search

dedoussis / icloud-hide-my-email-browser-extension

Enjoy iCloud's Hide My Email service in your favourite browser
https://chrome.google.com/webstore/detail/icloud-hide-my-email/omiaekblhgfopjkjnenhahfgcgnbohlk
MIT License
319 stars 15 forks source link

2FA Wonkiness w/ Firefox #20

Closed JoeCotellese closed 9 months ago

JoeCotellese commented 1 year ago

Hi, I'm trying to use the extension in Firefox. My Apple account has 2FA enabled.

When I enter my email / password and get the 2FA prompt the extension login window goes away. When I click again, I get an empty login window rather than a prompt to enter 2FA.

dedoussis commented 1 year ago

Hi @JoeCotellese! Thanks for taking the time to flag this issue. I have managed to replicate it on my setup.

Temporary work-around

image

After entering the email and password, hit the "Enter" key of your keyboard rather than clicking on the "Sign In" button. This should keep the extension pop-up open, letting it to transition to the next page which is the 2FA code authentication:

image

It is important that you do not navigate away from the pop-up before it has transitioned to the 2FA page.

Why this happens?

  1. The extension is implemented as a state machine where each state represents a different page of the extension. The initial state is the sign-in page.
  2. When submitting the sing-in form, the extension makes a sign-in request to the iCloud servers and waits for a response. The extension is designed to transition to the next state (2FA code authentication page) only upon the reception of a successful sign-in response from iCloud.
  3. The iCloud backend pushes a 2FA notification to each of your authenticated devices.
  4. The notification arrives at your device. A new MacOS dialog pops up which causes Firefox to close the extension pop-up before the extension receives the successfull sign-in response from iCloud.
  5. The extension has not transitioned to the next state, even though the sing-in was successful. The extension is going to render the initial sign-in state once the user re-opens the pop-up.

Essentially, this is a race condition between the 2FA notification arriving at the device and the extension receiving the successful sign-in response.

This behaviour does not happen on Chrome. There are very few cases where Chrome will close the extension pop-up without the user taking any action (such as a click outside the pop-up, or hitting the "Esc" key).

@JoeCotellese Let me know if the above work-around works for you for the time being. I will be looking into putting a proper fix together.

dedoussis commented 1 year ago

Similar issue: https://bugzilla.mozilla.org/show_bug.cgi?id=1378527

JoeCotellese commented 1 year ago

It took a few tries but that did the trick. Thanks!

mounta11n commented 1 year ago

i had the same issue, but your temp workaround solved it perfetcly! thanks a lot

rafacampoamor commented 1 year ago

Tried several times but couldn't make it work (though it worked on Edge). Isn't it possible to open the log in dialog in a new popup window or tab? (by entering the URL manually or something)

Thanks :)

dedoussis commented 1 year ago

Hi @rafacampoamor! Yes, it is possible to open the pop-up as a normal tab:

  1. Open the pop-up and right-click on its background
  2. Select "View Page Source". This will open a new tab to a URL of the following format: view-source:moz-extension://e39b22ff-52d1-4346-bd41-5b4fc89bf114/popup.html.
  3. Remove the view-source: prefix and you have the URL of the pop-up: moz-extension://e39b22ff-52d1-4346-bd41-5b4fc89bf114/popup.html.
  4. Open a new tab, enter that URL and the pop-up interface would be rendered as a regular web page.

Note that pop-up URLs are unique per installation. Entering the above URL of mine won't work. You need to retrieve the URL of your own installation of the extension.

dedoussis commented 1 year ago

FYI, I've started working on a proper fix to this issue a few weeks ago but never got around to shipping it. I hope I will get some time by the end of the month to wrap this up.

rafacampoamor commented 1 year ago

@dedoussis It worked! Thank you so much for the workaround!

Futos commented 1 year ago

Hi @JoeCotellese! Thanks for taking the time to flag this issue. I have managed to replicate it on my setup.

Temporary work-around

image

After entering the email and password, hit the "Enter" key of your keyboard rather than clicking on the "Sign In" button. This should keep the extension pop-up open, letting it to transition to the next page which is the 2FA code authentication:

image

It is important that you do not navigate away from the pop-up before it has transitioned to the 2FA page.

Why this happens?

1. The extension is implemented as a state machine where each state represents a different page of the extension. The initial state is the sign-in page.

2. When submitting the sing-in form, the extension makes a sign-in request to the iCloud servers and waits for a response. The extension is designed to transition to the next state (2FA code authentication page) only upon the reception of a successful sign-in response from iCloud.

3. The iCloud backend pushes a 2FA notification to each of your authenticated devices.

4. The notification arrives at your device. A new MacOS dialog pops up which causes Firefox to close the extension pop-up before the extension receives the successfull sign-in response from iCloud.

5. The extension has not transitioned to the next state, even though the sing-in was successful. The extension is going to render the initial sign-in state once the user re-opens the pop-up.

Essentially, this is a race condition between the 2FA notification arriving at the device and the extension receiving the successful sign-in response.

This behaviour does not happen on Chrome. There are very few cases where Chrome will close the extension pop-up without the user taking any action (such as a click outside the pop-up, or hitting the "Esc" key).

@JoeCotellese Let me know if the above work-around works for you for the time being. I will be looking into putting a proper fix together.

This Workaround is not working for me on Mac OS Firefox 110. If I use enter instead of clicking the button it still closes my popup

dedoussis commented 1 year ago

Hi @rafacampoamor! Yes, it is possible to open the pop-up as a normal tab:

  1. Open the pop-up and right-click on its background
  2. Select "View Page Source". This will open a new tab to a URL of the following format: view-source:moz-extension://e39b22ff-52d1-4346-bd41-5b4fc89bf114/popup.html.
  3. Remove the view-source: prefix and you have the URL of the pop-up: moz-extension://e39b22ff-52d1-4346-bd41-5b4fc89bf114/popup.html.
  4. Open a new tab, enter that URL and the pop-up interface would be rendered as a regular web page.

Note that pop-up URLs are unique per installation. Entering the above URL of mine won't work. You need to retrieve the URL of your own installation of the extension.

@Futos you could try using the above workaround ☝️

dedoussis commented 1 year ago

Version 1.0.6 of the Firefox add-on has been released, which properly fixes this issue: https://addons.mozilla.org/en-US/firefox/addon/icloud-hide-my-email/versions/

@JoeCotellese @mounta11n @rafacampoamor @Futos will leave this thread open for a few days. Please let me know if you encounter any issues with the latest version.

rafacampoamor commented 1 year ago

UPDATE: I just made a second testint and, as the popup still closes itself after the iCloud 2FA launches, it opens again asking for the code when clicked again. I tested it as well on different containers and worked properly. Didn't try yet to quit Firefox and open it again to test how it operates...

I just did a quick test and it’s still behaving the same way as it did previously. Even when I did the workaround you told us, it works for that moment, not keeping the session opened for next uses.