Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Handle entries without password

See original GitHub issue

General information

Operating system + version: Ubuntu 18.04
Browser + version: Firefox 72
Information about the host app:
- How did you install it? downloaded a pre-built binary
- If installed an official release, put a version ($ browserpass --version): 3.0.6
Information about the browser extension:
- How did you install it? firefox webstore
- Browserpass extension version as reported by your browser: 3.4.1

Exact steps to reproduce the problem

Create a pass entry without content or with content Password:
Fill the entry on the detected url login field

What should happen?

I would expect browserpass to insert the username and leave the password field empty, maybe even focus the password field so that i can manually fill it.

The user story behind this feature is maybe the fact that this is not “your” password and you are therefore not allowed to store the password or you do not want to store the password personally.

What happened instead?

You have to differentiate the empty entry from the empty password line:

Entirely empty pass entry:
- Automatic fill without opening the UI fills the username from the entry file name and the focus stays on the username input field.
- Filling from the Popup-UI (with mouse or keyboard) fills the username, but focus stays on the extension popup with a red error message Error: Error: value is undefined
Having a line Password:\n with or without a username line fills the string ‘Password’ into the password input field

Issue Analytics

State:
Created 4 years ago
Comments:6 (1 by maintainers)

Top GitHub Comments

1reaction

maximbazcommented, Feb 7, 2020

I’m not convinced that we should be attempting to focus a password field if we have no value to fill there; focusing the submit button makes more sense IMO.

I share the same opinion, we can make it so that an empty file / empty first line / password:\n do not generate errors, but setting the focus inside password field and prompting the user to fill it seems not only niche but also against the whole idea that we don’t want to encourage people to fill out passwords manually to prevent phishing attacks.

0reactions

lukengdacommented, Feb 8, 2020

@erayd @maximbaz Don’t get me wrong, I’m totally fine with the solution and I don’t want any keepass clone, otherwise I would not be here wit pass and browserpass.

I reevaluated the behavior I was used to with tusk (browser extension for keepass files) and found out that focus on the password field is the default behavior for all entries and you can submit from there by pressing enter. This mimes the user input best in my opinion but I totally do not require this behavior.

Anyway, thanks for your responses and I want to contribute in the future, I’m just too busy at the moment so I won’t create a PR for the error handling.