-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Subdomain support #77
Comments
I agree. I use a lot of subdomains that don't share credentials with the parent domain, it's a hassle scrolling through my list to find the right subdomain. An improvement would be at least putting the exact matching subdomain credentials at the top of the list. Thanks! |
Today bitwarden will compare the "base domain" when showing you suggested logins. I am going to propose that we add a boolean (checkbox) option to each login "Use Full URI", defaulting to false. If a login has this option checked we will compare the full hostname (including any subdomains and ports) instead of the base domain. Examples: domain.comdomain.com (match) sub.domain.comdomain.com (no match) sub.sub2.domain.comdomain.com (no match) localhost:4000localhost (no match) |
looks sane however as |
Any idea when this will actually make it to the extension? I don't seem to see this in the current release of the chrome browser extension. |
@WardsParadox It hasn't been started yet. Hopefully sometime soon. |
Ah ok. I got misled by the merge. My bad. Thanks for the info 👍 |
Watching this ... |
Any progress on this? The direct matches on top works well, but I would prefer it if bitwarden would not display all options for a single domain. |
@globau commented on 22 maj 2017, 19:41 CEST:
I suggest another option for this - maybe something like: |
@kspearrin I understand that it is not possible to match the "app1" on the .com and on the localhost, but it would be awesome to differentiate "app1" and "app2", like LastPass does. Thanks. |
@ChristianMartel Yea, my proposed solution would not work for that since it is not taking the URL path into account. Maybe we need something like "Use Full Hostname" (previous suggested solution) and a "Use Full URI" option (your suggestion)? "Use Full URI" would compare that the current browser URI starts with the stored URI. For example, if you have stored "https://domain.com/app1" as the URI in your vault and selected "Use Full URI", the following would match: Would not match: Also I am terrible at naming things so if anyone has better ideas on the labels for those checkboxes I'll take it :) |
@kspearrin What you are suggesting would be better, but would not fit all of my use-cases. And the same for app2, app3, app4 ... |
Then you would save your URIs as "https://domain.com/app1/" and "https://domain.com/app1test/" (trailing slash) |
Is there (or will be) possibility to add multiple URIs to one credential? |
@SylwesterZarebski That is not planned at this time. |
Thanks, making recognizing stricter with some hosts/addresses should be first priority, i think. |
@SylwesterZarebski Check out "Equivalent Domains". Is this what you are looking for? https://vault.bitwarden.com/#/settings/domains |
@piejanssens the core issue here is quite the opposite, we need to differentiate between domains that are considered the same when matching. This #77 (comment) describes the proposed feature very well. |
You can also consider allowing /regex/ in the website+equivalent domain fields for advanced cases. Then you can match any URL. |
@WardsParadox can you fix the typo in the subject please? For some reason it's annoying me a little ;) |
@wolph Yup. Didn't even notice. Would have bothered me too. Hopefully, this feature comes soon as since they introduced the sorted usernames, it has made the 9 logins I use that all share the same main domain, a nightmare. |
@kspearrin does your solution take into account sub-pages with similarly named fields? For example, our ticketing application has a login page where I enter my email + password, but then when I open tickets that also have an email field for the customer, Bitwarden will auto fill my own email. If I could match on the full URI (https://ticketing.domain.com/login.html) that would be different from the ticket URI (https://ticketing.domain.com/ticket?id=1234) and would solve my problem. Also wondering an approximate eta for this issue - it's literally the only complaint I have about Bitwarden at this time :) |
@sebastian-burlacu Yes, that use case would be covered I believe. Maybe in the next month or two hopefully. |
for the love of the gods, please fix this. I have 50+ logins for *.local.lan resources that all show up for every single web login page on those resource, where reality, there is only one valid login for that resource |
@kspearrin, today evening. I send you feedback after 8 pm. |
Signed up for the Android beta. But I can't see the option to change the match type in the edit dialog. It reminded me though - in the Android browser (I'm using Jelly on LineageOS), I get a bitwarden notification but it never matches anything since it's trying to match on the app ID - tapping the notification takes me to "Items for org.lineageos.jelly" and I have to manually search for the site I want. I assume this is a known problem? |
On android, press and hold around the label for context menu options. |
OK, found it. Not as discoverable as in the browser extension. |
@benshep I am not a personal Android user so I don't know a lot about usability patterns there, but is that not a common way of attaching options to a section of information? |
Yes, long-press is fairly common. But I don't think there are any other long-press options on that screen, so the user does not expect one. In my opinion it would make more sense to have a 'gear' icon on the right (cf the icons for 'view password' etc) which would be the same as the browser extension. |
@kspearrin, so sorry. The settings in the android beta works fine. But I only had chrome beta and edge installed. And for both bitwarden not working 😩 |
@kspearrin - when we can expect an official release with this feature included? |
@kspearrin I'm not understanding, how does this interact with Equivalent Domains? I understand what both are used for, but what's stopping me from, say, deleting the Google > Youtube ED, and have URI 1 as http://google.com and URI 2 as http://youtube.com? |
@pokemontotalwar Nothing is stopping you from doing that. Eq domains are global. Multiple URIs are for each individual login. |
@kspearrin Okay, awesome, thank you! I wasn't sure if it would work and I didn't want to go deleting eq domains before knowing if the multiple URIs would work for it. So really the main use for eq domains now is for sites you have multiple logins for and maybe apps. Is there a way to edit eq domains in anything but the web vault as of yet? |
You can only edit eq domains in the web vault. |
ALL: The updates for multiple URIs + match detection options are now rolling out. I have created a help article that covers this feature in detail. See here: https://help.bitwarden.com/article/uri-match-detection/ Please let me know if you have any feedback on the help article. |
Hey @kspearrin I linked it in reddit too. Hope you don't mind. |
Thanks a lot! It also works with HTTP Basic Auth (when credentials are set properly to be only one for site). |
This feature is now available on all platforms. Thanks for the feedback all. |
@kspearrin Base URI matching isn't working for me on the Chrome extension for the URI |
When I click on that site, it redirects to pantheon.io - is that part of the problem? |
Possibly. The URI which I actually navigate to is something like |
Hi; thanks for this feature. However, right now it's quite hard to use for the following use case; my company creates many customer-specific subdomains (ex: customer1.domain.com, customer2.domain.com) and for sharing administration passwords we want to use bitwarden. However, in the current way that this feature is implemented, every time i add a new login/password for a new subdomain (e.g. customer3.domain.com), bitwarden uses the base domain as default url matching method, so basically i need to log once, edit the rule to e.g. startswith instead of base domain (the default). Is it planned to define globally the default url matching rule for a specific base domain ? That would be the opposite of the currently available equivalent domains menu. |
@fthiery Yes, it is planned to add a global option to change the default. I don't have a timeline available for that yet though. |
Great, thanks; is the spec defined yet in another issue (if i can bring my 2 cents) ? |
For anyone (like me) that could only find this in the web (vault.bitwarden.com) but not in the browser extension, you can find it by going to
|
@gene1wood it’s explained here : https://help.bitwarden.com/article/uri-match-detection/ « While editing a login you can adjust the match detection value for a given URI by selecting the ⚙️ Options button next to the URI’s value. » |
This is great! Would be nice to have it select the best options for known cases like slack! |
* Moved callout to jslib, made policyInEffect a prop * remove true condition
Hello,
Love Bitwarden and have swapped to it from Lastpass. I noticed that there is no support for separating sites based on the full domain. Bitwarden detects tech.example.com and forms.example.com to be the same site and offers both sets of logins for both sites. If a user could setup a URL rule to prevent this, that would be great.
The text was updated successfully, but these errors were encountered: