search

sensu / uchiwa

Uchiwa is a simple yet effective open-source dashboard for the Sensu monitoring framework.
https://uchiwa.io
MIT License
920 stars 174 forks source link

[UX] login form does not work well with password managers (Keepass & KeeFox in my case) #723

Open arthurzenika opened 7 years ago

arthurzenika commented 7 years ago

Expected Behavior

Arrive on the login form of uchiwa, click on suggested login/password suggested y keefox (from keepass), the form is automatically submitted and the UI shows up

Current Behavior

I click on the suggested login/pwd, get Authentication error red popup. Have to retype admin in the login form and resubmit the form.

Possible Solution

I think there is some sort of js verification that a login has been typed which does not detect the value inserted by the password manager.

Context

This might also happen when using firefox managed passwords, haven't tried.

Your Environment

palourde commented 7 years ago

Hi @arthurlogilab,

I just tested with 1Password on Chrome and the Firefox's managed passwords and I wasn't able to reproduce this problem. There's no advanced logic around the login form so I don't see how it could be related to that. Could it be possible that the username field value in KeeFox be somehow malformed (e.g. a trailing whitespace?).

Thanks!

arthurzenika commented 7 years ago

screenshot from 2017-10-20 10-29-35

arthurzenika commented 7 years ago

And if I copy paste the password in the password field without going to the login field, eventough admin is shown in that input, it is not taken into account and the request send only shows the password. When you use the form interactivelly there is a class that switches from ng-empty to ng-not-empty, then you're good to go. I think that's where the js is necessary and comes in the way of the password manager. Maybe 1password simulates the form being filled in a different way than keefox.

palourde commented 6 years ago

Hi @arthurlogilab,

I just tried to replicate what you did; with the login field already filled, I pasted the password and I was able to successfully log in. Did you try with an another browser or were you able to reproduce that issue on an another computer? Unfortunately, without being able to reproduce that problem and if no other users can confirm that bug, there's not that much I can do!

arthurzenika commented 6 years ago

@palourde when you paste your password you activate the javascript that takes into account the text, I think password managers simply modify the DOM so the JS doesn't pick it up. I'm afraid the only way to reproduce this bug is by using an external password manager such as https://www.kee.pm/