Keepassxc: Trailing slash in URL returns incorrect logins
"Return only best-matching credentials" is enabled. If it's disabled it shows all logins.
Expected Behavior
When logging in on https://service1.example.com or https://service1.example.com/index.php it should show the following logins:
https://service1.example.com/(user 1)https://service1.example.com(user 2)
Current Behavior
When logging in on https://service1.example.com or https://service1.example.com/index.php it shows only:
https://service1.example.com/(user 1)
Changing https://service1.example.com/ (user1) to https://service1.example.com (without slash) fixes it and now both are displayed.
https://service1.example.com/(user 1)https://service1.example.com(user 2)
Possible Solution
Trim (or add) the trailing slash when checking for matching logins.
Steps to Reproduce
- Add a login for
https://service1.example.com/ - Add a login for
https://service1.example.com - Surf to
service1.example.com
Context
It strange that only a single result (the one with /) is shown because browsers like to hide trailing slashes so it confuses users.
Debug Info
KeePassXC - Version 2.5.1
Revision: 0fd8836
Qt 5.12.5
Debugging mode is disabled.
Operating system: Fedora 31 (Thirty One)
CPU architecture: x86_64
Kernel: linux 5.3.16-300.fc31.x86_64
Enabled extensions:
- Auto-Type
- Browser Integration
- SSH Agent
- KeeShare (signed and unsigned sharing)
- YubiKey
- Secret Service Integration
Cryptographic libraries:
libgcrypt 1.8.5
principis
All 11 comments
Technically we are doing it correctly even if it doesn't make sense. I do agree that the simple matter of a trailing slash shouldn't throw off the "only return best" setting.
droidmonkey
on 6 Jan 2020
I just realized you are still on 2.5.1. Update to 2.5.2, this may be fixed already.
droidmonkey
on 6 Jan 2020
@droidmonkey I should've checked for a new version... :/
I just installed the fedora testing version and it seems to be fixed. Sorry for the inconvenience.
principis
on 7 Jan 2020
Ok I thought there was still a trailing slash on my login but apparently I removed it yesterday... The behavior is still the same.
As you said, the behavior is technically correct, but I think it's confusing because users won't know when there is a trailing slash or not, because https://example.com technically does have a trailing slash even though it's 'invisible'...
principis
on 7 Jan 2020
@principis Do you have a site where I can test this behaviour? I tried https://build.opensuse.org and https://login.newrelic.com/login but couldn't reproduce this.
varjolintu
on 7 Jan 2020
@varjolintu I created a test subdomain. It may take some time before you are able to access it because of dns.
I noticed it works in subdirectories, you can test here:
http://logintest.principis.be and http://logintest.principis.be/login
principis
on 7 Jan 2020
I made two entries for that site, one with url http://logintest.principis.be/ and second one with URL http://logintest.principis.be. I still get both entries from both pages.
So I still cannot reproduce this.
varjolintu
on 7 Jan 2020
@varjolintu Is best matching credentials enabled?
droidmonkey
on 7 Jan 2020
varjolintu
on 7 Jan 2020
I made the fix. In situations where there's no path or fragment (which means it's just the domain + possible subdomains), an empty path is added to the URL so it will get the same sorting priority as the one with the / added.
varjolintu
on 8 Jan 2020
Thanks! :)
principis
on 8 Jan 2020
Related issues
bleepnetworks
路
3Comments
2tbwXj46BDbdNBRV79DS
路
3Comments
shaneknysh
路
3Comments
813gan
路
3Comments
TheZ3ro
路
3Comments