Skip to content

fix enableOTP handling to match docs: prioritize store, then extension config #308

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 22, 2022
Merged

fix enableOTP handling to match docs: prioritize store, then extension config #308

merged 2 commits into from
Nov 22, 2022

Conversation

@uninsane
Copy link
Contributor

@uninsane uninsane commented Nov 6, 2022

the README.md says:

Browserpass allows configuring certain settings in different places places using the following priority, highest first:

  1. Options defined in specific *.gpg files, only apply to these password entries:
    • autoSubmit
  2. Options defined in .browserpass.json file located in the root of a password store:
    • autoSubmit
    • enableOTP
      ...
  3. Options defined in browser extension options:
    • Automatically submit forms after filling (aka autoSubmit)
    • Enable support for OTP tokens (aka enableOTP)

this makes it sound like one should be able to set enableOTP = true inside a store's config and leave it unset at the extension level, which sounds intuitive. but when i try that on master i'm not shown any token. unless i've missed something, the code only attempts to read this from the extension-level settings. this PR fixes that to match the behavior of the readme.

tested manually:

  • check OTP box in browser config, omit the field in .browserpass.json -> shows token
  • check OTP box in browser config, "enableOTP": false in store -> no token
  • leave OTP box unchecked in browser config, set "enableOTP": true in the store level -> shows token
  • leave OTP box unchecked in browser config, omit enableOTP from the store config, set enableOTP: true in a secret -> no token

i'm a novice JS dev, so if i'm breaking idioms with my approach here don't hold back in setting me straight 😉

@uninsane
move getSetting from background.js -> helpers.js
e342264 
it will have use in `detailsInterface.js`, not just `background.js`
(next patch).
max-baz
max-baz requested changes Nov 6, 2022
View reviewed changes
Copy link
Member

@max-baz max-baz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for catching an inconsistency! 👍 You are on a right track, and I think the code change can be even slightly simpler, please see the comment below.

@uninsane
Copy link
Contributor Author

uninsane commented Nov 7, 2022

fixed, thanks for linking to the code path! tested just with and without enableOTP in the store settings this time, assuming if that works it should all work.

max-baz
max-baz approved these changes Nov 7, 2022
View reviewed changes
Copy link
Member

@max-baz max-baz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I'll let @erayd have a look as well, but looks good to me

@uninsane
Copy link
Contributor Author

uninsane commented Nov 21, 2022

@maximbaz any movement on this? i'd like to move onto other browserpass work before life gets busy, but i'm not the type to maintain a dev branch that diverges from upstream in more than one direction at a time.

@max-baz
Copy link
Member

max-baz commented Nov 21, 2022

Sorry for the delay and that it blocks the further development, @erayd what do you think about this, would you have time to have a look here?

erayd
erayd approved these changes Nov 22, 2022
View reviewed changes
Copy link
Collaborator

@erayd erayd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks - much appreciated 👍

@erayd
Copy link
Collaborator

erayd commented Nov 22, 2022

@maximbaz I missed this one sorry - I've taken a look, and I'm happy for it to be merged from a code standpoint. I haven't actually tested it - but if you are happy with the behavior, then feel free to merge 🙂.

@max-baz
Copy link
Member

max-baz commented Nov 22, 2022

With a reservation of me not being the typical user of OTP functionality in Browserpass, I think the behavior did make sense to me, and I'm happy that we fixed an inconsistency and gained the more intuitive behavior 🙂 Let's merge, and if you spot a regression later, we can always revisit 👍

@max-baz max-baz merged commit 21f3431 into browserpass:master Nov 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@erayd erayd erayd approved these changes

@max-baz max-baz max-baz approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@uninsane @max-baz @erayd