2FA Failing when Opening Web Vault

[kmwoley]

Setup:
Running the latest docker image (version 2.8.0 reported by the web ui)
I have my account successfully setup using 2FA with a Yubikey NFC 5.

Previously:
I've successfully logged in using 2FA on both mobile (iPhone) and via the webvault. I believe the error has started after I've updated to the most recent docker image.

Error:
Now, when I attempt to log in I get "An error has occurred. An unexpected error has occurred." error in the UI, and the error logs show the errors below).

[2019-02-28 08:04:57][rocket::rocket][INFO] POST /api/accounts/prelogin application/json; charset=utf-8:
[2019-02-28 08:04:57][_][INFO] Matched: POST /api/accounts/prelogin (prelogin)
[2019-02-28 08:04:57][_][INFO] Outcome: Success
[2019-02-28 08:04:57][_][INFO] Response succeeded.
[2019-02-28 08:04:57][rocket::rocket][INFO] POST /identity/connect/token application/x-www-form-urlencoded; charset=utf-8:
[2019-02-28 08:04:57][_][INFO] Matched: POST /identity/connect/token (login)
[2019-02-28 08:04:57][bitwarden_rs::error][ERROR] JsonError. {"TwoFactorProviders":[3],"TwoFactorProviders2":{"3":{"Nfc":true}},"error":"invalid_grant","error_description":"Two factor required."}
[2019-02-28 08:04:57][_][INFO] Outcome: Success
[2019-02-28 08:04:57][_][INFO] Response succeeded.
[2019-02-28 08:05:06][rocket::rocket][INFO] POST /identity/connect/token application/x-www-form-urlencoded; charset=utf-8:
[2019-02-28 08:05:06][_][INFO] Matched: POST /identity/connect/token (login)
thread '<unnamed>' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 11, kind: WouldBlock, message: "Resource temporarily unavailable" }', src/libcore/result.rs:997:5
thread '<unnamed>' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 11, kind: WouldBlock, message: "Resource temporarily unavailable" }', src/libcore/result.rs:997:5
thread 'main' panicked at 'internal error: entered unreachable code: the call to `handle_threads` should block on success', /usr/local/cargo/registry/src/github.aaakk.us.kg-1ecc6299db9ec823/rocket-0.4.0/src/rocket.rs:725:13

[kmwoley]

Something deeper is going on; I attempted to restart the docker container and it will no-longer start with the following (similar) error:

[2019-02-28 08:05:06][rocket::rocket][INFO] POST /identity/connect/token application/x-www-form-urlencoded; charset=utf-8:
[2019-02-28 08:05:06][_][INFO] Matched: POST /identity/connect/token (login)
thread '<unnamed>' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 11, kind: WouldBlock, message: "Resource temporarily unavailable" }', src/libcore/result.rs:997:5
thread '<unnamed>' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 11, kind: WouldBlock, message: "Resource temporarily unavailable" }', src/libcore/result.rs:997:5
thread 'main' panicked at 'internal error: entered unreachable code: the call to `handle_threads` should block on success', /usr/local/cargo/registry/src/github.aaakk.us.kg-1ecc6299db9ec823/rocket-0.4.0/src/rocket.rs:725:13

[dani-garcia]

This error seems to be coming from the Rocket web server, when attempting to start. It shouldn't be because any change we made, I don't think.

Did you make any changes to the docker container networking? Maybe you are trying to bind the port to one that's already bound to another container or something like that? Or maybe you have multiple instances of bitwarden_rs running?

[mprasil]

Do you use --net host or something similar in your docker run by any chance @kmwoley? Normally the application runs in its own network namespace, so already used port is kinda strange.

[kmwoley]

I suspect this is due to my docker network config, too. I found a change in my host OS that may be causing it. Let’s close out this issue as I also think it’s not a bitwarden_rs isssue. I’ll reopen/comment on it if I can prove otherwise. Thanks!

…

On Fri, Mar 1, 2019 at 2:41 AM mprasil ***@***.***> wrote: Do you use --net host or something similar in your docker run by any chance @kmwoley <https://github.com/kmwoley>? Normally the application runs in its own network namespace, so already used port is kinda strange. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#420 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AF1jeOQbSnXADYrlaBE90JFgc13QeuVVks5vSQPpgaJpZM4bXLf-> .

[kmwoley]

Confirmed. This had nothing to do with bitwarden_rs. Sorry for the noise.

[bronco21016]

Sorry to bring this back. How did you solve it? I’m getting the exact same error messages when trying to setup a Yubikey on Bitwarden_RS pulled from Archlinux AUR.

[kmwoley]

@bronco21016 IIRC, my host OS had made a bad upgrade to Docker that screwed up MACVLAN. Networking was the source of my issue. I rolled back my OS version and solved it, reported it to the OS maintainers, and it got fixed.

[bronco21016]

@kmwoley It seems I’m having a network issue as well but can’t quite trace it down. Shouldn’t be related to Docker though as I’m not using Docker. Seems more related to my Apache reverse proxy. Oh well. I’ll post something separate to see if I can get some help. Thanks again!