Skip to content
This repository has been archived by the owner on Oct 15, 2024. It is now read-only.

Improve and refactor Autofill heuristics #905

Merged
merged 2 commits into from
Jul 1, 2020
Merged

Improve and refactor Autofill heuristics #905

merged 2 commits into from
Jul 1, 2020

Conversation

fmeum
Copy link
Member

@fmeum fmeum commented Jul 1, 2020
edited
Loading

📢 Type of change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates

📜 Description

  • Add support for AUTOFILL_HINT_NEW_PASSWORD and
    AUTOFILL_HINT_NEW_USERNAME. This allows apps to trigger a
    ClassifiedScenario with only a generate password action and is the
    analogue of the W3C new-password hint for websites.
  • Do not consider HTML password fields without hints to be certain
    password fields (they could contain e.g. bank account numbers,
    API secrets,...).
  • Reduce OTP field false positives by excluding the term "postal" as well
    as fields that match the "code" heuristic term but have HTML maxLength
    less than 6 or larger than 8.
  • Add German heuristic term "einmal" ("one-time") for OTP fields
  • Also exclude fields based on their HTML name (e.g. for terms such as
    "search").
  • Extract fieldId, hint and htmlName matches into an extension property.
  • Reduce warnings and remove unnecessary suppression annotations.

💡 Motivation and Context

💚 How did you test it?

Only lightly, but these kind of changes can only really be tested by snapshot users.

📝 Checklist

  • I formatted the code with the IDE's reformat action (Ctrl + Shift + L/Cmd + Shift + L)
  • I reviewed submitted code
  • I added a CHANGELOG entry if applicable

🔮 Next steps

📸 Screenshots / GIFs

@fmeum
Improve and refactor Autofill heuristics
5b6707a 
* Add support for `AUTOFILL_HINT_NEW_PASSWORD` and
  `AUTOFILL_HINT_NEW_USERNAME`. This allows apps to trigger a
  `ClassifiedScenario` with only a generate password action and is the
  analogue of the W3C new-password hint for websites.
* Do not consider HTML password fields without hints to be certain
  password fields (they could contain e.g. bank account numbers,
  API secrets,...).
* Reduce OTP field false positives by excluding the term "postal" as well
  as fields that match the "code" heuristic term but have HTML maxLength
  less than 6 or larger than 8.
* Add German heuristic term "einmal" ("one-time") for OTP fields
* Also exclude fields based on their HTML name (e.g. for terms such as
  "search").
* Extract fieldId, hint and htmlName matches into an extension property.
* Reduce warnings and remove unnecessary suppression annotations.
@fmeum fmeum added this to the 1.10.0 milestone Jul 1, 2020
msfjarvis
msfjarvis approved these changes Jul 1, 2020
View reviewed changes
Copy link
Member

@msfjarvis msfjarvis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look sane to me, I'm able to fill into my usual sites.

@fmeum fmeum merged commit eaaa3ee into develop Jul 1, 2020
@fmeum fmeum deleted the enhancement/autofill_improvements_otp_hints branch July 1, 2020 07:22
msfjarvis added a commit that referenced this pull request Jul 1, 2020
@msfjarvis
Merge branch 'develop' into feature/autofill_sms_otp
8bcc2da 
* develop:
  Scroll to files and enter folders when created (#909)
  Run a treewide reformat (#908)
  Improve how secrets and stored and used (#907)
  Improve and refactor Autofill heuristics (#905)
  Use PreferenceKeys file to manage SharedPreferences keys. (#891)
  Bump version
  Prepare release 1.9.2
  update changelog
  Workaround to prevent crash on first run (#898)
  build: bump version
  Prepare release 1.9.1
  Backport Actions fixes (#894)
  Remove API 30 from pull request test matrix (#879)
  CHANGELOG: reword to better clarify fixes
  Prevent cached passwords from being wiped (#884)
  Use remembered credential even if it is empty (#880)
  Reset SSH passphrase after SSH key import (#885)
  Add relnotes for #871 (#872)
  Add org.gnu.icecat as a trusted multi-origin browser (#871)
msfjarvis added a commit to fmeum/Android-Password-Store that referenced this pull request Jul 1, 2020
@msfjarvis
Merge branch 'develop' into fhenneke_multiple_ssh
41f92b1 
* develop: (62 commits)
  Scroll to files and enter folders when created (android-password-store#909)
  Run a treewide reformat (android-password-store#908)
  Improve how secrets and stored and used (android-password-store#907)
  Improve and refactor Autofill heuristics (android-password-store#905)
  Use PreferenceKeys file to manage SharedPreferences keys. (android-password-store#891)
  Revert "Support directly importing secrets" (android-password-store#904)
  Allow importing TOTP configuration through QR codes (android-password-store#903)
  Bump version
  Prepare release 1.9.2
  update changelog
  Workaround to prevent crash on first run (android-password-store#898)
  Workaround to prevent crash on first run (android-password-store#898)
  Offer TOTP Autofill for OTP fields (android-password-store#899)
  Merge SshKeyGenFragment into its activity (android-password-store#897)
  Reintroduce TOTP support (android-password-store#890)
  Sync with release branch (android-password-store#896)
  build: bump version
  Prepare release 1.9.1
  Backport Actions fixes (android-password-store#894)
  Rework GitHub Actions (android-password-store#893)
  ...
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@msfjarvis msfjarvis msfjarvis approved these changes

@Skrilltrax Skrilltrax Awaiting requested review from Skrilltrax

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.10.0
Development

Successfully merging this pull request may close these issues.
3 participants
@fmeum @msfjarvis @FabianHenneke