-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Match detection for URI: "Never" is not working. #761
Comments
I just tested this and was not able to reproduce. Please provide a sample URL and the URI values you are using to reproduce the issue. My guess is that your regex is not doing what you think it is. |
I'm using version 1.33.3 on Firefox Dev Edition |
If you go to https://dashboard.njibhu.eu it will still match the first URI and be presented. Seems to be behaving as expected. I imagine you want a more strict rule on the first entry. |
The problem is that I have dynamic subdomains where I want this entry to be matched with names I can not predict. But I do not want it to be matched on this subdomain. (changing the order doesn't change anything) |
Temporary solution is to use a regex like: |
Rules do not override each other like that. If one rule matches the item will still be returned. |
Then what's the purpose of "Never"? Just do not specify the domain and that's it. For example, my google.com account will not be offered for autofill when I am on yahoo.com domain. If I add yahoo.com as "never" this changes absolutely nothing. If I add domain.com and add sub.domain.com as "never", this again does not change anything because autofill no matter still will be suggested. I also thought that "Never" provides a way to exclude some subdomains if they match the domain from another rule. I totally miss the point of "Never" then. |
I agree with @plashenkov, what is the point of "never" if it can't override a rule? I also originally thought it was a way to exclude domains from an initial matching rule. @kspearrin could you kindly give a use case for "never"? |
@kurisu-gh Use case: You create 2 login items, A and B, for "https://google.com" but you do not want it to autofill. You want A to autofill, but not B. Set B's URI match detection to "Never". |
@kspearrin I see. I still don't understand why you would want B (a login for google in this example) to never autofill with the google URI. "Autofill" meaning that when I click on the Bitwarden extension button (or right click -> Bitwarden), the list of matching logins show up and I click on the desired login to use. How would you use B? Would you search for it? Why not just let B match like A and select the login you want to use via the autofill list? If I didn't want B to appear in the autofill list, then I'd leave the URI entries blank. |
I can see how it might spin out of control, but would an "exclude" function be warranted if people keep assuming "never" means that. (I'm one of those people) |
Adding my name to the list of people bamboozled by this option! I completely agree with njibhu, in that adding a "never" entry should allow the default match rule to work while excluding any subdomains explicitly defined by "never" rules. Right now the only way to do this is via regex, which is far from user friendly, and your own docs specifically put dire warnings against doing. kspearrin's use case makes zero sense to me. |
@kspearrin anything to add about this? A number of users here, including myself, expected the "never" entry to be a way to exclude subdomains. It is clear that this would be a much better use case instead of having to write out a regex pattern , an approach not recommended in your docs. The use case you brought up doesn't seem to be very useful. Why not set the login item B with blank URI entries so they don't match with anything at all? The "never" option, as it is now, doesn't have any meaningful purpose. I also understand making "never" as an exclude function from the initial match is also not so straightforward. It is also a matter of how the "never" function will match the exceptions and what would be a user-friendly way to configure it. But I imagine the most popular use-case will be to exclude a particular subdomain. In the mean time, if anyone wants to have a pseudo "never" function, here is the regex I use:
Matches any https google.com URI except those with a Note that you'll have to also make another regex for login items that specifically work with the In case anyone needs to specifically match any sub-subdomain with a fixed sub-domain URI like I had to, here's an example:
This would specifically match any https mail.google.com sub-subdomain like |
Totally agree!
Using 'Never' as described above seems to be how users expect it to work ... the reason that I found this thread! For the average user, the Regex above is just gibberish and OTT. |
I agree. I much prefer a non-regex solution to exclude subdomains, but I guess the developers are not listening and the explanation of 'Never' by @kspearrin is not so compelling for all the reasons discussed in this thread, and he has yet to follow up. This issue has been closed for some time now, so I'm not sure how much visibility this issue will get. So I'm forced to use regex in the meantime, and if anyone wants similar functionality for an otherwise excellent password manager, they can start with the pattern example I posted. But I much rather prefer the developers to have a proper never/exclude host function. |
Seems the way something like this can get implementation is if the feature request gets enough attention. |
Implement the markAsDirty form controls for AddEditComponent(#761) Prevents add-edit page from closing if new password has been generated
* Move access logic to org model (#713) * [feature] Allow for top level groupings to be collapsed (#712) * [End User Vault Refresh] Refactor route permission checking (#727) * Update admin access logic * Centralize route permission handling * Add permission check for disabled orgs * [EndUserVaultRefresh] Add base routing guard (#732) * Add a base class for Angular routing guards * Update Guard naming convention * Bump node-forge to 1.2.1 (#722) * Remove Internet Explorer logic (#723) * Username generator (#734) * add support for username generation * remove unused Router * pr feedback * Bump electron and related dependencies (#736) * PS-91 make isMacAppStore return true/false (#735) * return false if undefined from isMacAppStore * PS-91 use strict equality instead of null coalescing Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * [bug] Fix Safari CSV importer for URL and Notes (#730) * Fix import path for safari importer (#740) * Force updates to be silent (#739) * support for username gen website setting (#738) * Fix jslibModule forms (#742) * Add DatePipe provider to JslibModule (#741) * Feature/move to jest (#744) * Switch to jest * Fix jslib-angular package name * Make angular test project * Split up tests by jslib project * Remove obsolete node test script * Use legacy deps with jest-preset-angular * Move web tests to common * Remove build from pipeline This was only being used because we were not using ts runners. We are now, so build is unnecessary * Remove the VerifyMasterPasswordComponent from jslib module (#747) * Add ellipsis pipe to jslib module (#746) * add ellipsis pipe to jslib module * Add ellipsis pipe to exports * Add ColorPasswordCountPipe to JslibModule (#751) * Generator cleanup (#753) * type is null by default * rename generator component * remove showWebsiteOption * shorthand if check * EC-134 Fix api token refresh (#749) * Fix apikey token refresh * Refactor: use class for TokenRequestTwoFactor * Remove keytar and biometric logic (#706) * [bug] CL - fix default button display and callout header class (#756) * [EC-142] Fix error during import of 1pux containing new email field format (#758) * Add support for complex email field type * Ensure complex email field type gets imported on identities * [euvr] Separate Billing Payment/History APIs (#750) * [euvr] Separate Billing Payment/History APIs * Updated to new accounts billing API * Removed getUserBilling as it will become obsolete once merged * [end user vault refresh] Base Changes For Vault Filters (#737) * [dependency] Update icons * Avoid duplicate fullSync api calls (#716) * Tweak component library slightly (#715) * Check runtime name vs mangled name (#724) * Add Chromatic (#719) * Update SECURITY.md (#725) * Update SECURITY.md Add link to our HackerOne program for submitting potential security issues. * Revise language on SECURITY.md * Remove error Response type check (#731) * Remove error Response type check Minimization is impacting type checking in a non-consistent way. The previous type check works locally, but not from build artifacts 🤷. We only set `captchaRequired` on our errors when we want a resubmit with captcha included, so we're safe keying off that * linter * [JslibModule] Add JslibModule (#733) * Add ellipsis pipe (#728) * add ellipsis pipe * run prettier * Account for ellipsis length in returned string * Fix complete words case * Fix another complete words issue * fix for if there are not spaces in long value * extract length check to beginning of method * condense if statements * remove log * [refactor] Add optional folders param to folderService.getAllNested() This will be used later for use cases where the vault filters service needs to build a list of nested folders that have been filtered by organization * [feature] Add organization filters This is an MVP implementation of the changes needed for the vault refresh. This includes collapsable top level groupings, and organization based filters that dynamically adjust folders and collections. * [refactor] Break down vault filter into several components These changes rename and rewrite the GroupingsComponent into a VaultFiltersModule. The module follows typical angular patterns for structure and purpose, and contain components for each filter type. The mostly communicate via Input and Output, and depend on a VaultFilterService for sending and recieving data from other parts of the product. * [bug] Add missing events for folder add/edit * [refactor] Dont directly change activeFilter in VaultFilterComponent * [refactor] Move DisplayMode to a dedicated file Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> Co-authored-by: Oscar Hinton <oscar@oscarhinton.com> Co-authored-by: Matt Gibson <mgibson@bitwarden.com> Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com> * [CL-16 Component Library] Menu Dropdown (#761) * [bug] Add missing null check in vault filters (#769) * [bug] Add @Injectable to VaultFilterService (#781) * [fix] Ran prettier * [fix] Fix merge issue I used createUrlTree when merging guards because I knew that was the angular standard, didn't notice that redirect was a helper method from us * Remove BaseGuard (#791) Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> Co-authored-by: Thomas Rittson <trittson@bitwarden.com> Co-authored-by: Oscar Hinton <oscar@oscarhinton.com> Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com> Co-authored-by: Jake Fink <jfink@bitwarden.com> Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> Co-authored-by: David Frankel <42774874+frankeld@users.noreply.github.com> Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com> Co-authored-by: Matt Gibson <mgibson@bitwarden.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com> Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com> Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com>
* Billing Sync Api Keys / Free Bitwarden Families Page updates (#767) * Work on billing sync api key maintenance * Add sync status call * Work on sync status copy * Return actual model * Update api calls/models * Fix linting * Run linting * Add in notAllowedValueAsync.validator.ts (#774) * Add in notAllowedValueAsync.validator.ts * Fix lint error * Run prettier * [PS-248] Feature/manage billing sync connection (#770) * Define org connection request and responses * Add organization connection API CRUD * Linter fixes * Handle create vs update in component * PR feedback * Remove unused import * Linter fixes * Use self hosted endpoints for f4e (#779) * Use self hosted endpoints for f4e * Call the method * Chore/merge/self hosted families for enterprise (#778) * Remove keytar and biometric logic (#706) * [bug] CL - fix default button display and callout header class (#756) * [EC-142] Fix error during import of 1pux containing new email field format (#758) * Add support for complex email field type * Ensure complex email field type gets imported on identities * Update introduction for CL (#729) * Add jsdoc comments for user verification, password reprompt, and appApiAction (#754) * Rename and add comments to clarify password reprompt classes * Add comment for appApiAction * copy default options (#764) * Update jest configs to remove roots (#766) * Remove support for alreadyEncrypted (#762) * Add tests for domain models (#768) * Fix language always defaulting to english (#765) * Rename Export DTOs (#763) * [BEEEP] Allow linking to ciphers (#760) * Remove userId from data models (#771) * Add reorganization notice (#776) * Add reorganization notice * [BEEEP] Add banner component (#759) Co-authored-by: Oscar Hinton <oscar@oscarhinton.com> Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com> Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com> Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com> * Chore/merge/self hosted families for enterprise (#796) * Remove keytar and biometric logic (#706) * [bug] CL - fix default button display and callout header class (#756) * [EC-142] Fix error during import of 1pux containing new email field format (#758) * Add support for complex email field type * Ensure complex email field type gets imported on identities * Update introduction for CL (#729) * Add jsdoc comments for user verification, password reprompt, and appApiAction (#754) * Rename and add comments to clarify password reprompt classes * Add comment for appApiAction * copy default options (#764) * Update jest configs to remove roots (#766) * Remove support for alreadyEncrypted (#762) * Add tests for domain models (#768) * Fix language always defaulting to english (#765) * Rename Export DTOs (#763) * [BEEEP] Allow linking to ciphers (#760) * Remove userId from data models (#771) * Add reorganization notice (#776) * Add reorganization notice * [BEEEP] Add banner component (#759) * [EC-159] [BEEEP] Remove factory providers in Angular DI (#775) * Forwarded email alias generation (#772) * generate forwarded alias with SL and AD * added forwarded email to type list * add ApiService dep * ApiServiceAbstraction * use proper status codes * only generate on button press * reset username to `-` * reset username when forwarded * Authorization header for anonaddy * use proper anonaddy json path * firefox relay support * update description for firefox * log username generation errors * PS-302 Added DeviceId to the 2FA email request and set it when calling the endpoint that's needed to see if it's a 2FA email because of a new device (#782) * [EC-154] [BEEEP] Add token for localesDirectory (#783) * Add token for localesDirectory * Add token for SYSTEM_LANGUAGE * [PS-74] Fix user authentication state checks (#721) * Create authService.authStatus, refactor isLocked checks * Rename authStatus -> getAuthStatus * [CP-30] Added creditCardNumber pipe for viewing saved card numbers properly (#590) Co-authored-by: Hinton <oscar@oscarhinton.com> * Fix linting (#789) * fix default forwardedService property name (#788) * Stop clearing list on every reload (#784) * [EC-151] Hide Subscription/Billing information for Provider-managed organizations (#777) * add canManageBilling permission and hasProvider helper method * [feat] End User Vault Refresh (#790) * Move access logic to org model (#713) * [feature] Allow for top level groupings to be collapsed (#712) * [End User Vault Refresh] Refactor route permission checking (#727) * Update admin access logic * Centralize route permission handling * Add permission check for disabled orgs * [EndUserVaultRefresh] Add base routing guard (#732) * Add a base class for Angular routing guards * Update Guard naming convention * Bump node-forge to 1.2.1 (#722) * Remove Internet Explorer logic (#723) * Username generator (#734) * add support for username generation * remove unused Router * pr feedback * Bump electron and related dependencies (#736) * PS-91 make isMacAppStore return true/false (#735) * return false if undefined from isMacAppStore * PS-91 use strict equality instead of null coalescing Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * [bug] Fix Safari CSV importer for URL and Notes (#730) * Fix import path for safari importer (#740) * Force updates to be silent (#739) * support for username gen website setting (#738) * Fix jslibModule forms (#742) * Add DatePipe provider to JslibModule (#741) * Feature/move to jest (#744) * Switch to jest * Fix jslib-angular package name * Make angular test project * Split up tests by jslib project * Remove obsolete node test script * Use legacy deps with jest-preset-angular * Move web tests to common * Remove build from pipeline This was only being used because we were not using ts runners. We are now, so build is unnecessary * Remove the VerifyMasterPasswordComponent from jslib module (#747) * Add ellipsis pipe to jslib module (#746) * add ellipsis pipe to jslib module * Add ellipsis pipe to exports * Add ColorPasswordCountPipe to JslibModule (#751) * Generator cleanup (#753) * type is null by default * rename generator component * remove showWebsiteOption * shorthand if check * EC-134 Fix api token refresh (#749) * Fix apikey token refresh * Refactor: use class for TokenRequestTwoFactor * Remove keytar and biometric logic (#706) * [bug] CL - fix default button display and callout header class (#756) * [EC-142] Fix error during import of 1pux containing new email field format (#758) * Add support for complex email field type * Ensure complex email field type gets imported on identities * [euvr] Separate Billing Payment/History APIs (#750) * [euvr] Separate Billing Payment/History APIs * Updated to new accounts billing API * Removed getUserBilling as it will become obsolete once merged * [end user vault refresh] Base Changes For Vault Filters (#737) * [dependency] Update icons * Avoid duplicate fullSync api calls (#716) * Tweak component library slightly (#715) * Check runtime name vs mangled name (#724) * Add Chromatic (#719) * Update SECURITY.md (#725) * Update SECURITY.md Add link to our HackerOne program for submitting potential security issues. * Revise language on SECURITY.md * Remove error Response type check (#731) * Remove error Response type check Minimization is impacting type checking in a non-consistent way. The previous type check works locally, but not from build artifacts 🤷. We only set `captchaRequired` on our errors when we want a resubmit with captcha included, so we're safe keying off that * linter * [JslibModule] Add JslibModule (#733) * Add ellipsis pipe (#728) * add ellipsis pipe * run prettier * Account for ellipsis length in returned string * Fix complete words case * Fix another complete words issue * fix for if there are not spaces in long value * extract length check to beginning of method * condense if statements * remove log * [refactor] Add optional folders param to folderService.getAllNested() This will be used later for use cases where the vault filters service needs to build a list of nested folders that have been filtered by organization * [feature] Add organization filters This is an MVP implementation of the changes needed for the vault refresh. This includes collapsable top level groupings, and organization based filters that dynamically adjust folders and collections. * [refactor] Break down vault filter into several components These changes rename and rewrite the GroupingsComponent into a VaultFiltersModule. The module follows typical angular patterns for structure and purpose, and contain components for each filter type. The mostly communicate via Input and Output, and depend on a VaultFilterService for sending and recieving data from other parts of the product. * [bug] Add missing events for folder add/edit * [refactor] Dont directly change activeFilter in VaultFilterComponent * [refactor] Move DisplayMode to a dedicated file Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> Co-authored-by: Oscar Hinton <oscar@oscarhinton.com> Co-authored-by: Matt Gibson <mgibson@bitwarden.com> Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com> * [CL-16 Component Library] Menu Dropdown (#761) * [bug] Add missing null check in vault filters (#769) * [bug] Add @Injectable to VaultFilterService (#781) * [fix] Ran prettier * [fix] Fix merge issue I used createUrlTree when merging guards because I knew that was the angular standard, didn't notice that redirect was a helper method from us * Remove BaseGuard (#791) Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> Co-authored-by: Thomas Rittson <trittson@bitwarden.com> Co-authored-by: Oscar Hinton <oscar@oscarhinton.com> Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com> Co-authored-by: Jake Fink <jfink@bitwarden.com> Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> Co-authored-by: David Frankel <42774874+frankeld@users.noreply.github.com> Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com> Co-authored-by: Matt Gibson <mgibson@bitwarden.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com> Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com> Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com> * [EC-192] Use ts-jest instead of deprecated ts-jest/utils (#792) * [SG-230] “All Items” and “Trash” missing from Organization Vault (#795) Co-authored-by: Oscar Hinton <oscar@oscarhinton.com> Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com> Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com> Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com> Co-authored-by: Federico Maccaroni <fedemkr@gmail.com> Co-authored-by: Anthony Garera <gareraanthony@gmail.com> Co-authored-by: Jake Fink <jfink@bitwarden.com> Co-authored-by: Addison Beck <addisonbeck1@gmail.com> Co-authored-by: Thomas Rittson <trittson@bitwarden.com> Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> Co-authored-by: David Frankel <42774874+frankeld@users.noreply.github.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com> Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com> Co-authored-by: Justin Baur <admin@justinbaur.com> Co-authored-by: Justin Baur <136baur@gmail.com> Co-authored-by: Oscar Hinton <oscar@oscarhinton.com> Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com> Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com> Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com> Co-authored-by: Federico Maccaroni <fedemkr@gmail.com> Co-authored-by: Anthony Garera <gareraanthony@gmail.com> Co-authored-by: Jake Fink <jfink@bitwarden.com> Co-authored-by: Addison Beck <addisonbeck1@gmail.com> Co-authored-by: Thomas Rittson <trittson@bitwarden.com> Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> Co-authored-by: David Frankel <42774874+frankeld@users.noreply.github.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com> Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com>
Step to reproduce:
When dealing with HTTP basic auth, the fact that Bitwarden will prefill only if there is one entry makes this bug extremely annoying since there are no way of having multiple different logins for dynamic subdomains.
The text was updated successfully, but these errors were encountered: