Running on a recent FreeBSD 13.1-STABLE, after upgrading to chromium-101.0.4951.41, I am unable to login to Google. To reproduce: 1) Start chrome 2) visit https://www.google.com 3) Click on "Sign in" button in top right. 4) On the "Sign in" screen, enter username and click next 5) On the "Hi $NAME" screen, enter password and click next At this point, I expect a "2-Step Verification" screen to appear and provide me with various options to provide a 2FA authentication. Instead, there's a greyed-out "2-Step Verification" screen that has a moving blue bar continuously scrolling across the top. It never reaches the point of actually requesting 2FA authentication. I get the same behaviour on 2 different FreeBSD hosts (running similar 13.1-STABLE versions), using both packages and locally built ports. There were no problems with chromium-99.0.4844.84
The problem still exists with chromium-101.0.4951.54
Hi Which 2FA method is enabled on your account? Tested, but could not reproduce yet with the default settings of Google.
My default 2FA is a security key (like Yubikey). In the past it would popup a prompt to "insert my security key and press the button" as well a providing an option to use an alternative 2FA. (I haven't tried to actually key the security key working on FreeBSD lately).
Created attachment 233967 [details] Image
Hi, This is a real issue. The option to enable/disable Sign-In is not even there in the browser. Port version: chromium: 101.0.4951.64
Would you please try to use your 2fa key with another site to verify that the fido code actually works in the browser? Just trying to pinpoint where the issue is coming from.
(In reply to Robert Nagy from comment #6) I use Google Authenticator Android app for 2FA key. Also, I use it for other websites like Github with no issue. Beside, I'm having this issue with other accounts from google without 2fa having set. Not sure if this is only related with this browser.
I've tested every possible 2FA with my google and account and all of them work just fine. I suggest you try with a temporary profile, chromium --user-data-dir=/tmp/tempprofile and see if that works. Just to make sure, you are not trying to use Sync or actually trying to Sign-in the browser itself?
(In reply to Robert Nagy from comment #8) Robert, You're missing the point. It's not the 2FA which is not working, it's the Sign-In button for Profile, in the browser itself.
Browser sign-in has been disabled for a long time (years ago) because Google does not allow it anymore.
(In reply to Robert Nagy from comment #10) I was using it on FreeBSD 12.3 with latest chromium. Until I did a fresh install with 13.1-RC6.
(In reply to Robert Nagy from comment #10) Anyway, thank you for your kind response.
I've tried disabling my Yubikey and using an alternative 2FA method and I can login to Google successfully. This is a regression because Chromium 99.x allowed me to choose a 2FA method whereas Chromium 100.x doesn't bring up the menu allowing me to choose an alternative. I've tried attempting to add a security key via Chromium. Working through, it reaches a popup that just spins, with or without the key installed: " Add a security key You’ll see instructions in your browser window for adding your key to your account " I do regularly use a security key with Chrome (on Linux) but don't have any non-FreeBSD systems that I can easily test Chromium on. I've tried using my security key to login to Github using Chromium on FreeBSD and it also fails in a similar way: It spins waiting for the security key. I'm not sure if this is a regression because I haven't tried it previously. I've tried doing some ktrace'ing and Chromium isn't attempting to even look for a security key in either case: In my case, the security key appears as /dev/uhid1 but: * in the github login case, there are no accesses to /dev. * in the Google "add a key" case, only /dev/null and /dev/urandom are accessed. OTOH: * in both cases, there are a number of access attempts to /sys/class/input/event* - which might make sense on Linux, but not FreeBSD. * during a ktrace of Chromium starting, I did find an unsuccessful access attempt to /dev/fido - despite the name, that's actually the interface to watchdog(4). I couldn't find the code that does that.
(In reply to Peter Jeremy from comment #0) Could you please go to chrome://flags and set `Enable the U2F Security Key API` to Enabled and retry?
This still relates to 101.0.4951.64. I'm building 101.0.4951.67 and will provide an update later. After explicitly enabling `Enable the U2F Security Key API` then I can use my security key with Github. Unfortunately, I still can't add a security key to my Google account: I get to the popup: " Add a security key You’ll see instructions in your browser window for adding your key to your account " and the security key starts flashing. If I tap it, it stops flashing but it there are no "instructions" and the popup keeps spinning. If I cancel and retry then I get a popup: " Couldn’t connect Remove your key and reconnect it. Then try again. " Removing and reconnecting the key doesn't help.
(In reply to Peter Jeremy from comment #15) This is a deprecated feature that is going to get removed in next releases of Chromium and the only thing that can be done is that sites need to move to the webauthn framework.
I realise `Enable the U2F Security Key API` will be removed soon. I've updated to chromium-101.0.4951.67 and my security key has stopped working, even with Enable the U2F Security Key API` enabled.
After updating to chromium-102.0.5005.115, my security key works again.
No such luck here. After bug #196754 got fixed, this was working fine, but then it broke Github and Google 2FA logins for some time now, and I'm now on 104.0.5112.79 and have turned on --enable-features=U2FSecurityKeyAPI via chrome://flags and it's still busted. But I'm not sure that flag relates to the user-end hardware no longer working vs. something that websites need to do. :/ What sort of tracing can I turn on to get more information?
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=b92dcd07c7b1066c536dd24a8129dafe503f7fc9 commit b92dcd07c7b1066c536dd24a8129dafe503f7fc9 Author: Robert Nagy <robert@openbsd.org> AuthorDate: 2022-10-29 13:32:44 +0000 Commit: Rene Ladan <rene@FreeBSD.org> CommitDate: 2022-10-29 13:52:29 +0000 www/chromium: unbreak WebAuthn USB FIDO support by implementing a fake USB service PR: 263790 www/chromium/Makefile | 1 + .../files/patch-services_device_usb_BUILD.gn | 20 ++++++-- ...patch-services_device_usb_usb__service.cc (new) | 22 +++++++++ ...services_device_usb_usb__service__fake.cc (new) | 54 ++++++++++++++++++++++ ...-services_device_usb_usb__service__fake.h (new) | 51 ++++++++++++++++++++ 5 files changed, 145 insertions(+), 3 deletions(-)
A commit in branch 2022Q4 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=bdbd864258d5fa3e513e51cf60d14718cf833bcf commit bdbd864258d5fa3e513e51cf60d14718cf833bcf Author: Robert Nagy <robert@openbsd.org> AuthorDate: 2022-10-29 13:32:44 +0000 Commit: Rene Ladan <rene@FreeBSD.org> CommitDate: 2022-10-29 13:54:18 +0000 www/chromium: unbreak WebAuthn USB FIDO support by implementing a fake USB service PR: 263790 (cherry picked from commit b92dcd07c7b1066c536dd24a8129dafe503f7fc9) www/chromium/Makefile | 1 + .../files/patch-services_device_usb_BUILD.gn | 20 ++++++-- ...patch-services_device_usb_usb__service.cc (new) | 22 +++++++++ ...services_device_usb_usb__service__fake.cc (new) | 54 ++++++++++++++++++++++ ...-services_device_usb_usb__service__fake.h (new) | 51 ++++++++++++++++++++ 5 files changed, 145 insertions(+), 3 deletions(-)
MARKED AS SPAM