SimpleLogin Username Generator doesn't Respect Current Page

[DarkArc]

Steps To Reproduce

1. Go to yahoo.com
2. Generate a username using the SimpleLogin Forward Email Address provider
3. Go to google.com
4. Generate a username using the SimpleLogin Forward Email Address provider

Expected Result

• The username/email address generated in step 2 is for yahoo.com.
• The username/email address generated in step 4 is for google.com.

Actual Result

• The username/email address generated in step 2 is for yahoo.com.
• The username/email address generated in step 4 is for yahoo.com.

Screenshots or Videos

No response

Additional Context

No response

Operating System

Linux

Operating System Version

Fedora 36

Web Browser

Firefox

Browser Version

firefox-104.0-5.fc36.rpm

Build Version

2022.8.0

[vphan916]

Hi @DarkArc! Thanks for reaching out. To further investigate this, we would need additional information:

1. Can you provide the exact steps on what you did to produce this?
2. Did you click on the Generator tab at the bottom of the menu to generate a username or did you click on the "+" icon -> then click on the user generator icon provided on the text field?
3. Can you update to the latest browser ext and let us know if this problem persist?

Thank you!

[DarkArc]

Can you provide the exact steps on what you did to produce this?

More or less the above, though today I generated one while GitHub was open, and it was still generating for mozilla.org (from days ago).

Did you click on the Generator tab at the bottom of the menu to generate a username or did you click on the "+" icon -> then click on the user generator icon provided on the text field?

I used the generate tab. When I use the plus but, that actually seems to work (so thanks, at least I have a work around now!).

Can you update to the latest browser ext and let us know if this problem persist?

This is the latest I have available in Firefox.

[DarkArc]

So, today I noticed this is also affecting the "+" icon, it just so happened that when I tried it the first time it worked.

[Larry-Sussman]

@DarkArc, is this still happening on the latest Firefox extension Browser v2022.10.1?

I wasn't able to reproduce this in my testing on Chrome or Firefox. When you are generating a username from the "+" icon route, is the current website filled in the "Name" and "URI 1" fields as shown below?

We've also had another report of weirdness with the SimpleLogin username generator, and I wonder if toggling some settings on that end might resolve this for you: https://community.bitwarden.com/t/username-generator-stuck/44969

[DarkArc]

@DarkArc, is this still happening on the latest Firefox extension Browser v2022.10.1?

I can't reproduce it reliably with the plus button -- it didn't occur in any of the attempts I just made. I do still see the generator tab going with "some random website" (currently hub.docker.com, which I haven't been to in I don't know how long -- with the message "Website: hub.docker.com. Generated by Bitwarden.") instead of the current tab.

Looking through your source a bit...

https://github.com/bitwarden/clients/blob/2a498245816a1cecb39af084c7a4fb94ddb121e8/libs/common/src/emailForwarders/simpleLoginForwarder.ts#L26

Clearly, this message shouldn't be there unless Bitwarden is getting that website "from somewhere." Considering a tab for that site isn't even open, I have no idea where.

I wasn't able to reproduce this in my testing on Chrome or Firefox. When you are generating a username from the "+" icon route, is the current website filled in the "Name" and "URI 1" fields as shown below?

snip

I can't say at this point, it's been too long since I mentioned the plus button case (and I haven't been generating many usernames lately).

We've also had another report of weirdness with the SimpleLogin username generator, and I wonder if toggling some settings on that end might resolve this for you: https://community.bitwarden.com/t/username-generator-stuck/44969

It's worth noting that SimpleLogin themselves have an open source (MIT) browser extension that uses their API: https://github.com/simple-login/browser-extension/blob/649c86a4d2b477f18c68d5264be9f1fc7f296d50/src/background/create-alias.js#L16

Even their backend code is open source, so I'd be highly suspect of the claim this is an issue on their end (especially given the weirdness from the username generator on the dedicated "Generator" tab); it really feels like there's a persistent cache in use that's causing the issue.

I will note my Firefox has crashed several times over the last few months (from some bugs in Firefox on Wayland w/ Kwin). This might be an issue where there's some state that normally gets cleaned up, but doesn't if Firefox doesn't exit cleanly.

[Larry-Sussman]

@DarkArc thanks for the detailed response! I'll make sure to add this additional info to our internal bug tracking ticket. I'm also not entirely sure what's going on here but your hypothesis makes sense. I'd recommend removing the extension, restarting Firefox, and re-installing the extension as a troubleshooting step. If it's a state issue, that should get us back to a clean slate and help narrow down if it was a problem with your browser specifically or an issue in our extension. Thanks again!

[DarkArc]

It does seem to be behaving "as expected" after removing the extension and reinstalling. I'd still prefer if the generator tab used the current tab and/or had a website field; but that's a minor nit :)

Still this should probably be investigated a bit more to figure out why the extension needed removed to fix it.

[BorisPieper]

I am running Linux Mint 21 Cinnamon and having the same problem and more. I generate the username/email in the bitwarden APP (without browser extensions).

Case 1: I click on "+" to add a new enty and do NOT enter a website. Now click on generate username and I do get a UUID generated address (my standard setting on simplelogin). => So the generated username is as exspected; but the simplelogin comment is "website: google.com" - and that is wrong. It should be empty.

Case 2: I click on "+" to add a new enty and DO enter a website "foobar.com". Now click on generate username and I do get a address generated "foobar@[..]". => So the generated username is NOT what I want (I want my UUID addresses I set as standard on simplelogin); but at least the comment is now correct saying "website: foobar")

So here are 2 bugs (or 1 missing configuration option and 1 bug)...

1. website is everytime "google.com" if NO website is supplyed
2. the generation of the forwared address/username should be WAY more configurable (e.g. allow to choose to generate either UUIDs or website+salt.

[Yrlish]

I have the same problem where the generator generates an address from SimpleLogin with the wrong hostname. Even the standalone generator gets it wrong...

Sometimes it also creates the email address as peacocktv@... instead of using a random one... In this example, there is no hostname or website.

[eyJhb]

I'm experiencing this issue as well, and I think I know the steps to reproduce...

1. Visit any website, e.g. humblebundle.com
2. Open Bitwarden extension, and add the SimpleLogin API key (while on that webpage)
3. ?? Try to generate a email, and it will be humblebundle.xxxx@simplelogin.io
4. Visit another website, and use the generator (not add login tab), and it will still be e.g. humblebundle

At least that's what I'm seeing.

[ChrisRomp]

Also seeing this behavior, and unfortunately it makes the email generator integration between Bitwarden and SimpleLogin not useable.

[eyJhb]

So, I've tried to dig into this further. The main issue is that it seems like this.cipherState does not change, after it has been initialized once.

https://github.com/bitwarden/clients/blob/b4631b0dd164ee34de9f5dff43a1bf559880ebd0/apps/browser/src/tools/popup/generator/generator.component.ts#L53

Digging further into this, trying to discover where addEditCipherInfo$ comes from, and it can somewhat be seen that it gets updated/(I don't really know), SOMETHING happens here

https://github.com/bitwarden/clients/blob/b4631b0dd164ee34de9f5dff43a1bf559880ebd0/libs/angular/src/vault/components/add-edit.component.ts#L689-L706

This in turn sets loadedSavedInfo to true, which is the return value of the function. This is then used here

https://github.com/bitwarden/clients/blob/b4631b0dd164ee34de9f5dff43a1bf559880ebd0/libs/angular/src/vault/components/add-edit.component.ts#L246

Which then is used here...

https://github.com/bitwarden/clients/blob/b4631b0dd164ee34de9f5dff43a1bf559880ebd0/libs/angular/src/vault/components/add-edit.component.ts#L278-L290

And for SOME reason, when that variable is true, and that code runs (??), it does not seem to update the website hostname used. It will continue to use the same hostname over and over again.

I somewhat validated that by setting

    const loadedAddEditCipherInfo = false;

Which made it work, and it generated the emails correctly, and updated the cipherState correctly from the first link.

That's all the investigation I've made. I'm not sure what is happening, or why.. Hopefully someone with a little more JS knowledge have some more to go on.

EDIT: Git blame somewhat points to https://github.com/bitwarden/clients/pull/4808 , but I'm not really sure... EDIT2: It's not because of loadedAddEditCipherInfo being false, it was because I never called the underlying function. So It's something in loadAddEditCipherInfo that is incorrect.

[eyJhb]

Seems like this

https://github.com/bitwarden/clients/blob/b4631b0dd164ee34de9f5dff43a1bf559880ebd0/libs/angular/src/vault/components/add-edit.component.ts#L690-L694

If one just comments the this.cipher, it will work as well.

@DarkArc @Larry-Sussman anyone of you know the codebase better than I, and can lead me further, or can see the problem?

[DarkArc]

@eyJhb sorry I haven't had this issue recently. I'm not sure if that's just because I'm using the generator less (when I originally reported this I was trying to generate 50+ email addresses to handle various old logins) or because the issue is actually fixed for me.

I don't know the code particularly well, I just took a dabble when I was trying to understand what was going wrong.

[Seblirium]

I am still observing this reported issue in the most recent Chrome version, 2024.5.2.

This is also observed on multiple email alias services that I use, SimpleLogin and addy.io