1Password does not enter login info into my userid/password form

BillSabatine
BillSabatine
Community Member
edited March 2015 in 1Password 4 for Windows

I have a HTML/javascript as below. It is not called from an HTTP server, but on the client, via file://c:/login.html?app=myapp
The script below brings up a userid/password script that works when I enter information into controls by hand. But 1password doesn't do this automatically. Is there some special form type or parameters on the form that I need? Or is it that 1password doesn't work if not called via HTTP? Any suggestions what I might be doing wrong here?

<HTML>

<form name="loginform" onSubmit="return getparams();" action="javascript:runapp();" method="post">
<BR>Welcome to the Application Login Web Page<BR><BR>
    <label>Username</label>
    <input type="text" name="usr" placeholder="username"> 
<BR><BR>
    <label>Password</label>
    <input type="password" name="pword" placeholder="password">
<BR><BR>
    <input type="submit" value="Login"/>
</form>

<script>
var param;

function runapp()
{
    window.open("WebRun:Param=" + param, "_self");
    return;
}

function getparams()
{
    param = getUrlVars()["app"] + "__" + document.loginform.usr.value + "__" + document.loginform.pword.value;
    return;
}

function getUrlVars()
{
    var vars = {};
    var parts = window.location.href.replace(/[?&]+([^=&]+)=([^&]*)/gi, function(m,key,value) {
        vars[key] = value;
    });

    return vars;
}


</script>
</head>
<body OnLoad="document.loginform.usr.focus();">

</html>

Comments

  • MikeT
    edited March 2015

    Hi @BillSabatine,

    The browser extension does need a website URL to get the item from 1Password before it can fill it in.

    What you can do is use Auto-Type to fill in your data from the application to the web site: https://guides.agilebits.com/1password-windows/4/en/topic/using-auto-type

    First, create the manual Login in the main 1Password application and give it the URL of the file:// to save with, so you can open it in the future. Once you save it, open the local site, make sure the username field is focused, and then switch to 1Password to press the big Auto-Type button on the toolbar to fill in the selected Login item onto the site.

    PS: It doesn't look like your HTML code is valid, there are some issues with it.

  • BillSabatine
    BillSabatine
    Community Member

    yes, I do understand auto-type.. I don't understand your comment about website URL.. are you saying that a "file://.." type HTML call won't work? Or are you saying that it will work and there is something incorrectly specified in my HTML/Javascript code that is causing the problem 1Password? If the latter, can you elaborate as to the problem with the code? Thank you kindly

  • MikeT
    edited March 2015

    Hi @BillSabatine,

    I don't understand your comment about website URL.. are you saying that a "file://.." type HTML call won't work?

    The extension works with the addresses starting with http or https, when you click on the 1Password icon or press Control + \, it needs to pass a valid address to the 1Password Helper to help with the filling. It doesn't currently work with "file://" and we might not adopt support for this in the future because it could be a security risk. It's the same reason we stop the initial filling on insecure http:// pages with Logins that was saved with the secure https:// addresses.

    That's why I mentioned Auto-type, it doesn't care what address or what app it is, it'll just use your clipboard/keyboard to type it in.

    As for the HTML code, it's missing the initial <head> element, some of the elements are upper-cased where it doesn't match to the later lower-cased names, and so on. I shouldn't mentioned it in the first paragraph, I've edited my post to move it down to the bottom.

  • RichardPayne
    RichardPayne
    Community Member

    The extension works with the addresses starting with http or https, when you click on the 1Password icon or press Control + \, it needs to pass a valid address to the 1Password Helper to help with the filling. It doesn't currently work with "file://" and we might not adopt support for this in the future because it could be a security risk. It's the same reason we stop the initial filling on insecure http:// pages with Logins that was saved with the secure https:// addresses.

    That's why I mentioned Auto-type, it doesn't care what address or what app it is, it'll just use your clipboard/keyboard to type it in.

    So why block file:// uris if you're going to offer auto-type as a way to circumvent the security risk? Why just handle them like http addresses and present the user with a warning?

  • BillSabatine
    BillSabatine
    Community Member

    diddo. Or have the option to do that within the 1password environment and place the warning there. Seems that you're limiting functionality for situations where this feature would be helpful and not cause a security issue. IMHO.

  • The question is also about the level of complexity you add to an app to help a small number of users.
    I agree that this feature can be very useful, but you might increase the complexity for regular users beyond what they can handle in everyday situations.

    Doing so can lead to "Meh, just get this warning out of my way." reactions, which in these cases is less than desirable.
    With http and https, users at least understand the implications at this point.

    And then there's the browsers; these often have restrictions for what extension can do for local files.

    I hope this helps. And as Mike said, it's not a no from us :)

This discussion has been closed.