Closed
Bug 1394075
Opened 7 years ago
Closed 7 years ago
[Form Autofill] Preview decrypted credit card numbers when MasterPassword isn't set
Categories
(Toolkit :: Form Manager, enhancement)
Toolkit
Form Manager
Tracking
()
RESOLVED
FIXED
mozilla57
Tracking | Status | |
---|---|---|
firefox57 | --- | fixed |
People
(Reporter: lchang, Assigned: lchang)
References
(Blocks 1 open bug)
Details
(Whiteboard: [form autofill:M4])
Attachments
(1 file)
Since the crypto API can only be used in chrome process, we need to find out a way to decrypt them in FormAutofillParent. My proposal is to decrypt them in "_getRecords" and cache them in records as "cc-number-decrypted".
Assignee | ||
Updated•7 years ago
|
Assignee: nobody → lchang
Status: NEW → ASSIGNED
Comment hidden (mozreview-request) |
Comment 2•7 years ago
|
||
mozreview-review |
Comment on attachment 8901419 [details]
Bug 1394075 - [Form Autofill] Preview decrypted credit card numbers when MasterPassword isn't set.
https://reviewboard.mozilla.org/r/172906/#review178396
::: browser/extensions/formautofill/FormAutofillParent.jsm:250
(Diff revision 1)
> Services.prefs.removeObserver(ENABLED_AUTOFILL_ADDRESSES_PREF, this);
> Services.prefs.removeObserver(ENABLED_AUTOFILL_CREDITCARDS_PREF, this);
> },
>
> /**
> * Get the records from profile store and return results back to content
nit: We can add more description about returning the result with decrpyed cc-number only in no mp case.
::: browser/extensions/formautofill/FormAutofillParent.jsm:277
(Diff revision 1)
> + target.sendAsyncMessage("FormAutofill:Records", recordsInCollection);
> + return;
> + }
> +
> let records = [];
> - if (info && info.fieldName &&
> + let isMPEnabled = collectionName == CREDITCARDS_COLLECTION_NAME && MasterPassword.isEnabled;
nit: I guess the purpose of checking `collectionName == CREDITCARDS_COLLECTION_NAME` is for avoiding the the unnecessary MasterPassword.isEnabled API calling, but the name variable `isMPEnabled` is not clear that it's specific to cc only. Maybe `isMPEnabledCC` or something?
::: browser/extensions/formautofill/FormAutofillParent.jsm:294
(Diff revision 1)
> - // (Bug 1358941)
> - let name = record[info.fieldName];
>
> - if (!searchString) {
> - return !!name;
> + if (info.fieldName == "cc-number") {
> + // We don't filter "cc-number" when MasterPassword is set.
> + if (isMPEnabled) {
I might assume that we can return getAll directly once the `isMPEnabled` is true.
Assignee | ||
Comment 3•7 years ago
|
||
mozreview-review |
Comment on attachment 8901419 [details]
Bug 1394075 - [Form Autofill] Preview decrypted credit card numbers when MasterPassword isn't set.
https://reviewboard.mozilla.org/r/172906/#review178400
::: browser/extensions/formautofill/FormAutofillParent.jsm:294
(Diff revision 1)
> - // (Bug 1358941)
> - let name = record[info.fieldName];
>
> - if (!searchString) {
> - return !!name;
> + if (info.fieldName == "cc-number") {
> + // We don't filter "cc-number" when MasterPassword is set.
> + if (isMPEnabled) {
We can return `getAll` directly if `isMPEnabled` is true, `info.fieldName` is "cc-number" and `record["cc-number"]` isn't empty. It'll look like:
```js
if (isMPEnabled && info.fieldName == "cc-number") {
return recordsInCollection.filter(record => !!record[cc-number"]);
}
```
I don't have a strong opinion so I'll change to this if you're fine with that.
Assignee | ||
Comment 4•7 years ago
|
||
mozreview-review |
Comment on attachment 8901419 [details]
Bug 1394075 - [Form Autofill] Preview decrypted credit card numbers when MasterPassword isn't set.
https://reviewboard.mozilla.org/r/172906/#review178402
::: browser/extensions/formautofill/FormAutofillParent.jsm:277
(Diff revision 1)
> + target.sendAsyncMessage("FormAutofill:Records", recordsInCollection);
> + return;
> + }
> +
> let records = [];
> - if (info && info.fieldName &&
> + let isMPEnabled = collectionName == CREDITCARDS_COLLECTION_NAME && MasterPassword.isEnabled;
Yes, I intended to avoid loading MasterPassword.jsm when unnecessary.
Comment hidden (mozreview-request) |
Assignee | ||
Comment 6•7 years ago
|
||
Updated. Thanks.
Comment 7•7 years ago
|
||
mozreview-review |
Comment on attachment 8901419 [details]
Bug 1394075 - [Form Autofill] Preview decrypted credit card numbers when MasterPassword isn't set.
https://reviewboard.mozilla.org/r/172906/#review178410
::: browser/extensions/formautofill/FormAutofillParent.jsm:279
(Diff revisions 1 - 2)
> return;
> }
>
> + let isCCAndMPEnabled = collectionName == CREDITCARDS_COLLECTION_NAME && MasterPassword.isEnabled;
> + // We don't filter "cc-number" when MasterPassword is set.
> + if (isCCAndMPEnabled && info.fieldName == "cc-number") {
nit: Maybe I missed other edge case, but I still think it's not possible to have a record without cc-number since we'll check if the number is valid before saving. Thta's why I'll suggest that we can return recordsInCollection directly without filtering.
Attachment #8901419 -
Flags: review?(schung) → review+
Assignee | ||
Comment 8•7 years ago
|
||
mozreview-review-reply |
Comment on attachment 8901419 [details]
Bug 1394075 - [Form Autofill] Preview decrypted credit card numbers when MasterPassword isn't set.
https://reviewboard.mozilla.org/r/172906/#review178410
> nit: Maybe I missed other edge case, but I still think it's not possible to have a record without cc-number since we'll check if the number is valid before saving. Thta's why I'll suggest that we can return recordsInCollection directly without filtering.
Yeah, there isn't any chance in our workflow that is able to create a record without "cc-number". Though I think it's still worth to check since that limitation happens outside ProfileStorage.
Pushed by lchang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/28aa1a0038ce
[Form Autofill] Preview decrypted credit card numbers when MasterPassword isn't set. r=steveck
Comment 10•7 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox57:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
You need to log in
before you can comment on or make changes to this bug.
Description
•