Linux account management has bad failure modes when org.freedesktop.secrets in unreachable

Options
cheeryluck0997
cheeryluck0997
Community Member
in Linux

1password tries to communicate with org.freedesktop.secrets. However the timeout is really large, and when failures happen, it isn't communicated clearly to the user.

I often remote into my workstation from other computers, and will sometimes remote desktop, and between all this, my dbus session is usually pretty messed up. 1password isn't playing nicely with this.

My personal account changes from other devices don't sync to this machine at all.
Whenever I launch 1password, after several minutes it will ask me for the 2FA code.
When I enter the code, it will take at least 2-3 minutes of showing the spinner before it says everything is ok.

Today, I tried to see if this would resolve by first removing the account and then adding it back.

  1. Signing out of the account took at least 5 minutes. I kept hitting sign out, thinking it was a bug in the UI, but it seems to be something else. It finally signed me out.
  2. I tried to sign in. I used the QR code scan, which the app immediately recognized and filled in. However, once I typed my master password, it sat spinning for another 2 min. To the point where I thought this was never gonna work. So I went to the menu and started trying to set up the account again. While I'm in the middle of this second setup, the 2FA screen suddenly pops up.
  3. Again, on entering the 2FA code, it spins for 2-3 minutes. I finally have my changes synced.

Looking at the logs, it seems all these timeouts are from trying to reach the dbus service. I think this issue could be raised to the user better.

For the record, I've never set up system password integration on this machine, so I'm not sure why 1password needs to secrets service.

INFO  2023-11-21T16:33:33.142 tokio-runtime-worker(ThreadId(16)) [1P:op-syncer/src/sync_job.rs:311] synced account <redacted> (0.507847011s)
INFO  2023-11-21T16:33:33.143 tokio-runtime-worker(ThreadId(7)) [1P:data/op-file-transfer/src/lib.rs:561] find_and_complete_pending_uploads: '<redacted>'
INFO  2023-11-21T16:35:40.232 tokio-runtime-worker(ThreadId(10)) [1P:op-app/src/app/backend/signin.rs:694] cancelling a sign in session
INFO  2023-11-21T16:35:40.232 ThreadId(22) [1P:data/op-db/src/core_db/db.rs:325] vacuuming db
INFO  2023-11-21T16:35:40.240 ThreadId(22) [1P:data/op-db/src/core_db/db.rs:325] vacuuming db
WARN  2023-11-21T16:36:24.038 tokio-runtime-worker(ThreadId(4)) [1P:op-b5-client/src/internal/unauthorized_session.rs:1067] Error retrieving an account's 2FA token: SystemKeyringError(LinuxError(DBus(MethodError(OwnedErrorName(ErrorName(Str(Owned("org.freedesktop.DBus.Error.TimedOut")))), Some("Failed to activate service 'org.freedesktop.secrets': timed out (service_start_timeout=120000ms)"), Msg { type: Error, sender: UniqueName(Str(Borrowed("org.freedesktop.DBus"))), reply-serial: 2, body: Signature("s") })))). Falling back to a prompt.
INFO  2023-11-21T16:36:24.039 tokio-runtime-worker(ThreadId(4)) [1P:op-app/src/mfa_ui.rs:111] Available MFA methods for desktop: [Webauthn { context: <MfaWebauthnContext> }, Totp(<u32>)]
INFO  2023-11-21T16:36:24.039 tokio-runtime-worker(ThreadId(4)) [1P:op-b5-client/src/internal/unauthorized_session.rs:1199] Multi-factor authentication method has been selected.
INFO  2023-11-21T16:36:24.039 tokio-runtime-worker(ThreadId(4)) [1P:op-app/src/mfa_ui.rs:158] Prompting user for MFA
INFO  2023-11-21T16:36:37.490 tokio-runtime-worker(ThreadId(7)) [1P:op-b5-client/src/internal/unauthorized_session.rs:1261] Verifying device secret (MFA) with server...
INFO  2023-11-21T16:36:37.835 tokio-runtime-worker(ThreadId(16)) [1P:op-b5-client/src/internal/unauthorized_session.rs:917] Device secret was verified
WARN  2023-11-21T16:38:37.839 tokio-runtime-worker(ThreadId(10)) [1P:op-b5-client/src/internal/unauthorized_session.rs:930] Failed to save an account's 2FA token with an error of SystemKeyringError(LinuxError(DBus(MethodError(OwnedErrorName(ErrorName(Str(Owned("org.freedesktop.DBus.Error.TimedOut")))), Some("Failed to activate service 'org.freedesktop.secrets': timed out (service_start_timeout=120000ms)"), Msg { type: Error, sender: UniqueName(Str(Borrowed("org.freedesktop.DBus"))), reply-serial: 2, body: Signature("s") })))). 2FA will only be valid for this unlock session!
INFO  2023-11-21T16:38:37.839 tokio-runtime-worker(ThreadId(7)) [1P:data/op-add-account/src/first_sync.rs:404] starting initial account sync
INFO  2023-11-21T16:38:39.040 tokio-runtime-worker(ThreadId(10)) [1P:op-syncer/src/sync_job.rs:311] synced account <redacted> (1.200597911s)
INFO  2023-11-21T16:38:39.097 tokio-runtime-worker(ThreadId(10)) [1P:/builds/dev/core/core/data/ext/op-account-ext-settings-authentication/src/lib.rs:187] loaded settings authentication key: none

Notice the 2 minute timeouts it is hitting. Thanks!

1Password Version: 8.10.20
Extension Version: Not Provided
OS Version: Ubuntu 18.04
Browser: Not Provided

Comments

  • cheeryluck0997
    cheeryluck0997
    Community Member
    Options

    Running gnome-keyring-daemon -r -d seems to resolve the issue for me.

  • FrankyO1P
    FrankyO1P
    Options

    Hi @cheeryluck0997,

    From your initial comment, it appears you might not have had the keyring daemon running which is required to save 2FA tokens. I'm glad to hear you were able to resolve the issue by running the gnome-keyring! 🙂

    If there's ever anything more we can do, please be sure to contact us - we're always here to help.

    Franky