Skip to content
This repository has been archived by the owner on Jun 26, 2020. It is now read-only.

Unable to store credentials #51

Open
step21 opened this issue Aug 6, 2017 · 18 comments
Open

Unable to store credentials #51

step21 opened this issue Aug 6, 2017 · 18 comments

Comments

@step21
Copy link
Contributor

step21 commented Aug 6, 2017

Recently, tried to set up again from scratch for testing. it seems I cannot get this to work anymore, it always fails with " message: 'Password Management Error: We couldn't store your password securely! For more information, visit https://support.nylas.com/hc/en-us/articles/223790028" when adding an account.
Visiting the page doesn't help. This might not be unique to the fork, but it was in this case run by the fork.
What kind of storage does it need? It might be that I disabled gnome-keyring, especially/at least for ssh because it was super annoying, but not sure why nylas would need that....
Any ideas?

@dweremeichik
Copy link
Member

There is a deb and an rpm in the slack channel. You can give one of those a try, if they don't work, it could be a system configuration issue.

@step21
Copy link
Contributor Author

step21 commented Aug 7, 2017

Thanks. But should it in general work when running from source?

@dweremeichik
Copy link
Member

Sure, unless you are missing a dependency or there was an error during the build process that you missed. My point was that you could use one of the prebuilts to narrow down where your issue is coming from.

@step21
Copy link
Contributor Author

step21 commented Aug 9, 2017

Still happens with the build/deb from the slack. What exactly does Nylas require to 'store credentials securely' on linux?

@dweremeichik
Copy link
Member

FWIW a simple search of your error in the code base pointed me to this:
https://github.com/nylas/nylas-mail/blob/8499eb51b3bf07096a37a368b37074de909d1a54/packages/client-app/src/key-manager.es6
there is a small wrapper around keytar. Keytar docs should tell you what you need to know: https://github.com/atom/node-keytar

@step21
Copy link
Contributor Author

step21 commented Aug 23, 2017

Another error that happens at the same time is 'Your Nylas ID is out of date. Please log in again.' I did that, but it didn't really help. Based on the log window that I could open, it seemed that it started syncing briefly, but then it complained again about the Nylas ID. Just putting this here for more information, also as no one at keytar responded yet.

@step21
Copy link
Contributor Author

step21 commented Aug 23, 2017

And for some full log output:

App load time: 375ms
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
{ Error: Password Management Error: We couldn't store your password securely! For more information, visit https://support.nylas.com/hc/en-us/articles/223790028
    at KeyManager._try (/src/key-manager.es6:70:30)
    at KeyManager.replacePassword (/src/key-manager.es6:28:10)
    at /src/flux/stores/identity-store.es6:88:18
    at next (<anonymous>)
    at step (/src/flux/stores/identity-store.es6:11:1)
    at Promise._execute (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/debuggability.js:300:9)
    at Promise._resolveFromExecutor (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/promise.js:481:18)
    at new Promise (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/promise.js:77:14)
    at /src/flux/stores/identity-store.es6:11:1
    at OnboardingStore.<anonymous> (/internal_packages/onboarding/lib/onboarding-store.es6:143:25)
    at next (<anonymous>)
    at step (/internal_packages/onboarding/lib/onboarding-store.es6:5:1)
    at Promise._execute (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/debuggability.js:300:9)
    at Promise._resolveFromExecutor (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/promise.js:481:18)
    at new Promise (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/promise.js:77:14)
    at OnboardingStore.<anonymous> (/internal_packages/onboarding/lib/onboarding-store.es6:5:1)
    at EventEmitter.eventHandler (/usr/share/nylas-mail/resources/app.asar/node_modules/reflux/src/PublisherMethods.js:36:22)
    at EventEmitter.emit (/usr/share/nylas-mail/resources/app.asar/node_modules/eventemitter3/index.js:72:35)
    at Function.trigger (/usr/share/nylas-mail/resources/app.asar/node_modules/reflux/src/PublisherMethods.js:52:26)
    at Object.functor [as authenticationJSONReceived] (/usr/share/nylas-mail/resources/app.asar/node_modules/reflux/src/createAction.js:32:56)
    at webview.executeJavaScript.result (/internal_packages/onboarding/lib/page-authenticate.jsx:26:27)
    at EventEmitter.<anonymous> (/usr/share/nylas-mail/resources/electron.asar/renderer/web-view/web-view.js:435:21)
  message: 'Password Management Error: We couldn\'t store your password securely! For more information, visit https://support.nylas.com/hc/en-us/articles/223790028' } { pluginIds: [ 'onboarding' ] }
Gkr-Message: secret service operation failed: Failed to activate service 'org.freedesktop.secrets': timed out
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gkr-Message: secret service operation failed: Failed to activate service 'org.freedesktop.secrets': timed out
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
{ Error: Password Management Error: We couldn't store your password securely! For more information, visit https://support.nylas.com/hc/en-us/articles/223790028
    at KeyManager._try (/src/key-manager.es6:70:30)
    at KeyManager.replacePassword (/src/key-manager.es6:28:10)
    at AccountStore.addAccountFromJSON (/src/flux/stores/account-store.es6:272:16)
    at OnboardingStore.<anonymous> (/internal_packages/onboarding/lib/onboarding-store.es6:162:20)
    at next (<anonymous>)
    at step (/internal_packages/onboarding/lib/onboarding-store.es6:5:1)
    at Promise._execute (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/debuggability.js:300:9)
    at Promise._resolveFromExecutor (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/promise.js:481:18)
    at new Promise (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/promise.js:77:14)
    at OnboardingStore.<anonymous> (/internal_packages/onboarding/lib/onboarding-store.es6:5:1)
    at EventEmitter.eventHandler (/usr/share/nylas-mail/resources/app.asar/node_modules/reflux/src/PublisherMethods.js:36:22)
    at EventEmitter.emit (/usr/share/nylas-mail/resources/app.asar/node_modules/eventemitter3/index.js:72:35)
    at Function.trigger (/usr/share/nylas-mail/resources/app.asar/node_modules/reflux/src/PublisherMethods.js:52:26)
    at Object.functor [as accountJSONReceived] (/usr/share/nylas-mail/resources/app.asar/node_modules/reflux/src/createAction.js:32:56)
    at then.json (/internal_packages/onboarding/lib/decorators/create-page-for-form.jsx:105:27)
    at tryCatcher (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/util.js:16:23)
    at Promise._settlePromiseFromHandler (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/promise.js:510:31)
    at Promise._settlePromise (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/promise.js:567:18)
    at Promise._settlePromise0 (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/promise.js:612:10)
    at Promise._settlePromises (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/promise.js:691:18)
    at Async._drainQueue (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/async.js:133:16)
    at Async._drainQueues (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/async.js:143:10)
    at Async.drainQueues (/usr/share/nylas-mail/resources/app.asar/node_modules/bluebird/js/release/async.js:17:14)
  message: 'Password Management Error: We couldn\'t store your password securely! For more information, visit https://support.nylas.com/hc/en-us/articles/223790028' } { pluginIds: [ 'onboarding' ] }
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.

@step21
Copy link
Contributor Author

step21 commented Aug 23, 2017

Also tried the original Nylas Mail downloaded from nylas. It has the same problem. Only difference is, it has more output. outputting failed api/json requests and seems to complain about a wrong api key. I put thin in pastebin as it is quite long. https://pastebin.com/cDa606Yd

@step21
Copy link
Contributor Author

step21 commented Sep 10, 2017

Just tried this again. More or less figured it out. On Linux it relates to gnome-keyring-daemon not being accessible or available (or the quivalent on another desktop environment). Most apps like Thunderbird, Geary, Browsers etc actually do not need it, and for me it was causing frequent issues with connecting through ssh, either ignoring the ssh config file, showing gui prompts for terminal sessions and when ignoring the config just resulting in time outs because trying too many keys/passwords. After starting it manually and authenticating, it seemed to work.
I think ideally Nylas should work without, but I get that others might have different views or that it's not a high priority.

@dweremeichik
Copy link
Member

Any suggestions on a better way of storage across all platforms?

@simonft
Copy link

simonft commented Sep 27, 2017

My best suggestion for now is to update the debian dependencies so that gnome-keyring-daemon is pulled in. It doesn't look like that's currently happening.

@ibrokemypie
Copy link

Even if installed, it needs to be running, which in my case it was not.

@step21
Copy link
Contributor Author

step21 commented Sep 27, 2017

Yeah, same here. I am not quite sure whether the problem here is how keytar/libsecret access the keyring-daemon or more generally that the keyring-daemon is somethimes there/sometimes not. As opposed to OS X f.e., where it will always be there. For my use case, Nylas could even store its passwords just in a textfile, if someone can read those, they could probably do what they want anyway.

@dweremeichik
Copy link
Member

@step21 so I found out that passwords are already stored in plain text. I don't fully understand why, or what accesses them. I also don't understand why there is the illusion of security by using the keychain. Check out your shared.sqlite file. Perhaps we can make that a fallback since it already has the passwords.

@step21
Copy link
Contributor Author

step21 commented Oct 10, 2017

Mmmh, thanks for investigating. I think in my case it might have been contributed to by gnome-keyring-daemon not running or a problem with dbus-user-session. Would be great if this could be a fallback especially if it is there already anyway.

@ibrokemypie
Copy link

This issue is making both this and mailspring unusable for me. Everything else has access to the gnome keyring, which is definitely starting up correctly on login. I dont really care if the credentials are stored locally in plaintext, most stuff on linux already is. If someone has access to my actual computer I am pretty fucked already, so one more thing in plaintext doesnt make much difference.

@step21
Copy link
Contributor Author

step21 commented Oct 10, 2017

Check if dbus-user-session is installed and try removing it?

@dweremeichik
Copy link
Member

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

4 participants