there may be problems filling with 4.6.0.BETA-614

bkh
bkh
Community Member

Here's a heads-up. I just got beta 614 and am having new problems with filling. (Firefox 48.0.2, Windows 7 x64) First I tried logging into my bank. Ctrl+\ had no effect. From the main app, the top Auto-type button filled the wrong fields. Individual field auto-type worked for user and password. After rebooting Ctrl+\ worked for Thunderbird. But in the browser to log into this forum by clicking on the login entry in the browser plugin login list gave me a page with 6 large blocks holding numbers 1 2 3 4 5 6, and a legend to match the code to the number shown in 1Password. Hmmm, what's this? I navigated to the forum and then logged in with Ctrl+\ to make this posting.

I just tried it with a fresh instance of the browser. In the 1Password main app I clicked on the URL link in the login item for this forum. On the login page in the browser I typed Ctrl+\ and after a delay it took me (in a new tab) to this page: https://agilebits.com/browsers/auth.html So my question is where do I find the code that they refer to, and how do I enter it to get the extension authorized so it will be able to fill?

Also, hovering over the keyhole symbol in the browser shows the text "1Password", but left clicking this does not bring up any menu, and right clicking brings up the firefox menu, not a 1Password menu. I thought I could get a 1Password menu that would enable me to select a login item to click on so 1Password would load that page and log me in, but perhaps I'm mis-remembering, and the browser plugin has no operations except when I am on some page that has log-in fields. Check for plugin updates doesn't find anything; and look at http://www.agilebits.com/browsers/index.html seems to show that 4.6.0.b4 is the current plugin. Any advice?


1Password Version: 4.6.0.BETA-614
Extension Version: 4.6.0.b4
OS Version: Windows 7 x64
Sync Type: manual folder sync ( cp -au )

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @bkh: I'm sorry for the confusion! We're working on a new authorization feature for the connection between 1Password and the browser (in the latest betas of each). Here's how it works:

    Both 1Password and the extension will negotiate a secure connection and each will present you with a code. If you're using both the 1Password app and the browser extension when you see this, and the codes match, good! That means that not only was the secure connection established, but that both sides are genuine (as opposed to a rogue app posing as a browser when you hadn't even opened it!)

    Now, it's possible to run into a few roadblocks here. In your case, it sounds like something may have been interfering with the initial connection. And then when you couldn't find the matching code, it may have been hidden behind another window. Regardless, if a secure connection cannot be established, the 1Password extension will not work. We're working to improve the process, so I appreciate your feedback on this! Are you still having trouble setting up the authentication? Please let me know where you're running into trouble.

  • bkh
    bkh
    Community Member
    edited September 2016

    Hi, @brenty. Your screenshot is quite helpful. I had not gotten that pop-up with the Cancel/Authorize buttons, which fully explains my experience. And I agree with your assessment that something may have been interfering with the initial connection, based on the fact that the underlying main page displayed 1 2 3 4 5 6 rather than some random 6 digits. I do run Firefox with lots of armor, including NoScript, uBlock Origin, Privacy Badger, and MalwareBytes Anti-Exploit. And there's always Bitdefender to break sockets.

    When I logged in to these forums today the popup showed so I could authorize and 1Password worked normally. If you have any ideas for how I can try to raise the problem again for diagnosis just let me know. Otherwise I'll just keep my eyes open and try to notice any patterns.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @bkh: Thanks so much for getting back to me! This feedback is really helpful, so be sure to reach out if you have any more thoughts on this. My first reaction was "Wow, we really need to make a way to re-attempt authorization if it fails initially," but the more I do this, the more I feel that this could quickly become obnoxious. We're playing around with a few ideas though, so we'll continue to iterate. I'm glad to hear it's working for you now, and we're here if you run into any further issues! :)

  • bkh
    bkh
    Community Member

    @brenty, I had written a paragraph suggesting that there could be a button on the main page to relaunch the pop-up and regenerate the code, but I erased it before posting because it is a bad idea. Not because of the "obnoxious" aspect, but because there's no reason to believe that restarting the procedure would fix whatever is broken, and clicking on a "retry" button that doesn't do anything is really bad. We need to understand the issue before knowing whether there is merit in a retry mechanism, and if there is, maybe a timer-driven retry would be better than a manual invocation. Diagnosis before treatment.

  • AGAlumB
    AGAlumB
    1Password Alumni

    clicking on a "retry" button that doesn't do anything is really bad

    @bkh: Now that would be obnoxious! You're absolutely right though; I think as we continue to test we'll get a better sense for how it can be improved. Perhaps expanded preferences within the app itself to authorize/deauthorize browsers. We'll see. :)

  • bkh
    bkh
    Community Member

    I now have more information about troubles with the authorization feature. It turns out that a version upgrade of the 1Password main program causes the need for a reauthorization. But the authorization dialog didn't come up properly for me in Firefox. The cause turns out to be the requirement by https://agilebits.com/browsers/auth.html for javascripts to run. If javascripts are disabled, the authorization fails to run properly, with no indication of what went wrong.

    My recommendation is that auth.html be enhanced to check whether scripts are running, and if not, to produce an error message clearly stating that javascripts need to be enabled for authorization to work. (Some web sites implement checks for cookies if needed and scripts if needed, and give helpful error messages rather than simply showing a mostly-blank page.) It should be easy for you to reproduce this issue by installing the noscript plugin and not whitelisting agilebits.com

    Mostly I enable javascripts for specific sites only when I need them to run, rather than permanently whitelisting my trusted sites. This is just another layer of defense in case some normally trustworthy web site gets pwned for awhile by the bad guys --- which never should happen but in the real world it sometimes does.

  • Hi @bkh,

    We've just fixed this, it will fall back gracefully to this message:

This discussion has been closed.