Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Non working site payback.de #2448

Open
agowa opened this issue Jan 31, 2025 · 3 comments
Open

Non working site payback.de #2448

agowa opened this issue Jan 31, 2025 · 3 comments
Labels
non-working site

Comments

@agowa
Copy link

agowa commented Jan 31, 2025
edited
Loading

Hi,

I just noticed that the extension currently doesn't work well with payback.de

Issues

  • Custom Fields selector doesn't detect the username and password fields at all
  • Tries to access incorrect credential object (for https://www.google.com)
  • Requires manual changes to site preferences in options.
  • Right-click context menu filling behaves differently than clicking the button within the input fields
  • Extension behaves differently when visiting login page directly than when visiting it via the main website.
  • Clicking the KeePassXC icon within the Passwort field doesn't work and it'll just vanish (probably as it overlays the show/hide password button)

Issue -vvvv

  • Exact login URL https://www.payback.de/login and https://www.payback.de/login?redirectUrl=https%3A%2F%2Fwww.payback.de%2Fhome (mentioning the one with the redirectUrl attribute as well, as for some reason the extension behaves differently, for the first one when visited directly without the attribute it showed the button for "Allow Cross-Origin iframes", which it didn't when landing at the login page via the button on the main page, aka the 2nd url Edit: after further testing I cannot reproduce the case where the Addon showed the "Allow Cross-Origin iframes" option itself. So probably caused by something else.)
  • I don't see any related output in the Javascript Console in either case.
  • The "Username-Only" button is NOT shown within the extensions dropdown menu, nor does the custom fields selector appear to work on this site either.
  • When going into the options and checking "Username-only Detection", "Improved Input Field Detection", and "Allow Cross-Origin iframes" manually the extension incorrectly detects the URL of the login field as https://www.google.com and a browser access request for selecting the google account is shown (See below referenced comment from old ticket, would fit the reported recapture detection quirk on that page). HOWEVER the filled in Username was from the correct credential entry though. Only for the password it tried to use the https://www.google.com credentials. (However as the KeePassXC icon within the input box on the password field is overlapping the show/hide passwords button trying to fill in the password was done via the right-click context menu. When I also try to use the context menu for the username field I get an even stranger behavior, where it'll fill in the correct username but simultaneously ALSO request the https://www.google.com credentials (I.E. both)).
  • Does it affect the Username Icon, Autocomplete Menu, Popup Menu? => Yes, interestingly all behave slightly differently.

Steps to reproduce

  1. Open "https://www.payback.de/login"
  2. Click on the browser extension and choose the "Choose Custom Login Fields".
  3. Try to select the "E-Mail oder Kundennummer" input box. ===> Not offered for selection.
  4. Create a dummy credential entry in KeePassXC with the URL https://www.payback.de and another dummy one for google with URL https://www.google.com
  5. Set "Username-only Detection", "Improved Input Field Detection", and "Allow Cross-Origin iframes" manually within the extension options.
  6. Open the login page again
  7. Try both ways (the icon within the input boxes and context menu) to fill in the login credentials. ====> When using the context menu it'll either only (for the password field) or in addition to the correct credentials (username field) request permissions for the https://www.google.com credentials.

Extension Debug info

KeePassXC - 2.7.9
KeePassXC-Browser - 1.9.6
Operating system: Linux x86_64
Browser: Chrome/Chromium 132.0.0.0

Related issues and references

Found a comment about an issue on this page within an older already closed ticket that appears to have gotten unnoticed by @pzystorm in #2135_

Relates to #2386
Relates to #2135

Debug logs

With "Username-only Detection" and "Improved Input Field Detection" enabled. (Otherwise nothing is logged).

[Debug observer-helper.js:176] KeePassXC-Browser - Input fields from Shadow DOM found:
global.js:163 (2) [input.off-screen, input#filed_0.015021543278542326__slotted.pbc-input__element.pbc-input-text]
global.js:160 [Debug observer-helper.js:217] KeePassXC-Browser - Input fields found:
global.js:163 [input#filed_0.015021543278542326__slotted.pbc-input__element.pbc-input-text]
recaptcha__en.js:812 XHR finished loading: POST "https://www.google.com/recaptcha/api2/reload?k=6LeE-B8UAAAAADot-Vz7dAQ_5jXunhPg8qPzwMXa".
P.send @ recaptcha__en.js:812
(anonymous) @ recaptcha__en.js:176
(anonymous) @ recaptcha__en.js:407
P.JI @ recaptcha__en.js:826
(anonymous) @ recaptcha__en.js:231
X.pV @ recaptcha__en.js:820
X.tt @ recaptcha__en.js:819
P.send @ recaptcha__en.js:825
(anonymous) @ recaptcha__en.js:827
Promise.then
(anonymous) @ recaptcha__en.js:827
(anonymous) @ recaptcha__en.js:107
So @ recaptcha__en.js:611
zQ.V @ recaptcha__en.js:827
dO.test.cG @ recaptcha__en.js:808
Z1 @ recaptcha__en.js:598
zQ.send @ recaptcha__en.js:826
B @ recaptcha__en.js:465
(anonymous) @ recaptcha__en.js:465
YQ.X @ recaptcha__en.js:1130
R.V @ recaptcha__en.js:538
(anonymous) @ recaptcha__en.js:538
(anonymous) @ recaptcha__en.js:178
S.next @ recaptcha__en.js:401
p @ recaptcha__en.js:258
Promise.then
I @ recaptcha__en.js:258
(anonymous) @ recaptcha__en.js:259
(anonymous) @ recaptcha__en.js:258
(anonymous) @ recaptcha__en.js:534
(anonymous) @ recaptcha__en.js:538
(anonymous) @ recaptcha__en.js:547
WS @ recaptcha__en.js:749
H @ recaptcha__en.js:28
L @ recaptcha__en.js:517
global.js:160 [Debug observer-helper.js:176] KeePassXC-Browser - Input fields from Shadow DOM found:
global.js:163 (2) [input.off-screen, input#filed_0.015021543278542326__slotted.pbc-input__element.pbc-input-text]
global.js:160 [Debug observer-helper.js:217] KeePassXC-Browser - Input fields found:
global.js:163 [input#filed_0.015021543278542326__slotted.pbc-input__element.pbc-input-text]
global.js:160 [Debug keepassxc-browser.js:40] KeePassXC-Browser - Adding to Site Preferences denied from iframe.
global.js:160 [Debug keepassxc-browser.js:40] KeePassXC-Browser - Adding to Site Preferences denied from iframe.
global.js:160 [Debug observer-helper.js:176] KeePassXC-Browser - Input fields from Shadow DOM found:
global.js:163 (2) [input.off-screen, input#filed_0.015021543278542326__slotted.pbc-input__element.pbc-input-text]
global.js:160 [Debug observer-helper.js:217] KeePassXC-Browser - Input fields found:
global.js:163 [input#filed_0.015021543278542326__slotted.pbc-input__element.pbc-input-text]
global.js:160 [Debug keepassxc-browser.js:349] KeePassXC-Browser - Login field combinations identified:
global.js:163 [{…}]
global.js:160 [Debug keepassxc-browser.js:1106] KeePassXC-Browser - Error: Credential request ignored from another domain: www.google.com
global.js:160 [Debug keepassxc-browser.js:1106] KeePassXC-Browser - Error: Credential request ignored from another domain: www.google.com
recaptcha__en.js:812 XHR finished loading: POST "https://www.google.com/recaptcha/api2/userverify?k=6LeE-B8UAAAAADot-Vz7dAQ_5jXunhPg8qPzwMXa".
P.send @ recaptcha__en.js:812
(anonymous) @ recaptcha__en.js:176
(anonymous) @ recaptcha__en.js:407
P.JI @ recaptcha__en.js:826
(anonymous) @ recaptcha__en.js:231
X.pV @ recaptcha__en.js:820
X.tt @ recaptcha__en.js:819
P.send @ recaptcha__en.js:825
(anonymous) @ recaptcha__en.js:827
Promise.then
(anonymous) @ recaptcha__en.js:827
(anonymous) @ recaptcha__en.js:107
So @ recaptcha__en.js:611
zQ.V @ recaptcha__en.js:827
zQ.send @ recaptcha__en.js:827
(anonymous) @ recaptcha__en.js:234
P.wU @ recaptcha__en.js:1129
Promise.then
YQ.O @ recaptcha__en.js:1129
(anonymous) @ recaptcha__en.js:246
X.dispatchEvent @ recaptcha__en.js:751
(anonymous) @ recaptcha__en.js:500
QD.pU @ recaptcha__en.js:1083
YQ.l @ recaptcha__en.js:1128
R.V @ recaptcha__en.js:538
(anonymous) @ recaptcha__en.js:538
(anonymous) @ recaptcha__en.js:178
S.next @ recaptcha__en.js:401
p @ recaptcha__en.js:258
Promise.then
I @ recaptcha__en.js:258
(anonymous) @ recaptcha__en.js:259
(anonymous) @ recaptcha__en.js:258
(anonymous) @ recaptcha__en.js:534
(anonymous) @ recaptcha__en.js:538
(anonymous) @ recaptcha__en.js:547
WS @ recaptcha__en.js:749
H @ recaptcha__en.js:28
L @ recaptcha__en.js:517
shared.17157deebb8bf3b4e36c.js:55 Fetch finished loading: POST "https://www.payback.de/ajax/login/getauthenticationoptions/29336".
(anonymous) @ shared.17157deebb8bf3b4e36c.js:55
(anonymous) @ shared.17157deebb8bf3b4e36c.js:55
i @ shared.17157deebb8bf3b4e36c.js:55
executeFetch @ shared.17157deebb8bf3b4e36c.js:55
(anonymous) @ shared.17157deebb8bf3b4e36c.js:55
(anonymous) @ shared.17157deebb8bf3b4e36c.js:55
i @ shared.17157deebb8bf3b4e36c.js:55
executeGetResponse @ shared.17157deebb8bf3b4e36c.js:55
(anonymous) @ shared.17157deebb8bf3b4e36c.js:55
(anonymous) @ shared.17157deebb8bf3b4e36c.js:55
i @ shared.17157deebb8bf3b4e36c.js:55
executeGetJson @ shared.17157deebb8bf3b4e36c.js:55
(anonymous) @ login.js:222
(anonymous) @ login.js:222
n @ login.js:222
executeGetAuthenticationOptionsRequest @ login.js:222
(anonymous) @ login.js:222
(anonymous) @ login.js:222
n @ login.js:222
getAuthenticationOptions @ login.js:222
(anonymous) @ login.js:131
a @ login.js:84
Promise.then
c @ login.js:84
a @ login.js:84
Promise.then
c @ login.js:84
(anonymous) @ login.js:84
r @ login.js:84
handleFormSubmit @ login.js:131
handleEvent @ vendor.e5439f739a88235972de.js:2
onButtonClicked @ shared.17157deebb8bf3b4e36c.js:9
handleEvent @ vendor.e5439f739a88235972de.js:2
recaptcha__en.js:812 XHR finished loading: POST "https://www.google.com/recaptcha/api2/reload?k=6LeE-B8UAAAAADot-Vz7dAQ_5jXunhPg8qPzwMXa".
P.send @ recaptcha__en.js:812
(anonymous) @ recaptcha__en.js:176
(anonymous) @ recaptcha__en.js:407
P.JI @ recaptcha__en.js:826
(anonymous) @ recaptcha__en.js:231
X.pV @ recaptcha__en.js:820
X.tt @ recaptcha__en.js:819
P.send @ recaptcha__en.js:825
(anonymous) @ recaptcha__en.js:827
Promise.then
(anonymous) @ recaptcha__en.js:827
(anonymous) @ recaptcha__en.js:107
So @ recaptcha__en.js:611
zQ.V @ recaptcha__en.js:827
dO.test.cG @ recaptcha__en.js:808
Z1 @ recaptcha__en.js:598
zQ.send @ recaptcha__en.js:826
B @ recaptcha__en.js:465
(anonymous) @ recaptcha__en.js:465
YQ.X @ recaptcha__en.js:1130
R.V @ recaptcha__en.js:538
(anonymous) @ recaptcha__en.js:538
(anonymous) @ recaptcha__en.js:178
S.next @ recaptcha__en.js:401
p @ recaptcha__en.js:258
Promise.then
I @ recaptcha__en.js:258
(anonymous) @ recaptcha__en.js:259
(anonymous) @ recaptcha__en.js:258
(anonymous) @ recaptcha__en.js:534
(anonymous) @ recaptcha__en.js:538
(anonymous) @ recaptcha__en.js:547
WS @ recaptcha__en.js:749
H @ recaptcha__en.js:28
L @ recaptcha__en.js:517
global.js:160 [Debug fill.js:55] KeePassXC-Browser - Error: No username/password field combination found.
global.js:160 [Debug keepassxc-browser.js:1106] KeePassXC-Browser - Error: Credential request ignored from another domain: www.google.com
global.js:160 [Debug keepassxc-browser.js:1106] KeePassXC-Browser - Error: Credential request ignored from another domain: www.google.com
global.js:160 [Debug keepassxc-browser.js:1106] KeePassXC-Browser - Error: Credential request ignored from another domain: www.google.com
global.js:160 [Debug keepassxc-browser.js:1106] KeePassXC-Browser - Error: Credential request ignored from another domain: www.google.com
global.js:160 [Debug fill.js:30] KeePassXC-Browser - Error: Credential list is empty for: https://www.google.com
global.js:160 [Debug keepassxc-browser.js:1106] KeePassXC-Browser - Error: Credential request ignored from another domain: www.google.com
global.js:160 [Debug fill.js:30] KeePassXC-Browser - Error: Credential list is empty for: https://www.google.com
global.js:160 [Debug keepassxc-browser.js:1106] KeePassXC-Browser - Error: Credential request ignored from another domain: www.google.com
global.js:160 [Debug fill.js:30] KeePassXC-Browser - Error: Credential list is empty for: https://www.google.com
global.js:160 [Debug ui.js:351] KeePassXC-Browser - No logins found. https://www.google.com
global.js:160 [Debug ui.js:351] KeePassXC-Browser - No logins found. https://www.google.com
global.js:160 [Debug ui.js:351] KeePassXC-Browser - No logins found. https://www.google.com
global.js:160 [Debug fill.js:55] KeePassXC-Browser - Error: No username/password field combination found.
global.js:160 [Debug keepassxc-browser.js:1106] KeePassXC-Browser - Error: Credential request ignored from another domain: www.google.com
global.js:160 [Debug keepassxc-browser.js:1106] KeePassXC-Browser - Error: Credential request ignored from another domain: www.google.com
global.js:160 [Debug keepassxc-browser.js:1106] KeePassXC-Browser - Error: Credential request ignored from another domain: www.google.com
global.js:160 [Debug keepassxc-browser.js:1106] KeePassXC-Browser - Error: Credential request ignored from another domain: www.google.com
global.js:160 [Debug fill.js:30] KeePassXC-Browser - Error: Credential list is empty for: https://www.google.com
global.js:160 [Debug keepassxc-browser.js:1106] KeePassXC-Browser - Error: Credential request ignored from another domain: www.google.com
global.js:160 [Debug fill.js:30] KeePassXC-Browser - Error: Credential list is empty for: https://www.google.com
global.js:160 [Debug keepassxc-browser.js:1106] KeePassXC-Browser - Error: Credential request ignored from another domain: www.google.com
global.js:160 [Debug fill.js:30] KeePassXC-Browser - Error: Credential list is empty for: https://www.google.com
global.js:160 [Debug ui.js:351] KeePassXC-Browser - No logins found. https://www.google.com
global.js:160 [Debug ui.js:351] KeePassXC-Browser - No logins found. https://www.google.com
global.js:160

Funnily when I manually edit the DOM and remove all references to https://www.google.com AND use the right click context menu within the password field it still doesn't detect that field and logs:

[Debug fill.js:55] KeePassXC-Browser - Error: No username/password field combination found.
@varjolintu
Copy link
Member

varjolintu commented Feb 1, 2025
edited
Loading

Try the following:

  • Use https://payback.de as entry URL
  • Add https://www.payback.de/* to Site Preferences and enable Username-only Detection and Improved Input Field Detection for it

@agowa
Copy link
Author

agowa commented Feb 2, 2025

Username field works
Password doesn't:

  • not auto filled
  • KeePassXC icon within the input field still disappears when clicked
  • Right-click context menu doesn't request google.com credentials but also doesn't fill in the password
  • custom field selector still broken and not detecting any input fields

@varjolintu
Copy link
Member

varjolintu commented Feb 2, 2025
edited
Loading

Seems I'll have to create a temporary account to test this one, which is impossible because it requires a card number.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
non-working site
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@agowa @varjolintu