Open dale-courtney opened 3 years ago
Our library only supports an earlier version of the cli as stated in the README but we may look into updating the cli and python version in the future! I'll keep you posted.
@dtpryce Thanks. I totally overlooked that caveat 🤦🏻♂️ I will look into down-grading my OP version. I really need this functionality.
We used to try to support the most recent version but we couldn't keep on top of it so then fixed it to ensure backward and fixed compatibility. Sorry. Hope downgrade is possible and works, otherwise we can look at upgrade.
I unstalled OP CLI and reinstalled version 1.10.3 from here: https://app-updates.agilebits.com/product_history/CLI#v1100301
I verified that I have the correct version:
/usr/local/bin % op --version
1.10.3
I got the same error. So I reinstalled OnePassword python client:
pip install --ignore-installed 1password
Again, same error. Using terminal, I ran the following command successfully to verify that my password is working:
op list users | jq -r
Here is the error that I receive after entering my password:
Warning: Password input may be echoed.
Please input your 1Password master password: >? ***************
Traceback (most recent call last):
File "<input>", line 4, in <module>
File "/usr/local/lib/python3.9/site-packages/onepassword/client.py", line 41, in __init__
self.encrypted_master_password, self.session_key = self.signin_wrapper(account=account,
File "/usr/local/lib/python3.9/site-packages/onepassword/client.py", line 103, in signin_wrapper
password, session_key, domain, account, bp = self._signin(account, domain, email, secret_key, master_password)
File "/usr/local/lib/python3.9/site-packages/onepassword/client.py", line 172, in _signin
sess_key = _spawn_signin(op_command, master_password)
File "/usr/local/lib/python3.9/site-packages/onepassword/utils.py", line 85, in _spawn_signin
sess_key = get_session_key(child.before)
File "/usr/local/lib/python3.9/site-packages/onepassword/utils.py", line 58, in get_session_key
raise IndexError("Session keys not parsed correctly from response: {}.".format(process_resp_before))
IndexError: Session keys not parsed correctly from response: b": \r\n[ERROR] 2021/10/01 13:44:23 (401) Unauthorized: You aren't authorized to perform this action.\r\n".
So sorry I am slow to pick this up ... I don't want to know your session key but looks like our regex isn't working for some reason. Can you verify this for me?
In python do something like:
my_session_key = <<>>
new_line_response = [x for x in str(my_session_key).split(" ") if "\\r\\n" in x]
Then tell me how many lines you get? This is how we get the session key back from the cli responses.
@dtpryce David: I'm not sure how to get my_session_key in order to test this.
Very good point!! With 2FA on (which I assume you already do) you can use the cli and just try to signin as usual. Then the line that is returned after using your 6 digit code is the one to use here so it should actually be:
response_line = "..."
new_line_response = [x for x in str(response_line).split(" ") if "\\r\\n" in x]
Hey, @dtpryce Thanks for following up.
I had to use the --raw login to get that session key.
So I ran
esponse_line = "..." new_line_response = [x for x in str(response_line).split(" ") if "\\r\\n" in x]
And I got back
new_line_response = []
The only thing unusual about that session key was that it has two dashes in it.
*****************AZA-SLe87HYeN-tUHfeT6xHpyA
Hmm odd ... Any chance you can run through the cli workflow and share anonymised returns?
Sure. As you noted, I am using 2FA on 1Password Enterprise. And I'm running OP version 1.10.3
op signin team_name --raw
[password]
**********Hnv8XbLbIxknrDTLhpxYZqLcKJo
I'm circling back around on this MFA issue to see anyone has any ideas.
I'm still running CLI version 1.10.3 and I am still getting the same errors after I enter my password. I know that the password works because I can run commands in the CLI.
I tried uninstalling and reinstalling onepassword using pip. That didn't fix the problem.
I run the following:
from onepassword import OnePassword
import json
op = OnePassword()
Here are the python errors after entering my 1Password password:
Traceback (most recent call last):
File "/usr/local/Cellar/python@3.9/3.9.10/Frameworks/Python.framework/Versions/3.9/lib/python3.9/code.py", line 90, in runcode
exec(code, self.locals)
File "<input>", line 4, in <module>
File "/usr/local/lib/python3.9/site-packages/onepassword/client.py", line 41, in __init__
self.encrypted_master_password, self.session_key = self.signin_wrapper(account=account,
File "/usr/local/lib/python3.9/site-packages/onepassword/client.py", line 103, in signin_wrapper
password, session_key, domain, account, bp = self._signin(account, domain, email, secret_key, master_password)
File "/usr/local/lib/python3.9/site-packages/onepassword/client.py", line 172, in _signin
sess_key = _spawn_signin(op_command, master_password)
File "/usr/local/lib/python3.9/site-packages/onepassword/utils.py", line 85, in _spawn_signin
sess_key = get_session_key(child.before)
File "/usr/local/lib/python3.9/site-packages/onepassword/utils.py", line 58, in get_session_key
raise IndexError("Session keys not parsed correctly from response: {}.".format(process_resp_before))
IndexError: Session keys not parsed correctly from response: b": \r\n[ERROR] 2022/02/17 10:59:06 (401) Unauthorized: You aren't authorized to perform this action.\r\n".
Any suggestions would be greatly appreciated. I'm dead in the water using Python with 1Password.
Best, Dale
Hey Dale,
Sorry we aren't particularly fast at responding here, it's not our main focus sadly.
Plus I am about to go away for a bit so unlikely to get a chance to look myself, but I do urge you to fork and try to fix yourself if you can? I understand this might be tricky since you aren't able to test fully yet. From a quick think it looks like something in our session key regex isn't quite working here which you can see here: https://github.com/wandera/1password-client/blob/f80547a494900b7b18eb343b74ac24eb0fba0caa/onepassword/utils.py#L56
so maybe check if that method and lines will work with your data and then you can PR from there potentially?
From what I can see, the get_session_key
function is called by _spawn_signin
, which is in turn called to get the session key here.
The op
command appears to always be called with at least the --raw
option, which outputs only the session key string.
It seems as if the output from op --raw
could just be taken as the session key, if no error checking is needed. I don't understand what the purpose of the new_line_response is.
For more options or error checking, something like the parse module could be considered.
Hey @Jaharmi we just released 1.0.1 of our client which should support v2 of the cli and app. It also means users can use biometric or via the app authentication, however for now we have kept the direct password authentication route. Would you be able to test out this new version and tell us if you still need this or that it is now deprecated by the app link or SSO?
@dale-courtney I knew I recognised your username from somewhere! Did this issue get resolved by our upgrade to support the V2 CLI?
I am running 1Password command-line tool 1.11.4 (the latest version) on a MacBook Pro with Python 3.9.7 installed. I am an administrator on a 1Password for Teams account. The OP CLI works fine for me with my master psswd.
When I run
I am prompted for my password. After I enter that, I get the following errors and I am never prompted for my 2FA: