Closed
Bug 1058438
Opened 10 years ago
Closed 8 years ago
Password manager should use the permission manager to manage domains marked as "never remember"
Categories
(Toolkit :: Password Manager, defect)
Toolkit
Password Manager
Tracking
()
RESOLVED
FIXED
mozilla51
Tracking | Status | |
---|---|---|
firefox51 | --- | fixed |
People
(Reporter: markh, Assigned: saadq, Mentored)
References
(Regressed 1 open bug)
Details
(Keywords: student-project, Whiteboard: [lang=js])
Attachments
(5 files, 5 obsolete files)
58 bytes,
text/x-review-board-request
|
MattN
:
review+
|
Details |
58 bytes,
text/x-review-board-request
|
MattN
:
review+
|
Details |
58 bytes,
text/x-review-board-request
|
MattN
:
review+
|
Details |
58 bytes,
text/x-review-board-request
|
MattN
:
review+
|
Details |
58 bytes,
text/x-review-board-request
|
MattN
:
review+
|
Details |
Comment hidden (obsolete) |
Comment 1•10 years ago
|
||
(In reply to Mark Hammond [:markh] from comment #0) > As part of bug 771630, we need the PasswordManager to record a timestamp for > when the "never remember for this site" was changed, and the ability to > reset that flag for all domains where it was set after the specified time. I'd concur with MattN's bug 771630 comment 7 statement -- we should probably just go ahead and move these pwmgr exceptions into nsIPermissionManager. It's just a historical quirk that they're separate. Its not a hard requirement, but I think the amount of work to do so is smaller or equal to adding a timestamp to the pwmgr permissions. (Hmm, does Sync sync pwmgr expections? I don't think so...) > This might be slightly tricky, as there are a number of interfaces involved > which are heavily used by important addons (ie, password managers). At a > minimum, the implementation will need to guard against any new methods not > existing on both nsILoginManager and nsILoginManagerStorage. I'm not too worried about this. AFAIK 3rd-party password managers don't even use the nsILogin* interfaces. I'd be more concerned about random addons' usage of nsILoginManager for storing various credentials, but those APIs are pretty distinct from get/setLoginSavingEnabled()... A quick peruse of the Addons MXR shows fairly limited usage (amusingly, a number are using it completely wrong, by passing in a _username_!). We could even retain the functions of these APIs if we really want to, since the addition of a timestame / switch to nsIPermissionManager shouldn't impede their basic purpose. Worth thinking about, but my initial impression is that it's not a concern / worth doing. > * The table moz_disabledHosts will need a new field (probably with index) > and code to perform a schema migration and relevant tests. Why an index? Seems like it wouldn't help much, since I'd expect these lists to generally be short. > * Ensure the new timestamp is updated whenever that table is updated. Yes, although this should be extremely infrequent. And we should get it for free, since there's no reason to call setLoginSavingEnabled(false) on an already disabled host, and setLoginSavingEnabled(true) should just clear out the entry if it does exist. > * Add new methods to both nsILoginManager and nsILoginManagerStorage to > allow removal of sites that were disabled after a specified time. This is > likely to require a refactor of _queryDisabledHosts. Could just be a separate new function like clearDisabledTimeRange(min,max) that executes a trivial SQL statement.
Flags: needinfo?(dolske)
Comment 2•10 years ago
|
||
(In reply to Justin Dolske [:Dolske] from comment #1) > (In reply to Mark Hammond [:markh] from comment #0) > > As part of bug 771630, we need the PasswordManager to record a timestamp for > > when the "never remember for this site" was changed, and the ability to > > reset that flag for all domains where it was set after the specified time. > > I'd concur with MattN's bug 771630 comment 7 statement -- we should probably > just go ahead and move these pwmgr exceptions into nsIPermissionManager. > It's just a historical quirk that they're separate. Sounds good, but then this is blocked on bug 1058433... Marco, can you update the spreadsheet accordingly?
Flags: needinfo?(mmucci)
Comment 3•10 years ago
|
||
Spreadsheet updated and block added.
>
> Sounds good, but then this is blocked on bug 1058433... Marco, can you
> update the spreadsheet accordingly?
Depends on: 1058433
Flags: needinfo?(mmucci)
Comment hidden (obsolete) |
Comment hidden (obsolete) |
Comment hidden (obsolete) |
Comment hidden (obsolete) |
Reporter | ||
Comment 8•10 years ago
|
||
partly-obsolete |
I'm not planning to work on this, but thought I should outline the current plan that dolske and I came up with for the poor soul who draws this short straw :) * The password manager is also used by Fennec - but Fennec uses a different storage implementation - sqlite vs json used in the desktop. We decided to try and avoid touching Fennec for now. * The JSON storage implementation would, at startup, check to see if there are any disabledHosts in the JSON data, and if so, migrate them to the permission manager and delete them from the JSON. Thus, this migration should only happen once and should handle the case when the user then uses the profile with an earlier Fx version, potentially causing items to reappear. * The storage implementation would just delegate the 3 related methods (setLoginSavingEnabled, getLoginSavingEnabled and getAllDisabledHosts) to the permission manager. * At some point in the future we would issue deprecation warnings when these methods are called, but we can't do that until all callers in the tree are updated to call the permission manager directly - and we probably can't do this until Fennec is addressed. * Delegation to the permission manager has a number of implications for callers. The current implementation treats, eg, http:// and https:// schemes for the same host as different entries, and similarly for hosts with a port explicitly specified. However, the permission manager does not make this distinction. This is of particular concern for getAllDisabledHosts() - currently that returns a full URL (ie, including scheme and optionally port) whereas with this model it would change to just returning the host. As getAllDisabledHosts() often just passes the hosts back to setLoginSavingEnabled(), we'd want to change set/getLoginSavingEnabled to accept *either* a full URL or just a host. * We then need to look at all callers in the tree of these 3 methods. Ones that are only used by desktop should be changed to call the permission manager directly. Those shared with Fennec will need to be tested to ensure they still work correctly in both cases. * We open a bug for the fennec team to do their side of the migration. The thinking here was that they could treat this as a "schema upgrade" and use the schema version as the trigger to perform the migration to the permission manager. * We open a bug to issue the deprecation warnings. These would primarily be for addon authors so they know to change to the new world order. * We possibly open a bug to remove these methods completely at some point far in the future. FTR, attaching a very rough proof-of-concept - it doesn't do much useful at all yet, but should give some idea...
Reporter | ||
Updated•10 years ago
|
Summary: Password manager should record the time a domain was marked as "never remember" and offer a way to reset those changed after a specified date → Password manager should use the permission manager to manage domains marked as "never remember"
Reporter | ||
Comment 9•10 years ago
|
||
(In reply to Mark Hammond [:markh] from comment #8) > * Delegation to the permission manager has a number of implications for > callers. The current implementation treats, eg, http:// and https:// > schemes for the same host as different entries, and similarly for hosts with > a port explicitly specified. However, the permission manager does not make > this distinction. Turns out this is a bug rather than a feature! See bug 1066517.
Comment 10•9 years ago
|
||
(In reply to Mark Hammond [:markh] from comment #9) > (In reply to Mark Hammond [:markh] from comment #8) > > * Delegation to the permission manager has a number of implications for > > callers. The current implementation treats, eg, http:// and https:// > > schemes for the same host as different entries, and similarly for hosts with > > a port explicitly specified. However, the permission manager does not make > > this distinction. > > Turns out this is a bug rather than a feature! See bug 1066517. That's changing in bug 1165263 now :)
Updated•9 years ago
|
Keywords: student-project
Comment 11•9 years ago
|
||
Hi, I would like to take on this bug. Could you outline the steps I should take? Thanks!
Reporter | ||
Comment 12•9 years ago
|
||
(In reply to Kapeel Sable from comment #11) > Hi, I would like to take on this bug. Could you outline the steps I should > take? Thanks! That's awesome! This bug may turn out to be alot of work, but if that doesn't deter you, the comments above have most of the information you need, particularly comment 8 and the patch attached. However, the good news is that the talk about the http/https/port distinction is no longer relevant and can be ignored - the permission manager now does correctly treat http/https/different-port-numbers as unique entries in the same way the login manager requires. Let us know if you have any questions (and select the "need more information from" :MattN or myself so we don't miss it :)
Comment 13•8 years ago
|
||
I recently started working on this. I used your patch as the starting point and modified it to work as expected (the MDN docs about nsIPermissionManager.remove() seem out of date!). (In reply to Mark Hammond [:markh] from comment #8) > * The JSON storage implementation would, at startup, check to see if there > are any disabledHosts in the JSON data, and if so, migrate them to the > permission manager and delete them from the JSON. Thus, this migration > should only happen once and should handle the case when the user then uses > the profile with an earlier Fx version, potentially causing items to > reappear. I didn't touch this part of the patch, I am a little confused due inexperience with profiles within earlier Firefox version. Could you please guide as to what more needs to be done here? > * The storage implementation would just delegate the 3 related methods > (setLoginSavingEnabled, getLoginSavingEnabled and getAllDisabledHosts) to > the permission manager. I feel this is complete and it's working per my testing. > * Delegation to the permission manager has a number of implications for > callers. The current implementation treats, eg, http:// and https:// > schemes for the same host as different entries, and similarly for hosts with > a port explicitly specified. However, the permission manager does not make > this distinction. This is of particular concern for getAllDisabledHosts() - > currently that returns a full URL (ie, including scheme and optionally port) > whereas with this model it would change to just returning the host. As > getAllDisabledHosts() often just passes the hosts back to > setLoginSavingEnabled(), we'd want to change set/getLoginSavingEnabled to > accept *either* a full URL or just a host. I ignored this part like you said in the last comment. > * We then need to look at all callers in the tree of these 3 methods. Ones > that are only used by desktop should be changed to call the permission > manager directly. Those shared with Fennec will need to be tested to ensure > they still work correctly in both cases. How do I distinguish callers used by desktop? Should I be looking in any specific directories? I believe the next step in fixing this bug is changing the callers used by desktop Firefox.
Flags: needinfo?(markh)
Reporter | ||
Comment 14•8 years ago
|
||
Comment on attachment 8704613 [details] [diff] [review] 1058438_poc.diff Review of attachment 8704613 [details] [diff] [review]: ----------------------------------------------------------------- I'm very sorry for the delay here. I think this seems to be looking OK, but when it gets closer I'll be asking someone else to help with the reviews. > How do I distinguish callers used by desktop? Should I be looking in any specific directories? Probably just by searching for the function names in dxr.mozilla.org. > I believe the next step in fixing this bug is changing the callers used by desktop Firefox. Apart from the comments below, that sounds correct. ::: toolkit/components/passwordmgr/storage-json.js @@ +88,5 @@ > // We won't attempt import again on next startup. > Services.prefs.setBoolPref("signon.importedFromSqlite", true); > + }.bind(this)).catch(Cu.reportError) > + .then(Task.spawn(function () { > + // If the storage has a disabledHosts entry we migrate them nit - this function is using 4-space indents - it should be 2. @@ +408,5 @@ > this._sendNotification("removeAllLogins", null); > }, > > + // All disabledHost APIs are now delegated to the permission manager > + // after issuing a deprecation warning nit: whitespace at the end of line (and I guess it should end with a period) @@ +414,2 @@ > getAllDisabledHosts(count) { > + let enumerator = Services.perms.enumerator; We need the deprecation warning, and I think we should make an attempt to find all the callers in the tree and update them. @@ +414,5 @@ > getAllDisabledHosts(count) { > + let enumerator = Services.perms.enumerator; > + let disabledHosts = []; > + while (enumerator.hasMoreElements()) { > + let perm = enumerator.getNext(); nit: 4 space indents in this block should be replaced with 2 spaces. @@ +426,5 @@ > count.value = disabledHosts.length; // needed for XPCOM > return disabledHosts; > }, > > getLoginSavingEnabled(hostname) { A quick look at the callers implies they are correctly passing a URL rather than just the hostname, so I think we should rename this param to something like origin. We should probably issue the deprecation warning here too and change all callers in the tree where possible. @@ +434,3 @@ > }, > > setLoginSavingEnabled(hostname, enabled) { comments above apply here too
Reporter | ||
Updated•8 years ago
|
Flags: needinfo?(markh)
Comment 15•8 years ago
|
||
Hey Kapeel, are you still interested in finishing this?
Flags: needinfo?(kapeels42)
Updated•8 years ago
|
Assignee: nobody → saad
Status: NEW → ASSIGNED
Flags: needinfo?(kapeels42)
Assignee | ||
Comment 16•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/62440/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/62440/
Assignee | ||
Comment 17•8 years ago
|
||
(In reply to Saad Quadri [:saadq] from comment #16) > Created attachment 8768143 [details] > Bug 1058438 - Delegate disabledHost APIs to the permission manager. > > Review commit: https://reviewboard.mozilla.org/r/62440/diff/#index_header > See other reviews: https://reviewboard.mozilla.org/r/62440/ ^ Addressed nits.
Assignee | ||
Comment 18•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/63772/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/63772/
Attachment #8770314 -
Flags: review?(MattN+bmo)
Attachment #8770315 -
Flags: review?(MattN+bmo)
Attachment #8770316 -
Flags: review?(MattN+bmo)
Attachment #8768143 -
Flags: review?(MattN+bmo)
Assignee | ||
Comment 19•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/63774/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/63774/
Assignee | ||
Comment 20•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/63776/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/63776/
Assignee | ||
Comment 21•8 years ago
|
||
Comment on attachment 8768143 [details] Bug 1058438 - Delegate disabledHost APIs to the permission manager. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/62440/diff/1-2/
Assignee | ||
Comment 22•8 years ago
|
||
Comment on attachment 8770315 [details] Bug 1058438 - Migrate disabledHosts from sqlite storage to permission manager. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/63774/diff/1-2/
Assignee | ||
Updated•8 years ago
|
Attachment #8768143 -
Attachment is obsolete: true
Attachment #8768143 -
Flags: review?(MattN+bmo)
Assignee | ||
Updated•8 years ago
|
Attachment #8770314 -
Attachment is obsolete: true
Attachment #8770314 -
Flags: review?(MattN+bmo)
Assignee | ||
Updated•8 years ago
|
Attachment #8770316 -
Attachment is obsolete: true
Attachment #8770316 -
Flags: review?(MattN+bmo)
Assignee | ||
Comment 23•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/63788/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/63788/
Attachment #8770322 -
Flags: review?(MattN+bmo)
Attachment #8770323 -
Flags: review?(MattN+bmo)
Attachment #8770324 -
Flags: review?(MattN+bmo)
Assignee | ||
Comment 24•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/63790/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/63790/
Assignee | ||
Comment 25•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/63792/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/63792/
Assignee | ||
Comment 26•8 years ago
|
||
Comment on attachment 8770315 [details] Bug 1058438 - Migrate disabledHosts from sqlite storage to permission manager. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/63774/diff/2-3/
Updated•8 years ago
|
Attachment #8488448 -
Attachment is obsolete: true
Updated•8 years ago
|
Attachment #8704613 -
Attachment is obsolete: true
Comment 27•8 years ago
|
||
Comment on attachment 8770322 [details] Bug 1058438 - Migrate disabledHosts from json storage to permission manager. https://reviewboard.mozilla.org/r/63788/#review60836 ::: toolkit/components/passwordmgr/storage-json.js:30 (Diff revision 1) > +// The permission type we store in the permission manager. > +const PERMISSION_TYPE_LOGIN = "login-saving"; Nit: PERMISSION_SAVE_LOGINS is more descriptive. I think this name was leftover from when it was "logins". ::: toolkit/components/passwordmgr/storage-json.js:105 (Diff revision 1) > } catch (e) { > + dump("Initialization failed: " + e + "\n"); > this.log("Initialization failed:", e); > throw new Error("Initialization failed"); Please remove this line as the `this.log` should be sufficient. ::: toolkit/components/passwordmgr/storage-json.js:398 (Diff revision 1) > + // All disabledHost APIs are now delegated to the permission manager > + // after issuing a deprecation warning. > getAllDisabledHosts(count) { This comment is stale as we aren't going to do a deprecation warning. ::: toolkit/components/passwordmgr/storage-json.js (Diff revision 1) > - this.log("_getAllDisabledHosts: returning", disabledHosts.length, "disabled hosts."); > if (count) > count.value = disabledHosts.length; // needed for XPCOM > + > + this.log("_getAllDisabledHosts: returning", disabledHosts.length, "disabled hosts."); Nit: can you move this back to avoid changing blame unnecessarily.
Attachment #8770322 -
Flags: review?(MattN+bmo) → review+
Comment 28•8 years ago
|
||
https://reviewboard.mozilla.org/r/63788/#review60840 ::: toolkit/components/passwordmgr/LoginStore.jsm:272 (Diff revision 1) > + // Stub needed for login imports before data has been migrated. > if (!this.data.disabledHosts) { > this.data.disabledHosts = []; > } Please file a follow-up bug blocking this one to remove this backwards compatible code at some point. ::: toolkit/components/passwordmgr/storage-json.js:398 (Diff revision 1) > + // All disabledHost APIs are now delegated to the permission manager > + // after issuing a deprecation warning. > getAllDisabledHosts(count) { Can you also remove the code at https://dxr.mozilla.org/mozilla-central/rev/88bebcaca249aeaca9197382e89d35b02be8292e/toolkit/forgetaboutsite/ForgetAboutSite.jsm#147 since it's basically a duplicate of the permission code below it now.
Updated•8 years ago
|
Attachment #8770323 -
Flags: review?(MattN+bmo)
Comment 29•8 years ago
|
||
Comment on attachment 8770323 [details] Bug 1058438 - Add additional tests for disabledHost APIs with nonascii characters in URLs. https://reviewboard.mozilla.org/r/63790/#review60844 ::: toolkit/components/passwordmgr/test/unit/test_disabled_hosts.js:170 (Diff revision 1) > + let hostname = "http://√.com"; > + let encoding = "http://xn--19g.com"; > + > + Services.logins.setLoginSavingEnabled(hostname, false); I had suggested testing setting of an ascii "xn--…" version as well. Can you please add that too?
Comment 30•8 years ago
|
||
Comment on attachment 8770315 [details] Bug 1058438 - Migrate disabledHosts from sqlite storage to permission manager. https://reviewboard.mozilla.org/r/63774/#review60846 ::: toolkit/components/passwordmgr/storage-mozStorage.js:7 (Diff revision 3) > * License, v. 2.0. If a copy of the MPL was not distributed with this > * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ > > const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components; > -const DB_VERSION = 5; // The database schema version > +const DB_VERSION = 6; // The database schema version > +const PERMISSION_TYPE_LOGIN = "login-saving"; Same name comment as JSON ::: toolkit/components/passwordmgr/storage-mozStorage.js:638 (Diff revision 3) > + if (perm.type == PERMISSION_TYPE_LOGIN > + && perm.capability == Services.perms.DENY_ACTION) { This can fit on one line (< 100 characters). This same applies to JSON. ::: toolkit/components/passwordmgr/storage-mozStorage.js:1314 (Diff revision 3) > + query = "FLUSH TABLE moz_disabledHosts"; > + this._dbConnection.executeSimpleSQL(query); Did you test this? I don't see any evidence that FLUSH TABLE works on sqlite. StackOverflow is suggesting a `DELETE FROM` with no `WHERE`.
Attachment #8770315 -
Flags: review?(MattN+bmo) → review-
Comment 31•8 years ago
|
||
https://reviewboard.mozilla.org/r/63774/#review60852 ::: toolkit/components/passwordmgr/storage-mozStorage.js:119 (Diff revision 3) > moz_disabledHosts: "id INTEGER PRIMARY KEY," + > "hostname TEXT UNIQUE ON CONFLICT REPLACE", We shouldn't be creating the table in new profiles. the `_queryDisableHosts` method conveniently returns an empty array if the query fails so this won't break a user who uses their profile first on a build with this patch but then downgrades to an old one. ::: toolkit/components/passwordmgr/storage-mozStorage.js:820 (Diff revision 3) > * _queryDisabledHosts > * > * Returns an array of hostnames from the database according to the > * criteria given in the argument. If the argument hostname is null, the > * result array contains all hostnames > */ > _queryDisabledHosts : function (hostname) { > let disabledHosts = []; I think this is unused now ::: toolkit/components/passwordmgr/storage-mozStorage.js:1356 (Diff revision 3) > query = "SELECT " + > "id, " + > "hostname " + > "FROM moz_disabledHosts"; > try { > let stmt = this._dbConnection.createStatement(query); > // (no need to execute statement, if it compiled we're good) > stmt.finalize(); > } catch (e) { > return false; > } This should probably be removed too
Comment 32•8 years ago
|
||
Comment on attachment 8770324 [details] Bug 1058438 - Add test for disabledHost migration to sqlite v6 in Fennec. https://reviewboard.mozilla.org/r/63792/#review60850 ::: toolkit/components/passwordmgr/test/unit/test_storage_mozStorage.js:9 (Diff revision 1) > */ > > > const ENCTYPE_BASE64 = 0; > const ENCTYPE_SDR = 1; > +const PERMISSION_TYPE_LOGIN = "login-saved"; Same comment as the other two. ::: toolkit/components/passwordmgr/test/unit/test_storage_mozStorage.js:175 (Diff revision 1) > storage = reloadStorage(OUTDIR, "signons-v1.sqlite"); > +storage.setLoginSavingEnabled("https://disabled.net", false); > checkStorageData(storage, ["https://disabled.net"], [testuser1, testuser2]); > +storage.setLoginSavingEnabled("https://disabled.net", true); Why is the necessary for the upgrade cases? I thought the set would only be needed for downgrade. ::: toolkit/components/passwordmgr/test/unit/test_storage_mozStorage.js:389 (Diff revision 1) > do_check_true(dbConnection.tableExists("moz_deleted_logins")); > > - > /* ========== 11 ========== */ > testnum++; > +testdesc = "Test upgrade from v4->v6 storage" // TODO: Should be v5->v6 Nit: you can remove the TODO ::: toolkit/components/passwordmgr/test/unit/test_storage_mozStorage.js:389 (Diff revision 1) > +testdesc = "Test upgrade from v4->v6 storage" // TODO: Should be v5->v6 > + > +yield* copyFile("signons-v4.sqlite"); > + > +// Sanity check the test file. > +dbConnection = openDB("signons-v4.sqlite"); When I said that you can use the v4 sqlite file I thought that it contained some disabled host entries already so it's actually testing the upgrade. Since it doesn't I think we should make a signons-v5v6.sqlite which has moz_disabledHosts records and test that they are migrated.
Attachment #8770324 -
Flags: review?(MattN+bmo)
Comment 34•8 years ago
|
||
Driveby comment: why not delete [gs]etLoginSavingEnabled and getAllDisabledHosts from nsILoginManagerStorage.idl (and the implementations, obviously), and have nsLoginManager.js's version of these APIs talk directly with the permission manager? (instead of delegating to the storage module, as they do now) Also, it's worth noting that actually deleting the moz_disabledHosts table is will break forward-compatibility -- if an Android user ever runs an older version of Fennec, _dbAreExpectedColumnsPresent() will throw and we treat the DB as corrupted. The good news is that we'll recover, the bad news is that we do so by nuking the entire DB and starting over from scratch -- all your passwords are deleted. If this was on desktop, I'd say that's unacceptable risk of dataloss, and that we should avoid it by keeping the (empty) moz_disabledHosts table around permanently (and continue to create it in new profiles)... OTOH, this is Android, and I'm not sure that we ever expect users to run older versions. (And AIUI the different release channels on Android effectively have different profiles, so you can't hit this by trying a Nightly and then switching back to Release.) Still -- is that an explicit decision that was considered?
Comment 35•8 years ago
|
||
(In reply to Justin Dolske [:Dolske] from comment #34) > Driveby comment: why not delete [gs]etLoginSavingEnabled and > getAllDisabledHosts from nsILoginManagerStorage.idl (and the > implementations, obviously), and have nsLoginManager.js's version of these > APIs talk directly with the permission manager? (instead of delegating to > the storage module, as they do now) Good idea. I forgot about the indirection here. > Also, it's worth noting that actually deleting the moz_disabledHosts table > is will break forward-compatibility -- if an Android user ever runs an older > version of Fennec, _dbAreExpectedColumnsPresent() will throw and we treat > the DB as corrupted. The good news is that we'll recover, the bad news is > that we do so by nuking the entire DB and starting over from scratch -- all > your passwords are deleted. > > If this was on desktop, I'd say that's unacceptable risk of dataloss, and > that we should avoid it by keeping the (empty) moz_disabledHosts table > around permanently (and continue to create it in new profiles)... OTOH, this > is Android, and I'm not sure that we ever expect users to run older > versions. (And AIUI the different release channels on Android effectively > have different profiles, so you can't hit this by trying a Nightly and then > switching back to Release.) > > Still -- is that an explicit decision that was considered? Yes, I did think about it and that's why we're not deleting the table, only emptying it. I was suggesting in comment 31 that we don't create the table for new profiles in new builds which means we would hit this problem if a mobile user first installs a version using perm-mgr, saves some passwords, and then downgrades. In my skimming of the code I didn't realize we would nuke the DB for that case. I guess we can continue to create the empty table until enough versions of Fx in the wild have the new code and we no longer care about downgrading to the older ones. As you say though, because this is Android, maybe we don't need to worry about this case since it's uncommon/hard to do a downgrade with the same profile? I guess it may be possible via installing from FTP or restoring an old backup of an app somehow but those seem like edge cases.
Assignee | ||
Comment 36•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/65372/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/65372/
Attachment #8770322 -
Attachment description: Bug 1058438 - Delegate disabledHost APIs to the permission manager. → Bug 1058438 - Migrate disabledHosts from json storage to permission manager.
Attachment #8770315 -
Attachment description: Bug 1058438 - Delegate disabledHost APIs to the permission manager for Fennec. → Bug 1058438 - Migrate disabledHosts from sqlite storage to permission manager.
Attachment #8770323 -
Attachment description: Bug 1058438 - Add additional tests for disabledHost APIs in desktop with nonascii characters in URLs. → Bug 1058438 - Add additional tests for disabledHost APIs with nonascii characters in URLs.
Attachment #8770324 -
Attachment description: Bug 1058438 - Add test for disabledHost migration for sqlite v6 in Fennec. → Bug 1058438 - Add test for disabledHost migration to sqlite v6 in Fennec.
Attachment #8772616 -
Flags: review?(MattN+bmo)
Attachment #8770315 -
Flags: review- → review?(MattN+bmo)
Attachment #8770323 -
Flags: review?(MattN+bmo)
Attachment #8770324 -
Flags: review?(MattN+bmo)
Assignee | ||
Comment 37•8 years ago
|
||
Comment on attachment 8770322 [details] Bug 1058438 - Migrate disabledHosts from json storage to permission manager. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/63788/diff/1-2/
Assignee | ||
Comment 38•8 years ago
|
||
Comment on attachment 8770315 [details] Bug 1058438 - Migrate disabledHosts from sqlite storage to permission manager. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/63774/diff/3-4/
Assignee | ||
Comment 39•8 years ago
|
||
Comment on attachment 8770323 [details] Bug 1058438 - Add additional tests for disabledHost APIs with nonascii characters in URLs. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/63790/diff/1-2/
Assignee | ||
Comment 40•8 years ago
|
||
Comment on attachment 8770324 [details] Bug 1058438 - Add test for disabledHost migration to sqlite v6 in Fennec. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/63792/diff/1-2/
Comment 41•8 years ago
|
||
Comment on attachment 8772616 [details] Bug 1058438 - Remove disabledHost APIs from storage and use permission manager directly in LoginManager. https://reviewboard.mozilla.org/r/65372/#review62382 ::: toolkit/components/passwordmgr/LoginHelper.jsm:696 (Diff revision 1) > + * Send a notification when stored data is changed. > + */ > + sendNotification(changeType, data) { As I suggested when we were sitting together the other day, I think this method name should be named something like `notifyStorageChanged` since LoginHelper.sendNotification doesn't tell me what kind of notificatoin it will send and pwmgr sends more than one kind of notification. ::: toolkit/components/passwordmgr/nsLoginManager.js:357 (Diff revision 1) > getAllDisabledHosts(count) { > - log.debug("Getting a list of all disabled origins"); > + let disabledHosts = []; Can you leave this log line at the beginning please? ::: toolkit/components/passwordmgr/nsLoginManager.js:370 (Diff revision 1) > + > + log.debug("_getAllDisabledHosts: returning", disabledHosts.length, "disabled hosts."); > + return disabledHosts; Nit: remove the leading underscore on the log message so it matches the method name ::: toolkit/components/passwordmgr/nsLoginManager.js:456 (Diff revision 1) > + if (enabled) > + Services.perms.remove(uri, PERMISSION_SAVE_LOGINS); > + else > + Services.perms.add(uri, PERMISSION_SAVE_LOGINS, Services.perms.DENY_ACTION); > The newer style is to include braces `if`/`else` even if their body is a single-line.
Attachment #8772616 -
Flags: review?(MattN+bmo) → review+
Updated•8 years ago
|
Attachment #8770315 -
Flags: review?(MattN+bmo) → review+
Comment 43•8 years ago
|
||
Comment on attachment 8770315 [details] Bug 1058438 - Migrate disabledHosts from sqlite storage to permission manager. https://reviewboard.mozilla.org/r/63774/#review62392 ::: toolkit/components/passwordmgr/storage-mozStorage.js:1198 (Diff revision 4) > + while (stmt.executeStep()) > + disabledHosts.push(stmt.row.hostname); > + Nit: Can you include braces here too? ::: toolkit/components/passwordmgr/storage-mozStorage.js:1201 (Diff revision 4) > + for (let host of disabledHosts) { > + let uri = Services.io.newURI(host, null, null); > + Services.perms.add(uri, PERMISSION_SAVE_LOGINS, Services.perms.DENY_ACTION); I'm thinking we should wrap the inside of the loop in `try…catch` as I worry about invalid URIs causing newURI to throw and I think we should continue migrating the others in that case. We can log with Cu.reportError if that happens.
Comment 44•8 years ago
|
||
https://reviewboard.mozilla.org/r/63788/#review62396 ::: toolkit/components/passwordmgr/storage-json.js:97 (Diff revision 2) > + for (let host of this._store.data.disabledHosts) { > + let uri = Services.io.newURI(host, null, null); > + Services.perms.add(uri, PERMISSION_SAVE_LOGINS, Services.perms.DENY_ACTION); > + } (same as mozstorage:) I'm thinking we should wrap the inside of the loop in `try…catch` as I worry about invalid URIs causing newURI to throw and I think we should continue migrating the others in that case. We can log with Cu.reportError if that happens.
Comment 45•8 years ago
|
||
Comment on attachment 8770323 [details] Bug 1058438 - Add additional tests for disabledHost APIs with nonascii characters in URLs. https://reviewboard.mozilla.org/r/63790/#review62398
Attachment #8770323 -
Flags: review?(MattN+bmo) → review+
Updated•8 years ago
|
Attachment #8770324 -
Flags: review?(MattN+bmo) → review+
Comment 46•8 years ago
|
||
Comment on attachment 8770324 [details] Bug 1058438 - Add test for disabledHost migration to sqlite v6 in Fennec. https://reviewboard.mozilla.org/r/63792/#review62402 Looking good. Just some small issues remaining. ::: toolkit/components/passwordmgr/test/unit/test_storage_mozStorage.js:62 (Diff revision 2) > -function checkStorageData(storage, ref_disabledHosts, ref_logins) > +function checkStorageData(storage, ref_logins) > { > LoginTestUtils.assertLoginListsEqual(storage.getAllLogins(), ref_logins); > - LoginTestUtils.assertDisabledHostsEqual(storage.getAllDisabledHosts(), > - ref_disabledHosts); > } So my understanding when we discussed removing this on IRC was that it wasn't adding value over the test specifically for disabledHosts but in this case it actually is testing that the data is preserved across the various schema versions so I think we should keep it. Isn't the simple solution to change the line to get all the disabled hosts from the permission manager then pass them to assertDisabledHostsEqual? ::: toolkit/components/passwordmgr/test/unit/test_storage_mozStorage.js:91 (Diff revision 2) > var encType = stmt.row.encType; > stmt.finalize(); > return encType; > } > > +function getAllDisabledHosts(conn) { `getAllDisabledHostsFromMozStorage`? ::: toolkit/components/passwordmgr/test/unit/test_storage_mozStorage.js:95 (Diff revision 2) > + while (stmt.executeStep()) > + disabledHosts.push(stmt.row.hostname); > + Nit: braces please ::: toolkit/components/passwordmgr/test/unit/test_storage_mozStorage.js:407 (Diff revision 2) > +]; > + > +LoginTestUtils.assertDisabledHostsEqual(disabledHosts, getAllDisabledHosts(dbConnection)); > + > +// Reload storage > +storage = reloadStorage(OUTDIR, "signons-v5v6.sqlite"); Reminder to VACUUM this file if you didn't already
Assignee | ||
Comment 47•8 years ago
|
||
Comment on attachment 8772616 [details] Bug 1058438 - Remove disabledHost APIs from storage and use permission manager directly in LoginManager. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/65372/diff/1-2/
Assignee | ||
Comment 48•8 years ago
|
||
Comment on attachment 8770322 [details] Bug 1058438 - Migrate disabledHosts from json storage to permission manager. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/63788/diff/2-3/
Assignee | ||
Comment 49•8 years ago
|
||
Comment on attachment 8770315 [details] Bug 1058438 - Migrate disabledHosts from sqlite storage to permission manager. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/63774/diff/4-5/
Assignee | ||
Comment 50•8 years ago
|
||
Comment on attachment 8770323 [details] Bug 1058438 - Add additional tests for disabledHost APIs with nonascii characters in URLs. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/63790/diff/2-3/
Assignee | ||
Comment 51•8 years ago
|
||
Comment on attachment 8770324 [details] Bug 1058438 - Add test for disabledHost migration to sqlite v6 in Fennec. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/63792/diff/2-3/
Assignee | ||
Comment 52•8 years ago
|
||
https://reviewboard.mozilla.org/r/63792/#review62402 > So my understanding when we discussed removing this on IRC was that it wasn't adding value over the test specifically for disabledHosts but in this case it actually is testing that the data is preserved across the various schema versions so I think we should keep it. Isn't the simple solution to change the line to get all the disabled hosts from the permission manager then pass them to assertDisabledHostsEqual? I changed it to use the disabled hosts in the permission manager instead, which required me to use `setLoginSavingEnabled` in one place and to remove that entry in another. I used the disabledHost APIs on `Services.logins` instead of using the permission manager directly in order to minimize repetition, such as the code for the iteration when getting all the disabled hosts from the permission manager. Do you want me to keep it like this or do you just want me to still use `Services.perms` directly and maybe add a function to the top of the file like `getAllDisabledHostsFromPermissionManager` ?
Assignee | ||
Comment 53•8 years ago
|
||
Comment on attachment 8772616 [details] Bug 1058438 - Remove disabledHost APIs from storage and use permission manager directly in LoginManager. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/65372/diff/2-3/
Assignee | ||
Comment 54•8 years ago
|
||
Comment on attachment 8770322 [details] Bug 1058438 - Migrate disabledHosts from json storage to permission manager. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/63788/diff/3-4/
Assignee | ||
Comment 55•8 years ago
|
||
Comment on attachment 8770315 [details] Bug 1058438 - Migrate disabledHosts from sqlite storage to permission manager. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/63774/diff/5-6/
Assignee | ||
Comment 56•8 years ago
|
||
Comment on attachment 8770323 [details] Bug 1058438 - Add additional tests for disabledHost APIs with nonascii characters in URLs. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/63790/diff/3-4/
Assignee | ||
Comment 57•8 years ago
|
||
Comment on attachment 8770324 [details] Bug 1058438 - Add test for disabledHost migration to sqlite v6 in Fennec. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/63792/diff/3-4/
Comment 58•8 years ago
|
||
https://reviewboard.mozilla.org/r/63792/#review62402 > I changed it to use the disabled hosts in the permission manager instead, which required me to use `setLoginSavingEnabled` in one place and to remove that entry in another. I used the disabledHost APIs on `Services.logins` instead of using the permission manager directly in order to minimize repetition, such as the code for the iteration when getting all the disabled hosts from the permission manager. Do you want me to keep it like this or do you just want me to still use `Services.perms` directly and maybe add a function to the top of the file like `getAllDisabledHostsFromPermissionManager` ? I was initially going to suggest using Services.logins but I think that test may be trying to avoid initializing nsLoginManager as it may interfere with the test. I'm not sure of this though. I think a helper like `getAllDisabledHostsFromPermissionManager` avoids the issue though and ensures that the actual data is migrated properly.
Comment 59•8 years ago
|
||
https://reviewboard.mozilla.org/r/65372/#review62706 ::: toolkit/components/passwordmgr/nsLoginManager.js (Diff revisions 1 - 3) > } > > if (count) > count.value = disabledHosts.length; // needed for XPCOM > > - log.debug("_getAllDisabledHosts: returning", disabledHosts.length, "disabled hosts."); I'm not sure why you got rid of this now? The only problem was the underscore at the beginning of the log message.
Comment 60•8 years ago
|
||
https://reviewboard.mozilla.org/r/63788/#review62708 Looks good :)
Assignee | ||
Comment 63•8 years ago
|
||
https://reviewboard.mozilla.org/r/65372/#review62706 > I'm not sure why you got rid of this now? The only problem was the underscore at the beginning of the log message. Oh, not sure what happened there, I'll get that fixed.
Assignee | ||
Comment 64•8 years ago
|
||
Comment on attachment 8772616 [details] Bug 1058438 - Remove disabledHost APIs from storage and use permission manager directly in LoginManager. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/65372/diff/3-4/
Assignee | ||
Comment 65•8 years ago
|
||
Comment on attachment 8770322 [details] Bug 1058438 - Migrate disabledHosts from json storage to permission manager. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/63788/diff/4-5/
Assignee | ||
Comment 66•8 years ago
|
||
Comment on attachment 8770315 [details] Bug 1058438 - Migrate disabledHosts from sqlite storage to permission manager. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/63774/diff/6-7/
Assignee | ||
Comment 67•8 years ago
|
||
Comment on attachment 8770323 [details] Bug 1058438 - Add additional tests for disabledHost APIs with nonascii characters in URLs. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/63790/diff/4-5/
Assignee | ||
Comment 68•8 years ago
|
||
Comment on attachment 8770324 [details] Bug 1058438 - Add test for disabledHost migration to sqlite v6 in Fennec. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/63792/diff/4-5/
Comment 69•8 years ago
|
||
Looks good! Can you do a try push and then set checkin-needed?
Flags: needinfo?(saad)
Assignee | ||
Comment 70•8 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=1eafd8dda437&filter-resultStatus=success&filter-resultStatus=testfailed&filter-resultStatus=busted&filter-resultStatus=exception&filter-resultStatus=retry&filter-resultStatus=usercancel&filter-resultStatus=runnable
Flags: needinfo?(saad)
Keywords: checkin-needed
Comment 71•8 years ago
|
||
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/fx-team/rev/13df5d72d373 Remove disabledHost APIs from storage and use permission manager directly in LoginManager. r=MattN https://hg.mozilla.org/integration/fx-team/rev/d15abe37a931 Migrate disabledHosts from json storage to permission manager. r=MattN https://hg.mozilla.org/integration/fx-team/rev/f0ef54ffcec1 Migrate disabledHosts from sqlite storage to permission manager. r=MattN https://hg.mozilla.org/integration/fx-team/rev/5d761723a899 Add additional tests for disabledHost APIs with nonascii characters in URLs. r=MattN https://hg.mozilla.org/integration/fx-team/rev/34e32a1c5cef Add test for disabledHost migration to sqlite v6 in Fennec. r=MattN
Keywords: checkin-needed
Comment 72•8 years ago
|
||
backed out for failures like https://treeherder.mozilla.org/logviewer.html#?job_id=10733656&repo=fx-team
Flags: needinfo?(saad)
Comment 73•8 years ago
|
||
Backout by cbook@mozilla.com: https://hg.mozilla.org/integration/fx-team/rev/b3a92e3d6ae3 Backed out changeset 34e32a1c5cef https://hg.mozilla.org/integration/fx-team/rev/cdca902ad554 Backed out changeset 5d761723a899 https://hg.mozilla.org/integration/fx-team/rev/1c60e002f023 Backed out changeset f0ef54ffcec1 https://hg.mozilla.org/integration/fx-team/rev/b93bc99d4c6e Backed out changeset d15abe37a931 https://hg.mozilla.org/integration/fx-team/rev/1bb05a19ff9d Backed out changeset 13df5d72d373 for rc2 failures
Comment 74•8 years ago
|
||
(In reply to Carsten Book [:Tomcat] from comment #72) > backed out for failures like > https://treeherder.mozilla.org/logviewer.html#?job_id=10733656&repo=fx-team I guess that's referring to this line: https://dxr.mozilla.org/mozilla-central/rev/4c05938a64a7fde3ac2d7f4493aee1c5f2ad8a0a/mobile/android/tests/browser/robocop/src/org/mozilla/gecko/tests/testPasswordProvider.java#55 It's probably worth sanity-checking that the SQLite backend doesn't have an obvious mistake.
Comment 75•8 years ago
|
||
On an unrelated note, I noticed that the migration code doesn't seem to work (at least for the JSON backend) because the migration code is running before the storage backend data is ready which means it always bails at https://hg.mozilla.org/mozilla-central/annotate/d15abe37a931/toolkit/components/passwordmgr/storage-json.js#l94 I don't think we want to force the data backend initialization with ensureDataReady so I think we'll need a different solution.
Assignee | ||
Comment 76•8 years ago
|
||
Ah yeah, I missed that since I didn't have an explicit test for the migration (for the JSON backend anyway). And I'll try to see if there's something glaringly wrong with the SQL side.
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Assignee | ||
Updated•8 years ago
|
Flags: needinfo?(saad)
Keywords: checkin-needed
Comment 82•8 years ago
|
||
Pushed by mozilla@noorenberghe.ca: https://hg.mozilla.org/integration/autoland/rev/04e73415695b Remove disabledHost APIs from storage and use permission manager directly in LoginManager. r=MattN https://hg.mozilla.org/integration/autoland/rev/86825a2016c3 Migrate disabledHosts from json storage to permission manager. r=MattN https://hg.mozilla.org/integration/autoland/rev/c99c19b2588a Migrate disabledHosts from sqlite storage to permission manager. r=MattN https://hg.mozilla.org/integration/autoland/rev/983a207d2df9 Add additional tests for disabledHost APIs with nonascii characters in URLs. r=MattN https://hg.mozilla.org/integration/autoland/rev/da85a2ad0e70 Add test for disabledHost migration to sqlite v6 in Fennec. r=MattN
Keywords: checkin-needed
Comment 83•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/04e73415695b https://hg.mozilla.org/mozilla-central/rev/86825a2016c3 https://hg.mozilla.org/mozilla-central/rev/c99c19b2588a https://hg.mozilla.org/mozilla-central/rev/983a207d2df9 https://hg.mozilla.org/mozilla-central/rev/da85a2ad0e70
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox51:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
You need to log in
before you can comment on or make changes to this bug.