Multiple login (within 60 secs) causes errors

[kobbe82]

It can be simulated by logging in and out a few times in a row.

bash-4.3# lpass login --color=never my@email.com
Please enter the LastPass master password for .

Master Password:
Success: Logged in as my@email.com.
bash-4.3# lpass logout
Are you sure you would like to log out? [Y/n] Y
Log out: complete.
bash-4.3# lpass login --color=never my@email.com
Please enter the LastPass master password for .

Master Password:
Success: Logged in as my@email.com.
bash-4.3# lpass logout
Are you sure you would like to log out? [Y/n]
Log out: complete.
bash-4.3# llpass login --color=never my@email.com
Please enter the LastPass master password for .

Master Password:
Success: Logged in as my@email.com.
bash-4.3# lpass logout
Are you sure you would like to log out? [Y/n]
Log out: complete.
bash-4.3# lpass login --color=never my@email.com
Please enter the LastPass master password for .

Master Password:
Error: HTTP response code said error.

In attached the lpass.log file (generated with LPASS_LOG_LEVEL=8) you can see a http 403

The requested URL returned error: 403 Forbidden

We contacted lasspass support and they said:

On the back end, I do see an error just saying that this user is attempting too many logins within 60 seconds. Is this happening more widespread than with this one user? From their activity it looks like they are just logging into the CLI a lot.

Our request to disable a max amount of logins per 60 seconds for a specific user. We need this because we've integrated the lpass-cli in our CI pipeline.

[bcopeland]

OK, we can implement a sleep(60) + retry-login if 403 comes back.

But, are you sure you want to contact lastpass servers in your CI pipeline? You could save the blob and then use --sync=no for various commands to avoid talking to lastpass servers all the time.