Closed
Bug 1294194
Opened 8 years ago
Closed 5 years ago
Don't prompt to re-save a filled login when used on a different origin
Categories
(Toolkit :: Password Manager, enhancement, P1)
Toolkit
Password Manager
Tracking
()
RESOLVED
FIXED
mozilla67
People
(Reporter: MattN, Assigned: jaws)
References
(Blocks 1 open bug)
Details
(Whiteboard: [passwords:fill-ui] )
Attachments
(1 file, 1 obsolete file)
In bug 1200472 and others we want to fill a login from an origin other than the one it's saved for but likely don't want to prompt to save it as a new login for that new origin upon submission. If we keep track of the guid of the login we filled then we can lookup that login and see if the username+password match upon submission to know whether to prompt or not. The state can probably be saved on the FormLike objects in _formLikeByRootElement. Possible implementation: 1) Have LoginManagerContent.jsm's _fillForm record the guid of the filled login on the FormLike in _formLikeByRootElement. 2) Upon submission, lookup if a login was filled in _formLikeByRootElement. If so, check that the username and password matched the captured ones (in case the user corrected/changed the fields after filling) and if they match then don't prompt to remember the login as a new one. We may want to also handle password changes where the username is the same but that may be fine in a follow-up depending on the implementation details/complexity. In the future we may want to track that we should auto-fill this login on this new origin but that can be left to a follow-up
| Comment hidden (obsolete) |
|
||
Updated•8 years ago
|
Assignee: saad → nobody
Status: ASSIGNED → NEW
|
|
||
Updated•8 years ago
|
status-firefox52:
--- → fix-optional
status-firefox53:
--- → affected
| Comment hidden (obsolete) |
|
||
Updated•8 years ago
|
Iteration: --- → 54.1 - Feb 6
Flags: qe-verify?
Whiteboard: [FxPrivacy]
|
Reporter | |
Comment 3•8 years ago
|
||
I'm going to implement only the minimal subset of this in bug 1330111 which is saving which username and password were filled. This bug will still have to handle sending that data through the prompt code and avoiding saving if it's a known login. WIP patch coming up.
| Comment hidden (mozreview-request) |
|
|
||
Updated•8 years ago
|
Iteration: --- → 54.2 - Feb 20
Whiteboard: [FxPrivacy]
| Comment hidden (obsolete) |
| Comment hidden (obsolete) |
| Comment hidden (obsolete) |
|
|
Reporter | |
Updated•6 years ago
|
Whiteboard: [FxPrivacy] → [passwords:fill-ui]
|
Assignee | |
Updated•5 years ago
|
Assignee: nobody → jaws
Status: NEW → ASSIGNED
Iteration: 54.2 - Feb 20 → ---
|
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Updated•5 years ago
|
Attachment #8832356 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 8•5 years ago
|
||
|
|
Reporter | |
Updated•5 years ago
|
Summary: Keep track of which login is filled into a FormLike so we know it's not a new login when used on a different origin → Don't prompt to re-save a filled login when used on a different origin
|
||
Updated•5 years ago
|
Attachment #9048602 -
Attachment description: Bug 1294194 - Keep track of which login is filled into a FormLike so we know it's not a new login when used on a different origin. r?MattN → Bug 1294194 - Don't prompt to re-save a filled login when used on a different origin. r?MattN
Pushed by jwein@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/bdf395eb0c64 Don't prompt to re-save a filled login when used on a different origin. r=MattN
|
||
Comment 10•5 years ago
|
||
Backed out for bc failures on /browser_autofill_track_filled_logins.js
Backout link: https://hg.mozilla.org/integration/autoland/rev/d9bc0e4940579d50952ea8db78fb3f69dfc2b443
Push link: https://hg.mozilla.org/integration/autoland/rev/bdf395eb0c640b4deea7a122ffdd5d1b5bc20c11
Log link: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=232074463&repo=autoland&lineNumber=4729
Flags: needinfo?(jaws)
|
||
Comment 11•5 years ago
|
||
Pushed by jwein@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/78ac916246b1 Don't prompt to re-save a filled login when used on a different origin. r=MattN
|
||
Comment 12•5 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox67:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
|
||
Comment 13•5 years ago
|
||
Do you have an example of a website where I could reproduce and verify this bug? How should I proceed to verify it?
Flags: needinfo?(MattN+bmo)
|
|
Reporter | |
Comment 14•5 years ago
|
||
I think what you can do for this bug and bug 1147563 is:
- Find a password field inside a <form> element on a public website (this might not work on sites which use CSP) and add/change the
actionattribute to point to a different origin e.g.action="https://localhost"(will give an error if you aren't running a localhost HTTPS server but that shouldn't affect the doorhanger behaviour which is relevant here) - Submit the form and save the login. If you look in logins.json of your profile folder you should see the
formSubmitURLishttps://localhost. - Reload that same login form without the
actionchanges. - Only after bug 1147563 and this bug, you should get autocomplete with that new login.
- Fill that new login via autocomplete
- Submit the form
Expected result:
No doorhanger to save the login again (with the new formSubmitURL)
Flags: needinfo?(jaws)
Flags: needinfo?(MattN+bmo)
You need to log in
before you can comment on or make changes to this bug.
Description
•