Extension blocks WebAuthn requests when server is unavailable

iw0nderhow commented 9 months ago

Steps To Reproduce

Make your way into a network where the Bitwarden server does not respond to requests (e.g. server is down, behind a VPN, misconfigured DNS, etc.) Most easily reproduced by setting a blackhole route for the Bitwarden server.
Try to authenticate/register using WebAuthn (for example, on webauthn.io.)

Expected Result

When no credentials are found in the local store, the Bitwarden extension triggers a sync in the background and fails over to other WebAuthn authenticators quickly.

Actual Result

The Bitwarden extension blocks the authentication request until the sync succeeds or fails. This takes so long that the timeout set in the authenticating webpage expires. Additionally, the extension always attempts to contact the server - even when the credential should be in its local cache.

Screenshots or Videos

No response

Additional Context

I was originally encountering this on a Vaultwarden server with misconfigured DNS, but I've been able to reproduce this by setting a blackhole route for the official Bitwarden servers (making them appear down).

Operating System

macOS

Operating System Version

14.1.1

Web Browser

Firefox

Browser Version

120.0

Build Version

2023.10.2

Issue Tracking Info

[X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

sammbw commented 9 months ago

Hi there,

I am unable to reproduce this issue, it has been escalated for further investigation. If you have more information that can help us, please add it below.

Thanks!

RemcodM commented 9 months ago

Surprisingly, I just had the same thing happen (in fact, it is how I found out my Bitwarden instance was down).

My DNS didn't resolve properly, so the host that Bitwarden uses to sync had temporarily no addresses in DNS. When signing in using a passkey, the webauthn client library of the website does not resolve to a credential but to an error:

Error: The operation either timed out or was not allowed.

Not sure why this happens. After my DNS was restored, it immediately started working again.

EDIT: I have basically the same configuration, macOS with Firefox.

gerwim commented 8 months ago

I have the same issue, macOS and Firefox. My Bitwarden instance is also only available through VPN.

To show as example, I made use of the yubico playgrouynd to record the issue.

With VPN: https://streamable.com/oac1q1

Without VPN: https://streamable.com/1db0fd

As you can see, without VPN the login eventually fails (probably due to a timeout).

bitwarden / clients