-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[PM-3343] Capture TOTP QR codes from websites in the browser extension #5985
Conversation
Thank you for your contribution! We've added this to our internal Community PR board for review. |
Right now, the PR is parsing the QR code as a URI such as: |
Thank you very much for this interesting and desired feature! For consistency with the mobile app, the best choice would be to store the entire URI. Moreover, in analyzing other password managers, I have noticed that the entire URI is always saved. |
As a note for QA: I tested manifest v2 developer builds of Firefox/Chrome. I don't have a testing setup for Safari at the moment. It could be that we need a separate way to capture the webpage screenshot on Safari, reference https://stackoverflow.com/questions/3329117/what-does-visiblecontentsasdataurl-exactly-do |
Hello! The designers are requesting a few UI/UX tweaks to be consistent with mobile. Could we look into
Once these changes are implemented, this will be a great win for the extension. Appreciate your work on this. |
Thanks for the feedback. Minor nit-pick, "scan QR code" could mean that the camera is used (in case of a laptop, or a desktop with a webcam is used). How about "Scan QR code from webpage"? Also:
When saving, it does pop the notification (visible in the video). Does the point refer to replacing the active toast instead of pushing a new one? |
Added the copy button; changed the messages to be:
Question about this; I can see why with "can-view" permissions, the capture would be disabled as the user should not modify the entry. But as the code is visible to the user, they could just mark & copy it, or manually copy it by copying it letter by letter. So I'm not sure what the purpose is for disabling the copy button? |
When editing the entry, it shows the TOTP secret ( The copy button is left as "Copy TOTP code" in view mode (when actually copying TOTP codes).
That's fine. For now I completely hid the actions (both copy the secret and capture the qr code) when in view only mode (this is the same behaviour as is currently applied for the "generate username" / "generate password buttons"). |
Actually, thinking about it, since the text field is labeled "Authenticator key (TOTP)", it might make sense to rename the copy message to "Copy Authenticator key" or "Copy Authenticator key (TOTP)". |
That behaviour is unchanged in this PR :) Should the "Copy Authenticator secret (TOTP)" button be enabled when the permission is "Can-view"? (Right now both actions are disabled for both permissions). |
Yup, exactly! Other than that, I think this should be good to go :) |
@@ -642,4 +643,28 @@ export class AddEditComponent implements OnInit, OnDestroy { | |||
|
|||
return loadedSavedInfo; | |||
} | |||
|
|||
async copy(value: string, typeI18nKey: string, aType: string): Promise<boolean> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the contribution. Everything looks great, just one more requested change from our end. the copy method here has conflicts with the copy inside web apps/web/src/app/vault/individual-vault/add-edit.component.ts
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good!
Thank you for your contribution! |
Discussions on this permission here: #5985
Discussions on this permission here: #5985
Discussions on this permission here: #5985
Type of change
Objective
Some sites don't provide the TOTP secret directly, but only a QR code. Additionally, copying and pasting is an additional step for the user. Finally, copying the TOTP secret temporarily exposes it to the clipboard, which might be snooped on by other applications / browser extensions.
This PR adds a button next to the TOTP secret field, which when pressed captures a screenshot of the current webpage, extracts the TOTP QR code and reads it.
Closes https://community.bitwarden.com/t/totp-screenshot-feature/7043/2
Code changes
Screenshots
totp-capture.webm
Before you submit