blacs30 / bitwarden-alfred-workflow

Simple Bitwarden Workflow for Alfred
MIT License
448 stars 31 forks source link

Search autocompletes to login always, but Im already logged in #88

Closed andrewbihl closed 2 years ago

andrewbihl commented 3 years ago

As demonstrated below, anytime I try to use the tool it automatically jumps to the login option. I am already logged in (confirmed at the CLI). If I go ahead and try to login via Alfred anyway, it asks for my password (I enter it) and then it should be the 2fa dialog even though I don't have 2fa enabled.

https://user-images.githubusercontent.com/16709744/123025271-39e49d80-d38f-11eb-9518-40777db2558a.mov

blacs30 commented 3 years ago

Hi @andrewbihl if you don't use 2fa you can set the workflow variable 2FA_ENABLED from true to false. Then login with the workflow as it asks you to do. The login via cli in the terminal cannot be (easily) shared with the workflow because of the session key which is not shared between the 2 different processes.

There is however this cli help tool by @luckman212 which achieves that the cli and the workflow share the same session secret https://github.com/luckman212/bitwarden-cli-helpers

andrewbihl commented 3 years ago

I disabled 2FA so now it doesn't have that step, but the issue is the same--it always take me to the login prompt.

blacs30 commented 3 years ago

I see. Can you check if the keychain access app contains entries which start with name "com.lisowski". If the cli login works in the terminal then it should only ask to unlock in the workflow but not for login. could you run the workflow in debug mode (in the alfred ui select the workflow and click the bug icon) and check the logs (or paste them here, remove personal data before)

abaj8494 commented 3 years ago

Hi, I am having the same issue. I have just checked Keychain, and no I do not have any entries there which start with 'com.lisowski'. I am though able to use the bw terminal client to interact with my passwords and such. I have managed to run the helper commands by luckman 212 (for anyone that is trying the new m1 macs need you to place that bash code in the ~/.zprofiles not ~/.bash_profiles) though I am not sure exactly how I should be using them.

bastianlemke commented 3 years ago

Same issue here, with Yubikey login.

blacs30 commented 3 years ago

@bastianlemke have you checked the debug output in the Alfred Workflow? Unfortunately I don't have a yubikey so I don't really know if it's fully supported, it might not work at all.

blacs30 commented 3 years ago

@br1ttle the helper commands by luckman212 are only needed if you already got both working successfully. It seems like the workflow doesn't have permission but I also don't know if something on a m1 mac is different than on an intel mac. Have you checked these steps https://github.com/deanishe/awgo/wiki/Catalina Have you checked the debug logs of the Alfred workflow (click on this bug in the alfred ui and run the workflow)

luckman212 commented 3 years ago

I am using Duo as 2-step/MFA on my Bitwarden account and I also had trouble. I assume it's similar to the Yubikey issue. I was intermittently getting crashes from the compiled go process with call stack referring to the embedded awgo library.

I wish I saved that, but I do remember seeing that the awgo used to build the bitwarden-alfred-workflow binaries was an old version. Maybe that needs to be updated... and I wasn't sure how to do it.

For me anyway I temporarily solved the issue by fully logging out of my BW account on all apps, as well as the workflow, clearing the old JSON caches and then re-authenticating.

Another thing that I thought could simplify things is to build a universal binary for the go component instead of 2 separate arch's.

$ lipo -create -output bitwarden-alfred-workflow bitwarden-alfred-workflow-amd64 bitwarden-alfred-workflow-arm64
$ file bitwarden-alfred-workflow
bitwarden-alfred-workflow: Mach-O universal binary with 2 architectures: [x86_64:Mach-O 64-bit executable x86_64] [arm64]
bitwarden-alfred-workflow (for architecture x86_64):    Mach-O 64-bit executable x86_64
bitwarden-alfred-workflow (for architecture arm64): Mach-O 64-bit executable arm64
blacs30 commented 3 years ago

Thanks @luckman212 for your comments. I've just updated the workflow with the latest dependencies. awgo was a year old. I'm not sure though if that helps. @bastianlemke how long did you wait for the sync process, is the wheel spinning (slowly)? I was surprised myself, it took me around 40-60 seconds to sync. That takes a lot of patience nowadays.

abaj8494 commented 3 years ago

Hey, thanks for maintaining this so actively. I just downloaded the new workflow, and am unfortunately still having the same issue. Upon taking a look at the debug console, it seems like my password is wrong even though I have tried it multiple times. I have checked on the bitwarden macOS application and the chromium extension, yet both seem to be accepting this master password. Since my master password contains many symbols, is it possible that it is somehow being parsed incorrectly by the js file? Here is the log.


[23:11:49.987] Bitwarden v2[Script Filter] Passing output '' to Conditional
[23:11:49.987] Bitwarden v2[Conditional] Processing complete
[23:11:49.987] Bitwarden v2[Conditional] Passing output '' to Run Script
[23:11:51.943] STDERR: Bitwarden v2[Run Script] Error: Invalid master password.
[23:11:51.972] Bitwarden v2[Run Script] Processing complete
[23:11:51.972] Bitwarden v2[Run Script] Passing output 'Error: Invalid master password.```
blacs30 commented 3 years ago

@br1ttle this could be the case, we had it once in the past and improved how the password is passed to the js file. I will take a look at that.

abaj8494 commented 3 years ago

If my JS was up to scratch I'd take a gander myself, but for the moment the best I can do is shine a light on the possible culprits:

# ! $ .

bastianlemke commented 3 years ago

@blacs30 I already used the workflow before the update to v2.3.2 with yubikey (without problems) - that's why I think the problem may be related to a recent change. I don't think I was too impatient - I tried it several times and I have waited at least 4-5 minutes. And yes, the wheel is spinning.

It seems like the workflow no longer recognizes the login status.

[20:45:00.818] Bitwarden v2[Script Filter] Queuing argument '(null)' [20:45:00.971] Bitwarden v2[Script Filter] Queuing argument '(null)' [20:45:01.057] Bitwarden v2[Script Filter] Script with argv '(null)' finished [20:45:01.058] STDERR: Bitwarden v2[Script Filter] 🍺 20:45:00 workflow.go:328: -------- Bitwarden v2/2.3.3 (AwGo/0.27.1) -------- 20:45:00 main.go:143: &main.options{Search:false, Config:false, SetConfigs:false, Auth:false, Sfa:false, Lock:false, Icons:false, Folder:false, Unlock:false, Login:false, Logout:false, Sync:false, Open:false, GetItem:false, Force:false, Totp:false, Last:false, Background:false, Id:"", Query:"", Attachment:"", Output:""} 20:45:00 main.go:145: args=[]string{} => []string{} 20:45:00 main.go:146: (main.config) { [...] } 20:45:00 icons.go:79: progress: current=0, next=1 20:45:00 feedback.go:509: Sent 1 result(s) to Alfred 20:45:00 cli.go:560: Sync job already running. 20:45:00 icons.go:79: progress: current=0, next=1 20:45:00 feedback.go:499: Feedback already sent. Ignoring. 20:45:00 workflow.go:405: ------------------- 1.977972ms ------------------- [20:45:01.067] Bitwarden v2[Script Filter] { "variables": { "AW_SESSION_ID": "7XGZXO11Z33GDHH7UNEY8NQP", "RELOAD_PROGRESS": "1" }, "rerun": 0.3, "items": [ { "title": "Syncing Bitwarden secrets…", "valid": false, "icon": { "path": "icons/loading.png" } } ] } [20:45:01.358] Bitwarden v2[Script Filter] Queuing argument '' [20:45:01.438] Bitwarden v2[Script Filter] Script with argv '' finished [20:45:01.443] STDERR: Bitwarden v2[Script Filter] 🍺 20:45:01 workflow.go:328: -------- Bitwarden v2/2.3.3 (AwGo/0.27.1) -------- 20:45:01 main.go:143: &main.options{Search:false, Config:false, SetConfigs:false, Auth:false, Sfa:false, Lock:false, Icons:false, Folder:false, Unlock:false, Login:false, Logout:false, Sync:false, Open:false, GetItem:false, Force:false, Totp:false, Last:false, Background:false, Id:"", Query:"", Attachment:"", Output:""} 20:45:01 main.go:145: args=[]string{} => []string{} 20:45:01 main.go:146: (main.config) { [...] } 20:45:01 icons.go:79: progress: current=1, next=2 20:45:01 feedback.go:509: Sent 1 result(s) to Alfred 20:45:01 cli.go:560: Sync job already running. 20:45:01 icons.go:79: progress: current=1, next=2 20:45:01 feedback.go:499: Feedback already sent. Ignoring. 20:45:01 workflow.go:405: ------------------- 1.655888ms ------------------- [20:45:01.446] Bitwarden v2[Script Filter] { "variables": { "AW_SESSION_ID": "7XGZXO11Z33GDHH7UNEY8NQP", "RELOAD_PROGRESS": "2" }, "rerun": 0.3, "items": [ { "title": "Syncing Bitwarden secrets…", "valid": false, "icon": { "path": "icons/loading-15.png" } } ] } [20:45:01.738] Bitwarden v2[Script Filter] Queuing argument '' [20:45:01.817] Bitwarden v2[Script Filter] Script with argv '' finished [20:45:01.825] STDERR: Bitwarden v2[Script Filter] 🍺 20:45:01 workflow.go:328: -------- Bitwarden v2/2.3.3 (AwGo/0.27.1) -------- 20:45:01 main.go:143: &main.options{Search:false, Config:false, SetConfigs:false, Auth:false, Sfa:false, Lock:false, Icons:false, Folder:false, Unlock:false, Login:false, Logout:false, Sync:false, Open:false, GetItem:false, Force:false, Totp:false, Last:false, Background:false, Id:"", Query:"", Attachment:"", Output:""} 20:45:01 main.go:145: args=[]string{} => []string{} 20:45:01 main.go:146: (main.config) { [...] } 20:45:01 icons.go:79: progress: current=2, next=0 20:45:01 feedback.go:509: Sent 1 result(s) to Alfred 20:45:01 cli.go:560: Sync job already running. 20:45:01 icons.go:79: progress: current=2, next=0 20:45:01 feedback.go:499: Feedback already sent. Ignoring. 20:45:01 workflow.go:405: ------------------- 1.600252ms ------------------- [20:45:01.827] Bitwarden v2[Script Filter] { "variables": { "AW_SESSION_ID": "7XGZXO11Z33GDHH7UNEY8NQP", "RELOAD_PROGRESS": "0" }, "rerun": 0.3, "items": [ { "title": "Syncing Bitwarden secrets…", "valid": false, "icon": { "path": "icons/loading-30.png" } } ] } [20:45:02.121] Bitwarden v2[Script Filter] Queuing argument '' [20:45:02.139] Bitwarden v2[Script Filter] Script with argv '' finished [20:45:02.143] STDERR: Bitwarden v2[Script Filter] 🍺 20:45:02 workflow.go:328: -------- Bitwarden v2/2.3.3 (AwGo/0.27.1) -------- 20:45:02 main.go:143: &main.options{Search:false, Config:false, SetConfigs:false, Auth:false, Sfa:false, Lock:false, Icons:false, Folder:false, Unlock:false, Login:false, Logout:false, Sync:false, Open:false, GetItem:false, Force:false, Totp:false, Last:false, Background:false, Id:"", Query:"", Attachment:"", Output:""} 20:45:02 main.go:145: args=[]string{} => []string{} 20:45:02 main.go:146: (main.config) { [...] } 20:45:02 icons.go:79: progress: current=0, next=1 20:45:02 feedback.go:509: Sent 1 result(s) to Alfred 20:45:02 cli.go:560: Sync job already running. 20:45:02 icons.go:79: progress: current=0, next=1 20:45:02 feedback.go:499: Feedback already sent. Ignoring. 20:45:02 workflow.go:405: ------------------- 1.627651ms ------------------- [20:45:02.145] Bitwarden v2[Script Filter] { "variables": { "AW_SESSION_ID": "7XGZXO11Z33GDHH7UNEY8NQP", "RELOAD_PROGRESS": "1" }, "rerun": 0.3, "items": [ { "title": "Syncing Bitwarden secrets…", "valid": false, "icon": { "path": "icons/loading.png" } } ] } [20:45:02.441] Bitwarden v2[Script Filter] Queuing argument '' [20:45:02.522] Bitwarden v2[Script Filter] Script with argv '' finished [20:45:02.526] STDERR: Bitwarden v2[Script Filter] 🍺 20:45:02 workflow.go:328: -------- Bitwarden v2/2.3.3 (AwGo/0.27.1) -------- 20:45:02 main.go:143: &main.options{Search:false, Config:false, SetConfigs:false, Auth:false, Sfa:false, Lock:false, Icons:false, Folder:false, Unlock:false, Login:false, Logout:false, Sync:false, Open:false, GetItem:false, Force:false, Totp:false, Last:false, Background:false, Id:"", Query:"", Attachment:"", Output:""} 20:45:02 main.go:145: args=[]string{} => []string{} 20:45:02 main.go:146: (main.config) { [...] } 20:45:02 icons.go:79: progress: current=1, next=2 20:45:02 feedback.go:509: Sent 1 result(s) to Alfred 20:45:02 cli.go:560: Sync job already running. 20:45:02 icons.go:79: progress: current=1, next=2 20:45:02 feedback.go:499: Feedback already sent. Ignoring. 20:45:02 workflow.go:405: ------------------- 1.758262ms ------------------- [20:45:02.529] Bitwarden v2[Script Filter] { "variables": { "AW_SESSION_ID": "7XGZXO11Z33GDHH7UNEY8NQP", "RELOAD_PROGRESS": "2" }, "rerun": 0.3, "items": [ { "title": "Syncing Bitwarden secrets…", "valid": false, "icon": { "path": "icons/loading-15.png" } } ] } [20:45:02.769] Bitwarden v2[Script Filter] Queuing argument 'login' [20:45:02.858] Bitwarden v2[Script Filter] Script with argv 'login' finished [20:45:02.866] STDERR: Bitwarden v2[Script Filter] 🍺 20:45:02 workflow.go:328: -------- Bitwarden v2/2.3.3 (AwGo/0.27.1) -------- 20:45:02 main.go:143: &main.options{Search:false, Config:false, SetConfigs:false, Auth:true, Sfa:false, Lock:false, Icons:false, Folder:false, Unlock:false, Login:false, Logout:false, Sync:false, Open:false, GetItem:false, Force:false, Totp:false, Last:false, Background:false, Id:"", Query:"login", Attachment:"", Output:""} 20:45:02 main.go:145: args=[]string{"-auth", "--", "login"} => []string{"login"} 20:45:02 main.go:146: (main.config) { [...] } 20:45:02 cli.go:305: filtering auth config "login" ... 20:45:02 feedback.go:509: Sent 1 result(s) to Alfred 20:45:02 workflow.go:405: ------------------- 3.554436ms ------------------- [20:45:02.868] Bitwarden v2[Script Filter] { "variables": { "AW_SESSION_ID": "1H9SY8V3EE4V0FMLGIYCB67L" }, "items": [ { "title": "Login to Bitwarden", "subtitle": "↩ or ⇥ to login now", "uid": "login", "valid": true, "icon": { "path": "icons/on.png" }, "variables": { "action": "-login", "email": "bastian@xx.xx", "mapsfamode": "YubiKey", "sfamode": "3", "type": "login" } } ] }

blacs30 commented 3 years ago

I found a work which can use all kinds of special characters in the password, unfortunately the Bitwarden CLI doesn't support it yet for the unlock command. It's been fixed but not yet released https://github.com/bitwarden/cli/issues/335 that should solve it in the future. Works already fine locally for the login process for a password like #'k"B'!u"Gz4$Uger'K7k."$. I could push the fix right now without waiting for the unlock command to be fixed, but that would mean each time the workflow is locked a logout and login is needed instead of unlock. Alternatively I can wait little bit longer for the next Bitwarden cli release. FYI @br1ttle

blacs30 commented 3 years ago

@bastianlemke thanks for the log. Do you have to enter a password together with the YubiKey or is that not needed? I think you waited long enough. Have you tried a login via cli, then the workflow should notice that you are logged in and ask you to unlock. Does that work?

I might change the default names for the different option/configs for the workflow. You can do this yourself if you want, e.g. to access the config or auth settings easier. Change those keys on the left in the alfred workflow config to your liking. Here an example how I modified them.

Screenshot 2021-08-18 at 09 33 35
blacs30 commented 3 years ago

@br1ttle the latest release should fix the login for you with the special chars in the password. However unlock doesn't support the same flag in the Bitwarden CLI so as a workaround you would need to logout and login of the Workflow or don't install the autolock daemon.

@andrewbihl may I also ask you to try the latest version

bastianlemke commented 3 years ago

@blacs30 yes, I first have to enter email & password. Afterwards, the two-step login method has to be selected (via CLI - with your workflow this is defined in the settings) - and then the two-step login code is requested:

% bw login bastian@xx.xx ? Master password: [hidden] ? Two-step login method: YubiKey OTP Security Key ? Two-step login code:

Thanks for tip with the different keywords - you're right, it's easier to access settings!

The login via CLI is correctly detected by the workflow. As you wrote, the workflow asks me to unlock after CLI login. After the unlock, the workflow tries to synchronize (Syncing Bitwarden secrets...) - but that never finishes. When I execute 'bw_cache_update.sh' in the terminal (takes about 10-20s), all my bitwarden items are listed in alfred and the 'Syncing Bitwarden secrets...' does not appear anymore. But it looks like the workflow has lost the login: Bildschirmfoto 2021-08-21 um 11 11 47 When I select 'login' nothing happens, and I get the following error in the log: [11:17:40.691] ERROR: Bitwarden v2[Run Script] bitwarden-auth-flow.js: execution error: Error: TypeError: undefined is not an object (evaluating 'mode.localeCompare') (-2700)

I tried to login via '.bitauth login' -> complete login is requested (with 2FA). After the login: [11:18:55.246] Bitwarden v2[Run Script] Passing output 'Error: You are already logged in as bastian@xx.xx.

bastianlemke commented 3 years ago

One more note - I'm not sure if this has anything to do with the problem... I do not use bitwarden cloud but have my own installation with a self-signed certificate (supplied via NODE_EXTRA_CA_CERTS).

KnifeFed commented 2 years ago

When I select 'login' nothing happens, and I get the following error in the log: [11:17:40.691] ERROR: Bitwarden v2[Run Script] bitwarden-auth-flow.js: execution error: Error: TypeError: undefined is not an object (evaluating 'mode.localeCompare') (-2700)

I had the exact same thing happen now after being logged out for some reason. After logging in via bitwarden-cli everything works again. It's not very helpful though that absolutely nothing happens when trying to log in via the workflow.

blacs30 commented 2 years ago

I fixed this issue @KnifeFed in the latest release 2.4.1.