Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Handle entries without password

See original GitHub issue

General information

  • Operating system + version: Ubuntu 18.04
  • Browser + version: Firefox 72
  • Information about the host app:
    • How did you install it? downloaded a pre-built binary
    • If installed an official release, put a version ($ browserpass --version): 3.0.6
  • Information about the browser extension:
    • How did you install it? firefox webstore
    • Browserpass extension version as reported by your browser: 3.4.1

Exact steps to reproduce the problem

  1. Create a pass entry without content or with content Password:

  2. Fill the entry on the detected url login field

What should happen?

I would expect browserpass to insert the username and leave the password field empty, maybe even focus the password field so that i can manually fill it.

The user story behind this feature is maybe the fact that this is not “your” password and you are therefore not allowed to store the password or you do not want to store the password personally.

What happened instead?

You have to differentiate the empty entry from the empty password line:

  • Entirely empty pass entry:
    • Automatic fill without opening the UI fills the username from the entry file name and the focus stays on the username input field.
    • Filling from the Popup-UI (with mouse or keyboard) fills the username, but focus stays on the extension popup with a red error message Error: Error: value is undefined
  • Having a line Password:\n with or without a username line fills the string ‘Password’ into the password input field

Issue Analytics

  • State:open
  • Created 4 years ago
  • Comments:6 (1 by maintainers)

github_iconTop GitHub Comments

maximbazcommented, Feb 7, 2020

I’m not convinced that we should be attempting to focus a password field if we have no value to fill there; focusing the submit button makes more sense IMO.

I share the same opinion, we can make it so that an empty file / empty first line / password:\n do not generate errors, but setting the focus inside password field and prompting the user to fill it seems not only niche but also against the whole idea that we don’t want to encourage people to fill out passwords manually to prevent phishing attacks.

lukengdacommented, Feb 8, 2020

@erayd @maximbaz Don’t get me wrong, I’m totally fine with the solution and I don’t want any keepass clone, otherwise I would not be here wit pass and browserpass.

I reevaluated the behavior I was used to with tusk (browser extension for keepass files) and found out that focus on the password field is the default behavior for all entries and you can submit from there by pressing enter. This mimes the user input best in my opinion but I totally do not require this behavior.

Anyway, thanks for your responses and I want to contribute in the future, I’m just too busy at the moment so I won’t create a PR for the error handling.

Read more comments on GitHub >

github_iconTop Results From Across the Web

How To Manage Stored User Names and Passwords on a ...
This article describes how to manage stored user names and passwords on a computer that is not a member of a domain. When...
Read more >
Password-protected trust store created with keytool displays ...
keytool provides a warning, but lists no entries. Now if I generate a trust store and import the certificate the same way with...
Read more >
The keytool Command - Oracle Help Center
If the source entry is protected by a password, then -srcstorepass is used to recover the entry. If -srcstorepass is not provided or...
Read more >
Secure Password Handling in Python | Personal Website & Blog
To create and retrieve an entry, we can just use set_password and get_password respectively. In addition to that, also get_credential can be ...
Read more >
Manage passwords using keychains on Mac - Apple Support
On your Mac, digital keychains can help you keep track of and protect passwords, account numbers, and other confidential information.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found