The new organization export is case sensitive in regards to the server response with ciphers and collections

[BlackDex]

Steps To Reproduce

Not really able to reproduce this with the Bitwarden server, but it is with the Vaultwarden server.

Steps to take are simple.

• Export an organization vault to json.

Doesn't matter if this is via web-vault or cli for example.

Expected Result

A full export in JSON format with all the ciphers and collections.

Actual Result

Empty JSON, no ciphers or collections.

Screenshots or Videos

No response

Additional Context

I'm one of the main developers of Vaultwarden, and it looks like the JSON response format on how to export the vault has changed to be case-sensitive.

Previously it didn't matter if the JSON key's were like FolderId or folderId, both were excepted.
If i check the code for the old way to export i see a ListResponse function which handles this. (

clients/libs/common/src/services/api.service.ts

Lines 572 to 580 in f72ef2d

	async getCiphersOrganization(organizationId: string): Promise<ListResponse<CipherResponse>> {
	const r = await this.send(
	"GET",
	"/ciphers/organization-details?organizationId=" + organizationId,
	null,
	true,
	true
	);
	return new ListResponse(r, CipherResponse);

)

With the new function that ListResponse is gone, and it now is case sensitive in the parsing. (

clients/libs/common/src/services/export.service.ts

Lines 239 to 242 in 5f74b9a

	private async getOrganizationDecryptedExport(
	organizationId: string,
	format: "json" | "csv"
	): Promise<string> {

)

I wonder if this is intentional or, maybe was an oversight, since all other API's do handle both formats as far as I can tell.

Thanks in advance!

Operating System

Linux

Operating System Version

No response

Web Browser

Chrome, Firefox

Browser Version

No response

Build Version

2022.9.0+

[Hinton]

Hi @BlackDex,

I took a look at the response model and it indeed seems we are not parsing the nested json properly. This can have unintended site effects other than the PascalCase, camelCase observed here.

On another note, the servers previously returned either PascalCase or camelCase, however we removed PascalCase support on the servers a while back. While we currently have no plans to intentionally remove support from the clients I won't guarantee it will always exist. So it might be worth considering migrating to camelCase completely for vaultwarden.

[BlackDex]

@Hinton Thanks for the reply.
Looks like we have some work to do.
But, better to have everything the same and one format.

[Hinton]

@BlackDex before I forget it, the API for export will change again once that PR is merged. We're removing the unecessary nesting, since it doesn't match how our other APIs are implemented.

[BlackDex]

@Hinton, that would be #3641 i guess.
Sounds like a simple change.

Is there some way to differentiate between the versions?
Because now clients 2022.9.x will break on newer server version of i look at both PR's, but I could be wrong.

[Hinton]

The organization export is just for the web vault, which is version tied to the server so we lucked out in this case. There is a version header that should be sent along for each request you could check.

[BlackDex]

@Hinton, are you sure??
If i run: bw export --format json --organizationid <org-id> with v2022.9.0 it calls the exact same endpoint.
With v2022.8.x it still calls the two separate endpoints.

[Hinton]

That's a good point, I had forgotten the CLI.

[BlackDex]

@Hinton i think this ticket can be closed right?
Or do you need this still for some checking?

[Hinton]

It will close once the PR gets merged.