From cf806dcac4127edf8413563eabef35c81a638111 Mon Sep 17 00:00:00 2001
From: Jonathan Prusik <jprusik@users.noreply.github.com>
Date: Thu, 4 Dec 2025 15:16:48 -0500
Subject: [PATCH] do not trigger an update notification if the entered password
 matches a stored cipher with the same value and matching username (#17811)

---
 .../background/notification.background.ts     | 48 ++++++++++++-------
 1 file changed, 31 insertions(+), 17 deletions(-)

diff --git a/apps/browser/src/autofill/background/notification.background.ts b/apps/browser/src/autofill/background/notification.background.ts
index 17e3ec159c..1cbf915b06 100644
--- a/apps/browser/src/autofill/background/notification.background.ts
+++ b/apps/browser/src/autofill/background/notification.background.ts
@@ -627,11 +627,11 @@ export default class NotificationBackground {
     }
 
     const username: string | null = data.username || null;
-    const currentPassword = data.password || null;
-    const newPassword = data.newPassword || null;
+    const currentPasswordFieldValue = data.password || null;
+    const newPasswordFieldValue = data.newPassword || null;
 
-    if (authStatus === AuthenticationStatus.Locked && newPassword !== null) {
-      await this.pushChangePasswordToQueue(null, loginDomain, newPassword, tab, true);
+    if (authStatus === AuthenticationStatus.Locked && newPasswordFieldValue !== null) {
+      await this.pushChangePasswordToQueue(null, loginDomain, newPasswordFieldValue, tab, true);
       return true;
     }
 
@@ -657,35 +657,49 @@ export default class NotificationBackground {
       const [cipher] = ciphers;
       if (
         username !== null &&
-        newPassword === null &&
+        newPasswordFieldValue === null &&
         cipher.login.username.toLowerCase() === normalizedUsername &&
-        cipher.login.password === currentPassword
+        cipher.login.password === currentPasswordFieldValue
       ) {
         // Assumed to be a login
         return false;
       }
     }
 
-    if (currentPassword && !newPassword) {
+    if (
+      ciphers.length > 0 &&
+      currentPasswordFieldValue?.length &&
       // Only use current password for change if no new password present.
-      if (ciphers.length > 0) {
-        await this.pushChangePasswordToQueue(
-          ciphers.map((cipher) => cipher.id),
-          loginDomain,
-          currentPassword,
-          tab,
-        );
-        return true;
+      !newPasswordFieldValue
+    ) {
+      const currentPasswordMatchesAnExistingValue = ciphers.some(
+        (cipher) =>
+          cipher.login?.password?.length && cipher.login.password === currentPasswordFieldValue,
+      );
+
+      // The password entered matched a stored cipher value with
+      // the same username (no change)
+      if (currentPasswordMatchesAnExistingValue) {
+        return false;
       }
+
+      await this.pushChangePasswordToQueue(
+        ciphers.map((cipher) => cipher.id),
+        loginDomain,
+        currentPasswordFieldValue,
+        tab,
+      );
+
+      return true;
     }
 
-    if (newPassword) {
+    if (newPasswordFieldValue) {
       // Otherwise include all known ciphers.
       if (ciphers.length > 0) {
         await this.pushChangePasswordToQueue(
           ciphers.map((cipher) => cipher.id),
           loginDomain,
-          newPassword,
+          newPasswordFieldValue,
           tab,
         );