Org Managers unable to manage collections

[schewara]

Manager gets logged out when trying to manage collections

This is still the same behavior as reported in -> #1136

Deployment environment

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.23.1
• Web-vault version: v2.25.0
• Running within Docker: true (Base: Debian)
• Environment settings overridden: false
• Uses a reverse proxy: true
• IP Header check: true (X-Real-IP)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Database type: PostgreSQL
• Database version: PostgreSQL 13.4 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 8.4.1 20200928 (Red Hat 8.4.1-1), 64-bit
• Clients used: Web
• Reverse proxy and version: Traefik
• Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden:

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_max_conns": 10,
  "database_url": "**********://********:**************************************@*********/********",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*********.***.************.***",
  "domain_origin": "*****://*********.***.*************.***",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 5 * * * *",
  "emergency_request_timeout_schedule": "0 5 * * * *",
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "org_attachment_limit": null,
  "org_creation_users": "********@************.***",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": "Login",
  "smtp_debug": false,
  "smtp_explicit_tls": true,
  "smtp_from": "******@********.***",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "****.*****.**",
  "smtp_password": "***",
  "smtp_port": 465,
  "smtp_ssl": false,
  "smtp_timeout": 15,
  "smtp_username": "******@*********.***",
  "templates_folder": "data/templates",
  "trash_auto_delete_days": 30,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Steps to reproduce

In the Organization click on manage

Expected behaviour

1. to not be logged out on an 401 Error
2. be able to manage a collection

Actual behaviour

Logged out with 'session expired'

Troubleshooting data

vaultwarden    | [2021-12-15 15:52:49.605][request][INFO] GET /api/collections
vaultwarden    | [2021-12-15 15:52:49.607][response][INFO] GET /api/collections (get_user_collections) => 200 OK
vaultwarden    | [2021-12-15 15:52:49.642][request][INFO] GET /api/organizations/0a42173c-0994-4e1f-9112-a626cf6df217/collections
vaultwarden    | [2021-12-15 15:52:49.643][auth][ERROR] Unauthorized Error: You need to be Admin or Owner to call this endpoint
vaultwarden    | [2021-12-15 15:52:49.643][response][INFO] GET /api/organizations/<org_id>/collections (get_org_collections) => 401 Unauthorized

[BlackDex]

Confirmed.