goldwarden
goldwarden copied to clipboard
quexten
Show more details on the authorization errors when Bitwarden blocks the log in
Pretty often I got problems with logging in, and the signal of this is only a notification like this:
From this notification I can't get the exact url, time of the request and the full response text, to fill an issue to Bitwarden support.
Will be good to put into stdout and logs more detailed info about the error, and in the UI - some constant window explaining that the login has failed, with some recommendations on what to do to fix this issue.
At least - the full url of the request with the host and the request time, to report it to the Bitwarden support.
Yeah, seems like a good change. So far the biggest problem for this is that part of these notifications are in the daemon, and the UI had no way to get them. But with the authenticated session the UI has to the daemon now, I think we can pass these errors, and also things like 2FA prompts.
At least - the full url of the request with the host and the request time, to report it to the Bitwarden support.
Just FYI, try to report issues here first to not bother upstream with errors that might be caused by this project.
Thanks for the information, but Goldwarden doesn't break any rules and just uses the Bitwarden official API, right? So, they should not consider this project as a harm, I think.
But you warning came a little bit late, sorry, I reported the issue already to the Bitwarden support, cuz I can't login to Goldwarden from my office computer, and from the home computer too already more than a week, with an error:
Traffic from your network looks unusual. Connect to a different network or try again later. [Error Code 7]
So, I asked them to unblock my IP addresses (with the exact UTC times of the requests with error) but they responded that no blocks from their side with very surprising info (after my third explanation of why I use Goldwarden with API calls but not the official client - because it misses autotype feature):
Our security team has reviewed the situation, and it appears that there are no blocks detected on your IP from our end. Therefore, there's no additional action we can take on our end.
Please consider the following options;
- Restart your router.
- Ensure that all user agents are up-to-date: It's important to apply all software updates as soon as they become available.
- Use a VPN to mask your IP address.
@quexten So, could you please provide full information about how to reproduce this API request manually, using curl or something? To show the real evidence to the Bitwarden support :)
No rules broken, I just don't want upstream burdened with bugs caused by this project. I believe other unofficial server/client implementations (vaultwarden/rbw) have the same policy of reporting bugs there first.
For unusual traffic (error 7) shown in your screenshot, this is most likely not even a bug but just missing the api key. Without it, the official clients use captcha (aside from the cli). Fix: https://github.com/quexten/goldwarden/wiki/Getting-Started#unusual-traffic .
Hmm, but I tried already to fill the client_id and client_secret in the login form in UI, but the result is the same. Will try to do this on CLI.
Could you please show a command on how to call the goldwarden config set-client-id from the Flatpak app?
Tried to do like this:
flatpak run --branch=stable --arch=x86_64 com.quexten.Goldwarden config set-client-id user.xxxx
but it starts the UI instead.
Interesting, in that case we could actually try to differentiate what the cli and goldwarden send specifically. If the error occurs in the cli too, this is an upstream issue, if not we can see if we can modify the headers to look more like the cli.
Hmm, with cli commands I logged in successfully!
$ flatpak run --branch=stable --arch=x86_64 --command=goldwarden com.quexten.Goldwarden config set-client-id user.xxx
Done
$ flatpak run --branch=stable --arch=x86_64 --command=goldwarden com.quexten.Goldwarden config set-client-secret xxx
Done
$ flatpak run --branch=stable --arch=x86_64 --command=goldwarden com.quexten.Goldwarden vault login --email [email protected]
Logged in
But doing the same via UI - gives me the "Traffic from your network looks unusual. Connect to a different network or try again later. [Error Code 7]" error. So, seems something is broken on the UI communication with the daemon. Could you please take a look?