Skip to content
This repository has been archived by the owner on Oct 15, 2024. It is now read-only.

Offer TOTP Autofill for OTP fields #899

Merged
merged 1 commit into from
Jun 29, 2020
Merged

Offer TOTP Autofill for OTP fields #899

merged 1 commit into from
Jun 29, 2020

Conversation

fmeum
Copy link
Member

@fmeum fmeum commented Jun 29, 2020

📢 Type of change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates

📜 Description

Make (modern) Autofill detect OTP fields and offer to fill them with TOTPs calculated from a secret stored in the encrypted extras.

OTP fields are currently detected based on the W3C hint one-time-code, a maxLength between 6 and 8 and/or the strings "otp" and "code" in attributes. For now, we don't allow filling both OTPs and passwords/usernames at the same time since I have never seen a site do this.

💡 Motivation and Context

TOTPs are here to stay and we should do our best to protect them from phishing. It also turns out that our Autofill implementation is flexible enough that adding support for this requires only ~100 changed lines.
Fixes #663.

💚 How did you test it?

I verified that this works with Amazon in Chrome and that existing workflows are not obviously broken. Since I rarely use OTPs, I would like to let the snapshot users test this more thoroughly and focus on fixing the issues they find.

📝 Checklist

  • I formatted the code with the IDE's reformat action (Ctrl + Shift + L/Cmd + Shift + L)
  • I reviewed submitted code
  • I added a CHANGELOG entry if applicable

🔮 Next steps

I will look into providing autofilled OTPs from SMS.

📸 Screenshots / GIFs

@fmeum fmeum added this to the 1.10.0 milestone Jun 29, 2020
msfjarvis
msfjarvis approved these changes Jun 29, 2020
View reviewed changes
Copy link
Member

@msfjarvis msfjarvis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fmeum
Copy link
Member Author

fmeum commented Jun 29, 2020

This triggered the Build debug workflow, which then failed on the Telegram step.

@msfjarvis
Copy link
Member

This triggered the Build debug workflow, which then failed on the Telegram step.

But the workflow is gone from both release and develop branches, so how? I don't see it in my 'Checks' list either.

@fmeum
Copy link
Member Author

fmeum commented Jun 29, 2020

This triggered the Build debug workflow, which then failed on the Telegram step.

But the workflow is gone from both release and develop branches, so how? I don't see it in my 'Checks' list either.

No idea, I just saw it pop up here: https://github.com/android-password-store/Android-Password-Store/actions/runs/151222874
Let's just wait for it to show up again before we investigate this further.

@fmeum fmeum merged commit 8bc662c into develop Jun 29, 2020
@fmeum fmeum deleted the feature/autofill_otp branch June 29, 2020 08:12
@fmeum
Copy link
Member Author

fmeum commented Jun 29, 2020

This triggered the Build debug workflow, which then failed on the Telegram step.

But the workflow is gone from both release and develop branches, so how? I don't see it in my 'Checks' list either.

No idea, I just saw it pop up here: https://github.com/android-password-store/Android-Password-Store/actions/runs/151222874
Let's just wait for it to show up again before we investigate this further.

Might have been an older branch that I pushed, I just saw that feature/otp_autofill (not feature/autofill_otp) might not have been up-to-date with develop.

msfjarvis added a commit that referenced this pull request Jun 29, 2020
@msfjarvis
Merge branch 'develop' into feature/configure-pull-behavior
d9efd17 
* develop:
  Offer TOTP Autofill for OTP fields (#899)
  Merge SshKeyGenFragment into its activity (#897)
  Reintroduce TOTP support (#890)
  Sync with release branch (#896)
  Rework GitHub Actions (#893)
  Consolidate password list refresh (#887)
msfjarvis added a commit to fmeum/Android-Password-Store that referenced this pull request Jul 1, 2020
@msfjarvis
Merge branch 'develop' into fhenneke_multiple_ssh
41f92b1 
* develop: (62 commits)
  Scroll to files and enter folders when created (android-password-store#909)
  Run a treewide reformat (android-password-store#908)
  Improve how secrets and stored and used (android-password-store#907)
  Improve and refactor Autofill heuristics (android-password-store#905)
  Use PreferenceKeys file to manage SharedPreferences keys. (android-password-store#891)
  Revert "Support directly importing secrets" (android-password-store#904)
  Allow importing TOTP configuration through QR codes (android-password-store#903)
  Bump version
  Prepare release 1.9.2
  update changelog
  Workaround to prevent crash on first run (android-password-store#898)
  Workaround to prevent crash on first run (android-password-store#898)
  Offer TOTP Autofill for OTP fields (android-password-store#899)
  Merge SshKeyGenFragment into its activity (android-password-store#897)
  Reintroduce TOTP support (android-password-store#890)
  Sync with release branch (android-password-store#896)
  build: bump version
  Prepare release 1.9.1
  Backport Actions fixes (android-password-store#894)
  Rework GitHub Actions (android-password-store#893)
  ...
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@msfjarvis msfjarvis msfjarvis approved these changes

@Skrilltrax Skrilltrax Awaiting requested review from Skrilltrax

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.10.0
Development

Successfully merging this pull request may close these issues.

[FEATURE] Option to fill OTP
2 participants
@fmeum @msfjarvis