1152422 - mozilla.okta.com password is no longer saved

Status: RESOLVED FIXED

(Toolkit :: Password Manager, defect)

Description

[Chris Peterson [:cpeterson]]

After bug 1101026 was fixed (by bug 1101029), Nightly remembered my mozilla.okta.com password correctly. About a week ago, Nightly still remembered my password, but would show a doorhanger asking if I would like to update my (unchanged) saved password. Clicking the doorhanger's "Update Password" button did not prevent the doorhanger from being shown next time.

I tried to workaround this problem by removing my saved password (in Preferences > Security > Saved Passwords). Nightly forgot my mozilla.okta.com password, as expected, but did not offer to save my password the next time I logged in.

Comment 1

[Matthew N. [:MattN]]

Thanks for filing. I started investigating this yesterday.

Comment 2

[Simon Sapin (:SimonSapin)]

Rather than escalating again, I believe the proper fix is https://bugzilla.mozilla.org/show_bug.cgi?id=1105331 . Does anyone know who at MoCo is dealing with our relationship with Okta?

Comment 3

[:Gavin Sharp [email: gavin@gavinsharp.com]]

There's value in "escalating" because to be generally useful, this system needs to handle arbitrary user-hostile sites that we can't get fixed "properly". Okta is a useful (and relevant) test case for that right now.

Comment 4

[Matthew N. [:MattN]]

There are at least three related issues going on and in this bug I'm going to tackle what the summary describes: not prompting to save anymore.

I filed bug 1155390 about the prompt to update even when there was no change.

(In reply to Simon Sapin (:SimonSapin) from comment #2)
> Rather than escalating again, I believe the proper fix is
> https://bugzilla.mozilla.org/show_bug.cgi?id=1105331 . Does anyone know who
> at MoCo is dealing with our relationship with Okta?

jdow is assigned but I think mjeffries was also in contact with them.

Comment 5

[Matthew N. [:MattN]]

Attachment: MozReview Request: bz://1152422/MattN

/r/7165 - Bug 1152422 - Ask to save the new password in a change form with no username even if we have no logins for the site.

Pull down this commit:

hg pull -r 222a2038d8c49b7f95cd897b9c523331c8ccfa1a https://reviewboard-hg.mozilla.org/gecko/

Comment 6

[Matthew N. [:MattN]]

Comment on attachment 8593611 [details]
MozReview Request: bz://1152422/MattN

f? because the patch needs tests but I think this patch is fairly straightforward with a risk that it will cause the remember doorhanger to appears in some cases where it currently doesn't (but I think that's better than not letting the user save if they want to).

If you think it may be too annoying to show the doorhanger in this case, would you be fine with showing it dismissed:true?

Comment 7

[Justin Dolske [:Dolske]]

Comment on attachment 8593611 [details]
MozReview Request: bz://1152422/MattN

https://reviewboard.mozilla.org/r/7163/#review6223

Ship It!

Comment 8

[Justin Dolske [:Dolske]]

Comment on attachment 8593611 [details]
MozReview Request: bz://1152422/MattN

Discussed in person, we don't think the potential of the prompt being annoying is likely to be significant. And it's not really so much an annoyance, as actually prompting to do the right thing. Paolo's doorhanger improvements help here too.

Comment 9

[Matthew N. [:MattN]]

Comment on attachment 8593611 [details]
MozReview Request: bz://1152422/MattN

/r/7165 - Bug 1152422 - Ask to save the new password in a change form with no username even if we have no logins for the site. r=dolske

Pull down this commit:

hg pull -r 85d29b6ab12c3b7c2fd55c4985dfddf684a7ec23 https://reviewboard-hg.mozilla.org/gecko/

Comment 10

[Matthew N. [:MattN]]

With this change a password will be saved without a username on okta. Saving the username requires bug 1145754.

Comment 11

[Matthew N. [:MattN]]

Note that test cases 25 and 26 aren't directly for this bug but I didn't see those related cases being tested so just added them while I had context.

Comment 12

[Justin Dolske [:Dolske]]

Comment on attachment 8593611 [details]
MozReview Request: bz://1152422/MattN

https://reviewboard.mozilla.org/r/7163/#review6353

Ship It!

Comment 13

[Pulsebot]

https://hg.mozilla.org/integration/fx-team/rev/94084856623a

Comment 14

[Matthew N. [:MattN]]

https://hg.mozilla.org/integration/fx-team/rev/94084856623a

Comment 15

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/94084856623a

Comment 16

[Matthew N. [:MattN]]

Comment on attachment 8593611 [details]
MozReview Request: bz://1152422/MattN

Approval Request Comment
[Feature/regressing bug #]: Longstanding issue that became more of an issue due to a website change.
[User impact if declined]: Users will not be prompted to save their password on certain login forms. This was working for a short time on Aurora before the change so I would like to get it fixed there again.
[Describe test coverage new/current, TreeHerder]: new Mochitest including for related cases that weren't covered.
[Risks and why]: It's unclear how many sites could be affected but the worst case after this change is that the user gets a prompt to save a password where they didn't before. They can use the usual password manager blocklist or disable password manager if they don't like it.
[String/UUID change made/needed]: None

Comment 17

[Liz Henry (:lizzard) (relman/hg->git project)]

Comment on attachment 8593611 [details]
MozReview Request: bz://1152422/MattN

Approving for uplift to aurora since this has some test coverage and has been on m-c for a few days now.

Comment 18

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/releases/mozilla-aurora/rev/7a3b1127c88b

Comment 20

[Matthew N. [:MattN]]

Attachment: MozReview Request: Bug 1152422 - Ask to save the new password in a change form with no username even if we have no logins for the site. r=dolske