Closed andrewbihl closed 2 years ago
Hi @andrewbihl
if you don't use 2fa you can set the workflow variable 2FA_ENABLED
from true to false.
Then login with the workflow as it asks you to do.
The login via cli in the terminal cannot be (easily) shared with the workflow because of the session key which is not shared between the 2 different processes.
There is however this cli help tool by @luckman212 which achieves that the cli and the workflow share the same session secret https://github.com/luckman212/bitwarden-cli-helpers
I disabled 2FA so now it doesn't have that step, but the issue is the same--it always take me to the login prompt.
I see. Can you check if the keychain access app contains entries which start with name "com.lisowski". If the cli login works in the terminal then it should only ask to unlock in the workflow but not for login. could you run the workflow in debug mode (in the alfred ui select the workflow and click the bug icon) and check the logs (or paste them here, remove personal data before)
Hi, I am having the same issue. I have just checked Keychain, and no I do not have any entries there which start with 'com.lisowski'. I am though able to use the bw terminal client to interact with my passwords and such. I have managed to run the helper commands by luckman 212 (for anyone that is trying the new m1 macs need you to place that bash code in the ~/.zprofiles not ~/.bash_profiles) though I am not sure exactly how I should be using them.
Same issue here, with Yubikey login.
@bastianlemke have you checked the debug output in the Alfred Workflow? Unfortunately I don't have a yubikey so I don't really know if it's fully supported, it might not work at all.
@br1ttle the helper commands by luckman212 are only needed if you already got both working successfully. It seems like the workflow doesn't have permission but I also don't know if something on a m1 mac is different than on an intel mac. Have you checked these steps https://github.com/deanishe/awgo/wiki/Catalina Have you checked the debug logs of the Alfred workflow (click on this bug in the alfred ui and run the workflow)
I am using Duo as 2-step/MFA on my Bitwarden account and I also had trouble. I assume it's similar to the Yubikey issue. I was intermittently getting crashes from the compiled go process with call stack referring to the embedded awgo library.
I wish I saved that, but I do remember seeing that the awgo used to build the bitwarden-alfred-workflow
binaries was an old version. Maybe that needs to be updated... and I wasn't sure how to do it.
For me anyway I temporarily solved the issue by fully logging out of my BW account on all apps, as well as the workflow, clearing the old JSON caches and then re-authenticating.
Another thing that I thought could simplify things is to build a universal binary for the go component instead of 2 separate arch's.
$ lipo -create -output bitwarden-alfred-workflow bitwarden-alfred-workflow-amd64 bitwarden-alfred-workflow-arm64
$ file bitwarden-alfred-workflow
bitwarden-alfred-workflow: Mach-O universal binary with 2 architectures: [x86_64:Mach-O 64-bit executable x86_64] [arm64]
bitwarden-alfred-workflow (for architecture x86_64): Mach-O 64-bit executable x86_64
bitwarden-alfred-workflow (for architecture arm64): Mach-O 64-bit executable arm64
Thanks @luckman212 for your comments. I've just updated the workflow with the latest dependencies. awgo was a year old. I'm not sure though if that helps. @bastianlemke how long did you wait for the sync process, is the wheel spinning (slowly)? I was surprised myself, it took me around 40-60 seconds to sync. That takes a lot of patience nowadays.
Hey, thanks for maintaining this so actively. I just downloaded the new workflow, and am unfortunately still having the same issue. Upon taking a look at the debug console, it seems like my password is wrong even though I have tried it multiple times. I have checked on the bitwarden macOS application and the chromium extension, yet both seem to be accepting this master password. Since my master password contains many symbols, is it possible that it is somehow being parsed incorrectly by the js file? Here is the log.
[23:11:49.987] Bitwarden v2[Script Filter] Passing output '' to Conditional
[23:11:49.987] Bitwarden v2[Conditional] Processing complete
[23:11:49.987] Bitwarden v2[Conditional] Passing output '' to Run Script
[23:11:51.943] STDERR: Bitwarden v2[Run Script] Error: Invalid master password.
[23:11:51.972] Bitwarden v2[Run Script] Processing complete
[23:11:51.972] Bitwarden v2[Run Script] Passing output 'Error: Invalid master password.```
@br1ttle this could be the case, we had it once in the past and improved how the password is passed to the js file. I will take a look at that.
If my JS was up to scratch I'd take a gander myself, but for the moment the best I can do is shine a light on the possible culprits:
# ! $ .
@blacs30 I already used the workflow before the update to v2.3.2 with yubikey (without problems) - that's why I think the problem may be related to a recent change. I don't think I was too impatient - I tried it several times and I have waited at least 4-5 minutes. And yes, the wheel is spinning.
It seems like the workflow no longer recognizes the login status.
[20:45:00.818] Bitwarden v2[Script Filter] Queuing argument '(null)' [20:45:00.971] Bitwarden v2[Script Filter] Queuing argument '(null)' [20:45:01.057] Bitwarden v2[Script Filter] Script with argv '(null)' finished [20:45:01.058] STDERR: Bitwarden v2[Script Filter] 🍺 20:45:00 workflow.go:328: -------- Bitwarden v2/2.3.3 (AwGo/0.27.1) -------- 20:45:00 main.go:143: &main.options{Search:false, Config:false, SetConfigs:false, Auth:false, Sfa:false, Lock:false, Icons:false, Folder:false, Unlock:false, Login:false, Logout:false, Sync:false, Open:false, GetItem:false, Force:false, Totp:false, Last:false, Background:false, Id:"", Query:"", Attachment:"", Output:""} 20:45:00 main.go:145: args=[]string{} => []string{} 20:45:00 main.go:146: (main.config) { [...] } 20:45:00 icons.go:79: progress: current=0, next=1 20:45:00 feedback.go:509: Sent 1 result(s) to Alfred 20:45:00 cli.go:560: Sync job already running. 20:45:00 icons.go:79: progress: current=0, next=1 20:45:00 feedback.go:499: Feedback already sent. Ignoring. 20:45:00 workflow.go:405: ------------------- 1.977972ms ------------------- [20:45:01.067] Bitwarden v2[Script Filter] { "variables": { "AW_SESSION_ID": "7XGZXO11Z33GDHH7UNEY8NQP", "RELOAD_PROGRESS": "1" }, "rerun": 0.3, "items": [ { "title": "Syncing Bitwarden secrets…", "valid": false, "icon": { "path": "icons/loading.png" } } ] } [20:45:01.358] Bitwarden v2[Script Filter] Queuing argument '' [20:45:01.438] Bitwarden v2[Script Filter] Script with argv '' finished [20:45:01.443] STDERR: Bitwarden v2[Script Filter] 🍺 20:45:01 workflow.go:328: -------- Bitwarden v2/2.3.3 (AwGo/0.27.1) -------- 20:45:01 main.go:143: &main.options{Search:false, Config:false, SetConfigs:false, Auth:false, Sfa:false, Lock:false, Icons:false, Folder:false, Unlock:false, Login:false, Logout:false, Sync:false, Open:false, GetItem:false, Force:false, Totp:false, Last:false, Background:false, Id:"", Query:"", Attachment:"", Output:""} 20:45:01 main.go:145: args=[]string{} => []string{} 20:45:01 main.go:146: (main.config) { [...] } 20:45:01 icons.go:79: progress: current=1, next=2 20:45:01 feedback.go:509: Sent 1 result(s) to Alfred 20:45:01 cli.go:560: Sync job already running. 20:45:01 icons.go:79: progress: current=1, next=2 20:45:01 feedback.go:499: Feedback already sent. Ignoring. 20:45:01 workflow.go:405: ------------------- 1.655888ms ------------------- [20:45:01.446] Bitwarden v2[Script Filter] { "variables": { "AW_SESSION_ID": "7XGZXO11Z33GDHH7UNEY8NQP", "RELOAD_PROGRESS": "2" }, "rerun": 0.3, "items": [ { "title": "Syncing Bitwarden secrets…", "valid": false, "icon": { "path": "icons/loading-15.png" } } ] } [20:45:01.738] Bitwarden v2[Script Filter] Queuing argument '' [20:45:01.817] Bitwarden v2[Script Filter] Script with argv '' finished [20:45:01.825] STDERR: Bitwarden v2[Script Filter] 🍺 20:45:01 workflow.go:328: -------- Bitwarden v2/2.3.3 (AwGo/0.27.1) -------- 20:45:01 main.go:143: &main.options{Search:false, Config:false, SetConfigs:false, Auth:false, Sfa:false, Lock:false, Icons:false, Folder:false, Unlock:false, Login:false, Logout:false, Sync:false, Open:false, GetItem:false, Force:false, Totp:false, Last:false, Background:false, Id:"", Query:"", Attachment:"", Output:""} 20:45:01 main.go:145: args=[]string{} => []string{} 20:45:01 main.go:146: (main.config) { [...] } 20:45:01 icons.go:79: progress: current=2, next=0 20:45:01 feedback.go:509: Sent 1 result(s) to Alfred 20:45:01 cli.go:560: Sync job already running. 20:45:01 icons.go:79: progress: current=2, next=0 20:45:01 feedback.go:499: Feedback already sent. Ignoring. 20:45:01 workflow.go:405: ------------------- 1.600252ms ------------------- [20:45:01.827] Bitwarden v2[Script Filter] { "variables": { "AW_SESSION_ID": "7XGZXO11Z33GDHH7UNEY8NQP", "RELOAD_PROGRESS": "0" }, "rerun": 0.3, "items": [ { "title": "Syncing Bitwarden secrets…", "valid": false, "icon": { "path": "icons/loading-30.png" } } ] } [20:45:02.121] Bitwarden v2[Script Filter] Queuing argument '' [20:45:02.139] Bitwarden v2[Script Filter] Script with argv '' finished [20:45:02.143] STDERR: Bitwarden v2[Script Filter] 🍺 20:45:02 workflow.go:328: -------- Bitwarden v2/2.3.3 (AwGo/0.27.1) -------- 20:45:02 main.go:143: &main.options{Search:false, Config:false, SetConfigs:false, Auth:false, Sfa:false, Lock:false, Icons:false, Folder:false, Unlock:false, Login:false, Logout:false, Sync:false, Open:false, GetItem:false, Force:false, Totp:false, Last:false, Background:false, Id:"", Query:"", Attachment:"", Output:""} 20:45:02 main.go:145: args=[]string{} => []string{} 20:45:02 main.go:146: (main.config) { [...] } 20:45:02 icons.go:79: progress: current=0, next=1 20:45:02 feedback.go:509: Sent 1 result(s) to Alfred 20:45:02 cli.go:560: Sync job already running. 20:45:02 icons.go:79: progress: current=0, next=1 20:45:02 feedback.go:499: Feedback already sent. Ignoring. 20:45:02 workflow.go:405: ------------------- 1.627651ms ------------------- [20:45:02.145] Bitwarden v2[Script Filter] { "variables": { "AW_SESSION_ID": "7XGZXO11Z33GDHH7UNEY8NQP", "RELOAD_PROGRESS": "1" }, "rerun": 0.3, "items": [ { "title": "Syncing Bitwarden secrets…", "valid": false, "icon": { "path": "icons/loading.png" } } ] } [20:45:02.441] Bitwarden v2[Script Filter] Queuing argument '' [20:45:02.522] Bitwarden v2[Script Filter] Script with argv '' finished [20:45:02.526] STDERR: Bitwarden v2[Script Filter] 🍺 20:45:02 workflow.go:328: -------- Bitwarden v2/2.3.3 (AwGo/0.27.1) -------- 20:45:02 main.go:143: &main.options{Search:false, Config:false, SetConfigs:false, Auth:false, Sfa:false, Lock:false, Icons:false, Folder:false, Unlock:false, Login:false, Logout:false, Sync:false, Open:false, GetItem:false, Force:false, Totp:false, Last:false, Background:false, Id:"", Query:"", Attachment:"", Output:""} 20:45:02 main.go:145: args=[]string{} => []string{} 20:45:02 main.go:146: (main.config) { [...] } 20:45:02 icons.go:79: progress: current=1, next=2 20:45:02 feedback.go:509: Sent 1 result(s) to Alfred 20:45:02 cli.go:560: Sync job already running. 20:45:02 icons.go:79: progress: current=1, next=2 20:45:02 feedback.go:499: Feedback already sent. Ignoring. 20:45:02 workflow.go:405: ------------------- 1.758262ms ------------------- [20:45:02.529] Bitwarden v2[Script Filter] { "variables": { "AW_SESSION_ID": "7XGZXO11Z33GDHH7UNEY8NQP", "RELOAD_PROGRESS": "2" }, "rerun": 0.3, "items": [ { "title": "Syncing Bitwarden secrets…", "valid": false, "icon": { "path": "icons/loading-15.png" } } ] } [20:45:02.769] Bitwarden v2[Script Filter] Queuing argument 'login' [20:45:02.858] Bitwarden v2[Script Filter] Script with argv 'login' finished [20:45:02.866] STDERR: Bitwarden v2[Script Filter] 🍺 20:45:02 workflow.go:328: -------- Bitwarden v2/2.3.3 (AwGo/0.27.1) -------- 20:45:02 main.go:143: &main.options{Search:false, Config:false, SetConfigs:false, Auth:true, Sfa:false, Lock:false, Icons:false, Folder:false, Unlock:false, Login:false, Logout:false, Sync:false, Open:false, GetItem:false, Force:false, Totp:false, Last:false, Background:false, Id:"", Query:"login", Attachment:"", Output:""} 20:45:02 main.go:145: args=[]string{"-auth", "--", "login"} => []string{"login"} 20:45:02 main.go:146: (main.config) { [...] } 20:45:02 cli.go:305: filtering auth config "login" ... 20:45:02 feedback.go:509: Sent 1 result(s) to Alfred 20:45:02 workflow.go:405: ------------------- 3.554436ms ------------------- [20:45:02.868] Bitwarden v2[Script Filter] { "variables": { "AW_SESSION_ID": "1H9SY8V3EE4V0FMLGIYCB67L" }, "items": [ { "title": "Login to Bitwarden", "subtitle": "↩ or ⇥ to login now", "uid": "login", "valid": true, "icon": { "path": "icons/on.png" }, "variables": { "action": "-login", "email": "bastian@xx.xx", "mapsfamode": "YubiKey", "sfamode": "3", "type": "login" } } ] }
I found a work which can use all kinds of special characters in the password, unfortunately the Bitwarden CLI doesn't support it yet for the unlock command. It's been fixed but not yet released https://github.com/bitwarden/cli/issues/335 that should solve it in the future. Works already fine locally for the login process for a password like #'k"B'!u"Gz4$Uger'K7k."$
.
I could push the fix right now without waiting for the unlock command to be fixed, but that would mean each time the workflow is locked a logout and login is needed instead of unlock.
Alternatively I can wait little bit longer for the next Bitwarden cli release.
FYI @br1ttle
@bastianlemke thanks for the log. Do you have to enter a password together with the YubiKey or is that not needed? I think you waited long enough. Have you tried a login via cli, then the workflow should notice that you are logged in and ask you to unlock. Does that work?
I might change the default names for the different option/configs for the workflow. You can do this yourself if you want, e.g. to access the config or auth settings easier. Change those keys on the left in the alfred workflow config to your liking. Here an example how I modified them.
@br1ttle the latest release should fix the login for you with the special chars in the password. However unlock doesn't support the same flag in the Bitwarden CLI so as a workaround you would need to logout and login of the Workflow or don't install the autolock daemon.
@andrewbihl may I also ask you to try the latest version
@blacs30 yes, I first have to enter email & password. Afterwards, the two-step login method has to be selected (via CLI - with your workflow this is defined in the settings) - and then the two-step login code is requested:
% bw login bastian@xx.xx
? Master password: [hidden]
? Two-step login method: YubiKey OTP Security Key
? Two-step login code:
Thanks for tip with the different keywords - you're right, it's easier to access settings!
The login via CLI is correctly detected by the workflow. As you wrote, the workflow asks me to unlock after CLI login. After the unlock, the workflow tries to synchronize (Syncing Bitwarden secrets...) - but that never finishes. When I execute 'bw_cache_update.sh' in the terminal (takes about 10-20s), all my bitwarden items are listed in alfred and the 'Syncing Bitwarden secrets...' does not appear anymore. But it looks like the workflow has lost the login: When I select 'login' nothing happens, and I get the following error in the log: [11:17:40.691] ERROR: Bitwarden v2[Run Script] bitwarden-auth-flow.js: execution error: Error: TypeError: undefined is not an object (evaluating 'mode.localeCompare') (-2700)
I tried to login via '.bitauth login' -> complete login is requested (with 2FA). After the login: [11:18:55.246] Bitwarden v2[Run Script] Passing output 'Error: You are already logged in as bastian@xx.xx.
One more note - I'm not sure if this has anything to do with the problem... I do not use bitwarden cloud but have my own installation with a self-signed certificate (supplied via NODE_EXTRA_CA_CERTS).
When I select 'login' nothing happens, and I get the following error in the log: [11:17:40.691] ERROR: Bitwarden v2[Run Script] bitwarden-auth-flow.js: execution error: Error: TypeError: undefined is not an object (evaluating 'mode.localeCompare') (-2700)
I had the exact same thing happen now after being logged out for some reason. After logging in via bitwarden-cli
everything works again. It's not very helpful though that absolutely nothing happens when trying to log in via the workflow.
I fixed this issue @KnifeFed in the latest release 2.4.1.
As demonstrated below, anytime I try to use the tool it automatically jumps to the login option. I am already logged in (confirmed at the CLI). If I go ahead and try to login via Alfred anyway, it asks for my password (I enter it) and then it should be the 2fa dialog even though I don't have 2fa enabled.
https://user-images.githubusercontent.com/16709744/123025271-39e49d80-d38f-11eb-9518-40777db2558a.mov