Closed
Bug 114118
Opened 23 years ago
Closed 23 years ago
password manager does not automatically forget incorrect passwords
Categories
(Core Graveyard :: Networking: FTP, defect, P2)
Core Graveyard
Networking: FTP
Tracking
(Not tracked)
VERIFIED
FIXED
mozilla0.9.9
People
(Reporter: waterson, Assigned: bbaetz)
References
Details
Attachments
(1 file, 1 obsolete file)
6.10 KB,
patch
|
dougt
:
review+
darin.moz
:
superreview+
|
Details | Diff | Splinter Review |
This is a follow-on bug to bug 113515. The problem is that rjc added code to
check for a 530 trying to fix bug 44325. The problem is that an FTP server will
return a 530 for _any_ login failure.
Reporter | ||
Comment 1•23 years ago
|
||
Note also that even _if_ we remove the 530 checking, there is still a problem
with the FTP protocol (or perhaps with wallet) where the connection just times
out. Anyway, feel free to mark this bug as INVALID. If you decide to do that,
then please remove the password manager code from nsFTPConnectionThread.cpp.
Comment 2•23 years ago
|
||
In Chris' first comment, make that bug # 44324 instead of bug # 44325, BTW. :)
Assignee | ||
Comment 3•23 years ago
|
||
I'm not sure what the correct behaviour is from a UI point of view. The current
behvaiour is obviously incorrect, though.
Given that we cannot differentiate between login failure types, I think the best
thing to do is to display the error, and then somehow tell the password manager
to reprompt if we try again. It shouldn't lose the stored password, but it
shouldn't return it automatically, either. Is this possible?
I will not get to this before I return at the end of Jan. Feel free to take this
bug from me.
Assignee | ||
Comment 4•23 years ago
|
||
Lets try for 0.9.9
Status: NEW → ASSIGNED
Priority: -- → P2
Target Milestone: --- → mozilla0.9.9
Comment 5•23 years ago
|
||
Just a note: In Composer's new publishing code, we remove the password from
the database if the user unchecks the "Use password manager to save password"
checkbox. Of course that's only if our nsIWebProgressListener callbacks are called.
So this bug won't affect the publishing feature.
Comment 6•23 years ago
|
||
Charlie, what about if the user enters an incorrect password when publishing?
Do you detect that and remove the password from the database then too?
It's the responsibility of each application (http auth, ftp auth, publishing,
etc) to explicitly call on password manager to remove incorrect paswords.
Password manager cannot detect if the password was invalid.
Assignee | ||
Comment 7•23 years ago
|
||
OK, try this. The problem was that the string we were asking for was different
to the string we were giving to delete the stored password.
This patch causes us to always use the PrePath. However, the observer callback
takes a url and then gets its spec, which has a trailing /, so we need to add
that to the initial prePath, which is passed in as a string (Why doesn't the
observer callback take a string, btw?)
Our behaviour for when login is denied is now the same as ns4, see bug 124561
for changing that.
Comment 8•23 years ago
|
||
Stephen: Composer publishing totaly manages the username and password -- we
store the username with other publishing data, and call to the PasswordManager
for that. If we get the appropriate nsIWebProgressListener prompt callbacks,
we will take care of fixing any username and password errors. Unfortunately, bugs
like bug 124561 stand in the way of that working right now :(
Comment 9•23 years ago
|
||
what about using nsIPasswordManager instead of this observer notification stuff?
that's what HTTP does. nsIPasswordManager.idl is part of necko.
Assignee | ||
Comment 10•23 years ago
|
||
So we now have two ways to cancel this then... Bleh.
Attachment #70462 -
Attachment is obsolete: true
Comment 11•23 years ago
|
||
Comment on attachment 70662 [details] [diff] [review]
v2
sr=darin
Attachment #70662 -
Flags: superreview+
Comment 12•23 years ago
|
||
Comment on attachment 70662 [details] [diff] [review]
v2
looks okay.
Attachment #70662 -
Flags: review+
Assignee | ||
Comment 14•23 years ago
|
||
Checked in.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Comment 15•22 years ago
|
||
Mozilla, 1.1 Mac OS X
VERIFIED: someone tell me if I got this wrong...
STEPS:
1- go to FTP URL w/ user w/o password. Enter incorrect password, check password
manager.
NOTE: failure to login.
2- go to same URL again.
NOTE: prompt re-appears.
3- enter correct password, check password manager.
4- Quit browser, re-access URL, login is automatic.
If composer is depending on this, please have the composer QA file a separate
bug, mark this as depends, then verify it there.
If I did this wrong, please reopen.
Status: RESOLVED → VERIFIED
Whiteboard: checkmac checklinux
Updated•10 months ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•