Match detection does not work reliable with iOS Auto-fill

3Szx6X1x3sCVjZjf0eNjV1fsCf2b76YEtyS9rxe commented 3 years ago

Describe the Bug

iOS Auto-fill recommends an account, that does not match the previously set match detection rules. This does only affect the suggestion above the keyboard and inside the popup, which opens, when you press the the key-icon at the top-right of the keyboard.

Steps To Reproduce

Create multiple accounts in Bitwarden. Default match detection: Base domain Account 1: URI 1: https://tu-braunschweig.de Match detection: Base domain URI 2: https://tu-bs.de Match detection: Base domain Account 2: URI: https://aura.sz.etc.tu-bs.de/ Match detection: Host Account 3: URI: https://www1.unisport.etc.tu-bs.de/ Match detection: Host
Use an iOS device and visit https://studip.tu-braunschweig.de
Click "Login"
Choose TU Braunschweig as Identity Provider
You should be redirected to https://sso.tu-bs.de
The iOS Auto-fill suggestion will be Account 2
If you click the key icon in the top-right corner, iOS will suggest Account 2 and Account 3

Expected Result

iOS should suggest Account 1 and not Account 2 or 3.

Actual Result

iOS suggests Account 2 & 3. If you use the Bitwarden extension (accessible through the share menu), the Bitwarden overlay suggests Account 1, as expected. The Browser extension (tested with Chrome and Firefox on Linux and Windows) does also suggest Account 1.

Screenshots or Videos

bitwarden_chrome bitwarden_ios_1 bitwarden_ios_2

Environment

Device: iPhone 8 Plus and iPad
Operating system: iOS 14.4.1 and iPadOS 14.4.1
Is this a Beta release? N

Qqa4G1Opkhi42ioOehScQZuxBdBtS9qweoEImKT commented 3 years ago

I am also having the same problem when using a port on the end of a url if the same url is listed in bitwarden several times but with different ports even if i use host in uri it does recognize the specific port

99wUEsruGOht87ywcFNbt7Yv1e7O6BMNcrY1HkA commented 3 years ago

I have the same issue with my university account. In my case it is like below.

Account 1: student.iimc.kyoto-u.ac.jp (Base domain) Account 2: www.alumni.kyoto-u.ac.jp (Host)

When I access to https://student.iimc.kyoto-u.ac.jp and click Login button, it redirects to https://authidp1.iimc.kyoto-u.ac.jp/... Although only Account 1 should be suggested, iOS does suggest Account 2 at the top of the list, and also Account 1 as the second option.

Bitwarden extension from the share menu suggests only Account 1 as expected. The Safari extension and Brave extension on macOS also suggests only Account 1.

I use iPhone SE (2nd gen) with iOS 15.0. I have been suffering from this issue since I registered these websites to my Bitwarden account (~1.5y before).

glM51TaDzpmvH2CIBaMO1tpRonfTVqTGz2SVJJP commented 2 years ago

I'm also having this issue, iOS 15.5 on iPhone 12 Pro Max. Using a local IP Address with a port.

Saved logins:

Account 1:
- uri: '192.168.1.123:1234'
- match type: 'Starts With'
Account 2:
- uri: '192.168.1.123:7825'
- match type: 'Starts With'
Account 3:
- uri: '192.168.1.123:5728'
- match type: 'Starts With'
Account 4:
- uri: '192.168.1.123:1236'
- match type: 'Starts With'

When accessing any of the above addresses on safari on iOS, it will recommend the logins for all of them at once. On my PC on google chrome, the match detection type is respected

1aNPrVqq8CDVvcZNsTyJQX8tlPMnxeoEfrfJ3Fy commented 2 years ago

In the process of migrating from 1Password to BW and just found out about this issue after setting up auto fill on IOS. Really bummed this is the case. URL matching is one of the primary reasons I wanted to move to BW and it doesn’t work on iOS. 😞

9zXj645v49avjwIX1cJ8VkO4FdKhC9GJAk70Hun commented 1 year ago

I noticed that the problem in my case occurs only with the .xyz TLD, maybe it could be something related to some TLDs not being recognized correctly

wmxCROtQF55amIwZmkY8MxfU7L07Z9krYQDlQB6 commented 1 year ago

Any news on that? i have many websites which only has different ports and now i always see all stored passwords for the same ip/main domain. very bad and it‘s not usefull at all, because often the login username is the same (for example my mail address).