Steps To Reproduce
- Set up a self-hosted bitwarden installation following the docs
- Set up yubikey API key as described in the docs
- Navigate to
/#/settings/security/two-factorin the browser - Click “Manage” button next to “YubiKey OTP security key”
- Confirm your master password
- Click into the “Yubikey 1” field
- Plug in and tap Yubikey 5 NFC.
Expected Result
Yubikey is successfully registered.
Actual Result
The web UI displays a message “An unhandled server error has occured.”
The bitwarden-api docker container logs this:
bitwarden-api | fail: Bit.Api.Utilities.ExceptionHandlerFilterAttribute[0]
bitwarden-api | => SpanId:9ffe420c8ff652fe, TraceId:34ac63f45622168040d77eb944376a58, ParentId:0000000000000000 => ConnectionId:0HN539LLDFS42 => RequestPath:/two-factor/yubikey RequestId:0HN539LLDFS42:00000001 => Bit.Api.Auth.Controllers.TwoFactorController.PutYubiKey (Api)
bitwarden-api | Object reference not set to an instance of an object.
bitwarden-api | System.NullReferenceException: Object reference not set to an instance of an object.
bitwarden-api | at Bit.Core.Auth.Identity.YubicoOtpTokenProvider.ValidateAsync(String purpose, String token, UserManager`1 manager, User user) in /home/runner/work/server/server/src/Core/Auth/Identity/YubicoOtpTokenProvider.cs:line 72
bitwarden-api | at Microsoft.AspNetCore.Identity.UserManager`1.VerifyTwoFactorTokenAsync(TUser user, String tokenProvider, String token)
bitwarden-api | at Bit.Api.Auth.Controllers.TwoFactorController.ValidateYubiKeyAsync(User user, String name, String value) in /home/runner/work/server/server/src/Api/Auth/Controllers/TwoFactorController.cs:line 465
bitwarden-api | at Bit.Api.Auth.Controllers.TwoFactorController.PutYubiKey(UpdateTwoFactorYubicoOtpRequestModel model) in /home/runner/work/server/server/src/Api/Auth/Controllers/TwoFactorController.cs:line 136
bitwarden-api | at lambda_method48(Closure, Object)
bitwarden-api | at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
bitwarden-api | at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Logged|12_1(ControllerActionInvoker invoker)
bitwarden-api | at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
bitwarden-api | at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
bitwarden-api | at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
bitwarden-api | at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
bitwarden-api | at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
Screenshots or Videos
No response
Additional Context
I have verified that I am updated to the latest version. I have obtained a key from Yubico API key signup and configued it according to the docs, and verified that /app-id.json includes my domain name.
Build Version
2024.6.2
Environment
Self-Hosted
Environment Details
- Debian Bookworm
- Docker version 20.10.24+dfsg1, build 297e128
- docker-compose version 1.29.2, build unknown
- Firefox 128.0 on macOS
Issue Tracking Info
- I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn’t use fields like “assigned”, “milestone”, or “project” to track progress.