When I delete a login from the website, there's a javascript error message?

I used 1Password X to find a login, clicked Edit.
(On the website it showed me the password without asking me to Reveal it, which seems like another problem.)
I clicked Move To Trash, and then I got a script error:

Failed to load item:
Cannot read property 'substring' of undefined

The items was deleted successfully, but I think the dev team needs to fix a bug here...


1Password Version: Not Provided
Extension Version: 1.3.0
OS Version: Linux / Chrome
Sync Type: Not Provided
Referrer: forum-search:web trash

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    I used 1Password X to find a login, clicked Edit. (On the website it showed me the password without asking me to Reveal it, which seems like another problem.)

    @CarlWalsh: It sounds like the website is doing something a bit odd which isn't masking the password — perhaps by not actually using a password field. Happy to look into it, just let me know the URL. :)

    I clicked Move To Trash, and then I got a script error:
    Failed to load item:
    Cannot read property 'substring' of undefined
    The items was deleted successfully, but I think the dev team needs to fix a bug here...

    It sounds like you're doing this on the 1Password.com website and not within the 1Password X extension. Is that correct? I'm not able to reproduce the error here, but if you encounter the same error again could you let me know what turns up in the developer console? Also, do you have other extensions installed which may be interfering with scripting on the site? Thanks in advance! :)

  • CarlWalsh
    CarlWalsh
    Community Member
    edited January 2018

    Sorry I wasn't quite clear.

    RE: plaintext passwords:

    What I did was click Edit from 1Password X, and that took me to the 1password website. Within this web page, it showed my password without me clicking reveal. (This wasn't i.e. twitter showing me my twitter password, this was 1password showing me my twitter password).
    To reproduce this, I went through these steps again and my twitter password and backup codes were again visible on https://my.1password.com/vaults/. I'd take a screenshot so you can file a bug, but...

    RE: script error on the web site:

    I'm having a really hard time getting https://my.1password.com/vaults/ to work.
    i.e. when I search for my twitter login the result shows up, but when I click on the search result the details aren't loaded on the right...

    I have a lot of extensions installed (this on my corporate computer with several mandatory extensions). Should I try from a vanilla chrome instance?

    Here's some errors from the dev console, with anything tokeny replaced by TRIM:

    vendor-aaTRIM.min.js:1380 SPG prefs not loaded: Unexpected end of JSON input
    vendor-aaTRIM.min.js:1380 [action/user#getPerson] Error: Invalid user reference
    at b5-aTRIM.min.js:63
    at
    a.(anonymous function) @ vendor-aacTRIM.min.js:1380
    3lbTRIM:1 Uncaught (in promise) Error: Invalid user reference
    at b5-aTRIM.min.js:63
    at
    vendor-aaTRIM.min.js:1380 [action/user#getPerson] Error: Invalid user reference
    at b5-aeTRIM.min.js:63
    at

    It's surprising to me that 1PasswordX is able to show me the Edit screen at my.1password.com, even though when I navigated to https://my.1password.com/vaults/ manually I have to sign in again with my master password.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited January 2018

    @CarlWalsh: Thanks for getting back to me with those details!

    I'm going to double check with the team, but that definitely doesn't seem normal. Give it a try in a "clean" Chrome environment — I actually use Chromium for stuff like that, as a sanity check.

    It's surprising to me that 1PasswordX is able to show me the Edit screen at my.1password.com, even though when I navigated to https://my.1password.com/vaults/ manually I have to sign in again with my master password.

    Yeah, I think that's a big clue. We'll get back to you and we can compare notes.

    However, you may also want to consider that having a bunch of other extensions could potentially be a security/privacy risk, as they often have fairly broad permissions to access everything you do on a webpage — including what 1Password fills, or what you view in the web interface. So it may not be a bad idea to maintain a separate environment for using 1Password regardless of the cause of the errors you're seeing right now. Either way, we'll get to the bottom of this!

    ref: b5-3691

  • rob
    rob
    edited January 2018

    @CarlWalsh

    We were changing all password fields to text fields when editing an item so that you can see what you are editing, but we released an update yesterday that changes the password fields to remain concealed until you click inside them.

    It's surprising to me that 1PasswordX is able to show me the Edit screen at my.1password.com, even though when I navigated to https://my.1password.com/vaults/ manually I have to sign in again with my master password.

    This is actually expected. Since you already unlocked 1Password X, it knows how to unlock 1password.com for you. But when you load 1password.com directly on your own, it will be locked because it wasn't opened by 1Password X. The extension will only unlock pages that it opens itself.

    As for the "Invalid user reference" issue, I'm looking into that one now. I haven't been able to reproduce it just yet.

  • @CarlWalsh

    I had another report of the "Invalid user reference" issue, but it was only occurring when creating a new item. Can you confirm that that message only appears in the console when you create a new item, not when you move any item to the trash? If so, I've fixed that here and it should be deployed later today.

    As for the substring error, I'm not sure how that's happening, but I think there's a simple fix for it, so I'll try to get that fixed up today.

  • rob
    rob
    edited January 2018

    @CarlWalsh, sorry to keep pinging you, but the substring error is really quite strange, and I need some more information from you before I continue.

    If you can reproduce this error consistently, could you send me the full console logs that appear when you see Cannot read property 'substring' of undefined?

  • CarlWalsh
    CarlWalsh
    Community Member

    @rob no worries, I've been in your shoes of trying to debug an issue that only one customer is hitting. Thanks to you guys for following up!

    RE: error when deleting an entry from 1password
    On my normal chrome browser, I went through the steps and got the same substring error. Here's what I see in the console logs, with random strings replaced by TRIM:
    vendor-1TRIM3.min.js:1380 Last sign out message is not available.
    vendor-1TRIM3.min.js:1380 GET https://accounts.1password.ca/api/v1/accountcookies
    vendor-1TRIM3.min.js:1380 GET https://accounts.1password.eu/api/v1/accountcookies
    vendor-1TRIM3.min.js:1380 GET https://accounts.1password.com/api/v1/accountcookies
    vendor-1TRIM3.min.js:1380
    Stop!
    vendor-1TRIM3.min.js:1380
    This feature is for use by web developers.
    Copying and pasting text here that came from
    someone else could give them access to your
    1Password data.

    b5-TRIM3.min.js:319 crypto tests: 616.35595703125ms
    vendor-1TRIM3.min.js:1380 Crypto init and tests are complete
    supportsRSA_OAEP_256: true
    supportsNativeAES_GCM: true
    supportsNativePBES2: true
    supportsNativeECDSA: true
    importRequiresArrayBuffer: false
    vendor-1TRIM3.min.js:1380 GET /api/v1/account?attrs=account-flags,billing,counts,invite,me,settings,tier,user-flags,groups
    vendor-1TRIM3.min.js:1380 Loaded 46830 bytes
    vendor-1TRIM3.min.js:1380 Connecting to wss://b5n.1password.com/FTRIM/TRIMI/tTRIMq
    vendor-1TRIM3.min.js:1380 GET /api/v1/vaults
    vendor-1TRIM3.min.js:1380 Loaded 1107 bytes
    vendor-1TRIM3.min.js:1380 GET /txt/banlist/combined_words.txt
    vendor-1TRIM3.min.js:1380 GET /txt/generator/combined_words.txt
    vendor-1TRIM3.min.js:1380 GET https://c.1password.com/dist/watchtower/vuln.csv
    vendor-1TRIM3.min.js:1380 PATCH https://accounts.1password.com/api/v1/accountcookie
    vendor-1TRIM3.min.js:1380 GET /api/v1/account?attrs=account-flags,counts,groups,me,user-flags
    vendor-1TRIM3.min.js:1380 GET /api/v1/account?attrs=me
    vendor-1TRIM3.min.js:1380 Connected to wss://b5n.1password.com/FTRIM/TRIMI/tTRIMq
    vendor-1TRIM3.min.js:1380 Loaded 19982 bytes
    vendor-1TRIM3.min.js:1380 GET /api/v1/account?attrs=users
    vendor-1TRIM3.min.js:1380 Loaded 46060 bytes
    vendor-1TRIM3.min.js:1380 Loaded 845 bytes
    vendor-1TRIM3.min.js:1380 GET /api/v1/vault/tTRIMm/items/overviews
    vendor-1TRIM3.min.js:1380 Loaded 170299 bytes
    vendor-1TRIM3.min.js:1380 GET /api/v1/templates
    vendor-1TRIM3.min.js:1380 Loaded 37524 bytes
    vendor-1TRIM3.min.js:1380 GET /api/v1/vault/tTRIMm/item/sTRIM4
    vendor-1TRIM3.min.js:1380 Loaded 834 bytes
    vendor-1TRIM3.min.js:1380 SPG prefs not loaded: Unexpected end of JSON input
    c.1password.com/richicons/images/login/120/schedule.psbc.org.png Failed to load resource: the server responded with a status of 404 ()
    c.1password.com/richicons/images/login/120/schedule.bloodworksnw.org.png Failed to load resource: the server responded with a status of 404 ()
    vendor-1TRIM3.min.js:1380 PATCH /api/v2/vault/tTRIMm/354/items
    vendor-1TRIM3.min.js:1380 Loaded 70 bytes
    vendor-1TRIM3.min.js:1380 SPG prefs not loaded: Unexpected end of JSON input
    vendor-1TRIM3.min.js:1380 GET /api/v2/vault/tTRIMm
    vendor-1TRIM3.min.js:1380 Notification received from self.
    vendor-1TRIM3.min.js:1380 Loaded 1764 bytes
    vendor-1TRIM3.min.js:1380 GET /api/v1/vault/tTRIMm/item/tTRIMi
    vendor-1TRIM3.min.js:1380 Loaded 1610 bytes
    vendor-1TRIM3.min.js:1380 SPG prefs not loaded: Unexpected end of JSON input
    vendor-1TRIM3.min.js:1380 Failed to load item: TypeError: Cannot read property 'substring' of undefined
    at f.get [as classNameForField] (app-6TRIM2.min.js:165)
    at f.render (app-6TRIM2.min.js:169)
    at l._renderValidatedComponentWithoutOwnerOrContext (vendor-1TRIM3.min.js:1828)
    at l._renderValidatedComponent (vendor-1TRIM3.min.js:1828)
    at l.performInitialMount (vendor-1TRIM3.min.js:1820)
    at l.mountComponent (vendor-1TRIM3.min.js:1818)
    at Object.mountComponent (vendor-1TRIM3.min.js:546)
    at p.mountChildren (vendor-1TRIM3.min.js:1810)
    at p._createInitialChildren (vendor-1TRIM3.min.js:1790)
    at p.mountComponent (vendor-1TRIM3.min.js:1787)
    a.(anonymous function) @ vendor-1TRIM3.min.js:1380

    RE: invalid user reference
    That error message doesn't come up now. However, when I open https://my.1password.com, search for "twitter" then click on my login, it should show up on the right side but instead nothing happens.
    Looking in the console logs, it seems like React is throwing?

    vendor-1TRIM3.min.js:285 Uncaught (in promise) Error: Minified React error #136; visit http://facebook.github.io/react/docs/error-decoder.html?invariant=136&args[]=d for the full message or use the non-minified dev environment for full errors and additional helpful warnings.
    at m.exports (vendor-1TRIM3.min.js:285)
    at l.updateComponent (vendor-1TRIM3.min.js:1824)
    at l.receiveComponent (vendor-1TRIM3.min.js:1823)
    at Object.receiveComponent (vendor-1TRIM3.min.js:546)
    at Object.updateChildren (vendor-1TRIM3.min.js:1814)
    at p._reconcilerUpdateChildren (vendor-1TRIM3.min.js:1809)
    at p._updateChildren (vendor-1TRIM3.min.js:1811)
    at p.updateChildren (vendor-1TRIM3.min.js:1811)
    at p._updateDOMChildren (vendor-1TRIM3.min.js:1795)
    at p.updateComponent (vendor-1TRIM3.min.js:1792)

    RE: vanilla chrome
    I don't have time to install Chromium, but I could give it a try if you think it would help. I tried using the 1password website in incognito mode, with all extensions disabled except for 1password, and I still see the two bugs (substring error on deleting login, and not being able to open my logins when clicking from the search results).

    Thanks about the tip for disabling extensions with too many permissions -- I went through my extensions and removed a few :)

  • Thanks, @CarlWalsh!

    Ok, that matches my "expectations" of what might be happening. When you delete the item you're deleting, 1Password will select the next adjacent item in the list. It appears that the data in this item is corrupt, or at least not what we're expecting to see. You can see that in the logs here:

    vendor-1TRIM3.min.js:1380 PATCH /api/v2/vault/tTRIMm/354/items
    vendor-1TRIM3.min.js:1380 Loaded 70 bytes
    vendor-1TRIM3.min.js:1380 GET /api/v2/vault/tTRIMm
    vendor-1TRIM3.min.js:1380 Loaded 1764 bytes
    vendor-1TRIM3.min.js:1380 GET /api/v1/vault/tTRIMm/item/tTRIMi
    vendor-1TRIM3.min.js:1380 Loaded 1610 bytes
    vendor-1TRIM3.min.js:1380 Failed to load item: TypeError: Cannot read property 'substring' of undefined
    

    That first request is the trashing of the item. The second is reloading the vault, and the third is loading the next item in the list that is being selected. That's when we hit an error.

    You mentioned that your Twitter login fails to show up, so I'm wondering if the item that is being selected automatically when you delete an item is your Twitter login. Is that consistently the case? Or do you get the substring error no matter which item you delete or which item is selected next?

    Also, can you confirm whether your Twitter login item contains a one-time password field?

  • CarlWalsh
    CarlWalsh
    Community Member

    @rob I do have several OTP, but not for twitter. The item I created to repro this was a login called "deleteme", and alphabetically the next should be Discord, which doesn't have OTP, but a few items later I have Dropbox which does have an OTP. I hit the substring error before selecting anything; after clicking the send to trash button it shows the error before I select another entry.

    BTW, I was able to repro the "not loading from search results" more consistently: If I navigate to https://my.1password.com/, sign in, open my personal vault, then click on any entry (whether or not I search) the URL changes, but the details fail to load. If I refresh at this URL, sign in, then the details load correctly. It's strange to me that refreshing fixes the issue, but I guess that makes sense as the error is form the react component?

    If you want, would it help if I record a repro video, and/or we set up a screen share?

  • Sorry for the late reply, @CarlWalsh! We're all attending our annual company conference and it's been difficult to keep up while also attending our meetings and enjoying seeing everyone.

    I've pinged Rob and he'll get back to you tomorrow. We're on a cruise ship at the moment so I'm thinking screensharing should wait until we're back on solid ground next week. :)

  • Thanks for the update, @CarlWalsh.

    A screen share would be amazing. As Dave said, it would be best for next week if that works for you. Could you send an email to support+forum@agilebits.com, mention my name and this ticket thread, and include two or three times that would work for you next week? I'll follow up with you there and we'll get something on the calendar.

    In the meantime, if you'd like to record a video of what you're seeing and send that the same way, I may be able to reproduce the issue that way. But we appreciate whatever you can provide. :)

  • CarlWalsh
    CarlWalsh
    Community Member

    For anybody who runs into this problem, we figured out that the first entry had corrupted data (it was missing a JSON field).

    By creating a new login, copying over the login details, then deleting the original entry, we fixed both the substring javascript error, and the react issue where clicking on entries didn't do anything.

    Thanks Rob for taking the time to figure this out with me! 1Password is one of the few apps that I'm willing to pay for, and I'm consistently impressed at how awesome it is!

  • You’re welcome, Carl! Thanks for posting the update here for others. :)

This discussion has been closed.