Improve hostname and domain retrieval

[djsmith85]

Type of change

• Bug fix
• New feature development
• Tech debt (refactoring, code cleanup, dependency upgrades, etc)
• Build/deploy pipeline (DevOps)
• Other

Objective

Improve the retrieval and validation of hostnames and domains, which affects url matching/auto-fill
Newly supported scenarios:

• IPv6
• subdomains with an underscore
• Fixes a scenario where IPv4 addresses would not be returned as they got prefixed with http:// (Regex fails)
• Fully up-to-date public-suffix list instead of relying on a regex only including the most common tlds
• Support for parsing urls with umlauts

If for any reason the new detection does not work, I've included a fallback to the original parsing logic.

Marking this as draft:
As this affects a core part of the product/clients, I'd like to discuss the points below with the team.

• I'd like to discuss the presence of the fallback to the original logic
  • If we can get rid of it, we could remove tldjs as a dependency
  • Remove tldjs.noop.ts
  • Clean up the tsconfig.json in some repos that map tldjs to tldjs.noop.ts
• The need for a tldjs.noop.ts or for that matter tldts.noop.ts

Asana task: https://app.asana.com/0/1153292148278596/1201431275009049/f

Closes bitwarden/web#545

Could possibly improve or fix the following issues;

• Autocomplete fails for umlaut domains clients#910,
• Auto-Fill / Auto-Suggest not working for Basic Auth (Login Modal) clients#1191
• Autofill isn't working for a specific site clients#1621
• Default match detection no longer works for IPV6 URIs clients#2107
• URI match detection doesn't work for underscores in URIs  clients#2108
• Some TLD's not recognized as in URLs clients#2811

Code changes

• spec/common/misc/utils.spec.ts: Added several new test cases
• common/package.json: Added new dependency tldts to parse urls
• common/package-lock.json: Updates after adding tldts and running npm i
• package-lock.json: Updates after adding tldts and running npm i
• common/src/misc/utils.ts: Added several new test cases
• common/src/misc/tldts.noop.ts: Included method overrides similar to existing tldjs.noop.ts

Testing requirements

For jslib itself there won't be much to test/verify other than the present unit tests.
The following PR's for the affected repos will have a lot of areas to test. Will detail them there once this is ready for merge.

Before you submit

• I have checked for linting errors (npm run lint) (required)
• I have added unit tests where it makes sense to do so (encouraged but not required)
• This change requires a documentation update (notify the documentation team)
• This change has particular deployment requirements (notify the DevOps team)

[eliykat]

May also fix bitwarden/clients#2177. Would need to check what method the Excluded Domains page calls during validation.

[eliykat]

Nice work @djsmith85. See comments below. In answer to your discussion questions:

• let's deprecate tldjs and the old tldjs logic. We seem to have lots of test case coverage here, that lets us be aggressive in our refactoring. There's no point keeping around old stuff "just in case".
• let's try to get rid of the noop implementation by moving this to a separate class and only using it in the clients that require it. Utils is supposed to be shared by all Typescript clients, stubbing out dependencies with noop implementation is a bad pattern imo.

[eliykat]

Do we need to import it this way when it's a native Typescript project? We should be able to use the usual import format.

[djsmith85]

Not necessarily, but I did do it this way, as the getHostname method clashes with ours in utils.ts

[eliykat]

I assume we have a noop version so that other clients can use the Utils class without needing this dependency. But this seems like a bad pattern. Can we extract this out to a new class/service instead, so that it's only imported by the clients that need it, it doesn't interfere with Utils, and we don't need the noop?

[djsmith85]

See comment here: #547 (comment)

[eliykat]

I'd include this in the previous if block just for brevity:
`if (uriString == null || uriString.trim() == '')

[djsmith85]

Calling trim() was actually important before executing the old parsing logic, as it would throw an exception if it was not trimmed beforehand

[eliykat]

Can tldts do this kind of validation for us? Crafting regexes here seems like a losing battle.

[djsmith85]

The only reason I included is, a test would be failing as it's assumed to be an invalid url. The issue is the exclamation mark is actually a reserved character, it's just not commonly used. So I'd prefer to adjust the test and get rid of this check.

[eliykat]

I assume this is a holdover pattern from tldjs. I don't know if/why we need this, I suspect it's a holdover from using a js library and/or the noop implementation. If you move this into its own class then I think you can remove this.

[djsmith85]

Yes, that is just a holdover in case we'd use the tldts.noop. Has been removed in a recent push.

[eliykat]

Probably don't need this if we're removing the if statement on line 201, right? I assume it's a fallback in case tldjs/ts isn't present

[djsmith85]

Also a fallback and I've removed it.

[eliykat]

I don't think these are valid test cases because domain names do not actually contain unicode characters. If we want the domain name from a string containing unicode, I think it should do the punycode translation in order to get the "real" domain name. e.g.

expect(Utils.getDomain('bütwarden.com')).toBe('xn--btwarden-65a.com');

However, this does depend on what components/services are using this method. There may be some situations where we want to display the unicode in the GUI. But for behind the scenes domain matching logic, we always need the punycode. I suggest doing some investigation here.

[djsmith85]

@eliykat Thank you for taking the time to go through this and also the great feedback. I've decided to ditch the noop's and also the fallback logic. Pulling this stuff into a separate class/service would be great but it is all static and it's also being used inside our models (loginUriView). So no way to inject that.

I'll need to have a look into for example the web repo and why we are overriding tldjs with the noop. I don't really see any good value/reason for it anymore.

[Hinton]

Hi,

We are currently in the process of archiving this repository and moving the code and future development to the bitwarden/clients repository. This PR will be closed but feel free to re-open it again on bitwarden/clients.