Android push_token field is empty

[thefiredragon]

Subject of the issue

I followed up the wiki to enable push notifications.
Over web I can confirm that websocket is still working:

Request Method:
GET
Status Code:
101 Switching Protocols

• delete cache and appdata should enbale push notification on mobile devices
  but im running into the issue push_token is empty

➜  vaultwarden tail -f data/vaultwarden.log
[2024-01-31 14:41:14.789][error][ERROR] 2FA token not provided
[2024-01-31 14:41:31.546][vaultwarden::api::push][WARN] Skipping the registration of the device cb65103a-e43d-4e9a-aa0e-e8a4a144ffe8 because the push_token field is empty.
[2024-01-31 14:41:31.546][vaultwarden::api::push][WARN] To get rid of this message you need to clear the app data and reconnect the device.

Deployment environment

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.30.2
• Web-vault version: v2024.1.2
• OS/Arch: linux/x86_64
• Running within Docker: true (Base: Debian)
• Environment settings overridden: true
• Uses a reverse proxy: true
• IP Header check: true (X-Real-IP)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• Browser/Server Time Check: true
• Server/NTP Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Database type: SQLite
• Database version: 3.44.0
• Clients used:
• Reverse proxy and version:
• Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, INVITATIONS_ALLOWED, ADMIN_TOKEN, SMTP_HOST, SMTP_SECURITY, SMTP_PORT, SMTP_FROM, SMTP_FROM_NAME, SMTP_USERNAME, SMTP_PASSWORD

json
{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_smtp_img_src": "cid:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://***********************",
  "domain_origin": "*****://***********************",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "fido2-vault-credentials",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": "/data/vaultwarden.log",
  "log_level": "warn",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": true,
  "push_identity_uri": "https://identity.bitwarden.eu",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.eu",
  "reload_templates": false,
  "require_device_email": true,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "***********************",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "************************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "***********************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

• vaultwarden version: 1.30.2

• Install method: Docker image

• Clients used: Android

• Reverse proxy and version: nginx latest debian

Steps to reproduce

Enable push notification like described at the wiki
Try to reconnect an android client

Expected behaviour

push_token should be provided

Actual behaviour

no push token is given

[stefan0xC]

delete cache and appdata should enbale push notification on mobile devices
but im running into the issue push_token is empty

Ah, I think the problem is that we try to register on login before the device token is saved, so this warning will be shown even on successful registrations. Can you check the database if the fields really are empty?

SELECT push_uuid, push_token FROM devices WHERE uuid = 'cb65103a-e43d-4e9a-aa0e-e8a4a144ffe8';`

[thefiredragon]

It's not empty:

➜  data sqlite3 db.sqlite3 
SQLite version 3.40.1 2022-12-28 14:03:47
Enter ".help" for usage hints.
sqlite> SELECT push_uuid, push_token FROM devices WHERE uuid = 'cb65103a-e43d-4e9a-aa0e-e8a4a144ffe8';
49c117c6-05f4-489a-ac89-64ae3305cbaf|ebYf9betRU2sTZj5kgZ3do:APA91bH82q7WNvZcvGLBwH3T6avsOwBE45eu-tN_WmFcYOzBDY-QLR_ezWNqGRdRDNxaFi2WkSMMJJeoWKyC2DkRxBUixd_Vj6G8W84G5dXEu8RAGKNzgm4LmTGPyVGi21uR02aWOpHA
sqlite> 

[BlackDex]

@stefan0xC, any ideas on how to fix this?
Do we need to have a quick fix and release a 1.30.3?

[stefan0xC]

Not really. We could remove the warnings?

[BlackDex]

Only if that warning is false. Else it is good i think.

I really need to start working on my admin updates again, that would also help.

[thefiredragon]

Removing the warning would not solve the problem that push notifications will work or?
I could test it if it's related to 2fa email

[stefan0xC]

Only if that warning is false. Else it is good i think.

It's not false per se but misleading because I was not taking the order of operations in account but only thinking about users that connected a device previously to #3792 and not the common case.

Currently, if push notifications are setup a new device will

1. on succesful login try to register, see that there is no push_token and print that warning.
2. only afterwards (and only on the first successful connection of the device) it will save the token and also register the device token.
3. henceforth the warning will not be shown.

[stefan0xC]

Oh, looking at the code, I think we can simply fix this by not calling the register_push_device() fn when new_device is true.

vaultwarden/src/api/identity.rs

Line 251 in ad1d65b

let (mut device, new_device) = get_device(&data, conn, &user).await;

[stefan0xC]

Now we just need to test the fix.
edit: the warning is not displayed wrongly anymore. 🎉

[stefan0xC]

Removing the warning would not solve the problem that push notifications will work or? I could test it if it's related to 2fa email

Push notifications should work (they do on my test system). If they still don't on yours even though the push_token has been added to the database then there's something else wrong with your setup.

You can test if the push notifications work by adding/renaming a folder in the web-vault and see if the change is auto-synchronized to the android app after a few seconds.

[DynamoFox]

Hello, I seem to be in the same situation, that is, I see the warning when I make the first login with my Android phone running Bitwarden from the Play Store.
Note: I didn't check whether the push_token was eventually added to the database.

You can test if the push notifications work by adding/renaming a folder in the web-vault and see if the change is auto-synchronized to the android app after a few seconds.

Oh, am I supposed to see some log lines to indicate this push activity as well? (Other than that warning)

I did try to add a folder and a note from the web interface, however they didn't automatically replicate to the Bitwarden app that was open in front of me on my phone.
The changes were only reflected once I dragged down my finger to trigger the manual refresh gesture.

Note: I run Archlinux's vaultwarden package (1.30.2-1) and the push stuff is configured to use the *bitwarden.eu servers.

[stefan0xC]

Oh, am I supposed to see some log lines to indicate this push activity as well? (Other than that warning)

Not with LOG_LEVEL=warn (like OP). I think you need to set it to debug to see logs related to push notifications.

[karazonanas]

I started to get this error since I changed the notification server from .com to .eu with the last update
does anyone else have the same problem?

[BlackDex]

If you switched, you also need to get new keys. And i think you should deregister your mobile devices, fully logout, clear data, and login again. Else they are probably not registered at the eu servers.

[thefiredragon]

Okay I had tested everthing and it's working fine,
thank you for your great project here. :)