From ae532868ad00c779e11b762ae7ae2666622f9dc2 Mon Sep 17 00:00:00 2001 From: Johny Jimenez Date: Thu, 12 Mar 2026 19:26:05 -0500 Subject: [PATCH] Fix duplicate AuthRequestResponse notification on approving device When approving a login-with-device request, `nt.send_auth_response()` broadcasts an AuthRequestResponse (type 16) through the authenticated WebSocket hub to all user devices, including the approving device itself. This causes a duplicate notification on Android. The official Bitwarden server only sends AuthRequestResponse through the anonymous hub (keyed by auth_request_id), which correctly reaches only the requesting device. The authenticated hub is not used for this notification type. Remove the authenticated WebSocket broadcast from send_auth_response, keeping only the push relay call as a fallback for devices not connected via WebSocket. The anonymous hub (ant.send_auth_response) already handles WebSocket delivery to the requesting device. Fixes #6788 --- src/api/notifications.rs | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/src/api/notifications.rs b/src/api/notifications.rs index 42157ac3..d0d73226 100644 --- a/src/api/notifications.rs +++ b/src/api/notifications.rs @@ -515,15 +515,11 @@ impl WebSocketUsers { if *NOTIFICATIONS_DISABLED { return; } - let data = create_update( - vec![("Id".into(), auth_request_id.to_string().into()), ("UserId".into(), user_id.to_string().into())], - UpdateType::AuthRequestResponse, - Some(device.uuid.clone()), - ); - if CONFIG.enable_websocket() { - self.send_update(user_id, &data).await; - } - + // AuthRequestResponse should not be sent through the authenticated WebSocket hub, + // as that broadcasts to all user devices including the approving device, causing + // a duplicate notification. The anonymous hub already delivers the response to the + // requesting device. Only the push relay is needed here as a fallback for devices + // not connected via WebSocket. if CONFIG.push_enabled() { push_auth_response(user_id, auth_request_id, device, conn).await; }