prospect-mail icon indicating copy to clipboard operation
prospect-mail copied to clipboard

Published 20 hours ago verified publisher icon julian-alarcon

[Bug]: Duo Authentication Box Does Not Appear

Open sr66139p opened this issue 2 years ago • 19 comments

Describe the bug The Duo 2FA box does not appear, preventing me from logging in

To Reproduce Steps to reproduce the behavior:

  1. Go to open the app
  2. Try to sign in with an account protected by Duo
  3. Go to your domain's login page

Expected behavior I expect a textbox to appear allowing me to enter my 2FA code. I also expect a checkbox that says "Don't ask again for 6 days"

Screenshots If applicable, add screenshots to help explain your problem. image

Desktop (please complete the following information):

  • OS: Debian 12 Bookworm (Gnome)
  • Installation source: deb
  • Version 0.5.1

Additional context Add any other context about the problem here. Also, did you tried another build (AppImage, deb, rpm)? I tried an older deb 0.3.0

sr66139p avatar Oct 04 '23 15:10 sr66139p

I also have this problem at my University. I guess it's back to the web version.

LockedThread avatar Oct 05 '23 15:10 LockedThread

I have a similar problem with a company saml login page. The email signin box correctly takes me to the saml page but that page shows "you will be redirected in a few seconds" for ever and I can't use the app anymore.

As a first debugging step for some obvious things I could think of, I checked the user agent used by prospect-mail. If I'm not wrong is is set in the code as "chrome". I installed a user-agent switcher on firefox and used the same string: everything works as expected on the web version.

zeitounator avatar Oct 12 '23 08:10 zeitounator

As a workaround to what looks like the same problem (see my latest comment), I have iteratively downgraded from 0.5.1 -> 0.4.0 and problem is gone. Interestingly enough this has also fixed #298

zeitounator avatar Oct 12 '23 12:10 zeitounator

Although my first test under firefox above is non conclusive, I strongly suspect the regression has been introduced by https://github.com/julian-alarcon/prospect-mail/commit/b0a7d6ed4b4a8dc00f7e037819ba511b1841d9d3 when changing the UserAgent. Let me know if I can do anything to test and help debugging this issue in order to fix it. Thanks.

zeitounator avatar Oct 12 '23 12:10 zeitounator

I had a similar issue.

I can login through my org's SSO page and proceed to duo. The title bar would indicate it moved to the Duo page, but the page itself remained entirely white and unloaded. I never encountered a redirect page - straight from SSO to Duo prompt.

Clicking Reload in the toolbar menu for Prospect Mail would reload the page but would result in a Page access not allowed error (duo error).

I can also verify that the issue isn't present in 0.4.0. It works just fine.

duo_error

Alyssa4854 avatar Oct 26 '23 00:10 Alyssa4854

Can you try the latest 0.5.2 version available (.deb, AppImage, rpm, etc): https://github.com/julian-alarcon/prospect-mail/releases/tag/v0.5.2

If you are using snap, you can also try the current beta channel: sudo snap refresh prospect-mail --channel=beta

julian-alarcon avatar Nov 02 '23 08:11 julian-alarcon

This is still an issue in the latest release, @julian-alarcon

The easiest fix is to set contextIsolation to true (which is the default since Electron 12). I've tested this on a local copy already, and it worked just fine.

8bitZeta avatar Nov 03 '23 05:11 8bitZeta

Although I login on a different saml page, this isn't fixed for me either (tested with 0.5.3). Easy test case: try to login with email [email protected]. You will be directed to the saml entry page where you can wait for ever for a javascript redirection and form never shows up. Rolled back again to 0.4.0.

@julian-alarcon : Let me know if it's ok to still follow this point here or if I should create a separate issue. @8bitZeta : care to share the changes you made to test contextIsolation? I'd like to test as well if it fixes my a bit different issue. Thanks.

zeitounator avatar Nov 06 '23 09:11 zeitounator

I had the same issue, 0.5.2 and 0.5.3 did not fix my problem. Reverting back to 0.4.0 fixed it for me.

rejinjoy18 avatar Nov 06 '23 17:11 rejinjoy18

@zeitounator, go to src/controller/mail-window-controller.js and comment out line 93...

That line should be contextIsolation: false... Commenting it should enable contextIsolation...

That's the only change I made to get my Duo to work.

8bitZeta avatar Nov 06 '23 19:11 8bitZeta

Sorry for the long delay. For memory: my problem is not exactly the one described in this ticket but similar (i.e. a SAML login redirect page is not followed and displayed).

After login in successfully a few weeks ago with version 0.4.0, snap upgraded the package again to latest prospect-mail and I was able to run since then on the stored credentials. I had to rotate my password last Friday and the bug strikes me again this morning. So I took the time to test.

I checked out the latest git version on main branch and started (i.e. yarn && yarn start). After entering my mail on Microsoft form I get directed to my company SAML page showing "Please wait" for ever and I'm stuck.

I then applied the fix from @8bitZeta above (i.e. remove line 93 contextIsolation: false in src/controller/mail-window-controller.js ) and start again. This time I'm able to proceed all the way through saml authentication.

Edit: Redirecting this to the more generic #312 issue and the #314 implementation which fixes the issue.

zeitounator avatar Dec 26 '23 09:12 zeitounator