Thanks @pfn :)

I'm hoping to work on it in bits and pieces over the next little while. My day job is embedded development so playing with Javascript again is a breath of fresh air.

At the same time, if anyone else is reading this and wants to jump in and tackle any of the items mentioned above, please be my guest.

Coming along pretty well.

Decided I may not need to fix the jQuery errors I'm seeing in FF console, they don't appear to have any bearing on behaviour.

Could I help you with some testing? Don't have much experience with browser extensions but willing to try/learn.

Could I help you with some testing? Don't have much experience with browser extensions but willing to try/learn.

Sure, that'd be great! To install a development version in Firefox:

• "git clone" my fork of the repo, or download and unzip https://github.com/projectgus/passifox/archive/chromeipass_firefox.zip
• In Firefox, browse to "about:debugging" then click "Load Temporary Addon", navigate to the "chromeipass" subdirectory and select the "manifest.json" file.

Usual caveats about development versions, trusting with your data, etc. apply. :)

As the addon is unsigned, it will uninstall when Firefox exits and you'll need to reload it. So far I've needed to re-pair it with KeepassXC each time this happens (there are some options in about:config, "extensions.webextensions.keepStorageOnUninstall" and "extensions.webextensions.keepUuidOnUninstall" but this has not been enough to make the association persist.) Still haven't looked to see if this is a bug in the addon or a security limitation of Firefox that can possibly be bypassed another way.

My current status on this is that I started yak shaving by adding support for context menu accelerator keys to firefox WebExtensions.

If you want to dig deeper, the Mozilla docs for WebExtensions are good: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/

So far works great.

Have so far only noticed the bug you are working on atm, which seems to be a FF issue. I feel like your patch is ready to be pulled, while the compatibility is added to FF. Or would you rather wait till you have that fixed too?

Remaining bugs (bullet 3) will be found when more people start using this and start reporting them, and 5 should be fixed when this gets signed...

I signed a version for testing, if anyone wants to give this a go. Just drag and drop the xpi into your Firefox window, should install and persist across sessions.

chromeipass-2.8.0-an+fx.xpi.zip

I can confirm that number 5 is done when using this signed and packaged addon.

I can confirm that number 5 is done when using this signed and packaged addon.

Excellent, thank you!

I feel like your patch is ready to be pulled, while the compatibility is added to FF.

I think I generally agree. There's only bug I've seen now, sometimes if you click "Fill User & Pass" in the contextual menu then a debugging window pops up due to a fatal error. Doesn't seem to happen every time.

Other than this, the contextual menu titles look a bit weird in Firefox but it's easy enough to open a separate issue to track this, until Firefox supports them.

Angus

Works fine for me on FF 52.0.1 with GNOME on kernel 4.10.5.

The only issue I see is that Google's login (split over two pages) does not auto-fill on the first page, i.e. I have to manually add in my user name, then on the second page I have to manually click 're-scan credentials fields' for it to work.

@pfn What work is still needed to get this PR merged?

@Ivan0xFF From my point of view I'd be happy for this to be merged now, and I'll open an issue to track the contextual menu thing.

If it stays open for a few more days then over the weekend I was hoping to try and track down the occasional error I was getting when selecting "Fill User & Pass". Although it seems like it may require some special combination of events to reproduce, as I've only seen it once or twice. So I don't think it's a showstopper.

In the end it's all up to @pfn as maintainer, of course. :)

(I've checked "test for broken Chrome functionality" off my list as I've put Chromium through its major paces with this PR. I think if there are more subtle bugs they'll only be found once a larger number of users start using it, unfortunately.)

I just tried @Ivan0xFF's version. It works with all of my daily sites. Awesome!

Just noticed that there are quite a few errors like this in the terminal:

JavaScript error: jar:file:///home/yen/.mozilla/firefox/468widst.default/extensions/%7B5affb487-fdda-435f-b4b8-2bfdba33e51f%7D.xpi!/chromeipass.js, line 1142: TypeError: cip.init is not a function

Is it harmless or a potential sign for a bug?

There's another issue: in the legacy Firefox addon, there's usually only one KeepassHTTP confirmation dialog for an password field. With this version, a KeepassHTTP confirmation dialog jumps out whenever a web page loses focus and gets focus again. This is somewhat annoying.

@smorks @pfn Is it helpful if I merge your changes into this PR branch as well? They seem great.

I'm not sure what the path forward from here is, exactly.

Some pages use a div that's hidden until you press a login button. This means the browser extension ignores those forms until they are visible. Currently there's no feature for redetecting the form fields automatically/continously.

@varjolintu I only use Chromium a little bit, but from what I recall it seems like this is an issue there as well? Or is it only an issue when running the WebExtension on Firefox?

@projectgus i'm fine with merging my changes into this PR, not sure if it will help with moving things along at all.

Cool. Well, this PR branch is now level with your 2.8.5 release tag. I left out the most recent commit which changes README URLs, as if this PR is to be merged then we don't want that.

The other change which we may not want here is the new addon id. But I'm not going to bother changing it back until we know what @pfn plans to do.

(BTW, @smorks, I think the idea of you taking over as maintainer provided this works for @pfn.)

@projectgus It happens with both browsers. I have an idea how to solve it but haven't tested it yet. Basically you could monitor any hidden divs that contain forms and do a re-detect when any of those hidden div's are visible again.

@smorks & @projectgus I really like these changes you've been making. If it's ok to you I would like to merge some of those to keepassxc-browser (and give you a credit of course).

@varjolintu If it's not Firefox-specific then probably best to open a separate issue to discuss it. I agree it would be nice to fix if possible (I do a lot of clicking on the chromeipass icon and saying "Redetect credential fields").

Regarding merging my changes, I have no problems with them being merged anywhere they are useful.

@varjolintu i'm fine with you merging my changes too.

Will this ever get merged?

I made a PR to projectgus/passifox#1 which solves an issue with HTTP auth with Chromium based browsers. It's not pretty but works as a workaround until there's a better solution.

@smorks Here's one solution to the problem with forms inside hidden divs. Simple but works. Tested with Firefox 55 and Chromium 61. If you know any better solution than setInterval, please let me know.

Hmm. How about using MutationObserver to detect DOM changes? https://stackoverflow.com/a/11546242

May still need a timer to rate limit and avoid a notable performance impact (ie reset a ~100ms timer each time the DOM changes, so 100ms after the last DOM change event the extension scans for login boxes.)

EDIT: Actually, given you can filter the events you care about it may be possible to filter so you only get an event if a password field changes. I don't know if that would include the parent div's visibility changing, though.

BTW, @varjolintu, sorry I haven't looked at your other PR content yet. Plan to do so this weekend.

@projectgus I already closed the pull request. @smorks did a better job implementing the same fix :)

The recent release of Firefox 57.0b1 makes the WebExtension-compatible version of Passifox all that much more urgent! Thanks for your continued work on this.

Edit: Just signed and installed it myself and it is working great!

@hackel For those of us not familiar with signing/installing manually, would you mind providing a short description of the required steps, or at least a link?

Track this project for a WebExtension fork of passifox/chromeipass: https://github.com/smorks/keepasshttp-connector

And now it's on AMO: https://addons.mozilla.org/en-US/firefox/addon/keepasshttp-connector/

Will passifox (on AMO) be updated to webextension in the future? Or will this "kepasshttp-connector" be the version to use on 57+?

Firefox 57 has now been released, are there any plans to get this shipped soon?

@RealOrangeOne Loot at the comment above from @Ivan0xFF. The firefox compatible fork is already on AMO: https://addons.mozilla.org/en-US/firefox/addon/keepasshttp-connector/

I'm using it every day and works great :)

The fork works, but its the chrome version, which doesnt integrate nicely with the builtin password manager. Really hope that feature stays, assuming the WebExtension API exposes this

No that feature does not work. It is not yet exposed by the WebExtensions API.

Is the KeePassHTTP Connector add-on safe for users to use? I'm new to KeePass and am hoping that some kind of fix for Firefox Quantum integration that is secure is available.

@esat7 It is safe.