Adding a group to a collection returns 500 error - but works

[KramNamez]

Steps To Reproduce

1. Create a group.
2. Create a collection.
3. Use the API or the Web Vault to add the group to the collection with "manage" permission.

Expected Result

Response status 200, collection is updated.

Actual Result

Response status 500, unhandled server exception - collection is still updated!

fail: Bit.Api.Utilities.ExceptionHandlerFilterAttribute[0] => SpanId:e3e6d7d32b55e7a0, TraceId:79d323659e2c99718ec674f139e9891d, ParentId:0000000000000000 => ConnectionId:0HN76SIKD24L3 => RequestPath:/public/collections/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx RequestId:0HN76SIKD24L3:00000001 => Bit.Api.Public.Controllers.CollectionsController.Put (Api)

An exception was thrown while attempting to evaluate a LINQ query parameter expression. See the inner exception for more information. To show additional information call 'DbContextOptionsBuilder.EnableSensitiveDataLogging'.

System.InvalidOperationException: An exception was thrown while attempting to evaluate a LINQ query parameter expression. See the inner exception for more information. To show additional information call 'DbContextOptionsBuilder.EnableSensitiveDataLogging'.

---> System.ArgumentNullException: Value cannot be null. (Parameter 'source')

Screenshots or Videos

No response

Additional Context

I'm working on importing content from our previous PW management solution to Bitwarden. As part of that, I'm creating groups and collections via the API. I can fire all my requests and just ignore that I'm getting 500 errors, since it actually does the thing I need it to do.

It's still clearly incorrect behaviour.

This is basically the payload I send:

"externalId": "my-reference",
"groups": [
    {
        "id": xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx,
        "readOnly": false,
        "hidePasswords": false,
        "manage": true
    }
]

Githash Version

8a02b49f-dirty

Environment Details

Unified deployment on an OpenShift cluster.

Database Image

No response

Issue-Link

https://github.com/bitwarden/server/issues/2480

Issue Tracking Info

• [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[jtodddd]

Hi there,

I am unable to reproduce this issue, it has been escalated for further investigation. If you have more information that can help us, please add it below.

Thanks!

[KramNamez]

Thanks for looking into it!

We use Postgres as the DB, but otherwise... I don't know what would help you. I have that stacktrace and the knowledge that this happened every time I tried to add a group. I wasn't doing anything terribly weird, I think :)

Both group and collection have externalId set, too.

[KramNamez]

We have since updated BW and fixed some remaining issues with our setup - and now this has stopped working. If I try updating collections through the API (but not through the GUI!) I get the following error:

fail: Bit.Api.Utilities.ExceptionHandlerFilterAttribute[0]"
      => SpanId:063776f7220322cc, TraceId:06a9b8e3247fb541c18101d628fc41e0, ParentId:0000000000000000 => ConnectionId:0HN8A3KRR5FMR => RequestPath:/public/collections/88060a1d-cc11-46e7-a7b1-b22f010369a5 RequestId:0HN8A3KRR5FMR:00000001 => IpAddress:::ffff:127.0.0.1 UserAgent:Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0 DeviceType: Origin: ClientVersion: => Bit.Api.Public.Controllers.CollectionsController.Put (Api)"
      Object reference not set to an instance of an object."
       System.NullReferenceException: Object reference not set to an instance of an object."
         at Bit.Infrastructure.EntityFramework.Repositories.CollectionRepository.ReplaceAsync(Collection collection, IEnumerable`1 groups, IEnumerable`1 users) in /source/src/Infrastructure.EntityFramework/Repositories/CollectionRepository.cs:line 524"
         at Bit.Infrastructure.EntityFramework.Repositories.CollectionRepository.ReplaceCollectionUsersAsync(DatabaseContext dbContext, Collection collection, IEnumerable`1 users) in /source/src/Infrastructure.EntityFramework/Repositories/CollectionRepository.cs:line 735"
         at Bit.Api.Public.Controllers.CollectionsController.Put(Guid id, CollectionUpdateRequestModel model) in /source/src/Api/Public/Controllers/CollectionsController.cs:line 96"
         at Bit.Core.Services.CollectionService.SaveAsync(Collection collection, IEnumerable`1 groups, IEnumerable`1 users) in /source/src/Core/Services/Implementations/CollectionService.cs:line 83"
         at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)"
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Logged|12_1(ControllerActionInvoker invoker)"
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)"
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)"
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)"
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)"
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)"
fail: Bit.Api.Utilities.ExceptionHandlerFilterAttribute[0]"
      => SpanId:823b3c1e95444c72, TraceId:d109b569b2027613f4f22383bad0e459, ParentId:0000000000000000 => ConnectionId:0HN8A3KRR5FN8 => RequestPath:/public/collections/88060a1d-cc11-46e7-a7b1-b22f010369a5 RequestId:0HN8A3KRR5FN8:00000001 => IpAddress:::ffff:127.0.0.1 UserAgent:Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0 DeviceType: Origin: ClientVersion: => Bit.Api.Public.Controllers.CollectionsController.Put (Api)"
      Object reference not set to an instance of an object."
         at Bit.Infrastructure.EntityFramework.Repositories.CollectionRepository.ReplaceCollectionUsersAsync(DatabaseContext dbContext, Collection collection, IEnumerable`1 users) in /source/src/Infrastructure.EntityFramework/Repositories/CollectionRepository.cs:line 735"
      System.NullReferenceException: Object reference not set to an instance of an object."
         at Bit.Infrastructure.EntityFramework.Repositories.CollectionRepository.ReplaceAsync(Collection collection, IEnumerable`1 groups, IEnumerable`1 users) in /source/src/Infrastructure.EntityFramework/Repositories/CollectionRepository.cs:line 524"
         at Bit.Api.Public.Controllers.CollectionsController.Put(Guid id, CollectionUpdateRequestModel model) in /source/src/Api/Public/Controllers/CollectionsController.cs:line 96"
         at Bit.Core.Services.CollectionService.SaveAsync(Collection collection, IEnumerable`1 groups, IEnumerable`1 users) in /source/src/Core/Services/Implementations/CollectionService.cs:line 83"
         at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)"
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Logged|12_1(ControllerActionInvoker invoker)"
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)"
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)"
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)"
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)"
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)"

However, I'm able to update groups to add collections just fine. 😵‍💫

So now I'm doing that instead.

[eliykat]

Hi @KramNamez , your initial report looks like a duplicate of #2788. Are you still experiencing that error when updating collections via the web vault? As I just commented on that thread, we've been unable to reproduce this on our latest builds, so any additional info would be appreciated.

Your follow-up was about the public api specifically. I'm not sure I've seen that anywhere else. Is that still a live issue, and if so, can you please provide reproduction steps? e.g. what do you do in the web vault to set it up, and then what is the content of your request against the public api?

Thanks!

[KramNamez]

No, we have given up on self-hosting and moved to the SaaS solution. So I can no longer provide any additional info.

[eliykat]

Thanks @KramNamez and sorry we didn't get to this one sooner. For now we've been unable to reproduce this, I've added some test coverage in https://github.com/bitwarden/server/pull/5814 but otherwise I'll close this for now.