The intent of this feature is to prompt the user of imported password entries that overlap with current passwords.
The goal is to compare imported password files against current password entries, and prompt the user when there are import passwords that have the same domain and username as existing passwords.
The plan of attack is to add to or supplement the current import API to load existing passwords as an object, load import passwords as an object, compare the two objects, and prepare a new object containing duplicates. This duplicate object can then be rendered in the UI to let a user view the duplicates. User will then decide and command which of the current vs imported passwords to keep, or to keep both.
This topic is for discussion of this feature, refining of the things to add, and the plan of attack.
I am a noob to C#, but Iāve worked with python, bash, and html/css/javascript enough to be open to trying. My goal is to treat this as a project for learning, which unfortunately means it might take longer than someone well versed in C# and the bitwarden application. I like bitwarden, so I see this as a way of giving back. If it is inappropriate to work on this feature for these reasons, please let me know.
@SnailsToGo, this looks promising so I would say go for it. As far as anything to add, you may want to start with simple wire-frames and a flow, from the front-backwards as far as design. This would have to be completely done client-side as you canāt compare encrypted blobs against each other on the server-side of things, so there would be zero C# to write, only TypeScript (Angular), HTML and SCSS (weāre using Bootstrap). There would be impacts/changes to jslib and web for this, but everything else server-side should flow through normally for the import itselfā¦ I would see this as an intermediary step to saving the imported items. Once you have some wire-frames as a lightweight PoC Iām sure youāll be able to get more community feedback.
How to I log into the web app in a development environment? Iām having a hard time making an account, so if there is a test or admin account for development can someone share that that is?
So you do need to register a new account. It would depend on the error/issue youāre having attempting to register that new account. If youāre developing completely local (everything points to your local API, Identity service, etc.) there are plenty of things that can go wrong, however if youāre running against our production cloud services it gets much easier, but in order to do that you must change some code locally (but not commit it):
src/app/services/services.module.ts Line 152 to 158, you simply comment out the localhost URLs and uncomment the production URLs; thereāre some comments in there that also explain this. Hopefully that helps. You can use your own existing cloud account at that point, OR (my suggestion) create a new free account to play around with so you donāt hose your own passwords, which would suck.
Last thing on this (for now I hope): Iām having a CORS policy issue.
Console.log:Access to fetch at āhttps://api.bitwarden.com/accounts/preloginā from origin āhttps://localhost:8080ā has been blocked by CORS policy: Request header field device-type is not allowed by Access-Control-Allow-Headers in preflight response.
So, to be honest Iāve not actually tried using the web vault locally against prod, but the CORS issues make senseā¦ hmm , what you could try to reduce complexity with manipulating the CORS headers, etc. is to simply add the following to your hosts file and debugging that wayā¦ youāll get a certificate error in the browser which Iām hoping can just be circumvented/ignored (depending on the browser):
# Comment out the line below after done debugging
127.0.0.1 api.bitwarden.com identity.bitwarden.com
Last idea: is there a place where I can set the login request mode to āno-corsā? If not, it seems like self hosting for development is the best approach.
For self hosting, is it necessary that I request self hosting? When I try to run the containers with bitwarden.ps1, it calls a docker compose file that doesnāt exist on my machine. Is the docker compose file only given to users after they request to self host?
Iām trying to start the server from the repo for now, and Iām unsure if I should ādeployā or just āBuild/Runā.
I did start the api/identity (and events) as per the repo, and I changed my services.modules.ts to have urls for the localhost paths included by default. The following urls that are given to check if the services are running cannot connect for me right now: http://localhost:5000/alive http://localhost:33657/.well-known/openid-configuration
Is there something Iām missing? Also should I be seeing docker containers running from the dotnet run commands? I see no containers running with docker ps.
I found an issue and followed what was reported. The change of what I was running npm run build:watch
To npm run build:prod:watch
And change of the cors changer to this one from the one I first used. Fixed it. I can now use the production API for my local front end. Any issues with using this CORS changer? I believe it changes the response header to include Access-Control-Allow-Origin: *
For now, this seems to get the job done. If CORS changing is not appropriate, please let me know.
That should be fine for local development @SnailsToGo; Iām glad you got something working there. As far as dotnet run that will run the API/Identity locally in that console process using the Kestrel web server, so thereās no docker container. The port number for that service should be shown in the console itself which may need adjustment in the web vault if itās listening on a different port.
How do I get permissions to push a branch to the repo? Iād like to push some README fixes, since I found scss needs node version v8.11-v13.9.0 (no higher), and Iād like to add instructions for running the vault against production. I already signed the CLA assistant agreement listed in CONTRIBUTING, is there anything else I need to do?
The process would be to fork our repo, create your branch, and then open a PR back into our repoās master branch. You wonāt have permissions to branch directly in the Bitwarden repos so youāll have to fork your own copy of it to contribute. Looking forward to seeing the changes/updates!
I am struggling to understand and plan how to work on this contribution given the time I have available. I naively miscalculated how much I could do without spending significant time formally learning Angular and understanding the application as a whole. Unless I can work alongside someone more experienced, Iām not seeing how I can finish this contribution by Q2 2021. Does/can someone else take this up? I appreciate all the help youāve given, and I thank you for letting a noob take a crack at this.
Hi SnailsToGo, no worries, sometimes there can be a bit of a barrier to entry on a complex application such as this. We still have this in our product backlog, but simply not prioritized at the moment. The team and I are always here to try to help answer questions on code or direction when we can, as well as the community at large if or when they come up, but we still have somewhat limited capacity. Hopefully someone else in the community is willing to take this up.
@cscharf Is there a way to create a āGithub Contributions Looking for Developersā? Or something along those lines to help people identify where a feature has been detailed out and seems like a good idea but for whatever reason the original person that created it can no longer continue on the work.
I believe that there are developers out there that may wish to contribute but not have any idea where they could lend a hand.
Thatās a great idea, @tgreer would be more familiar with this platform and how we might be able to accomplish something like that. Trey, any thoughts here?
, what you could try to reduce complexity with manipulating the CORS headers, etc. is to simply add the following to your hosts file and debugging that wayā¦ youāll get a certificate error in the browser which Iām hoping can just be circumvented/ignored (depending on the browser):