Unable to store credentials

[step21]

Recently, tried to set up again from scratch for testing. it seems I cannot get this to work anymore, it always fails with " message: 'Password Management Error: We couldn\'t store your password securely! For more information, visit https://support.nylas.com/hc/en-us/articles/223790028" when adding an account. Visiting the page doesn't help. This might not be unique to the fork, but it was in this case run by the fork. What kind of storage does it need? It might be that I disabled gnome-keyring, especially/at least for ssh because it was super annoying, but not sure why nylas would need that.... Any ideas?

[dweremeichik]

There is a deb and an rpm in the slack channel. You can give one of those a try, if they don't work, it could be a system configuration issue.

[step21]

Thanks. But should it in general work when running from source?

[dweremeichik]

Sure, unless you are missing a dependency or there was an error during the build process that you missed. My point was that you could use one of the prebuilts to narrow down where your issue is coming from.

[step21]

Still happens with the build/deb from the slack. What exactly does Nylas require to 'store credentials securely' on linux?

[dweremeichik]

FWIW a simple search of your error in the code base pointed me to this: https://github.com/nylas/nylas-mail/blob/8499eb51b3bf07096a37a368b37074de909d1a54/packages/client-app/src/key-manager.es6 there is a small wrapper around keytar. Keytar docs should tell you what you need to know: https://github.com/atom/node-keytar

[step21]

Another error that happens at the same time is 'Your Nylas ID is out of date. Please log in again.' I did that, but it didn't really help. Based on the log window that I could open, it seemed that it started syncing briefly, but then it complained again about the Nylas ID. Just putting this here for more information, also as no one at keytar responded yet.

[step21]

And for some full log output:

App load time: 375ms
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
{ Error: Password Management Error: We couldn't store your password securely! For more information, visit https://support.nylas.com/hc/en-us/articles/223790028
    at KeyManager._try (/src/key-manager.es6:70:30)
    at KeyManager.replacePassword (/src/key-manager.es6:28:10)
    at /src/flux/stores/identity-store.es6:88:18
    at next (<anonymous>)
    at step (/src/flux/stores/identity-store.es6:11:1)
    at Promise._execute (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/debuggability.js:300:9)
    at Promise._resolveFromExecutor (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/promise.js:481:18)
    at new Promise (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/promise.js:77:14)
    at /src/flux/stores/identity-store.es6:11:1
    at OnboardingStore.<anonymous> (/internal_packages/onboarding/lib/onboarding-store.es6:143:25)
    at next (<anonymous>)
    at step (/internal_packages/onboarding/lib/onboarding-store.es6:5:1)
    at Promise._execute (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/debuggability.js:300:9)
    at Promise._resolveFromExecutor (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/promise.js:481:18)
    at new Promise (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/promise.js:77:14)
    at OnboardingStore.<anonymous> (/internal_packages/onboarding/lib/onboarding-store.es6:5:1)
    at EventEmitter.eventHandler (/usr/share/nylas-mail/resources/app.asar/node_modules/reflux/src/PublisherMethods.js:36:22)
    at EventEmitter.emit (/usr/share/nylas-mail/resources/app.asar/node_modules/eventemitter3/index.js:72:35)
    at Function.trigger (/usr/share/nylas-mail/resources/app.asar/node_modules/reflux/src/PublisherMethods.js:52:26)
    at Object.functor [as authenticationJSONReceived] (/usr/share/nylas-mail/resources/app.asar/node_modules/reflux/src/createAction.js:32:56)
    at webview.executeJavaScript.result (/internal_packages/onboarding/lib/page-authenticate.jsx:26:27)
    at EventEmitter.<anonymous> (/usr/share/nylas-mail/resources/electron.asar/renderer/web-view/web-view.js:435:21)
  message: 'Password Management Error: We couldn\'t store your password securely! For more information, visit https://support.nylas.com/hc/en-us/articles/223790028' } { pluginIds: [ 'onboarding' ] }
Gkr-Message: secret service operation failed: Failed to activate service 'org.freedesktop.secrets': timed out
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gkr-Message: secret service operation failed: Failed to activate service 'org.freedesktop.secrets': timed out
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
{ Error: Password Management Error: We couldn't store your password securely! For more information, visit https://support.nylas.com/hc/en-us/articles/223790028
    at KeyManager._try (/src/key-manager.es6:70:30)
    at KeyManager.replacePassword (/src/key-manager.es6:28:10)
    at AccountStore.addAccountFromJSON (/src/flux/stores/account-store.es6:272:16)
    at OnboardingStore.<anonymous> (/internal_packages/onboarding/lib/onboarding-store.es6:162:20)
    at next (<anonymous>)
    at step (/internal_packages/onboarding/lib/onboarding-store.es6:5:1)
    at Promise._execute (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/debuggability.js:300:9)
    at Promise._resolveFromExecutor (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/promise.js:481:18)
    at new Promise (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/promise.js:77:14)
    at OnboardingStore.<anonymous> (/internal_packages/onboarding/lib/onboarding-store.es6:5:1)
    at EventEmitter.eventHandler (/usr/share/nylas-mail/resources/app.asar/node_modules/reflux/src/PublisherMethods.js:36:22)
    at EventEmitter.emit (/usr/share/nylas-mail/resources/app.asar/node_modules/eventemitter3/index.js:72:35)
    at Function.trigger (/usr/share/nylas-mail/resources/app.asar/node_modules/reflux/src/PublisherMethods.js:52:26)
    at Object.functor [as accountJSONReceived] (/usr/share/nylas-mail/resources/app.asar/node_modules/reflux/src/createAction.js:32:56)
    at then.json (/internal_packages/onboarding/lib/decorators/create-page-for-form.jsx:105:27)
    at tryCatcher (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/util.js:16:23)
    at Promise._settlePromiseFromHandler (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/promise.js:510:31)
    at Promise._settlePromise (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/promise.js:567:18)
    at Promise._settlePromise0 (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/promise.js:612:10)
    at Promise._settlePromises (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/promise.js:691:18)
    at Async._drainQueue (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/async.js:133:16)
    at Async._drainQueues (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/async.js:143:10)
    at Async.drainQueues (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/async.js:17:14)
  message: 'Password Management Error: We couldn\'t store your password securely! For more information, visit https://support.nylas.com/hc/en-us/articles/223790028' } { pluginIds: [ 'onboarding' ] }
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.

[step21]

Also tried the original Nylas Mail downloaded from nylas. It has the same problem. Only difference is, it has more output. outputting failed api/json requests and seems to complain about a wrong api key. I put thin in pastebin as it is quite long. https://pastebin.com/cDa606Yd

[step21]

Just tried this again. More or less figured it out. On Linux it relates to gnome-keyring-daemon not being accessible or available (or the quivalent on another desktop environment). Most apps like Thunderbird, Geary, Browsers etc actually do not need it, and for me it was causing frequent issues with connecting through ssh, either ignoring the ssh config file, showing gui prompts for terminal sessions and when ignoring the config just resulting in time outs because trying too many keys/passwords. After starting it manually and authenticating, it seemed to work. I think ideally Nylas should work without, but I get that others might have different views or that it's not a high priority.

[dweremeichik]

Any suggestions on a better way of storage across all platforms?

[simonft]

My best suggestion for now is to update the debian dependencies so that gnome-keyring-daemon is pulled in. It doesn't look like that's currently happening.

[ibrokemypie]

Even if installed, it needs to be running, which in my case it was not.

[step21]

Yeah, same here. I am not quite sure whether the problem here is how keytar/libsecret access the keyring-daemon or more generally that the keyring-daemon is somethimes there/sometimes not. As opposed to OS X f.e., where it will always be there. For my use case, Nylas could even store its passwords just in a textfile, if someone can read those, they could probably do what they want anyway.

[dweremeichik]

@step21 so I found out that passwords are already stored in plain text. I don't fully understand why, or what accesses them. I also don't understand why there is the illusion of security by using the keychain. Check out your shared.sqlite file. Perhaps we can make that a fallback since it already has the passwords.

[step21]

Mmmh, thanks for investigating. I think in my case it might have been contributed to by gnome-keyring-daemon not running or a problem with dbus-user-session. Would be great if this could be a fallback especially if it is there already anyway.

[ibrokemypie]

This issue is making both this and mailspring unusable for me. Everything else has access to the gnome keyring, which is definitely starting up correctly on login. I dont really care if the credentials are stored locally in plaintext, most stuff on linux already is. If someone has access to my actual computer I am pretty fucked already, so one more thing in plaintext doesnt make much difference.

[step21]

Check if dbus-user-session is installed and try removing it?

[dweremeichik]

For reference: https://github.com/Foundry376/Mailspring/commit/58280903e51d3b49886d2c663ace0eabcce3073b#diff-25d51226f6fb0950ff3f04b65d5739ae