email address not supporting international domain names #1596

New issue

Closed

opened 2026-02-20 08:11:09 -05:00 by deekerman · 8 comments

deekerman commented 2026-02-20 08:11:09 -05:00

Owner

Copy link

Originally created by @Sasaxxxx on GitHub (May 7, 2023).

Subject of the issue

Problem starts when using international domain names. fx. xxxx@xn--gr-wla37a.com (xxxx@gršć.com)
When user account is created using xxxx@gršć.com (in version of VaultWarden 1.25.2), now VaultWarden v- 1.28.1 do not support this email address.
When this email address is typed in the VaultWarden Web Vault, Error message is shown: " Input is not an email address."

Deployment environment

Error message: "Generation Failed"

• vaultwarden version: 1. 28.1

• Install method: Docker on Synology server

• Clients used:

• WebVault, desktop, IOS

• Reverse proxy and version:

• MySQL/MariaDB or PostgreSQL version:

• Other relevant details:

Steps to reproduce

1. account created with username/email: xxxx@gršć.com (v.1.25.1)
   2.. version updated to 1.28.1
2. IOS app updated, desktop app updated, edge extension updated (since release of 1.25.1)
3. now when user name/email: xxxx@@gršć.com is used, it is been converted to xxxx@xn--gr-wla37a.com causing error message in WebVault: " Input is not an email address." or in case of App's, no login possible.

Expected behaviour

1. when xxxx@gršć.com international domain name is used to create account, domain in account name should not be automatically converted to xxxx@xn--gr-wla37a.com.

Actual behaviour

1. LogIn on VaultWarden Web Vault. Email: xxxx@@gršć.com
2. error message: "Input is not an email address."

Troubleshooting data

Originally created by @Sasaxxxx on GitHub (May 7, 2023). <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue Problem starts when using international domain names. fx. xxxx@xn--gr-wla37a.com (xxxx@gršć.com) When user account is created using xxxx@gršć.com (in version of VaultWarden 1.25.2), now VaultWarden v- 1.28.1 do not support this email address. When this email address is typed in the VaultWarden Web Vault, Error message is shown: " Input is not an email address." ### Deployment environment <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> Error message: "Generation Failed" <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> * vaultwarden version: 1. 28.1 <!-- How the server was installed: Docker image, OS package, built from source, etc. --> * Install method: Docker on Synology server * Clients used: <!-- web vault, desktop, Android, iOS, etc. (if applicable) --> * WebVault, desktop, IOS * Reverse proxy and version: <!-- if applicable --> * MySQL/MariaDB or PostgreSQL version: <!-- if applicable --> * Other relevant details: ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> 1. account created with username/email: xxxx@gršć.com (v.1.25.1) 2.. version updated to 1.28.1 3. IOS app updated, desktop app updated, edge extension updated (since release of 1.25.1) 4. now when user name/email: xxxx@@gršć.com is used, it is been converted to xxxx@xn--gr-wla37a.com causing error message in WebVault: " Input is not an email address." or in case of App's, no login possible. ### Expected behaviour <!-- Tell us what you expected to happen --> 1. when xxxx@gršć.com international domain name is used to create account, domain in account name should not be automatically converted to xxxx@xn--gr-wla37a.com. 2. ### Actual behaviour <!-- Tell us what actually happened --> 1. LogIn on VaultWarden Web Vault. Email: xxxx@@gršć.com 2. error message: "Input is not an email address." ### Troubleshooting data <!-- Share any log files, screenshots, or other relevant troubleshooting data -->

deekerman 2026-02-20 08:11:09 -05:00

• closed this issue
• added the
  troubleshooting
  Third party
  labels

deekerman commented 2026-02-20 08:11:10 -05:00

Author

Owner

Copy link

@BlackDex commented on GitHub (May 7, 2023):

Is the client converting this before it is sending this?

@BlackDex commented on GitHub (May 7, 2023): Is the client converting this before it is sending this?

deekerman commented 2026-02-20 08:11:10 -05:00

Author

Owner

Copy link

@Sasaxxxx commented on GitHub (May 7, 2023):

it was working for over a year. Today I find out I could not log in on IOS App. Updated VaultWarden form 1.25.1 to 1.28.1 with results as reported.

@Sasaxxxx commented on GitHub (May 7, 2023): it was working for over a year. Today I find out I could not log in on IOS App. Updated VaultWarden form 1.25.1 to 1.28.1 with results as reported.

deekerman commented 2026-02-20 08:11:10 -05:00

Author

Owner

Copy link

@Sasaxxxx commented on GitHub (May 7, 2023):

I can see now following:

Actual behaviour:
LogIn on VaultWarden Web Vault. Email: xxxx@@gršć.com
request for MasterPasword:
underneeth of the logIn button, stated: "Logging in as xxxx@xn--gr-wla37a.com"

so i guess it will try to login as user xxxx@xn--gr-wla37a.com (which is not a user xxxx@@gršć.com). can system tell a difference and convert domains in right way?

@Sasaxxxx commented on GitHub (May 7, 2023): I can see now following: Actual behaviour: LogIn on VaultWarden Web Vault. Email: xxxx@@gršć.com request for MasterPasword: underneeth of the logIn button, stated: "Logging in as xxxx@xn--gr-wla37a.com" so i guess it will try to login as user xxxx@xn--gr-wla37a.com (which is not a user xxxx@@gršć.com). can system tell a difference and convert domains in right way?

deekerman commented 2026-02-20 08:11:10 -05:00

Author

Owner

Copy link

@BlackDex commented on GitHub (May 7, 2023):

Vaultwarden doesn't convert the address. So it could be that the new clients convert them before sending it to the server.

@BlackDex commented on GitHub (May 7, 2023): Vaultwarden doesn't convert the address. So it could be that the new clients convert them before sending it to the server.

deekerman commented 2026-02-20 08:11:10 -05:00

Author

Owner

Copy link

@Sasaxxxx commented on GitHub (May 7, 2023):

is VaultWarden Web Vault server part?

@Sasaxxxx commented on GitHub (May 7, 2023): is VaultWarden Web Vault server part?

deekerman commented 2026-02-20 08:11:10 -05:00

Author

Owner

Copy link

@BlackDex commented on GitHub (May 7, 2023):

No, that is client. But it could be that Bitwarden changed something. I'm not sure.

@BlackDex commented on GitHub (May 7, 2023): No, that is client. But it could be that Bitwarden changed something. I'm not sure.

deekerman commented 2026-02-20 08:11:10 -05:00

Author

Owner

Copy link

@BlackDex commented on GitHub (May 7, 2023):

On a quick look, I'm afraid we can't fix this on our side that easily.
It looks like the web-vault doesn't seem to support this anymore for some reason.

On the web-vault I get a message that it needs to be a valid email address.
It seems to be not working anymore since v1.26.0 already (Which uses v2022.12.0 as web-vault).

@BlackDex commented on GitHub (May 7, 2023): On a quick look, I'm afraid we can't fix this on our side that easily. It looks like the web-vault doesn't seem to support this anymore for some reason. On the web-vault I get a message that it needs to be a valid email address. It seems to be not working anymore since v1.26.0 already (Which uses v2022.12.0 as web-vault).

deekerman commented 2026-02-20 08:11:10 -05:00

Author

Owner

Copy link

@BlackDex commented on GitHub (May 8, 2023):

I also think we can't fix this on the server side.
The reason is, the username (mail address) is linked to the hashed password and master-key.
Changing the mail-address, or trying to match the password-hash on the unicode domain will not work.

I suggest to revert back to v1.25.2, change all mail address to use the punycode address via the web-vault and upgrade after all the users have changed it.

It's not something we can fix unfortunately.

@BlackDex commented on GitHub (May 8, 2023): I also think we can't fix this on the server side. The reason is, the username (mail address) is linked to the hashed password and master-key. Changing the mail-address, or trying to match the password-hash on the unicode domain will not work. I suggest to revert back to v1.25.2, change all mail address to use the punycode address via the web-vault and upgrade after all the users have changed it. It's not something we can fix unfortunately.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#1596

No description provided.