Configured API key but I am not able to open the vault

[Mte90]

So I followed everything on https://github.com/quexten/goldwarden/wiki/Getting-Started and configured the endpoints for my vaultwarden instance. Says just Done after adding the endpoints so my guess that the tool tests if they are right etc.

Anyway I set the apy key too but goldwarden vault unlock asks for the pin that I insert and doesn't work, I have also configured the 2FA that let's me receive an email but with api key shouldn't asks user/password right?

[quexten]

What does goldwarden vault status output?

[Mte90]

{
  "locked": true ,
  "loginEntries": 0 ,
  "noteEntries": 0 ,
  "lastSynced": "1970-01-01 01:00:00 +0100 CET",
  "websocketConnected": false ,
  "pinSet": true ,
  "loggedIn": false
}

[quexten]

Seems like you are not logged in. Can you try running goldwarden vault login --email <email>?

[quexten]

(Also besides that it seems the vault unlock command needs proper detection in this step and print a warning to make this obvious)

[Mte90]

I get Login failed: invalid PIN but it is the pin I use the web UI and the mobile app for that account to access.

[quexten]

In this case the "Pin" it first asks for is to unlock your vault, not login to your account, i.e it is the pin you set in the beginning using "goldwarden vault pin set".

"locked": true ,

After that it will ask you for your master password to authenticate to Bitwarden, and to decrypt the vault.

[Mte90]

That command is not explained on https://github.com/quexten/goldwarden/wiki/Getting-Started

[ERR] [11:45] [Goldwarden > IPC Messages] >>> Unregistered message type 0
Wrong response type

I got this after setting it.

I am not sure how to reset the pin just in case.

[quexten]

Ok, that's definitely a bug. I'm not sure what caused this, but the easiest way to fix is probably just goldwarden vault purge then set your 1.) pin 2.) vaultwarden endpoints 3.) run login.

There is no need to set API keys on vaultwarden.

[Mte90]

So I did it and now asks for bitwarden password and the 2FA code, the problem is that the modal UI get the focus so I can't click everywhere else, like in thunderbird to get the 2fa code I received by email.

[quexten]

Ahh, right... Gnome pinentry?

Do you have another device to get the 2FA code from? Other than that, in this case the api key might actually help you here since it disables the 2FA requirement. I.e set your api client-id and client-secret, then run vault login --email ... again and it should not ask you for the 2FA code.

[Mte90]

So with api key doesn't asks for the pin, anyway yes seems a Gnome modal also if I am on KDE. It isn't better to asks those stuff in the terminal itself?

[quexten]

Well, I'm looking to support that, but it requires some re-architecting of some parts of the communication protocol between the daemon and the cli to support per-connection pinentries.

[Mte90]

I have issues on settings the PIN:

 mte90    main  1    Desktop  kde  goldwarden  goldwarden vault login
Error: No email specified
 mte90    main  1    Desktop  kde  goldwarden  goldwarden vault status
{"lastSynced":"1970-01-01 01:00:00 +0100 CET","locked":true,"loggedIn":true,"loginEntries":0,"noteEntries":0,"pinSet":true,"websocketConnected":false}
 mte90    main  1    Desktop  kde  goldwarden  goldwarden vault pin set
[ERR] [18:42] [Goldwarden > IPC Messages] >>> Unregistered message type 0
Wrong response type
 mte90    main  1    Desktop  kde  goldwarden  goldwarden logins list
Error: Error: invalid PIN
Is the daemon running?

I am not able also to login, in my case I have also configured the API keys so it shouldn't asks for login. I configured the pin (I guess the one used by goldwarden) as the same of the online password just to be sure that everything is the same.

[quexten]

[ERR] [18:42] [Goldwarden > IPC Messages] >>> Unregistered message type 0

Does this even ask you for the pin? If it prints unregistered message type, that should only happen either during development when a new message type was created but not registered, or when 2 different versions of goldwarden are used as client / daemon.

Do you know which binary on your system the daemon is using, and which one the ui is using as a client?

[Mte90]

I get the error in console after entering the pin, I am using the latest version (build myself). The daemon log is empty:

[INF] [19:02] [Goldwarden > Keyring] >>> Creating new memguard keyring
[INF] [19:02] [Goldwarden > Agent] >>> Agent listening on /home/mte90/.goldwarden.sock...
[INF] [19:02] [Goldwarden > SSH] >>> SSH Agent listening on /home/mte90/.goldwarden-ssh-agent.sock
Blocking, press ctrl+c to continue...
[WRN] [19:02] [Goldwarden > Agent] >>> Could not monitor idle: The name org.gnome.Mutter.IdleMonitor was not provided by any .service files

From the UI:

starting goldwarden daemon /usr/bin/goldwarden
[INF] [19:04] [Goldwarden > Keyring] >>> Creating new memguard keyring
[INF] [19:04] [Goldwarden > Agent] >>> Agent listening on /home/mte90/.goldwarden.sock...
[INF] [19:04] [Goldwarden > SSH] >>> SSH Agent listening on /home/mte90/.goldwarden-ssh-agent.sock
[WRN] [19:04] [Goldwarden > Agent] >>> Could not monitor idle: The name org.gnome.Mutter.IdleMonitor was not provided by any .service files
listening for pinentry /usr/bin/goldwarden
[INF] [19:04] [Goldwarden > Agent] >>> Received pinentry registration request
[INF] [19:04] [Goldwarden > Agent] >>> Pinentry registration success: true
/home/mte90/Desktop/kde/goldwarden/gui/src/gui/settings.py:58: DeprecationWarning: Gtk.Widget.get_style_context is deprecated
  self.autotype_button.get_style_context().add_class("suggested-action")
/home/mte90/Desktop/kde/goldwarden/gui/src/gui/settings.py:58: DeprecationWarning: Gtk.StyleContext.add_class is deprecated
  self.autotype_button.get_style_context().add_class("suggested-action")
/home/mte90/Desktop/kde/goldwarden/gui/src/gui/settings.py:165: DeprecationWarning: Adw.ActionRow.set_icon_name is deprecated
  self.last_sync_row.set_icon_name("emblem-synchronizing-symbolic")
[INF] [19:05] [Goldwarden > Pinentry] >>> Asking for pin |Unlock Goldwarden|Enter the vault PIN|
[INF] [19:05] [Goldwarden > Pinentry] >>> Got pin from user
[INF] [19:05] [Goldwarden > Pinentry] >>> Asking for pin |Unlock Goldwarden|Enter the vault PIN|
[INF] [19:05] [Goldwarden > Pinentry] >>> Got pin from user

But doesn't show any error, there is a way to get more debug stuff in the console?

[quexten]

Sorry, took a while to circle back around to this.

starting goldwarden daemon /usr/bin/goldwarden

Can you build the binary locally (i.e "go build .") and then replace the /usr/bin/goldwarden binary with this?

[Mte90]

I already did that.

Sorry, took a while to circle back around to this.

starting goldwarden daemon /usr/bin/goldwarden

Can you build the binary locally (i.e "go build .") and then replace the /usr/bin/goldwarden binary with this?

[Mte90]

I am using the latest build from the repository but on running the UI I get:

Traceback (most recent call last):
  File "<frozen runpy>", line 198, in _run_module_as_main
  File "<frozen runpy>", line 88, in _run_code
  File "/home/mte90/Desktop/kde/goldwarden/gui/src/gui/quickaccess.py", line 17, in <module>
    goldwarden.create_authenticated_connection(token)
  File "/home/mte90/Desktop/kde/goldwarden/gui/src/services/goldwarden.py", line 48, in create_authenticated_connection
    raise Exception("Failed to authenticate")
Exception: Failed to authenticate

And doesn't happens on the UI, there should be an alert I guess.

[quexten]

And doesn't happens on the UI, there should be an alert I guess.

How are you running it? The token should be passed to stdin of quickaccess.py by whatever is starting quickaccess.py in this case.

(Usually this would be the linux/main.py process when it gets a call via dbus (when pressing a shortcut), or settings.py when clicking the button in the ui.)

[Mte90]

I run goldwarden_ui_main.py from the command line.

[Mte90]

Tried with the latest commit and built. I get this in the console:

[INF] [11:09] [Goldwarden > Pinentry] >>> Asking for pin |Unlock Goldwarden|Enter the vault PIN|
[INF] [11:09] [Goldwarden > Pinentry] >>> Got pin from user

But doesn't say anything if everything was fine or not, as example the password it was right?

[Mte90]

I have still the same issue with the latest version. The log doesn't says if the pin is valid or not, etc so is difficult do debug what is happening.

[quexten]

Thanks for confirming! Last couple months have been busy for me which lead to me not getting to these issues, but I'll try to find a useful way to debug this issue soon.

[Mte90]

So with the new UI is clear that is not unlocked after I insert the password.

I get on console:

starting goldwarden daemon /usr/bin/goldwarden
running locked status daemon
[INF] [10:47] [Goldwarden > Keyring] >>> Creating new memguard keyring
[INF] [10:47] [Goldwarden > Agent] >>> Agent listening on /home/mte90/.goldwarden.sock...
[INF] [10:47] [Goldwarden > SSH] >>> SSH Agent listening on /home/mte90/.goldwarden-ssh-agent.sock
[WRN] [10:47] [Goldwarden > Agent] >>> Could not monitor idle: The name org.gnome.Mutter.IdleMonitor was not provided by any .service files
listening for pinentry /usr/bin/goldwarden
[INF] [10:47] [Goldwarden > Agent] >>> Received pinentry registration request
[INF] [10:47] [Goldwarden > Agent] >>> Pinentry registration success: true
Traceback (most recent call last):
  File "/home/mte90/Desktop/kde/goldwarden/gui/src/gui/settings.py", line 31, in on_activate
    self.update()
  File "/home/mte90/Desktop/kde/goldwarden/gui/src/gui/settings.py", line 94, in update
    self.render()
  File "/home/mte90/Desktop/kde/goldwarden/gui/src/gui/settings.py", line 104, in render
    self.status_row.set_subtitle("Daemon not running")
    ^^^^^^^^^^^^^^^
AttributeError: 'GoldwardenSettingsApp' object has no attribute 'status_row'
create authenticated connection
[INF] [10:47] [Goldwarden > Agent] >>> Verified: true
[INF] [10:47] [Goldwarden > Pinentry] >>> Asking for pin |Unlock Goldwarden|Enter the vault PIN|
[INF] [10:47] [Goldwarden > Pinentry] >>> Got pin from user

but the UI or the output doesn't say anything about the fact that the password is wrong or something similar.

[Mte90]

So now I don't get any error and the UI stay unlocked also if I inserted the pin. I guess that as it is unlocked something doesn't work but I don't get any error or warning.