mvdan / bitw

Minimalist BitWarden client
BSD 3-Clause "New" or "Revised" License
169 stars 15 forks source link

Can't login with DUO 2fa #15

Open CamilleScholtz opened 4 years ago

CamilleScholtz commented 4 years ago

I double checked to see if using the 6 digit phrase worked on the bitwarden website, and it does. But when using it with bitw I get the following error every time:

error: could not login via two-factor: Bad Request: {"error":"invalid_grant","error_description":"invalid_username_or_password","ErrorModel":{"Object":"error","Message":"Two-step token is invalid. Try again.","ValidationErrors":null,"ExceptionMessage":null,"ExceptionStackTrace":null,"InnerExceptionMessage":null}}
mvdan commented 4 years ago

Hm - we do have one end-to-end test with 2fa and bitwarden.com, but it's only using one of the 2fa methods.

Unfortunately, as per https://help.bitwarden.com/article/setup-two-step-login/, DUO seems to be a paid 2fa method, and I don't currently own a paid account. I don't know how to go from here without having to pay for one just to debug this.

I'd also like to add a test for this once fixed, but I also don't want to require a paid account to run the tests. Right now, the tests with the real server do use real accounts, but they are dummy free accounts with static contents.

Perhaps you can help me gather more information with your paid account? For example, adding debug prints to double check that the response makes sense. You could also try using their official command line client, and seeing what response it sends when it works.

mvdan commented 3 years ago

Now that https://github.com/mvdan/bitw/issues/12 is fixed, could you try again? I still have no way to test Duo 2fa, though.

CamilleScholtz commented 3 years ago

Still an error... I'll try some fixes myself this evening.

unsupported two factor auth provider 2:
error: could not login via two-factor: Bad Request: {"error":"invalid_grant","error_description":"invalid_username_or_password","ErrorModel":{"Message":"Two-step token is invalid. Try again.","Object":"error"}}
CamilleScholtz commented 3 years ago

spend the evening debugging and could not figure it out. The thing is that on the web interface duo shows a kind of popup where you can choose your verification method (SMS, push notification, using a number), I think that is where it goes wrong.

CamilleScholtz commented 3 years ago

Just tried the official cli, which prints No providers available for this client., seems like Duo might only be supported on web.

Related issue: https://github.com/bitwarden/cli/issues/39

mvdan commented 3 years ago

Ah, so it seems like this requires extra code to at least talk to the Duo API. It appears like this would require bitw to be an authorized api client, so it might mean it can never work out of the box without some sort of registered app token.

I'm still happy to review patches if someone wants to look into this. The cli issue link above is probably the best place to start. My situation is the same as before - I don't have access to the Duo 2FA method, so I don't currently plan on implementing this.