Username filling wrong value when passkey existed #10840
Description
Overview
Take NVIDIA and Facebook for example.
When creating an account with email, the email is treated as login username.
Therefore, when user is logging in their account, they are required to provide the email and password.
When user enable passkey, they are still required to give their email and password and passkey is used as multi-factor security.
Expected Behavior
Username is filled into login form when passkey is enabled for the selected entry.
Actual Behavior
The KPEX_PASSKEY_USERNAME attribute is filled into login form when passkey is enabled for the selected entry.
Update: When I capturing the screenshot, I found that as long as there is an attribute called KPEX_PASSKEY_USERNAME, the username will be overwritten.
Possible Solution
I'm not sure where to fix this.
Maybe here
keepassxc/src/browser/BrowserService.cpp
Lines 1148 to 1161 in 5de669e
?
Steps to Reproduce
- Create an account on NVIDIA, Facebook, or any other service which login username is different from passkey user name. (Update: Can be simplified as creating any account.)
- Create an entry in KeepassXC.
- Setup passkey with KeePassXC-Browser. (Update: Can be simplified as creating
KPEX_PASSKEY_USERNAMEattribute.) - Logout and login again.
- Now KeePassXC-Browser auto fills
KPEX_PASSKEY_USERNAMEinstead of username.
Debug info
KeePassXC - 2.7.8
KeePassXC-Browser - 1.9.0.5
Operating system: Win
Browser: Firefox