Closed
Bug 130306
Opened 22 years ago
Closed 22 years ago
Freeze nsIPasswordManager and nsIPassword
Categories
(SeaMonkey :: General, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla1.0
People
(Reporter: jud, Assigned: morse)
References
Details
(Keywords: topembed+)
Attachments
(2 files, 6 obsolete files)
32.37 KB,
patch
|
morse
:
review+
morse
:
superreview+
asa
:
approval+
|
Details | Diff | Splinter Review |
3.05 KB,
patch
|
bryner
:
review+
jag+mozilla
:
superreview+
asa
:
approval+
|
Details | Diff | Splinter Review |
nsIPasswordManager needs to be frozen.
Reporter | ||
Updated•22 years ago
|
Assignee | ||
Comment 1•22 years ago
|
||
Comment 2•22 years ago
|
||
we still have the issue of UTF8 hostnames/URIs - we need to clarify that in this interface, it's possible that we'll have to tweak findPasswordEntry. I say we should move findPasswordEntry into a seperate interface (nsIPasswordManagerInternal) and fix up the callers to use this new interface.. esp since it wasn't really part of the original wants-to-be-frozen interface. then we can freeze nsIPasswordManager without it.
um. i had a patch to one of these interfaces. please don't freeze these interfaces without making sure that they're fully functional. and please give me a weekend over which to comment on them. is there an announcement to npm.xpcom warning that these interfaces are freezing and asking for comments? (I know we haven't but i'm tired of learning about freezes by clicking on what bugs are reported today and we really should seek input from the community instead of quietly freezing)
Reporter | ||
Comment 4•22 years ago
|
||
timeless, where's your patch and what does it do? Is there a bug associated with it? The announcement was to npm.embedding. grep for "API Review Agenda 2/22/01" (yes, that's last year :-)), we're just getting around to this now, not sure why it's taken so long. Community input is sought, _nothing_ is being done in the dark here. Determining which aliases are the right aliases to spam, and when, isn't always perfect.
A quick search for bugs filed by timeless assigned to morse turns up the bug that's dependent on bug 109800. I'm futuring this bug until someone addresses my bug. It has been waiting for a while with an unreasonable 'do we need this' question.
Depends on: 109800
Target Milestone: --- → Future
Reporter | ||
Comment 6•22 years ago
|
||
resetting target milestone. only bug owners can change the target milestone. let's get some traction on 109800.
Target Milestone: Future → ---
Reporter | ||
Comment 7•22 years ago
|
||
should we be using AUTF8String in here?
Assignee | ||
Comment 8•22 years ago
|
||
Yes we should. I plan on making the same change here as I made for the cookiemanager idl. Will be posting a revised patch shortly.
Assignee | ||
Comment 9•22 years ago
|
||
*** Bug 130317 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 10•22 years ago
|
||
Modify summary to reflect the fact that this bug now refers to freezing both nsIPasswordManager and nsIPassword.
Summary: Freeze nsIPasswordManager → Freeze nsIPasswordManager and nsIPassword
Assignee | ||
Comment 11•22 years ago
|
||
Attachment #73698 -
Attachment is obsolete: true
Assignee | ||
Comment 12•22 years ago
|
||
darin,alecf please reviw. Thanks.
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.0
Comment 13•22 years ago
|
||
Comment on attachment 74791 [details] [diff] [review] freeze for nsIPassword.idl and nsIPasswordManager.idl why do we need nsPasswordManagerInternal? You can just implement nsIPasswordManagerInternal on nsPasswordManager! no need for extra bloat, extra contract IDs, etc.
Attachment #74791 -
Flags: needs-work+
Comment 14•22 years ago
|
||
if you are adding new files, they should be MPL/LGPL/GPL, not NPL
Assignee | ||
Comment 15•22 years ago
|
||
Assignee | ||
Comment 16•22 years ago
|
||
Comment on attachment 74791 [details] [diff] [review] freeze for nsIPassword.idl and nsIPasswordManager.idl r=morse
Attachment #74791 -
Flags: review+
Comment 17•22 years ago
|
||
Comment on attachment 75405 [details] [diff] [review] implementing nsIPasswordManagerInternal on nsIPasswordManager woah. no need to mark an "Internal" interface as FROZEN. The whole point of an internal interface is that we can continue to tweak it. If in future releases we find methods that we want to freeze, we make a new interface, (nsIPasswordManager2) move the methods there, and freeze THAT interface. other than that, the code looks good. sr=alecf with the "@status FROZEN" line removed from nsIPasswordManagerInternal
Attachment #75405 -
Flags: superreview+
Comment 18•22 years ago
|
||
Comment on attachment 75405 [details] [diff] [review] implementing nsIPasswordManagerInternal on nsIPasswordManager r=cmanske for changes to publishprefs.js
Comment 19•22 years ago
|
||
I don't know how to say this but please STOP NOW. This bug is *BLOCKED* by my bug, which you acceeded to, and which received an SR. And according to a conversation we've had elsewhere, an interface is *NOT* frozen until it says it is. And there are clearly open issues here. I'd like to propose a teleconference to discuss this interface. Schedule it for Monday-Wednesday of next week. I can't attend one earlier.
Assignee | ||
Updated•22 years ago
|
Attachment #74791 -
Attachment is obsolete: true
Attachment #74791 -
Flags: review+
Assignee | ||
Comment 20•22 years ago
|
||
Please ignore comment 16 above. I was puzzled just now when I saw it, and then I realized what happened -- I checked off the "review" box when I meant to check off the "obsolete".
Assignee | ||
Comment 21•22 years ago
|
||
timeless: your proposed extension can go into nsPasswordManagerInternal which is an extension that is not being frozen. This would be consistent with how we could handle cookie rejects for example -- there is no add-reject method for it in the already-frozen nsCookieManager interface but one could be put into an internal extension.
Comment 22•22 years ago
|
||
Comment on attachment 75405 [details] [diff] [review] implementing nsIPasswordManagerInternal on nsIPasswordManager >Index: nsIPasswordManager.idl >+ /** >+ * Called to add an individual login to the list of saved logins >+ * >+ * @param aHost The host for which the login is being remembered >+ * @param aUser The usernam portion of the login "usernam" (sp) >Index: nsIPasswordManagerInternal.idl as timeless is fond of pointing out, new files should use the mixed license... http://mozilla.org/MPL/boilerplate-1.1/mpl-tri-license-c or http://mozilla.org/MPL/boilerplate-1.1/npl-tri-license-c the NPL one is probably what you should use since you are a netscape employee, but i really don't know what our rules are for such things. >+ * @status FROZEN as alecf said: don't freeze an internal interface! >Index: nsIPassword.idl >+/** >+ * An optional interface for clients wishing to access a >+ * password object >+ * >+ * @status FROZEN >+ */ >+ /** >+ * the name of the host for whom the password is being saved "for whom"? how about "the name of the host corresponding to the login being saved" in fact, why is this called nsIPassword... and not nsILogin or nsILoginInfo?? calling it nsIPassword seems odd since there is a password attribute. >+ * - if it was created as a result of submitting a form to a site, then the >+ * host is the url of the site, as obtained from a call to GetSpec >+ * >+ * - if it was created as a result of another app (e.g., mailnews) calling a >+ * prompt routine such at PromptUsernameAndPassword, then the host is whatever >+ * arbitrary string the app decided to pass in. >+ * >+ * Whatever form it is in, it will be used by the password manager to uniquely >+ * identify hosts, so that "newsserver:119" is not the same thing as "newsserver". since the meaning of the |host| attribute is so generic, why call it |host|? this has always bothered me. it seems like it should be called |domain| or |realm| or |loginRealm|... or something, anything but |host|. but, maybe that's just me :-/ >+ * the user name that is being saved for this host >+ * the password that is being saved for this host again, this wording seems awkward, given that |host| isn't necessarily a hostname. >Index: nsFtpConnectionThread.cpp >+ pm->RemoveUser(prePath, nsAutoString()); instead of nsAutoString(), use NS_LITERAL_STRING("") or even nsString()... no reason to waste stack space on an empty string. >Index: nsHttpChannel.cpp >+ passWordManager->RemoveUser(domain, nsString(user)); you want nsDependentString(user) instead... that'll avoid this heap allocation. >Index: publishprefs.js >+ var passwordManagerInternal = Components.classes["@mozilla.org/passwordmanager;1"].createInstance(); >+ if (passwordManagerInternal) >+ gPasswordManagerInternal = passwordManagerInternal.QueryInterface(Components.interfaces.nsIPasswordManagerInternal); this can be simplified to: var passwordManagerInternal = Component.classes["@mozilla.org/passwordmanager;1"].createInstance( Components.interfaces.nsIPasswordManagerInternal); >Index: nsMsgIncomingServer.cpp > // Obtain the server URI which is in the format <protocol>://<userid>@<hostname>. > // Password manager uses the same format when it stores the password on user's request. >- char* hostURI; >- hostURI = ToNewCString(currServerUri); >+ nsCAutoString hostURI(currServerUri); it looks like |hostURI| is not modified... therefore, it is just a needless copy of |currServerUri|. how about eliminating |hostURI| then? so, basically just a bunch of nits... fix these and r/sr=darin.
Attachment #75405 -
Flags: needs-work+
Assignee | ||
Comment 23•22 years ago
|
||
Comment 24•22 years ago
|
||
function GetPasswordManagerInternal() will throw if there is nothing implementing nsIPasswordManagerInternal. You should wrap that. (either caller or callee) Beyond that. I've repeatedly read the API review notes. It does not mention nsIPasswordManager. it mentions nsISingleSignonManager [public: yes. status <Does not yet exist>] and nsIWallet [public: no. status: <empty>] -- the newsgroup contains similar content. I still don't understand what functionality you're trying to freeze. Clearly any embedders actually using the methods that were supposedly frozen feb 2001 will be just as broken by the changes you're making as the MRJ/OJI's LiveConnect functionality was broken. My crazy view is that if you aren't freezing for Binary compat (which we aren't, and which we didn't for Mac) then you should be freezing for useful functionality. which means that if it makes sense to have a remove method, it probably makes sense to have an add method. Oh and yes, i'm just as annoyed at cookie manager. So why am I complaining here? because you already froze that one. Afaik, netscape policy is to use MPL instead of NPL for any new code, so the only reason to use NPL/LGPL/GPL would be if you're transplanting NPL code and need to relicense to satisfy the trilicense for new files requirement. You still added a file with the NPL single license. If findPasswordEntry isn't frozen, then perhaps you could make it useful and convert it to return an Enumerator. Personally, i'd prefer a single function that returns an enumerator. and if someone wants to enumerate over everything, they would pass in nulls. I know that I in nsI usually stands for Interface. and that nsPI usually stands for Private Interface. and that nsA doesn't actually stand for Abstract class (although that's probably a bug). What does nsC stand for? I agree that we shouldn't use host, realm sounds correct to me. * - if it was created as a result of another app (e.g., mailnews) calling a * prompt routine such at PromptUsernameAndPassword, then the host is whatever * arbitrary string the app decided to pass in. It's a host, unless it's a consumer filled value, which makes it an abused api.
Assignee | ||
Comment 25•22 years ago
|
||
timeless wrote: > function GetPasswordManagerInternal() will throw if there is nothing > implementing nsIPasswordManagerInternal. You should wrap that. (either > caller or callee) Will do. New patch coming. > It does not mention nsIPasswordManager. > it mentions nsISingleSignonManager Those are the same thing. There never was a file named nsISingleSignonManager. > You still added a file with the NPL single license. If you are referring to nsIPassword.idl, that was fixed in the most recent patch posted. Or is there another one? > If findPasswordEntry isn't frozen, then perhaps you could make it useful and > convert it to return an Enumerator. That function already exists in nsIPasswordManager. However the mail/news team didn't want to have to enumerate, but for efficiency want to obtain the result in one call. So they are the ones who added the findPasswordEntry routine. Since then, the composer team has decided to use it as well rather than enumerating. > What does nsC stand for? Component. See bug 130304 comment 28. Also comments 30 and 32.
Assignee | ||
Comment 26•22 years ago
|
||
Attachment #75405 -
Attachment is obsolete: true
Attachment #75608 -
Attachment is obsolete: true
Assignee | ||
Comment 27•22 years ago
|
||
Latest patch is essentially the same as the preceding two, so r/sr=darin and r/sr=alecf carry forward.
Comment 28•22 years ago
|
||
NPL: Index: nsIPasswordManagerInternal.idl ah yes, I knew i saw nsC somewhere...
Assignee | ||
Comment 29•22 years ago
|
||
> NPL: Index: nsIPasswordManagerInternal.idl
Where are you looking? There is no NPL in nsIPasswordManagerInternal.idl. At
least not in the previous two patches that were posted.
Assignee | ||
Comment 30•22 years ago
|
||
Oh, I see what you mean. It's not NPL (which I was searching for) but rather it has it written out -- Netscape Public License. New patch coming right up.
Assignee | ||
Comment 31•22 years ago
|
||
Assignee | ||
Comment 32•22 years ago
|
||
Comment on attachment 75637 [details] [diff] [review] Netscape Public License -> Mozilla Public License carrying reviews forward (alecf and darin)
Attachment #75637 -
Flags: superreview+
Attachment #75637 -
Flags: review+
Why don't we just add timeless's 'add' method while we still have the chance? It sure looks odd having a removeReject without an addReject, especially with addUser/removeUser just above. Consistency with the cookie manager doesn't seem like a strong argument.
Assignee | ||
Comment 34•22 years ago
|
||
Let's try to move this along and not get bogged down over the frozen issue. There are many other good changes here that will bit-rot if this doesn't get checked in. Therefore removing the @status FROZEN indicator from nsIPasswordManager at this time (but leaving it on nsIPassword). This will allow timeless to continue working on his patch for bug 109800 after this checkin is made. Then, in the future, when we are ready to freeze this we can add back the @status FROZEN without having to go through all the other changes that were done here. Posting a new patch with FROZEN removed.
Assignee | ||
Comment 35•22 years ago
|
||
Attachment #75633 -
Attachment is obsolete: true
Attachment #75637 -
Attachment is obsolete: true
Assignee | ||
Comment 36•22 years ago
|
||
Comment on attachment 75790 [details] [diff] [review] same as above but without FROZEN for nsIPasswordManager carrying r and sr forward from prevous patches
Attachment #75790 -
Flags: superreview+
Attachment #75790 -
Flags: review+
Comment 37•22 years ago
|
||
Comment on attachment 75790 [details] [diff] [review] same as above but without FROZEN for nsIPasswordManager sr=alecf for the record
Comment 38•22 years ago
|
||
Comment on attachment 75790 [details] [diff] [review] same as above but without FROZEN for nsIPasswordManager a=asa (on behalf of drivers) for checkin to the 1.0 trunk
Attachment #75790 -
Flags: approval+
Assignee | ||
Comment 39•22 years ago
|
||
Fix checked in. Not closing this out yet, because we still have to add the FROZEN indicator to the nsIPasswordManager.idl file. That will be the next step. So now this bug is blocked by 109800.
Comment 40•22 years ago
|
||
I'm still very confused, can you please explain why we need to freeze this internal interface against the advice of darin and alecf? I can have an updated patch to internal in 30 mins.
He's not proposing to freeze the internal interface. Steve is proposing to freeze nsIPasswordManager. Having said that, I would like to see your method in the public interface. Go for it!
Comment 42•22 years ago
|
||
Steve: nsIPasswordManagerInternal.idl , which you created in the previous patch, was checked in with the MPL license only. Please could you fix this? Gerv
Assignee | ||
Comment 43•22 years ago
|
||
Gerv, in comment 24 timeless wrote: Afaik, netscape policy is to use MPL instead of NPL for any new code, so the only reason to use NPL/LGPL/GPL would be if you're transplanting NPL code and need to relicense to satisfy the trilicense for new files requirement.
Comment 44•22 years ago
|
||
Timeless is being unclear again :-) What he meant to say was: "AFAIK, Netscape policy is to use MPL-based licenses instead of NPL-based licenses for any new code. So the only reason to use NPL/LGPL/GPL instead of MPL/LGPL/GPL would be if you're transplanting NPL code. Otherwise, you should use MPL/LGPL/GPL." The mozilla.org licensing policy (http://www.mozilla.org/MPL/license-policy.html) requires that new code that is checked into the tree be MPL/LGPL/GPL tri-licensed. If you need more info on what license to use in more complex situations, that document is the place to look. Gerv
Assignee | ||
Comment 45•22 years ago
|
||
I'm really confused by all this. I just clicked on the link you cited above and it directed me to the following url for the tri-license boilerplate for idl code: http://www.mozilla.org/MPL/boilerplate-1.1/mpl-tri-license-c That page looks like what I have in the nsIPasswordManagerInternal.idl file. So please tell me explicitly what it should say instead.
Comment 46•22 years ago
|
||
nsIPasswordManagerInternal.idl (and probably nsIPasswordManager.idl based on what little of the license appears in the patch) is only the plain MPL... you don't have the license block "envelope" /* ***** BEGIN LICENSE BLOCK ***** * Version: MPL 1.1/GPL 2.0/LGPL 2.1 * <license> * * ***** END LICENSE BLOCK ***** */ and you don't have the final paragraph ("Alternatively, ...") that makes this other than the plain MPL.
Assignee | ||
Comment 47•22 years ago
|
||
Oops, I misunderstood the boilerplate. I thought that paragraph starting with "alternatively" was an alternative to the preceding wording and that only one of the two forms would be used in the file. Now that I read the paragraph more carefully, I can see that was a dumb thing for me to conclude. OK, I'll fix this up.
Assignee | ||
Comment 48•22 years ago
|
||
Comment 49•22 years ago
|
||
Comment on attachment 76687 [details] [diff] [review] use correct license sr=jag
Attachment #76687 -
Flags: superreview+
Comment 50•22 years ago
|
||
Comment on attachment 76687 [details] [diff] [review] use correct license r=bryner
Attachment #76687 -
Flags: review+
Comment 51•22 years ago
|
||
Comment on attachment 76687 [details] [diff] [review] use correct license a=asa (on behalf of drivers) for checkin to the 1.0 trunk
Attachment #76687 -
Flags: approval+
Assignee | ||
Comment 52•22 years ago
|
||
license update checked in.
Comment 53•22 years ago
|
||
License change was backed out; compilation problems.
Comment 54•22 years ago
|
||
We're late in the 1.0 cycle. Can we please not use tinderbox as our compiler. Thanks.
Assignee | ||
Comment 55•22 years ago
|
||
Fixed and checked back in.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•