search

vladimiry / ElectronMail

Unofficial ProtonMail Desktop App
GNU General Public License v3.0
1.49k stars 98 forks source link

temporary node file with dynamic filename causing login issues on some accounts #624

Closed ask2018 closed 1 year ago

ask2018 commented 1 year ago

In short: I've got login/account unlock issues on some of my ProtonMail accounts, where captcha has been triggered and account not correctly unlocked. Then I noticed temporary file with dynamic filename is created in my C:\Users\USERNAME\AppData\Local\Temp folder. That was causing security software alerts as new process trying to access the network. File included here in ZIP archive.

It is related to issues I've posted here before: https://github.com/vladimiry/ElectronMail/issues/621#issuecomment-1632475848_ https://github.com/vladimiry/ElectronMail/issues/621#issuecomment-1632721133_ https://github.com/vladimiry/ElectronMail/issues/621#issuecomment-1641710043_

f0441d2e-b000-449c-8dfb-1f7e8fae6ee7.tmp.zip

vladimiry commented 1 year ago

Native dependencies get unpacked from @electron's "asar" archive, for proper execution. I made them to be pre-unpacked into app's "node_modules" directory, so the security scanners don't get triggered each time for a new binary. But it appears that I missed something in the recent release. Hard to guess what the binary is, I will be trying unpacking the https://github.com/vladimiry/ElectronMail/releases/download/v5.1.8/electron-mail-5.1.8-windows78-x64-nsis-installer.exe and locating the same binary in it.

But, if you were using the same app version, and then it suddenly started acting like this, then this sounds like a potential issue at your side, as the app remains static.

ask2018 commented 1 year ago

Yes it was the same version of the app, but it started only after the captcha issue on some accounts. Before it was not there. Maybe the security alert is somehow related to the additional network connections to the captcha server.

vladimiry commented 1 year ago

This sounds like @protonmail doing something tricky in relation to named verification. At the moment, I don't have clear answer what they are doing, as I didn't trigger nor debugged the captcha verification behavior.

vladimiry commented 1 year ago

I accidentally dropped msgpackr-extract library patching in the recent release, and this looks like a cause of the issue. If so, this should be resolved in the next release. Already fixed in the wip branch.

kiwiman2023 commented 1 year ago

My fathers is on windows 8.1 and latest version wont login.. but webpage directly works it comes up with captcha with move jigsaw piece to prove human. so he hasnt used it for 3 weeks. so you say go to older version to solve it? I didnt try that or wait for next build?

ask2018 commented 1 year ago

The issue seems to be fixed for me with 5.2.0. Thank you.