Closed Bug 1134852 Opened 7 years ago Closed 1 year ago

Update password manager recipes from a server/kinto/Remote Settings

Categories

(Toolkit :: Password Manager, enhancement, P3)

enhancement
Points:
8

Tracking

()

RESOLVED FIXED
83 Branch
Tracking Status
firefox83 --- fixed

People

(Reporter: MattN, Assigned: tgiles)

References

(Blocks 2 open bugs, )

Details

(Whiteboard: [passwords:recipes])

Attachments

(1 file)

Once we have recipes in their own file (bug 1134850), we should update them from a secure server periodically.

JSON schema:
```json
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "siteRecipes": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "description": {
            "type": "string"
          },
          "hosts": {
            "type": "array",
            "items": {
              "type": "string"
            }
          },
          "passwordSelector": {
            "type": "string"
          },
          "usernameSelector": {
            "type": "string"
          },
          "pathRegex": {
            "type": "string"
          },
          "notUsernameSelector": {
            "type": "string"
          },
          "notPasswordSelector": {
            "type": "string"
          }
        },
        "required": [
          "description",
          "hosts"
        ]
      }
    }
  },
  "required": [
    "siteRecipes"
  ]
}
```
Flags: qe-verify-
Flags: firefox-backlog+
Summary: Update password manager recipes from a server → Update password manager recipes from a server/kinto
Whiteboard: [passwords:recipes]
Matt, is it still something you would be interested in?
Plans for the new passwords team are still being worked on so I'm not sure yet. I'll mention this on IRC.
Assignee: nobody → bwong
Priority: -- → P3
Blocks: 1620649
Summary: Update password manager recipes from a server/kinto → Update password manager recipes from a server/kinto/Remote Settings

Hi Benson, are you still the right person to talk to about adding new collections to Remote Settings and kicking this off? I may have some questions for you shortly (e.g. related to tradeoffs on different schemas and versioning of the schema) if I don't find answer in the docs

Flags: needinfo?(bwong)
Flags: needinfo?(MattN+bmo)

Hi Matt, I can try to answer your questions.

About schemas:

  • we use them to generate the forms in the UI
  • records are validated on creation/update
  • the current schema version is stored as record attribute
  • when schema is updated, its version is bumped, but no record is modified
  • you can filter records based on their schema attribute

See also Kinto API docs https://docs.kinto-storage.org/en/stable/api/1.x/collections.html#collection-json-schema

Hi Matt,

Yes, I'm the right person to ask.
:leplatrem is the lead engineer and I will defer to him for very specific technical questions.

You can also engage with us in #delivery on slack. I'm in the PST timezone and Mat in a European (UTC+1) timezone.

Flags: needinfo?(bwong)
Assignee: bwong → tgiles
Status: NEW → ASSIGNED
Flags: needinfo?(mozilla+bmo)
Attachment #9175032 - Attachment description: Bug 1134852 - Update password manager recipes from Remote Settings. → Bug 1134852 - Update password manager recipes from Remote Settings. r=sfoster,leplatrem

:mkmelin,
This bug concerns moving away from the static, in-tree management of recipes for the passwordmgr to Remote Settings, where we can more quickly respond to login form changes in popular sites that would otherwise take weeks to get a fix to end users.

Specifically, the pref signon.recipes.path currently points to chrome://passwordmgr/content/recipes.json, and this patch would move it to resource://app/defaults/settings/main/password-recipes.json - which is a dump from remote settings. This will be essentially static for Fenix/ChromeView, only Firefox will sync these records from the Remote Settings server.

I know TB uses some functions of the password manager, but I don't know if it would ever load LoginRecipes.jsm, or if this new resource path will cause an issue for Thunderbird. Let me know here or on Element/Matrix.

Flags: needinfo?(mkmelin+mozilla)

Thanks. It looks like Thunderbird doesn't use any of that atm. I'd expect that we need to map/ship resource://app/defaults/settings/main/password-recipes.json though, to avoid test failures.

Flags: needinfo?(mkmelin+mozilla)
Attachment #9175032 - Attachment description: Bug 1134852 - Update password manager recipes from Remote Settings. r=sfoster,leplatrem → Bug 1134852 - Update password manager recipes from Remote Settings. r=sfoster,leplatrem,esawin
Pushed by cbrindusan@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/6435c885b3cb
Update password manager recipes from Remote Settings. r=sfoster,leplatrem,geckoview-reviewers,esawin
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → 83 Branch
You need to log in before you can comment on or make changes to this bug.