clients icon indicating copy to clipboard operation
clients copied to clipboard
verified publisher icon bitwarden

SimpleLogin Username Generator doesn't Respect Current Page

Open DarkArc opened this issue 3 years ago • 10 comments

Steps To Reproduce

  1. Go to yahoo.com
  2. Generate a username using the SimpleLogin Forward Email Address provider
  3. Go to google.com
  4. Generate a username using the SimpleLogin Forward Email Address provider

Expected Result

  • The username/email address generated in step 2 is for yahoo.com.
  • The username/email address generated in step 4 is for google.com.

Actual Result

  • The username/email address generated in step 2 is for yahoo.com.
  • The username/email address generated in step 4 is for yahoo.com.

Screenshots or Videos

No response

Additional Context

No response

Operating System

Linux

Operating System Version

Fedora 36

Web Browser

Firefox

Browser Version

firefox-104.0-5.fc36.rpm

Build Version

2022.8.0

DarkArc avatar Aug 25 '22 04:08 DarkArc

Hi @DarkArc! Thanks for reaching out. To further investigate this, we would need additional information:

  1. Can you provide the exact steps on what you did to produce this?
  2. Did you click on the Generator tab at the bottom of the menu to generate a username or did you click on the "+" icon -> then click on the user generator icon provided on the text field?
  3. Can you update to the latest browser ext and let us know if this problem persist?

Thank you!

vphan916 avatar Sep 14 '22 17:09 vphan916

Can you provide the exact steps on what you did to produce this?

More or less the above, though today I generated one while GitHub was open, and it was still generating for mozilla.org (from days ago).

Did you click on the Generator tab at the bottom of the menu to generate a username or did you click on the "+" icon -> then click on the user generator icon provided on the text field?

I used the generate tab. When I use the plus but, that actually seems to work (so thanks, at least I have a work around now!).

Can you update to the latest browser ext and let us know if this problem persist?

This is the latest I have available in Firefox.

DarkArc avatar Sep 14 '22 17:09 DarkArc

So, today I noticed this is also affecting the "+" icon, it just so happened that when I tried it the first time it worked.

DarkArc avatar Sep 16 '22 18:09 DarkArc

@DarkArc, is this still happening on the latest Firefox extension Browser v2022.10.1?

I wasn't able to reproduce this in my testing on Chrome or Firefox. When you are generating a username from the "+" icon route, is the current website filled in the "Name" and "URI 1" fields as shown below?

Screen Shot 2022-10-25 at 3 21 25 PM

We've also had another report of weirdness with the SimpleLogin username generator, and I wonder if toggling some settings on that end might resolve this for you: https://community.bitwarden.com/t/username-generator-stuck/44969

Larry-Sussman avatar Oct 25 '22 22:10 Larry-Sussman

@DarkArc, is this still happening on the latest Firefox extension Browser v2022.10.1?

I can't reproduce it reliably with the plus button -- it didn't occur in any of the attempts I just made. I do still see the generator tab going with "some random website" (currently hub.docker.com, which I haven't been to in I don't know how long -- with the message "Website: hub.docker.com. Generated by Bitwarden.") instead of the current tab.

Looking through your source a bit...

https://github.com/bitwarden/clients/blob/2a498245816a1cecb39af084c7a4fb94ddb121e8/libs/common/src/emailForwarders/simpleLoginForwarder.ts#L26

Clearly, this message shouldn't be there unless Bitwarden is getting that website "from somewhere." Considering a tab for that site isn't even open, I have no idea where.

I wasn't able to reproduce this in my testing on Chrome or Firefox. When you are generating a username from the "+" icon route, is the current website filled in the "Name" and "URI 1" fields as shown below?

snip

I can't say at this point, it's been too long since I mentioned the plus button case (and I haven't been generating many usernames lately).

We've also had another report of weirdness with the SimpleLogin username generator, and I wonder if toggling some settings on that end might resolve this for you: https://community.bitwarden.com/t/username-generator-stuck/44969

It's worth noting that SimpleLogin themselves have an open source (MIT) browser extension that uses their API: https://github.com/simple-login/browser-extension/blob/649c86a4d2b477f18c68d5264be9f1fc7f296d50/src/background/create-alias.js#L16

Even their backend code is open source, so I'd be highly suspect of the claim this is an issue on their end (especially given the weirdness from the username generator on the dedicated "Generator" tab); it really feels like there's a persistent cache in use that's causing the issue.

I will note my Firefox has crashed several times over the last few months (from some bugs in Firefox on Wayland w/ Kwin). This might be an issue where there's some state that normally gets cleaned up, but doesn't if Firefox doesn't exit cleanly.

DarkArc avatar Oct 25 '22 22:10 DarkArc

@DarkArc thanks for the detailed response! I'll make sure to add this additional info to our internal bug tracking ticket. I'm also not entirely sure what's going on here but your hypothesis makes sense. I'd recommend removing the extension, restarting Firefox, and re-installing the extension as a troubleshooting step. If it's a state issue, that should get us back to a clean slate and help narrow down if it was a problem with your browser specifically or an issue in our extension. Thanks again!

Larry-Sussman avatar Oct 25 '22 23:10 Larry-Sussman

It does seem to be behaving "as expected" after removing the extension and reinstalling. I'd still prefer if the generator tab used the current tab and/or had a website field; but that's a minor nit :)

Still this should probably be investigated a bit more to figure out why the extension needed removed to fix it.

DarkArc avatar Oct 26 '22 02:10 DarkArc

I am running Linux Mint 21 Cinnamon and having the same problem and more. I generate the username/email in the bitwarden APP (without browser extensions).

Case 1: I click on "+" to add a new enty and do NOT enter a website. Now click on generate username and I do get a UUID generated address (my standard setting on simplelogin). => So the generated username is as exspected; but the simplelogin comment is "website: google.com" - and that is wrong. It should be empty.

Case 2: I click on "+" to add a new enty and DO enter a website "foobar.com". Now click on generate username and I do get a address generated "foobar@[..]". => So the generated username is NOT what I want (I want my UUID addresses I set as standard on simplelogin); but at least the comment is now correct saying "website: foobar")

So here are 2 bugs (or 1 missing configuration option and 1 bug)...

  1. website is everytime "google.com" if NO website is supplyed
  2. the generation of the forwared address/username should be WAY more configurable (e.g. allow to choose to generate either UUIDs or website+salt.

BorisPieper avatar Feb 01 '23 20:02 BorisPieper

I have the same problem where the generator generates an address from SimpleLogin with the wrong hostname. Even the standalone generator gets it wrong... image

Sometimes it also creates the email address as peacocktv@... instead of using a random one... In this example, there is no hostname or website.

Yrlish avatar Mar 18 '23 07:03 Yrlish

I'm experiencing this issue as well, and I think I know the steps to reproduce...

  1. Visit any website, e.g. humblebundle.com
  2. Open Bitwarden extension, and add the SimpleLogin API key (while on that webpage)
  3. ?? Try to generate a email, and it will be [email protected]
  4. Visit another website, and use the generator (not add login tab), and it will still be e.g. humblebundle

At least that's what I'm seeing.

eyJhb avatar Feb 19 '24 20:02 eyJhb

Also seeing this behavior, and unfortunately it makes the email generator integration between Bitwarden and SimpleLogin not useable.

ChrisRomp avatar Mar 19 '24 22:03 ChrisRomp

So, I've tried to dig into this further. The main issue is that it seems like this.cipherState does not change, after it has been initialized once.

https://github.com/bitwarden/clients/blob/b4631b0dd164ee34de9f5dff43a1bf559880ebd0/apps/browser/src/tools/popup/generator/generator.component.ts#L53

Digging further into this, trying to discover where addEditCipherInfo$ comes from, and it can somewhat be seen that it gets updated/(I don't really know), SOMETHING happens here

https://github.com/bitwarden/clients/blob/b4631b0dd164ee34de9f5dff43a1bf559880ebd0/libs/angular/src/vault/components/add-edit.component.ts#L689-L706

This in turn sets loadedSavedInfo to true, which is the return value of the function. This is then used here

https://github.com/bitwarden/clients/blob/b4631b0dd164ee34de9f5dff43a1bf559880ebd0/libs/angular/src/vault/components/add-edit.component.ts#L246

Which then is used here...

https://github.com/bitwarden/clients/blob/b4631b0dd164ee34de9f5dff43a1bf559880ebd0/libs/angular/src/vault/components/add-edit.component.ts#L278-L290

And for SOME reason, when that variable is true, and that code runs (??), it does not seem to update the website hostname used. It will continue to use the same hostname over and over again.

I somewhat validated that by setting

    const loadedAddEditCipherInfo = false;

Which made it work, and it generated the emails correctly, and updated the cipherState correctly from the first link.

That's all the investigation I've made. I'm not sure what is happening, or why.. Hopefully someone with a little more JS knowledge have some more to go on.

EDIT: Git blame somewhat points to https://github.com/bitwarden/clients/pull/4808 , but I'm not really sure... EDIT2: It's not because of loadedAddEditCipherInfo being false, it was because I never called the underlying function. So It's something in loadAddEditCipherInfo that is incorrect.

eyJhb avatar Apr 30 '24 19:04 eyJhb

Seems like this

https://github.com/bitwarden/clients/blob/b4631b0dd164ee34de9f5dff43a1bf559880ebd0/libs/angular/src/vault/components/add-edit.component.ts#L690-L694

If one just comments the this.cipher, it will work as well.

@DarkArc @Larry-Sussman anyone of you know the codebase better than I, and can lead me further, or can see the problem?

eyJhb avatar Apr 30 '24 20:04 eyJhb

@eyJhb sorry I haven't had this issue recently. I'm not sure if that's just because I'm using the generator less (when I originally reported this I was trying to generate 50+ email addresses to handle various old logins) or because the issue is actually fixed for me.

I don't know the code particularly well, I just took a dabble when I was trying to understand what was going wrong.

DarkArc avatar May 18 '24 04:05 DarkArc

I am still observing this reported issue in the most recent Chrome version, 2024.5.2.

This is also observed on multiple email alias services that I use, SimpleLogin and addy.io

Seblirium avatar Jun 04 '24 16:06 Seblirium