Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lpass logout prompts for password when session is stale #477

Closed
cjnosal opened this issue Feb 25, 2019 · 1 comment
Closed

lpass logout prompts for password when session is stale #477

cjnosal opened this issue Feb 25, 2019 · 1 comment

Comments

@cjnosal
Copy link

cjnosal commented Feb 25, 2019

Repro steps:

  1. authenticate with lpass cli
  2. wait for session to expire (i.e. the next lpass show should reprompt for password, lpass status returns "Not logged in.")
  3. lpass logout -f

Expected Behaviour:
lpass should clear any session information from memory, or if no session information is present should no-op

Actual Behaviour:
lpass prompts to reauthenticate

Additional observation:
lpass logout can distinguish between 'logged out' and 'expired session' (it either prompts for confirmation or displays "Error: Not currently logged in.") but lpass status does not distinguish between these two scenarios (returns "Not logged in." with exit code 1 in both cases).

My use case is a script to log me out of assorted CLIs at the end of the day. I don't want the script to require interaction, but I currently have to sign in to lastpass so that I can sign out of lastpass. In addition, the current behaviour of lpass status means I can't query if I'm truly logged out before
calling lpass logout.

$ lpass --version
LastPass CLI v1.3.1
$ lpass login user@email
# wait for expiry
$ lpass status
Not logged in.
$ echo $?
1
$ lpass logout -f
# password prompt displayed, select 'cancel'
Error: Could not find decryption key. Perhaps you need to login with `lpass login`.
$ lpass logout -f
# password prompt displayed, enter password
Log out: complete.
$ lpass status
Not logged in.
$ echo $?
1
$ lpass logout
Error: Not currently logged in.
waterkip added a commit to waterkip/lastpass-cli that referenced this issue Mar 26, 2019
@waterkip
Fix bug where logout requires login
9943e26 
`lpass status` asks the agent to see if we are logged in or not. The
code for the logout bit checks the session and if a session has gone
stale it want to refresh it. Implement a similar logic as in
cmd-status.c where we ask the agent if we have a session, if we do,
proceed as always, else, wipe all the session data that we can find.
This removes the if-logic in session kill, to delete all config files
even if they for whatever reason do not exist. Since we want to kill it,
it seems logical to ignore these missing files.

Fixes: lastpass#477

Signed-off-by: Wesley Schwengle <wesley@schwengle.net>
@waterkip waterkip mentioned this issue Mar 26, 2019
Merged
@waterkip
Copy link
Contributor

waterkip commented Mar 26, 2019
edited
Loading

Could you test my branch: gh-477-logout_should_not_require_a_login

waterkip added a commit to waterkip/lastpass-cli that referenced this issue Mar 26, 2019
@waterkip
Merge branch 'lastpassgh-477-logout_should_not_require_a_login' into …
079a815 
…devel
waterkip added a commit to waterkip/lastpass-cli that referenced this issue Mar 26, 2019
@waterkip
Fix bug where logout requires login
49e6fe6 
`lpass status` asks the agent to see if we are logged in or not. The
code for the logout bit checks the session and if a session has gone
stale it want to refresh it. Implement a similar logic as in
cmd-status.c where we ask the agent if we have a session, if we do,
proceed as always, else, wipe all the session data that we can find.
This removes the if-logic in session kill, to delete all config files
even if they for whatever reason do not exist. Since we want to kill it,
it seems logical to ignore these missing files.

Fixes: lastpass#477

Signed-off-by: Wesley Schwengle <wesley@schwengle.net>
waterkip added a commit to waterkip/lastpass-cli that referenced this issue Mar 29, 2019
@waterkip
Fix bug where logout requires login
a17c617 
`lpass status` asks the agent to see if we are logged in or not. The
code for the logout bit checks the session and if a session has gone
stale it want to refresh it. Implement a similar logic as in
cmd-status.c where we ask the agent if we have a session, if we do,
proceed as always, else, wipe all the session data that we can find.
This removes the if-logic in session kill, to delete all config files
even if they for whatever reason do not exist. Since we want to kill it,
it seems logical to ignore these missing files.

Fixes: lastpass#477

Signed-off-by: Wesley Schwengle <wesley@schwengle.net>
waterkip added a commit to waterkip/lastpass-cli that referenced this issue Mar 29, 2019
@waterkip
Fix bug where logout requires login
0bb0f29 
`lpass status` asks the agent to see if we are logged in or not. The
code for the logout bit checks the session and if a session has gone
stale it want to refresh it. Implement a similar logic as in
cmd-status.c where we ask the agent if we have a session, if we do,
proceed as always, else, wipe all the session data that we can find.
This removes the if-logic in session kill, to delete all config files
even if they for whatever reason do not exist. Since we want to kill it,
it seems logical to ignore these missing files.

Fixes: lastpass#477

Signed-off-by: Wesley Schwengle <wesley@schwengle.net>
GPaulovics added a commit that referenced this issue Apr 5, 2019
@GPaulovics
Merge pull request #496 from waterkip/gh-477-logout_should_not_requir…
b838abc 
…e_a_login

Fix bug where logout requires login by @waterkip
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cjnosal @waterkip