Mitro fail to join with the correct password

[salinasv]

Mitro does not recognize mi password even when I proved it is right.

I just installed mitro yesterday on firefox and verified the email. Once I tried to login on my phone app, it asked me to verify the new device which I did, then it failed to login with "Password Incorrect" message. I tried on chromium add-on, and got the same result.

After a while I browsed the code and found the firefox change-password page [1] and tried that because I suspected I set up the password wrong on the first time. I used the password I want on the "new password" and tried all combinations where I could have typed wrong on the "old password" but when I write the one I though was the correct, I got a message "New password must be different from old password" which means that my password was actually right, but for some reason mitro is not letting me use it.

I changed the password for another less secure, less error prone to test, and it let me change the password, but again, if I try to login on different devices/browsers, that doesn't work.

I will ask the support@ to remove my account so I can try again once we find what is going on here.

[1] resource://mitro-login-manager-at-jetpack/mitro-login-manager/data/html/change-password.html

[hmehra]

Same issue occurs on a Windows 7 machine with Firefox 36.0. I am unable to add Mitro to a new device. I am still logged on another device with my old password.

[winstonhong]

Hello Folks.

I have built Mitro in the self-hosting ubuntu12.04.

(1) If I enable the debug mode in Mitro server, I can enable two-factor authentication for Firefox and Chrome. But I am unable to add Mitro to a new device.

(2) If I disable the debug mode in Mitro server, I can add Mitro to a new device. But I can enable two-factor authentication under Chrome-extension mode ONLY. I can NOT enable two-factor authentication for Firefox in both extension mode and full-display mode.

I have enabled two-factor authentication of Mitro. However, I can use username and password to login Mitro directly without any popup information on 6-digits two-factor authentication code.

[salinasv]

Does someone have found a work around for this?

[winstonhong]

Hello hmehra.

If you want to add Mitro to a new device, you have to login your E-mail account and click a verification link sent by Mitro.

I can add any new device in self-hosting Mitro server. For example, I register a new Mitro account in Firefox 36.0/Windows 7, then I can login the same Mitro account using Chrome 40.0/Windows 7 after activating the new device (i.e., Chrome 40.0).

[hmehra]

@winstonhong I am not hosting a Mitro server. I have the plugin installed in Firefox on two different machines. The first one has access to Mitro and the second does not

[winstonhong]

Hello hmehra.

Thank you very much for your feedback.

I confirm this issue with Firefox 36.0/Windows 7.

(1) Chrome 40.0/Windows 7 works well as the second device. I register a new Mitro account in Firefox 36.0/Windows 7, then I can login the same Mitro account using Chrome 40.0/Windows 7 after activating the new device (i.e., Chrome 40.0).

(2) Firefox 36.0/Windows 7 does NOT work as the second device. I register a new Mitro account in Chrome 40.0/Windows 7, then I FAIL to login the same Mitro account using Firefox 36.0/Windows 7 after activating the new device (i.e., Firefox 36.0).

I monitor the log of Mitro server, Firefox 36.0/Windows 7 FAIL to synchronize the new device's key with Mitro server.

In summary, Firefox 36.0 can ONLY work as the 1st device. Chrome 40.0 can work as either the 1st device or any new device.

I am investigating the issue of Firefox 36.0.

Would you please try Chrome 40.0/Windows 7? Thanks.

[salinasv]

@winstonhong did you tried Chrome 40/Linux? I can try it on both, Chrome and Chromium.

Also, on Firefox, if you logout, you will not be able to log in again.

Is any mitro developer looking at this?

[winstonhong]

Hello salinasv.

Thank you very much for your feedback.

Firefox 32 and later versions contain the latest security patches, which break some functions of Mitro.

In other words, only Firefox <=31 can be a Mitro's new device. Firefox >=32 can NOT be a Mitro's new device on Windows 7.

I am investigating the issue caused by the latest security patches of Firefox 32 and later versions.

(1) I have built Mitro server on Ubuntu12.04 and Ubuntu14.04.

(2) Quote "did you tried Chrome 40/Linux? I can try it on both, Chrome and Chromium."

Considering that 90% of Linux users use SSH terminal to access Linux, I test default Firefox 37.0/Ubuntu14.04 today.

I have tested Firefox 37.0/Windows 7 and Chrome 41.0/Windows 7 in the past two months.

(3) Quote "on Firefox, if you logout, you will not be able to log in again."

I NEVER have the issue "if you logout, you will not be able to log in again. " in other words, if I logout Mitro using Firefox 37.0/Windows 7 or Chrome 41.0/Windows 7 once, I can always login Mitro using the same web browser later on.

(4) Quote "Is any mitro developer looking at this?"

As Mitro project has been published as open-source project under the GPL on GitHub, Mitro is looking forward to the contribution from the open-source community.

However, it seems that very few commits were pushed from the open-source community. The Mitro team make most of new commits to the project, according to the commit history at GitHub.

https://github.com/mitro-co/mitro/commits/master

https://github.com/mitro-co/mitro/graphs/contributors

(5) Register a new device

(5a) I can always register Firefox 37.0/Windows 7, Chrome 41.0/Windows 7, or Firefox 37.0/Ubuntu14.04 as the 1st device.

(5b) if the 1st device is Chrome 41.0/Windows 7, I can register Firefox 37.0/Ubuntu14.04 as a new device, but I FAIL to register Firefox 37.0/Windows 7 as a new device.

(5c) if the 1st device is Firefox 37.0/Windows 7, I can register Chrome 41.0/Windows 7 and Firefox 37.0/Ubuntu14.04 as two new devices.

(5d) if the 1st device is Firefox 37.0/Ubuntu14.04 , I can register Chrome 41.0/Windows 7 as a new device, but I FAIL to register Firefox 37.0/Windows 7 as a new device.

[hmehra]

First device - Ubuntu 14.04/Firefox 37 Cannot add new device on Ubuntu14.04/Chrome 42

[winstonhong]

Hello hmehra.

Thank you very much for your feedback.

I can add new device on Ubuntu14.04/Chrome 42 successfully. I can NOT repeat your issue (1) Register the First device - Ubuntu 14.04/Firefox 37 successfully. (2) Add new device on Ubuntu14.04/Chrome 42 successfully.

I share my new experimental results on Mitro as follows.

(1) Update both Firefox and Chrome to the latest version root@Ubuntu14.04:~$ sudo apt-get update root@Ubuntu14.04:~$ sudo apt-get upgrade root@Ubuntu14.04:~$ google-chrome -version Google Chrome 42.0.2311.90 root@Ubuntu14.04:~$ google-chrome

Open Forefox --> Help --> About Firefox Firefox 37.0.1 Mozilla Firefox for Ubuntu canonical -1.0

(2) Test case 1 for adding the new device

Register the First device Ubuntu14.04/Firefox37.0.1 successfully

Add new device Ubuntu14.04/Chrome42.0.2311.90 successfully

(3) Test case 2 for adding the new device

Register the First device Windows7/Firefox37 successfully Add the 2nd new device Windows7/Chrome42 successfully Add the 3rd new device Ubuntu14.04/Chrome42 successfully Add the 4th new device Ubuntu14.04/Firefox37 successfully

In this case, 4 different devices with latest Firefox and Chrome share the same Mitro account successfully.

In summary, I confirm that I have performed the following operation successfully.

(1) remove Mitro from both Ubuntu14.04/Firefox37 and Ubuntu14.04/Chrome42; (2) clear the total history of Firefox37 and Chrome42 from the beginning of time; (3) close Firefox37 and Chrome42; (4) sudo apt-get update & sudo apt-get upgrade Ubuntu14.04 (5) Open Firefox37 and Chrome42; (6) register the 1st device Ubuntu 14.04/Firefox 37 successfully (7) add new device Ubuntu14.04/Chrome 42 successfully

[salinasv]

So, this mean the bug is gone?

I guess I should ask the mitro team to delete my account and try again.

[winstonhong]

Hello salinasv.

I forgot to mention that I performed all the tests on a self-hosting Mitro server instead of the official Mitro server.

I downloaded the Mitro's source code from GitHub and built a self-hosting Mitro/Ubuntu14.04.

I registered the First device Ubuntu14.04/Firefox37.0.1, and added new device Ubuntu14.04/Chrome42.0.2311.90 successfully on one physical machine with Ubuntu14.04, while I built a self-hosting Mitro on another physical machine with Ubuntu14.04.

The current issue I have found is that Windows7/Firefox37 can NOT be a new device, while either Ubuntu14.04/Firefox37.0.1, Ubuntu14.04/Chrome42.0.2311.90, or Windows7/Chrome42.0.2311.90 can be added as a new device.

Windows7/Firefox32 and later version broke some function of Mitro. Surprisingly, Ubuntu14.04/Firefox32 and later version did NOT break the function of Mitro.