From 3f33c12bf0dc5d1ae502d204d479ab601260240c Mon Sep 17 00:00:00 2001 From: David Kilzer Date: Sun, 1 Jan 2023 18:59:10 -0800 Subject: [PATCH 001/124] Add password-rules for classmates.com (#656) (#657) --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index c58a62aee..4b44fac6c 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -170,6 +170,9 @@ "claro.com.br": { "password-rules": "minlength: 8; required: lower; allowed: upper, digit, [-!@#$%&*_+=<>];" }, + "classmates.com": { + "password-rules": "minlength: 6; maxlength: 20; allowed: lower, upper, digit, [!@#$%^&*];" + }, "clien.net": { "password-rules": "minlength: 5; required: lower, upper; required: digit;" }, From 33b9371b730c2ec43b65f83776a9fd4d214e2c43 Mon Sep 17 00:00:00 2001 From: David Kilzer Date: Sun, 8 Jan 2023 14:25:30 -0800 Subject: [PATCH 002/124] Add password-rules for member.everbridge.net (#658) (#659) This one website hosts accounts for many different organizations, but they all have the same password rules based on a pseudo-random sampling of "Sign Up" pages. Co-authored-by: David Kilzer --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 4b44fac6c..7df11c676 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -479,6 +479,9 @@ "medicare.gov": { "password-rules": "minlength: 8; maxlength: 16; required: lower; required: upper; required: digit; required: [@!$%^*()];" }, + "member.everbridge.net": { + "password-rules": "minlength: 8; required: lower, upper; required: digit; allowed: [!@#$%^&*()];" + }, "metlife.com": { "password-rules": "minlength: 6; maxlength: 20;" }, From 7f210e07702fbeae5f35dc2310bae7dbbbc22f3e Mon Sep 17 00:00:00 2001 From: Vlad Esafev Date: Tue, 10 Jan 2023 22:17:12 +0400 Subject: [PATCH 003/124] Add readymag.com to password-rules and change-password-URLs (#661) * Add readymag.com to password-rules and change-password-URLs * fix alphabet disorder --- quirks/change-password-URLs.json | 1 + quirks/password-rules.json | 3 +++ 2 files changed, 4 insertions(+) diff --git a/quirks/change-password-URLs.json b/quirks/change-password-URLs.json index a870428c3..e7e313b66 100644 --- a/quirks/change-password-URLs.json +++ b/quirks/change-password-URLs.json @@ -100,6 +100,7 @@ "prolific.co": "https://app.prolific.co/account/general", "protonmail.com": "https://mail.protonmail.com/account", "prowlapp.com": "https://www.prowlapp.com/settings.php", + "readymag.com": "https://auth.readymag.com/password/forgot", "reddit.com": "https://www.reddit.com/prefs/update/", "redirect.pizza": "https://redirect.pizza/profile", "reelgood.com": "https://reelgood.com/account", diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 7df11c676..b10bf8427 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -71,6 +71,9 @@ "astonmartinf1.com": { "password-rules": "minlength: 8; maxlength: 16; required: lower; required: upper; required: digit; allowed: special;" }, + "auth.readymag.com": { + "password-rules": "minlength: 8; maxlength: 128; required: lower; required: upper; allowed: special;" + }, "autify.com": { "password-rules": "minlength: 8; required: lower; required: upper; required: digit; required: [!\"#$%&'()*+,./:;<=>?@[^_`{|}~]];" }, From 66d02e3bc4b4fe1518b984261f2ee60abc88de84 Mon Sep 17 00:00:00 2001 From: Jeroen Smienk <102802280+jsmienk-moneybird@users.noreply.github.com> Date: Mon, 16 Jan 2023 19:56:08 +0100 Subject: [PATCH 004/124] Changed from shared to from-to structure. (#662) A Moneybird account is created at `moneybird.nl` (or even `moneybird.de`), but the user logs in to `moneybird.com`, which prevents password managers from auto-completing the login form and frustrates the users. --- quirks/shared-credentials.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index bf5902889..49ce8b4cc 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -245,6 +245,16 @@ "tum.de" ] }, + { + "from": [ + "moneybird.nl", + "moneybird.de" + ], + "to": [ + "moneybird.com" + ], + "fromDomainsAreObsoleted": true + }, { "from": [ "nebula.app", From 15e121ae82a8ac475b24e82a81f5d93745dfb7e6 Mon Sep 17 00:00:00 2001 From: Josh McKinney Date: Mon, 30 Jan 2023 06:23:25 -0800 Subject: [PATCH 005/124] Add and Update several password change urls (#665) * Add password url for Air New Zealand * Add password url for Alaska Air * Add password url for All Nippon Airways * Add password url for cakeresume.com * Add password url for Columbia.com * Add password url for Crackle.com * Update password url for delta.com * Add password url for blend.io * Add password url for bugzilla.kernel.org * Add password url for fitbit.com --- quirks/change-password-URLs.json | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/quirks/change-password-URLs.json b/quirks/change-password-URLs.json index e7e313b66..f294ad93d 100644 --- a/quirks/change-password-URLs.json +++ b/quirks/change-password-URLs.json @@ -11,10 +11,13 @@ "aerlingus.com": "https://www.aerlingus.com/html/user-profile.html", "aesop.com": "https://www.aesop.com/my-account", "airbnb.com": "https://www.airbnb.com/account-settings/login-and-security", + "airnewzealand.com": "https://www.airnewzealand.com/membership/profile/security/password", + "alaskaair.com": "https://www.alaskaair.com/www2/ssl/myalaskaair/myalaskaair.aspx?view=myinformation&tab=email", "alliantcreditunion.com": "https://www.alliantcreditunion.com/OnlineBanking/Settings/AccessAndSecurity/ChangePassword.aspx", "allianz.com.br": "https://www.allianz.com.br/alteracao-de-password-ecliente", "alternate.de": "https://www.alternate.de/html/myAccount/account/basicData.html", "amctheatres.com": "https://www.amctheatres.com/amcstubs/account", + "ana.co.jp": "https://cam.ana.co.jp/psz/us/amc_us.jsp?index=105", "anatel.gov.br": "https://apps.anatel.gov.br/AnatelConsumidor/ConsumidorEditar.aspx", "app.parkmobile.io": "https://app.parkmobile.io/account/settings", "arlt.com": "https://www.arlt.com/mein-passwort/", @@ -29,9 +32,12 @@ "benefitslogin.discoverybenefits.com": "https://benefitslogin.discoverybenefits.com/Profile/UpdatePassword.aspx", "berlet.de": "https://www.berlet.de/mein-konto.htm#my-account--edit-pass", "birkenstock.com": "https://www.birkenstock.com/profile", + "blend.io": "https://blend.io/settings", "blockchain.com": "https://login.blockchain.com/en/#/security-center/advanced", "blutdruck-shop.de": "https://www.blutdruck-shop.de/mein-passwort/", "browserstack.com": "https://www.browserstack.com/accounts/profile", + "bugzilla.kernel.org": "https://bugzilla.kernel.org/userprefs.cgi?tab=account", + "cakeresume.com": "https://www.cakeresume.com/settings/account?ref=navs_settings", "callofduty.com": "https://profile.callofduty.com/cod/info", "carta.com": "https://app.carta.com/profiles/update/", "cecredentialtrust.com": "https://secure.cecredentialtrust.com/account/editpassword/", @@ -41,13 +47,15 @@ "clien.net": "https://www.clien.net/service/mypage/myInfoComfrim", "cloudflare.com": "https://dash.cloudflare.com/profile/authentication", "codepen.io": "https://codepen.io/settings/account", + "columbia.com": "https://www.columbia.com/profile", "consumidor.gov.br": "https://www.consumidor.gov.br/pages/usuario/editar", "coupang.com": "https://login.coupang.com/login/userModify.pang", + "crackle.com": "https://www.crackle.com/profile", "crunchyroll.com": "https://www.crunchyroll.com/acct", "danawa.com": "https://auth.danawa.com/modifyMember", "darty.com": "https://www.darty.com/espace_client/donnees-personnelles/mot-de-passe/edition", "daum.net": "https://member.daum.net/change/password.daum", - "delta.com": "https://www.delta.com/profile/basicInfo.action#editPassword", + "delta.com": "https://www.delta.com/myprofile/security-settings", "digitalocean.com": "https://cloud.digitalocean.com/settings/security", "discord.com": "https://discord.com/settings/account", "disneyplus.com": "https://www.disneyplus.com/account", @@ -55,6 +63,7 @@ "dropbox.com": "https://www.dropbox.com/account/security", "dwr.com": "https://www.dwr.com/profile", "ea.com": "https://myaccount.ea.com/cp-ui/security/index", + "fitbit.com": "https://www.fitbit.com/settings/profile", "fnac.com": "https://secure.fnac.com/account/update-password", "foursquare.com": "https://foursquare.com/change_password", "geocaching.com": "https://www.geocaching.com/account/settings/changepassword", From 7e8b9f29f6536003eb7bee0763b7af614d01f1f6 Mon Sep 17 00:00:00 2001 From: Ezekiel Elin Date: Thu, 2 Feb 2023 23:07:35 -0500 Subject: [PATCH 006/124] Password rules for inntopia.travel (#666) --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index b10bf8427..02e86a689 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -395,6 +395,9 @@ "indochino.com": { "password-rules": "minlength: 6; maxlength: 15; required: upper; required: digit; allowed: lower, special;" }, + "inntopia.travel": { + "password-rules": "minlength: 7; maxlength: 19; required: digit; allowed: upper,lower,[-];" + }, "internationalsos.com": { "password-rules": "required: lower; required: upper; required: digit; required: [@#$%^&+=_];" }, From 4e883c85e3c4c14ab84ef96230fd2c2ad87288d4 Mon Sep 17 00:00:00 2001 From: Sima Patel-Mittal <106289522+simap-ag@users.noreply.github.com> Date: Fri, 10 Feb 2023 19:49:16 -0500 Subject: [PATCH 007/124] Update change-passwords-URLs.json with a large number of URLs (#664) * Add and update password change URLs * Correct some change password URLs * More updates * Revert "Add rule for okta.com" --------- Co-authored-by: Michael Carlyle <29067983+carlylemiii@users.noreply.github.com> --- quirks/change-password-URLs.json | 218 ++++++++++++++++++++++++++++++- 1 file changed, 213 insertions(+), 5 deletions(-) diff --git a/quirks/change-password-URLs.json b/quirks/change-password-URLs.json index f294ad93d..df569e825 100644 --- a/quirks/change-password-URLs.json +++ b/quirks/change-password-URLs.json @@ -1,165 +1,373 @@ { "11st.co.kr": "https://www.11st.co.kr/register/popupModifyPWD.tmall", "1800contacts.com": "https://www.1800contacts.com/account/settings", + "247sports.com": "https://247sports.com/my/settings/password/", "500px.com": "https://web.500px.com/settings/account/security", "aa.com": "https://www.aa.com/loyalty/profile/information", + "aarp.org": "https://secure.aarp.org/account/editaccount?request_locale=en&nu=t", "account.magento.com": "https://account.magento.com/customer/account/changepassword", "account.publishing.service.gov.uk": "https://www.account.publishing.service.gov.uk/account/edit/password", "acorns.com": "https://app.acorns.com/settings/change-password", "adobe.com": "https://account.adobe.com/security", + "adp.com": "https://mon.adp.com/pwdservice/changePassword", + "adultfriendfinder.com": "https://adultfriendfinder.com/p/update.cgi?p=my_account_update_account_password", "ae.com": "https://www.ae.com/myaccount", "aerlingus.com": "https://www.aerlingus.com/html/user-profile.html", "aesop.com": "https://www.aesop.com/my-account", "airbnb.com": "https://www.airbnb.com/account-settings/login-and-security", "airnewzealand.com": "https://www.airnewzealand.com/membership/profile/security/password", "alaskaair.com": "https://www.alaskaair.com/www2/ssl/myalaskaair/myalaskaair.aspx?view=myinformation&tab=email", + "aliexpress.com": "https://login.aliexpress.com/", "alliantcreditunion.com": "https://www.alliantcreditunion.com/OnlineBanking/Settings/AccessAndSecurity/ChangePassword.aspx", "allianz.com.br": "https://www.allianz.com.br/alteracao-de-password-ecliente", + "allrecipes.com": "https://www.allrecipes.com/account/profile#/change-password", "alternate.de": "https://www.alternate.de/html/myAccount/account/basicData.html", "amctheatres.com": "https://www.amctheatres.com/amcstubs/account", + "americanexpress.com": "https://www.americanexpress.com/en-us/account/password/reset", "ana.co.jp": "https://cam.ana.co.jp/psz/us/amc_us.jsp?index=105", "anatel.gov.br": "https://apps.anatel.gov.br/AnatelConsumidor/ConsumidorEditar.aspx", + "ancestry.com": "https://www.ancestry.com/account/security/password", + "aol.com": "https://login.aol.com/account/change-password", + "apartments.com": "https://www.apartments.com/my-account/#", + "app.link": "https://dashboard.branch.io/account-settings/user", "app.parkmobile.io": "https://app.parkmobile.io/account/settings", + "apple.com": "https://appleid.apple.com/account/manage", + "archive.org": "https://archive.org/account/index.php?settings=1", "arlt.com": "https://www.arlt.com/mein-passwort/", "arxiv.org": "https://arxiv.org/user/change_own_password", "astonmartinf1.com": "https://auth.astonmartinf1.com/Dashboard/ChangePassword", "atlassian.com": "https://id.atlassian.com/manage-profile/security", + "att.com": "https://www.att.com/acctmgmt/profile/overview", + "att.net": "https://www.att.com/acctmgmt/profile/overview", + "attn.tv": "https://ui.attentivemobile.com/forgot-password", "auction.co.kr": "https://memberssl.auction.co.kr/membership/MyInfo/MyInfo.aspx", "autodesk.com": "https://accounts.autodesk.com/Profile/Security", "bancochile.cl": "https://portalpersonas.bancochile.cl/mibancochile-web/front/persona/index.html#/mi-perfil/datos-seguridad", "bandcamp.com": "https://bandcamp.com/settings#password", + "bankofamerica.com": "https://secure.bankofamerica.com/auth/security-center/main/?activity=changePasscode", + "bathandbodyworks.com": "https://www.bathandbodyworks.com/my-account/edit-profile", + "bbc.com": "https://account.bbc.com/account/settings/edit/password", "bbq-grill-world.de": "https://www.bbq-grill-world.de/customer/account/edit/changepass/1/", + "bedbathandbeyond.com": "https://www.bedbathandbeyond.com/store/account/personalinfo", "benefitslogin.discoverybenefits.com": "https://benefitslogin.discoverybenefits.com/Profile/UpdatePassword.aspx", "berlet.de": "https://www.berlet.de/mein-konto.htm#my-account--edit-pass", + "bestbuy.com": "https://www.bestbuy.com/identity/accountSettings/page/password", + "biblegateway.com": "https://www.biblegateway.com/user/account/", "birkenstock.com": "https://www.birkenstock.com/profile", "blend.io": "https://blend.io/settings", "blockchain.com": "https://login.blockchain.com/en/#/security-center/advanced", + "bloomberg.com": "https://www.bloomberg.com/portal/account", "blutdruck-shop.de": "https://www.blutdruck-shop.de/mein-passwort/", + "booking.com": "https://account.booking.com/account-recovery", + "boredpanda.com": "https://www.boredpanda.com/settings/", "browserstack.com": "https://www.browserstack.com/accounts/profile", "bugzilla.kernel.org": "https://bugzilla.kernel.org/userprefs.cgi?tab=account", + "businessinsider.com": "https://www.businessinsider.com/#", + "buzzfeed.com": "https://www.buzzfeed.com/settings/password/change", "cakeresume.com": "https://www.cakeresume.com/settings/account?ref=navs_settings", "callofduty.com": "https://profile.callofduty.com/cod/info", + "canva.com": "https://www.canva.com/login?redirect=%2Fsettings%2Flogin-and-security", + "capitalone.com": "https://myaccounts.capitalone.com/Security/changePassword", + "cargurus.com": "https://www.cargurus.com/Cars/myAccount#/accountSettings", "carta.com": "https://app.carta.com/profiles/update/", + "cbsnews.com": "https://www.cbsnews.com/user/change-password/", + "cbssports.com": "https://www.cbssports.com/settings/account", "cecredentialtrust.com": "https://secure.cecredentialtrust.com/account/editpassword/", "censys.io": "https://censys.io/account", - "chewy.com": "https://www.chewy.com/app/account/profile", + "chapmanganato.com": "https://user.manganelo.com/user_changes_pass", + "chase.com": "https://secure07ea.chase.com/web/auth/dashboard#/dashboard/myProfileSignInSecurity/resetPassword/resetPassword", + "chaturbate.com": "https://chaturbate.com/auth/password_change/", + "chegg.com": "https://www.chegg.com/my/account-next", + "chess.com": "https://www.chess.com/settings/password", + "chewy.com": "https://www.chewy.com/app/resetpassword", + "citi.com": "https://online.citi.com/US/ag/profile-update/change-password", "claro.com.br": "https://minhanet.net.com.br/webcenter/portal/MinhaNet/pages_alterarsenha", + "clevelandclinic.org": "https://mychart.clevelandclinic.org/inside.asp?mode=passwd", "clien.net": "https://www.clien.net/service/mypage/myInfoComfrim", "cloudflare.com": "https://dash.cloudflare.com/profile/authentication", + "cnbc.com": "https://www.cnbc.com/account/#profile", + "cnn.com": "https://www.cnn.com/account/settings", "codepen.io": "https://codepen.io/settings/account", "columbia.com": "https://www.columbia.com/profile", "consumidor.gov.br": "https://www.consumidor.gov.br/pages/usuario/editar", + "costco.com": "https://www.costco.com/AccountInformationView?identifier=manage-membership", "coupang.com": "https://login.coupang.com/login/userModify.pang", "crackle.com": "https://www.crackle.com/profile", - "crunchyroll.com": "https://www.crunchyroll.com/acct", + "craigslist.org": "https://accounts.craigslist.org/pass", + "creditkarma.com": "https://www.creditkarma.com/myprofile/security", + "crunchyroll.com": "https://www.crunchyroll.com/resetpw", + "cvs.com": "https://www.cvs.com/my-account/profile/sign-in-and-security/edit-password", + "dailymail.co.uk": "https://www.dailymail.co.uk/registration/profile/change-password.html", "danawa.com": "https://auth.danawa.com/modifyMember", "darty.com": "https://www.darty.com/espace_client/donnees-personnelles/mot-de-passe/edition", "daum.net": "https://member.daum.net/change/password.daum", "delta.com": "https://www.delta.com/myprofile/security-settings", + "deviantart.com": "https://www.deviantart.com/settings/general", + "dickssportinggoods.com": "https://www.dickssportinggoods.com/MyAccount/AccountSettings", "digitalocean.com": "https://cloud.digitalocean.com/settings/security", "discord.com": "https://discord.com/settings/account", + "discover.com": "https://card.discover.com/cardmembersvcs/personalprofile/pp/UpdateDetails?ICMPGN=MYPROFILE_USERID_PASSWORD_TXT", "disneyplus.com": "https://www.disneyplus.com/account", "dittomusic.com": "https://dashboard.dittomusic.com/account/password", + "docusign.net": "https://account.docusign.com/me/changepassword", + "dominos.com": "https://www.dominos.com/en/pages/customer/#!/customer/settings/", + "doordash.com": "https://www.doordash.com/accounts/password/reset/", "dropbox.com": "https://www.dropbox.com/account/security", + "dsw.com": "https://www.dsw.com/en/us/profile", "dwr.com": "https://www.dwr.com/profile", "ea.com": "https://myaccount.ea.com/cp-ui/security/index", + "ebay.com": "https://accounts.ebay.com/acctsec/security-center/chngpwd", + "eporner.com": "https://www.eporner.com/profile/mturk_eporn/my/edit-pass/", + "espn.com": "https://www.espn.com/", + "etsy.com": "https://www.etsy.com/your/account?ref=hdr_user_menu-settings", + "eventbrite.com": "https://www.eventbrite.com/account-settings/password", + "evite.com": "https://www.evite.com/reset_password/", + "expedia.com": "https://www.expedia.com/user/forgotpassword", + "experian.com": "https://usa.experian.com/member/ngx-profile/account-info", + "facebook.com": "https://www.facebook.com/settings?tab=security", + "fandom.com": "https://auth.fandom.com/auth/settings", + "fanfiction.net": "https://www.fanfiction.net/account/password.php", + "fedex.com": "https://www.fedex.com/en-us/create-account/how-to-reset-forgot-password.html", + "fetlife.com": "https://fetlife.com/settings/account/password", + "fidelity.com": "https://fps.fidelity.com/ftgw/Fps/Fidelity/RtlCust/ChangePIN/Init", + "finance.yahoo.com": "https://login.yahoo.com/myaccount/security/change-password/?src=finance", "fitbit.com": "https://www.fitbit.com/settings/profile", "fnac.com": "https://secure.fnac.com/account/update-password", + "foodnetwork.com": "https://www.foodnetwork.com/user-profile-page", + "forbes.com": "https://account.forbes.com/profile", + "force.com": "https://na224.lightning.force.com/lightning/settings/personal/ChangePassword/home", "foursquare.com": "https://foursquare.com/change_password", + "foxbusiness.com": "https://my.foxbusiness.com/?p=account", + "foxnews.com": "https://my.foxnews.com/?pieces=reset", + "foxsports.com": "https://www.foxsports.com/#", + "gamespot.com": "https://www.gamespot.com/change-details/", + "gap.com": "https://secure-www.gap.com/my-account/change-password", + "genius.com": "https://genius.com/password_resets/new", "geocaching.com": "https://www.geocaching.com/account/settings/changepassword", "getflywheel.com": "https://app.getflywheel.com/profile/security/change_password", + "github.com": "https://github.com/settings/security", + "glassdoor.com": "https://www.glassdoor.com/member/profile/settings.htm", + "gmail.com": "https://myaccount.google.com/signinoptions/password?continue=https://myaccount.google.com/security", "gmarket.co.kr": "https://sslmember2.gmarket.co.kr/MYInfo/MemberInfo", "gmx.net": "https://account.gmx.net/ciss/security/edit/passwordChange", + "go.com": "https://go.com/profile/account-settings/edit", "gog.com": "https://www.gog.com/account/settings/security", + "goodhousekeeping.com": "https://www.mylo.id/account", + "google.com": "https://myaccount.google.com/signinoptions/password", "gov.br": "https://acesso.gov.br/area-cidadao/#/alterarSenha", "grubhub.com": "https://www.grubhub.com/account/profile", "happycow.net": "https://www.happycow.net/members/profile/update/password", + "hbomax.com": "https://play.hbomax.com/setting/account/edit/password", "heroku.com": "https://dashboard.heroku.com/account", "hibrain.net": "https://hibrain.net/mybrain/users/password/edit", + "homedepot.com": "https://www.homedepot.com/myaccount/security", "hotels.com": "https://hotels.com/profile/settings.html", + "huffpost.com": "https://www.huffpost.com/member/edit-profile", + "hulu.com": "https://secure.hulu.com/account", + "icloud.com": "https://appleid.apple.com/account/manage", + "ign.com": "https://www.ign.com/account/security", + "imgur.com": "https://imgur.com/account/settings/password", "impots.gouv.fr": "https://cfspart.impots.gouv.fr/monprofil-webapp/GererMonProfil", + "indeed.com": "https://secure.indeed.com/account/changepassword", + "insider.com": "https://www.insider.com/", + "instacart.com": "https://www.instacart.com/store/account", "instagram.com": "https://www.instagram.com/accounts/password/change/", + "intuit.com": "https://accounts.intuit.com/app/account-manager/security/password", + "jcpenney.com": "https://www.jcpenney.com/account/dashboard/personal/info", + "jw.org": "https://apps.jw.org/E_PASSCHG1", "key.harvard.edu": "https://key.harvard.edu/manage-account/change-password", + "kohls.com": "https://www.kohls.com/myaccount/accountsettings.jsp", + "kroger.com": "https://www.kroger.com/account/update", + "latimes.com": "https://membership.latimes.com/settings", "leetcode.com": "https://leetcode.com/accounts/password/set/", + "legacy.com": "https://legacy.memoriams.com/Network/Account/ChangePassword", "lemonde.fr": "https://moncompte.lemonde.fr/gcustomer/account/password", "linkedin.com": "https://www.linkedin.com/psettings/change-password", + "linktr.ee": "https://linktr.ee/admin/account", "linode.com": "https://cloud.linode.com/profile/auth", + "live.com": "https://account.live.com/password/change?refd=account.microsoft.com&fref=home.banner.changepwd", + "livejasmin.com": "https://www.livejasmin.com/en/girls/#!settings/account", + "lowes.com": "https://www.lowes.com/mylowes/profile", + "macys.com": "https://www.macys.com/account/profile?cm_sp=macys_account-_-my_account-_-my_profile&linklocation=leftrail", + "marketwatch.com": "https://customercenter.marketwatch.com/account#password?mod=ql", "marktplaats.nl": "https://www.marktplaats.nl/account/password-reset/confirm.html", + "marriott.com": "https://www.marriott.com/loyalty/myAccount/changePassword.mi", "mathworks.com": "https://mathworks.com/mwaccount/profiles/password/change", + "maxpreps.com": "https://secure.maxpreps.com/utility/member/forgotpassword.aspx", "meliuz.com.br": "https://www.meliuz.com.br/minha-conta/meus-dados/senha", + "mercari.com": "https://www.mercari.com/mypage/email_password/", "messagebird.com": "https://dashboard.messagebird.com/account/security", + "messenger.com": "https://www.facebook.com/settings?tab=security", + "michaels.com": "https://www.michaels.com/on/demandware.store/Sites-MichaelsUS-Site/default/Account-EditProfile", "microsoft.com": "https://account.live.com/password/Change", + "mlb.com": "https://www.mlb.com/account/general", + "msn.com": "https://account.live.com/password/change?refd=account.microsoft.com&fref=home.banner.changepwd", + "music.youtube.com": "https://myaccount.google.com/signinoptions/password", "myaccount.ea.com": "https://myaccount.ea.com/cp-ui/security/index", "myaccount.google.com": "https://myaccount.google.com/signinoptions/password", + "myfreecams.com": "https://www.myfreecams.com/php/account.php?request=status&vcc=1674246522#change_password", + "myshopify.com": "https://accounts.shopify.com/accounts/186490458/security", "naver.com": "https://nid.naver.com/user2/help/myInfo.nhn?m=viewChangePasswd", + "nba.com": "https://www.nba.com/account/nbaprofile", + "nbcnews.com": "https://nbcuniversal.nbc.com/request-password", "netflix.com": "https://www.netflix.com/password", + "news.google.com": "https://myaccount.google.com/signinoptions/password", + "news.yahoo.com": "https://login.yahoo.com/myaccount/security/change-password/", "news.ycombinator.com": "https://news.ycombinator.com/changepw", + "newsweek.com": "https://www.newsweek.com/contact", + "nfl.com": "https://id.nfl.com/account/change-password", + "nhentai.net": "https://nhentai.net/reset/", + "nike.com": "https://www.nike.com/member/settings", "nintendo.com": "https://accounts.nintendo.com/password/edit", - "nytimes.com": "https://myaccount.nytimes.com/seg/profile", + "nordstrom.com": "https://www.nordstrom.com/my-account/sign-in-info", + "nordstromrack.com": "https://www.nordstromrack.com/my-account/sign-in-info", + "npr.org": "https://secure.npr.org/oauth2/login", + "nypost.com": "https://nypost.com/account/settings", + "nytimes.com": "https://www.nytimes.com/account/change-password", + "office.com": "https://account.live.com/password/change?refd=account.microsoft.com&fref=home.banner.changepwd", + "office365.com": "https://account.live.com/password/change?refd=account.microsoft.com&fref=home.banner.changepwd", + "onelink.me": "https://hq1.appsflyer.com/account/change-password", + "onlyfans.com": "https://onlyfans.com/my/settings/account/password", + "opentable.com": "https://support.opentable.com/s/login/ForgotPassword?language=en_US", "orcid.org": "https://orcid.org/account", "overleaf.com": "https://www.overleaf.com/user/settings", - "patreon.com": "https://www.patreon.com/settings/profile", + "paramountplus.com": "https://www.paramountplus.com/account/", + "patreon.com": "https://www.patreon.com/settings/account", "paypal.com": "https://www.paypal.com/myaccount/security/password/change", + "pch.com": "https://accounts.pch.com/forgotpass", + "peacocktv.com": "https://www.peacocktv.com/forgot", + "pearson.com": "https://www.pearson.com/store/en-us/my-account/update-password", "pilotflyingj.com": "https://portal.pilotflyingj.com/myrewards/forgot-password", + "pinterest.com": "https://www.pinterest.com/settings/account-settings", "playstation.com": "https://id.sonyentertainmentnetwork.com/id/management/#/p/security", "plex.tv": "https://app.plex.tv/desktop#!/account", + "politico.com": "https://www.politico.com/settings", + "pornhub.com": "https://www.pornhub.com/user/security", "portal.edd.ca.gov": "https://portal.edd.ca.gov/WebApp/Profile/UpdatePassword", "portlandgeneral.com": "https://portlandgeneral.com/secure/profile/change-password", + "poshmark.com": "https://poshmark.com/user/account-info", "ppomppu.co.kr": "https://www.ppomppu.co.kr/myinfo/profile.php", "prolific.co": "https://app.prolific.co/account/general", "protonmail.com": "https://mail.protonmail.com/account", "prowlapp.com": "https://www.prowlapp.com/settings.php", + "quizlet.com": "https://quizlet.com/settings", + "quora.com": "https://www.quora.com/settings", + "rakuten.com": "https://www.rakuten.com/account-settings.htm", "readymag.com": "https://auth.readymag.com/password/forgot", + "realtor.com": "https://www.realtor.com/myaccount/profile/settings", + "redd.it": "https://www.reddit.com/prefs/update/", "reddit.com": "https://www.reddit.com/prefs/update/", + "redfin.com": "https://www.redfin.com/change-password", + "redgifs.com": "https://auth.redgifs.com/lo/reset?ticket=", "redirect.pizza": "https://redirect.pizza/profile", + "redtube.com": "https://www.redtube.com/settings", "reelgood.com": "https://reelgood.com/account", + "rei.com": "https://www.rei.com/YourAccountCredentials", "rejsekort.dk": "https://selvbetjening.rejsekort.dk/CWS/CustomerManagement/ChangePassword", + "reuters.com": "https://www.reuters.com/account/forgot-password/", "roblox.com": "https://www.roblox.com/my/account#!/info", + "rottentomatoes.com": "https://www.rottentomatoes.com/user/account", "ruc.dk": "https://pwrecovery.ruc.dk", + "rule34.xxx": "https://rule34.xxx/index.php?page=account&s=change_password", + "rumble.com": "https://rumble.com/account/profile", + "samsclub.com": "https://www.samsclub.com/account/personal-info?xid=hdr_account_change-password", + "samsung.com": "https://account.samsung.com/membership/contents/security/password/change-password", "santahelenasaude.com.br": "https://www.santahelenasaude.com.br/beneficiario/#/alterar-senha", "saturn.de": "https://www.saturn.de/webapp/wcs/stores/servlet/MultiChannelMAChangePassword", "secure.orclinic.com": "https://secure.orclinic.com/portal/editprofile.aspx", + "sephora.com": "https://www.sephora.com/profile/MyAccount", "serasa.com.br": "https://www.serasa.com.br/meus-dados/alterar-senha", + "shein.com": "https://shein.com/user/security", "shodan.io": "https://account.shodan.io/change_password", "shoop.de": "https://www.shoop.de/einstellungen/benutzerdaten", "shopback.co.kr": "https://www.shopback.co.kr/account/change-password", "shutterfly.com": "https://www.shutterfly.com/account-settings/", "sipgatebasic.de": "https://app.sipgatebasic.de/settings", + "slickdeals.net": "https://slickdeals.net/forums/login.php?do=lostpw", + "soap2day.to": "https://soap2day.to/home/user/changepassword", "sonos.com": "https://www.sonos.com/myaccount/user/profile/", + "soundcloud.com": "https://soundcloud.com/settings", + "southwest.com": "https://www.southwest.com/loyalty/myaccount/profile-security.html", + "spankbang.com": "https://spankbang.com/users/account", + "spectrum.net": "https://www.spectrum.net/user-preferences/your-info/manage/security", "speedway.com": "https://www.speedway.com/my-account/security/passcode", "splunk.com": "https://www.splunk.com/my-account/#/profile-details", + "sports.yahoo.com": "https://login.yahoo.com/account/change-password", + "spotify.com": "https://www.spotify.com/in-en/account/change-password/", + "ssa.gov": "https://secure.ssa.gov/RIM/UpwdView.action", + "stackoverflow.com": "https://stackoverflow.com/users/account-recovery", "stacksocial.com": "https://stacksocial.com/user?show=account-tab", - "steampowered.com": "https://help.steampowered.com/wizard/HelpChangePassword?redir=store/account/", + "steampowered.com": "https://help.steampowered.com/en/wizard/HelpChangePassword?redir=store/account/", "stonly.com": "https://app.stonly.com/app/general/userSettings/Account", + "stripchat.com": "https://stripchat.com/settings", "sulamericaseguros.com.br": "https://saude.sulamericaseguros.com.br/segurado/gerenciar-cadastro/", "swarmapp.com": "https://foursquare.com/change_password", + "syf.com": "https://mastercard.syf.com/login/reset", + "synchrony.com": "https://consumercenter.mysynchrony.com/consumercenter/", + "target.com": "https://logonservices.iam.target.com/change-password/?target=#!", + "tasteofhome.com": "https://www.tasteofhome.com/login/updatepassword", "teamviewer.com": "https://login.teamviewer.com/nav/profile/change-password", "telekom.de": "https://account.idm.telekom.com/account-manager/password/index.xhtml", + "temu.com": "https://www.temu.com/bgp_account_security.html", + "the-sun.com": "https://home.thesun.co.uk/edit/password", + "theguardian.com": "https://profile.theguardian.com/reset", "thenounproject.com": "https://thenounproject.com/accounts/password/change/", "thetrainline.com": "https://www.thetrainline.com/my-account/change-password", "thetvdb.com": "https://www.thetvdb.com/dashboard/account/changepass", "ticketmaster.com": "https://my.ticketmaster.com/settings", + "tiktok.com": "https://www.tiktok.com/login/email/forget-password", "tmon.co.kr": "https://login.tmon.co.kr/user/info", + "tmz.com": "https://shop.tmz.com/user?show=account-tab", "todoist.com": "https://todoist.com/prefs/account", "trakt.tv": "https://trakt.tv/settings#password", + "tripadvisor.com": "https://www.tripadvisor.com/Settings-cp", "tripit.com": "https://tripit.com/account/edit/section/change_password", + "trulia.com": "https://www.trulia.com/account/user_profile", "tum.de": "https://campus.tum.de", + "tumblr.com": "https://www.tumblr.com/settings/account", "twilio.com": "https://www.twilio.com/console/user/settings", "twitch.tv": "https://www.twitch.tv/settings/security", + "twitter.com": "https://twitter.com/settings/password", "udacity.com": "https://classroom.udacity.com/settings/password", "udel.edu": "https://udapps.nss.udel.edu/myUDsettings/password", + "ulta.com": "https://www.ulta.com/myaccount/index.jsp", "uml.edu": "https://mypassword.uml.edu/#Change", "umsystem.edu": "https://password.umsystem.edu/reset/", + "united.com": "https://www.united.com/ual/en/US/account/security/setpassword", + "ups.com": "https://www.ups.com/lasso/updatePass?loc=en_US", "usaa.com": "https://www.usaa.com/inet/ent_auth_password/pages/ChangePasswordPage", + "usatoday.com": "https://login.usatoday.com/USAT-GUP/password-forgot/", + "usnews.com": "https://auth.usnews.com/changePassword", + "usps.com": "https://reg.usps.com/entreg/secure/ChangePasswordAction_input?returnActionName", "ventrachicago.com": "https://www.ventrachicago.com/account/manage-account/", + "verizon.com": "https://myvpostpay.verizon.com/ui/bill/secure/", + "victoriassecret.com": "https://www.victoriassecret.com/us/account/profile#changePassword", "virginmobile.ca": "https://myaccount.virginmobile.ca/MyProfile/Details/EditProfile?editField=PASSWORD", "vivo.com.br": "https://meuvivo.vivo.com.br/meuvivo/appmanager/portal/fixo", "walgreens.com": "https://www.walgreens.com/account/user_and_password", + "walmart.com": "https://www.walmart.com/account/profile", + "washingtonpost.com": "https://subscribe.washingtonpost.com/profile/#!/profile/access?destination=https:%2F%2Fwww.washingtonpost.com%2F%3Frefresh%3Dtrue&tid=nav_acctmgnt_menu", + "wayfair.com": "https://www.wayfair.com/v/account/personal_info/edit", + "weather.com": "https://weather.com/member/settings", + "webmd.com": "https://member.webmd.com/password-reset", "wii-homebrew.com": "https://forum.wii-homebrew.com/index.php/AccountManagement/", + "wikihow.com": "https://www.wikihow.com/Special:ChangeCredentials/MediaWiki%5CAuth%5CPasswordAuthenticationRequest", + "wikipedia.org": "https://en.wikipedia.org/w/index.php?title=Special:ChangeCredentials/MediaWiki%5CAuth%5CPasswordAuthenticationRequest&returnto=Special%3APreferences", + "wordpress.com": "https://wordpress.com/me/security/password", + "worldstar.com": "https://worldstarhiphop.com/videos/reset.php", + "wsj.com": "https://customercenter.wsj.com/account#password", + "wunderground.com": "https://www.wunderground.com/member/settings", "xfinity.com": "https://customer.xfinity.com/users/me/update-password", + "xhamster.com": "https://xhamster.com/password-recovery", + "xvideos.com": "https://www.xvideos.com/account/security", "yahoo.com": "https://login.yahoo.com/account/change-password", + "yelp.com": "https://yelp.com/profile_password", + "youporn.com": "https://www.youporn.com/settings/change/password/", + "youtube.com": "https://myaccount.google.com/signinoptions/password", "zeplin.io": "https://app.zeplin.io/profile/password", "zhihu.com": "https://www.zhihu.com/settings/account", + "zillow.com": "https://www.zillow.com/myzillow/profile/", + "ziprecruiter.com": "https://www.ziprecruiter.com/login/forgot-password?realm=candidates", "zocdoc.com": "https://www.zocdoc.com/patient/editprofile?section=Password", "zoom.us": "https://zoom.us/profile#pwd-form" } From 0b1f00911d84da9a1ae3718a06548abe8c72f383 Mon Sep 17 00:00:00 2001 From: Ricky Mondello Date: Fri, 10 Feb 2023 17:16:29 -0800 Subject: [PATCH 008/124] Remove recently-added adp.com change-password URL (#667) The link is to a specific subdomain that I don't believe is representative of the entire domain. --- quirks/change-password-URLs.json | 1 - 1 file changed, 1 deletion(-) diff --git a/quirks/change-password-URLs.json b/quirks/change-password-URLs.json index df569e825..ac1542e53 100644 --- a/quirks/change-password-URLs.json +++ b/quirks/change-password-URLs.json @@ -9,7 +9,6 @@ "account.publishing.service.gov.uk": "https://www.account.publishing.service.gov.uk/account/edit/password", "acorns.com": "https://app.acorns.com/settings/change-password", "adobe.com": "https://account.adobe.com/security", - "adp.com": "https://mon.adp.com/pwdservice/changePassword", "adultfriendfinder.com": "https://adultfriendfinder.com/p/update.cgi?p=my_account_update_account_password", "ae.com": "https://www.ae.com/myaccount", "aerlingus.com": "https://www.aerlingus.com/html/user-profile.html", From dbd98525104a74a473f1dbcff9a0ffb89e1e1bd3 Mon Sep 17 00:00:00 2001 From: Jan Philip Bernius Date: Fri, 10 Mar 2023 20:07:13 +0100 Subject: [PATCH 009/124] Add tum.edu as alias for tum.de (#669) tum.edu is used for eaccess.tum.edu ever since HSTS is enabled for tum.de --- quirks/shared-credentials.json | 3 ++- quirks/websites-with-shared-credential-backends.json | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index 49ce8b4cc..86870d412 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -242,7 +242,8 @@ "lrz.de", "mwn.de", "mytum.de", - "tum.de" + "tum.de", + "tum.edu" ] }, { diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index e54e97a0a..0a288b613 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -439,7 +439,8 @@ "lrz.de", "mwn.de", "mytum.de", - "tum.de" + "tum.de", + "tum.edu" ], [ "lufthansa.com", From d2621ad63aaab8ed50b7b26afc6243b008d688b7 Mon Sep 17 00:00:00 2001 From: CoolTomatos <24667806+CoolTomatos@users.noreply.github.com> Date: Fri, 14 Apr 2023 21:33:22 +0200 Subject: [PATCH 010/124] Added shared credential backends for Epic Games and Unreal Engine (#677) * Added shared credential backends for: - Epic Games; and - Unreal Engine. Closes apple/password-manager-resources#625 --- quirks/shared-credentials.json | 6 ++++++ .../websites-with-shared-credential-backends.json | 13 +++++++++++++ 2 files changed, 19 insertions(+) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index 86870d412..7958a0feb 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -178,6 +178,12 @@ "ebay.vn" ] }, + { + "shared": [ + "epicgames.com", + "unrealengine.com" + ] + }, { "shared": [ "eventbrite.at", diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index 0a288b613..ce8f13a97 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -311,6 +311,10 @@ "ebay.pl", "ebay.vn" ], + [ + "epicgames.com", + "unrealengine.com" + ], [ "eurosport.no", "eurosportplayer.com" @@ -466,6 +470,11 @@ "minecraft.net", "mojang.com" ], + [ + "moneybird.nl", + "moneybird.de", + "moneybird.com" + ], [ "mytotalconnectcomfort.com", "tccna.honeywell.com" @@ -616,6 +625,10 @@ "spark.net", "jdate.com" ], + [ + "spirit.com", + "spirit-airlines.com" + ], [ "springfield.overdrive.com", "coolcat.org" From d2b524a43a33eec59708d0e8498373b12852f90b Mon Sep 17 00:00:00 2001 From: Samar Sunkaria Date: Wed, 26 Apr 2023 10:54:57 +0200 Subject: [PATCH 011/124] Add instructions for regenerating websites-with-shared-credential-backends.json (#680) quirks/websites-with-shared-credential-backends.json contains a lower fidelity version of the data in quirks/shared-credentials.json and quirks/shared-credentials-historical.json. It must be regenerated using tools/convert-shared-credential-to-legacy-format.rb whenever those files are changed. This information was not captuted in any of the current documentation, therefore CONTRIBUTING.md has been updated to include it. The workflows we run on each PR have been updated to verify that quirks/websites-with-shared-credential-backends.json is up-to-date. --- .github/workflows/lint.yml | 2 ++ CONTRIBUTING.md | 2 ++ ...vert-shared-credential-to-legacy-format.rb | 19 ++++++++++++++++++- 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 242cea0fe..3bab5c4d0 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -40,6 +40,8 @@ jobs: run: ruby .github/workflows/lint-scripts/websites-shared-credentials-sort-order.rb - name: Lint Duplicates run: ruby .github/workflows/lint-scripts/websites-shared-credentials-duplicates.rb + - name: Verify Generated Files + run: ruby tools/convert-shared-credential-to-legacy-format.rb --verify validate-schemas: runs-on: ubuntu-latest diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4cf4fe761..3ea704eb7 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -51,6 +51,8 @@ Each entry in [`quirks/shared-credentials.json`](quirks/shared-credentials.json) When contributing or amending a set of websites sharing a credential backend, you should state why you believe the relevant domains do or do not share a credential backend, with evidence to support your claim. This may involve WHOIS information or content served from the domains themselves. +[`quirks/websites-with-shared-credential-backends.json`](quirks/websites-with-shared-credential-backends.json) contains a lower fidelity version of the data in [`quirks/shared-credentials.json`](quirks/shared-credentials.json) and [`quirks/shared-credentials-historical.json`](quirks/shared-credentials-historical.json). It must be regenerated using [`tools/convert-shared-credential-to-legacy-format.rb`](tools/convert-shared-credential-to-legacy-format.rb) whenever those files are changed. Please do not edit [`quirks/websites-with-shared-credential-backends.json`](quirks/websites-with-shared-credential-backends.json) manually. + ### Contributing a Change Password URL Use the website in question until you find the standalone page for updating the user's password, or a high-level "Account Information" or "Security" page. The closer the URL takes the user to be able to change their password, the better. Before adding a URL, ensure that it works properly both when the user is logged in and when they are not. URLs added to [`quirks/change-password-URLs.json`](quirks/change-password-URLs.json) should have a scheme of https unless the website does not allow changing the password on an https page. diff --git a/tools/convert-shared-credential-to-legacy-format.rb b/tools/convert-shared-credential-to-legacy-format.rb index 5b2549c36..955df191f 100755 --- a/tools/convert-shared-credential-to-legacy-format.rb +++ b/tools/convert-shared-credential-to-legacy-format.rb @@ -1,6 +1,14 @@ #!/usr/bin/env ruby require 'json' +require 'optparse' + +options = {} +OptionParser.new do |opts| + opts.on("--verify", "Verify that the generated file is up-to-date.") do |v| + options[:verify] = v + end +end.parse! tools_dir = __dir__ root_dir = File.dirname tools_dir @@ -37,4 +45,13 @@ def addEntriesToLegacyOutputArray(file_path, legacy_output_array) legacy_output_array = legacy_output_array.sort_by(&:first) json_to_output = JSON.pretty_generate(legacy_output_array, indent: ' ') + "\n" -File.write output_file_path, json_to_output + +if options[:verify] + current_file_contents = File.read output_file_path + if current_file_contents != json_to_output + STDERR.puts "ERROR: #{File.basename output_file_path} is not up-to-date. Please run this script again and commit the changes." + exit 1 + end +else + File.write output_file_path, json_to_output +end From 0c98c3acb80f04a645d0f61efe447338ac07fe48 Mon Sep 17 00:00:00 2001 From: Ashton Williams <92277594+ashton-seek@users.noreply.github.com> Date: Sat, 29 Apr 2023 01:03:21 +1000 Subject: [PATCH 012/124] Add shared credential for JobsDB, JobStreet, SEEK (#668) JobsDB and JobStreet use multiple domains for registration and login, but will be moving to using a central SEEK domain. This will be a staged transition so `fromDomainsAreObsoleted` has been removed so it defaults to false. --- quirks/shared-credentials.json | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index 7958a0feb..21b61ad86 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -360,12 +360,20 @@ { "from": [ "www.seek.com.au", - "www.seek.co.nz" + "www.seek.co.nz", + "jobsdb.com", + "hk.jobsdb.com", + "sg.jobsdb.com", + "th.jobsdb.com", + "jobstreet.com", + "myjobstreet.jobstreet.co.id", + "myjobstreet.jobstreet.com.my", + "myjobstreet.jobstreet.com.ph", + "myjobstreet.jobstreet.com.sg" ], "to": [ "login.seek.com" - ], - "fromDomainsAreObsoleted": true + ] }, { "from": [ From 98c7d321ab9741b030b70b3a170a9a96b53791c8 Mon Sep 17 00:00:00 2001 From: Ricky Mondello Date: Fri, 28 Apr 2023 08:06:38 -0700 Subject: [PATCH 013/124] Run convert-shared-credential-to-legacy-format.rb --- quirks/websites-with-shared-credential-backends.json | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index ce8f13a97..4a37ded8c 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -755,6 +755,15 @@ [ "www.seek.com.au", "www.seek.co.nz", + "jobsdb.com", + "hk.jobsdb.com", + "sg.jobsdb.com", + "th.jobsdb.com", + "jobstreet.com", + "myjobstreet.jobstreet.co.id", + "myjobstreet.jobstreet.com.my", + "myjobstreet.jobstreet.com.ph", + "myjobstreet.jobstreet.com.sg", "login.seek.com" ], [ From 6c938ee26654eaffe130c894d16b87c0e0d2391a Mon Sep 17 00:00:00 2001 From: hipwelljo Date: Sat, 29 Apr 2023 09:44:48 -0600 Subject: [PATCH 014/124] Add password rules for fccaccessonline.com (#674) Co-authored-by: Jordan Hipwell --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 02e86a689..69bfb5b91 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -302,6 +302,9 @@ "fc2.com": { "password-rules": "minlength: 8; maxlength: 16;" }, + "fccaccessonline.com": { + "password-rules": "minlength: 8; maxlength: 14; max-consecutive: 3; required: lower; required: upper; required: digit; required: [!#$%*^_];" + }, "fedex.com": { "password-rules": "minlength: 8; max-consecutive: 3; required: lower; required: upper; required: digit; allowed: [-!@#$%^&*_+=`|(){}[:;,.?]];" }, From f1102a811ee022bbbd0549b57cd7d37406ebf260 Mon Sep 17 00:00:00 2001 From: Charlie Powell Date: Mon, 22 May 2023 08:45:54 -0400 Subject: [PATCH 015/124] Add password rule for wmata.com (#686) * Add password rule for wmata.com * Update password-rules.json Put `-` and `]` in the right spots. --------- Co-authored-by: Ricky Mondello --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 69bfb5b91..1a4512815 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -797,6 +797,9 @@ "wellsfargo.com": { "password-rules": "minlength: 8; maxlength: 32; required: lower; required: upper; required: digit;" }, + "wmata.com": { + "password-rules": "minlength: 8; required: lower, upper; required: digit; required: digit; required: [-!@#$%^&*~/\"()_=+\\|,.?[]];" + }, "wsj.com": { "password-rules": "minlength: 5; maxlength: 15; required: digit; allowed: lower, upper, [-~!@#$^*_=`|(){}[:;\"'<>,.?]];" }, From 29272a0ef6b3b874ef0a10113d850e977ac21f53 Mon Sep 17 00:00:00 2001 From: Jon Parise Date: Wed, 31 May 2023 16:34:30 -0700 Subject: [PATCH 016/124] Remove airbnb.com from change-password quirks (#687) https://www.airbnb.com/.well-known/change-password is now a valid, supported URL route to /account-settings/login-and-security. --- quirks/change-password-URLs.json | 1 - 1 file changed, 1 deletion(-) diff --git a/quirks/change-password-URLs.json b/quirks/change-password-URLs.json index ac1542e53..93c97af36 100644 --- a/quirks/change-password-URLs.json +++ b/quirks/change-password-URLs.json @@ -13,7 +13,6 @@ "ae.com": "https://www.ae.com/myaccount", "aerlingus.com": "https://www.aerlingus.com/html/user-profile.html", "aesop.com": "https://www.aesop.com/my-account", - "airbnb.com": "https://www.airbnb.com/account-settings/login-and-security", "airnewzealand.com": "https://www.airnewzealand.com/membership/profile/security/password", "alaskaair.com": "https://www.alaskaair.com/www2/ssl/myalaskaair/myalaskaair.aspx?view=myinformation&tab=email", "aliexpress.com": "https://login.aliexpress.com/", From fe4a65cf44564214c4f97ba1eb043c77285ad3b5 Mon Sep 17 00:00:00 2001 From: Simon Olofsson Date: Tue, 13 Jun 2023 09:10:24 +0200 Subject: [PATCH 017/124] Add kundenportal.edeka smart.de (#690) * kundenportal.edeka-smart.de: Change password URL * kundenportal.edeka-smart.de: Password rules --- quirks/change-password-URLs.json | 1 + quirks/password-rules.json | 3 +++ 2 files changed, 4 insertions(+) diff --git a/quirks/change-password-URLs.json b/quirks/change-password-URLs.json index 93c97af36..c7d2ef47d 100644 --- a/quirks/change-password-URLs.json +++ b/quirks/change-password-URLs.json @@ -176,6 +176,7 @@ "key.harvard.edu": "https://key.harvard.edu/manage-account/change-password", "kohls.com": "https://www.kohls.com/myaccount/accountsettings.jsp", "kroger.com": "https://www.kroger.com/account/update", + "kundenportal.edeka-smart.de": "https://kundenportal.edeka-smart.de/edeka-csc/forgot-password", "latimes.com": "https://membership.latimes.com/settings", "leetcode.com": "https://leetcode.com/accounts/password/set/", "legacy.com": "https://legacy.memoriams.com/Network/Account/ChangePassword", diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 1a4512815..df32fa2c4 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -431,6 +431,9 @@ "klm.com": { "password-rules": "minlength: 8; maxlength: 12;" }, + "kundenportal.edeka-smart.de": { + "password-rules": "minlength: 8; maxlength: 16; required: digit; required: upper, lower; required: [!\"§$%&#];" + }, "la-z-boy.com": { "password-rules": "minlength: 6; maxlength: 15; required: lower, upper; required: digit;" }, From fa9dbedb6098ac6477bb2030dea3435918a88d34 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Wed, 14 Jun 2023 19:48:10 -0600 Subject: [PATCH 018/124] Add password rule for treasurer.mo.gov (#653) --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index df32fa2c4..5a655f68d 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -731,6 +731,9 @@ "training.confluent.io": { "password-rules": "minlength: 6; maxlength: 16; required: lower; required: upper; required: digit; allowed: [!#$%*@^_~];" }, + "treasurer.mo.gov": { + "password-rules": "minlength: 8; maxlength: 26; required: lower; required: upper; required: digit; required: [!#$&];" + }, "twitch.tv": { "password-rules": "minlength: 8; maxlength: 71;" }, From 6b5fa9b70c1548d6eb62315b0ddf31b4547d29c5 Mon Sep 17 00:00:00 2001 From: hanniavalera <90047725+hanniavalera@users.noreply.github.com> Date: Wed, 14 Jun 2023 18:50:24 -0700 Subject: [PATCH 019/124] modified mlb.com as passwords are not allowed to have any special characters (#691) --- quirks/password-rules.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 5a655f68d..573db35e9 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -504,7 +504,7 @@ "password-rules": "minlength: 8; maxlength: 20; required: lower; required: upper; required: digit; required: special; allowed: [!#$%&()*+:;=@[^_`{}~]];" }, "mlb.com": { - "password-rules": "minlength: 8; maxlength: 15; required: lower; required: upper; required: digit; allowed: [!\"#$%&'()*+,./:;<=>?[\\^_`{|}~]];" + "password-rules": "minlength: 8; maxlength: 15; required: lower; required: upper; required: digit;" }, "mpv.tickets.com": { "password-rules": "minlength: 8; maxlength: 15; required: lower; required: upper; required: digit;" From 802c6024c5a07e52961ad5a0ad38c7d0422a6caf Mon Sep 17 00:00:00 2001 From: Darrell Roberts <33698065+darrell-roberts@users.noreply.github.com> Date: Fri, 16 Jun 2023 16:33:47 -0400 Subject: [PATCH 020/124] add shared credentials for redis.com/redislabs.com (#692) * add shared credentials for redis.com/redislabs.com * use new format * run conversion script --- quirks/shared-credentials.json | 6 ++++++ quirks/websites-with-shared-credential-backends.json | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index 21b61ad86..25ce92ad7 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -318,6 +318,12 @@ "pretendo.cc" ] }, + { + "shared":[ + "redis.com", + "redislabs.com" + ] + }, { "from": [ "tvnow.de", diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index 4a37ded8c..d1923e00f 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -576,6 +576,10 @@ "questdiagnostics.com", "care360.com" ], + [ + "redis.com", + "redislabs.com" + ], [ "rocketaccount.com", "rocketmortgage.com" From fda3656d6254df56c791e25114d81f7afd2cb69b Mon Sep 17 00:00:00 2001 From: 4amVim <4429609+4amVim@users.noreply.github.com> Date: Sat, 24 Jun 2023 21:37:49 +0530 Subject: [PATCH 021/124] Update rule for ancestry.com in password-rules.json (#693) --- quirks/password-rules.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 573db35e9..2441ff3bf 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -45,7 +45,7 @@ "password-rules": "minlength: 6; maxlength: 15; allowed: lower, upper, digit;" }, "ancestry.com": { - "password-rules": "minlength: 8; required: lower; required: upper; required: digit; required: [-!\"#$%&'()*+,./:;<=>?@[^_`{|}~]];" + "password-rules": "minlength: 8; required: lower, upper; required: digit;" }, "angieslist.com": { "password-rules": "minlength: 6; maxlength: 15;" From 6c0a9346eb1815f1a6ef5eff24bee63b8e83de76 Mon Sep 17 00:00:00 2001 From: Eryn Wells Date: Mon, 10 Jul 2023 14:08:38 -0700 Subject: [PATCH 022/124] Add a shared credential backend entry for ynab.com and youneedabudget.com (#702) Closes #696. --- quirks/shared-credentials.json | 9 +++++++++ quirks/websites-with-shared-credential-backends.json | 4 ++++ 2 files changed, 13 insertions(+) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index 25ce92ad7..19cba4f4e 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -389,5 +389,14 @@ "account.vistaprint.com" ], "fromDomainsAreObsoleted": true + }, + { + "from": [ + "youneedabudget.com" + ], + "to": [ + "ynab.com" + ], + "fromDomainsAreObsoleted": true } ] diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index d1923e00f..ec8efa6fe 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -778,6 +778,10 @@ "yahoo.com", "flickr.com" ], + [ + "youneedabudget.com", + "ynab.com" + ], [ "zixmail.net", "zixmessagecenter.com" From 7aa40a0e5326be6c74cefb7e800269ada6ce3df5 Mon Sep 17 00:00:00 2001 From: Eryn Wells Date: Mon, 10 Jul 2023 14:42:54 -0700 Subject: [PATCH 023/124] Add max.com to the shared credential backends list for HBO sites (#703) Closes #701. --- quirks/shared-credentials-historical.json | 7 ------- quirks/shared-credentials.json | 11 +++++++++++ quirks/websites-with-shared-credential-backends.json | 3 ++- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/quirks/shared-credentials-historical.json b/quirks/shared-credentials-historical.json index 7b198a145..99c4845ad 100644 --- a/quirks/shared-credentials-historical.json +++ b/quirks/shared-credentials-historical.json @@ -281,13 +281,6 @@ "gogoinflight.com" ] }, - { - "shared": [ - "hbo.com", - "hbomax.com", - "hbonow.com" - ] - }, { "shared": [ "igen.fr", diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index 19cba4f4e..a8c2a6d45 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -219,6 +219,17 @@ ], "fromDomainsAreObsoleted": true }, + { + "from": [ + "hbo.com", + "hbomax.com", + "hbonow.com" + ], + "to": [ + "max.com" + ], + "fromDomainsAreObsoleted": true + }, { "from": [ "ing.de" diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index ec8efa6fe..a1b0f6b1d 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -383,7 +383,8 @@ [ "hbo.com", "hbomax.com", - "hbonow.com" + "hbonow.com", + "max.com" ], [ "igen.fr", From cdc2eeaf0eb839c525caa2daa4a30305cec42d92 Mon Sep 17 00:00:00 2001 From: Charlie Powell Date: Mon, 10 Jul 2023 15:59:25 -0700 Subject: [PATCH 024/124] Remove subdomain from wa.aaa.com (#699) When creating a new account from the AAA website, a redirect from `secure.wa.aaa.com` to `identity.wa.aaa.com` happens such that the existing quirk doesn't seem to be honored. Removing the `secure` subdomain should allow the quirk to work anywhere on the site (though still under the `wa` subdomain). --- quirks/password-rules.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 2441ff3bf..5c7ed8e74 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -662,9 +662,6 @@ "secure.snnow.ca": { "password-rules": "minlength: 7; maxlength: 16; required: digit; allowed: lower, upper;" }, - "secure.wa.aaa.com": { - "password-rules": "minlength: 8; maxlength: 16; required: lower; required: upper; required: digit; allowed: ascii-printable;" - }, "sephora.com": { "password-rules": "minlength: 6; maxlength: 12;" }, @@ -779,6 +776,9 @@ "vivo.com.br": { "password-rules": "maxlength: 6; max-consecutive: 3; allowed: digit;" }, + "wa.aaa.com": { + "password-rules": "minlength: 8; maxlength: 16; required: lower; required: upper; required: digit; allowed: ascii-printable;" + }, "walkhighlands.co.uk": { "password-rules": "minlength: 9; maxlength: 15; required: lower; required: upper; required: digit; allowed: special;" }, From ffb1f19679a115e4ada7100f6378bdc5b068c150 Mon Sep 17 00:00:00 2001 From: Michael Carlyle Date: Mon, 10 Jul 2023 18:00:07 -0500 Subject: [PATCH 025/124] update lowes rule (#698) --- quirks/password-rules.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 5c7ed8e74..41f66fcaa 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -462,7 +462,7 @@ "password-rules": "minlength: 8; maxlength: 15; required: lower; required: digit; allowed: upper;" }, "lowes.com": { - "password-rules": "minlength: 8; maxlength: 12; required: lower, upper; required: digit;" + "password-rules": "minlength: 8; maxlength: 128; max-consecutive: 3; required: lower, upper; required: digit;" }, "loyalty.accor.com": { "password-rules": "minlength: 8; required: lower; required: upper; required: digit; required: [!#$%&=@];" From 475dbea7f83190b3e8109f75d00142998ae22cd5 Mon Sep 17 00:00:00 2001 From: Michael Carlyle Date: Sat, 22 Jul 2023 17:10:55 -0500 Subject: [PATCH 026/124] Add angel to wellfound redirect (#706) * update lowes rule * add angel.co to wellfound.com redirect * oops --- quirks/shared-credentials.json | 9 +++++++++ quirks/websites-with-shared-credential-backends.json | 4 ++++ 2 files changed, 13 insertions(+) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index a8c2a6d45..721f9dde5 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -92,6 +92,15 @@ "vons.com" ] }, + { + "from": [ + "angel.co" + ], + "to": [ + "wellfound.com" + ], + "fromDomainsAreObsoleted": true + }, { "shared": [ "anthem.com", diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index a1b0f6b1d..673542ec9 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -136,6 +136,10 @@ "ameritrade.com", "tdameritrade.com" ], + [ + "angel.co", + "wellfound.com" + ], [ "anthem.com", "sydneyhealth.com" From c8875f18e9c9f4df6a898f0fcdcb4991e7ba4179 Mon Sep 17 00:00:00 2001 From: Ezekiel Date: Fri, 25 Aug 2023 14:12:31 -0400 Subject: [PATCH 027/124] Instagram & Threads.net (#711) * Threads.net * Corrected shared-credentials.json --- quirks/shared-credentials.json | 6 ++++++ quirks/websites-with-shared-credential-backends.json | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index 721f9dde5..5325c9fd6 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -247,6 +247,12 @@ "ing.com" ] }, + { + "shared": [ + "instagram.com", + "threads.net" + ] + }, { "from": [ "letsdeel.com" diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index 673542ec9..9c722c619 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -403,6 +403,10 @@ "ing.de", "ing.com" ], + [ + "instagram.com", + "threads.net" + ], [ "intuit.com", "mint.com" From ac895a2cafdc301bf37a8be819215adbfe38afb1 Mon Sep 17 00:00:00 2001 From: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> Date: Tue, 17 Oct 2023 12:02:04 -0700 Subject: [PATCH 028/124] Remove Yahoo/Flickr relationship (#715) Flickr no longer shares a credential backend with Yahoo. --- quirks/shared-credentials-historical.json | 6 ------ quirks/websites-with-shared-credential-backends.json | 4 ---- 2 files changed, 10 deletions(-) diff --git a/quirks/shared-credentials-historical.json b/quirks/shared-credentials-historical.json index 99c4845ad..f5da94df9 100644 --- a/quirks/shared-credentials-historical.json +++ b/quirks/shared-credentials-historical.json @@ -664,12 +664,6 @@ "dowjones.com" ] }, - { - "shared": [ - "yahoo.com", - "flickr.com" - ] - }, { "shared": [ "zixmail.net", diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index 9c722c619..b1fb008f7 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -783,10 +783,6 @@ "www.vistaprint.ca", "account.vistaprint.com" ], - [ - "yahoo.com", - "flickr.com" - ], [ "youneedabudget.com", "ynab.com" From 499d04a5b8d0f9734b56d6d4620ed2f3ddcace96 Mon Sep 17 00:00:00 2001 From: Jack Platten Date: Tue, 31 Oct 2023 12:04:18 -0700 Subject: [PATCH 029/124] Remove Ring from Amazon shared credentials (#718) --- quirks/shared-credentials-historical.json | 3 +-- quirks/websites-with-shared-credential-backends.json | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/quirks/shared-credentials-historical.json b/quirks/shared-credentials-historical.json index f5da94df9..e23f1ca80 100644 --- a/quirks/shared-credentials-historical.json +++ b/quirks/shared-credentials-historical.json @@ -43,8 +43,7 @@ "amazon.sa", "amazon.sg", "amazon.se", - "amazon.pl", - "ring.com" + "amazon.pl" ] }, { diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index b1fb008f7..e7cccf7bf 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -119,8 +119,7 @@ "amazon.sa", "amazon.sg", "amazon.se", - "amazon.pl", - "ring.com" + "amazon.pl" ], [ "amcrestcloud.com", From dd4cc3e6c67edd826876e074562a02aaebafd828 Mon Sep 17 00:00:00 2001 From: Michael Carlyle Date: Thu, 16 Nov 2023 11:04:45 -0600 Subject: [PATCH 030/124] added shared credentials for microsoft/azure (#697) --- quirks/shared-credentials-historical.json | 3 ++- quirks/websites-with-shared-credential-backends.json | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/quirks/shared-credentials-historical.json b/quirks/shared-credentials-historical.json index e23f1ca80..210dde0d8 100644 --- a/quirks/shared-credentials-historical.json +++ b/quirks/shared-credentials-historical.json @@ -362,7 +362,8 @@ "office.com", "skype.com", "onenote.com", - "hotmail.com" + "hotmail.com", + "azure.com" ] }, { diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index e7cccf7bf..f846c8c8a 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -472,7 +472,8 @@ "office.com", "skype.com", "onenote.com", - "hotmail.com" + "hotmail.com", + "azure.com" ], [ "minecraft.net", From 2f8c15ccfb2840e9e1303f7eb8870ee4257ed588 Mon Sep 17 00:00:00 2001 From: David Kilzer Date: Mon, 27 Nov 2023 08:31:29 -0800 Subject: [PATCH 031/124] Add password rules for mysavings.breadfinancial.com (#721) (#721) Co-authored-by: David Kilzer --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 41f66fcaa..ee248d9a1 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -524,6 +524,9 @@ "myhealthrecord.com": { "password-rules": "minlength: 8; maxlength: 20; allowed: lower, upper, digit, [_.!$*=];" }, + "mysavings.breadfinancial.com": { + "password-rules": "minlength: 8; maxlength: 25; required: lower; required: upper; required: digit; required: [+_%@!$*~];" + }, "mysedgwick.com": { "password-rules": "minlength: 8; maxlength: 16; allowed: lower; required: upper; required: digit; required: [@#%^&+=!]; allowed: [-~_$.,;]" }, From 69b3edea863836daa0a9c6c069ec874caf4e803d Mon Sep 17 00:00:00 2001 From: David Kilzer Date: Mon, 27 Nov 2023 08:32:10 -0800 Subject: [PATCH 032/124] Add password rules for worldstrides.com (#671) (#672) Co-authored-by: David Kilzer --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index ee248d9a1..73b514be7 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -809,6 +809,9 @@ "wmata.com": { "password-rules": "minlength: 8; required: lower, upper; required: digit; required: digit; required: [-!@#$%^&*~/\"()_=+\\|,.?[]];" }, + "worldstrides.com": { + "password-rules": "minlength: 8; required: lower; required: upper; required: digit; required: [-!#$%&*+=?@^_~];" + }, "wsj.com": { "password-rules": "minlength: 5; maxlength: 15; required: digit; allowed: lower, upper, [-~!@#$^*_=`|(){}[:;\"'<>,.?]];" }, From c049797c03b16b03d228574d436457af452a3f55 Mon Sep 17 00:00:00 2001 From: Ricky Mondello Date: Wed, 29 Nov 2023 06:11:14 -0800 Subject: [PATCH 033/124] Add a password rules quirk for gocurb.com (#724) --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 73b514be7..9cb5451f3 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -332,6 +332,9 @@ "gmx.net": { "password-rules": "minlength: 8; maxlength: 40; allowed: lower, upper, digit, [-<=>~!|()@#{}$%,.?^'&*_+`:;\"[]];" }, + "gocurb.com": { + "password-rules": "minlength: 8; required: lower; required: upper; required: digit; required: [$%&#*?!@^];" + }, "google.com": { "password-rules": "minlength: 8; allowed: lower, upper, digit, [-!\"#$%&'()*+,./:;<=>?@[^_{|}~]];" }, From a8ba23444c941add80014935701ef526e63b23e6 Mon Sep 17 00:00:00 2001 From: Ellie <1447600+ellieayla@users.noreply.github.com> Date: Sat, 2 Dec 2023 14:20:37 -0500 Subject: [PATCH 034/124] Activision & callofduty.com share credentials (#726) * Activision & callofduty.com share credentials * Sorting --- quirks/shared-credentials.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index 5325c9fd6..0cbd79f7b 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -350,6 +350,12 @@ "redislabs.com" ] }, + { + "shared": [ + "s.activision.com", + "profile.callofduty.com" + ] + }, { "from": [ "tvnow.de", From 5b15f13a8a082ef6bc22b579b903b008355fee44 Mon Sep 17 00:00:00 2001 From: Ricky Mondello Date: Sat, 2 Dec 2023 14:21:13 -0500 Subject: [PATCH 035/124] Fix up the legacy credentials format --- quirks/websites-with-shared-credential-backends.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index f846c8c8a..e79082cd2 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -593,6 +593,10 @@ "rocketaccount.com", "rocketmortgage.com" ], + [ + "s.activision.com", + "profile.callofduty.com" + ], [ "scholarshare529.com", "secureaccountview.com" From 5d32ac562541a27d871fbea477f15ec0c434143a Mon Sep 17 00:00:00 2001 From: Michael Carlyle Date: Thu, 7 Dec 2023 16:59:29 -0600 Subject: [PATCH 036/124] Added shared credential for quicken.com and simplifimoney.com (#729) --- quirks/shared-credentials.json | 6 ++++++ quirks/websites-with-shared-credential-backends.json | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index 0cbd79f7b..0bf17a397 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -344,6 +344,12 @@ "pretendo.cc" ] }, + { + "shared":[ + "quicken.com", + "simplifimoney.com" + ] + }, { "shared":[ "redis.com", diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index e79082cd2..7593733cc 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -585,6 +585,10 @@ "questdiagnostics.com", "care360.com" ], + [ + "quicken.com", + "simplifimoney.com" + ], [ "redis.com", "redislabs.com" From 22534204a9dc8502271be146883b42f08e549572 Mon Sep 17 00:00:00 2001 From: Ryan Steele Date: Fri, 15 Dec 2023 06:05:39 -0800 Subject: [PATCH 037/124] Add password rules quirk for clegc-gckey.gc.ca (#731) Per https://clegc-gckey.gc.ca/j/eng/FQ-02#link2 --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 9cb5451f3..f5bee8756 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -176,6 +176,9 @@ "classmates.com": { "password-rules": "minlength: 6; maxlength: 20; allowed: lower, upper, digit, [!@#$%^&*];" }, + "clegc-gckey.gc.ca": { + "password-rules": "minlength: 8; maxlength: 16; required: lower, upper, digit;" + }, "clien.net": { "password-rules": "minlength: 5; required: lower, upper; required: digit;" }, From 53ae335f78b4ddd78a350998c77b90af10569e45 Mon Sep 17 00:00:00 2001 From: Ricky Mondello Date: Fri, 15 Dec 2023 15:38:06 -0500 Subject: [PATCH 038/124] Add shared credential backends quirks for ParkMobile, resolving #730 (#732) --- quirks/shared-credentials.json | 9 +++++++++ quirks/websites-with-shared-credential-backends.json | 4 ++++ 2 files changed, 13 insertions(+) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index 0bf17a397..9ff2aefba 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -307,6 +307,15 @@ "nordaccount.com" ] }, + { + "from": [ + "parkmobile.us" + ], + "to": [ + "parkmobile.io" + ], + "fromDomainsAreObsoleted": true + }, { "shared": [ "pinterest.com", diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index 7593733cc..2c17ce104 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -531,6 +531,10 @@ "olo.com", "olo.express" ], + [ + "parkmobile.us", + "parkmobile.io" + ], [ "pinterest.com", "pinterest.ca", From 6209d825920cf0c4fa44a07b9487b80f8710fbaa Mon Sep 17 00:00:00 2001 From: Ricky Mondello Date: Fri, 15 Dec 2023 16:09:06 -0500 Subject: [PATCH 039/124] Adjust the password-rules for fidelity.com (#733) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fidelity now requires an upper, a lower, and a digit. They also now require a special character — not just allow them. They also warn against sequences. --- quirks/password-rules.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index f5bee8756..6f2ada793 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -312,7 +312,7 @@ "password-rules": "minlength: 8; max-consecutive: 3; required: lower; required: upper; required: digit; allowed: [-!@#$%^&*_+=`|(){}[:;,.?]];" }, "fidelity.com": { - "password-rules": "minlength: 6; maxlength: 20; required: lower; allowed: upper,digit,[!$%'()+,./:;=?@^_|~];" + "password-rules": "minlength: 6; maxlength: 20; required: lower; required: upper; required: digit; required: [!$%'()+,./:;=?@^_|~]; max-consecutive: 2;" }, "flysas.com": { "password-rules": "minlength: 8; maxlength: 14; required: lower; required: upper; required: digit; required: [-~!@#$%^&_+=`|(){}[:\"'<>,.?]];" From 8fea53671f70c36bc06ed7a67752d09a8ae626c1 Mon Sep 17 00:00:00 2001 From: Moritz Sternemann <3034168+moritzsternemann@users.noreply.github.com> Date: Sun, 17 Dec 2023 22:34:04 +0100 Subject: [PATCH 040/124] Add password rule for linearity.com (#734) --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 6f2ada793..885287222 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -461,6 +461,9 @@ "lg.com": { "password-rules": "minlength: 8; maxlength: 16; required: lower; required: upper; required: digit; allowed: [-!#$%&'()*+,.:;=?@[^_{|}~]];" }, + "linearity.io": { + "password-rules": "minlength: 8; required: lower; required: upper; required: digit; required: special;" + }, "live.com": { "password-rules": "minlength: 8; required: lower; required: upper; required: digit; allowed: [-@_#!&$`%*+()./,;~:{}|?>=<^'[]];" }, From 5d18499dc78875074a997d5b8303b4757a43fa9d Mon Sep 17 00:00:00 2001 From: Ricky Mondello Date: Wed, 20 Dec 2023 09:53:21 -0500 Subject: [PATCH 041/124] Update hotels.com rules (#736) --- quirks/password-rules.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 885287222..7165c3812 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -369,7 +369,7 @@ "password-rules": "minlength: 8; maxlength: 15; required: lower; required: upper; required: digit; required: special;" }, "hotels.com": { - "password-rules": "minlength: 6; maxlength: 20; required: digit; allowed: lower, upper, [@$!#()&^*%];" + "password-rules": "minlength: 6; maxlength: 20; required: digit; required: [-~#@$%&!*_?^]; allowed: lower, upper;" }, "hotwire.com": { "password-rules": "minlength: 6; maxlength: 30; allowed: lower, upper, digit, [-~!@#$%^&*_+=`|(){}[:;\"'<>,.?]];" From e777a27693fbe7df7201923ffafdad920fa663a9 Mon Sep 17 00:00:00 2001 From: amone Date: Thu, 21 Dec 2023 02:21:08 +0800 Subject: [PATCH 042/124] add password rule for ichunqiu.com (#735) * add password rule for ichunqiu.com * Update password-rules.json --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 7165c3812..6c7d8bc58 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -389,6 +389,9 @@ "hyresbostader.se": { "password-rules": "minlength: 6; maxlength: 20; required: lower, upper; required: digit;" }, + "ichunqiu.com": { + "password-rules": "minlength: 8; maxlength: 20; required: lower; required: upper; required: digit;" + }, "id.sonyentertainmentnetwork.com": { "password-rules": "minlength: 8; maxlength: 30; required: lower, upper; required: digit; allowed: [-!@#^&*=+;:];" }, From 79217116f9720b2535846d7434117f82f75314fd Mon Sep 17 00:00:00 2001 From: Velociraptor Date: Sun, 7 Jan 2024 15:47:06 -0800 Subject: [PATCH 043/124] Add password rule for volaris.com (#738) --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 6c7d8bc58..d82696195 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -791,6 +791,9 @@ "vivo.com.br": { "password-rules": "maxlength: 6; max-consecutive: 3; allowed: digit;" }, + "volaris.com": { + "password-rules": "minlength: 8; maxlength: 16; required: lower; required: upper; required: digit; required: special;" + }, "wa.aaa.com": { "password-rules": "minlength: 8; maxlength: 16; required: lower; required: upper; required: digit; allowed: ascii-printable;" }, From 7e37a88471cb3c880a287bdcfb8e030c889928ca Mon Sep 17 00:00:00 2001 From: liam <31192478+terror@users.noreply.github.com> Date: Fri, 12 Jan 2024 11:28:14 -0500 Subject: [PATCH 044/124] Add password rules for milogin.michigan.gov (#740) --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index d82696195..ff32c7da4 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -512,6 +512,9 @@ "microsoft.com": { "password-rules": "minlength: 8; required: lower; required: upper; required: digit; required: special;" }, + "milogin.michigan.gov": { + "password-rules": "minlength: 8; required: lower; required: upper; required: digit; required: [@#$!~&];" + }, "mintmobile.com": { "password-rules": "minlength: 8; maxlength: 20; required: lower; required: upper; required: digit; required: special; allowed: [!#$%&()*+:;=@[^_`{}~]];" }, From 7bb302c86635c5a1e5566b7f59a5c1dcddd58acc Mon Sep 17 00:00:00 2001 From: Ricky Mondello Date: Thu, 18 Jan 2024 12:48:24 -0500 Subject: [PATCH 045/124] Further massage our rules for fidelity.com (#739) * Further massage our rules for fidelity.com This time I was able to "debug" their website in real time and was able to narrow down the list of special characters they actually accept. * Add additional domains for Hertz This list was computed by: 1. Looking at the Certificate Subject Alternative Name field on the hertz.com certificate 2. Manually visiting all of the domains following redirects, confirming they're governed by the same rules. --- quirks/password-rules.json | 140 ++++++++++++++++++++++++++++++++++++- 1 file changed, 139 insertions(+), 1 deletion(-) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index ff32c7da4..0fe9702e7 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -312,7 +312,7 @@ "password-rules": "minlength: 8; max-consecutive: 3; required: lower; required: upper; required: digit; allowed: [-!@#$%^&*_+=`|(){}[:;,.?]];" }, "fidelity.com": { - "password-rules": "minlength: 6; maxlength: 20; required: lower; required: upper; required: digit; required: [!$%'()+,./:;=?@^_|~]; max-consecutive: 2;" + "password-rules": "minlength: 6; maxlength: 20; required: lower; required: upper; required: digit; required: [-!$%+,./:;=?@^_|]; max-consecutive: 2;" }, "flysas.com": { "password-rules": "minlength: 8; maxlength: 14; required: lower; required: upper; required: digit; required: [-~!@#$%^&_+=`|(){}[:\"'<>,.?]];" @@ -353,9 +353,147 @@ "hawaiianairlines.com": { "password-rules": "maxlength: 16;" }, + "hertz-japan.com": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz-kuwait.com": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz-saudi.com": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.at": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.be": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.bh": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.ca": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.ch": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.cn": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.co.ao": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.co.id": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.co.kr": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.co.nz": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.co.th": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.co.uk": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, "hertz.com": { "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" }, + "hertz.com.au": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.com.bh": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.com.hk": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.com.kw": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.com.mt": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.com.pl": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.com.pt": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.com.sg": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.com.tw": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.cv": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.cz": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.de": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.ee": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.es": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.fi": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.fr": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.hu": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.ie": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.it": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.jo": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.lt": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.nl": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.no": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.nu": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.pl": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.pt": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.qa": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.ru": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.se": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.si": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertzcaribbean.com": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, "hetzner.com": { "password-rules": "minlength: 8; required: lower; required: upper; required: digit, special;" }, From 303c864a745c5c64ee1f2a09c0e7ecfe4ebb63ce Mon Sep 17 00:00:00 2001 From: Ricky Mondello Date: Thu, 18 Jan 2024 12:49:56 -0500 Subject: [PATCH 046/124] Revert part of a change that was accidentally merged --- quirks/password-rules.json | 138 ------------------------------------- 1 file changed, 138 deletions(-) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 0fe9702e7..58cae3f7a 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -353,147 +353,9 @@ "hawaiianairlines.com": { "password-rules": "maxlength: 16;" }, - "hertz-japan.com": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz-kuwait.com": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz-saudi.com": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.at": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.be": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.bh": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.ca": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.ch": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.cn": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.co.ao": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.co.id": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.co.kr": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.co.nz": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.co.th": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.co.uk": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, "hertz.com": { "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" }, - "hertz.com.au": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.com.bh": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.com.hk": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.com.kw": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.com.mt": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.com.pl": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.com.pt": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.com.sg": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.com.tw": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.cv": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.cz": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.de": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.ee": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.es": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.fi": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.fr": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.hu": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.ie": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.it": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.jo": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.lt": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.nl": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.no": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.nu": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.pl": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.pt": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.qa": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.ru": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.se": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertz.si": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, - "hertzcaribbean.com": { - "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" - }, "hetzner.com": { "password-rules": "minlength: 8; required: lower; required: upper; required: digit, special;" }, From 2fbaa6ca31cf0eea5ac83d6a191039761b81b820 Mon Sep 17 00:00:00 2001 From: Ricky Mondello Date: Thu, 18 Jan 2024 12:56:14 -0500 Subject: [PATCH 047/124] Add additional domains for Hertz (#742) This list was computed by: 1. Looking at the Certificate Subject Alternative Name field on the hertz.com certificate 2. Manually visiting all of the domains following redirects, confirming they're governed by the same rules. --- quirks/password-rules.json | 138 +++++++++++++++++++++++++++++++++++++ 1 file changed, 138 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 58cae3f7a..0fe9702e7 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -353,9 +353,147 @@ "hawaiianairlines.com": { "password-rules": "maxlength: 16;" }, + "hertz-japan.com": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz-kuwait.com": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz-saudi.com": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.at": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.be": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.bh": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.ca": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.ch": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.cn": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.co.ao": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.co.id": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.co.kr": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.co.nz": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.co.th": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.co.uk": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, "hertz.com": { "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" }, + "hertz.com.au": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.com.bh": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.com.hk": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.com.kw": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.com.mt": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.com.pl": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.com.pt": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.com.sg": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.com.tw": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.cv": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.cz": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.de": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.ee": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.es": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.fi": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.fr": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.hu": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.ie": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.it": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.jo": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.lt": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.nl": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.no": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.nu": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.pl": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.pt": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.qa": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.ru": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.se": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertz.si": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, + "hertzcaribbean.com": { + "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];" + }, "hetzner.com": { "password-rules": "minlength: 8; required: lower; required: upper; required: digit, special;" }, From e5edf95a00470224a5e8b1b8a22dd28af2e2b3b1 Mon Sep 17 00:00:00 2001 From: Daria Maslennikova <35962122+dmmaslenn@users.noreply.github.com> Date: Thu, 18 Jan 2024 12:03:18 -0800 Subject: [PATCH 048/124] Add password rules for vince.com (#741) --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 0fe9702e7..0a8919885 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -920,6 +920,9 @@ "vetsfirstchoice.com": { "password-rules": "minlength: 8; required: lower; required: upper; required: digit; allowed: [?!@$%^+=&];" }, + "vince.com": { + "password-rules": "minlength: 8; required: digit; required: lower; required: upper; required: [$%/(){}=?!.,_*|+~#[]];" + }, "virginmobile.ca": { "password-rules": "minlength: 8; required: lower; required: upper; required: digit; required: [!#$@];" }, From dc14264432c97a35d75e13f32176099f172b6510 Mon Sep 17 00:00:00 2001 From: Tse Kit Yam Date: Wed, 24 Jan 2024 10:09:04 +0800 Subject: [PATCH 049/124] add wise.com (#744) * add wise.com * Update websites-with-shared-credential-backends.json --- quirks/shared-credentials.json | 9 +++++++++ quirks/websites-with-shared-credential-backends.json | 4 ++++ 2 files changed, 13 insertions(+) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index 9ff2aefba..92073f866 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -371,6 +371,15 @@ "profile.callofduty.com" ] }, + { + "from": [ + "transferwise.com" + ], + "to": [ + "wise.com" + ], + "fromDomainsAreObsoleted": true + }, { "from": [ "tvnow.de", diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index 2c17ce104..c414366a9 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -689,6 +689,10 @@ "tp-link.com", "tplinkcloud.com" ], + [ + "transferwise.com", + "wise.com" + ], [ "tvnow.de", "tvnow.at", From 7aaf15b15fe3691de24bc2853d2abc09c3a1d973 Mon Sep 17 00:00:00 2001 From: Martin D Date: Sun, 18 Feb 2024 18:11:04 -0500 Subject: [PATCH 050/124] Updated password-rules.json for Garmin.com (#727) --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 0a8919885..5cdc3fb84 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -323,6 +323,9 @@ "fuelrewards.com": { "password-rules": "minlength: 8; maxlength: 16; allowed: upper,lower,digit,[!#$%@];" }, + "garmin.com": { + "password-rules": "minlength: 8; required: lower; required: upper; required: digit;" + }, "gamestop.com": { "password-rules": "minlength: 8; maxlength: 225; required: lower; required: upper; required: digit; required: [!@#$%];" }, From e236427e8f8edb07343f7ef9aa4d01f3c395823b Mon Sep 17 00:00:00 2001 From: amalgopal2015 <33352885+amalgopal2015@users.noreply.github.com> Date: Mon, 19 Feb 2024 20:26:51 +0530 Subject: [PATCH 051/124] Update password-rules.json (#747) Added edistrict.kerala.gov.in --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 5cdc3fb84..37610e8be 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -271,6 +271,9 @@ }, "eddservices.edd.ca.gov": { "password-rules": "minlength: 8; maxlength: 12; required: lower; required: upper; required: digit; required: [!@#$%^&*()];" + }, + "edistrict.kerala.gov.in": { + "password-rules": "minlength: 5; maxlength: 15; required: lower; required: upper; required: digit; required: [!@#$];" }, "empower-retirement.com": { "password-rules": "minlength: 8; maxlength: 16;" From 60456ef9db7282fd51abdc601caee0930be512d1 Mon Sep 17 00:00:00 2001 From: Jason Levine Date: Mon, 19 Feb 2024 14:20:04 -0500 Subject: [PATCH 052/124] add password rules quirk for cogmembers.org (#725) --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 37610e8be..3353c5316 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -182,6 +182,9 @@ "clien.net": { "password-rules": "minlength: 5; required: lower, upper; required: digit;" }, + "cogmembers.org": { + "password-rules": "minlength: 8; maxlength: 14; required: upper; required: digit, allowed: lower;" + }, "collectivehealth.com": { "password-rules": "minlength: 8; required: lower; required: upper; required: digit;" }, From 12cddaea5e0f4272f13e3666ad787cd494acd4d6 Mon Sep 17 00:00:00 2001 From: amalgopal2015 <33352885+amalgopal2015@users.noreply.github.com> Date: Tue, 20 Feb 2024 19:04:39 +0530 Subject: [PATCH 053/124] Added tdscpc.gov.in in Password-rules (#749) * Added tdscpc.gov.in in Password-rules * Error Fixed: Added tdscpc.gov.in in password-rule * Sort order fixed gamestop.com --- quirks/password-rules.json | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 3353c5316..8a129995c 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -329,12 +329,12 @@ "fuelrewards.com": { "password-rules": "minlength: 8; maxlength: 16; allowed: upper,lower,digit,[!#$%@];" }, - "garmin.com": { - "password-rules": "minlength: 8; required: lower; required: upper; required: digit;" - }, "gamestop.com": { "password-rules": "minlength: 8; maxlength: 225; required: lower; required: upper; required: digit; required: [!@#$%];" }, + "garmin.com": { + "password-rules": "minlength: 8; required: lower; required: upper; required: digit;" + }, "getflywheel.com": { "password-rules": "minlength: 7; maxlength: 72;" }, @@ -881,6 +881,9 @@ "target.com": { "password-rules": "minlength: 8; maxlength: 20; required: lower, upper; required: digit, [-!\"#$%&'()*+,./:;=?@[\\^_`{|}~];" }, + "tdscpc.gov.in": { + "password-rules": "minlength: 8; maxlength: 15; required: lower; required: upper; required: digit; required: [ &',;\"];" + }, "telekom-dienste.de": { "password-rules": "minlength: 8; maxlength: 16; required: lower; required: upper; required: digit; required: [#$%&()*+,./<=>?@_{|}~];" }, From 7ed6dc20e5fed573214dc326561a8d8328a13e67 Mon Sep 17 00:00:00 2001 From: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> Date: Tue, 20 Feb 2024 06:55:47 -0800 Subject: [PATCH 054/124] Add taxhawk.com shared credentials (#746) From TaxHawk's LinkedIn profile: "TaxHawk, Inc. owns and operates three tax preparation websites: FreeTaxUSA.com, TaxHawk.com, and Express1040.com." --- quirks/shared-credentials.json | 7 +++++++ quirks/websites-with-shared-credential-backends.json | 5 +++++ 2 files changed, 12 insertions(+) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index 92073f866..854d691a7 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -371,6 +371,13 @@ "profile.callofduty.com" ] }, + { + "shared":[ + "taxhawk.com", + "freetaxusa.com", + "express1040.com" + ] + }, { "from": [ "transferwise.com" diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index c414366a9..e6307e1da 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -673,6 +673,11 @@ "steampowered.com", "steamcommunity.com" ], + [ + "taxhawk.com", + "freetaxusa.com", + "express1040.com" + ], [ "telekom-dienste.de", "accounts.login.idm.telekom.com" From 967831e196edaf9d5bd48ae1b20ff663e06958fa Mon Sep 17 00:00:00 2001 From: Ezekiel Date: Mon, 26 Feb 2024 11:31:03 -0500 Subject: [PATCH 055/124] Add scottscheapflights.com / going.com (#751) * Add scottscheapflights.com / going.com * Reorder credentials --- quirks/shared-credentials.json | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index 854d691a7..8ab01e3a2 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -365,6 +365,15 @@ "redislabs.com" ] }, + { + "from": [ + "scottscheapflights.com" + ], + "to": [ + "going.com" + ], + "fromDomainsAreObsoleted": true + }, { "shared": [ "s.activision.com", From 07d0a89f81469ab84cda2feb6fa3d62e6623f52d Mon Sep 17 00:00:00 2001 From: Ricky Mondello Date: Mon, 26 Feb 2024 11:36:47 -0500 Subject: [PATCH 056/124] Attempt to make our automations green again --- quirks/password-rules.json | 2 +- quirks/shared-credentials.json | 6 +++--- quirks/websites-with-shared-credential-backends.json | 4 ++++ 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 8a129995c..7f9a79604 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -275,7 +275,7 @@ "eddservices.edd.ca.gov": { "password-rules": "minlength: 8; maxlength: 12; required: lower; required: upper; required: digit; required: [!@#$%^&*()];" }, - "edistrict.kerala.gov.in": { + "edistrict.kerala.gov.in": { "password-rules": "minlength: 5; maxlength: 15; required: lower; required: upper; required: digit; required: [!@#$];" }, "empower-retirement.com": { diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index 8ab01e3a2..87f6f37bd 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -354,13 +354,13 @@ ] }, { - "shared":[ + "shared": [ "quicken.com", "simplifimoney.com" ] }, { - "shared":[ + "shared": [ "redis.com", "redislabs.com" ] @@ -381,7 +381,7 @@ ] }, { - "shared":[ + "shared": [ "taxhawk.com", "freetaxusa.com", "express1040.com" diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index e6307e1da..829312a35 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -609,6 +609,10 @@ "scholarshare529.com", "secureaccountview.com" ], + [ + "scottscheapflights.com", + "going.com" + ], [ "scoutingevent.com", "campreservation.com" From 5978aaeb54e6fbb8b3cce03d8654fdf9e4574df2 Mon Sep 17 00:00:00 2001 From: Ricky Mondello Date: Mon, 26 Feb 2024 11:41:46 -0500 Subject: [PATCH 057/124] Attempt to make our automations green again --- quirks/shared-credentials.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index 87f6f37bd..8f1ce2c25 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -365,6 +365,12 @@ "redislabs.com" ] }, + { + "shared": [ + "s.activision.com", + "profile.callofduty.com" + ] + }, { "from": [ "scottscheapflights.com" @@ -374,12 +380,6 @@ ], "fromDomainsAreObsoleted": true }, - { - "shared": [ - "s.activision.com", - "profile.callofduty.com" - ] - }, { "shared": [ "taxhawk.com", From 06deeedc0679136e8f692ca77c3c8f04500af28c Mon Sep 17 00:00:00 2001 From: Sean Barag Date: Mon, 13 May 2024 14:09:20 -0700 Subject: [PATCH 058/124] reduce max password length on costco.com (#758) The rendered password input has `maxlength="16"`, and the "Create Account" page lists "Use between 8 and 16 characters". Decrease the maximum password length. --- quirks/password-rules.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 7f9a79604..bf1552d97 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -204,7 +204,7 @@ "password-rules": "minlength: 6; maxlength: 15; allowed: lower, upper, digit, [-.];" }, "costco.com": { - "password-rules": "minlength: 8; maxlength: 20; required: lower, upper; allowed: digit, [-!#$%&'()*+/:;=?@[^_`{|}~]];" + "password-rules": "minlength: 8; maxlength: 16; required: lower, upper; allowed: digit, [-!#$%&'()*+/:;=?@[^_`{|}~]];" }, "coursera.com": { "password-rules": "minlength: 8; maxlength: 72;" From 34c37ad0c28c05cce2e9fc6f283c838267a32dda Mon Sep 17 00:00:00 2001 From: Ricky Mondello Date: Fri, 17 May 2024 10:17:51 -0700 Subject: [PATCH 059/124] Add a shared credentials relationship from twitter.com to x.com (#759) Pour one out. --- quirks/shared-credentials.json | 9 +++++++++ quirks/websites-with-shared-credential-backends.json | 4 ++++ 2 files changed, 13 insertions(+) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index 8f1ce2c25..1aa315f5d 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -409,6 +409,15 @@ ], "fromDomainsAreObsoleted": false }, + { + "from": [ + "twitter.com" + ], + "to": [ + "x.com" + ], + "fromDomainsAreObsoleted": true + }, { "shared": [ "uspowerboating.com", diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index 829312a35..80f8132de 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -710,6 +710,10 @@ "rtlplus.de", "rtlplus.com" ], + [ + "twitter.com", + "x.com" + ], [ "ubi.com", "ubisoft.com" From 4eb7f401debd3595c25946b8c0dfc025cfcef8de Mon Sep 17 00:00:00 2001 From: Eryn Wells Date: Fri, 17 May 2024 11:47:36 -0700 Subject: [PATCH 060/124] Fix #760 by replacing the comma with a semicolon (#761) --- quirks/password-rules.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index bf1552d97..2ea5cb801 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -183,7 +183,7 @@ "password-rules": "minlength: 5; required: lower, upper; required: digit;" }, "cogmembers.org": { - "password-rules": "minlength: 8; maxlength: 14; required: upper; required: digit, allowed: lower;" + "password-rules": "minlength: 8; maxlength: 14; required: upper; required: digit; allowed: lower;" }, "collectivehealth.com": { "password-rules": "minlength: 8; required: lower; required: upper; required: digit;" From 75daa1c093f0cb1c3baa4a9f30739cadfa08c773 Mon Sep 17 00:00:00 2001 From: rohitpoks <88408806+rohitpoks@users.noreply.github.com> Date: Wed, 29 May 2024 09:28:59 -0700 Subject: [PATCH 061/124] Added password rules for account.samsung.com (#766) * Added password rules for account.samsung.com Added password rules to ensure a smooth authentication experience for the webpage account.samsung.com by ensuring the generated password includes digits, special characters, and alphabets, and is no longer than 15 characters as required by the website. * Added minlength requirement to rule for account.samsung.com --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 2ea5cb801..628aeb2ce 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -8,6 +8,9 @@ "access.service.gov.uk": { "password-rules": "minlength: 10; required: lower; required: upper; required: digit; required: special;" }, + "account.samsung.com": { + "password-rules": "minlength: 8; maxlength: 15; required: digit; required: special; required: upper,lower;" + }, "admiral.com": { "password-rules": "minlength: 8; required: digit; required: [- !\"#$&'()*+,.:;<=>?@[^_`{|}~]]; allowed: lower, upper;" }, From 3c55d587c4967409d04658b70a709c7389f7eb99 Mon Sep 17 00:00:00 2001 From: rohitpoks <88408806+rohitpoks@users.noreply.github.com> Date: Wed, 29 May 2024 10:01:55 -0700 Subject: [PATCH 062/124] Added password rules for ana.co.jp (#765) Added rules that conform to the following requirements from the sign up page (https://www.ana.co.jp/en/us/amc/join-amc/): 1. Only alphabets and numbers 2. 8-16 alphanumeric characters in total --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 628aeb2ce..d6488b399 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -44,6 +44,9 @@ "americanexpress.com": { "password-rules": "minlength: 8; maxlength: 20; max-consecutive: 4; required: lower, upper; required: digit; allowed: [%&_?#=];" }, + "ana.co.jp": { + "password-rules": "minlength: 8; maxlength: 16; required: digit; required: upper,lower;" + }, "anatel.gov.br": { "password-rules": "minlength: 6; maxlength: 15; allowed: lower, upper, digit;" }, From 5217c485c9611ba3f183fd33e6754460b15904ae Mon Sep 17 00:00:00 2001 From: rohitpoks <88408806+rohitpoks@users.noreply.github.com> Date: Thu, 30 May 2024 12:00:38 -0700 Subject: [PATCH 063/124] Changed password-rules.json to reflect password requirements for umterps.evenue.net (#768) --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index d6488b399..3926553e8 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -917,6 +917,9 @@ "udel.edu": { "password-rules": "minlength: 12; maxlength: 30; required: lower; required: upper; required: digit; required: [!@#$%^&*()+];" }, + "umterps.evenue.net": { + "password-rules": "minlength: 4; maxlength: 12;" + }, "user.ornl.gov": { "password-rules": "minlength: 8; maxlength: 30; max-consecutive: 3; required: lower, upper; required: digit; allowed: [!#$%./_];" }, From 12fdcd9c06c9c22b7ef7f0e696fa50674474f284 Mon Sep 17 00:00:00 2001 From: rohitpoks <88408806+rohitpoks@users.noreply.github.com> Date: Thu, 30 May 2024 12:03:53 -0700 Subject: [PATCH 064/124] Updated password-rules.json to reflect rules for dodgeridge.com (#767) --- quirks/password-rules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/quirks/password-rules.json b/quirks/password-rules.json index 3926553e8..38eeb268c 100644 --- a/quirks/password-rules.json +++ b/quirks/password-rules.json @@ -260,6 +260,9 @@ "dmm.com": { "password-rules": "minlength: 4; maxlength: 16; required: lower; required: upper; required: digit;" }, + "dodgeridge.com": { + "password-rules": "minlength: 8; maxlength: 12; required: lower; required: upper; required: digit;" + }, "dowjones.com": { "password-rules": "maxlength: 15;" }, From 492af9a832677dbc5ccfb562ee1f1293d7bd27fa Mon Sep 17 00:00:00 2001 From: "iulianOnofrei (U-lee-aan)" <5748627+revolter@users.noreply.github.com> Date: Sun, 23 Jun 2024 06:03:15 +0300 Subject: [PATCH 065/124] Added shared credentials for Blur / IronVest (#771) --- quirks/shared-credentials.json | 6 ++++++ quirks/websites-with-shared-credential-backends.json | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index 1aa315f5d..a7d8f6f9b 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -161,6 +161,12 @@ "shopdisney.com" ] }, + { + "shared": [ + "dnt.abine.com", + "ironvest.com" + ] + }, { "shared": [ "ebay.at", diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index 80f8132de..7db27897b 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -276,6 +276,10 @@ "hulu.com", "shopdisney.com" ], + [ + "dnt.abine.com", + "ironvest.com" + ], [ "docusign.com", "docusign.net" From cf4e19446478ba5b51fee8dd623d901f37ab66a5 Mon Sep 17 00:00:00 2001 From: "iulianOnofrei (U-lee-aan)" <5748627+revolter@users.noreply.github.com> Date: Sun, 23 Jun 2024 06:04:49 +0300 Subject: [PATCH 066/124] Marked Steam domains as valid (#770) --- quirks/shared-credentials-historical.json | 6 ------ quirks/shared-credentials.json | 6 ++++++ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/quirks/shared-credentials-historical.json b/quirks/shared-credentials-historical.json index 210dde0d8..619de5a3f 100644 --- a/quirks/shared-credentials-historical.json +++ b/quirks/shared-credentials-historical.json @@ -554,12 +554,6 @@ "superuser.com" ] }, - { - "shared": [ - "steampowered.com", - "steamcommunity.com" - ] - }, { "shared": [ "telekom-dienste.de", diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index a7d8f6f9b..bf5e31f46 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -386,6 +386,12 @@ ], "fromDomainsAreObsoleted": true }, + { + "shared": [ + "steampowered.com", + "steamcommunity.com" + ] + }, { "shared": [ "taxhawk.com", From 8692608d4788d6803efec161a7f49c56e18c280a Mon Sep 17 00:00:00 2001 From: "iulianOnofrei (U-lee-aan)" <5748627+revolter@users.noreply.github.com> Date: Mon, 24 Jun 2024 01:48:34 +0300 Subject: [PATCH 067/124] Added shared credentials for Gazduire.NET (#773) --- quirks/shared-credentials.json | 10 ++++++++++ quirks/websites-with-shared-credential-backends.json | 5 +++++ 2 files changed, 15 insertions(+) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index bf5e31f46..da02c5e8a 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -234,6 +234,16 @@ ], "fromDomainsAreObsoleted": true }, + { + "from": [ + "gazduire.com.ro", + "gazduire.net" + ], + "to": [ + "admin.ro" + ], + "fromDomainsAreObsoleted": true + }, { "from": [ "hbo.com", diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index 7db27897b..a710ad058 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -378,6 +378,11 @@ "foursquare.com", "swarmapp.com" ], + [ + "gazduire.com.ro", + "gazduire.net", + "admin.ro" + ], [ "glassdoor.ca", "glassdoor.com", From 366a18bec4256969067b5570360d027a518c5b5b Mon Sep 17 00:00:00 2001 From: "iulianOnofrei (U-lee-aan)" <5748627+revolter@users.noreply.github.com> Date: Mon, 24 Jun 2024 01:49:16 +0300 Subject: [PATCH 068/124] Added shared credentials for selfAWB (#775) --- quirks/shared-credentials.json | 9 +++++++++ quirks/websites-with-shared-credential-backends.json | 4 ++++ 2 files changed, 13 insertions(+) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index da02c5e8a..6b9693003 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -225,6 +225,15 @@ "eventbrite.sg" ] }, + { + "from": [ + "fancourier.ro" + ], + "to": [ + "selfawb.ro" + ], + "fromDomainsAreObsoleted": true + }, { "from": [ "flyblade.com" diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index a710ad058..5183f83ba 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -354,6 +354,10 @@ "facebook.com", "messenger.com" ], + [ + "fancourier.ro", + "selfawb.ro" + ], [ "fandangonow.com", "fandango.com" From aaadba6579423325454f7ac54d88151569405f6e Mon Sep 17 00:00:00 2001 From: "iulianOnofrei (U-lee-aan)" <5748627+revolter@users.noreply.github.com> Date: Mon, 24 Jun 2024 01:49:58 +0300 Subject: [PATCH 069/124] Added shared credentials for Wacom (#776) --- quirks/shared-credentials.json | 9 +++++++++ quirks/websites-with-shared-credential-backends.json | 4 ++++ 2 files changed, 13 insertions(+) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index 6b9693003..381c56979 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -455,6 +455,15 @@ "ussailing.org" ] }, + { + "from": [ + "wacom.eu" + ], + "to": [ + "wacom.com" + ], + "fromDomainsAreObsoleted": true + }, { "shared": [ "wikipedia.org", diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index 5183f83ba..1b29212c2 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -751,6 +751,10 @@ "verizonwireless.com", "vzw.com" ], + [ + "wacom.eu", + "wacom.com" + ], [ "wayfair.com", "wayfair.ca", From 5592c79f0586ec3fd8d7d88a587925e9a45bf75f Mon Sep 17 00:00:00 2001 From: "iulianOnofrei (U-lee-aan)" <5748627+revolter@users.noreply.github.com> Date: Mon, 24 Jun 2024 01:50:56 +0300 Subject: [PATCH 070/124] Added shared credentials for Kodeco (#774) --- quirks/shared-credentials.json | 9 +++++++++ quirks/websites-with-shared-credential-backends.json | 4 ++++ 2 files changed, 13 insertions(+) diff --git a/quirks/shared-credentials.json b/quirks/shared-credentials.json index 381c56979..ff6a50d9f 100644 --- a/quirks/shared-credentials.json +++ b/quirks/shared-credentials.json @@ -384,6 +384,15 @@ "simplifimoney.com" ] }, + { + "from": [ + "raywenderlich.com" + ], + "to": [ + "kodeco.com" + ], + "fromDomainsAreObsoleted": true + }, { "shared": [ "redis.com", diff --git a/quirks/websites-with-shared-credential-backends.json b/quirks/websites-with-shared-credential-backends.json index 1b29212c2..51c757320 100644 --- a/quirks/websites-with-shared-credential-backends.json +++ b/quirks/websites-with-shared-credential-backends.json @@ -606,6 +606,10 @@ "quicken.com", "simplifimoney.com" ], + [ + "raywenderlich.com", + "kodeco.com" + ], [ "redis.com", "redislabs.com" From 8156a00790ab296ce3d2201e98edc649f540d32b Mon Sep 17 00:00:00 2001 From: "iulianOnofrei (U-lee-aan)" <5748627+revolter@users.noreply.github.com> Date: Mon, 24 Jun 2024 05:44:35 +0300 Subject: [PATCH 071/124] Fixed failing autoformat-json-files script (#777) * Fixed failing autoformat-json-files script The `autoformat-json-files.rb` was always failing with the error: ``` Issue parsing & reformatting 'quirks/shared-credentials-historical.json' - comparison of Hash with Hash failed Issue parsing & reformatting 'quirks/shared-credentials.json' - comparison of Hash with Hash failed ``` This is because those JSON files contain arrays of hashes, and hashes are not comparable: https://stackoverflow.com/a/55169812/865175. * Fixed incorrect Lint Sort Order GitHub workflow logic We need to compare the entire list of `shared` and/or `from` elements, because we might have to do a comparison between something like `['a', 'c']` and `['a', 'b']` in the future, and comparing only the first element is not enough. --- .../lint-scripts/websites-shared-credentials-sort-order.rb | 4 ++-- tools/autoformat-json-files.rb | 7 +++++++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-scripts/websites-shared-credentials-sort-order.rb b/.github/workflows/lint-scripts/websites-shared-credentials-sort-order.rb index 39c51dec3..24ef88a7e 100644 --- a/.github/workflows/lint-scripts/websites-shared-credentials-sort-order.rb +++ b/.github/workflows/lint-scripts/websites-shared-credentials-sort-order.rb @@ -3,8 +3,8 @@ def process_file(file_path) shared_websites = JSON.parse File.read(file_path) shared_websites_sorted = shared_websites.sort do |a, b| - a_string = a["shared"] ? a["shared"].first : (a["from"] ? a["from"].first : "") - b_string = b["shared"] ? b["shared"].first : (b["from"] ? b["from"].first : "") + a_string = a["shared"] || a["from"] || [""] + b_string = b["shared"] || b["from"] || [""] a_string <=> b_string end diff --git a/tools/autoformat-json-files.rb b/tools/autoformat-json-files.rb index 729a2888d..f5d3e1eb3 100755 --- a/tools/autoformat-json-files.rb +++ b/tools/autoformat-json-files.rb @@ -19,6 +19,13 @@ contents_as_object = JSON.parse(original_file_contents) if contents_as_object.is_a? Hash contents_as_object = contents_as_object.sort_by { |key| key }.to_h + elsif contents_as_object.is_a? Array and contents_as_object[0].is_a? Hash + contents_as_object = contents_as_object.sort do |first, second| + first_content = first["shared"] || first["from"] || [""] + second_content = second["shared"] || second["from"] || [""] + + first_content <=> second_content + end else contents_as_object = contents_as_object.sort end From 23447813e48e756940e17efe135bcd143c2a9025 Mon Sep 17 00:00:00 2001 From: Ricky Mondello Date: Mon, 24 Jun 2024 12:30:39 -0400 Subject: [PATCH 072/124] Add a new quirk: Apple App IDs to Domains that Share Credentials (#778) Quirk is explained in the README. Initial data is being upstreamed by Apple. Let's work together to improve Password AutoFill suggestions in apps without domain associations! --- CONTRIBUTING.md | 6 ++ README.md | 6 ++ ...-appIDs-to-domains-shared-credentials.json | 66 +++++++++++++++++++ ...-to-domains-shared-credentials-schema.json | 10 +++ tools/autoformat-json-files.rb | 3 + 5 files changed, 91 insertions(+) create mode 100644 quirks/apple-appIDs-to-domains-shared-credentials.json create mode 100644 quirks/schemas/apple-appIDs-to-domains-shared-credentials-schema.json diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3ea704eb7..d47a8ecb1 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -57,6 +57,12 @@ When contributing or amending a set of websites sharing a credential backend, yo Use the website in question until you find the standalone page for updating the user's password, or a high-level "Account Information" or "Security" page. The closer the URL takes the user to be able to change their password, the better. Before adding a URL, ensure that it works properly both when the user is logged in and when they are not. URLs added to [`quirks/change-password-URLs.json`](quirks/change-password-URLs.json) should have a scheme of https unless the website does not allow changing the password on an https page. +### Contributing to Apple Application IDs to Domains that Share Credentials + +On macOS, for app bundle `Example.app`, you can find the App ID by dumping its entitlements with `codesign -d --entitlements - --xml path/to/Example.app`. Its App ID is the value in the XML for key `com.apple.application-identifier`. For macOS apps in particular, if there is no App ID present, the effective App ID is the app's Bundle Identifier (`CFBundleIdentifier` in the app's `Info.plist`). + +When contributing or amending a set of websites for an App ID, you should state why you believe the domains do share a credential backend with the app, with evidence to support your claim. + ### Contributing to Websites Where 2FA Code is Appended to Password When contributing or amending a set of websites that require that the user append a generated code to their password when signing in, you should state why you believe the relevant domains require such. This may involve citing a URL to the relevant support page for the website. diff --git a/README.md b/README.md index 786552347..54c04d709 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,12 @@ The [Contributing](CONTRIBUTING.md) document goes into detail on the format of t The file [`quirks/change-password-URLs.json`](quirks/change-password-URLs.json) contains a JSON object mapping domains to URLs where users can change their password. This is the quirks version of the [Well Known URL for Changing Passwords](https://github.com/w3c/webappsec-change-password-url). If a website adopts the Change Password URL, it should be removed from this list. +### Apple App IDs to Domains that Share Credentials + +The file [`apple-appIDs-to-domains-shared-credentials.json`](quirks/apple-appIDs-to-domains-shared-credentials.json) expresses relationships between apps running on macOS, iOS, and iPadOS, and domains that use the same credentials. Information in this file is used by iOS and iPadOS (since version 17.4) and macOS (since version 14.4) for suggesting credentials in apps that do not have an [association with domains](https://developer.apple.com/documentation/xcode/supporting-associated-domains). The system AutoFill capability makes use of this information to improve the user experience of signing into these apps by giving users inline suggestions of the appropriate credentials when signing in. This works for all password managers that make use of the [Credential Provider Extension](https://support.apple.com/guide/security/credential-provider-extensions-sec6319ac7b9/web) mechanism. + +The JSON file is a map from [App Identifier](https://developer.apple.com/help/account/manage-identifiers/register-an-app-id/) to an array of domains. Domains should be ordered by prominence from most prominent to least. The apps do not need to be distributed on Apple's App Store. + ### Websites Where 2FA Code is Appended to Password The file [`quirks/websites-that-append-2fa-to-password.json`](quirks/websites-that-append-2fa-to-password.json) contains a JSON array of domains which use a two-factor authentication scheme where the user must append a generated code to their password when signing in. This list of websites could be used to prevent auto-submission of signin forms, allowing the user to append the 2FA code without frustration. It can also be used to suppress prompting to update a saved password when the submitted password is prefixed by the already-stored password. diff --git a/quirks/apple-appIDs-to-domains-shared-credentials.json b/quirks/apple-appIDs-to-domains-shared-credentials.json new file mode 100644 index 000000000..81365a774 --- /dev/null +++ b/quirks/apple-appIDs-to-domains-shared-credentials.json @@ -0,0 +1,66 @@ +{ + "P7SDVXUZPK.com.etrade.mobileproiphone": [ + "etrade.com" + ], + "PPTA7G59L3.com.kpcu.architectmobile": [ + "kpcu.com" + ], + "KPSFBM8T3Z.com.optum.mobile.OptumBank": [ + "myuhc.com" + ], + "KPSFBM8T3Z.com.optumhealth.mobile.OptumRX": [ + "myuhc.com" + ], + "UF8VKHMLML.com.uhg.mobile.uhc": [ + "myuhc.com" + ], + "LJU5B5SR84.com.educationalccu.mobile": [ + "onlinebank.com" + ], + "T5W6CQA35T.com.fis.447iPhoneSUB": [ + "cit.com" + ], + "L6F2ZQ2MJV.com.metlife.us.business": [ + "access.online.metlife.com", + "identity.metlife.com" + ], + "QDZLSW3Z22.com.leviton.home": [ + "leviton.com" + ], + "3976U676H6.com.allegion.sense.store": [ + "schlage.com" + ], + "G4K4BQ7S8J.com.backblaze.BzBackupBrowser": [ + "backblaze.com" + ], + "J983T9Z6T6.com.birdbuddy.app": [ + "mybirdbuddy.com" + ], + "M3Q8QUH343.com.getmysa.mysa": [ + "getmysa.com" + ], + "ZRZ3QJN79B.com.dyson.dysonlink": [ + "dyson.com" + ], + "com.backblaze.BackblazeDownloader": [ + "backblaze.com" + ], + "K65HQ235M5.org.sutterhealth.myhealthonline": [ + "sutterhealth.org" + ], + "T9984LC44E.com.whisker.ios": [ + "litter-robot.com" + ], + "K832E2UXV7.com.riotgames.mobile.leagueconnect": [ + "riotgames.com" + ], + "GN78YB727N.com.namecheap.iosapp": [ + "namecheap.com" + ], + "8MQ82YZW32.com.travefy.go": [ + "travefy.com" + ], + "39FN7MD5NR.com.elation.patientpassport": [ + "elationpassport.com" + ] +} diff --git a/quirks/schemas/apple-appIDs-to-domains-shared-credentials-schema.json b/quirks/schemas/apple-appIDs-to-domains-shared-credentials-schema.json new file mode 100644 index 000000000..251ba6283 --- /dev/null +++ b/quirks/schemas/apple-appIDs-to-domains-shared-credentials-schema.json @@ -0,0 +1,10 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string" + } + } +} \ No newline at end of file diff --git a/tools/autoformat-json-files.rb b/tools/autoformat-json-files.rb index f5d3e1eb3..c832d4c6d 100755 --- a/tools/autoformat-json-files.rb +++ b/tools/autoformat-json-files.rb @@ -14,6 +14,9 @@ Dir.glob('*.json').each do |file_path| relative_path = File.join("quirks", file_path) + # We don't sort this file alphabetically because there is no value in doing so. + next if relative_path == "quirks/apple-appIDs-to-domains-shared-credentials.json" + begin original_file_contents = File.read(file_path) contents_as_object = JSON.parse(original_file_contents) From 8d96728e658fb41cb1318552d5316117e64902fb Mon Sep 17 00:00:00 2001 From: Ricky Mondello Date: Sat, 29 Jun 2024 19:25:00 -0400 Subject: [PATCH 073/124] New Quirk: websites-that-when-embedded-as-third-party-ask-for-credentials-for-other-services.json (#781) Pardon the long name, but I believe it's accurate. --- CONTRIBUTING.md | 4 ++++ README.md | 8 +++++++- ...ther-services-when-embedded-as-third-party-schema.json | 8 ++++++++ ...s-for-other-services-when-embedded-as-third-party.json | 3 +++ 4 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 quirks/schemas/websites-that-ask-for-credentials-for-other-services-when-embedded-as-third-party-schema.json create mode 100644 quirks/websites-that-ask-for-credentials-for-other-services-when-embedded-as-third-party.json diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d47a8ecb1..a276808f3 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -67,6 +67,10 @@ When contributing or amending a set of websites for an App ID, you should state When contributing or amending a set of websites that require that the user append a generated code to their password when signing in, you should state why you believe the relevant domains require such. This may involve citing a URL to the relevant support page for the website. +### Contributing to Websites That Ask for Credentials for Other Services When Embedded as Third-party + +When contributing or amending the list of websites that when embedded as a third party, are known to ask for credentials for other services, you should provide evidence that the given website or websites behaves this way. This may involve a screenshot or steps to navigate a website to observe a subframe behaving this way. + ### Contributing a New Kind of Quirk or Other Resource If you have a new type of quirk or another resource, that you feel that other password managers could use to improve users' experiences and make password management more attractive for people who aren't using a password manager, please [reach out](mailto:password-manager-resources-maintainers@apple.com) to this project's maintainers at Apple so we can discuss the details. diff --git a/README.md b/README.md index 54c04d709..c0a7dd377 100644 --- a/README.md +++ b/README.md @@ -61,7 +61,13 @@ The JSON file is a map from [App Identifier](https://developer.apple.com/help/ac ### Websites Where 2FA Code is Appended to Password -The file [`quirks/websites-that-append-2fa-to-password.json`](quirks/websites-that-append-2fa-to-password.json) contains a JSON array of domains which use a two-factor authentication scheme where the user must append a generated code to their password when signing in. This list of websites could be used to prevent auto-submission of signin forms, allowing the user to append the 2FA code without frustration. It can also be used to suppress prompting to update a saved password when the submitted password is prefixed by the already-stored password. +The file [`quirks/websites-that-append-2fa-to-password.json`](quirks/websites-that-append-2fa-to-password.json) contains a JSON array of domains which use a two-factor authentication scheme where the user must append a generated code to their password when signing in. This list of websites could be used to prevent auto-submission of sign-in forms, allowing the user to append the 2FA code without frustration. It can also be used to suppress prompting to update a saved password when the submitted password is prefixed by the already-stored password. + +### Websites That Ask for Credentials for Other Services When Embedded as Third-party + +The file [`quirks/websites-that-ask-for-credentials-for-other-services-when-embedded-as-third-party.json`](websites-that-ask-for-credentials-for-other-services-when-embedded-as-third-party.json) contains a JSON array of domains that, when embedded as a third party, are known to ask for credentials for other services. For example, some payment processors conduct transactions by being embedded in an `