marius-wieschollek / passwords-webextension Goto Github PK
View Code? Open in Web Editor NEWThe official browser extension for the Passwords app for Nextcloud.
License: GNU General Public License v3.0
The official browser extension for the Passwords app for Nextcloud.
License: GNU General Public License v3.0
Hi Marius,
I encountered a weird behavior with the Chrome extension:
I managed to reproduce this everytime. After entering the first letter, the URL and username are immediately reset.
If I first enter the password then URL and username, I can actually save the configuration and everything seems to work, but this weird behavior also happens if I want to update my configuration.
For instance, let's say I set the following information:
https://my.nextcloud.com
my.bad.username
somethingverysecret
Then, if I first change my user from my.bad.username
to my.username
then change the password, I can see my username being reset to my.bad.username
.
I did not look through the code but there must be some kind of "reset to last save config" function which is triggered when updating the password.
Hi :)
On gnome-shell when entering a web site with a password, I've got a notification asking me whether I want to save the password but there are no button to say "yes" and clicking the notification isn't enough, Am I missing something ?
Thanks ! :)
Running passwords 2018.5.2 on Nextcloud 13.0.2 and trying to retrieve passwords via the web extension running in Firefox 60.0, legacy API switched off.
Login works fine, but when it tries to fetch passwords, I get a JSON parse error. Using Firefox's web extension debugger console I see
Encoding response failed Request { method: "GET", url: "https://cloud.server.tld/index.php…", headers: Headers, referrer: "about:client", referrerPolicy: "", mode: "cors", credentials: "omit", cache: "default", redirect: "follow", integrity: "" } SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data background.js:1:96395
_createRequest/</</<
This doesn't look very helpful to me, maybe it would be worth noting somewhere that the Legacy API has to be enabled in the app settings?
When enabling the Legacy API all works as expected.
Is there a way to tell the Firefox addon to distinguish between subdomains (xxx.domain.com), subdirectories (domain.com/xxx), and ports (domain.com:123)? It seems to only be looking at top level domain names and ends up giving me a huge list for domains where there are a lot of subdomains, subdirectories, and different ports for the same domain. Thanks.
I noticed some bugs when I used German umlauts (ä ö ü) in this extension with a current version of firefox, nextcloud 15.0.2 and (K)Ubuntu 18.04 on the client side.
There seem to be issues with character encoding in this extension.
Can you add the option to add a master password for added protection to the passwords stored in the extension?
Love this extension keep up the great work.
What about a feature to access (thats already built in for passwords) and edit passwords and their notes through the extension.
Sometimes the Extension does not recognize a new password and does not ask to change it. So the password could be set manually.
And the access to notes of the passwords would also be great, so you do not have to login to your nextcloud instance for some information and could grab or edit them directly through the extension.
What do you think about that?
Hey Marius,
I've got a problem while setting up the firefox webextension.
After filling in the credentials and clicking on "save" the extension is switching to the first tab with status "no logins found".
If I want to store a password by clicking on the "New Login found" window the error I get is "The password could not be saved"
Is there a chance of investigate the thing with a log file or something like that?
Hello,
It would be nice to support the two factor autentication of the Nextcloud instance
Because in 2019 only one factor autentication is not secure enough!
Hi,
I know this is a very suggestive request, but the Chrome extension logo is only a key with no background. I use a dark theme for Chrome which unfortunately uses pretty much the same background color as the extension's icon color, which makes it "invisible".
Most of nowadays Web Extensions seems to use a logo with a background color. I'm guessing this is to always be visible no matter the user theme configuration.
Would it be possible to "improve" the logo by adding a background color to it?
hello, I want to explain the problem in english.
I have install the app “passman” in Next Cloud and the Add on for firefox.
Now my problem is that a cant connect to the passman. I get the following popup: “Request has forbidden by Antivirus” - after I have disable that Kaspersky.
I get the following popup: JSON.parse:Unexpected character at line 1 column 1 of the JSON data.
Who can help me ? What must I do the solve the problems.
Firefox 59.02 + Nextcloud Passwords 1.5.0
Nextcloud 13.0.1
On some websites, there is an additional field for an Account Number before using a Username and Password. When using the extension, the username will be placed in the Account Number instead. Here is an example website of what I mean:
http://adpcrm2.v-sept.com/Common/Pages/Authentication/Login.aspx
The password list could not be retrieved.
Error: JSON.parse: unexpected character at line 1 column 1 of the JSON data
I have actually been getting this error since the upgrade to the new Nextcloud passwords app, but it doesn't seem to effect the extension working.
I followed the debug steps and saw this in the console ([domain] replaces my valid NC domain):
Encoding response failed Request { method: "GET", url: "[domain]/index.php/apps/passwords/api/0.1/passwords", headers: Headers, referrer: "about:client", referrerPolicy: "", mode: "cors", credentials: "omit", cache: "default", redirect: "follow", integrity: "" } SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data app.js:1:92256
The error only appears if Enable Legacy API
is disabled within NC, but as I said the extension appears to work correctly either way.
First of all: Great and good looking App+Addon!!!
But: In my opinion there is a big security issue. When starting firefox there is no need of typing a master password or each time the login phrase for the nextcloud instance. So withoout typing any kind of password a person can check all passwords stored over the password-app in the nextcloud.
Tools like Keeweb etc. solve this by locking the connection after a few minutes e.g. Would this also be possible in the firefox-extension?
Hi,
I'm testing the Passwords Nextcloud app and this extensions, so far I really like them, they are easy to use, provide all the features I want except that this extension seems to store the Nextcloud user credentials as plain text on the local computer (in Firefox: Profiles/XXX/browser-extension-data/[email protected]/storage.js
).
Is there any plan to encrypt that (with a master password
or something else)?
Many thanks,
Laurent.
Single Sign On systems pose some challenges for Passwords users that all have some drawbacks.
Each password has only a single website field. For other sites in the SSO system the user has to search for the password and enter it. Passwords prompts the user to save the password for that website, so duplicates are likely to occur eventually.
User enters the password for each site in the SSO they use. The browser plugin does match the password for that site. When the user changes the password for that site they need to remember to change all the other passwords for the other sites in the SSO held by Passwords. Passwords also warns the user that the password is weak (duplicate) even though that's not correct. This false positive makes the other warnings less helpful.
Browser plugins could match on more than just the website field. This way a Passwords user could add other domains in the SSO system to the password notes or a custom field and be able to select the password to use at those domains without searching for it.
Websites field could support multiple domains as a delimited list and the browser plugin could parse that and match on each one.
Multiple websites fields. browser plugin could check each one.
Connect multiple passwords and when one changes change the others. Exempt these from the duplicate check.
It would be nice if the website field could support wildcards.
Passwords warns the user that the password is weak(duplicate).
Passwords are matched by each website in the browser plugin.
Changing one password does not change the other password.
Passwords
when sharing an user account all other have the passwords.
For security reasons the webextension could set to disabled by elapsed time and for enabling it, it can ask for master password.
Hi Marius,
Would it be helpful and possible to have buttons in the pop-up when saving a password in firefox? So you can clear choose to save or not save a password to your nextcloud?
Even if the password field is hidden with dots, if you copy the text with Ctrl+C or do right click -> copy, you can paste it in clear everywhere.
(sorry, I should have seen that before, to avoid making so many releases)
Also I don't know if you can do anything to prevent this as this password field is a text one (#15 ) in order to workaround a firefox bug
Anyway, at least, the problem is now tracked.
The Passwords app offers to generate a random password for a site, which is super useful when registering or changing the password.
It would be great if one could generate a random password using this extension, too. For example from the context menu of the password field before submitting and saving it.
Its getting a little confusing when I'm visiting a site where I have multiple accounts, or have multiple passwords for different functions, but tied to the same mail/username.
I have differentiated them in their names. But when on the site they are used, the extension shows the username/mail.
It would be nice if the extension showed the name field instead of username, or at least had a option to show the name.
Additional information such as notes on passwords should be show for examp on mouse over.
Sometimes you have different logins just with number as username. So you could specify some hints which user it is.
I install this extension (v1.5.0) into Chrome, Opera, and Firefox. I cannot sign into my Passwords account on any. After entering my credentials and clicking "Save", I am moved to the first tab with "No logins found".
I've tried this over https, with Passwords v2018.4.0-build2103 with Nextcloud 13.0.1, the Legacy API is enabled.
I've also tried this over https, on a separate off-site server with Passwords 3.0 on Nextcloud 13.0.1, the Legacy API is enabled.
Both are Debian Jessie servers. Is this broken or am I missing something?
The support for filling into basic auth would be nice. At the moment, when showing the login request in firefox, no interaction is possible, so maybe autofilling would be useful.
basically my server 302 to:
apps/passwords/api/0.1/passwords
until it fails.
however, the firefox version works fine.
With Firefox Android, when I'm viewing a login-page and I open the "Passwords" window via the three-dot-menu, a new tab opens with a moz-extension:// URL. But this new tab doesn't propose me the login for the page that was previously showing. Instead, it shows "No logins found".
Currently, we login by opening the extension and click on the user.
I think it should be nice if we could also use the default login form, as the plugin autofill it for us.
It is required if we use chrome with an app: we have no toolbar in this case, so we can't access the extension button.
I'm using a few nextcloud instances and I's like to access each one trough the extension, because in each instance there's password shared with users of different nextcloud instances
alternatively it would be nice to be allowed to share a folder to remote instances trough federation but I guess this would be harder if at all possible
Hi,
because I never save highly important login data it would be nice not to get the note to save them each time I visit e.g. my bank account. The possibility to exclude definite URLs through a config item would be nice.
IMHO it's a minor proposal for the bottom of an existing todo-list but worth mentioned.
TIA
Martin
I typed my username and password on:
https://eu.battle.net/login/de/ -> enter
I got a promt "Click here to save password" -> clicked it. Saved password in nextcloud was ".............." (yes the char dot "." multible times -> and yes, I clicked on the eye icon :)
this function is working on other sites without a problem so far.
I would suggest an export import feature so that passwords can be backed up, maybe to an encrypted file.
Please support encrypted passwords (on nextcloud-server)
Currently it seems that the search does not allow to search substrings. When my password has the name "My host - app1", I would like to find this entry by typing "app1" or "host" or "My". This could be applied to other fields as well, like tags or user.
V1.5.0
I have it installed in Firefox 60.0.1 (64-bits) and, when configuring, it closes when I select the password field, without giving me time to enter anything
The plugin does two things:
I have found many sites which are built as "single page applications", and process the login form using JavaScript.
Effectively, something like this
<form>
<input type="text">
<input type="password">
<input type="submit" onclick="login()'>
</form>
Note that the <form>
element does not have method="POST"
or action="url"
.
When the plugin submits this form, two things happen:
?username=xxx&password=yyy
in the URLSuggestion - if form.method === 'GET'
then do not submit the form.
Just autocomplete the fields.
Login credentials should never be sent in a GET request.
Currently, the passwords-webextension always displays the user name of the respective entry found in the database. This leads to problems for passords without user name:
No entry is displayed below the buttons - not the "no logins found" since there is an entry, but not the entry itself as there is no user name.
Suggestion: display the configured name of the password entry instead of the user name (or preferably both, e.g.
My Online Shop: my_user_name
which would solve both this issue and the requirement to manually relate the displayed user name to the Passwords entry name.
Hi,
I just installed the nextcloud App. No problem, it's perfect.
After that, i installed the Firefox extension. No problem, works great !
At the end, i installed the Firefox extension on my mobile. But there, it is impossible to login.
In the nextcloud logs, i see "Login failed" but i'm sure of my password, of course ...
All apps are up to date.
Do you have any explanation ?
Thank you and great job for all of that by the way 👍 !
Gaëtan
Hello,
Nextcloud 13.0.2
Php 7.2.5
Nginx : nginx-mainline 1.13.12-1
Firefox 60.0
Arch Linux 64
Nextcloud Passwords Client 1.5.0
Nextcloud Passwords App 2018.5.2
When Nextcloud Passwords Client detects a password change, the browser shows a notification to update the password. When I click on it, another notification says that password update failed.
When activating debugging on the Nextcloud Password Client (firefox extension), I see the failed request.
Here are the request headers (I replaced my host name)
Url is: https://myhost.mydomain.tld/index.php/apps/passwords/api/0.1/passwords/722
Host: myhost.mydomain.tld
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: application/json, text/plain, */*
Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
authorization: Basic Ym...blablablablabla
content-type: application/json
origin: moz-extension://8d55e17a-79e7-4b21-9567-96d446690ee8
Content-Length: 167
DNT: 1
Connection: keep-alive
Here are the response headers:
HTTP/2.0 405 Method Not Allowed
server: nginx
date: Fri, 18 May 2018 04:42:44 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.5
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: oc_sessionPassphrase=NuuMV4...blablablablabla; path=/; secure; HttpOnly
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-...blablablablabla='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
x-frame-options: SAMEORIGIN
set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
set-cookie: ocr0uzgqnx0t=...blablablablabla; path=/; secure; HttpOnly
set-cookie: cookie_test=test; expires=Fri, 18-May-2018 05:42:44 GMT; Max-Age=3600
X-Firefox-Spdy: h2
I think the problem is that request method:PATCH returns 405 Method Not Allowed.
I followed the official Nextcloud guide to configure my nginx server. I don't know how to allow PATCH request and where to enable it (nginx, php, nextcloud) ?
Hello,
So I installed password the extension yesterday it worked well but now the extension seems to not work at all it tells me 'NetworkError when attempting to fetch source'.
@pafcioooo Since the new passwords app is nearly ready, it is time to get this experiment started. I have added the automated polish translation here, and i would like you to review it and tell me how good it actually was.
I have succesfullty installed FF extension from addons repository.
I have entered credentials for my NC12 instance.
When I click extension there is an FF notification (both on Windows and Android):
"The password list could not be retreived. Error.JSON.parse: unexpected character at line 1 column 1 of the JSON data".
Hello, I use the Passwords Extension 1.7.1.0 with Firefox on Android. For a few days I can no longer retrieve a password list. There are no entries in the log on Nextcloud Server 14.04.
The extension works fine on the Windows desktop.
Any idea?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.