The Mooltipass is an offline password keeper, connected to the computer using a USB connection and communicating with Google Chrome through its chrome.hid API. The Mooltipass solution on the computer side therefore consists of a Chrome App (in charge of the communications) and a Chrome Extension (in charge of detecting credential fields).
As we're constantly trying to improve our chrome extension and app, we'd be interested in hiring more people to work on them. Our current source code can be found at https://github.com/limpkin/mooltipass
For this position, your tasks will include:
- improving the algorithm to detect credential fields in the extension
- implementing backend communication using local sockets
- adding new features to our app
Your first tasks will be:
I) Chrome App - Device Settings Tab:
This tab aims at customizing the settings of each Mooltipass device.
Depending on the Mooltipass device and the firmware version running on it, new settings may be available to the user. Currently, the settings (and their values) are only set for the Mooltipass standard version, running a "v1" firmware.
Here are therefore the changes to make:
- query the mooltipass version number after a connection event, change the settings page accordingly
Changes (or rather additions) for a v1.1 firmware:
- add a ticking box to enable/disable a key press after a manual login send
- add a list to select which key is pressed after a manual login send
- add a ticking box to enable/disable a key press after a manual password send
- add a list to select which key is pressed after a manual password send
- add a list to select the delay (in ms) added after each key press (text to be written "(for slow devices) Ms delay after each key press")
- add new keyboard layouts inside the current list (different mac layouts, dvorak....)
These settings should be sent and queried to/from the device using the standard get/set parameters commands. The Mooltipass type and its version may be queried by sending this packet: https://github.com/limpkin/mooltipass/tree/master/source_code/src/USB#0xa2-version-request . The standard Mooltipass will answer "v1" or "v1.1" while the mini will answer "mini_v1.1".
II) General device behaviour - Request canceling feature
1) On the App, after a device connection event, the App is querying the USER_REQ_CANCEL_PARAM parameter of the device.
Currently, if it is set to anything else than FALSE, the device will then set it to FALSE again.
We need a different behaviour:
- if the firmware version is "v1" then the same behaviour is kept
- however if the firmware version is "v1.1" or "mini_v1.1" then it should set this parameter to TRUE if it is current set to FALSE
2) When the extension detects credential fields, it will automatically send a "get credentials for website" request to the app.
In case the user ignores the request on the device and closes the tab, the request is still staying on the Mooltipass screen.
For mooltipass devices having a "v1.1"/"mini_v1.1" or above firmware, the extension needs to detect a tab close or URL change, send a message to the app which will then check if the request is still pending on the device and then send a packet to cancel it.
The "onRemoved" function of the chrome api (https://developer.chrome.com/extensions/tabs) should be used, together with the cancel request packet (https://github.com/limpkin/mooltipass/tree/master/source_code/src/USB#0xc3-cancel-user-request).
Note: the cancel request packet won't have a reply when a request is in progress, it will just trigger the request answer.
3) Disable the detect credentials event which is created when clicking on a tab containing credential fields