Bitwarden_rs: Error: Cannot read property 'importKey'

Created on 26 Aug 2018  路  50Comments  路  Source: dani-garcia/bitwarden_rs

Hello,
I just came across this project and installed it using the command in the README. When I try to login I get the error below. The error below is copied from the Chromes devtools console. Have I done something wrong or is this a bug?

core.js:1440 ERROR Error: Uncaught (in promise): TypeError: Cannot read property 'importKey' of null TypeError: Cannot read property 'importKey' of null at n.<anonymous> (webCryptoFunction.service.ts:45) at zohoVaultCsvImporter.ts:7 at Object.next (zohoVaultCsvImporter.ts:7) at zohoVaultCsvImporter.ts:7 at new t (zone.js:887) at t (zohoVaultCsvImporter.ts:7) at n.pbkdf2 (webCryptoFunction.service.ts:25) at n.<anonymous> (crypto.service.ts:276) at container.service.ts:4 at Object.next (container.service.ts:4) at n.<anonymous> (webCryptoFunction.service.ts:45) at zohoVaultCsvImporter.ts:7 at Object.next (zohoVaultCsvImporter.ts:7) at zohoVaultCsvImporter.ts:7 at new t (zone.js:887) at t (zohoVaultCsvImporter.ts:7) at n.pbkdf2 (webCryptoFunction.service.ts:25) at n.<anonymous> (crypto.service.ts:276) at container.service.ts:4 at Object.next (container.service.ts:4) at O (zone.js:821) at zone.js:736 at r (register.component.html:53) at t.invoke (zone.js:388) at Object.onInvoke (core.js:4733) at t.invoke (zone.js:387) at e.run (zone.js:138) at zone.js:870 at t.invokeTask (zone.js:421) at Object.onInvokeTask (core.js:4724)

wontfix

Most helpful comment

Use https @briceparmentier

All 50 comments

Hi, the console error probably isn't going to be as useful as network view. Try to see if there are any failing requests in the network tab of dev tools. Also do check the logs on the server side. You can post those here. (obviously replacing any sensitive data)

Also can you share the exact command you used to run bitwarden_rs?

It is not making any web request, It must be failing before that occurs. The command I used to start the server is

docker run -d --name bitwarden -v /bw-data/:/data/ -p 8080:80 mprasil/bitwarden:latest

It is weird because I just checked and safari (on the same system) works fine but Chrome fails with the registration (it freezes on the submit button) and the login screen. I am on a Mac if that helps. I also disabled all of my extensions and that hasn't helped.

Try to go to the login screen, open the network tab and press ctrl-shift+r to do a full reload. See if any of the requests fail. Perhaps some static file didn't load properly or something like that. It looks like browser/client issue to me, but don't know enough javascript to be sure here.

Everything loads successfully. The last 2 request in the attached image are run when I click submit for the first time after the reload. The second time I click it nothing happens. Both times cause the error popup and it has stopped logging the error to the browser console.
screen shot 2018-08-26 at 7 48 30 pm

I suppose it still doesn't log you in though? Does the official Vault work for you? (https://vault.bitwarden.com)

I have a self-hosted instance of the official Bitwarden running and the login works perfectly.

What version of chrome are you using. I've tried to reduce this with Chromium version 68.0.3440.106 on Ubuntu and it just works for me :confused:

I Am Running Google Chrome 68.0.3440.106聽(Official Build)聽(64-bit) Revision 1c32c539ce0065a41cb79da7bfcd2c71af1afe62-refs/branch-heads/3440@{#794}
On MacOS 10.12.6.

It is also happening on a windows system with the same chrome version.

Is there any proxy in between or anything like that?

No not currently but I will add one when I deploy this in the future.

Do you have any domain configured or you access it by IP?

IP and HTTP. I am currently updating Docker on a second system and I will try running the server there and see if it works.

It works when hosted on another machine. So I am going to reinstall it to my server and see if that fixes it.

Make sure you pull the latest image!

I repulled the image from docker and it still didn't work but I created a new VM (Cloned from a base Image), installed docker and it didn't work. My server is running Debian and that could be causing an issue or my base vm has something it doesn't like or it does like being run inside a vm but docker has been working fine for other stuff.

Seems very unlikely that host OS would affect web interface in such way. Maybe a different docker version? (even that sounds kinda unlikely) I tried couple different setups here and failed to reproduce your issue. :confused:

I had the same problem on Google Chrome, after switch to Firefox problem gone. I wrote about it here
I thought it was server slow response

Hi, I've built mprasil/bitwarden:beta which is using latest Vault from master. Can you test that one and see if you still get any issues?

I installed the beta container and am getting the error on the account signing up page and submitting a correct login page. The login had to b created through Safari which isn't suffering this bug.
Also It is now making web requests when I submit a login and they are returning a correct login not an error.

What web request does it make when trying to log in?

POST /api/accounts/prelogin
It Returned With The Status 200:
{"Kdf":0,"KdfIterations":5000}

hi,
this issue looks only a chrome browser, with edge it works fine.

in chrome i get the follow issue:

This page includes a password or credit card input in a non-secure context. A warning has been added to the URL bar. For more information, see https://goo.gl/zmWq3m.

11core.js:1440 ERROR Error: Uncaught (in promise): TypeError: Cannot read property 'importKey' of null
TypeError: Cannot read property 'importKey' of null
at n. (webCryptoFunction.service.ts:45)
at zohoVaultCsvImporter.ts:7
at Object.next (zohoVaultCsvImporter.ts:7)
at zohoVaultCsvImporter.ts:7
at new t (zone.js:887)
at t (zohoVaultCsvImporter.ts:7)
......

Same thing was happening for me on 2.2.0.
Upgraded to 2.2.1 and its still happening.

This is a clean install as well (just started testing it for my purporses)

@Silveress, can you confirm, that this happens only in Chrome for you?

I just setup my bitwarden_rs on a testing subdomain so I could share it and see if that can help with debugging but after setting that up I noticed it was working. My server parses traffic through an Nginx Proxy which handles HTTPS termination automatically. I them tired setting the DOMAIN env variable and that didn't help. So I generated a self signed HTTPS cert and configured it with the ROCKET_TLS env variable and the issue when away. So it must be something to do with HTTP.

I can concur with @oscartbeaumont.

I set it up on a subdomain on my vps with letsencrypt certs and nginx reverse proxy.
Accessing it via the sub domain it worked perfectly.
Accessing directly via IP (no cert) and the issues returned.

And these issues only pop up on chrome (and chromium) so I presume it is something how chrom(ium) handles http sites.

So in doing some research I have worked out that the error is caused the library vibornoff/webcrypto-shim. I also came across evilsocket/arc#98 which looks to be a similar issue. One of the things said in the thread is

this behaviour seems to be intentional, cryptographic functionalities are disabled if the page is served from an "insecure origin"

which is probably what is occurring here.
Edit:
This is related to Chromes handling and it should still work fine in other browser including Safari (Tested By Me) and Edge.

I have create an account without https/ssl with edge browser an linked this ip from docker 0.0.0.0.8080 to the Bitwarden app, it work fine nur you must Change from https into http, so you habe Access from all devices on your own bitwarden

@theazriel From my understanding this only effects Chromes and that is why Edge and Safari are not effected.

Yes correct, this is only a Chrome Problem, after Changing Browser everything works fine

@oscartbeaumont do you think it would make sense to report this issue in the upstream Vault repo? Is there anything that can be done about this?

I don't think there is because if it is a design decision by Chrome which is what it looks to be there is nothing that can be done. An _idea_ would be adding an autogenerating self signed or Letsencypt HTTPS certificate to the docker container. This would be better for the security and I can help with the integration of this if needed.

Just to add, same problem here.

Currently running most recent docker image at time of writing: mprasil/bitwarden:latest 31/08/18

Chrome Version 68.0.3440.106 (Official Build) (64-bit) not allowing login or creation of new user, Firefox works perfectly.

Note: I also get the same issue if accessing BitWarden via a https Nginx reverse proxy with a LetsEncrypt cert on Chrome

I've reported it upstream to bring some awareness about this problem.

@CaptInsano I'm using Bitwarden with LetsEncrypt cert on reverse proxy and it works fine everywhere including Chrome. I can only reproduce the problem over HTTP, is it possible there are some other issues affecting your HTTPS connection? So far everyone reported, that it works for them over secure channel.

Confirmed with Kyle, that this is intentional, we need to document this to avoid people reporting it as a bug.

@mprasil

You are right about the Nginx reverse proxy w. LetsEncrypt cert over https.
It works correctly once I cleared my cache, I am sorry for that.

Good to have an answer anyway.

The documentation was merged. I'm going to resolve this as wontfix, because it's just not supported upstream.

Just dropping in for early 2019 to say that I just deployed this on unRAID docker container and since there's no way to access over HTTPS out of the box without setting up reverse proxy, it fails in Chrome to let you sign in or register a new user. Firefox and Edge worked fine.

Can you couple this with at least a way to access over HTTPS? Even if it's just a self-signed cert so users can at least get accounts created and then setup their own reverse proxy if they want to secure it?

FYI I almost decided to ditch this assuming it would NEVER work in Chrome, but sounds like once I reverse proxy it, it'll be fine. Working on that next.

I'm not sure if including or generating self signed certificates ourselves is a good idea, there are a lot of external tools that would do a better job than us.

We should definitely mention this in the README, because a lot of users already hit this problem.

@dani-garcia - sounds good, With a quick bit of research I was able to solve the problem and I'm up and running with a super lightweight self-hosted option. Thanks for the hard work on this!

Yeah another user here that ran into this. Could you make it so a warning or something pops up when this occurs? It's hard to figure out that you need HTTPS.

I think this should probably be implemented/reported upstream as it's client only issue?

As far as I know upstream doesn't support HTTP at all, so I don't think it's of much use. I think it would be useful to include a warning somewhere, as the error message is quite cryptic, not sure if modifying the web vault is the best way though.

Ah right, I forgot they don't support it at all. I wonder if they'd accept PR with some user friendly error message anyways.

in my case , error disappear after using https

Hi there,
I'm facing the same issue, knowing that in my case I'm self-hosting it on a Raspberry PI.
It appears the same on several browsers, Firefox at home, Chrome and Edge at work.
On Chrome or Firefox, nothing happens at all, on Edge, I get kind of a red popup on the right side telling something went wrong (and nothing else).
I'm not using HTTPS, maybe that's the clue?
Thanks !

Use https @briceparmentier

Use https @briceparmentier

@meyerje I've been reading the Wiki here https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-HTTPS, which points to another page for how to create a personal certificate. It also say that _If following that guide your ROCKET_TLS line could look like this: -e ROCKET_TLS='{certs="/ssl/bitwarden.crt",key="/ssl/bitwarden.key"}'_, but I'm missing the part of where to move the generated files (all certificates and keys and all the stuff from the second page) to the docker machine...
Anyone can help with this?
Thanks

Was this page helpful?
0 / 5 - 0 ratings