do not trigger an update notification if the entered password matches a stored cipher with the same value and matching username (#17811)

2025-12-06 00:13:28 +00:00 · 2025-12-04 15:16:48 -05:00
parent 474ffa2ce1
commit cf806dcac4
1 changed files with 31 additions and 17 deletions
--- a/apps/browser/src/autofill/background/notification.background.ts
+++ b/apps/browser/src/autofill/background/notification.background.ts
@@ -627,11 +627,11 @@ export default class NotificationBackground {
    }

    const username: string | null = data.username || null;
-    const currentPassword = data.password || null;
-    const newPassword = data.newPassword || null;
+    const currentPasswordFieldValue = data.password || null;
+    const newPasswordFieldValue = data.newPassword || null;

-    if (authStatus === AuthenticationStatus.Locked && newPassword !== null) {
-      await this.pushChangePasswordToQueue(null, loginDomain, newPassword, tab, true);
+    if (authStatus === AuthenticationStatus.Locked && newPasswordFieldValue !== null) {
+      await this.pushChangePasswordToQueue(null, loginDomain, newPasswordFieldValue, tab, true);
      return true;
    }

@@ -657,35 +657,49 @@ export default class NotificationBackground {
      const [cipher] = ciphers;
      if (
        username !== null &&
-        newPassword === null &&
+        newPasswordFieldValue === null &&
        cipher.login.username.toLowerCase() === normalizedUsername &&
-        cipher.login.password === currentPassword
+        cipher.login.password === currentPasswordFieldValue
      ) {
        // Assumed to be a login
        return false;
      }
    }

-    if (currentPassword && !newPassword) {
+    if (
+      ciphers.length > 0 &&
+      currentPasswordFieldValue?.length &&
      // Only use current password for change if no new password present.
-      if (ciphers.length > 0) {
+      !newPasswordFieldValue
+    ) {
+      const currentPasswordMatchesAnExistingValue = ciphers.some(
+        (cipher) =>
+          cipher.login?.password?.length && cipher.login.password === currentPasswordFieldValue,
+      );
+
+      // The password entered matched a stored cipher value with
+      // the same username (no change)
+      if (currentPasswordMatchesAnExistingValue) {
+        return false;
+      }
+
      await this.pushChangePasswordToQueue(
        ciphers.map((cipher) => cipher.id),
        loginDomain,
-          currentPassword,
+        currentPasswordFieldValue,
        tab,
      );
+
      return true;
    }
-    }

-    if (newPassword) {
+    if (newPasswordFieldValue) {
      // Otherwise include all known ciphers.
      if (ciphers.length > 0) {
        await this.pushChangePasswordToQueue(
          ciphers.map((cipher) => cipher.id),
          loginDomain,
-          newPassword,
+          newPasswordFieldValue,
          tab,
        );