search

doy / rbw

unofficial bitwarden cli
https://git.tozt.net/rbw
Other
611 stars 84 forks source link

`gen`, `login`, and `sync` commands don't trigger password prompt #55

Closed rjc closed 3 years ago

rjc commented 3 years ago

Hello,

The behaviour of gen, login, and sync seems counter-intuitive to what's described in the README:

Usage

Commands can generally be used directly, and will handle logging in or unlocking as necessary. For instance, running rbw ls will unlock the password database before generating the list of entries (but will not attempt to log in to the server), rbw sync will log in to the server before downloading the password database (but will not unlock the database), and rbw generate will do both.

However, neither gen, login, nor sync prompt for the password - only ls does:

$ rbw gen 64 # generates 64-character password
[...]
$ rbw login # seemingly, nothing happens - returns to prompt
$ rbw sync # seemingly, nothing happens - returns to prompt
$ rbw ls # as expected, prompts for password and lists all entries
[...]

This is most likely me not fully understanding what happens behind the scenes but, at least to a layman, this seems counter-intuitive. According to the descritpion, one would expect both login and sync to prompt for a password, no? Also, why would gen do both? Why would it do either? Isn't it supposed to just generate a password?

Also, ls does display an entry newly added via the web browser add-on shortly before running the above test so it seems like it is doing a sync, no?

I'd appreciate if you could explain in a bit more detail what individual commands actually do behind the scenes :^)

Ta!

rjc commented 3 years ago

Ping.

doy commented 3 years ago

the state of being logged in is stored on disk. if you have never logged in before, you will get a password prompt, but if you have, it will just refresh its credentials from the file on disk instead. you can clear the on disk state by running rbw purge.

the reference to rbw generate in that part of the readme is referring to passing it additional arguments to automatically store the generated password in a new entry. it would probably be clearer for that documentation to refer to rbw add rather than rbw generate - i can make that change.

rbw ls is showing a newly added entry because you ran rbw sync - it ran successfully without prompting because you were already logged in, and updated the database.

i have clarified this a bit in 0c35b70808b69f64da3dd1fa1f0e0f90c860d75d, let me know if you have any more questions.