jampe
Very unstable interaction with bw cli
This one is a bit hard to describe, but I'll try my best, and leave as much information as I can.
I'm using the bw cli in version 2024.4.1. I am using kp2bw from the current master, running on debian (inside a docker container). I am using vaultwarden, but I suspect that does not play a role here. Python is at 3.10.12.
The process of fetching existing folders through the bw cli, and subsequent bw cli operations, was flaky overall, and seemed to stall. It took me a while to realize that it was stalling because the bw cli, called from kp2bw, was asking for the password. The prompt for entering the password was not visible until I hit enter.
Given that kp2bw initially prompts for the bw password (unless passed in via option), I suspect that it's unintended behaviour for the bw cli to ask again. The session key obtained in BitwardenClient through bw unlock \"{password}\" --raw should suffice, but it seems that that mechanism somehow broke.
N.B. the quoting of password above (https://github.com/jampe/kp2bw/pull/36) fixes the problem of passwords containing space characters, but can't work for passwords containing a double quote ("). It needs proper subprocess handling for this, passing the process parameters as a list.
I added some debug printing to log the bw cli calls in _exec_with_session and tried these directly from a shell. I can't reproduce this right now, but what I observed was that running the same command (e.g. bw list items --session $the_session_key) four times in a row, it would work exactly every other time, the other times printing out "mac error" and asking for the password.
A workaround that reliably worked for me was:
- change _exec_with_session in BitwardenClient by removing
--session '{self._key} - run
bw unlockin a shell - paste
export BW_SESSION=...from the output - run kp2bw
This existing PR looks related, but I did not check it out: https://github.com/jampe/kp2bw/pull/47
Sure!
It looks like the --session param for passing the token does not work, or kp2bw isn't handling it well. I'm getting errors from JSON parsing of bw cli output, which isn't visible until I hit enter for some reason.
As you can see, I removed that, so you need to do the export BW_SESSION= thing (assuming some linux shell).
Note: I'm using an older version of the bw cli because of one of these bugs:
- https://github.com/bitwarden/clients/issues/5618
- https://github.com/bitwarden/clients/issues/5876
index 141fe63..7ac84b9 100755
--- a/kp2bw/bitwardenclient.py
+++ b/kp2bw/bitwardenclient.py
@@ -20,9 +20,9 @@ def __init__(self, password, orgId):
self._orgId = orgId
# login
- self._key = self._exec(f"bw unlock \"{password}\" --raw")
- if "error" in self._key:
- raise Exception("Could not unlock the Bitwarden db. Is the Master Password correct and are bw cli tools set up correctly?")
+ #self._key = self._exec(f"bw unlock \"{password}\" --raw")
+ #if "error" in self._key:
+ # raise Exception("Could not unlock the Bitwarden db. Is the Master Password correct and are bw cli tools set up correctly?")
# make sure data is up to date
if not "Syncing complete." in self._exec_with_session("bw sync"):
@@ -76,7 +76,9 @@ def _get_existing_folder_entries(self):
for folder_id, entries in groupby(items, key=lambda item: item["folderId"])}
def _exec_with_session(self, command):
- return self._exec(f"{command} --session '{self._key}'")
+ #result = self._exec(f"{command} --session '{self._key}'")
+ result = self._exec(f"{command}")
+ return result
def has_folder(self, folder):
return folder in self._folders
diff --git a/kp2bw/cli.py b/kp2bw/cli.py
index 85f1030..f5f5d37 100644
--- a/kp2bw/cli.py
+++ b/kp2bw/cli.py
@@ -70,7 +70,8 @@ def main():
# stdin password
kp_pw = _read_password(args.kp_pw, "Please enter your KeePass 2.x db password: ")
- bw_pw = _read_password(args.bw_pw, "Please enter your Bitwarden password: ")
+ #bw_pw = _read_password(args.bw_pw, "Please enter your Bitwarden password: ")
+ bw_pw = ""
# call converter
c = Converter(
I found that by using npm to install instead of binary files, the mac error doesn't occur.
