KeePassHttp-Connector behavior vs old PassIfox

[Nozalys]

Hi all,

First, thanks for the development of this plugins !

I was using KeePass 2.x with KeePassHttp plugin and PassIfox extension for Mozilla Firefox since almost 1 year, and I was very happy with this tools, since all worked fine. But, due to new Firefox update and the use of WebExtensions, I'm now forced to use KeePassHttp-Connector plugin.

And now, there is a lot of behavior differences: -most of the websites are no more asking credentials to KeePass. Some website works well, but not all. -When double-clicking into a credential field, nothing appears -When right-click on most of credential fields, there is no context menu item with keepasshttp-connector

When I go to the password manager of Firefox, I now see the old credentials. Before there was nothing more until the plugin is disabled.

I don't know if the issue comes from KeePassHttp-Connector, webExtensions or Firefox itself, but anyway, my user experience is very degraded since the latest update.

Regards, Maël Le Monnier

[smorks]

-most of the websites are no more asking credentials to KeePass. Some website works well, but not all.

there is a known issue (#12) where it doesn't detect dynamically loaded fields. this should be fixed soon.

-When double-clicking into a credential field, nothing appears

what is supposed to happen when double-clicking a field?

-When right-click on most of credential fields, there is no context menu item with keepasshttp-connector

there should be a KeePassHttp-Connector context menu item. can you give me some examples of websites where you don't see it?

You can also try the hotkey Ctrl+Shift+U while focused on a field to fill it in.

When I go to the password manager of Firefox, I now see the old credentials. Before there was nothing more until the plugin is disabled.

With the WebExtensions API, we are not able to tie in to the functionality of the build-in password manager in Firefox.

I know that PassIFox was a more seamless experience, but due to limitations in the API, this extension is missing some of that functionality.

[Nozalys]

Ok, I'm glad to hear that some fix will be deployed soon !

what is supposed to happen when double-clicking a field?

When I double-clik on a field, it leads to the same action that pressing the "DOWN_ARROW" key inside the field: it display a drop-down popup list with the saved credentials. For instance, if you have two registered emails on some website, you'll see the two emails in the list. And when you clic on one item, it will automatically fill-in the identifier & password fields, if there were previously saved.

can you give me some examples of websites where you don't see it?

Yes, for instance this one: https://www.nespresso.com/fr/fr/grands-crus-coffee-range Right-clic on the email field don't display the menu item, but right clic on password do. But the automatic fill-in still not working (I think it's due to the non-recognition of email field). When I try the Ctrl+Shift+U hotkey, I see the tray notification from KeePass, but nothing appears in the fields.

I also have a lot of corporate website but I can't share the links since this is intranet websites...

I know that PassIFox was a more seamless experience, but due to limitations in the API, this extension is missing some of that functionality.

Okay, if the issue comes from WebExtension, indeed we need to deal with it. Changing habit is always disturbing, but it's sometimes needed !

Regards, Maël

[Nozalys]

Another point I'm thinking about: since we need to disable the built-in password manager, when we want to change our credentials from the websites, there is no more "feedback" information sent to KeePassHttp plugin into KeePass application right ? Is there a way to re-implement this behavior ?

[smorks]

that nespresso one is strange, i'll have to look into it a bit more to see why it's not detecting the username field.

there is no more "feedback" information sent to KeePassHttp plugin into KeePass application right ? Is there a way to re-implement this behavior ?

i'm not sure what you mean by "feedback" information? when you login to a site where you've changed your password, the icon should flash red, then if you click on it, it will give you an option to update the KeePass entry with the new password. the detection doesn't always work, however.

[Nozalys]

Ok, so I don't seen yet the red flash icon when updating my passwords.

[yeupou]

I do not get how it is supposed to work.

With KeePassHttp-Connector, I can retrieve my KeePassXC database content but new entries are not added. If the Firefox password manager is on, entries are added there. If off, new password are silently ignored. If the icon switch to red, clicking on it has no effect.

I understand you cannot reproduce Passifox exact behavior but, right now, for me, it is only working one way.

[rugk]

The built-in password manager now does not have anything to do with the KeePassHttpConnector addon. Add-ons cannot access that pw manager anymore, anyway. So you can basically delete all passwords there.

KeePassHttpConnector communicates directly to KeePass, for each password I think, or, at least, for each website. When you login with a password it does not yet know, it is supposed to blink red and you can click on it and save the password in KeePass.

[yeupou]

Ok, thanks for the info. Not as seamless as it was but works fine.

[rugk]

I think with native messaging it gets a bit more seamless again: https://github.com/varjolintu/keepassxc-browser