From cf806dcac4127edf8413563eabef35c81a638111 Mon Sep 17 00:00:00 2001 From: Jonathan Prusik Date: Thu, 4 Dec 2025 15:16:48 -0500 Subject: [PATCH 1/2] do not trigger an update notification if the entered password matches a stored cipher with the same value and matching username (#17811) --- .../background/notification.background.ts | 48 ++++++++++++------- 1 file changed, 31 insertions(+), 17 deletions(-) diff --git a/apps/browser/src/autofill/background/notification.background.ts b/apps/browser/src/autofill/background/notification.background.ts index 17e3ec159c..1cbf915b06 100644 --- a/apps/browser/src/autofill/background/notification.background.ts +++ b/apps/browser/src/autofill/background/notification.background.ts @@ -627,11 +627,11 @@ export default class NotificationBackground { } const username: string | null = data.username || null; - const currentPassword = data.password || null; - const newPassword = data.newPassword || null; + const currentPasswordFieldValue = data.password || null; + const newPasswordFieldValue = data.newPassword || null; - if (authStatus === AuthenticationStatus.Locked && newPassword !== null) { - await this.pushChangePasswordToQueue(null, loginDomain, newPassword, tab, true); + if (authStatus === AuthenticationStatus.Locked && newPasswordFieldValue !== null) { + await this.pushChangePasswordToQueue(null, loginDomain, newPasswordFieldValue, tab, true); return true; } @@ -657,35 +657,49 @@ export default class NotificationBackground { const [cipher] = ciphers; if ( username !== null && - newPassword === null && + newPasswordFieldValue === null && cipher.login.username.toLowerCase() === normalizedUsername && - cipher.login.password === currentPassword + cipher.login.password === currentPasswordFieldValue ) { // Assumed to be a login return false; } } - if (currentPassword && !newPassword) { + if ( + ciphers.length > 0 && + currentPasswordFieldValue?.length && // Only use current password for change if no new password present. - if (ciphers.length > 0) { - await this.pushChangePasswordToQueue( - ciphers.map((cipher) => cipher.id), - loginDomain, - currentPassword, - tab, - ); - return true; + !newPasswordFieldValue + ) { + const currentPasswordMatchesAnExistingValue = ciphers.some( + (cipher) => + cipher.login?.password?.length && cipher.login.password === currentPasswordFieldValue, + ); + + // The password entered matched a stored cipher value with + // the same username (no change) + if (currentPasswordMatchesAnExistingValue) { + return false; } + + await this.pushChangePasswordToQueue( + ciphers.map((cipher) => cipher.id), + loginDomain, + currentPasswordFieldValue, + tab, + ); + + return true; } - if (newPassword) { + if (newPasswordFieldValue) { // Otherwise include all known ciphers. if (ciphers.length > 0) { await this.pushChangePasswordToQueue( ciphers.map((cipher) => cipher.id), loginDomain, - newPassword, + newPasswordFieldValue, tab, ); From 2bf9e3f6df4be7514198f3ea1bcb5669872a340e Mon Sep 17 00:00:00 2001 From: Shane Melton Date: Thu, 4 Dec 2025 13:39:12 -0800 Subject: [PATCH 2/2] [PM-29106] Add null check for login Uris that may come from SDK login list view (#17791) --- libs/common/src/vault/services/search.service.ts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libs/common/src/vault/services/search.service.ts b/libs/common/src/vault/services/search.service.ts index 0b34bd3863..feb6a7494b 100644 --- a/libs/common/src/vault/services/search.service.ts +++ b/libs/common/src/vault/services/search.service.ts @@ -335,8 +335,10 @@ export class SearchService implements SearchServiceAbstraction { if ( login && - login.uris.length && - login.uris.some((loginUri) => loginUri?.uri?.toLowerCase().indexOf(query) > -1) + login.uris?.length && + login.uris?.some( + (loginUri) => loginUri?.uri && loginUri.uri.toLowerCase().indexOf(query) > -1, + ) ) { return true; }