search

ajrosen / Bitwarden-Accelerator

Alfred Workflow to make using Bitwarden faster and smoother with all applications
GNU General Public License v3.0
44 stars 1 forks source link

Failing to unlock due to error #20

Closed blakegearin closed 2 months ago

blakegearin commented 2 months ago

Redacted some personal information, but here's what I'm seeing.

Alfred logs:

[23:12:18.988] Bitwarden Accelerator[Script Filter] Processing complete
[23:12:18.995] Bitwarden Accelerator[Script Filter] Passing output 'unlock' to Run Script
[23:12:19.051] STDERR: Bitwarden Accelerator[Run Script] cat: /Users/REDACTED/Library/Caches/com.runningwithcrayons.Alfred/Workflow Data/org.mlfs.corp.bw/sync: No such file or directory
cat: /Users/REDACTED/Library/Caches/com.runningwithcrayons.Alfred/Workflow Data/org.mlfs.corp.bw/sync: No such file or directory
Unload failed: 5: Input/output error
Try running `launchctl bootout` as root for richer errors.
[23:12:19.059] Bitwarden Accelerator[Run Script] Processing complete
[23:12:19.060] Bitwarden Accelerator[Run Script] Passing output 'unlock' to Conditional
[23:12:19.060] Bitwarden Accelerator[Conditional] Processing complete
[23:12:19.061] Bitwarden Accelerator[Conditional] Passing output 'unlock' to Conditional
[23:12:19.061] Bitwarden Accelerator[Conditional] Processing complete
[23:12:19.062] Bitwarden Accelerator[Conditional] Passing output 'unlock' to Call External Trigger
[23:12:19.062] Bitwarden Accelerator[Arg and Vars] Running directly with argument ''
[23:12:19.063] Bitwarden Accelerator[Arg and Vars] Processing complete
[23:12:19.066] Bitwarden Accelerator[Arg and Vars] Passing output 'REDACTED' to Run Script
[23:12:19.067] Bitwarden Accelerator[Conditional] Passing output 'unlock' to Arg and Vars
[23:12:19.068] Bitwarden Accelerator[Arg and Vars] Processing complete
[23:12:19.068] Bitwarden Accelerator[Arg and Vars] Passing output 'unlock' to Conditional
[23:12:32.465] STDERR: Bitwarden Accelerator[Run Script] cat: /Users/REDACTED/Library/Caches/com.runningwithcrayons.Alfred/Workflow Data/org.mlfs.corp.bw/sync: No such file or directory
[23:12:32.471] Bitwarden Accelerator[Run Script] Processing complete
[23:12:32.472] Bitwarden Accelerator[Run Script] Passing output '' to Conditional

Version:

$ bw --version
(node:64881) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
2024.8.2

Files:

$ cd '/Users/REDACTED/Library/Caches/com.runningwithcrayons.Alfred/Workflow Data/org.mlfs.corp.bw'
$ ls -lah
total 8
lrwxr-xr-x  1 REDACTED  staff    20B Sep  6 23:03 bw -> /opt/homebrew/bin/bw
-rw-r--r--  1 REDACTED  staff     0B Sep  6 23:12 collection_id
-rw-r--r--  1 REDACTED  staff     0B Sep  6 23:12 collection_name
lrwxr-xr-x  1 REDACTED  staff    20B Sep  6 23:04 jq -> /opt/homebrew/bin/jq
-rw-r--r--  1 REDACTED  staff     0B Sep  6 23:12 organization_id
-rw-r--r--  1 REDACTED  staff     0B Sep  6 23:12 organization_name
-rw-r--r--  1 REDACTED  staff   154B Sep  6 23:12 status
ajrosen commented 2 months ago

I've just released version 6.0.0, which happens to have a fix for this.

blakegearin commented 2 months ago

Thanks for the clarification.

I tried removing the old version and installing the new version. The old error was gone, however, I still wasn't able to unlock.

Looking at the logs again, I saw that the unlock.sh file was outputting an empty string.

[20:43:25.114] STDERR: Bitwarden Accelerator[Run Script] Starting unlock process
[20:43:25.117] Bitwarden Accelerator[Run Script] Processing complete
[20:43:25.118] Bitwarden Accelerator[Run Script] Passing output '' to Conditional

I went ahead and tried debugging by running a modified version with more logging.

#!/bin/bash

# shellcheck disable=2154

. lib/env.sh

echo >&2 "Starting unlock process"

p=$(./get_password.applescript "${bwuser}")
echo >&2 "Password retrieved: ${p}"

if [ "${p}" == "" ]; then
    echo >&2 "No password provided, exiting."
    exit
fi

echo >&2 "API endpoint: ${API}/unlock"
echo >&2 "Data being sent: {\"password\": \"${p}\"}"

curl_cmd="curl -s -H 'Content-Type: application/json' -d '{\"password\": \"${p}\"}' \"${API}/unlock\""
echo >&2 "Curl command: ${curl_cmd}"

response=$(curl -s -H 'Content-Type: application/json' -d '{"password": "'${p}'"}' "${API}/unlock")
echo >&2 "Raw response from API: ${response}"

if [ "${response}" == "" ]; then
    echo >&2 "API response is empty"
    exit
fi

final_output=$(echo "${response}" | jq -r '.message // .data.title')
echo >&2 "Final output extracted: ${final_output}"

echo >&2 "${final_output}"

Output:

Password retrieved: REDACTED
API endpoint: http://localhost:8087/unlock
Data being sent: {"password": "REDACTED}
Curl command: curl -s -H 'Content-Type: application/json' -d '{"password": "REDACTED"}' "http://localhost:8087/unlock"
Raw response from API: 
API response is empty

Out of curiosity, I ran the curl command manually in iTerm 2.

$ curl -s -H 'Content-Type: application/json' -d '{"password": "REDACTED"}' "http://localhost:8087/unlock"
{"success":true,"data":{"noColor":false,"object":"message","title":"Your vault is now unlocked!","message":"\nTo unlock your vault, set your session key to the `BW_SESSION` environment variable. ex:\n$ export BW_SESSION=\"REDACTED\"\n> $env:BW_SESSION=\"REDACTED\"\n\nYou can also pass the session key to any command with the `--session` option. ex:\n$ bw list items --session REDACTED","raw":"REDACTED"}}%

So then it was unlocked and I'm now able to use the workflow as intended.

A bit puzzling. I am able to lock it again and replicate the issue if you have any code you want me to try.

ajrosen commented 2 months ago

Seeing different behavior with the command line vs. the workflow...shouldn't happen.

The unlock API apparently accepts two formats for the payload. So either it prefers the other format for some people, or it needs to be called twice. Neither makes any sense, but you could try this:

#!/bin/bash

# shellcheck disable=2154

. lib/env.sh

log "unlock"

p=$(2>&- ./get_password.applescript "${bwuser}")

[ "${p}" == "" ] && exit

RESPONSE=$(curl -s -H 'Content-Type: application/json' -d '{"password": "'"${p}"'"}' "${API}"/unlock)

if [ "$(jq -j '.success' <<< "${RESPONSE}")" != "true" ]; then
    RESPONSE=$(curl -s -d "password=${p}" "${API}"/unlock)
fi

jq -j '.message // .data.title' <<< "${RESPONSE}"
tyler-8 commented 2 months ago

Seeing different behavior with the command line vs. the workflow...shouldn't happen.

The unlock API apparently accepts two formats for the payload. So either it prefers the other format for some people, or it needs to be called twice. Neither makes any sense, but you could try this:

#!/bin/bash

# shellcheck disable=2154

. lib/env.sh

log "unlock"

p=$(2>&- ./get_password.applescript "${bwuser}")

[ "${p}" == "" ] && exit

RESPONSE=$(curl -s -H 'Content-Type: application/json' -d '{"password": "'"${p}"'"}' "${API}"/unlock)

if [ "$(jq -j '.success' <<< "${RESPONSE}")" != "true" ]; then
    RESPONSE=$(curl -s -d "password=${p}" "${API}"/unlock)
fi

jq -j '.message // .data.title' <<< "${RESPONSE}"

I've been having the same issue with bw 2024.8.2 and 6.0.0 of this workflow and these changes fixed it.

ajrosen commented 2 months ago

Fantastic! I'm glad it worked for you. This will definitely be in the next release.

Thanks!