeTask@http://192.168.1.16:8080/app/polyfills.cd3fdd91e1a63cf3ead5.js:13:7859
onInvokeTask@http://192.168.1.16:8080/app/vendor.cd3fdd91e1a63cf3ead5.js:1076:1594
o/</f</t.prototype.invokeTask@http://192.168.1.16:8080/app/polyfills.cd3fdd91e1a63cf3ead5.js:13:7780
o/</u</e.prototype.runTask@http://192.168.1.16:8080/app/polyfills.cd3fdd91e1a63cf3ead5.js:13:2934
o/</l</e.invokeTask@http://192.168.1.16:8080/app/polyfills.cd3fdd91e1a63cf3ead5.js:13:9015
p@http://192.168.1.16:8080/app/polyfills.cd3fdd91e1a63cf3ead5.js:44:734
h@http://192.168.1.16:8080/app/polyfills.cd3fdd91e1a63cf3ead5.js:44:980
    Angular 2
        w
        m
    s main.cd3fdd91e1a63cf3ead5.js:1
    Angular 13
        invoke
        onInvoke
        invoke
        run
        E
        invokeTask
        onInvokeTask
        invokeTask
        runTask
        b
        invokeTask
        p
        h

I have already started looking at Caddy and will try to set it up.

Let me know if you have problems, I can try to help with that (I tried pretty much everything when it comes to reverse proxies in docker and settled up with caddy)

Very kind, WpJ. I will try it the hard way first, as I have little experience with implementing https and want to learn. Let’s see how far I go.
And I found this paragraph in the Github repo’s Readme:

IMPORTANT : Some web browsers, like Chrome, disallow the use of Web Crypto APIs in insecure contexts. In this case, you might get an error like Cannot read property 'importKey' . To solve this problem, you need to access the web vault from HTTPS.

Should have looked at that more closely.