hyperterm-1password icon indicating copy to clipboard operation
hyperterm-1password copied to clipboard

Published 20 hours ago verified publisher icon sibartlett

Broken with 1Password 6.8.1

Open meastes opened this issue 7 years ago • 11 comments

The latest update of 1Password has removed the "Verify Browser Code Signature" checkbox from the settings. Because of this, there is no longer a workaround for the permission issue with this plugin.

meastes avatar Aug 23 '17 17:08 meastes

Thanks for letting us know.

sibartlett avatar Aug 23 '17 17:08 sibartlett

Can you code-sign hyperterm-1password? Shouldn't this make it work

kjg avatar Sep 01 '17 19:09 kjg

Nevermind, it looks like this makes use of hyperterm-helper which IS signed.

The real issue is 1Password dropped support for websocket communication and only supports Native Messaging. This plugin is using the websocket API to 1password and will need to be updated to the Native Messaging API

kjg avatar Sep 01 '17 20:09 kjg

So do we think this is actually fixable with Native Messaging? I don't see any API information on the 1Password site that would give an indication that this could be rewritten or how to go about doing so?

ChristinWhite avatar Sep 04 '17 23:09 ChristinWhite

There's currently no information to go on, other than we know that 1Password has switched from web sockets to Native Messaging.

I haven't had the time to look into Native Messaging.

However I believe 1Password may only accept connections from processes that are using a recognized signature (Chrome, Firefox, etc), and even if we could connect to 1Password over Native Messaging - the format/protocol of the messages exchanged may have also changed.

sibartlett avatar Sep 05 '17 16:09 sibartlett

@sibartlett That would be my guess as well since they removed the option to disable signature verification. Signature verification may be forced now, so Hyper would have to be approved by AgileBits.

meastes avatar Sep 05 '17 18:09 meastes

I did have a brief chat with a dev friend at AgileBits and while I didn't press him for details he did point out that they never intended for other apps to mislead 1Password about who they were and sneak in the back door. While I wouldn't take that as official I'm guessing we won't see access coming back unless they add a public API.

He did suggest checking out the CLI to the hosted service as an alternative that may be faster for us than using the UI, I haven't tried it yet.

This seems like a great time to contact Agile and ask for either an API or their own plugin for Hyper.

ChristinWhite avatar Sep 07 '17 19:09 ChristinWhite

The CLI looks like a good option (looks like they just announced it yesterday), but it would probably require a custom UI to integrate it with hyper.

https://support.1password.com/command-line-getting-started/

meastes avatar Sep 07 '17 20:09 meastes

I'm working on 1password-node. A wrapper around the CLI client. Feel free to give a try ! Mac & Windows for now but Linux is coming..

hugomano avatar Jan 16 '18 18:01 hugomano

@hugomano It looks like your plugin requires your master password to be in an unencrypted text file - is that correct?

meastes avatar Jan 17 '18 01:01 meastes

@meastes no it's just for test. I need to remove it. I really need to write the doc asap. For login, you pass credentials in getSession that return a session object with a token. You don't have to store user credentials.

hugomano avatar Jan 19 '18 02:01 hugomano