From cde0aa8649c01ed74a0d6e208f11c403638e035a Mon Sep 17 00:00:00 2001
From: "Benjamin W. Broersma" <bw@broersma.com>
Date: Sat, 7 Sep 2024 14:44:33 +0200
Subject: [PATCH] Fix TOTP detection that are password fields (like HackerOne).

Fixes #2332
---
 keepassxc-browser/content/fields.js     | 2 +-
 keepassxc-browser/content/totp-field.js | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/keepassxc-browser/content/fields.js b/keepassxc-browser/content/fields.js
index 54241a47..dcb6e225 100644
--- a/keepassxc-browser/content/fields.js
+++ b/keepassxc-browser/content/fields.js
@@ -20,7 +20,7 @@ kpxcFields.getAllCombinations = async function(inputs) {
             continue;
         }
 
-        if (input.getLowerCaseAttribute('type') === 'password') {
+        if (input.getLowerCaseAttribute('type') === 'password' && !kpxcTOTPIcons.isAcceptedTOTPField(input)) {
             const combination = {
                 username: (!usernameField || usernameField.size < 1) ? null : usernameField,
                 password: input,
diff --git a/keepassxc-browser/content/totp-field.js b/keepassxc-browser/content/totp-field.js
index d4e9a07c..f7f241b0 100644
--- a/keepassxc-browser/content/totp-field.js
+++ b/keepassxc-browser/content/totp-field.js
@@ -1,7 +1,7 @@
 'use strict';
 
-const ignoreRegex = /(bank|coupon|postal|user|zip).*code|comment|author|error/i;
-const ignoredTypes = [ 'email', 'password', 'username' ];
+const ignoreRegex = /(bank|coupon|postal|user|zip)((?!(\b|_)totp(\b|_)).)*code|comment|author|error/i;
+const ignoredTypes = [ 'email', 'username'];
 
 const acceptedOTPFields = [
     '2fa',