Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2FA Wonkiness w/ Firefox #20

Closed
JoeCotellese opened this issue Jan 19, 2023 · 12 comments · Fixed by #25
Closed

2FA Wonkiness w/ Firefox #20

JoeCotellese opened this issue Jan 19, 2023 · 12 comments · Fixed by #25

Comments

@JoeCotellese
Copy link

Hi, I'm trying to use the extension in Firefox. My Apple account has 2FA enabled.

When I enter my email / password and get the 2FA prompt the extension login window goes away. When I click again, I get an empty login window rather than a prompt to enter 2FA.
@dedoussis
Copy link
Owner

dedoussis commented Jan 21, 2023
edited
Loading

Hi @JoeCotellese! Thanks for taking the time to flag this issue. I have managed to replicate it on my setup.

Temporary work-around

image

After entering the email and password, hit the "Enter" key of your keyboard rather than clicking on the "Sign In" button. This should keep the extension pop-up open, letting it to transition to the next page which is the 2FA code authentication:

image

It is important that you do not navigate away from the pop-up before it has transitioned to the 2FA page.

Why this happens?

  1. The extension is implemented as a state machine where each state represents a different page of the extension. The initial state is the sign-in page.
  2. When submitting the sing-in form, the extension makes a sign-in request to the iCloud servers and waits for a response. The extension is designed to transition to the next state (2FA code authentication page) only upon the reception of a successful sign-in response from iCloud.
  3. The iCloud backend pushes a 2FA notification to each of your authenticated devices.
  4. The notification arrives at your device. A new MacOS dialog pops up which causes Firefox to close the extension pop-up before the extension receives the successfull sign-in response from iCloud.
  5. The extension has not transitioned to the next state, even though the sing-in was successful. The extension is going to render the initial sign-in state once the user re-opens the pop-up.

Essentially, this is a race condition between the 2FA notification arriving at the device and the extension receiving the successful sign-in response.

This behaviour does not happen on Chrome. There are very few cases where Chrome will close the extension pop-up without the user taking any action (such as a click outside the pop-up, or hitting the "Esc" key).

@JoeCotellese Let me know if the above work-around works for you for the time being. I will be looking into putting a proper fix together.

@dedoussis
Copy link
Owner

Similar issue: https://bugzilla.mozilla.org/show_bug.cgi?id=1378527

@JoeCotellese
Copy link
Author

It took a few tries but that did the trick. Thanks!

@mounta11n
Copy link

i had the same issue, but your temp workaround solved it perfetcly! thanks a lot

@rafacampoamor
Copy link

rafacampoamor commented Feb 28, 2023
edited
Loading

Tried several times but couldn't make it work (though it worked on Edge). Isn't it possible to open the log in dialog in a new popup window or tab? (by entering the URL manually or something)

Thanks :)

@dedoussis
Copy link
Owner

dedoussis commented Mar 12, 2023
edited
Loading

Hi @rafacampoamor! Yes, it is possible to open the pop-up as a normal tab:

  1. Open the pop-up and right-click on its background
  2. Select "View Page Source". This will open a new tab to a URL of the following format: view-source:moz-extension://e39b22ff-52d1-4346-bd41-5b4fc89bf114/popup.html.
  3. Remove the view-source: prefix and you have the URL of the pop-up: moz-extension://e39b22ff-52d1-4346-bd41-5b4fc89bf114/popup.html.
  4. Open a new tab, enter that URL and the pop-up interface would be rendered as a regular web page.

Note that pop-up URLs are unique per installation. Entering the above URL of mine won't work. You need to retrieve the URL of your own installation of the extension.

@dedoussis
Copy link
Owner

FYI, I've started working on a proper fix to this issue a few weeks ago but never got around to shipping it. I hope I will get some time by the end of the month to wrap this up.

@rafacampoamor
Copy link

@dedoussis It worked! Thank you so much for the workaround!

@Futos
Copy link

Futos commented Mar 14, 2023

Hi @JoeCotellese! Thanks for taking the time to flag this issue. I have managed to replicate it on my setup.

Temporary work-around

image

After entering the email and password, hit the "Enter" key of your keyboard rather than clicking on the "Sign In" button. This should keep the extension pop-up open, letting it to transition to the next page which is the 2FA code authentication:

image

It is important that you do not navigate away from the pop-up before it has transitioned to the 2FA page.

Why this happens?

1. The extension is implemented as a state machine where each state represents a different page of the extension. The initial state is the sign-in page.

2. When submitting the sing-in form, the extension makes a sign-in request to the iCloud servers and waits for a response. The extension is designed to transition to the next state (2FA code authentication page) only upon the reception of a successful sign-in response from iCloud.

3. The iCloud backend pushes a 2FA notification to each of your authenticated devices.

4. The notification arrives at your device. A new MacOS dialog pops up which causes Firefox to close the extension pop-up before the extension receives the successfull sign-in response from iCloud.

5. The extension has not transitioned to the next state, even though the sing-in was successful. The extension is going to render the initial sign-in state once the user re-opens the pop-up.

Essentially, this is a race condition between the 2FA notification arriving at the device and the extension receiving the successful sign-in response.

This behaviour does not happen on Chrome. There are very few cases where Chrome will close the extension pop-up without the user taking any action (such as a click outside the pop-up, or hitting the "Esc" key).

@JoeCotellese Let me know if the above work-around works for you for the time being. I will be looking into putting a proper fix together.

This Workaround is not working for me on Mac OS Firefox 110. If I use enter instead of clicking the button it still closes my popup

@dedoussis
Copy link
Owner

Hi @rafacampoamor! Yes, it is possible to open the pop-up as a normal tab:

  1. Open the pop-up and right-click on its background
  2. Select "View Page Source". This will open a new tab to a URL of the following format: view-source:moz-extension://e39b22ff-52d1-4346-bd41-5b4fc89bf114/popup.html.
  3. Remove the view-source: prefix and you have the URL of the pop-up: moz-extension://e39b22ff-52d1-4346-bd41-5b4fc89bf114/popup.html.
  4. Open a new tab, enter that URL and the pop-up interface would be rendered as a regular web page.

Note that pop-up URLs are unique per installation. Entering the above URL of mine won't work. You need to retrieve the URL of your own installation of the extension.

@Futos you could try using the above workaround ☝️

dedoussis added a commit that referenced this issue Mar 26, 2023
@dedoussis
Sign-in through the service worker (fixes: #20)
16e2564
@dedoussis dedoussis mentioned this issue Mar 26, 2023
Merged
dedoussis added a commit that referenced this issue Mar 27, 2023
@dedoussis
Sign-in through the service worker (fixes: #20) (#25)
23db439 
* Sign-in through the service worker (fixes: #20)

* Prettify

* Add MV2 listeners in background script

* Fix dependencies

* README correction
@dedoussis dedoussis reopened this Mar 27, 2023
@dedoussis
Copy link
Owner

dedoussis commented Mar 27, 2023
edited
Loading

Version 1.0.6 of the Firefox add-on has been released, which properly fixes this issue: https://addons.mozilla.org/en-US/firefox/addon/icloud-hide-my-email/versions/

@JoeCotellese @mounta11n @rafacampoamor @Futos will leave this thread open for a few days. Please let me know if you encounter any issues with the latest version.

@rafacampoamor
Copy link

rafacampoamor commented Mar 27, 2023 via email
edited
Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Sign-in through the service worker (fixes: #20) dedoussis/icloud-hide-my-email-browser-extension
5 participants
@JoeCotellese @rafacampoamor @Futos @dedoussis @mounta11n