HTTP Basic authentication does not show pop-up

[mmagdy88]

Steps To Reproduce

Open a page that has HTTP Basic authentication, it doesn't work when Bitwarden extension is enabled.

Expected Result

To show this pop-up: https://imgur.com/a/QTJSV6M

Actual Result

Shows this instead: https://i.imgur.com/0VCcRlV.png

Didn't even ask for credentials.

Operating System

Windows

Operating System Version

Windows 10 21H2, Build 19044.2604

Web Browser

Chrome

Browser Version

Version 110.0.5481.178 (Official Build) (64-bit)

Build Version

Version: 2023.2.0

Issue Tracking Info

• [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[joshtrichards]

Hey @mmagdy88. Just a BW user here, but I'm running the same build chrome+bw extension against an nginx server with basic auth and I can't reproduce this (so far).

I tried with autofill enabled as well as disabled in case that had something to do with it, but no change.

I'm having a hard time grasping where/when the BW extension even enters the picture for HTTP Basic Authentication.

Can you try disabling - temporarily - the BW extension outright in your Chrome (Tools->Extensions->toggle the blue bar on the Bitwarden extension listing to gray)? Then revisit the protected URL in a new browser session (make sure you don't have any background Chrome apps that continue to run to avoid session caching issues) to see if this problem goes away or remains.

Also worth trying in an Incognito session as well.

If the issue remains - and if you feel comfortable doing so - can you share your nginx.conf (or equivalent) for the relevant location including all associated lines starting with:

allow
deny
satisfy
auth_*

You can remove any confidential IP addresses/etc at your discretion.

[mmagdy88]

Hey @joshtrichards, thanks for your reply, when I disable BW extension, the authenticator pop-up works perfectly. In incognito mode if the BW extension is enabled the pop-up doesn't work, so it's not coming from another extension which I suspected at first.

And in regards of the nginx configuration, you can find it below:

                location /REDACTED {
                        satisfy any;
                        auth_basic 'Authenticated users only';
                        auth_basic_user_file "REDACTED";
                        auth_request /auth;
                        proxy_pass http://REDACTED;
                }
                location = /auth {
                        internal;
                        root /var/www;
                        include fastcgi_params;
                        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
                        fastcgi_index index.php;
                        fastcgi_param  SCRIPT_FILENAME  /var/www/auth.php; #$fastcgi_script_name;
                }

Thanks in advance for your help.

[MarsCandyBars]

Greetings,

I attempted to reproduce your auto-fill issue with nginx/basic auth and was unable to do so. Due to the way basic auth prompts are designed, auto-filling them must be non-interactive. Please make sure you have only one vault item that has a URI that matches the one you are trying to auto-fill. If everything works correctly, you shouldn't be prompted to authenticate when you navigate to the site, because Bitwarden will have auto-filled it in the background. Please see our documentation on the topic here: https://bitwarden.com/help/basic-auth-autofill/

We use GitHub issues as a place to track bugs and other development related issues. If your issue persists, please write us back using our contact form, so we can continue troubleshooting: https://bitwarden.com/contact/

You can include a link to this issue in the message content.

Alternatively, you can also search for an answer in our help documentation (https://bitwarden.com/help/) or get help from other Bitwarden users on our community forums (https://community.bitwarden.com/c/support/).

The issue here will be closed.

Thanks!

[joshtrichards]

@mmagdy88 I tried to recreate your setup as close as possible and simply can't reproduce the issue. You can see my testing configs and auth scripts etc here: https://gist.github.com/joshtrichards/8a3a36eee1a3bab288e3764156754ec8

[mmagdy88]

Hey @joshtrichards, I really appreciate your effort trying to help me in this issue, it might be an issue with the PHP authentication script since we're using LDAP and this is what appears in the nginx logs while BW is enabled: open() "/data/www/htpasswd" failed (2: No such file or directory)

If I disabled BW, this error message doesn't show up and the authentication works properly.

[mmagdy88]

Hey @MarsCandyBars, I already checked that article before I opened the issue and yes I tried disabling auto-fill and tried to enable it but disable that vault item in particular and still the same issue.