Subdomain support

[WardsParadox]

Hello, Love Bitwarden and have swapped to it from Lastpass. I noticed that there is no support for separating sites based on the full domain. Bitwarden detects tech.example.com and forms.example.com to be the same site and offers both sets of logins for both sites. If a user could setup a URL rule to prevent this, that would be great.

[zestysoft]

However, the "proper" term is second level domain: https://icannwiki.org/SLD

I assume, however, that since this software is going to be written for the masses, using something like "base domain" might be more intuitive?

[kspearrin]

I'll just leave it called "Base Domain" since noone outside of a domain expert knows that it is really called "SLD + Period + TLD".

[kspearrin]

If anyone is curious, here is the implementation for each "match detection" option: https://github.com/bitwarden/jslib/blob/master/src/services/cipher.service.ts#L177

[kspearrin]

Browser extension implementation now done. Screenshots:

[kspearrin]

@kriswilk Equivalent domains only apply to the default "Base Domain" option. None of the other options will use them since those options have higher precedence.

[kspearrin]

Screenshot of web vault support:

[kriswilk]

Great progress. Looking forward to trying it out!

[kspearrin]

Closing this since it's done for next release. Thanks for the feedback all.

[DoCode]

Where are the preview bits?

[kspearrin]

For anyone interested in beta testing this:

1. Now available on Android through the Play Store Beta.
   • https://play.google.com/apps/testing/com.x8bit.bitwarden
2. You can side-load the latest browser extension dev build.
   • Prebuilt versions: https://ci.appveyor.com/project/bitwarden/browser/build/artifacts
     • Or follow instructions on this repo's readme: https://github.com/bitwarden/browser/blob/master/README.md#buildrun
3. Install dev builds of desktop app:
   • Pre-built windows: https://ci.appveyor.com/project/bitwarden/desktop/build/artifacts
   • Others: Manually build using repo readme: https://github.com/bitwarden/desktop/blob/master/README.md#buildrun
4. Web app
   • Build from source here: https://github.com/bitwarden/web/blob/master/README.md#buildrun

Please let me know if you find any problems.

[mbudde]

After having played with the Firefox extension a bit I'm overall pretty happy with how it works. I have a couple of comments:

• Adding an URL to a login with the 'Host' setting does not cause the whole hostname to be shown when viewing (not editing) the login as I would expect. E.g. adding 'foo.bar.baz.com' with the 'Host' settings is shown as 'baz.com'. Similarly for the 'Starts with' and 'Exact' settings I would expect the whole URL to be displayed.
• For the 'Regex' setting I wish there was some easy way to test the regex against an URL. I needed a couple of tries before I got it correct and each time it involved first finding the login in the vault then view, edit, save, check if it matches.

[DoCode]

Ok, thanks @kspearrin!

Any points: 1) The Desktop installer doesn't have the feature included 2) For my scenario, many unique subdomains (sub1.sub.company.com, sub2.sub.company.com, sub3.sub.company.com, ...) the Host settings with the entries see below, works very good! 👌 3) For 2), it would good when we can set the 'Host' settings as default and parse this automatically from the URI when a new site is added

[benshep]

When choosing between match detection types, it might be nice to have some additional text in the dropdown box showing how the "base domain" and "host" options (in particular, but maybe the others too) will be matched. Crude mockup:

[kspearrin]

Anyone able to test out the android beta with these features yet?

[DoCode]

@kspearrin, today evening. I send you feedback after 8 pm.

[benshep]

Signed up for the Android beta. But I can't see the option to change the match type in the edit dialog.

It reminded me though - in the Android browser (I'm using Jelly on LineageOS), I get a bitwarden notification but it never matches anything since it's trying to match on the app ID - tapping the notification takes me to "Items for org.lineageos.jelly" and I have to manually search for the site I want. I assume this is a known problem?

[kspearrin]

On android, press and hold around the label for context menu options.

[benshep]

OK, found it. Not as discoverable as in the browser extension.

[kspearrin]

@benshep I am not a personal Android user so I don't know a lot about usability patterns there, but is that not a common way of attaching options to a section of information?

[benshep]

Yes, long-press is fairly common. But I don't think there are any other long-press options on that screen, so the user does not expect one. In my opinion it would make more sense to have a 'gear' icon on the right (cf the icons for 'view password' etc) which would be the same as the browser extension.

[DoCode]

@kspearrin, so sorry. The settings in the android beta works fine. But I only had chrome beta and edge installed. And for both bitwarden not working 😩

[DoCode]

@kspearrin - when we can expect an official release with this feature included?

[KenJyn76]

@kspearrin I'm not understanding, how does this interact with Equivalent Domains? I understand what both are used for, but what's stopping me from, say, deleting the Google > Youtube ED, and have URI 1 as http://google.com and URI 2 as http://youtube.com?

[kspearrin]

@pokemontotalwar Nothing is stopping you from doing that. Eq domains are global. Multiple URIs are for each individual login.

[KenJyn76]

@kspearrin Okay, awesome, thank you! I wasn't sure if it would work and I didn't want to go deleting eq domains before knowing if the multiple URIs would work for it. So really the main use for eq domains now is for sites you have multiple logins for and maybe apps. Is there a way to edit eq domains in anything but the web vault as of yet?

[kspearrin]

You can only edit eq domains in the web vault.

[kspearrin]

ALL:

The updates for multiple URIs + match detection options are now rolling out. I have created a help article that covers this feature in detail.

See here: https://help.bitwarden.com/article/uri-match-detection/

Please let me know if you have any feedback on the help article.

[Attoy]

Hey @kspearrin I linked it in reddit too. Hope you don't mind.

[SylwesterZarebski]

Thanks a lot! It also works with HTTP Basic Auth (when credentials are set properly to be only one for site).

[kspearrin]

This feature is now available on all platforms. Thanks for the feedback all.

[wbconnor]

@kspearrin Base URI matching isn't working for me on the Chrome extension for the URI pantheonsite.io I've tried all manner of fidgeting to get the match and have not been successful.

[luckman212]

When I click on that site, it redirects to pantheon.io - is that part of the problem?

[wbconnor]

Possibly. The URI which I actually navigate to is something like featureBranch-organizationName.pantheonsite.io

[fthiery]

Hi; thanks for this feature. However, right now it's quite hard to use for the following use case; my company creates many customer-specific subdomains (ex: customer1.domain.com, customer2.domain.com) and for sharing administration passwords we want to use bitwarden.

However, in the current way that this feature is implemented, every time i add a new login/password for a new subdomain (e.g. customer3.domain.com), bitwarden uses the base domain as default url matching method, so basically i need to log once, edit the rule to e.g. startswith instead of base domain (the default).

Is it planned to define globally the default url matching rule for a specific base domain ? That would be the opposite of the currently available equivalent domains menu.

[kspearrin]

@fthiery Yes, it is planned to add a global option to change the default. I don't have a timeline available for that yet though.

[fthiery]

Great, thanks; is the spec defined yet in another issue (if i can bring my 2 cents) ?

[gene1wood]

For anyone (like me) that could only find this in the web (vault.bitwarden.com) but not in the browser extension, you can find it by going to

• Your browser extension vault
• The credential you want to edit
• Click Edit
• Within the credential where it shows the URI in the field URI 1, to the right is a gear icon
• Click the gear icon to get to this feature

[Crocmagnon]

@gene1wood it’s explained here : https://help.bitwarden.com/article/uri-match-detection/

« While editing a login you can adjust the match detection value for a given URI by selecting the ⚙️ Options button next to the URI’s value. »

[StefanoChiodino]

This is great! Would be nice to have it select the best options for known cases like slack!