KeePassDX icon indicating copy to clipboard operation
KeePassDX copied to clipboard

Published 20 hours ago verified publisher icon Kunzisoft

Autofill: Recognize distinct hyphenated domain names

Open JJohnGreenSr opened this issue 2 years ago • 11 comments

Describe the bug Not sure if I worded the title right, but whenever I log in to my Microsoft Outlook email, I'm sent to login.live.com. But KeePassDX also lists accounts for forums.nba-live.com (a site for basketball discussion)

To Reproduce Steps to reproduce the behavior:

  1. Have an account for login.live.com
  2. Have an account for forums.nba-live.com
  3. Go to outlook.com
  4. Tap sign in button, which redirects you to login.live.com
  5. Tap Sign in via KeePassDX button on keyboard
  6. Unlock database
  7. Both account entries should be listed on autofill

Expected behavior Only the one for login.live.com should be listed on the autofill section of my keyboard.

KeePass Database

  • Created with: KeePass 2 (looking at settings)
  • Version: KDBX 4.0
  • Location: Remote file retrieved with Nextcloud app
  • Size: Maximum size 6 MiB
  • Contains attachment: No

KeePassDX (please complete the following information):

  • Version: 2.10.5
  • Build: libre
  • Language: English

Android (please complete the following information):

  • Device: Galaxy A11
  • Version: 11

Additional context Add any other context about the problem here.

  • Browser for Autofill: Brave 1.29.79, Chromium 93.0.4577.63

JJohnGreenSr avatar Sep 14 '21 13:09 JJohnGreenSr

KeePassDX cannot guess that credentials from one domain are running on another domain. You just have to fill a new custom field in the basketball site entry, to add login.live.com.

J-Jamet avatar Sep 14 '21 14:09 J-Jamet

I guess what happens here is the following: Subdomain search is not enabled per default. When you open a URL with a domain *.live.com the autosearch for the autofill will search the database for entries that contain the string "live.com" in either the URL, title or notes:

return stringToCheck.isNotEmpty() && stringToCheck.contains( searchParameters.searchQuery, true)

So an entry with URL "forums.nba-live.com" will also match.

uduerholz avatar Sep 16 '21 12:09 uduerholz

@J-Jamet Did you read my comment? What do you think?

uduerholz avatar Sep 20 '21 11:09 uduerholz

Yes you're right, I got the problem backwards.

J-Jamet avatar Sep 20 '21 13:09 J-Jamet

My first idea to solve this problem is to add a "." to search as a prefix, but it won't work if there is no subdomain. So I think it's better to leave the current behavior, just select the right domain when clicking. Unless you have another idea for fixing this bug.

J-Jamet avatar Sep 22 '21 13:09 J-Jamet

I had a look at the code last week and was a bit surprised how much effort is made to determine the "public suffix" of the domain (which is not necessarily the top level domain, e.g. co.uk is a public suffix). What if only the complete domain name is considered a match, no matter if a sub domain is present or not? Why is it the default that subdomains are disregarded in the search?

uduerholz avatar Sep 22 '21 14:09 uduerholz

I don't have the whole subject in mind anymore but I know that it solves specific problems, I had done many tests.

In one case there will be URL redirection, in other cases not, so for example if you register a url with www and the next time you go to the same site without www, it will not work. I also know that websites use subdomains only for login. (Same thing for mobile version .m if a database is shared with a desktop version). Some sites even use lots of subdomains to handle large-scale simultaneous connections, so it won't be the same subdomain for every login. So it requires the user to register all login URLs, which would be horrible. but without searching for the subdomain, it makes things much easier for the user. Unfortunately, there will always be special cases.

Link https://github.com/Kunzisoft/KeePassDX/issues/1044 https://github.com/Kunzisoft/KeePassDX/issues/728 https://github.com/Kunzisoft/KeePassDX/issues/584 https://github.com/Kunzisoft/KeePassDX/issues/614

J-Jamet avatar Sep 22 '21 17:09 J-Jamet

I see, so probably it's better to leave it as it is.

uduerholz avatar Sep 22 '21 19:09 uduerholz

I know that's often the case for subdomains with periods (for example en.m.wikipedia.org has the same login and domain as en.wikipedia.org), but I don't think that applies to hyphens. live.com and nba-live.com are completely separate domains with separate ownership and Whois registrations

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, September 23rd, 2021 at 3:20 AM, Uli @.***> wrote:

I see, so probably it's better to leave it as it is.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

JJohnGreenSr avatar Oct 02 '21 10:10 JJohnGreenSr

We can manually see that they are different domains in your case, but the search doesn't know that since "live.com" is searched and I don't see a method to solve this problem without breaking something else.

J-Jamet avatar Oct 03 '21 16:10 J-Jamet

J-Jamet, could you add an option to only look up matches in URL section for autofill suggestions?

zinalili avatar Aug 10 '22 16:08 zinalili