mozilla.okta.com password is no longer saved

RESOLVED FIXED in Firefox 39

Status

()

RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: cpeterson, Assigned: MattN)

Tracking

({regression})

unspecified
mozilla40
regression
Points:
5
Bug Flags:
firefox-backlog +
in-testsuite +
qe-verify -

Firefox Tracking Flags

(firefox38 unaffected, firefox39 fixed, firefox40 fixed)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

4 years ago
After bug 1101026 was fixed (by bug 1101029), Nightly remembered my mozilla.okta.com password correctly. About a week ago, Nightly still remembered my password, but would show a doorhanger asking if I would like to update my (unchanged) saved password. Clicking the doorhanger's "Update Password" button did not prevent the doorhanger from being shown next time.

I tried to workaround this problem by removing my saved password (in Preferences > Security > Saved Passwords). Nightly forgot my mozilla.okta.com password, as expected, but did not offer to save my password the next time I logged in.
Thanks for filing. I started investigating this yesterday.
Assignee: nobody → MattN+bmo
Status: NEW → ASSIGNED
Iteration: --- → 40.1 - 13 Apr
Points: --- → 5
status-firefox38: --- → unaffected
status-firefox39: --- → affected
Flags: firefox-backlog+
Flags: qe-verify-
OS: Mac OS X → All
Hardware: x86 → All
Rather than escalating again, I believe the proper fix is https://bugzilla.mozilla.org/show_bug.cgi?id=1105331 . Does anyone know who at MoCo is dealing with our relationship with Okta?
There's value in "escalating" because to be generally useful, this system needs to handle arbitrary user-hostile sites that we can't get fixed "properly". Okta is a useful (and relevant) test case for that right now.

Updated

4 years ago
Iteration: 40.1 - 13 Apr → 40.2 - 27 Apr
There are at least three related issues going on and in this bug I'm going to tackle what the summary describes: not prompting to save anymore.

I filed bug 1155390 about the prompt to update even when there was no change.

(In reply to Simon Sapin (:SimonSapin) from comment #2)
> Rather than escalating again, I believe the proper fix is
> https://bugzilla.mozilla.org/show_bug.cgi?id=1105331 . Does anyone know who
> at MoCo is dealing with our relationship with Okta?

jdow is assigned but I think mjeffries was also in contact with them.
No longer blocks: 1101026
See Also: → bug 1101026
Created attachment 8593611 [details]
MozReview Request: bz://1152422/MattN

/r/7165 - Bug 1152422 - Ask to save the new password in a change form with no username even if we have no logins for the site.

Pull down this commit:

hg pull -r 222a2038d8c49b7f95cd897b9c523331c8ccfa1a https://reviewboard-hg.mozilla.org/gecko/
Comment on attachment 8593611 [details]
MozReview Request: bz://1152422/MattN

f? because the patch needs tests but I think this patch is fairly straightforward with a risk that it will cause the remember doorhanger to appears in some cases where it currently doesn't (but I think that's better than not letting the user save if they want to).

If you think it may be too annoying to show the doorhanger in this case, would you be fine with showing it dismissed:true?
Attachment #8593611 - Flags: feedback?(dolske)
Comment on attachment 8593611 [details]
MozReview Request: bz://1152422/MattN

https://reviewboard.mozilla.org/r/7163/#review6223

Ship It!
Attachment #8593611 - Flags: review+
Comment on attachment 8593611 [details]
MozReview Request: bz://1152422/MattN

Discussed in person, we don't think the potential of the prompt being annoying is likely to be significant. And it's not really so much an annoyance, as actually prompting to do the right thing. Paolo's doorhanger improvements help here too.
Attachment #8593611 - Flags: feedback?(dolske)
Comment on attachment 8593611 [details]
MozReview Request: bz://1152422/MattN

/r/7165 - Bug 1152422 - Ask to save the new password in a change form with no username even if we have no logins for the site. r=dolske

Pull down this commit:

hg pull -r 85d29b6ab12c3b7c2fd55c4985dfddf684a7ec23 https://reviewboard-hg.mozilla.org/gecko/
Attachment #8593611 - Flags: review+ → review?(dolske)
With this change a password will be saved without a username on okta. Saving the username requires bug 1145754.
Note that test cases 25 and 26 aren't directly for this bug but I didn't see those related cases being tested so just added them while I had context.
Comment on attachment 8593611 [details]
MozReview Request: bz://1152422/MattN

https://reviewboard.mozilla.org/r/7163/#review6353

Ship It!
Attachment #8593611 - Flags: review?(dolske) → review+
https://hg.mozilla.org/mozilla-central/rev/94084856623a
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
status-firefox40: affected → fixed
Resolution: --- → FIXED
Whiteboard: [fixed-in-fx-team]
Target Milestone: --- → mozilla40
Comment on attachment 8593611 [details]
MozReview Request: bz://1152422/MattN

Approval Request Comment
[Feature/regressing bug #]: Longstanding issue that became more of an issue due to a website change.
[User impact if declined]: Users will not be prompted to save their password on certain login forms. This was working for a short time on Aurora before the change so I would like to get it fixed there again.
[Describe test coverage new/current, TreeHerder]: new Mochitest including for related cases that weren't covered.
[Risks and why]: It's unclear how many sites could be affected but the worst case after this change is that the user gets a prompt to save a password where they didn't before. They can use the usual password manager blocklist or disable password manager if they don't like it.
[String/UUID change made/needed]: None
Attachment #8593611 - Flags: approval-mozilla-aurora?
Comment on attachment 8593611 [details]
MozReview Request: bz://1152422/MattN

Approving for uplift to aurora since this has some test coverage and has been on m-c for a few days now.
Attachment #8593611 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment on attachment 8593611 [details]
MozReview Request: bz://1152422/MattN
Attachment #8593611 - Attachment is obsolete: true
Attachment #8619989 - Flags: review+
Created attachment 8619989 [details]
MozReview Request: Bug 1152422 - Ask to save the new password in a change form with no username even if we have no logins for the site. r=dolske
You need to log in before you can comment on or make changes to this bug.