github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-03-09 03:33:36 -05:00
Code Issues 144 Packages Projects Releases 116 Wiki Activity

[PM-25632] Log in with device - entered email is case-sensitive for fingerprint phrase generation #2352

New Issue
Open
opened 2025-11-26 23:16:30 -06:00 by GiteaMirror · 2 comments
GiteaMirror commented 2025-11-26 23:16:30 -06:00
Owner
Copy Link

Originally created by @Psionyde on GitHub (Sep 10, 2025).

Steps To Reproduce

  1. Have an existing BW client logged in
  2. Begin new device login from Android app
  3. Enter email address with arbitrary capitalisation (eg autocomplete capitalising first letter)
  4. Choose Log in with device
  5. Note fingerprint phrase mismatch between devices

Expected Result

Login attempt either fails to recognise account, or completes successfully with matching fingerprint.

Actual Result

Existing device receives an auth prompt with mismatched fingerprint phrase.

Screenshots or Videos

No response

Additional Context

The desktop apps convert email to lowercase before generating fingerprint in desktop auth-request.service.ts:224.
The Android app does not, see Android AuthRequestManagerImpl.kt:472 and Android AuthSdkSourceImpl.kt:45.
From what I can see in the iOS codebase it also seems to use the provided email without lowercasing it, see iOS AuthService.swift:832

Build Version

2025.8.1 (20670)

What server are you connecting to?

US

Self-host Server Version

No response

Environment Details

No response

Issue Tracking Info

  • I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
Originally created by @Psionyde on GitHub (Sep 10, 2025). ### Steps To Reproduce 1. Have an existing BW client logged in 2. Begin new device login from Android app 3. Enter email address with arbitrary capitalisation (eg autocomplete capitalising first letter) 4. Choose Log in with device 5. Note fingerprint phrase mismatch between devices ### Expected Result Login attempt either fails to recognise account, or completes successfully with matching fingerprint. ### Actual Result Existing device receives an auth prompt with mismatched fingerprint phrase. ### Screenshots or Videos _No response_ ### Additional Context The desktop apps convert email to lowercase before generating fingerprint in [desktop auth-request.service.ts:224](https://github.com/bitwarden/clients/blob/main/libs/auth/src/common/services/auth-request/auth-request.service.ts#L224). The Android app does not, see [Android AuthRequestManagerImpl.kt:472](https://github.com/bitwarden/android/blob/main/app/src/main/kotlin/com/x8bit/bitwarden/data/auth/manager/AuthRequestManagerImpl.kt#L472) and [Android AuthSdkSourceImpl.kt:45](https://github.com/bitwarden/android/blob/main/app/src/main/kotlin/com/x8bit/bitwarden/data/auth/datasource/sdk/AuthSdkSourceImpl.kt#L45). From what I can see in the iOS codebase it also seems to use the provided email without lowercasing it, see [iOS AuthService.swift:832](https://github.com/bitwarden/ios/blob/main/BitwardenShared/Core/Auth/Services/AuthService.swift#L832) ### Build Version 2025.8.1 (20670) ### What server are you connecting to? US ### Self-host Server Version _No response_ ### Environment Details _No response_ ### Issue Tracking Info - [x] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
GiteaMirror added the app:password-managerbug labels 2025-11-26 23:16:30 -06:00
GiteaMirror commented 2025-11-26 23:16:31 -06:00
Author
Owner
Copy Link

@bitwarden-bot commented on GitHub (Sep 10, 2025):

Thank you for your report! We've added this to our internal board for review.
ID: PM-25632

@bitwarden-bot commented on GitHub (Sep 10, 2025): Thank you for your report! We've added this to our internal board for review. ID: PM-25632
GiteaMirror commented 2025-11-26 23:16:31 -06:00
Author
Owner
Copy Link

@TangilHossain commented on GitHub (Sep 19, 2025):

So, basically, converting the email to lowercase would fix this issue.
I am willing to work on this issue, as well as on the iOS version.
Is anyone currently working on it?
If not, I would be glad to start on it immediately.

@TangilHossain commented on GitHub (Sep 19, 2025): So, basically, converting **the email to lowercase would fix this issue.** I am willing to work on this issue, as well as on the iOS version. **Is anyone currently working on it?** If not, I would be glad to start on it immediately.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label app:password-manager bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#2352
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?