Closed Bug 124480 Opened 23 years ago Closed 22 years ago

When opening ftp connection to remote URL, missing username should prompt for username and password (nsIAuthPrompt::promptUsernameAndPassword)

Categories

(Core Graveyard :: Networking: FTP, defect)

Product:
Core Graveyard
Component:
Networking: FTP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED INVALID
Milestone:
mozilla1.1alpha

People

(Reporter: cmanske, Assigned: Brade)

References

Details

(Whiteboard: verify DUPs when this bug is fixed.)

Attachments

(2 files)

HTTP log when no password was supplied
15.44 KB, text/plain
Details
HTTP log - successful transfer
22.45 KB, text/plain
Details
During pulishing, we build an nsURI object and fill in username and password. We save the document using nsIWebBrowserPersist interface. When the username is empty, we get a "Login incorrect" message, even though we have implemented the promptUsernameAndPassword method implemented for both nsIPrompt and nsIAuthPrompt. Note that if username is supplied but password is empty, we do get the call to the nsIAuthPrompt::promptPassword dialog. Kathy: please reassign to the appropriate network engineer.
Severity: normal → major
Keywords: nsbeta1+
OS: Windows 2000 → All
Hardware: PC → All
Blocks: 28792
i'm not completely following the problem here. can you provide sample URLs with expected/actual browser behavior? thx!
Darin: We are building an nsIURI object for publishing via nsIWebBrowserPersist::SaveDocument. If we supply ftp://user@ftp.foo.com as the URI spec, our nsIWebProgressListener::promptPassword() method is called and we can get the password. If we supply ftp://ftp.foo.com as the URI spec, it seems our nsIWebProgressListener::promptUsernamePassword() method should be called, but it isn't. Instead, we get a "Login incorrect" alert dailog. Using http push to publish doesn't prompt for anything, including missing username and/or password or any error conditions! But it does publish correctly if the URI is http://user:pass@www.foo.com and the "user" and "pass" is correct.
cc'ing bbaetz for FTP problem. cmanske: can you generate a HTTP log for the HTTP case? set these variables before running mozilla: set NSPR_LOG_MODULES=nsHttp:5 set NSPR_LOG_FILE=c:\http.log if you can attach the generated log file that would help. thx!
In this case, there was no prompt for the password. Transfer of file failed.
In this case, neither the username nor the password were supplied, but it *did* trigger the promptUsernamePassword dialog, and it succeeded in transfering the file!
The ftp side of this is a dupe of bug 124561, also see bug 114118.
*** Bug 127094 has been marked as a duplicate of this bug. ***
cc: Tucson
Whiteboard: verify DUPs when this bug is fixed.
Target Milestone: --- → mozilla1.0
Note: HTTP transfer is now working. Only FTP seems to have a problem. Should we close this and concentrate on bug 124561? For now, I've made that one a blocker for this bug.
Depends on: 124561
lets wait to close this out after the blocker is fixed..
Depends on: 132320
nominating EDITORBASE...already marked nsbeta1+
Whiteboard: verify DUPs when this bug is fixed. → EDITORBASE verify DUPs when this bug is fixed.
Whiteboard: EDITORBASE verify DUPs when this bug is fixed. → verify DUPs when this bug is fixed.
Target Milestone: mozilla1.0 → mozilla1.1alpha
Is this change going to visibly affect non-composer behavior? If not, then I'd like to have composer qa take this from me. Either that, or un-duplicate Bug 127094, and make it a duplicate that Composer QA can verify.
This bug is not a "Composer" bug. The browser should also have this behavior (if Composer has it).
umm.. but isn't your solution entirely specific to publishing?
This particular bug does not have a solution; at least not yet. Composer is working around this issue in a different way. My understanding of this bug is that if anonymous login fails for some reason(s), we should prompt the user to authenticate. If anyone has some suggestions on which particular response codes should cause the authprompt to come up instead of an alert (or in addition?) that would help get this bug resolved sooner. Otherwise, it'll sit on my list with a very low priority.
For Composer publishing, I have reduced this problem by detecting when username or password is missing and putting up the promptUserNameAndPassword dialog ourselves. This will help a lot, but still doesn't fix the case when there's an error in either the username or password; in those cases, it will still fail instead of reprompting to let user corrrect them. This is only a problem when using FTP. HTTP does lauch proper prompt dialogs.
Such an error code does not exist; thats the problem here.
brade: my point is that this either works (http) or existing bugs cover the failures (in ftp). I think we are in general agreement that the ftp module is currently too heavily "browser-only" oriented. The only reason this bug would exist and be treated separately is to meet the needs of composer. And in that light, the best person to QA your bug would be a composer QA.
BenC--I am unaware of which ftp bug already covers this issue. Please duplicate appropriately if you know of such a bug. clarify summary and component to be ftp-specific
Component: Networking → Networking: FTP
Summary: When opening connection to remote URL, missing username should prompt for username and password (nsIAuthPrompt::promptUsernameAndPassword) → When opening ftp connection to remote URL, missing username should prompt for username and password (nsIAuthPrompt::promptUsernameAndPassword)
It has now become apparent that Composer is totally screwed by the FTP behavior of assuming anonymous login if username+password is missing or fails. We simply cannot edit FTP urls directly with this problem. In the Publish dialog (Settings Panel) or Publish Settings dialog, the user can supply a HTTP address that is the alias for the FTP address. If that is not supplied, we get "login failed" when publishing files (see bug 133823) This is because after publishing, we change the URL of the page to the ftp address, but without the username+password, and BOTH are needed to successfully load the page. We could insert the "username:password@" into the document URI, but I think that is very evil. You NEVER want the password to show in plain text, of course, like in the window title and many other places that access the document's location.href. So after publishing like this, further attempts to save changes will result in constant "login falied" alerts.
Well... I'd consider publishing to an ftp-only password protected site to be an extreme edge case. Can't you just require an http alias? I'd imagine that that is what 95% of people want, and probably 99.9% of people who check the option to use abolute urls would expect that. Or am I missing a use case?
I agree that most users should be publishing to sites that have an HTTP address for their pages, but are using FTP with username + password. I am doing my best to make that the encouraged behavior. But I'm not sure what you mean by "check the option to use ab[s]olute urls" What option?
last time I looked, there was an option to make <img> urls relative. If you don't have that, then its absolute, and putting a link to the ftp site isn't what is wanted, anyway.
brade: this behavior was what I was essentially talking about in bug 124561. bbaetz: The ftp publishing you are talking about is hardly an edge case, it's one of the best features of composer. In fact, for a fair number of people I know, the lack of a working publish button is what keeps us using Comm 4. Assuming this behavior is desirable, how can we structure the code to do what composer needs? Is it possible that what is needed is some nasty url-hiding magic (that is done for wyciwyg:) that has the literal ftp URL and then a sanitized ftp URL for user display? (has a feeling this won't work b/c of links in the published document). (not blaming the composer people here, argued with at least one PM about not having this for the 6.0 releases, I really want this to work!)
I actually discovered something important that fixes the "Login incorrect" harassment discussed in bug 133823. Check out that bug later for fixes.
Looking at the code, I think I see what the problem here is. In S_user(), we have "if (mAnonymous) ... append 'anonymous' to the command else if the username is empty, prompt for username and password" mAnonymous is initialized to true and set to false based on a username existing in the uri. I think the code around the PromptUsernameAndPassword call is only called in the edge case that anonymous login fails. I'm not sure if we should address this or not since sometimes in the browser, we just want to be "anonymous" and not login. For publishing we do want the user to provide a username or be prompted for it in most cases. I vote for invalid, wontfix or Future. Other opinions?
Status: NEW → ASSIGNED
marking this as invalid per my argument in earlier comment
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
VERIFIED: I ultimately don't understand how this bug ended, so I'm verifying it. In the future, please don't morph bugs, create one per component... In the case of publishing, basically problems in every protocol handler should be treated separately (ftp, http, https), even if they are appearing in parallel. If there is a root cause, file a bug there, and mark them as dependent. That's the best way to get clear test results when you fix and want to ship. I know some people are slack about this, but for my components, I'm going to be more pushy about this because the older system just didn't work.
Status: RESOLVED → VERIFIED
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: