From 2b3736802d5ce1de3ba73b7ae82b9ecdb8cbd1be Mon Sep 17 00:00:00 2001
From: Mathijs van Veluw <black.dex@gmail.com>
Date: Tue, 17 Mar 2026 17:01:32 +0100
Subject: [PATCH] Fix email header base64 padding (#6961)

Newer versions of the Bitwarden client use Base64 with padding.
Since this is not a streaming string, but a defined length, we can just strip the `=` chars.

Fixes #6960

Signed-off-by: BlackDex <black.dex@gmail.com>
---
 src/api/core/accounts.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs
index 0ce1f684..d91eb4cd 100644
--- a/src/api/core/accounts.rs
+++ b/src/api/core/accounts.rs
@@ -1328,6 +1328,11 @@ impl<'r> FromRequest<'r> for KnownDevice {
 
     async fn from_request(req: &'r Request<'_>) -> Outcome<Self, Self::Error> {
         let email = if let Some(email_b64) = req.headers().get_one("X-Request-Email") {
+            // Bitwarden seems to send padded Base64 strings since 2026.2.1
+            // Since these values are not streamed and Headers are always split by newlines
+            // we can safely ignore padding here and remove any '=' appended.
+            let email_b64 = email_b64.trim_end_matches('=');
+
             let Ok(email_bytes) = data_encoding::BASE64URL_NOPAD.decode(email_b64.as_bytes()) else {
                 return Outcome::Error((Status::BadRequest, "X-Request-Email value failed to decode as base64url"));
             };