From d9eddea3be352d0e5dade42abdd0a6abb04efc79 Mon Sep 17 00:00:00 2001
From: boris324 <boris324@users.noreply.github.com>
Date: Wed, 4 Mar 2026 21:01:57 +0000
Subject: [PATCH] Handle mail server DNS errors gracefully on admin login

When the SMTP host DNS is misconfigured, SocketException propagates
unhandled from MailKit through LoginController.Index(), resulting in
a confusing 404 page. Wrap the passwordless sign-in call in a
try/catch to log the error and display a clear message instead.

Resolves #6792
---
 src/Admin/Auth/Controllers/LoginController.cs | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/Admin/Auth/Controllers/LoginController.cs b/src/Admin/Auth/Controllers/LoginController.cs
index 7be161e6d9..38c239c393 100644
--- a/src/Admin/Auth/Controllers/LoginController.cs
+++ b/src/Admin/Auth/Controllers/LoginController.cs
@@ -5,17 +5,21 @@ using Bit.Admin.Auth.IdentityServer;
 using Bit.Admin.Auth.Models;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Logging;
 
 namespace Bit.Admin.Auth.Controllers;
 
 public class LoginController : Controller
 {
     private readonly PasswordlessSignInManager<IdentityUser> _signInManager;
+    private readonly ILogger<LoginController> _logger;
 
     public LoginController(
-        PasswordlessSignInManager<IdentityUser> signInManager)
+        PasswordlessSignInManager<IdentityUser> signInManager,
+        ILogger<LoginController> logger)
     {
         _signInManager = signInManager;
+        _logger = logger;
     }
 
     public IActionResult Index(string returnUrl = null, int? error = null, int? success = null,
@@ -40,7 +44,16 @@ public class LoginController : Controller
     {
         if (ModelState.IsValid)
         {
-            await _signInManager.PasswordlessSignInAsync(model.Email, model.ReturnUrl);
+            try
+            {
+                await _signInManager.PasswordlessSignInAsync(model.Email, model.ReturnUrl);
+            }
+            catch (Exception e)
+            {
+                _logger.LogError(e, "Error sending login email");
+                return RedirectToAction("Index", new { error = 5 });
+            }
+
             return RedirectToAction("Index", new
             {
                 success = 3
@@ -89,6 +102,7 @@ public class LoginController : Controller
             3 => "If a valid admin user with this email address exists, " +
                 "we've sent you an email with a secure link to log in.",
             4 => "Access denied. Please log in.",
+            5 => "There was a problem sending the login email. Please check your mail server configuration.",
             _ => null,
         };
     }