search

oplik0 / solo2-desktop

A GUI application for managing Solo v2 security keys
MIT License
9 stars 1 forks source link

Creating new TOTP credential not working win10 #93

Closed userx14 closed 8 months ago

userx14 commented 9 months ago

Hi, while testing on Windows 10 I'm not able to register a new TOTP credential. When the menu is opened where the new secret can be added, both the "Register" and "Cancel" button on the lower edge of the window do not seem to respond to input. Also the dropdown menu with has "Advanced" as the default option does not open. Adding the same code with solo2-cli works fine and the 6 digit codes can be retrieved in solo2-desktop afterwards.

oplik0 commented 9 months ago

Should be fixed in v1.0.1

userx14 commented 8 months ago

Hi, thanks for the new release, now the "advanced" menu opens correctly and the register button turns blue when a TOTP Secret is added.

Unfortunatelly there still seems to be an issue with the underlying code in one corner case: When using a new solokey where no TOTP Secrets are stored, the "Register" button does not do anything and the usb key does not flash. However when there is at least one other key already present on the device (which I added using the solo2 cli interface), adding new keys works as expected. When I delete all stored keys the issue reappears, so the condition seems to be that solo2 app oath list returns nothing.

I'm happy to offer testing if it is inconvinient for you to clear all totp keys from your usb-dongle. While trying to setup pnpn I ran into some trouble on Windows with the message  ENOENT  not found: node, which I need to fix before being able to build your application locally.

Best, Benjamin

oplik0 commented 8 months ago

Yeah, this seems to be a bigger issue with CSP than I initially thought... I was working on moving the app back to SvelteKit (because other routers for svelte seem to be a bit abandoned and slightly broken with svelte 4) so I'll try to fix it properly in the next few days.

The issue is incredibly annoying because the way Tauri works it's impossible to recreate in a dev build - I actually need to fully build the app and install it just to test if I made any progress...

oplik0 commented 8 months ago

Turns out this part wasn't CSP related, but a separate bug resulting from me trying to be too smart and "deduplicating" some data when I refactored totp handling. I deduplicated so much that only keys that had oath credentials were left so the ones that didn't couldn't be targeted when adding a new credential :)

Fixed now, 1.0.2 should be built soon.