search

keepassxreboot / keepassxc

KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
https://keepassxc.org/
Other
21.11k stars 1.46k forks source link

Steam - AutoType Canceled for TOTP #1570

Closed OlivierMary closed 6 years ago

OlivierMary commented 6 years ago

In steam TOTP question is in an other window than user/login AutoType is canceled beetween the two windows.

That didn't work for steam, maybe for an other application that prompt TOTP or other question in other window.

That didn't stop beetween 2 tabs in a navigator must be the same for 2 windows of same application

Expected Behavior

AutoType not canceled beetween two windows of the same application.

Current Behavior

AutoType stopped beetween 2 windows of the same application (steam)

Possible Solution

Human action for continue AutoType, or make 2 AutoType sequences for the 2 windows.

Steps to Reproduce (for bugs)

  1. Configure TOTP for steam
  2. Setup TOTP Key in keepassxc (secret key optional for the test - hard to obtains it)
  3. Set an Autotype sequence like this one: {USERNAME}{TAB}{PASSWORD}{ENTER}{DELAY 2000}{TOTP}{ENTER}
  4. Try to login in steam.

Context

Setup AutoType for steam with TOTP.

Debug Info

KeePassXC - Version 2.3.0-snapshot Genre de la version: Snapshot Révision: 4c0ed74

Bibliothèques :

Système d'exploitation : Arch Linux Architecture CPU : x86_64 Kernel : linux 4.15.5-1-ARCH

Extensions activées :

TheZ3ro commented 6 years ago

You need to use multiple autotype sequence, we can't disable this Auto-Type behavior for security reason.

Just edit the first sequence to {USERNAME}{TAB}{PASSWORD}{ENTER} and add another autotype sequence with {TOTP}{ENTER} and the correct window Title.

Press autotype key, select first sequence, press autotype key again, select second sequence.

OlivierMary commented 6 years ago

Ok @TheZ3ro I understand :)

Why do not stop on tab change on firefox/chrome so ?

TheZ3ro commented 6 years ago

Autotype doesn't have such information as "different tab", it read the window title and if it's the same perform the autotype. If the window title changes means that a different window come into focus and the user didn't matched the new title, so autotype MUST be stopped.

For example: You trigger autotype on the Github login page, then a chat application come into focus, autotype don't care about the title changes and continue to type the password in the chat window.

OlivierMary commented 6 years ago

When login on github the title of windows are not the same on login and TOTP page:

image

image

And AutoType doesn't stop

TheZ3ro commented 6 years ago

What is the match in your entry-autotype configuration? Do you have match entry title enabled in the global settings?

OlivierMary commented 6 years ago

For Github => *github* For Steam => *Steam*

So the two pages pages of github match and AutoType not stop, But the two windows of Steam match too and AutoType stop.

TheZ3ro commented 6 years ago

Yeah, because Steam app is using 2 different windows.

Autotype match the title once when you trigger the autotype action. Save the window id you are on (from the window manager, X11 on GNU/Linux) then start performing autotype. If the active window changes (window id changes) stop the autotype. Code here

Sorry, I was thinking about titles and I forgot about window id. Anyway like I said above, this is the correct behavior for avoiding things like:

For example: You trigger autotype on the Github login page, then a chat application come into focus, autotype don't care about the title/window changes and continue to type the password in the chat window.

OlivierMary commented 6 years ago

@TheZ3ro ok thanks for explanation