notesnook icon indicating copy to clipboard operation
notesnook copied to clipboard
verified publisher icon streetwriters

Create Pro version of desktop app for paid users

Open cshanahan opened this issue 3 years ago • 2 comments

What happened?

For people like me who purchased Notesnook and want to use the desktop app on a computer with a corporate proxy server, there is no way for me to perform the initial authentication and unlock the Pro features of the app. I don't have the ability to adjust proxy settings, so I will never be able to unlock the Pro features.

For this use case, I understand that I will not be able to sync notes to other devices. I don't need/want that functionality.

It would be great if a pre-packaged version of the Pro app was made available to paid customers which includes all Pro features without the need to authenticate with Notesnook domains for activation.

Steps to reproduce the problem

  1. Create an account at notesnook.com
  2. Purchase a license for Notesnook
  3. Download and install Notesnook desktop app
  4. Attempt to log into Notesnook to activate Pro features
  5. Proxy blocks traffic to Notesnook domains

For this use case, I have two choices:

  1. Continue using Notesnook without Pro features and waste my money, OR
  2. Stop using Notesnook and go back to using prior note app and waste my money

Notesnook Error

Version

v2.1.6

Platform/OS

Windows

Relevant log output

N/A

cshanahan avatar Sep 13 '22 15:09 cshanahan

The simplest fix for this issue would be to whitelist Notesnook's domains. You must understand that it isn't feasible to provide pre-upgraded binaries nor is it secure.

While Notesnook can be used without logging in, things like attaching images/files, restoring backups requires you to be logged in.

Another option could be to provide 100% offline (but pre-upgraded) binaries under a separate or the same pricing plan. These binaries would have no syncing, no authentication, no attachment uploading etc.

thecodrr avatar Sep 13 '22 19:09 thecodrr

I am not sure if this is possible in cshanahan's case, but usually we have access to a root cert file (you can download it from your corp installed browser for instance). So, allowing the ability to incorporate that cert (via import or specifying ca file location in app, etc.) which would add it to the apps trusted cert bundle would most likely alleviate this issue.

At our company we use bluecoat, so essentially all ssl traffic suffers from a "man in the middle" process making it a self-signed cert, which breaks authentication. Here is most likely what the error code (from the logs):

[09/12/2022, 01:06:34 PM] | error | Error sending request to "https://auth.streetwriters.co/connect/token" "Error: " {"message":"request to https://auth.streetwriters.co/connect/token failed, reason: self signed certificate in certificate chain","type":"system","errno":"SELF_SIGNED_CERT_IN_CHAIN","code":"SELF_SIGNED_CERT_IN_CHAIN"}

This is what I was getting yesterday, before I was luck enough to have my company add that url to the passthrough list.

Hope this helps out!

wallflower avatar Sep 14 '22 19:09 wallflower

Closing this as there is really nothing we can do. The fix needs to be on the user side. If anyone has a workaround that can be implemented into Notesnook to fix this problem, I have no issue working on it.

thecodrr avatar Jul 29 '23 01:07 thecodrr