Keepassxc: Auto-Type: Caps lock warning in BuildingLink Login UI

Created on 15 Jul 2017  Â·  6Comments  Â·  Source: keepassxreboot/keepassxc


Unable to use Auto-Type on websites with caps lock warning.

BuildingLink, a NY-based landlord-tenant portal provider, contains JS that actively prevents typing of password when caps lock is on. This, in conjunction with Auto-Type behavior, prevents Auto-Type from working on BuildingLink websites.

Possibly related to #715 or #463.

Expected Behavior



Auto-Type should not trigger caps lock warning.

Current Behavior



Auto-Type triggers caps lock warning.

Possible Solution



Maybe do not use caps lock to insert password.

Steps to Reproduce (for bugs)


  1. Go to https://www.buildinglink.com/v2/global/login/login.aspx (or any of their white-label websites, simply Google "Powered by BuildingLink")
  2. Use Auto-Type to insert random username and password (probably need to contain capital letter)
  3. Observe that website would show dialog warning you about caps lock
  4. Log in would fail (likely due to interruption in Auto-Type)

Context


Debug Info


KeePassXC - Version 2.2.0
Revision: caa49a8ef3ee28ed478192389b21d61107b3b8e0

Libraries:

  • Qt 5.9.0
  • libgcrypt 1.7.7

Operating system: Windows 10 (10.0)
CPU architecture: x86_64
Kernel: winnt 10.0.15063

Enabled extensions:

  • KeePassHTTP
  • Auto-Type
  • YubiKey
picture leonyu

Most helpful comment

Leon and Zero - thanks for bringing this up. We are modifying this behavior so that using Caps Lock no longer triggers a blocking alert, and the change will be live in the next couple of weeks. Appreciate your input on this.

Zach Kestenbaum
BuildingLink

picture zkestenbaum on 17 Jul 2017
👍5

All 6 comments

Honestly, I personally think that it's BuildingLink fault here. Their website behavior is just wrong.
Why should you prevent users from entering password with caps lock? Also with an alert() that stop the users input.

Auto-type use key modifier for uppercase letter. Probably on Windows it's the same modifier as CapsLock and BuildingLink website show the warning.

Possbile solution:

  • (bad) Remove uppercase character from your password
  • If you are using Firefox, select the option to hide further message/alert from the website (hoping it won't send any other useful alert)
  • Use PassIFox or ChromeIPass with KeePassHTTP and stop using autotype
TheZ3ro picture TheZ3ro on 15 Jul 2017

Leon and Zero - thanks for bringing this up. We are modifying this behavior so that using Caps Lock no longer triggers a blocking alert, and the change will be live in the next couple of weeks. Appreciate your input on this.

Zach Kestenbaum
BuildingLink

zkestenbaum picture zkestenbaum on 17 Jul 2017
👍5

Thank you for being so nice @zkestenbaum :+1:

Closing this issue

TheZ3ro picture TheZ3ro on 17 Jul 2017

Quick update - this change is now live on our login pages.

zkestenbaum picture zkestenbaum on 6 Sep 2017

@zkestenbaum seems to work perfectly. Many thanks :+1:

TheZ3ro picture TheZ3ro on 6 Sep 2017

:+1:

leonyu picture leonyu on 6 Sep 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

2tbwXj46BDbdNBRV79DS picture 2tbwXj46BDbdNBRV79DS  Â·  3Comments
813gan picture 813gan  Â·  3Comments
nfnty picture nfnty  Â·  3Comments
shyim picture shyim  Â·  3Comments
guihkx picture guihkx  Â·  3Comments