"unlock" does not work

[wollew]

I am using the workflow with a self hosted vaultwarden server, the workflow only works after a login + sync. Once the workflow is "locked", either by auto-lock or by manually locking via .bwauth, I need to logout + login again to make it work.

This is what the debug output of a sync after a (successful) unlock looks like:

08:03:15 workflow.go:328: -------- Bitwarden v2/2.4.3 (AwGo/0.27.1) --------
08:03:15 main.go:162: &main.options{Search:false, Config:false, SetConfigs:false, Auth:false, Sfa:false, Lock:false, Icons:false, Folder:false, Unlock:false, Login:false, Logout:false, Sync:true, Open:false, GetItem:false, Force:true, Totp:false, Last:false, Background:true, Id:"", Query:"", Attachment:"", Output:""}
08:03:15 main.go:164: args=[]string{"-sync", "-force", "-background"} => []string{}
08:03:15 main.go:165: (main.config) {
 AutoFetchIconCacheAge: (int) 1440,
 AutoFetchIconMaxCacheAge: (time.Duration) 24h0m0s,
 BwconfKeyword: (string) (len=9) ".bwconfig",
 BwauthKeyword: (string) (len=7) ".bwauth",
 BwKeyword: (string) (len=3) ".bw",
 BwfKeyword: (string) (len=4) ".bwf",
 BwExec: (string) (len=2) "bw",
 BwDataPath: (string) "",
 Debug: (bool) true,
 Email: (string) (len=28) "redacted",
 EmptyDetailResults: (bool) false,
 IconCacheAge: (int) 43200,
 IconCacheEnabled: (bool) true,
 IconMaxCacheAge: (time.Duration) 720h0m0s,
 MaxResults: (int) 1000,
 Mod1: (string) (len=3) "alt",
 Mod1Action: (string) (len=13) "username,code",
 Mod2: (string) (len=5) "shift",
 Mod2Action: (string) (len=3) "url",
 Mod3: (string) (len=4) "ctrl",
 Mod3Action: (string) (len=4) "totp",
 Mod4: (string) (len=7) "cmd,opt",
 Mod4Action: (string) (len=4) "more",
 NoModAction: (string) (len=13) "password,card",
 OutputFolder: (string) (len=21) "/Users/wmr/Downloads/",
 Path: (string) (len=83) "/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/local/share/npm/bin:/usr/bin:/usr/sbin",
 ReorderingDisabled: (bool) false,
 Server: (string) (len=27) "https://redacted/",
 Sfa: (bool) false,
 SfaMode: (int) 0,
 SkipTypes: (string) "",
 SyncCacheAge: (int) 43200,
 SyncMaxCacheAge: (time.Duration) 720h0m0s,
 TitleWithUser: (bool) true,
 TitleWithUrls: (bool) true,
 OpenLoginUrl: (bool) true
}
08:03:19 utils.go:30: [ERROR] ==>  [Vault is locked.]
08:03:19 utils.go:42: [ERROR] ==> Exit code 1. Not unlocked. Need to unlock first. Err: Vault is locked.
08:03:19 cli.go:133: [ERROR] ==>  Not unlocked. Need to unlock first. Error:
Vault is locked.

Output of "Unlock" was:

[08:01:19.530] Bitwarden v2[Script Filter] Processing complete
[08:01:19.541] Bitwarden v2[Script Filter] Passing output '' to Conditional
[08:01:19.543] Bitwarden v2[Conditional] Processing complete
[08:01:19.545] Bitwarden v2[Conditional] Passing output '' to Run Script
[08:01:24.934] Bitwarden v2[Run Script] Processing complete
[08:01:24.963] Bitwarden v2[Run Script] Passing output 'Unlocked
' to Post Notification

I can see the token being updated in Keychain after a successful unlock.

[blacs30]

Thanks for reporting this bug. I can reproduce it here on my end.

[kaspersoerensen]

I am also faced with this issue, however, I do not use a self-hosted service. After the vault is locked, I can unlock it and it usually prompts me that "Cache expired". When I try to sync the cache, it asks me to unlock the vault, and I end up in a "loop" of trying to update and unlock.

[blacs30]

@kaspersoerensen yes this is a bug in the workflow. I did not have time to fix it yet due to personal reasons that kept me busy and possibly still keep me busy for a while.

[imyelmo]

May this bug happen against regular bitwarden service? I'm facing the same problem, but I do not know if I'm misconfiguring something or the bug is happening also for non-self-hosted service.

[imyelmo]

I don't how to help since I don't probably have the required expertise. If necessary, I may help with testing.

[tophee]

Oh, glad to see that it's not me who somehow misconfigured the workflow. I know it's a problem with the workflow, because the cli works. So now I just wonder: is there a workaround or is the workflow simply broken for the time being?

[wollew]

The workaround is to use Logout+Login instead of just Unlock, that works for me at least.

[tophee]

Indeed, that worked for me right now. So you mean to ignore the Lock and Unlock functions and just logout and back in whenever necessary? (In my case, with 2FA enabled, it seems to defeat the purpose of having quick access to my passwords...)

[wollew]

That's the only workaround I know, for me it's not a lot of added inconvenience, I usually just Login once every day in the morning.

[dalsvk]

The workaround is to use Logout+Login instead of just Unlock, that works for me at least.

thanks, that worked for me :))

[blacs30]

With the release 2.4.4 the lock and unlock should work again - I noticed that the unlock syncs all the items which takes quite much time (depending on the # of items). This is something for a separate task to improve.

[dalsvk]

With the release 2.4.4 the lock and unlock should work again - I noticed that the unlock syncs all the items which takes quite much time (depending on the # of items). This is something for a separate task to improve.

thanks for the quick fix :)

[wollew]

I can confirm the fix works, thank you!

[wollew]

Quite creative fix BTW, so the problem wasn't with the workflow after all but rather a problem of bitwarden-cli.