Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lock's SSO transformation triggers LastPass Chrome extension to autofill repeatedly #1397

Closed
ethanyoung opened this issue Jun 7, 2018 · 8 comments · Fixed by #1407
Closed

Lock's SSO transformation triggers LastPass Chrome extension to autofill repeatedly #1397

ethanyoung opened this issue Jun 7, 2018 · 8 comments · Fixed by #1407

Comments

@ethanyoung
Copy link

Lock version: 10
Browser: Chrome (tested on Firefox, the issue does not happen on Firefox)
OS: MacOS

When SSO is enabled, Lock will transform to hide the password field when the user-type email matches a domain configured in Auth0. In addition, It will transform to show the password field again when the user starts deleting characters from the email field (domain becomes not matched).

The problem is, if the user installed LassPass Chrome extension, which autofills the email, every time the user updates the email, Lock's transformation triggers LastPass extension to autofill the email field repeatedly. This causes the user cannot update the email field at all, unless the user hit delete furiously.

Here is an example:

screen shot 2018-06-07 at 12 09 59 pm

LastPass autofills the email, and the domain is matched. The password field is hidden.

screen shot 2018-06-07 at 12 25 51 pm

If the user hit delete, Lock should transform to show the password field as shown in the second image. However, the email is autofilled again. Lock immediately becomes back to the first image.
@luisrudge
Copy link
Contributor

Can you record a video of this? I don't understand what's happening.

@ethanyoung
Copy link
Author

A small screen recording can be downloaded here (15MB).

@luisrudge luisrudge mentioned this issue Jun 12, 2018
Merged
@luisrudge
Copy link
Contributor

Password managers are weeeeeird :) I just submitted a fix, which should be out in the next release. Thanks for reporting it

@ethanyoung
Copy link
Author

Thanks!

May I ask when the next release will be? So that we can arrange our release to apply the fix.

@luisrudge
Copy link
Contributor

I'm trying to narrow a few extra SSO issues and I to ship everything on Thursday. As always, things might go wrong and dates can change, but those this is the plan right now 😬

@luisrudge
Copy link
Contributor

I just opened the last pr for the SSO issues. I'll cut a new release once both are merged! Thanks for your patience.

luisrudge added a commit that referenced this issue Jun 21, 2018
@luisrudge
In SSO mode, hide the password input instead of removing it from the …
29eaf28 
…DOM (#1407)

Fix #1397

The issue happened because Lock was REMOVING the password input from the DOM. The fix was to let the input in the DOM, but add a css class that hides the input.

Before:
![lastpass](https://user-images.githubusercontent.com/941075/41319427-1d81875a-6e72-11e8-8098-ae387134b8a0.gif)

After:
![lastpassok](https://user-images.githubusercontent.com/941075/41319492-55ba43aa-6e72-11e8-8aa9-f079a042e6f4.gif)
@ethanyoung
Copy link
Author

ethanyoung commented Jul 11, 2018
edited
Loading

Looks like this fix is not in 11.17.2. Just want to ask approximately when will 11.17.3 be release, please?

@luisrudge
Copy link
Contributor

Sorry to keep you waiting. The next release is scheduled to happen this week.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

In SSO mode, hide the password input instead of removing it from the DOM auth0/lock
2 participants
@luisrudge @ethanyoung