clients icon indicating copy to clipboard operation
clients copied to clipboard

Bitwarden preventing users to type into text inputs

Open charlesBochet opened this issue 2 years ago • 1 comments

Steps To Reproduce

Hi, we have recently shifted our team to Bitwarden and we are experiencing issues while trying to log into our own website (app.twenty.com) with the chrome extension enabled.

  1. Go to https://app.twenty.com
  2. Click on 'Continue With Email'
  3. Type: '[email protected]'
  4. Type 'Enter'
  5. Type any password

Repeat this until you face the bug (it appears to be a race condition so it won't happen everytime, however we managed to reproduce it quite often on two differents computers running the latest version of chrome and latest version of bitwarden chrome extension

Expected Result

You can type into the field freely

Actual Result

Sometimes, you cannot type in the email or password

Screenshots or Videos

https://github.com/bitwarden/clients/assets/12035771/34fb4e69-82fc-495e-aa66-8aecb2bf898b

Additional Context

We have investigated a bit and it seems to be related to a bug in the body mutation observer. It seems that this piece of code is triggered many times (100s) with a delete + re-add of bitwarden overlayButton for some reasons

Capture d’écran 2024-02-26 à 16 31 41 Capture d’écran 2024-02-26 à 16 31 25

Also here is the link to our GitHub as twenty is open-source. https://github.com/twentyhq/twenty

Operating System

macOS

Operating System Version

M2 Pro - 13.2.1 (22D68)

Web Browser

Chrome

Browser Version

121

Build Version

121.0.6167.184

Issue Tracking Info

  • [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

charlesBochet avatar Feb 26 '24 15:02 charlesBochet

Hi there,

Thank you for your report!

I have flagged this to our engineering team.

If you wish to add any further information/screenshots/recordings etc., please feel free to do so at any time - our engineering team will be happy to review these.

Thanks once again!

Neonwarden avatar Feb 26 '24 18:02 Neonwarden

Thank you, we are also an open-source team, so let us know if you need a hand!

charlesBochet avatar Feb 26 '24 21:02 charlesBochet

Hm, this was an interesting issue to observe and resolve.

So what's happening here is due to behavior that we have tied to an Enter keydown event on the input element. If a user enters their email and then presses Enter before the inline menu is fully built and injected into the DOM, a value is updated that indicates that the inline menu UI is "visible", but the element is not present in memory.

This is what causes the loop on the MutationObserver, our code is saying "This UI element is visible", while the actual UI element in memory hasn't been created/injected.

The interesting thing here is that this edge case shouldn't be happening due to how we handle injecting of the DOM elements on focus of the input fields. Not entirely sure how/why that ends up happening. Regardless, checking that the inline menu UI element exists in memory before attempting to validate visibility of the element fixes this problem. The fix for this can be see here - https://github.com/bitwarden/clients/pull/8104

I'm going to close this issue since we have a fix for this in code review, but please feel free to comment further. If we need to re-open this thread due to continued issues once this fix is in prod, we can do so.

cagonzalezcs avatar Feb 26 '24 23:02 cagonzalezcs

Oh one note, if you'd like to mitigate this issue entirely in the meantime you can either set the inline autofill menu to a disabled state or set it to When auto-fill icon is selected, which should also resolve the issue.

This can be done by going to Settings > Autofill > Show auto-fill menu on form fields in the extension.

cagonzalezcs avatar Feb 26 '24 23:02 cagonzalezcs

Honestly, so fast. Very happy with our choice to move to Bitwarden. Keep up the good work and thank you @cagonzalezcs.

charlesBochet avatar Feb 27 '24 07:02 charlesBochet

@cagonzalezcs Thanks for the great explanations. Will the fix apply to all extensions? I'm experiencing this issue on Firefox (extension v2024.2.0).

JessicaS11 avatar Mar 08 '24 02:03 JessicaS11

@JessicaS11

The fix applies to all extensions and should be available with the release of extension v2024.4.0

cagonzalezcs avatar Mar 08 '24 19:03 cagonzalezcs

I'm still having this issue on 2024.4.2. I've set the autofill on icon selected but issue still persists. this is happening on multiple sites and is resolved as soon as the Bitwarden extension is removed from chrome

https://github.com/bitwarden/clients/assets/5265846/215501d0-c552-4add-b2a8-aa09ac51fb2e

jflaflamme2 avatar May 19 '24 17:05 jflaflamme2

I'm having a similar issue. I can't click into any "email" inputs. Resolves on removing Bitwarden Chrome extension or using incognito browser. v2024.4.2

I've been using the Chrome extension for a while and never had this problem -- it just started yesterday or possible a few days prior (wasn't on the computer much last week)

Mac Apple M1 Pro 2014. Updated Chrome browser to latest, restarted computer, etc., still experiencing the issue.

https://github.com/bitwarden/clients/assets/78520107/686b2f45-f391-4bff-9b79-bc38f410d20e

aaron-mota avatar May 19 '24 23:05 aaron-mota

@jflaflamme2 @aaron-mota

Interesting, I'm not able to replicate this behavior in either regard... including attempting to replicate this as described by users in other websites/browsers.

The original issue reported in this thread was due to a flaw in the inline menu implementation. If you turn that feature off, does the problem persist?

cagonzalezcs avatar May 20 '24 13:05 cagonzalezcs

I'm having this issue in Windows; in all browsers. I get blocked from typing anything into the username or password field. If I disable the extension in the respective browser, it works fine.

bigric68 avatar May 20 '24 14:05 bigric68

@bigric68

As I mentioned in my previous post, still not able to replicate on my side.

Have you tried turning off the inline menu, as I suggested above? I'm trying to see if I can narrow down the feature that might be causing this problem.

cagonzalezcs avatar May 20 '24 14:05 cagonzalezcs

@cagonzalezcs When I turn it "off", I no longer have the issue. When I have it set to the other options, the issue comes back.

aaron-mota avatar May 20 '24 14:05 aaron-mota

Thank you for that @aaron-mota

Narrowing it down to that specific feature helps... still looking for a way to replicate the behavior on our side, but I'll provide an update on a resolution when possible.

For now, anyone having this issue should turn off the autofill inline menu feature.

cagonzalezcs avatar May 20 '24 14:05 cagonzalezcs

I'm re-opening this issue to hopefully gather more feedback on this problem.

There are two scenarios where Bitwarden might attempt to blur a field in such a manner. The first is when we are filling form elements, which triggers a removal of the inline menu and any field that might be currently focused. We also trigger blurring of input elements as fields are being populated with autofill data.

The second scenario is anytime an excessive amount of mutations is encountered in the DOM in a very quick succession. This blurring would only trigger in the case where the inline menu is visible, and we do this to avoid programmatic hijacking of the inline menu elements.

The original fix for this issue implemented a redundant check to verify visibility of the inline menu elements as they were being injected into the DOM. We were seeing a very rare race condition where the inline menu could trigger a loop on the mutation observer. This happened due an issue with verifying the visibility of an inline menu element before it had completely loaded.

So with that said, we aren't really able to replicate this problem.... but I have a theory on why that might be the case. It's possible that another website script or extension script is attempting to modify the DOM in a way that affects our Mutation Observer implementation.

Because I'm unable to replicate this on the pages suggested by others.... I have a strong feeling that another extension content script is causing some kind of conflict in the manner previously described.

If anyone is comfortable with doing so.... could you please look into verifying if this problem exists with other extensions installed?

Does the issue exist when the Bitwarden extension is turned on by itself? (with the inline menu turned on). If you turn on another extension alongside Bitwarden, does the issue present itself?

cagonzalezcs avatar May 20 '24 15:05 cagonzalezcs

@cagonzalezcs

Issue is resolved when autofill is turned all the way off not in "When autofill icon is selected" mode. I've tried the BETA version and the problem exist on that version too.

I've tried disabling all extensions on my chrome and re-enabling them one by one and the issue is there as soon as BW is activated even without any other extensions

For me this issue does not happen on all forms only some of them on some sites. For example on the CIS Workbench that I've included in my previous post. the login forms works well with no issue but the password reset page doesn't same thing on NinjaRMM.

Based on a Reddit post regarding this issue it seems that it is not happening on all browsers (https://www.reddit.com/r/Bitwarden/comments/1cvqqom/bitwarden_extension_causing_fields_to_lose_focus/)

jflaflamme2 avatar May 20 '24 17:05 jflaflamme2

This is occurring on other form fields too, such as SSN. I basically can’t click into anything when the extension is enabled. For me, it’s occurring on probably 80% or more of the sites.

From: Jean-Félix Laflamme @.> Sent: Monday, May 20, 2024 1:21 PM To: bitwarden/clients @.> Cc: Eric G. Burke @.>; Mention @.> Subject: Re: [bitwarden/clients] Bitwarden preventing users to type into text inputs (Issue #8093)

@cagonzalezcshttps://link.edgepilot.com/s/b62e4811/1BCAeeu1qkCxx9sLfwtGuw?u=https://github.com/cagonzalezcs

Issue is resolved when autofill is turned all the way off not in "When autofill icon is selected" mode. I've tried the BETA version and the problem exist on that version too.

I've tried disabling all extensions on my chrome and re-enabling them one by one and the issue is there as soon as BW is activated even without any other extensions

For me this issue does not happen on all forms only some of them on some sites. For example on the CIS Workbench that I've included in my previous post. the login forms works well with no issue but the password reset page doesn't same thing on NinjaRMM.

Based on a Reddit post regarding this issue it seems that it is not happening on all browsers (https://link.edgepilot.com/s/8f2612a1/37pRETH5Jk67lP4qSi9tlg?u=https://www.reddit.com/r/Bitwarden/comments/1cvqqom/bitwarden_extension_causing_fields_to_lose_focus/)

— Reply to this email directly, view it on GitHubhttps://link.edgepilot.com/s/406d63e1/YbvTV8lXhE_wwvuztUQk9Q?u=https://github.com/bitwarden/clients/issues/8093%23issuecomment-2120875561, or unsubscribehttps://link.edgepilot.com/s/c6123c01/GCA2hblRZ0G-RStK_Wv2rQ?u=https://github.com/notifications/unsubscribe-auth/AJYRVAH2I2CMXDN3B2VYHH3ZDIWJLAVCNFSM6AAAAABD2OFGFGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRQHA3TKNJWGE. You are receiving this because you were mentioned.Message ID: @.@.>>

bigric68 avatar May 20 '24 17:05 bigric68

Ok, thank you for the context... we're still working on identifying a reason for this issue, but your feedback will help us narrow down why it might be happening.

cagonzalezcs avatar May 20 '24 19:05 cagonzalezcs

Just saw your request for testing with other extensions. I’ll try to run through them later this evening in an effort to determine if there is a conflict. Appreciate the detailed follow-up!

Eric

From: Cesar Gonzalez @.> Sent: Monday, May 20, 2024 3:10 PM To: bitwarden/clients @.> Cc: Eric G. Burke @.>; Mention @.> Subject: Re: [bitwarden/clients] Bitwarden preventing users to type into text inputs (Issue #8093)

Ok, thank you for the context... we're still working on identifying a reason for this issue, but your feedback will help us narrow down why it might be happening.

— Reply to this email directly, view it on GitHubhttps://link.edgepilot.com/s/b49af6ca/2U_3K9FsgkmzWieZbLTR_A?u=https://github.com/bitwarden/clients/issues/8093%23issuecomment-2121041119, or unsubscribehttps://link.edgepilot.com/s/869ecfab/-n1oj-yZVkuUPQd26kKKYg?u=https://github.com/notifications/unsubscribe-auth/AJYRVABVQBZN5NGKHDJPRBDZDJDARAVCNFSM6AAAAABD2OFGFGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRRGA2DCMJRHE. You are receiving this because you were mentioned.Message ID: @.@.>>

bigric68 avatar May 20 '24 19:05 bigric68

@jflaflamme2

I've tried disabling all extensions on my chrome and re-enabling them one by one and the issue is there as soon as BW is activated even without any other extensions

So are you saying that this issue appears when Bitwarden is setup as the only extension?

cagonzalezcs avatar May 20 '24 19:05 cagonzalezcs

Those are seeing this issue, by chance are you using a web extension called Scribe?

https://chromewebstore.google.com/detail/scribe-ai-documentation-s/okfkdaglfjjjfefdcppliegebpoegaii

This extension was updated May 14th... and it seems like they've added a DOM injection behavior that directly conflicts with how our extension functions. This is the one way I've been able to re-create the issue recently encountered by users.

cagonzalezcs avatar May 20 '24 20:05 cagonzalezcs

I use Scribe. Going to try disabling it now.

From: Cesar Gonzalez @.> Sent: Monday, May 20, 2024 4:04 PM To: bitwarden/clients @.> Cc: Eric G. Burke @.>; Mention @.> Subject: Re: [bitwarden/clients] Bitwarden preventing users to type into text inputs (Issue #8093)

Those are seeing this issue, by chance are you using a web extension called Scribe?

https://link.edgepilot.com/s/0feb88ad/ETUBv2mzS02_VYZ1mchRTA?u=https://chromewebstore.google.com/detail/scribe-ai-documentation-s/okfkdaglfjjjfefdcppliegebpoegaii

This extension was updated May 14th... and it seems like they've added a DOM injection behavior that directly conflicts with how our extension functions. This is the one way I've been able to re-create the issue recently encountered by users.

— Reply to this email directly, view it on GitHubhttps://link.edgepilot.com/s/9ee1a1f4/xCmWZWHx2Eimjhfq3Eut3A?u=https://github.com/bitwarden/clients/issues/8093%23issuecomment-2121118964, or unsubscribehttps://link.edgepilot.com/s/fd599ee6/woOwXc8jakOUU52OUXIbog?u=https://github.com/notifications/unsubscribe-auth/AJYRVAF3TASDQAXOXOM3E3TZDJJMDAVCNFSM6AAAAABD2OFGFGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRRGEYTQOJWGQ. You are receiving this because you were mentioned.Message ID: @.@.>>

bigric68 avatar May 20 '24 20:05 bigric68

Bingo – Scribe seems to be the culprit for me…

From: Cesar Gonzalez @.> Sent: Monday, May 20, 2024 4:04 PM To: bitwarden/clients @.> Cc: Eric G. Burke @.>; Mention @.> Subject: Re: [bitwarden/clients] Bitwarden preventing users to type into text inputs (Issue #8093)

Those are seeing this issue, by chance are you using a web extension called Scribe?

https://link.edgepilot.com/s/0feb88ad/ETUBv2mzS02_VYZ1mchRTA?u=https://chromewebstore.google.com/detail/scribe-ai-documentation-s/okfkdaglfjjjfefdcppliegebpoegaii

This extension was updated May 14th... and it seems like they've added a DOM injection behavior that directly conflicts with how our extension functions. This is the one way I've been able to re-create the issue recently encountered by users.

— Reply to this email directly, view it on GitHubhttps://link.edgepilot.com/s/9ee1a1f4/xCmWZWHx2Eimjhfq3Eut3A?u=https://github.com/bitwarden/clients/issues/8093%23issuecomment-2121118964, or unsubscribehttps://link.edgepilot.com/s/fd599ee6/woOwXc8jakOUU52OUXIbog?u=https://github.com/notifications/unsubscribe-auth/AJYRVAF3TASDQAXOXOM3E3TZDJJMDAVCNFSM6AAAAABD2OFGFGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRRGEYTQOJWGQ. You are receiving this because you were mentioned.Message ID: @.@.>>

bigric68 avatar May 20 '24 20:05 bigric68

Yep, I can confirm that on my side as well...

Looks like we're both competing to ensure our respective injected DOM element is the last listed element in a page's <body>....

I'll look into a resolution for this soon, will post an update when possible.

cagonzalezcs avatar May 20 '24 20:05 cagonzalezcs

Also confirming -- I had Scribe extension, turning it off allows BW to work as it previously did.

Out of curiosity / for my own learning, how did you come across Scribe being the likely culprit?

aaron-mota avatar May 21 '24 01:05 aaron-mota

Our CS team is awesome and eventually identified it as a commonality with customers who were looking for support regarding the issue.

We're in the home stretch of mv3 and as a result our team's attention is being split a bit. That said, I'll be looking to introduce a fix for this soon. For now, I'd definitely recommend turning off the inline menu until a future update of our extension (or turning off Scribe, whichever makes mores sense for you to do).

cagonzalezcs avatar May 21 '24 02:05 cagonzalezcs

Same here, I also had the issue and the Scribe extension. Just disabled Scribe.

jlewis6698 avatar May 21 '24 15:05 jlewis6698

YES! it worked for me by disabling scribe and/or turning off autofill thanks @cagonzalezcs

leaclf avatar May 26 '24 14:05 leaclf

@cagonzalezcs Interesting to read the issue here. Currently received an issue from our client that is using our checkout module on a webshop. The user indicated having this issue as well and is also using bw. Could you tell me what the status off this issue is?

Remcospruijt avatar Jul 23 '24 06:07 Remcospruijt

@Remcospruijt

We just merged a fix for this into main yesterday. The details of that can be seen within this PR - https://github.com/bitwarden/clients/pull/9610

This fix will be going out in an upcoming release of the extension (not the next one, however).

I'm closing this thread for now as the issue should be resolved with that fix.

cagonzalezcs avatar Jul 24 '24 21:07 cagonzalezcs