birlorg / bitwarden-cli

Cross Platform Bitwarden library and CLI with sudolikeaboss functionality.
MIT License
47 stars 7 forks source link

Invalid Username Or Password #4

Closed heywoodlh closed 6 years ago

heywoodlh commented 6 years ago

Whenever I try logging in to my self hosted vault I get an invalid username/password error:

INFO:bitwarden.client:client login as myemail@gmail.com
ERROR:bitwarden.client:bad client login got 400 data returned:{"error":"invalid_grant","error_description":"invalid_username_or_password","ErrorModel":{"Message":"Username or password is incorrect. Try again.","ValidationErrors":null,"ExceptionMessage":null,"ExceptionStackTrace":null,"InnerExceptionMessage":null,"Object":"error"}}

This is the syntax I'm using:

bitwarden --url vault.domain.com login myemail@gmail.com

(Of course the URL and email are substituted for my actual domain name of my instance and email address)

I have logged in multiple times to my BW web vault using the same username/password that I am trying to use to login with using the CLI just to make sure that I'm not putting in the wrong user/password combo and it doesn't seem to work no matter what I do.

birlorg commented 6 years ago

it's not to your web vault, it is to the API.

if you are using bitwarden-ruby (https://github.com/jcs/bitwarden-ruby/):

bitwarden --url https://bitwarden.example.com/api --identurl https://bitwarden.example.com/identity login nobody@example.com

The above should also work for bitwarden-go. see bitwarden login --help for the above paths.

You need to set both the identurl and the baseURL. I have no idea what they are for self-hosted bitwarden proper. for actual bitwarden they are:

bitwarden --identurl https://identity.bitwarden.com --url https://api.bitwarden.com login nobody@example.com

and are of course set for you, by default.

birlorg commented 6 years ago

if you figure out what the values are for bitwarden proper self-hosted, I'll happily put them in the documentation.

heywoodlh commented 6 years ago

Awesome! Thanks so much for the info. That seemed to let me login. However, I can't get in because I have two factor auth enabled. Is there anything in place for two factor authentication, yet?

birlorg commented 6 years ago

nope. I haven't even looked at that yet. Patches welcome! :)

heywoodlh commented 6 years ago

I would love to help. Rather than me figuring out your file structure in this project, which file in ./bitwarden/python/bitwarden should contain the code for multi factor authentication if enabled?

birlorg commented 6 years ago

it would belong in client.py looking at: https://github.com/jcs/bitwarden-ruby/blob/master/API.md and seeing: https://github.com/bitwarden/browser/blob/f1262147a33f302b5e569f13f56739f05bbec362/src/services/constantsService.js#L33-L40

it should be pretty painless I'd add options in main.py def login() for --tfaprovider and --tfatoken (or something like that) and then pass them through to client.py login function

should be pretty easy to then just shove that onto the json that's sent.

birlorg commented 6 years ago

main.py is the UI code (i.e. click) and client.py is the code that actually attacks the server as a client.

heywoodlh commented 6 years ago

Perfect, I've forked the project and will do my best to add the functionality as discussed. I will let you know if I have any more questions. Hopefully you'll see a pull request soon!

birlorg commented 6 years ago

I'm on the bitwarden gitter chatroom thingy as well. if you want to discuss there in detail.

I just pushed the latest code into github. I'm off to lunch, will be back in ~ 30-45m

birlorg commented 6 years ago

MFA support is added now. closing.