Add option to disable new device login notification emails

Adds SEND_NEW_DEVICE_EMAIL config option (defaults to true) allowing administrators to disable "New Device Logged In" notification emails. This addresses a gap where the only way to stop these emails was to disable SMTP entirely, which also disables other important emails. Use cases include: - Bitwarden CLI in container sidecars (restarts trigger new device emails) - Kubernetes external secrets providers - CI/CD pipelines with frequent automated authentication
6 days ago · 1403609b8f
3 changed files with 10 additions and 2 deletions
--- a/.env.template
+++ b/.env.template
@ -387,6 +387,10 @@
 ## If sending the email fails the login attempt will fail!!
 # REQUIRE_DEVICE_EMAIL=false

+## Send new device logged in notification. When enabled, an email will be sent to users
+## when a new device logs in. Set to false to disable these notification emails.
+# SEND_NEW_DEVICE_EMAIL=true
+
 ## Enable extended logging, which shows timestamps and targets in the logs
 # EXTENDED_LOGGING=true

--- a/src/api/identity.rs
+++ b/src/api/identity.rs
@ -437,7 +437,7 @@ async fn authenticated_response(
    conn: &DbConn,
    ip: &ClientIp,
 ) -> JsonResult {
-    if CONFIG.mail_enabled() && device.is_new() {
+    if CONFIG.mail_enabled() && CONFIG.send_new_device_email() && device.is_new() {
        let now = Utc::now().naive_utc();
        if let Err(e) = mail::send_new_device_logged_in(&user.email, &ip.ip.to_string(), &now, device).await {
            error!("Error sending new device email: {e:#?}");
@ -581,7 +581,7 @@ async fn _user_api_key_login(

    let mut device = get_device(&data, conn, &user).await?;

-    if CONFIG.mail_enabled() && device.is_new() {
+    if CONFIG.mail_enabled() && CONFIG.send_new_device_email() && device.is_new() {
        let now = Utc::now().naive_utc();
        if let Err(e) = mail::send_new_device_logged_in(&user.email, &ip.ip.to_string(), &now, &device).await {
            error!("Error sending new device email: {e:#?}");
--- a/src/config.rs
+++ b/src/config.rs
@ -717,6 +717,10 @@ make_config! {
        /// If sending the email fails the login attempt will fail.
        require_device_email:   bool,   true,   def,     false;

+        /// Send new device logged in notification |> When enabled, an email will be sent to users when a new device logs in.
+        /// Set to false to disable these notification emails.
+        send_new_device_email:  bool,   true,   def,     true;
+
        /// Reload templates (Dev) |> When this is set to true, the templates get reloaded with every request.
        /// ONLY use this during development, as it can slow down the server
        reload_templates:       bool,   true,   def,    false;