(ERROR) You are not currently signed in.

tader
tader
Community Member

I'm trying the CLI on my Mac.

$ uname -a
OS: Darwin MacBook Pro 17.6.0 Darwin Kernel Version 17.6.0: Tue May  8 15:22:16 PDT 2018; root:xnu-4570.61.1~1/RELEASE_X86_64 x86_64
$ op --version
0.5.2
$ op signin xxxxx.1password.com xxxxx@xxxxx.com A3-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX
Enter the password for xxxxx@xxxxx.com at xxxxx.1password.com:
export OP_SESSION_xxxxx="SESSXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
# This command is meant to be used with your shell's eval function.
# Run 'eval $(op signin xxxxx)' to sign into your 1Password account.
# If you wish to use the session token itself, pass the --output=raw flag value.

$ export OP_SESSION_xxxxx="SESSXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"

$ op list items
[LOG] 2018/08/17 11:11:44 (ERROR) You are not currently signed in. Please run `op signin --help` for instructions

But, when I do this, it works:

$ echo "SESSXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" | op list items
[ ...lots of JSON... ]

So, I guess that op does not know for which subdomain to get the OP_SESSION_xxxxx? And how would this work with multiple teams?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: 10.13.5
Sync Type: Not Provided

Comments

  • cohix
    cohix
    1Password Alumni

    @tader hrm, I'm not able to reproduce the env var issue on my Mac. Could you run this and ensure that a file exists in the directory with ls -a:

    cd $TMPDIR$(ls $TMPDIR | grep agilebits.op)

    That should contain the session file. If nothing is there, or if the `com.agilebits.op.{UID} directory doesn't exist in $TMPDIR, then at least we have a place to start debugging this.

  • jplhomer
    jplhomer
    Community Member

    Hello! I'm experiencing the same issue:

    $ uname -a
    OS: 17.7.0 Darwin Kernel Version 17.7.0: Fri Jul  6 19:54:51 PDT 2018; root:xnu-4570.71.3~2/RELEASE_X86_64 x86_64
    
    $ op --version
    0.5.2
    

    And can repro the rest of @tader's case.

    After following @cohix's debugging instructions, I can get to a valid directory with a few dotfiles (most likely for each attempt I've made to log in with the full syntax):

    $ cd $TMPDIR$(ls $TMPDIR | grep agilebits.op)
    $ # com.agilebits.op.501 
    $ ls -la
    total 24
    drwxr-xr-x    5 myname  staff   160 Aug 19 13:31 .
    drwx------@ 148 myname  staff  4736 Aug 19 13:32 ..
    -rw-------    1 myname  staff   512 Aug 19 13:26 .5JAjXXXXXXXXXXXXXXXXX
    -rw-------    1 myname  staff   512 Aug 19 13:22 .FWj5XXXXXXXXXXXXXXXXX
    -rw-------    1 myname  staff   512 Aug 19 13:31 .NYFhXXXXXXXXXXXXXXXXX
    

    It may be worth noting that the account can't be fetched when using the short syntax, even after following the first step with the full domain, email and secret key:

    $ op signin myteamsubdomain
    [LOG] 2018/08/19 13:39:50 (ERROR) Account not found: myteamsubdomain
    
    To sign in to an account above: op signin <subdomain>
    To sign in to another account:  op signin --help
    
  • rybot
    rybot
    Community Member

    Hello,

    I just joined 1pass today and experiencing the same issue.

    uname -a
    Linux my_ubuntu 4.15.0-29-generic #31-Ubuntu SMP Tue Jul 17 15:39:52 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

    op --version
    0.5.2

    My $TMPDIR was empty, but after running

    export TMPDIR=/var/tmp/

    I had some files existing:

    drwxr-xr-x 2 me me 4096 Aug 19 16:58 .
    drwxrwxrwt 10 root root 4096 Aug 19 16:52 ..
    -rw------- 1 me me 521 Aug 19 16:58 .0kHVXXXXXXXXXXXXXXXXX
    -rw------- 1 me me 522 Aug 19 16:52 .-Qm_KXXXXXXXXXXXXXXXXX

  • tader
    tader
    Community Member

    @cohix thank you for your response!

    I have two files in the $TEMPDIR/com.agilebits.op.$UID folder:

    $ ls -asl
    total 16
    0 drwxr-xr-x    4 tader  staff   128 Aug 17 11:24 .
    0 drwx------@ 280 tader  staff  8960 Aug 20 09:45 ..
    8 -rw-------    1 tader  staff   507 Aug 17 11:26 .XXXXXXXXXXXXXXXXXXXXXXXX
    8 -rw-------    1 tader  staff   506 Aug 17 11:13 .XXXXXXXXXXXXXXXXXXXXXXXX
    
  • aldanor
    aldanor
    Community Member

    Same thing here.

    @cohix here's how it goes (looks like the OP_SESSION environment variable is not properly recognized, sounds like a bug):

    $ mkdir tmp
    $ export TMPDIR=tmp
    
    $ op signin myaccount my@email.com
    Enter the Secret Key for my@email.com at myaccount.1password.com: A3-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX
    Enter the password for my@email.com at myaccount.1password.com:
    export OP_SESSION_myaccount="SESSION-KEY-XXXXXX"
    # This command is meant to be used with your shell's eval function.
    # Run 'eval $(op signin myaccount)' to sign into your 1Password account.
    # If you wish to use the session token itself, pass the --output=raw flag value.
    
    $ export OP_SESSION_myaccount="SESSION-KEY-XXXXXX"
    
    $ op get account
    [LOG] 2018/08/20 12:32:20 (ERROR) You are not currently signed in. Please run `op signin --help` for instructions
    
    $ op get account --account=myaccount
    {"uuid":"...",...}
    
    $ op get account
    [LOG] 2018/08/20 12:32:31 (ERROR) You are not currently signed in. Please run `op signin --help` for instructions
    
    $ op get account --session="SESSION-KEY-XXXXXX"
    {"uuid":"...",...}
    
    $ op get account
    [LOG] 2018/08/20 12:32:48 (ERROR) You are not currently signed in. Please run `op signin --help` for instructions
    
    $ find tmp/com.agilebits.op.501
    tmp/com.agilebits.op.501
    tmp/com.agilebits.op.501/.XXXXXXXXXXXXXXXXXXXXXXXXXX
    
  • cohix
    cohix
    1Password Alumni

    Thanks to all who provided info about this. We're looking into this as we speak, and we'll make sure to comment here when we have any updates.

  • cohix
    cohix
    1Password Alumni

    @jplhomer @aldanor @tader @rybot

    We tracked down the issue (the config file was not being written upon first sign-in), and we've fixed it. Version 0.5.3 is out now, please give it a try and let us know how it goes. We're sorry about this, please don't hesitate to write in again with any other issues you may encounter.

  • rybot
    rybot
    Community Member

    Thanks @cohix it works!

  • Good to hear. :)

    Rick

  • OlivierBki
    OlivierBki
    Community Member

    Hello,
    I come across the same issue. I am using mac os catalina 10.15.2 and op cli 0.8.0. Upon successful signin, I can witness the following:
    1 the op cli creates a config and .device file within the current working directory (this is the most troublesome point)
    2 the op cli does not create a ~/.op directory
    3 the $TMPDIR/com.agilebits.op.UID exists, and is not empty (contains json files named '.somehash')

    As I only want to fetch a session token, I don't really mind 2, but 1 is preventing me from working correctly, creating orphaned files everywhere I sign in.

    Would you have any pointers? Thanks

  • felix_1p
    felix_1p
    1Password Alumni

    @OlivierBki Thank you for the report! I will need some time to look into this since we haven't had any other reports about this issue. It seems certainly strange to me that the config files are created in the current directory rather than ~/.op.

    One thing you could try is create ~./op manually (with the right permission, 700) and see if that makes op create the files in that directory. Please let me know if that had any effect. Thank you!

  • OlivierBki
    OlivierBki
    Community Member

    Hello @felix_1p, unfortunately creating the folder with the right permissions did not solve the problem. I recently noticed my APFS filesystem was case sensitive, whereas my previous mac (which did not have issues with op) was not.

  • felix_1p
    felix_1p
    1Password Alumni

    Thank you @OlivierBki (though unfortunate).I will see if I or one of my colleagues can replicate the issue. If not I will get back to you to get more information if possible. Sorry for the inconvenience!

  • OlivierBki
    OlivierBki
    Community Member

    Hey there, any news on the issue? Thanks!

  • felix_1p
    felix_1p
    1Password Alumni

    Sorry @OlivierBki for not following up. We weren't able to reproduce the issue. Looking at the source code there aren't too many reasons why the folder would be created in the current working directory. In the shell you are invoking the op command is the HOME environment variable set? If yes, is it set to a value that would somehow reflect the current working directory?

  • OlivierBki
    OlivierBki
    Community Member
    edited February 2020

    No worries, yes the HOME environment variable is set. I encountered an issue with the onepassword unofficial Terraform provider also this week on the same laptop , so I presume if the op executable is a Golang binary, there is an issue in one of the official upstream libraries used in both the op binary and the terraform provider binary.
    Is the op CLI tool opensource so I can crosscheck the libs used and debug it?

  • cohix
    cohix
    1Password Alumni

    @OlivierBki It is not currently open source. Could you let me know what library you're looking to validate and I can check up on it for you?

  • jameswhite
    jameswhite
    Community Member

    Setting the environment variable doesn't seem to work unless it's copy-and-pasted on the command line. eval, source and . from a file doesn't seem to work. I've not seen a bug like this before.

    # Versions of op macos and bash
    forseti:~ $ op --version
    0.9.2
    
    forseti:~ $ uname -a
    Darwin forseti.local 19.3.0 Darwin Kernel Version 19.3.0: Thu Jan  9 20:58:23 PST 2020; root:xnu-6153.81.5~1/RELEASE_X86_64 x86_64
    
    forseti:~ $ bash --version
    GNU bash, version 5.0.16(1)-release (x86_64-apple-darwin19.3.0)
    
    # clear the env variable
    forseti:~ $ unset OP_SESSION_myaccount
    
    # ensure it's empty
    forseti:~ $ env | grep OP_SESSION_myaccount
    
    # look in our file
    forseti:~ $ cat ~/.opsession
    export OP_SESSION_myaccount="REDACTEDREDACTEDREDACTEDREDACTEDREDACTED123"
    
    # source the environment variable from a file
    forseti:~ $ . ~/.opsession
    
    # It's now set in the env
    forseti:~ $ env | grep OP_SESSION_myaccount
    OP_SESSION_myaccount=REDACTEDREDACTEDREDACTEDREDACTEDREDACTED123
    
    # Doesn't work
    forseti:~ $ op list items
    [LOG] 2020/02/21 13:13:14 (ERROR)  You are not currently signed in. Please run `op signin --help` for instructions
    Usage:
      op list items [flags]
    
    Flags:
      -h, --help            help for items
          --include-trash   Include items in the Trash
          --vault <vault>   List items in <vault>. Specify <vault> by name or UUID.
    
    Global Flags:
          --account string   account to use when multiple sessions are active
          --session string   raw session token obtained via 'op signin --raw'
    
    
    # Manually copy and paste the output of "env | grep OP_SESSION_myaccount" above into the shell
    forseti:~ $ OP_SESSION_myaccount=REDACTEDREDACTEDREDACTEDREDACTEDREDACTED123
    
    # It works
    forseti:~ $ op list items
    [{"uuid":"redacted","templateUuid":"005","trashed":"N","createdAt":"2019-11-08T16:19:30Z","updatedAt":"2019-11-08T16:20:04Z","changerUuid":"redacted","itemVersion":2,"vaultUuid":"redacted","overview":{"ainfo":"Nov 8, 2019 at 11:19:30 AM","ps":57,"title":"redacted"}},{"uuid":"redacted","templateUuid":"001","trashed":"N","createdAt":"2018-05-31T20:51:42Z","updatedAt":"2018-05-31T20:53:15Z","changerUuid":"redacted","itemVersion":2,"vaultUuid":"redacted","overview":{"URLs":[{"u":"redacted"}],"ainfo":"redacted","ps":75,"title":"redacted","url":"redacted"}}]
    
  • jameswhite
    jameswhite
    Community Member

    op doesn't seem to work when sourced from a file with . or source, only copying and pasting it into bash seems to work.

    # Versions of op macos and bash
    forseti:~ $ op --version
    0.9.2
    
    forseti:~ $ uname -a
    Darwin forseti.local 19.3.0 Darwin Kernel Version 19.3.0: Thu Jan  9 20:58:23 PST 2020; root:xnu-6153.81.5~1/RELEASE_X86_64 x86_64
    
    forseti:~ $ bash --version
    GNU bash, version 5.0.16(1)-release (x86_64-apple-darwin19.3.0)
    
    # clear the env variable
    forseti:~ $ unset OP_SESSION_myaccount
    
    # ensure it's empty
    forseti:~ $ env | grep OP_SESSION_myaccount
    
    # look in our file
    forseti:~ $ cat ~/.opsession
    export OP_SESSION_myaccount="REDACTEDREDACTEDREDACTEDREDACTEDREDACTED123"
    
    # source the environment variable from a file
    forseti:~ $ . ~/.opsession
    
    # It's now set in the env
    forseti:~ $ env | grep OP_SESSION_myaccount
    OP_SESSION_myaccount=REDACTEDREDACTEDREDACTEDREDACTEDREDACTED123
    
    # Doesn't work
    forseti:~ $ op list items
    [LOG] 2020/02/21 13:13:14 (ERROR)  You are not currently signed in. Please run `op signin --help` for instructions
    Usage:
      op list items [flags]
    
    Flags:
      -h, --help            help for items
          --include-trash   Include items in the Trash
          --vault <vault>   List items in <vault>. Specify <vault> by name or UUID.
    
    Global Flags:
          --account string   account to use when multiple sessions are active
          --session string   raw session token obtained via 'op signin --raw'
    
    
    # Manually copy and paste the output of "env | grep OP_SESSION_myaccount" above into the shell
    forseti:~ $ OP_SESSION_myaccount=REDACTEDREDACTEDREDACTEDREDACTEDREDACTED123
    
    # works
    forseti:~ $ op list items
    [{"uuid":"redacted","templateUuid":"005","trashed":"N","createdAt":"2019-11-08T16:19:30Z","updatedAt":"2019-11-08T16:20:04Z","changerUuid":"redacted","itemVersion":2,"vaultUuid":"redacted","overview":{"ainfo":"Nov 8, 2019 at 11:19:30 AM","ps":57,"title":"redacted"}},{"uuid":"redacted","templateUuid":"001","trashed":"N","createdAt":"2018-05-31T20:51:42Z","updatedAt":"2018-05-31T20:53:15Z","changerUuid":"redacted","itemVersion":2,"vaultUuid":"redacted","overview":{"URLs":[{"u":"redacted"}],"ainfo":"redacted","ps":75,"title":"redacted","url":"redacted"}}]
    
  • felix_1p
    felix_1p
    1Password Alumni

    Hi @jameswhite, I'm running Linux, so not quite the same setup, but sourcing in the OP_SESSION_* env variable works fine for me with the same version of op and bash.

    Here is how I tested it:

    1. $ op signin myaccount > ~/opsession
    2. Opened new terminal/shell
    3. $ source ~/opsession
    4. $ op list items

    op is not doing anything special regarding environment variables, so you should be able to set them in any way you want. I can't think of a reason why the variable wouldn't be visible to op.... if you create a simple script that just echos the variable, e.g.

    #!/usr/bin/env bash
    echo "$OP_SESSION_myaccount"
    

    and run that, do you get the token back?

This discussion has been closed.