Dashlane / dashlane-cli

👩‍💻 Dashlane CLI - Access your secrets in your terminal, servers and CI/CD
https://cli.dashlane.com/
Apache License 2.0
189 stars 52 forks source link

Authentication with Dashlane Authenticator #278

Closed BenjaminOddou closed 2 months ago

BenjaminOddou commented 2 months ago

Describe the bug Original discussion here. It seems that for some Dashlane accounts, the user is prompted to choose between Dashlane Authenticator and TOTP. Since Dashlane Authenticator is no longer supported, is this step still required ? Many thanks in advance.

To Reproduce Steps to reproduce the behavior:

% dcli sync
? Please enter your email address: some-email@gmail.com
? What second factor method would you like to use? (Use arrow keys)
❯ Dashlane Authenticator
  Totp

Expected behavior

% dcli sync
? Please enter your email address: some-email@gmail.com
? Please enter your OTP code:

Environment (please complete the following information):

EDIT : How does the DUO push notification method mentioned in the docs works ?

Mikescops commented 2 months ago

Hello,

When the user has setup multiple second factor methods the question What second factor method would you like to use? will be prompted. In the code we support up to 4 different methods (see here). One of them is the Dashlane Authenticator that has been sunset, and is unusable as app has been removed from the store. That said some user may still have the configuration option on their profile which led the API to return dashlane_authenticator as one of the potential options.

I'm going to make a PR to filter out this option manually from the results.

Concerning DUO verification, it's very similar to the Dashlane Authenticator behaviour, a call is fired to the API that transmits it to DUO servers, a notification to approve is sent to the user's phone and once validated the response goes back to the initial caller. Which means that the CLI will basically hang until it gets an answer from the API. There are very few companies using DUO setup for now, so I guess you can safely ignore this path.