search

cpoppema / pass-browser-firefox

pass-browser-firefox is a browser plugin for firefox with web-extensions support (v48+) that brings your secrets managed by `pass` to your browser; requires a self hosted pass-server
GNU General Public License v3.0
8 stars 1 forks source link

How to use? #2

Closed apiote closed 6 years ago

apiote commented 6 years ago

or… I’m dumb. I configured the add-on, reencrypted entries, and so on.

I start the server:

LOG_LEVEL=debug PORT=8080 PASSWORD_STORE_DIR=~/.password-store npm start
> pass-server-node@0.3.0 start /home/adam/Code/dwd/pass-server-node
> node ./server.js

[20/Nov/2017 12:58:08] DEBUG Starting server..
[20/Nov/2017 12:58:08] INFO Reading from "/home/adam/.password-store".
[20/Nov/2017 12:58:08] INFO Store keys: 4DE9AF848DAD92ACCD90525075F46256DFB57FC6, 8BBDA08382D3E166DB0EAD84702AE2EF04248DB2.

Now I go to eg. Github and try to log in. I click the pass icon, type in the password, click ‘Unlock’, the button turns paler and that’s all. Then I click the icon again and now I can ‘Search..’ (sic!), there is a progress bar below the input which goes to full and nothing happens.

Server shows no further log.

cpoppema commented 6 years ago

Hi @apiote,

Can you verify for me the remote server address in options ? It needs to include http(s):// at the start. Do you also get a notification saying "Server did not respond or timed out." ?

On the top of my head I'm not sure what would cause this, but let's find out! For starters, do you see any incoming requests in your terminal when you forget Firefox for a second and instead, manually try to reach the server e.g. using curl ?

For example, this is my test setup. In my console I run the npm start command in what I'm going to call the server-terminal:

 $    LOG_LEVEL=debug PORT=8080 PASSWORD_STORE_DIR=~/.password-store npm start

> pass-server-node@0.3.0 start /local/projects/pass-server-node
> node ./server.js

[20/Nov/2017 23:19:37] DEBUG Starting server..
[20/Nov/2017 23:19:38] INFO Reading from "/home/cornelis/.password-store".
[20/Nov/2017 23:19:38] INFO Store keys: 460CA8D2CC15F915, 3EBC2FC2, 50A9895C917E2D3D, BCCE5A96, 33B04234, E7EF2794, EBECAF76BE79E1C8

In a different terminal, let's call it client-terminal, I then try to request all the secrets to mimic what the Firefox plugin does:

 $    curl localhost:8080
{
  "error": "Please provide a public key."
}

In the server-terminal new lines appeared:

[20/Nov/2017 23:24:36] DEBUG Request body does not have a publicKey
[20/Nov/2017 23:24:36] WARN "GET /" 400 "curl/7.52.1"
[20/Nov/2017 23:24:36] DEBUG Request with incorrect content-type: "undefined" does not contain "application/json".

This means that the server received and properly replied (since the request was incomplete after all).

Does everything work up to this point ?

apiote commented 6 years ago

Thank You for the response.

My server runs on localhost, I added http:// and it started showing orange notifications about wrong public key. Server log showed that the add-on asks for short key ID while in .gpg-id there’s the full one. Upon changing the ID to the shorter version—as in add-on’s settings—everything works.

I think http(s):// should be added automatically or validated in settings.

I could see the server tries to match various version of key ID but it doesn’t match the full version with the shortened one.

Anyway, thank You for Your great work.

cpoppema commented 6 years ago

Great to hear! I will work on better validation for the remote server address, or as you suggested add it automatically.