Hey,
I already spent hours on this:
When logging in in bitcoin.de wir 2FA, I get a first page
https://www.bitcoin.de/de/login
with username and password, kee for Firefox is perfectly filling in. Then I come to a second page
https://www.bitcoin.de/de/login_with_otp
asking for a OTP, and here Kee doesn’t find the KeePass entry at all any more. I can search for it in the Kee-Searchbar, and when found it appears as “Match from other pages” (self translated from german: “Passendes von anderen Seiten”). There I can pick the field and copy the value, but I want Kee to autofill it.
I already added the URL of the second login page, and set match accuracy inside the Kee Tab in KeePass to “domain” too, but it didn’t help.
And I set the ID of the form field to the approbiate value and tried to set the “page” value of the form field to different values (0, 1, 2). Nothing there helps. No wonder, since Kee doesn’t even recognize the URL of the second Login page.
Any suggestions how to make Kee fill out the second login page?
Only a member of that website can reach that 2nd page so I can’t investigate very far I’m afraid.
Ignore the page value - it’s not currently used.
Kee may be able to match the entry based upon its address but if there is no sign-in form on the page, we’ll never even try to look for a matching entry.
It looks to me like the username and password are already requested and filled on the 1st page so maybe there is no sign-in form on this 2nd page. If it’s just a plain text box to accept a OTP from a text message or authenticator app, there’s no way Kee would be able to differentiate that from any other arbitrary form field on any web page (e.g. a search box).
Thank You for looking into it.
Yes, the username and password are filled by Kee into first login page.
The form on the second page looks like this:
<form action="/de/login_with_otp" method="post" name="login_otp" id="login_otp">
<input type="hidden" name="login_otp[redirect_url]" id="login_otp_redirect_url"><input type="hidden"
name="login_otp[_csrf_token]" value="46d34cf44729d92120f202c4e5ab15ad" id="login_otp__csrf_token">
<h2 class="mb-4">
<span style="font-size: 2rem">
<span class="fa-stack fa-stack-sm " title=""><i
class="fal fa-circle fa-stack-2x bc-color-orange-dark"></i><i
class="fal fa-pencil-alt fa-stack-1x bc-color-orange-dark"></i></span> </span>
Vollzugriff mit 2-Faktor-Authentifizierung
</h2>
<div class="form-group row">
<label class="col-form-label col-md-3" for="login_otp_otp">Einmal-Passwort (OTP) *</label>
<div class="col-md-9">
<input auth_type="google_otp" autocomplete="off" type="text" name="login_otp[otp]" class="form-control"
id="login_otp_otp">
</div>
</div>
<div class="form-group text-right">
<input class="btn bc-btn_blue btn-lg" type="submit" name="signin_button" value="Anmelden mit Vollzugriff"
id="signin_button">
</div>
</form>
How does Kee decide, whether something is a sign-in form or a “something else” form?
I already entered the field id “login_otp_otp” into the Kee section of this entry in Keepass:
But if You say, Kee doesn’t even look for a matching entry, if it doesn’t recognize a sign-in-form, what sense make these setting I did anyway? I’d thought, I can make Kee fill out any form field, if I configure it there. What filter before says, it’s a sign-in-page or not?
On the other hand: I often find Kee fill out arbitrary non-sign-in-forms. So, this (to me) mysterious filter is in both directions wrong. Is it configurable?
What filter before says, it’s a sign-in-page or not?
Several factors but the most significant one is whether there is a password field in the form or not. In this case, there is not, and therefore Kee will only consider that it is a sign-in if the details of the form or the fields within it strongly suggest that we should override the assumption that it is not a sign-in form. Kee does this automatically for common text fields such as “username” or “email” and we do make changes to this list occasionally (although existing users will never receive those changes because we can’t safely modify an existing configuration).
To force Kee to believe that this is a sign-in form, you can add an “include” override in a custom configuration for your site (or set it for every website - I would guess it is safe to do so with this id, and we may well include it in a future version of Kee by default for new users).
You’ll need to add a form field include id of login_otp_otp
Oh, great! Stupid me, I didn’t look at all into the Kee settings itself, I was always only looking on the Kee-Tab inside KeePass. Now this filter isn’t any more mysterious to me.
Summary
Actual solution was simple: I added “,login_otp_otp” at the end of “Text field ID” under “White List” in the settings of the Kee-Plugin inside Firefox. Now it works as expected.
Thank You very much!