search

raycast / extensions

Everything you need to extend Raycast.
https://developers.raycast.com
MIT License
5.23k stars 2.92k forks source link

Flush DNS asks for password instead of Touch ID on macOS Sonoma #13104

Open imgrant opened 2 months ago

imgrant commented 2 months ago

Extension

https://www.raycast.com/rasmusbe/flush-dns

Raycast Version

1.77.1

macOS Version

14.5

Description

Description

When activating the 'Flush DNS' command with this extension, a dialog for 'osascript' is presented ("osascript wants to make changes. Enter your password to allow this." (screenshot below). There is no option to use Touch ID, even if the Touch ID PAM module (pam_tid.so) is configured in /etc/pam.d/sudo.

This greatly reduces the convenience of the extension, in my opinion. For instance, I previously achieved the same result by opening a terminal and manually pasting the command to flush the cache and restart mDNSResponder (or having it in history or whatever), leveraging my configuration that enables Touch ID for sudo commands. I had hoped this extension would make this even easier by it being able to launch it from Raycast.

Cause

The command the extension is attempting to run leverages osascript with the with administrator privileges instruction: https://github.com/raycast/extensions/blob/96f33396c6ceae40f078ff897e148ab04b4a3ae0/extensions/flush-dns/src/index.ts#L48

Based on similar reports relating to osascript I came across while Googling, I think this might be a change/regression in macOS Sonoma, specifically (but I have not used Raycast and this extension in older versions of macOS so cannot be sure), ie in that previously, passing the with administrator privileges instruction to osascript would present a Touch ID-enabled dialog.

Solution

A solution might be to drop the with administrator privileges component, since the shell commands also include sudo; in that situation, if PAM is configured to use Touch ID for sudo, then a Touch ID-enabled dialog is presented (example screenshot below)

Screenshot of password dialog for osascript

image

Example screenshot of Touch ID dialog

With pam_tid.so enabled in my PAM config for sudo, running the following shell command (ie omitting the with administrator privileges part for osascript) produces a Touch ID-enabled dialog (for sudo instead of osascript) as follows:

osascript -e 'do shell script "sudo /usr/bin/dscacheutil -flushcache; sudo /usr/bin/killall -HUP mDNSResponder"'
image

Steps To Reproduce

  1. With the Flush DNS extension installed in Raycast on macOS Sonoma (14.5)...
  2. with or without pam_tid.so enabled for sudo...
  3. Run the 'Flush DNS' command
  4. Observe a password-only dialog (for osascript) is presented, with no option to use Touch ID

Current Behaviour

Touch ID is not usable for the Flush DNS extension

Expected Behaviour

Using Touch ID to authorise the commands to flush the DNS cache would be much more convenient

raycastbot commented 2 months ago

Thank you for opening this issue!

🔔 @rasmusbe @tombonez you might want to have a look.

💡 Author and Contributors commands The author and contributors of `rasmusbe/flush-dns` can trigger bot actions by commenting: - `@raycastbot close this issue` Closes the issue. - `@raycastbot rename this issue to "Awesome new title"` Renames the issue. - `@raycastbot reopen this issue` Reopens the issue. - `@raycastbot assign me` Assigns yourself to the issue. - `@raycastbot good first issue` Adds the "Good first issue" label to the issue. - `@raycastbot keep this issue open` Make sure the issue won't go stale and will be kept open by the bot.
raycastbot commented 1 month ago

This issue has been automatically marked as stale because it did not have any recent activity.

It will be closed if no further activity occurs in the next 10 days to keep our backlog clean 😊

imgrant commented 1 month ago

@raycastbot keep