Pwdhash password manager entry does not work

fc1dfc29f3995425cc6e12918ae1fd4ffbd4512c

Discourse fails to recognize the password that my password manager addon (Pwdhash) enters and tells me that I should enter a password instead of accepting the password that’s in the field. Screenshot is from step 5 below on https://discourse.nixos.org/ and can be reproduced exactly the same way on https://try.discourse.org/.

always Reproducible.
Steps:

  1. Click on “Sign in”
  2. enter username
  3. use Password Manager to enter password
  4. Click on “Log In”
  5. Get message “Please enter your email or username, and password.”

Does this issue happen with any other password manager (1Password, lastpass, etc.)?

You should likely take this up with your password manager vendor, not us… we’re not aware of any issues with 1password or lastpass etc

1 Like

Actually lastpass was always a bit flaky, 1password works perfect though. It is related to the HTML structure on the page we have:

<form id="login-form" method="post">
        <div id="credentials" class="">
          <table>
            <tr>
              <td><label for="login-account-name">User</label></td>
              <td><input autofocus="" autocapitalize="off" autocorrect="off" type="text" placeholder="email or username" id="login-account-name" class="ember-text-field ember-view"></td>
            </tr>
            <tr>
              <td><label for="login-account-password">Password</label></td>
              <td><input type="password" placeholder="" maxlength="200" id="login-account-password" class="ember-text-field ember-view"></td>
              <td><a id="forgot-password-link" data-ember-action="" data-ember-action-1126="1126">I forgot my password</a></td>
            </tr>
            <tr>
              <td></td>
              <td><div class="caps-lock-warning hidden"><i class="fa fa-exclamation-triangle d-icon d-icon-exclamation-triangle"></i> Caps Lock is on</div></td>
              <td></td>
            </tr>
          </table>
        </div>
<div id="ember1129" class="hidden ember-view"><div id="second-factor">
  <h3>Two Factor Authentication</h3>
  <p>Please enter the authentication code from your app:</p>
            <div id="ember1134" class="ember-view"><input autofocus="" autocapitalize="off" autocorrect="off" type="tel" pattern="[0-9]{6}" placeholder="" maxlength="6" id="login-second-factor" class="second-factor-token-input ember-text-field ember-view">
</div>

<!----></div>
</div>      </form>

And then later outside of the <form>:

<div class="modal-footer">
      <button id="ember1150" class="btn btn-large btn-primary btn btn-icon-text ember-view">  <i class="fa fa-unlock d-icon d-icon-unlock"></i>

  <span class="d-button-label">Log In<!----></span>


</button>

        <button id="new-account-link" class="btn btn-large" data-ember-action="" data-ember-action-1151="1151">
          Create New Account
        </button>

<!---->
    <div id="ember1152" class="loading-container inline-spinner ember-view">  
</div>
  </div>

The general issue I saw on LastPass was that it refused to fill in the password, my guess is that somehow this password manager is getting mega confused about having a <FORM> with no submit button and is having trouble picking the right fields.

Should be reported with the PwdHash extension author at: GitHub - pwdhash/pwdhash-webextension: PwdHash webextension for firefox

There are open issues since 2017 and last commit was ages ago.

My strong recommendation is probably to switch to a more maintained password manager, it worries me that this thing does so much hooking pwdhash-webextension/stanford-pwdhash.js at master · pwdhash/pwdhash-webextension · GitHub

5 Likes

Well, the password ends up in the password field, that’s the job of the password manager and it works. If I inspect the password field the password inserted is correct.
Why does discourse ignore the field? Is there some flaky javascript?