search

RocketChat / Rocket.Chat

The communications platform that puts data protection first.
https://rocket.chat/
Other
40.61k stars 10.61k forks source link

provide better identification for 2FA TOTP field / dialog after login to ensure password managers are functional #30025

Open foss- opened 1 year ago

foss- commented 1 year ago

Description:

Currently the TOTP dialog or field is not recognized by KeePassXC.

Steps to reproduce:

  1. create account on https://open.rocket.chat
  2. setup TOTP and logout
  3. Login using email or username + password
  4. keepassxc-browser not detecting TOTP field

Expected behavior:

Field should be recognizable. @varjolintu of KeePassXC suggested:

They should definitely use some standard identification for the input field. autocomplete="one-time-code" is simple and a recommended one. It's also listed in here: https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/autocomplete

Just giving a hint for 2FA in the element placeholder is not very password manager friendly. We are checking the fields against auth text in the placeholder too though. The reason why the identification fails here is because of the size="1" which doesn't make sense. Meaning, the field is probably ignored also with the added one-time-code.

Actual behavior:

No TOTP icon which is shown by KeePassXC-browser when TOTP fields are recognized on other services. 1

HTML Code: <input class="rcx-box rcx-box--full rcx-box--animated rcx-input-box--type-text rcx-input-box" type="text" id="xxxxxxxxxxx" placeholder="Enter authentication code" size="1" value="">

Version Information:

KeePassXC KeePassXC - Version 2.8.0-snapshot, Build Type: Snapshot, Revision: 5fb26d6 KeePassXC-Browser 1.8.7 Operating system: macOS 13.5 Browser: Firefox 116.0.1 Rocket.Chat: 6.2.9

varjolintu commented 1 year ago

Is there a reason why there's size="1" in the element when that's not the actual size when visible? This causes some password managers to ignore the input field.

v-a14 commented 1 year ago

@hugocostadev I'm eager to help with this, so please let me know how I can get started. Thanks!

Hi buddy !! Is rocket.chat is active open source organisation ? I am not getting any replies on discussion forum ?

xonx4l commented 2 months ago

I have open an draft PR. Can someone review if I am going right ??

Aditya-PS-05 commented 5 days ago

@hugocostadev , I am interested to work. can you assign me this issue?