Skip to content

[KnownUsernameField] Compatibility with more browsers#1000

Merged
mpbw2 merged 1 commit intobitwarden:masterfrom
contribucious:KnownUsernameField--browser-compatibility
Jul 1, 2020
Merged

[KnownUsernameField] Compatibility with more browsers#1000
mpbw2 merged 1 commit intobitwarden:masterfrom
contribucious:KnownUsernameField--browser-compatibility

Conversation

@contribucious
Copy link

@contribucious contribucious commented Jun 30, 2020
edited
Loading

Context

Currently, the new system allowing "email/username" field detection without "password" field, which uses the accessibility service, only works well with some browsers like Chrome.

Indeed, if the subdomain is specific like signin.example.com: no problem!
But if it's www.example.com, Bitwarden (with current entries) will assume that the browser will hide this part for comparison. (This is a new trend in browsers.)

Problem

This is only the case in some browsers (currently: Chrome, Firefox beta, etc.).

Problem (illustration with Amazon but same with PayPal for ex.)

View me ...   
new KnownUsernameField("amazon.com", "signin", "ap_email_login"),
[...]
if (KnownUsernameFields.ContainsKey(uriKey))

➡️ Chrome ✔️ (match, because Chrome hides www.)

View me ...

 
Screenshot_1593288746

>>> uriKey: amazon.com, uriLocalPath: /ap/signin, viewId: ap_email_login

➡️ Firefox for Android 68.x(don't match, because Firefox shows www.)

View me ...

 
Screenshot_1593535204

>>> uriKey: www.amazon.com, uriLocalPath: /ap/signin, viewId: ap_email_login

Solution

It's therefore advisable to remove the www. part on the Bitwarden side before comparison.

This PR allows the use of this system with:

➡️ Please note: The logged uriKey value will now be the one to be used in practice. So, will always return the version without www. from now on.

@contribucious
Copy link
Author

contribucious commented Jul 1, 2020

Regarding the case of Samsung Internet Browser

Although this PR solves this problem in this browser as well, there is another problem in this browser, preventing the new system from working.

Read more ...  

Screenshot_20200629-011015_Samsung Internet

↪️ This browser hides the path.
And this is clearly visible in the logs: we'll always have uriLocalPath: / (instead of uriLocalPath: /ap/signin, in this specific example). So will never match ...

And, on the user side, there doesn't even seem to be any flags available on this subject (to force the display of the path) in the list of flags available at internet://flags (chrome://flags doesn't exist) within this browser, sadly. Even in the latest version currently available: 12.0.1.47.

@mpbw2 mpbw2 merged commit 1bb678e into bitwarden:master Jul 1, 2020
@mpbw2
Copy link
Contributor

mpbw2 commented Jul 1, 2020

I agree the new trend of hiding paths is slowly going to render this feature inoperable. It would be lovely if a viable alternative presented itself.

@contribucious contribucious deleted the KnownUsernameField--browser-compatibility branch July 1, 2020 17:04
vvolkgang pushed a commit that referenced this pull request Jun 20, 2024
@david-livefront
BIT-1729: Re-load the options to apply policy values (#1000)
c132825
vvolkgang pushed a commit that referenced this pull request Jun 20, 2024
@david-livefront @vvolkgang
BIT-1729: Re-load the options to apply policy values (#1000)
5928987
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mpbw2 mpbw2 mpbw2 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@contribucious @mpbw2