1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-25 12:15:18 +01:00
The browser extension vault (Chrome, Firefox, Opera, Edge, Safari, & more).
Go to file
Jared Snider b3d4d9898e
[SG-1026 / PM-1125] - Document / Improve Form Detection in Notification Bar (#4798)
* SG-1026 - Documenting / slight refactoring of notification-bar - WIP

* SG-1026 - More documentation WIP

* SG-1026 - Continued documentation of notification bar + testing theories for specific sites as part of research to identify areas for possible improvement + added types where appropriate.

* SG-1026 - getSubmitButton docs

* SG-1026 - Autofill Service tweak - On account creation (ex: talkshoe.com), even if the pageDetails contained a valid form to watch, the loadPasswordFields method parameter for fillNewPassword being false for inputs with autoCompleteType of "new-password" would cause the account creation form to not be watched (null form data returned to notification bar). Setting this to true will help capture more account creations in the above specified scenario.

* SG-1026 - Additional documentation / comment clean up

* SG-1026 - Remove unused pageDetails array

* SG-1026 - These changes address form detection issues for the password change form on talkshoe.com:  (1) Update autofill.service getFormsWithPasswordFields(...) method to group autofill.js found password type fields under a single form in a very specific scenario where the most likely case is that it is a password change form with poorly designed mark up in a SPA (2) Notification bar - when listening to a form, we must use both the loginButtonNames and the changePasswordButton names as we don't know what type of form we are listening to (3) Notification bar - on page change, we must empty out the watched forms array to prevent forms w/ the same opId being added to the array on SPA url change (4) Notification bar - getSubmitButton update - If we cannot find a submit button within a form, try going up one level to the parent element and searching again (+ added save to changePasswordButtonNames). (5) Notification bar - when listening to a form with a submit button, we can attach the formOpId to the button so we can only have DOM traversal in one location and retrieve the form off the button later on in the form submission logic. For now, I'm just adding it as a fallback, but it could be the primary approach with more testing.

* SG-1026 - On first load of the notification-bar content script, we should start observing the DOM immediately so we properly catch rendered forms instead of waiting for a second. This was especially prevelant on refreshing the password change form page on talkshoe.com.

* SG-1026 - Due to the previous, timeout based nature of the calls to collectPageDetailsIfNeeded (now handlePageChange), the mutation observer could get setup late and miss forms loading (ex: refreshing a password change page on talkshoe.com). DOM observation is now setup as fast as possible on page load for SPAs/Non SPAs and on change for SPAs by having the mutation observer itself detect page change and deterministically calling handlePageChange().  However, with these changes, page detail collection still only occurs after a minimum of ~1 second whether or not it was triggered from the mutation observer detecting forms being injected onto the page or the scheduleHandlePageChange running (which has a theoretical maximum time to page detail collection of ~1.999 seconds but this does require the mutation observer to miss the page change in a SPA which shouldn't happen).

* SG-1026 - Identified issue with current form retrieval step in autofill service which prevents multi-step account creation forms from being returned to the notification-bar content script from the notification.background.ts script.

* SG-1026 - Add logic to formSubmitted to try and successfully process multi-step login form (email then password on https://login.live.com/login.srf) with next button that gets swapped out for a true submit button in order to prompt for saving user credentials if not in Bitwarden. This logic works *sometimes* as the submit button page change often stops the submit button event listeners from being able to fire and send the login to the background script. However, that is a separate issue to be solved, and sometimes is better than never. This type of logic might be useful in solving the multi-step account creation form on https://signup.live.com/signup but that will require additional changes to the autofill service which current intercepts forms without passwords and prevents them from reaching the notification-bar.ts content script.

* SG-1026 - Add note explaining the persistence of the content script

* SG-1026 - Update stack overflow link to improve clarity.

---------

Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2023-04-13 15:59:31 -04:00
.github [DEVOPS-1260] - Update KV names (#5209) 2023-04-13 09:24:09 -06:00
.husky Make husky hook executable (#2900) 2022-06-14 07:26:50 +02:00
.storybook [SM-43] create product-switcher (#4189) 2022-12-21 16:50:41 -05:00
.vscode Add eslint-plugin-rxjs & rxjs-angular (#3373) 2022-08-26 18:09:28 +02:00
apps [SG-1026 / PM-1125] - Document / Improve Form Detection in Notification Bar (#4798) 2023-04-13 15:59:31 -04:00
bitwarden_license placeholder text being cut off (#5100) 2023-04-13 13:23:19 -04:00
libs [AC-974] [Technical Dependency] Refactor Vault Tables (#4967) 2023-04-13 14:48:29 -04:00
.editorconfig Add support for migrated jslib (#2826) 2022-06-03 18:01:07 +02:00
.eslintignore Auth/ps 2298 reorg auth (#4564) 2023-02-06 15:53:37 -06:00
.eslintrc.json [PM-328] Move common/importer to libs/importer (tools-migration) (#5060) 2023-03-23 11:43:27 +01:00
.git-blame-ignore-revs Add support for migrated jslib (#2826) 2022-06-03 18:01:07 +02:00
.gitattributes Apply Prettier (#2238) 2021-12-21 15:43:35 +01:00
.gitignore Upload and process test results as an artifact and report (#4435) 2023-01-11 09:01:02 -05:00
.nvmrc [EC-184] Desktop cleanup (#2553) 2022-05-05 19:03:56 +02:00
.prettierignore Auth/ps 2298 reorg auth (#4564) 2023-02-06 15:53:37 -06:00
.prettierrc.json [EC-183] Move eslint and prettier to project root (#2536) 2022-05-03 21:45:37 +02:00
angular.json Disable Angular Usage Analytics & Storybook Telemetry (#3903) 2022-10-27 12:22:33 -04:00
clients.code-workspace Override eslint config for vscode workspace (#4566) 2023-01-26 14:26:21 +01:00
CONTRIBUTING.md Update README and CONTRIBUTING to point to contributing.bitwarden.com (#2771) 2022-06-13 17:34:07 +10:00
jest.config.js [PM-328] Move common/importer to libs/importer (tools-migration) (#5060) 2023-03-23 11:43:27 +01:00
LICENSE_BITWARDEN.txt Update LICENSE_BITWARDEN.txt (#3505) 2022-09-13 09:04:36 -04:00
LICENSE_GPL.txt Prepare bitwarden_license directory (#2663) 2022-05-09 17:50:15 +02:00
LICENSE.txt Prepare bitwarden_license directory (#2663) 2022-05-09 17:50:15 +02:00
package-lock.json Bumped desktop version to 2023.3.3 (#5195) 2023-04-10 14:04:00 -07:00
package.json [PM-1691] Upgrade electron builder (#5038) 2023-04-10 20:19:28 +02:00
README.md Remove migration details from the readme (#4780) 2023-02-16 16:11:38 +01:00
SECURITY.md Revise language on SECURITY.md 2022-03-15 15:39:14 -04:00
tailwind.config.js SM-310 [] Secrets (#3355) 2022-12-09 11:21:07 +01:00
tsconfig.eslint.json [SM-329] Merge libs/electron into desktop (#3989) 2022-12-02 12:45:09 +01:00
tsconfig.json [PM-328] Move common/importer to libs/importer (tools-migration) (#5060) 2023-03-23 11:43:27 +01:00

Bitwarden

Github Workflow browser build on master Github Workflow CLI build on master Github Workflow desktop build on master Github Workflow web build on master gitter chat


Bitwarden Client Applications

This repository houses all Bitwarden client applications except the Mobile application.

Please refer to the Clients section of the Contributing Documentation for build instructions, recommended tooling, code style tips, and lots of other great information to get you started.

We're Hiring!

Interested in contributing in a big way? Consider joining our team! We're hiring for many positions. Please take a look at our Careers page to see what opportunities are currently open as well as what it's like to work at Bitwarden.

Contribute

Code contributions are welcome! Please commit any pull requests against the master branch. Learn more about how to contribute by reading the Contributing Guidelines. Check out the Contributing Documentation for how to get started with your first contribution.

Security audits and feedback are welcome. Please open an issue or email us privately if the report is sensitive in nature. You can read our security policy in the SECURITY.md file.