jcs / rubywarden

An unofficial, mostly Bitwarden-compatible API server written in Ruby (Sinatra and ActiveRecord)
ISC License
592 stars 49 forks source link

iOS app crash after latest update #100

Closed raufis27 closed 5 years ago

raufis27 commented 5 years ago

It works with official Bitwarden deployment, but not with rubywarden. Any ideas ?

raufis27 commented 5 years ago

[2019-07-16 23:07:56] ERROR Errno::ECONNRESET: Connection reset by peer @ io_fillbuf - fd:10 /usr/lib/ruby/2.3.0/webrick/httpserver.rb:82:in eof?' /usr/lib/ruby/2.3.0/webrick/httpserver.rb:82:inrun' /usr/lib/ruby/2.3.0/webrick/server.rb:296:in `block in start_thread'

jcs commented 5 years ago

That just means the socket died, and if the iOS app is crashing, that's not unexpected.

FWIW, the newest iOS app is working just fine for me with Rubywarden.

raufis27 commented 5 years ago

I tried iPad and IPhone app. Deleted app, reinstalled, same issue. Try to log out and login back, that is when problem happens. If you just update it works fine.

raufis27 commented 5 years ago

Are you able to log out and login back ?

deedoubledub commented 5 years ago

I'm seeing a crash of the Android app on login. The Chrome extension works fine for fresh logins.

This is the only thing I get server-side: Jul 19 11:04:57 bitwarden env[5195]: x.x.x.x, y.y.y.y - - [19/Jul/2019:11:04:57 -0400] "POST /api/accounts/prelogin HTTP/1.1" 200 30 0.0016

jcs commented 5 years ago

@kspearrin any ideas from your crash reports what could be causing this?

kspearrin commented 5 years ago

If @raufis27 or @deedoubledub could swing by the Bitwarden dev channel on gitter and ping me, I could try to work with them compare their crashes to the crash reports received for further information.

kspearrin commented 5 years ago
*** Terminating app due to uncaught exception 'Newtonsoft.Json.JsonSerializationException', reason: 'Newtonsoft.Json.JsonSerializationException: Error converting value {null} to type 'System.Int32'. Path 'KdfIterations', line 1, position 29. ---> System.InvalidCastException: Null object cannot be converted to a value type.'

Looks like your API is returning null for KdfIterations. This is a non-nullable integer. I suppose the older versions handled that case gracefully, but it is invalid nonetheless.

jcs commented 5 years ago

Thanks Kyle.

@raufis27 and @deedoubledub can you update your Git tree and run env RUBYWARDEN_ENV=production bundle exec rake db:migrate and see if you still get crashes?

raufis27 commented 5 years ago

Now I get invalid password error and can't open DB in any app, including desktop apps. Changing password using tools/change_master_password.rb also doesn't work.

jcs commented 5 years ago

Can you run sqlite3 db/production/production.sqlite3 and then select kdf_iterations, kdf_type from users;

raufis27 commented 5 years ago

First I did git pull --ff-only, then env RUBYWARDEN_ENV=production bundle exec rake db:migrate

Could not find rake-12.3.3 in any of the sources Run bundle install to install missing gems

Bundle complete! 18 Gemfile dependencies, 59 gems now installed. Use bundle info [gemname] to see where a bundled gem is installed. Post-install message from i18n:

HEADS UP! i18n 1.1 changed fallbacks to exclude default locale. But that may break your application. Please check your Rails app for 'config.i18n.fallbacks = true'. If you're using I18n (>= 1.1.0) and Rails (< 5.2.2), this should be 'config.i18n.fallbacks = [I18n.default_locale]'. If not, fallbacks will be broken in your app by I18n 1.1.x.

raufis27 commented 5 years ago

sqlite> select kdf_iterations, kdf_type from users; 100000|0

raufis27 commented 5 years ago

tools/change_master_password.rb:59:in `

': master password does not match stored hash (RuntimeError) I am 100% sure that password is correct. Any ideas how I can rescue my database now ?

jcs commented 5 years ago

Ah, so you probably got both updates at the same time so it set your null value to 100000 but your hash probably has the old value of 5000.

update users set kdf_iterations = 5000

And then see if you can login. If so, run tools/change_master_password.rb to re-hash your password with the proper new kdf iterations of 100000.

jcs commented 5 years ago

With a trailing ; yes.

update users set kdf_iterations = 5000;

raufis27 commented 5 years ago

Thank you so much! It works now!

deedoubledub commented 5 years ago

I finally got a chance to catch up with this and I can confirm that the issue is now fixed. Thanks!