HTTP auth popup not filled in

[storm49152]

I found this fork on https://addons.mozilla.org/en-US/firefox/addon/passifox/reviews/, so I installed 2.8.6 in Waterfox-54.0.1 (shouldn't be too far off from Firefox) on Windows 10. It works mostly; I did notice a couple of quirks:

• When I land on a login page the user/pass fields are filled in. But when I submit the login form, Waterfox is asking me if I want to save the password. The original PassIFox did not do this (but it is crashing my browser on pages with http auth...).
• When I land on a web page that requests http auth, the popup is not filled in with user/pass. I do get a Windows popup that PassIFox is receiving the credentials from KeePass2.

I also tried this in the Firefox Developer Edition 56.0b10 and the behavior is the same.

Firefox extensions are not quite my field of expertise. Is it just me who is experiencing this, and/or is this something you can look into?

Thanks..!

[smorks]

your first point, this is the same as issue #3, the new firefox extensions have no way of interacting with the built-in password manager, so you just need to disable the built-in password manager.

for your second point, i tested with Waterfox 55.0.2 on Windows 7, and it works fine. The popup should not come up at all if things are working properly. can you post a screenshot of the windows popup that comes up?

[storm49152]

Okay, thanks. I'll disable the password manager and tomorrow when I'm back in the office I'll add a couple of screenshots related the http auth messages on Win10 (because at home I'm working on Linux so I can't simulate right now).

[storm49152]

These are 2 screenshots. One is from the browser, the other is a W10 notification.

The W10 notification is normal and it indicates that the credentials are sent. But the http auth popup is empty.

[smorks]

do you have more than one set of credentials that would match the page you are trying to authenticate at? i'll do some testing on my end on that case, i'm not sure if that part is working properly.

[storm49152]

No, for this (local company) website I only have one login. In IE it's doing integrated login, but I don't use IE unless I really need to.

[smorks]

hmmm, that's very strange. do you have any other sites that use http auth that you can test with?

also, i'm guessing if you type your credentials into that field, then it continues as normal?

[storm49152]

Yes I can try, but I'm not at the office tomorrow so it'll be no sooner than Friday.

Yes, if I type my credentials in those fields, Waterfox/Firefox will login without issues.

[storm49152]

Okay, I don't understand.

I found a http auth demo website, https://auth-demo.aerobatic.io/, and tried it without an entry in KeePass. I got the same login popup as I do on our internal website and needless to say it did not have the credentials filled in.

Then I created a KeePass entry for https://auth-demo.aerobatic.io/ and tried again. When I clicked the "Standard Auth" button, I got a KeePass popup asking if it's allowed to supply the login credentials. When I allowed this, I did not even get the popup, and I was automagically logged in.

So I guess the extension works, but I don't understand what's going on with the internal website KeePass entry. Is there a way I can debug this?

[smorks]

yes - you can debug it, i don't know why i didn't think of that before. go to the Addons page in your browser, then click on the gear button at the top, and select "Debug Add-ons". Then, check "Enable add-on debugging", find chromeIPass in the list, and click on the "Debug" link below. It should open a new window, and may prompt you to allow the connection. Just hit "Ok", then click on the "Console" tab at the top in the new Window, and see if there's any errors.

if there's a lot, just copy & paste it into a text file and attach it here.

[storm49152]

Thanks. I attached the output of the debug (cleared the console, fired up the web page, saw the popups, no login credentials filled in).

When I did the same thing with the aerobatic.io demo page, I got this, or nothing at all, and it just worked:

[Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIHttpChannel.suspend]"  nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)"  location: "JS frame :: resource://gre/modules/WebRequest.jsm :: maybeSuspend :: line 733"  data: no]

I tried both several times and on the internal website each time it gives the same result. The aerobatic.io page only gave me the result once.

chromeipass-debug-20170915.txt

[smorks]

that is very strange. i tried to find some info on the error your getting, and it appears to happen when some internal firefox error occurs. it's hard for me to know why this is happening because i can't seem to reproduce it at all.

maybe i'll try testing with an IIS server, since that seems to be what you're trying to authenticate against.

a few last shots in the dark:

there isn't anything strange about your credentials for the internal website? do you have any other add-ons running? can you try with all of them disabled and just chromeipass enabled?

[storm49152]

• Yes I'm using a number of other add-ons but they never clashed before,
• Yes, the website is running on IIS, and
• No, I don't think there's anything special about the credentials I'm using. It has always Just Worked.

What I'll do is disable all other add-ons, because after all ChromeIPass is a different thing from the older PassIFox so maybe things do behave different. Another thing that I'll do is remove the KeePass entry, create is again, and see what happens. I just thought of this because the entry that worked was newly created. I'll let you know about the results after the weekend.

[storm49152]

I tried with other add-ons disabled and created a new KeePass entry for the website, but no luck.

[smorks]

very strange. honestly, i have no idea why this is happening. it's very hard for me to try and determine the cause because i can't seem to reproduce the problem at all.

one other thing that may or may not help, but could you test it with Chrome and/or Firefox to see if it's maybe something to do with Waterfox itself?

[storm49152]

I tried with Chrome, and it works; don't even see the http auth popup, it just logs in.

I tried with Firefox Developer Edition 57.0b2, and it doesn't work; I get the http auth popup with no credentials filled in. This FF uses a different profile from Waterfox; it only has the ADH Helper, Valence and chromeIPass extensions installed.

[smorks]

if anyone else is able to reproduce this issue at a publicly accessible website where i can test it, that would be extremely helpful.

[storm49152]

I tried to find some but didn't find one that didn't work. Somehow it seems like there's something wrong with our internal website, but I fail to see what that could be since, like I mentioned before, I do get a popup telling me credentials are received from Keepass.

[Generator]

I've been testing keepassxc-browser and don't have that issue, HTTP Basic Auth works with keepassxc-browser, but i don't know what is exactly commit that solved that, i've found these related to HTTP auth

[smorks]

hmmm most of those commits are things that are already in both extensions. i'll compare both implementations of Http Auth to see if i can narrow down why it's working in one and not the other.

it would be interesting to see if @storm49152 tests keepassxc-browser to see if it works with the specific website that it's not working on.

[varjolintu]

I wonder if this is related to the commits I have where I added the function cip.detectActiveNewFields()?

[Generator]

Looks to be fixed with v1.0.3, only basic auth on my routers pages aren't working. Can't find any similar auth page to test it.

I've some pages on my home server with nginx HTTP basic auth, and they all work now, with routers keepasshttp-connector don't event asks to access the entry.

[smorks]

@Generator could be it's related to issue #12? if you hit the "Redetect credential fields" after the page is loaded, does that work?

[Generator]

@smorks the auth window stays on top of Firefox, i can't click on anything else (Firefox menu, addon icon, change tab)

[smorks]

@Generator what types of routers are you using (brand/model #)?

[Generator]

@smorks it's more the firmware, DD-WRT and TomatoUSB

[Generator]

Forget it, my mistake, my entries were configured to use the router domain (http://routername.lan) instead of router IP, after cloning the entry change URL to IP, both works.

The issue seems to be fixed with v1.0.3.

[smorks]

@storm49152 i'm assuming you're still having the same issue with v1.0.3?

[storm49152]

FTR: The website I'm having an issue with is an IIS webserver running a time-management application. I could not find another website using http-auth where it didn't work, so... if everyone here has the experience that keepasshttp-connector should work just fine, then the problem is likely on my side and then maybe we should close this: I do not expect you to look at it forever, especially without having a clear example where it does not work.

@smorks I just tried and I'm still having the same issue with v1.0.3 in both Waterfox (55.2.2 with my regular profile), and with Firefox-Dev (57.0b10 with an otherwise empty profile).

I also tried keepassxc-browser, but I can't get it to connect to either KeePass2 and KeePassXC in both Waterfox and Firefox-Dev, whatever I tried to make it work.

[dakra]

Just want to say that I had the same problem and it works since v1.0.3. I used a server with digest authentication (https://github.com/atomx/nginx-http-auth-digest).

[erikvanoosten]

I have the same problem with v1.0.3 in Firefox 56.0.2 on Mac (10.12 Sierra) on an internal site.

Debug log:

POST XHR http://localhost:19455/ ... data removed ...
[Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIHttpChannel.suspend]"  nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)"  location: "JS frame :: resource://gre/modules/WebRequest.jsm :: maybeSuspend :: line 753"  data: no]  (onbekend)
    maybeSuspend                     resource://gre/modules/WebRequest.jsm:753:7
    applyChanges                     resource://gre/modules/WebRequest.jsm:945:24
    next                             self-hosted:1183:9
    runChannelListener               resource://gre/modules/WebRequest.jsm:934:12
    observe                          resource://gre/modules/WebRequest.jsm:637:9

[smorks]

@storm49152 i just fixed an issue (#41) where if you had multiple entries matching a url, if the first entry didn't have the correct username & password, it would show the prompt. it should now try all matching credentials. could that be the problem you were having?

[tlex]

For me it was indeed fixed by removing a second entry from KeepassXC that matched the same URL. Thanks for the hint @smorks . Now it works exactly like on Chrome - I get logged in without any prompt.

[GoTTi74]

I actually have a similar problem. Some web sites (e.g. https://auth-demo.aerobatic.io/) with "standard auth" (https://auth-demo.aerobatic.io/protected-standard/) it doesn't even load the popup but keeps in an "infinite" loop.

If I use the "Custom Auth" (https://auth-demo.aerobatic.io/protected-custom/) no problem at all.

System: OSX 10.12.6 (Sierra) FF 57.0.1 KeePassHttp-Connector 1.0.8

[storm49152]

Sorry for the delay. I just installed 1.0.8 for both Waterfox and Firefox-Dev, but it doesn't work for me. I checked how many Keepass entries I have for the website in question, and there is only one. I tried to get some debugging information, but didn't see anything (which could be due to my lack of understanding on how to get that information).

[erikvanoosten]

I can confirm that removing duplicate entries fixes the problem for me. Thanks!!

[GoTTi74]

@erikvanoosten

Do you get the authentication pop-up when you have no account/password stored?

My problem is, that this doesn’t come when I have no credentials stored. In addition to that, I’m unable to remove duplicate entries as I have multiple accounts/passwords for our company intranet pages/applications.

[erikvanoosten]

Yes, I do get the popup for websites for which I have no password stored.

[smorks]

@storm49152 too bad, i thought i had it figured out!

[varjolintu]

I think I nailed this one today. It seems that if httpAuth.processPendingCallbacks has a chance to return too early the callback/promise just vanishes somewhere and it's not handled. So instead of calling retrieveCredentials directly from keepass.js wrap it around a function that creates a promise. A working solution is visible here. Try it out.