search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
17.55k stars 13.71k forks source link

bitwarden-desktop: System Authentication Broken #344073

Open alexyao2015 opened 4 days ago

alexyao2015 commented 4 days ago

Describe the bug

The Bitwarden desktop system authentication is currently nonfunctional.

Steps To Reproduce

  1. Enable system authentication in the bitwarden desktop app
  2. Enable biometrics in the bitwarden extension (firefox in this example).
  3. See that the browser extension is unable to communicate with the desktop.

Expected behavior

The browser extension should be able to unlock using the desktop system authentication

Additional context

I've been able to diagnose and fix the issue by adding some hacks to my nixos configuration using the following steps.

  1. Enable polkit and add the bitwarden unlock action.

Add security.polkit.enable = true; to configuration.nix. Then include the com.bitwarden.Bitwarden.policy from here https://github.com/bitwarden/clients/blob/4b9935b28c48e5824a19166170604ec3a6911593/apps/desktop/src/platform/main/biometric/biometric.unix.main.ts#L12.

I did this using 

{
  environment.systemPackages = with pkgs; [
    (runCommand "install-bitwarden-policy" {} ''
      mkdir -p $out/share/polkit-1/actions
      cat <<EOF > $out/share/polkit-1/actions/com.bitwarden.Bitwarden.policy
      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE policyconfig PUBLIC
      "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
      "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">

      <policyconfig>
          <action id="com.bitwarden.Bitwarden.unlock">
            <description>Unlock Bitwarden</description>
            <message>Authenticate to unlock Bitwarden</message>
            <defaults>
              <allow_any>no</allow_any>
              <allow_inactive>no</allow_inactive>
              <allow_active>auth_self</allow_active>
            </defaults>
          </action>
      </policyconfig>
      EOF
    '')
  ];
}
  1. Modify native messaging configuration .mozilla/native-messaging-hosts/com.8bit.bitwarden.json

The contents of this file need to be replaced, notably the path to the bitwarden executable is incorrect and somehow is a path to an electron executable rather than the correct bitwarden executable. This electron executable when executed gives a segfault. For me, it is located at /nix/store/afd2nb5r9vpr0xrka8w9za02kx2d40h5-electron-unwrapped-31.4.0/libexec/electron/electron.

{
  "name": "com.8bit.bitwarden",
  "description": "Bitwarden desktop <-> browser bridge",
  "path": "/etc/profiles/per-user/<YOUR USERNAME>/bin/bitwarden",
  "type": "stdio",
  "allowed_extensions": [
    "{446900e4-71c2-419f-a6a7-df9c091e268b}"
  ]
}
  1. Modify the autostart configuration file. Again, this file appears to contain the incorrect path to the bitwarden executable and is the same exectron executable from 2.
[Desktop Entry]
Type=Application
Version=2024.8.1
Name=Bitwarden
Comment=Bitwarden startup script
Exec=/etc/profiles/per-user/alex/bin/bitwarden
StartupNotify=false
Terminal=false

If these two core issues (polkit action missing and the bitwarden executable path) could be fixed, this issue could be resolved.

Notify maintainers

@amarshall

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

[user@system:~]$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-linux"`
 - host os: `Linux 6.10.11, NixOS, 24.05 (Uakari), 24.05.20240922.23cbb25`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.18.5`
 - nixpkgs: `/nix/store/rqicl40jqw5d93l43s1xq0bm6yy0gpx4-source`

Add a :+1: reaction to issues you find important.

Bvngee commented 3 days ago

Hi! Thanks for creating this issue (even though some of the debugging work may have been duplicated). Let me know if #339384 fixes the issue for you and if not I can add make sure to add whatever it might be missing.