keepassxc-browser icon indicating copy to clipboard operation
keepassxc-browser copied to clipboard
verified publisher icon keepassxreboot

Field identification failing for dynu.com with TOTP

Open NPastorale opened this issue 4 years ago • 5 comments

Expected Behavior

Username, password and TOTP fields correctly identified and populated from db

Current Behavior

With no custom fields defined

The username and password are correctly identified and populated (https://www.dynu.com/en-US/ControlPanel/Login), when the next screen appears (also https://www.dynu.com/en-US/ControlPanel/Login) asking for TOTP, the field is not identified and no autocompletion is executed.

With custom fields defined

I have tried every permutation I could think of (granted there are not that many), but the best results I was able to achieve were the correct identification of the username and passsword fields while TOTP remained unable to be autocompleted.

Taking a look at the config export from the extension settings I tried manipulating it in hopes of achieving a working solution, but given how it operates I do not think this is a viable solution. From this

"defined-custom-fields": {
    "https://www.dynu.com": {
        "fields": [],
        "password": [
            "/html/body/div[2]/section[4]/div/form/div/div/div/div[4]/input",
            "INPUT password Password "
        ],
        "totp": null,
        "username": [
            "/html/body/div[2]/section[4]/div/form/div/div/div/div[2]/input",
            "INPUT text Username "
        ]
    }
}

and this

"defined-custom-fields": {
    "https://www.dynu.com": {
        "fields": [],
        "password": null,
        "totp": [
            "/html/body/div[2]/section[4]/div/form/div/div/div/div[4]/input",
            "INPUT text Code "
        ],
        "username": null
    }
}

I tried a combination that ended up looking like this

"defined-custom-fields": {
    "https://www.dynu.com": {
        "fields": [],
        "password": [
            "/html/body/div[2]/section[4]/div/form/div/div/div/div[4]/input",
            "INPUT password Password "
        ],
        "totp": [
            "/html/body/div[2]/section[4]/div/form/div/div/div/div[4]/input",
            "INPUT text Code "
        ],
        "username": [
            "/html/body/div[2]/section[4]/div/form/div/div/div/div[2]/input",
            "INPUT text Username "
        ]
    }
}

Which of course didn't work as the password and TOTP fields cannot be unequivocally identified.

Possible Solution

Ideal outcome

Given that both the username and password, and the TOTP pages share the same URL, I am unsure whether there is a simple solution to this issue. I'd imagine a possible solution would be to leverage the fields' IDs to identify which piece of information should be filled in.

Acceptable outcome

Have the possibility to more granularly configure the custom fields for scenarios on which the URL remains the same when entering username, password and TOTP, but the three fields are not present at once.

Steps to Reproduce (for bugs)

  1. Create a (free) account at dynu.com
  2. Set it up with TOTP
  3. Let KeePassXC-Browser auto-identify the login fields
  4. Username and password are automatically populated
  5. Click Login
  6. TOTP (Time-based one time password) Code is neither automatically detected nor populated

Debug info

KeePassXC - 2.6.2 KeePassXC-Browser - 1.7.9.1 Operating system: Linux x86_64 Browser: Chrome/Chromium 94.0.4606.71

NPastorale avatar Oct 01 '21 09:10 NPastorale

Reminder to myself: test if https://github.com/keepassxreboot/keepassxc-browser/pull/1390 solves this.

varjolintu avatar Oct 01 '21 10:10 varjolintu

Just want to add that the same appears at https://platform.application.prd.supplyon.com/logon/logonServlet. Same cause here.

Tested with KeePassXC 2.6.6 and Firefox ESR with KeePassXC-Browser 1.7.9.1

dreng avatar Nov 10 '21 08:11 dreng

I see #1390 was merged and included in release 1.8.0, this may already be known, but I wanted to confirm that I have just tested this scenario again and it still behaves as originally described. As a reference: KeePassXC - 2.7.1 KeePassXC-Browser - 1.8.0 Operating system: Win64 Browser: Chrome/Chromium 103.0.0.0

NPastorale avatar Jun 27 '22 22:06 NPastorale

@NPastorale So are you selecting username and password fields first and then TOTP later? Or what kind of workflow are you using?

varjolintu avatar Jun 29 '22 12:06 varjolintu

@varjolintu I tried letting everything sort itself out as it would by default. This autocompletes both username and password. When advancing to the TOTP field it is not identified neither as password nor TOTP.

I have also tried selecting the fields manually, with the changes introduced on #1390, first specifying the username and password, confirming, advancing to the TOTP section and manually selecting it as a TOTP field, then confirming again. This also doesn't work, when logging in it populates the username and TOTP, but the latter is filled in the password field.

Additionally I tried just specifying the TOTP field when in that section. This resulted in the autocompletion of only the TOTP but also in the password field.

Maybe I'm missing something?

Also, let me know whether the explanation is clear enough, I could record a quick video of me performing those steps if necessary.

NPastorale avatar Jun 29 '22 13:06 NPastorale