Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Error while calling NewClient #52

Closed
kaplanelad opened this issue Mar 10, 2022 · 3 comments
Closed

Error while calling NewClient #52

kaplanelad opened this issue Mar 10, 2022 · 3 comments

Comments

@kaplanelad
Copy link

Hey,

I'm getting an error when trying to create NewClient function. see example:

client, err := lastpass.NewClient(context.Background(), username, masterPassword)

The error is:
input is only 0 bytes; expected at least 16 bytes

It looks like the field privatekeyenc returns empty from API, and the function decryptPrivateKey based on this field returns an error.
ansd added a commit that referenced this issue Mar 28, 2022
@ansd
Allow LastPass sharing RSA private key to be empty
b7bebbd 
When the user creates an account via
https://lastpass.com/create-account.php
but has never logged in with the LastPass Chrome extension,
an empty privatekeyenc will be returned even if includeprivatekeyenc
is set.

Before this commit, NewClient() failed with the following error:
"input is only 0 bytes; expected at least 16 bytes"

From now on, if privatekeyenc is empty in the HTTP response,
session.privateKey remains nil.
This should be okay because when trying to share a password with an
account that never logged in, we get the following error message in
Chrome:
"Something went wrong sharing with these users:
The user must login to LastPass at least once to permit sharing."

See #52 and
https://github.com/lastpass/lastpass-cli/blob/8767b5e53192ad4e72d1352db4aa9218e928cbe1/cipher.c#L400-L401
@ansd
Copy link
Owner

ansd commented Mar 28, 2022

Hey @kaplanelad,

Thanks for reporting this issue.

I could reproduce this issue by creating an account via https://lastpass.com/create-account.php and logging in with this Go library without previously logging in via the Chrome extension.
Logging in with the Chrome extension (and probably any other officially supported client) at least once will generate the sharing RSA key and from then on include the privatekeyenc in the HTTP response.

So, my 1st question is:
What is your workflow? Are my reproduction steps how you also ended up with this issue?
(I'm trying to understand whether there are any other cases where privatekeyenc won't be included for LastPass accounts even if they logged in previously via any officially supported client.)

I just pushed a commit to master branch which fixes this issue.
My 2nd question is:
Can you please try it out and confirm it fixes your use case?

Thanks!

@kaplanelad
Copy link
Author

Thanks @ansd, it woks now

@ansd
Copy link
Owner

ansd commented Apr 18, 2022

Thank you @kaplanelad for testing and confirming.
I cut https://github.com/ansd/lastpass-go/releases/tag/v0.3.2.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kaplanelad @ansd