Skip to content
This repository has been archived by the owner on Jun 10, 2024. It is now read-only.

Unable to unlock vault via workflow #191

Open
mckennajones opened this issue Feb 29, 2024 · 4 comments
Open

Unable to unlock vault via workflow #191

mckennajones opened this issue Feb 29, 2024 · 4 comments

Comments

@mckennajones
Copy link

I'm having an issue where the workflow seems to think my vault is always locked. The workflow worked great for me months ago and I'm not exactly sure what changed... Homebrew has updated my cli version to 2024.2.0, but I'm still using version 2.4.7 of the workflow as I'm using Alfred 4. Here are logs showing the workflow saying the vault is locked, me unlocking it (appears successful from the logs), and then saying that it's locked again.

10:33:34 workflow.go:328: -------- Bitwarden v2/2.4.7 (AwGo/0.27.1) --------
10:33:34 main.go:162: &main.options{Search:false, Config:false, SetConfigs:false, Auth:false, OnOffConfigs:false, AuthConfig:false, Lock:false, Icons:false, Folder:false, Unlock:false, Login:false, Logout:false, Sync:false, Open:false, GetItem:false, Force:false, Totp:false, Last:false, Background:false, Id:"", Query:"", Attachment:"", Output:""}
10:33:34 main.go:164: args=[]string{} => []string{}
10:33:34 main.go:165: (main.config) {
 AutoFetchIconCacheAge: (int) 1440,
 AutoFetchIconMaxCacheAge: (time.Duration) 24h0m0s,
 BwconfKeyword: (string) (len=9) ".bwconfig",
 BwauthKeyword: (string) (len=7) ".bwauth",
 BwKeyword: (string) (len=3) ".bw",
 BwfKeyword: (string) (len=4) ".bwf",
 BwExec: (string) (len=2) "bw",
 BwDataPath: (string) "",
 Debug: (bool) true,
 Email: (string) (len=20) "<redacted>",
 EmailMaxWait: (int) 15,
 EmptyDetailResults: (bool) false,
 IconCacheAge: (int) 43200,
 IconCacheEnabled: (bool) true,
 IconMaxCacheAge: (time.Duration) 720h0m0s,
 MaxResults: (int) 1000,
 Mod1: (string) (len=3) "alt",
 Mod1Action: (string) (len=13) "username,code",
 Mod2: (string) (len=5) "shift",
 Mod2Action: (string) (len=3) "url",
 Mod3: (string) (len=4) "ctrl",
 Mod3Action: (string) (len=4) "totp",
 Mod4: (string) (len=7) "cmd,opt",
 Mod4Action: (string) (len=4) "more",
 Mod5: (string) (len=9) "cmd,shift",
 Mod5Action: (string) (len=5) "webui",
 NoModAction: (string) (len=13) "password,card",
 OpenLoginUrl: (bool) true,
 OutputFolder: (string) (len=30) "/Users/mckennajones/Downloads/",
 Path: (string) (len=101) "/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/local/share/npm/bin:/usr/bin:/usr/sbin:/opt/homebrew/bin",
 ReorderingDisabled: (bool) true,
 Server: (string) "",
 Sfa: (bool) false,
 SfaMode: (int) 0,
 SkipTypes: (string) "",
 TitleWithUser: (bool) true,
 TitleWithUrls: (bool) false,
 UseApikey: (bool) false,
 WebUiURL: (string) (len=27) "https://vault.bitwarden.com"
}
10:33:34 feedback.go:509: Sent 3 result(s) to Alfred
10:33:34 workflow.go:405: ------------------- 14.24975ms -------------------
[10:33:34.961] Bitwarden v2[Script Filter] {
  "variables": {
    "AW_SESSION_ID": "TW1OH6WCRGBWN9AC6Z4C9WRM"
  },
  "items": [
    {
      "title": "Bitwarden is locked.",
      "subtitle": "Need to unlock first to get secrets, reading cached items without the secrets.",
      "valid": false,
      "icon": {
        "path": "icons/warning.png"
      }
    },
    {
      "title": "Unlock",
      "subtitle": "Unlock Bitwarden",
      "valid": true,
      "icon": {
        "path": "icons/on.png"
      },
      "variables": {
        "action": "-unlock",
        "email": "<redacted>",
        "type": "unlock"
      }
    },
    {
      "title": "Cache expired/not existing. Need to run a sync.",
      "subtitle": "Sync Bitwarden secrets with server.",
      "arg": "-background",
      "valid": true,
      "icon": {
        "path": "icons/reload.png"
      },
      "variables": {
        "action": "-sync",
        "action2": "-force",
        "notification": "Syncing Bitwarden secrets"
      }
    }
  ]
}
[10:33:37.104] Bitwarden v2[Script Filter] Processing complete
[10:33:37.114] Bitwarden v2[Script Filter] Passing output '' to Conditional
[10:33:37.117] Bitwarden v2[Conditional] Processing complete
[10:33:37.119] Bitwarden v2[Conditional] Passing output '' to Hide Alfred
[10:33:37.120] Bitwarden v2[Hide Alfred] Processing complete
[10:33:37.122] Bitwarden v2[Hide Alfred] Passing output '' to Run Script
[10:33:42.551] STDERR: Bitwarden v2[Run Script] 10:33:37 utils.go:172: [DEBUG] bwDataPath is: /Users/mckennajones/Library/Application Support/Bitwarden CLI/data.json
10:33:37 utils.go:172: [DEBUG] BwData config is: {path:/Users/mckennajones/Library/Application Support/Bitwarden CLI/data.json InstalledVersion:2024.2.0 UserEmail:<redacted> UserId:<redacted> ActiveUserId:<redacted> ProtectedKey: EncKey: Kdf:0 KdfIterations:100000 Global:{InstalledVersion:2024.2.0} Profile:{EverBeenUnlocked:false LastSync:2024-02-29T17:33:30.531Z KdfIterations:100000 KdfType:0 Email:<redacted> UserId:<redacted>} Keys:{ApiKeyClientSecret: CryptoSymmetricKey:{Encrypted:} PrivateKey:<redacted> Unused:map[]}
🍺
10:33:37 workflow.go:328: -------- Bitwarden v2/2.4.7 (AwGo/0.27.1) --------
10:33:37 main.go:162: &main.options{Search:false, Config:false, SetConfigs:false, Auth:false, OnOffConfigs:false, AuthConfig:false, Lock:false, Icons:false, Folder:false, Unlock:true, Login:false, Logout:false, Sync:false, Open:false, GetItem:false, Force:false, Totp:false, Last:false, Background:false, Id:"", Query:"", Attachment:"", Output:""}
10:33:37 main.go:164: args=[]string{"-unlock"} => []string{}
10:33:37 main.go:165: (main.config) {
 AutoFetchIconCacheAge: (int) 1440,
 AutoFetchIconMaxCacheAge: (time.Duration) 24h0m0s,
 BwconfKeyword: (string) (len=9) ".bwconfig",
 BwauthKeyword: (string) (len=7) ".bwauth",
 BwKeyword: (string) (len=3) ".bw",
 BwfKeyword: (string) (len=4) ".bwf",
 BwExec: (string) (len=2) "bw",
 BwDataPath: (string) "",
 Debug: (bool) true,
 Email: (string) (len=20) "<redacted>",
 EmailMaxWait: (int) 15,
 EmptyDetailResults: (bool) false,
 IconCacheAge: (int) 43200,
 IconCacheEnabled: (bool) true,
 IconMaxCacheAge: (time.Duration) 720h0m0s,
 MaxResults: (int) 1000,
 Mod1: (string) (len=3) "alt",
 Mod1Action: (string) (len=13) "username,code",
 Mod2: (string) (len=5) "shift",
 Mod2Action: (string) (len=3) "url",
 Mod3: (string) (len=4) "ctrl",
 Mod3Action: (string) (len=4) "totp",
 Mod4: (string) (len=7) "cmd,opt",
 Mod4Action: (string) (len=4) "more",
 Mod5: (string) (len=9) "cmd,shift",
 Mod5Action: (string) (len=5) "webui",
 NoModAction: (string) (len=13) "password,card",
 OpenLoginUrl: (bool) true,
 OutputFolder: (string) (len=30) "/Users/mckennajones/Downloads/",
 Path: (string) (len=101) "/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/local/share/npm/bin:/usr/bin:/usr/sbin:/opt/homebrew/bin",
 ReorderingDisabled: (bool) true,
 Server: (string) "",
 Sfa: (bool) false,
 SfaMode: (int) 0,
 SkipTypes: (string) "",
 TitleWithUser: (bool) true,
 TitleWithUrls: (bool) false,
 UseApikey: (bool) false,
 WebUiURL: (string) (len=27) "https://vault.bitwarden.com"
}
10:33:40 utils.go:172: [DEBUG] bw unlock command is bw unlock --raw --passwordenv PASS
10:33:42 utils.go:172: [DEBUG] first few chars of the token is WZ
10:33:42 workflow.go:405: ------------------ 5.418298875s ------------------
[10:33:42.586] Bitwarden v2[Run Script] Processing complete
[10:33:42.588] Bitwarden v2[Run Script] Passing output 'Unlocked
' to Conditional
[10:33:42.590] Bitwarden v2[Conditional] Processing complete
[10:33:42.591] Bitwarden v2[Conditional] Passing output 'Unlocked
' to Post Notification
[10:33:46.396] Bitwarden v2[Script Filter] Queuing argument '(null)'
[10:33:46.492] Bitwarden v2[Script Filter] Script with argv '(null)' finished
[10:33:46.504] STDERR: Bitwarden v2[Script Filter] 10:33:46 utils.go:172: [DEBUG] bwDataPath is: /Users/mckennajones/Library/Application Support/Bitwarden CLI/data.json
10:33:46 utils.go:172: [DEBUG] BwData config is: {path:/Users/mckennajones/Library/Application Support/Bitwarden CLI/data.json InstalledVersion:2024.2.0 UserEmail:<redacted> UserId:<redacted> ActiveUserId:<redacted> ProtectedKey: EncKey: Kdf:0 KdfIterations:100000 Global:{InstalledVersion:2024.2.0} Profile:{EverBeenUnlocked:false LastSync:2024-02-29T17:33:30.531Z KdfIterations:100000 KdfType:0 Email:<redacted> UserId:<redacted>} Keys:{ApiKeyClientSecret: CryptoSymmetricKey:{Encrypted:} PrivateKey:<redacted> Unused:map[]}
🍺
10:33:46 workflow.go:328: -------- Bitwarden v2/2.4.7 (AwGo/0.27.1) --------
10:33:46 main.go:162: &main.options{Search:false, Config:false, SetConfigs:false, Auth:false, OnOffConfigs:false, AuthConfig:false, Lock:false, Icons:false, Folder:false, Unlock:false, Login:false, Logout:false, Sync:false, Open:false, GetItem:false, Force:false, Totp:false, Last:false, Background:false, Id:"", Query:"", Attachment:"", Output:""}
10:33:46 main.go:164: args=[]string{} => []string{}
10:33:46 main.go:165: (main.config) {
 AutoFetchIconCacheAge: (int) 1440,
 AutoFetchIconMaxCacheAge: (time.Duration) 24h0m0s,
 BwconfKeyword: (string) (len=9) ".bwconfig",
 BwauthKeyword: (string) (len=7) ".bwauth",
 BwKeyword: (string) (len=3) ".bw",
 BwfKeyword: (string) (len=4) ".bwf",
 BwExec: (string) (len=2) "bw",
 BwDataPath: (string) "",
 Debug: (bool) true,
 Email: (string) (len=20) "<redacted>",
 EmailMaxWait: (int) 15,
 EmptyDetailResults: (bool) false,
 IconCacheAge: (int) 43200,
 IconCacheEnabled: (bool) true,
 IconMaxCacheAge: (time.Duration) 720h0m0s,
 MaxResults: (int) 1000,
 Mod1: (string) (len=3) "alt",
 Mod1Action: (string) (len=13) "username,code",
 Mod2: (string) (len=5) "shift",
 Mod2Action: (string) (len=3) "url",
 Mod3: (string) (len=4) "ctrl",
 Mod3Action: (string) (len=4) "totp",
 Mod4: (string) (len=7) "cmd,opt",
 Mod4Action: (string) (len=4) "more",
 Mod5: (string) (len=9) "cmd,shift",
 Mod5Action: (string) (len=5) "webui",
 NoModAction: (string) (len=13) "password,card",
 OpenLoginUrl: (bool) true,
 OutputFolder: (string) (len=30) "/Users/mckennajones/Downloads/",
 Path: (string) (len=101) "/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/local/share/npm/bin:/usr/bin:/usr/sbin:/opt/homebrew/bin",
 ReorderingDisabled: (bool) true,
 Server: (string) "",
 Sfa: (bool) false,
 SfaMode: (int) 0,
 SkipTypes: (string) "",
 TitleWithUser: (bool) true,
 TitleWithUrls: (bool) false,
 UseApikey: (bool) false,
 WebUiURL: (string) (len=27) "https://vault.bitwarden.com"
}
10:33:46 feedback.go:509: Sent 3 result(s) to Alfred
10:33:46 workflow.go:405: ------------------- 7.129084ms -------------------
[10:33:46.518] Bitwarden v2[Script Filter] {
  "variables": {
    "AW_SESSION_ID": "5YZ9B1JRVYKCUSCU45X1OT1Z"
  },
  "items": [
    {
      "title": "Bitwarden is locked.",
      "subtitle": "Need to unlock first to get secrets, reading cached items without the secrets.",
      "valid": false,
      "icon": {
        "path": "icons/warning.png"
      }
    },
    {
      "title": "Unlock",
      "subtitle": "Unlock Bitwarden",
      "valid": true,
      "icon": {
        "path": "icons/on.png"
      },
      "variables": {
        "action": "-unlock",
        "email": "<redacted>",
        "type": "unlock"
      }
    },
    {
      "title": "Cache expired/not existing. Need to run a sync.",
      "subtitle": "Sync Bitwarden secrets with server.",
      "arg": "-background",
      "valid": true,
      "icon": {
        "path": "icons/reload.png"
      },
      "variables": {
        "action": "-sync",
        "action2": "-force",
        "notification": "Syncing Bitwarden secrets"
      }
    }
  ]
}

Via the CLI unlocking seems to work fine, although I get a punycode warning that has been mentioned in some other tickets.

➜  ~ bw unlock
(node:24729) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
? Master password: [hidden]
Your vault is now unlocked!

To unlock your vault, set your session key to the `BW_SESSION` environment variable. ex:
$ export BW_SESSION="<redacted>"
> $env:BW_SESSION="<redacted>"

You can also pass the session key to any command with the `--session` option. ex:
$ bw list items --session <redacted>
➜  ~ export BW_SESSION="<redacted>"
➜  ~ bw status
(node:24867) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
{"serverUrl":null,"lastSync":"2024-02-29T17:33:30.531Z","userEmail":"<redacted>","userId":"<redacted>","status":"unlocked"}
@mckennajones
Copy link
Author

@blacs30 any ideas here? I miss using this awesome tool! The browser extension is so much slower 🙃

@blacs30
Copy link
Owner

blacs30 commented Apr 19, 2024

Hey @mckennajones
just noticed now that you're using a very old version.
See the first item in release 3.0.0 that is probably causing your issue. The data structure changed and the workflow always thinks it's not logged in because it can't find some field in the json file.
Have you tried using a new version?

@mckennajones
Copy link
Author

Hi @blacs30 thanks for the response. I'm using 2.4.7 of the workflow based on this comment in the readme:

If you are using Alfred 4, the latest supported version is 2.4.7.

I'm still on Alfred 4 because I have no strong reason to pay the upgrade fee to get version 5. Do I need to be using an older version of the BW CLI potentially?

@mckennajones
Copy link
Author

mckennajones commented Apr 24, 2024
edited
Loading

Hey @blacs30. I installed an older version of the CLI and I'm back up and running. I went with 2023.1.0. Not sure which version breaks things when using 2.4.7 of the workflow. Probably best to add a note to the Readme then we could close this one out.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mckennajones @blacs30