ankurk91 / google-chat-electron

An unofficial desktop app for Google Chat :electron:
GNU General Public License v3.0
162 stars 49 forks source link

Can't connect: U2F validation stuck in loop #16

Closed theblackhole closed 2 years ago

theblackhole commented 3 years ago

Specs :

Issue :

Hello, I'm using U2F (Yubikey) with my google account and when I want to connect to google-chat-electron, its stuck at "checking your identity" (where you're supposed to have a message from the browser inviting you to plug your security key).

I found a workaroud by going to history > back then it offers me alternative 2FA methods (Authenticator codes, g.co/sc...) I can use.

I would love to help you debugging this issue but the usual shortcuts (F12 and ctrl + shift + I) doesn't work and there's nothing in the logs.

If you can't add U2F support, there might be a way to tell that the app don't support U2F so Google would offer alternate methods directly instead of being stuck in a loop. I think I saw that in another electron app but I forgot which one...

ankurk91 commented 3 years ago

@theblackhole

Thanks for reporting, i don't own a Yubikey to test, i am not sure if the Electron itself support U2F. There are very less people who are using this method to login. I can mention this in readme.

https://github.com/electron/electron/issues/3226

Some thoughts :

theblackhole commented 3 years ago
  • snap has less permission, did you granted the removable media permission to this app?

Yes that was my first thought Screenshot_20210614_121427

  • CTRL+SHIFT+I worked well for me

Ah it works before I try to login, not when stuck in the loop. Unfortunatly, nothing in console.

  • This is not the official google app, google is not going to offer any alternative auth method if they don't yet.

Sorry I wasn't clear. If U2F is not supported, the auth page will display an error + a link at the bottom where you can choose an alternate registered 2FA method. I saw something like that in the past, in an electron app, exactly like this comment from the issue you've linked : https://github.com/electron/electron/issues/3226#issuecomment-743223942

In your case the auth page thinks the U2F is supported but there's no prompt.

In the screenshot below : on the left, what it's doing, on the right, what it's supposed to do if U2F is supported, and on the previous link I posted, there's a screenshot to show what it's supposed to do when U2F isn't supported by the browser u2f-google-chat

  • If you have a public electron app which works with U2F, let me know, i can look into source.

Yes, I'll try to find the one I saw in the past

Also I found related issues from the electron repo. It might be an issue with electron on *nix systems. https://github.com/electron/electron/issues/27355 https://github.com/electron/electron/issues/24573

Maybe in the past it simply wasn't supported, now it may be an OS specific issue.

ankurk91 commented 3 years ago

@theblackhole

Google must be checking some JS APIs, something like:

if (!navigator.credentials || !navigator.credentials.create) { 
  //try navigator.credentials.get for login instead of create
  //tell the user
}

https://stackoverflow.com/questions/35050276/check-browser-for-u2f-capability

If yes, we can PATCH those JS API (via preload script) in electron to make Google's check will fail, then it should prompt for alternate auth method.

theblackhole commented 3 years ago

If yes, we can PATCH those JS API (via preload script) in electron to make Google's check will fail, then it should prompt for alternate auth method.

That would be nice indeed :)

Also I tried a npm run start from the sources and the issue is still present (and again, no error in the terminal or devtools console), so it's definitly not related to snap (I discoved the "u2f-devices" interface in the process. Might be useful for later https://snapcraft.io/docs/u2f-devices-interface)

theblackhole commented 3 years ago
  • If you have a public electron app which works with U2F, let me know, i can look into source.page

I found the app I mentionned : https://github.com/yakyak/yakyak It doesn't work with U2F and prompt me to use alternate methods like https://github.com/electron/electron/issues/3226#issuecomment-743223942

The auth UI is different though, I wonder if it's another url or an older version

ankurk91 commented 3 years ago

Thanks, i will go through this app soon

btw, it is using older version (11) of electron

https://github.com/yakyak/yakyak/blob/master/package.json#L87

ankurk91 commented 3 years ago

https://github.com/electron/electron/pull/30438

Electron 16 is set to release on 2021-Nov-16

ankurk91 commented 2 years ago

v2.13.0 has been released