search

jonhadfield / sn-cli

a command line interface for standard notes
GNU Affero General Public License v3.0
71 stars 5 forks source link

CliSignIn failed with: please update your client application. #33

Closed twopwood closed 1 year ago

twopwood commented 1 year ago

I'm using sn version [0.2.4-acc74a5] 2022-02-27T13:06:40Z on macOS 11.7. When I run sn --debug session --add and enter my credentials I get this output:

2022/10/14 19:20:48 gosn-v2 | attempting cli sign-in with email: ... and server 'https://api.standardnotes.com'
2022/10/14 19:20:51 gosn-v2 | sign-in url: https://api.standardnotes.com/v1/login
2022/10/14 19:20:51 gosn-v2 | requestToken | request took: 118.326734ms
2022/10/14 19:20:51 gosn-v2 | CliSignIn failed with: please update your client application.

I assume this is due to an update to the API? Thanks.

jonhadfield commented 1 year ago

I've not had time to maintain this recently and I believe it is, as you suggest, an update in the API. That's triggering this. I'll try and take a look in the next couple of weeks.

meramsey commented 1 year ago

Is there any interest in updating to call the new endpoints with the code_challenge and then code_verifier ? https://github.com/Mikescher/AlephNote/issues/210#issuecomment-1333899216

In bash and curl if you know the server password and email you can get a session token in two steps like this.

server_password=''
STANDARDNOTES_USER=''
STANDARDNOTES_HOST='http://localhost:3000'
echo "Generating codeVerifier and codeChallenge"
hexSeed=$(openssl rand -hex 64)
codeVerifier="${hexSeed:0:64}"
codeChallenge=$(echo -n "${codeVerifier}"| sha256sum | cut -d " " -f1 | base64 -w0)
codeChallenge=${codeChallenge:0:86}
loginParamsJson=$(curl --retry 5 --retry-connrefused -sS  "$STANDARDNOTES_HOST/v2/login-params" \
-H 'Content-Type: application/json' \
--data-raw '{"email":"'$STANDARDNOTES_USER'","code_challenge":"'$codeChallenge'","api":"20200115"}' \
--compressed)
pw_nonce=$(echo $loginParamsJson| python3 -c "import sys, json; print(json.load(sys.stdin)['data']['pw_nonce'])")
loginJson=$(curl --retry pw_nonce=$(echo $loginParamsJson| python3 -c "import sys, json; print(json.load(sys.stdin)['data']['pw_nonce'])")
5 --retry-connrefused -sS "$STANDARDNOTES_HOST/v2/login" \
-H 'Content-Type: application/json' \
--data-raw '{"email":"'$STANDARDNOTES_USER'","code_verifier":"'$codeVerifier'","api":"20200115","password":"'$server_password'"}' \
--compressed)
session_token=$(echo $loginJson| python3 -c "import sys, json; print(json.load(sys.stdin)['data']['session']['access_token'])")
meramsey commented 1 year ago

I was able to make a function and validate it generates valid codeVerifier and challenge in golang

type generateLoginChallengeCodeVerifier struct {
    codeVerifier  string
    codeChallenge string
}

func generateChallengeAndVerifierForLogin() (loginCodeVerifier generateLoginChallengeCodeVerifier) {

    // generate salt seed (password nonce)
    var src cryptoSource
    rnd := rand.New(src)

    letterRunes := []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")

    b := make([]rune, 65)
    for i := range b {
        b[i] = letterRunes[rnd.Intn(len(letterRunes))]
    }

    loginCodeVerifier.codeVerifier = string(b)[:64]
    sha25Hash := fmt.Sprintf("%x", sha256.Sum256([]byte(loginCodeVerifier.codeVerifier)))
    loginCodeVerifier.codeChallenge = string(base64.URLEncoding.EncodeToString([]byte(sha25Hash[:])))[:86]

    return loginCodeVerifier
}

It looks like we would need this added to the https://github.com/jonhadfield/gosn-v2/blob/master/authentication.go

and a 2step post to the /v2/login-params with "code_challenge" and then add the "code_verifier" key to the reqbody when hitting the /v2/login endpoint.

Tried to make updates to the gosn-v2 and compile but was pretty messy so hoping author here can possibly test and add it

joegoldin commented 1 year ago

I've opened a PR to github.com/jonhadfield/gosn-v2 which resolves this here: https://github.com/jonhadfield/gosn-v2/pull/8

Thanks for the code and for pointing me in the right direction @meramsey!

sethlewis93 commented 1 year ago

Hi, @jonhadfield ! 👋🏾

Any chance @joegoldin 's PR above can be accepted here to unblock those of us encountering this error? Sad to say I'm not proficient enough to make a meaningful contribution, but I really look forward to using this tool when you can get around to resolving this.

Thank you for your hard work!

SL

jonhadfield commented 1 year ago

Hi @sethlewis93, I did merge the PR and then found additional, not authentication issues, and haven't had time to work those through yet.

jonhadfield commented 1 year ago

I've taken another look and it might not be as much work as first thought.
Thanks to @joegoldin's contribution, it seems authentication is now sorted. The next change I wasn't expecting is to how syncing of items (notes, tags, etc.) is now done, i.e. saving an item used to result in the SN endpoint returning the data saved (with updated timestamp) but that no longer includes the content that my code relied upon. I've started work on refactoring that code and will update asap.

jonhadfield commented 1 year ago

I've just pushed https://github.com/jonhadfield/sn-cli/releases/tag/0.2.6 that should address this issue.
Please shout if you're still seeing issues.