nyxt icon indicating copy to clipboard operation
nyxt copied to clipboard

Published 20 hours ago verified publisher icon atlas-engineer

Add TOTP support for KeyPassXC

Open andreystepanov opened this issue 1 year ago • 0 comments

I think we must implement TOTP support for current password-interface and after enable support for currently supported password managers. Which will also fix https://github.com/atlas-engineer/nyxt/issues/1567.

What do you think, guys?

I'm not really familiar with what kind of page-manipulating functionality Nyxt has, but seems like it must be very capable of doing some nice automation inside the page.

In particular recognizing form inputs used for authentication workflow by websites (like username, password and totp related fields).

As a good example we can use keepassxreboot/keepassxc-browser extension and it's functionality.

We don't really need all of it's features, bug at least auto-filling username, password and totp codes would make life so much easier.

Does anyone already working on TOTP related functionality?

Potential workflow:

  1. Open website's login page

  2. Hit defined keybinding or manually run auto-fill-login

  3. User will be prompted to select element on the page (target) he wants to auto-fill with username Like f in vi-normal-mode for for input / textarea fields only.

    By default auto-fill-username command will use (url (current-buffer)) as filter argument (suggest only items for current domain or host). If there's more than one item available, show auto-complete pane, if not, auto-fill selected input.

  4. If auto-fill-username command executed successfully execute auto-fill-password automatically. By default, next input might be selected as a target. Similar to most forms behavior, when after typing username you can hit Tab key and focus will be moved to password field.

    In real implementation this step's logic will be more complecated then description above, of course.

  5. If site supports 2FA additional step might be added. List of sites supporting 2FA can be found at: https://2fa.directory Not sure yet if it would be a good idea to integrate it inside password-interface for future use by other password-managers.

Support use of separate KeePassXC database for TOTP codes only

Also another very important change we need to make to current implementation of password-keepassxc.lisp is an option to have two files specified in configuration.

One file would be used to auto-fill usernames and passwords and another one will be responsible for totp codes only.

This kind of setup mentioned in KeyPassXC FAQ and this feature has been implemented in keepassxc-browser extension (see keepassxreboot/keepassxc-browser/issues/1162 for more details).

I will come back with more thoughts in the comments below.

andreystepanov avatar Aug 06 '22 14:08 andreystepanov