Login URL has "onepasswdfill=[HEX]?onepasswdvault=[HEX]" added

The login URL for a site is "https://www.caisse-epargne.fr/particuliers#pauth" which will take me to a login window (asking for a userid). In fact it causes the activation and display of a

on the screen which displays(among other things) the field for the userid. After filling in the userid and clicking a SUBMIT button, another
is activated which allows me to enter the password.

If I use 1PW (doesn't matter if I'm using the Chrome extension, the mini menu, or the 1PW application) and select "Open and fill" for the URL. The URL is rewritten (and displayed in the Chrome address bar) as "https://www.caisse-epargne.fr/particuliers#pauth?onepasswdfill=[HEX]&onepasswdvault=[HEX]". The

is never activated and is not displayed.

It would be nice if 1PW would at least fill-in the userid field...

I'm using Chrome version 51.0.2704.63


1Password Version: 6.2.1
Extension Version: 4.5.6.90
OS Version: OS X 10.11.5
Sync Type: iCloud
Referrer: kb-search:onepasswdvault, kb:undefined, kb-search:onepasswdfill, kb:undefined, kb-search:onepasswdfill

Comments

  • I added html tags that got deleted.

    "...it causes the activation and display of a DIV on the screen..."
    "SUBMIT button, another DIV is activated which allows..."
    "... The DIV is never activated and is not displayed..."

  • PilarPilar

    Team Member

    Hi @velo78

    I've checked the webpage that you mention, and it's indeed a tricky one! However, there is a way to get 1Password to work on it, at least up to the point where the page will allow it. In order to get this page working you need to follow the next steps:

    1. Go to the first URL that you gave us and type in "identification client" name.
    2. Go to 1Password mini, click on the gear on the top right corner and click on "save new login".
    3. Save the login and go to the next screen.

    You won't be able to auto submit the secret code because it's not a window where you can type, but you can save it as part of your item so it will be easy for you to add it on the screen. To do this, once you've created the login click on Edit on the bottom right corner of the item. Under the URL you'll be able to see "label" and "new field". You can type something like "Security code" and "0000" (whatever the code is) respectively. If you want you can change the type to "password" so it will be concealed unless you want to reveal it. Click on save and 1Password should be working fine on this webpage!

    Please let us know how this works out for you! :chuffed:

  • Unfortunately, it doesn't work. What I did:

    1) I went to the site "https://www.caisse-epargne.fr/particuliers#pauth". I enter my identifier.
    2) I "save new login" from 1PW mini without clicking "Valider" (if I click "Valider", and I click the option to "save new login", nothing happens, no dialog for saving the login).
    3) If I try to login into the site via the login (click on "Open and fill"), I have the same behavior as describe above, i.e. the url has the "onepasswdfill" and "onepasswdvault" added to it.

  • Here is a screen shot of the login entry created after the creation of the login item (from above). The 'NNNNNN' is the "identification client".

  • PilarPilar

    Team Member
    edited May 2016

    @velo78 this is a quiet interesting situation, as it's working well on my side. Thank you for the screenshot, it looks the same as mine!

    I'd like to ask you to try one last thing before getting deeper into the guts of 1Password. Can you please edit the login that you just created and change the option from "Submit" to "Never submit"? You can find this almost at the bottom of your item, after "Show web form details". Please let me know how this turns out :chuffed:

  • Unfortunately, it doesn't change a thing. L'URL always has the onepasswdfill and onepasswdvault added.

  • PilarPilar

    Team Member

    @velo78,

    I'm sorry to hear that didn't help either! I'm going to move your post to "Saving and filling in browsers" so the right people are able to see it! I'll ask you to do the next thing so we can figure out what exactly is going on on this page.

    1. In 1Password main app go to Preferences.
    2. Click on advanced and then enable the option "Copy JSON".
    3. Go to the item of the webpage that is causing trouble and select it.
    4. Go to Item on the menu bar and press the alt key.
    5. While you're pressing alt click on "Copy Extension JSON".
    6. Paste that on an email and send it to [email protected].
      Please do not post it here in the forums, but please include a link to this thread in your email, along with your forum handle so that we can "connect the dots" when we your email.

    This will let us see what exactly is going on here and see how to fix it :chuffed:

  • Actually, looking at the page source. The INPUT field for the identifier doesn't have a NAME attribute (but does have an ID attribute) which is certainly why my identifier isn't be loaded into the field.

    I have a work around so when I want to go to the site, I click the name of the 1PW entry (I don't click on the URL and select "Open and fill"). The site opens correctly to the login page, I can then click on the the 1PW browser icon, point to the 1PW entry which then gives me access to the the fields that you had me add. I'll send the JSON next Monday. Thanks for your help.

  • jxpx777jxpx777 Code Wrangler

    Team Member

    @velo78 I just tested things out in Chrome 51, 1Password 4.5.6.90 browser extension, 1Password 6.3 for Mac running on OS X 10.11.5. I just manually saved a new login like Pilar suggested. I found that the open and fill worked properly for me to fill a fake identification client.

    The onepasswdfill and onepasswdvault parameters you see added to the URL are for the extension to recognize that an open and fill operation has been requested. So, it seems like the extension is somehow malfunctioning.

    Are you able to open and fill other sites? When you visit https://www.caisse-epargne.fr and then click on the 1Password button in the Chrome toolbar, do you see your Login listed for this site at the top of the list?

    --
    Jamie Phelps
    Code Wrangler @ AgileBits

  • Helle M. Phelps (IMF?), I tried the same thing on a different Mac with the same results. Other sites work fine. And yes, when I go to https://www.caisse-epargne.fr and click on the 1PW button, I see the Login listed at the top of the list. That's why my work around from an earlier message works, I can easily do a copy on the "identification client" name.

    Would it be possible that you send me a screen dump of the entry for caisse-epargne that you successfully made in Edit mode with the web fields showing?

    Thanks in advance.

  • Hi @velo78,

    I'll discuss this with Jamie as I can reproduce your results. It's odd as:

    1. It all works properly when I tried in Firefox.
    2. The '#' seems to be doing something. If I remove #pauth, open and fill won't work because it doesn't open the modal window that asks for your username but Chrome passes the URL to our extension and removes the 1Password parameters as it is meant to. With the # present the URL isn't passed and I don't know why that should be the case.

    Given I can reproduce though it should help Jamie figure out what it might be.

  • Super. Thanks for looking.

  • jxpx777jxpx777 Code Wrangler

    Team Member

    That explains things! I was testing with open and fill from 1Password mini (search in 1Password mini, locate the Login, and then press return) rather than clicking the open and fill button from the item's details. In Chrome, we tell Chrome what URLs we're interested in monitoring. Here's what we do:

    chrome.webRequest.onBeforeRequest.addListener(function beforeRequestHandler(requestInfo) {
        // Do magic open and fill stuff
    }, {urls: ["*://*/*onepasswdfill=*"], types: ["main_frame"]}, ["blocking"]);
    

    That urls portion of the last line tells Chrome that we want to monitor URLs that contain onepasswdfill parameters, so it seems that somehow Chrome isn't recognizing the URL with the #pauth fragment as needing processing by 1Password. We'll have to review this to see how we can handle this better. I just looked at the spec, and it seems there are two problems. First, 1Password itself is creating a URL that Chrome parses according to the spec which says that everything after the # is the fragment of the page. (This is why the page doesn't display the sign in dialog after you load the page because the fragment is no longer exactly pauth.) But, if I change this so that the fragment comes after the query string, the extension does not properly restore the fragment of the URL so the #pauth portion is lost and that prevents it showing the sign in dialog. So, it looks like we have a little bit of work to do to properly support the spec for URLs.

This discussion has been closed.