Closed Bug 1497682 Opened 6 years ago Closed 5 years ago

LastPass enters password in username field instead of password field

Categories

(GeckoView :: General, defect, P1)

Product:
GeckoView
Component:
General
Platform:
Unspecified
Android
Type:
defect

Tracking

(geckoview62 wontfix, geckoview64 wontfix, firefox62 wontfix, firefox63 wontfix, firefox64 wontfix, firefox65 verified, firefox66 verified)

Status:
VERIFIED FIXED
Milestone:
mozilla66
Tracking Flags:
Tracking Status
geckoview62 --- wontfix
geckoview64 --- wontfix
firefox62 --- wontfix
firefox63 --- wontfix
firefox64 --- wontfix
firefox65 --- verified
firefox66 --- verified

People

(Reporter: jonalmeida, Assigned: m_kato)

References

Details

(Whiteboard: [geckoview:fenix:p1])

Attachments

(5 files)

Bug 1497682 - Part 1. Add API to recognize username field and password field from a field in form. r?MattN
47 bytes, text/x-phabricator-request
Details | Review
Bug 1497682 - Part 2. Don't set inputType to all <input type=text>. r?droeh
47 bytes, text/x-phabricator-request
RyanVM
: approval-mozilla-beta+
Details | Review
Bug 1497682 - Part 3. Add junit test. r?droeh
47 bytes, text/x-phabricator-request
RyanVM
: approval-mozilla-beta+
Details | Review
rebasing for beta: Bug 1497682 - Part 1. Add API to recognize username field and password field from a field in form. r=MattN
12.21 KB, patch
RyanVM
: approval-mozilla-beta+
Details | Diff | Splinter Review
Rebasing for GV64: Bug 1497682 - Part 3. Add junit test. r=droeh
7.27 KB, patch
Details | Diff | Splinter Review 
See focus-android[0] for a more detailed bug report.

Steps to reproduce

    Have an account and login setup on LinkedIn saved in LastPass.
    Go to http://linkedin.com
    Click on the password field.
    Click the popup dialog that shows up from LastPass to auto-fill your password.

Expected behavior

    The username is correctly filled in from LastPass.
    The password is correctly filled in from LastPass.

Actual behavior

    Both, username and password fields are filled with the password.

Device information

    Android device: Pixel 2 (Android 9)
    Focus version: 8.0 (Build #322700813 🦎 62.0.3.20180922023437)


[0]: https://github.com/mozilla-mobile/focus-android/issues/3501#issuecomment-428346024
Jonathan can you test this again when you pick up GeckoView 63?
status-firefox63: --- → affected
Flags: needinfo?(jonalmeida942)
Priority: -- → P2
We expect LastPass to be fixed in Focus (by bug 1330257) after they pick up GV 63 next week.
status-firefox62: --- → wontfix
status-firefox63: affected?
status-firefox64: --- → ?
status-geckoview62: --- → wontfix
David & Chris, I just tested this on Focus with GV 63 and I'm still able to reproduce the issue.

I applied this PR[0] which Focus is going to be merging next week and verified I was using GV by checking the user-agent[1].

NI cpeterson in case you want to prioritize this.

[0]: https://github.com/mozilla-mobile/focus-android/pull/3619
[1]: https://whatismybrowser.com
Flags: needinfo?(jonalmeida942) → needinfo?(cpeterson)
@ Jonathan, thanks for the testing GV 63! Do you know offhand if this problem happens in Fennec, too?

@ Jim, can you take a look at this LastPass bug next week? Entering the password in the username field would make LastPass unusable. This sounds like a bug we should to fix in GV 63 for Focus 8.0.
Assignee: nobody → nchen
status-firefox63: ?affected
status-firefox64: ?affected
Flags: needinfo?(cpeterson) → needinfo?(nchen)
OS: Unspecified → Android
Priority: P2 → P1
Does it reproduce on other sites? IMO this would be a lower priority if it's only LinkedIn.
Flags: needinfo?(nchen) → needinfo?(jonalmeida942)
I've been able to repro this on a several websites including Google SSO.
Flags: needinfo?(jonalmeida942) → needinfo?(nchen)
Unassigning Jim. We'll need to find a new owner for this bug. This bug is probably a release blocker for testing GV 64 with Focus 8.0 prod users.
Assignee: nchen → nobody
status-firefox63: affectedwontfix
status-firefox65: --- → affected
Flags: needinfo?(nchen)
Assignee: nobody → m_kato
64=fix-optional because this bug is (very!) nice-to-have but doesn't block Focus 8.0.
status-firefox64: affectedfix-optional
I would like to get username fields etc from form or input element in form.

Since LoginManagerContent._getFormFields has "_" prefix (it means private
member) and LoginManagerCotnent.getFieldContext doesn't return elements,
I would like to add simple API for it.

Also, it doesn't have FormLikes parameter, I cannot write unit test like
getFieldContext.  Unit test will be followed by GeckoView junit.
LastPass will fill password to all input elements which InputType is
TYPE_CALSS_TEXT and TYPE_TEXT_VARIATION_WEB_EDIT_TEXT and has no AutofillHint.
And it will fill username when InputType and AutofillHint is nothing in
<input type="text">.

Actually, current implementation of GeckoView sets InputType only for
<input type="text">, so LastPass fills password to all <input type="text">

So as workaround, we should set InputType and AutofillHint when input element
presumes username fields.

Depends on D12880
Add autofill hint test if using Android 8+.

Depends on D12881
In anticipation of the creation of the GECKOVIEW_64_RELBRANCH next week, I am moving this bug from status-firefox64=affected to status-geckoview64=affected.
status-firefox64: fix-optionalwontfix
status-geckoview64: --- → affected
Makoto, do you have any updates on this LastPass bug? It looks like patch #2 and #3 have r+ and patch #1 needs to address some review comments?
status-firefox66: --- → affected
Flags: needinfo?(m_kato)
(In reply to Chris Peterson [:cpeterson] from comment #13)
> Makoto, do you have any updates on this LastPass bug? It looks like patch #2
> and #3 have r+ and patch #1 needs to address some review comments?

I am working part 1 fix.  I will send review soon.
Flags: needinfo?(m_kato)
Pushed by m_kato@ga2.so-net.ne.jp:
https://hg.mozilla.org/integration/mozilla-inbound/rev/e5727b563004
Part 1. Add API to recognize username field and password field from a field in form. r=MattN
https://hg.mozilla.org/integration/mozilla-inbound/rev/78488dedd35e
Part 2. Don't set inputType to all <input type=text>. r=droeh
https://hg.mozilla.org/integration/mozilla-inbound/rev/b68c8690cc9e
Part 3. Add junit test. r=droeh
Flags: in-testsuite+
Product: Firefox for Android → GeckoView
Makoto, should we uplift your LastPass fix to Fennec and GV 65 Beta (or even the GV 64 relbranch used in Focus 8.0)?
Flags: needinfo?(m_kato)
Comment on attachment 9033308 [details] [diff] [review]
rebasing for beta: Bug 1497682 - Part 1. Add API to recognize username field and password field from a field in form. r=MattN

[Beta/Release Uplift Approval Request]

Feature/Bug causing the regression: Bug 1330257

User impact if declined: By bug 1330257, Firefox Android (and GeckoView) supports autofill framework that is a new feature on Android 8+.   When using LastPass (a famous passoword manager) for Android, LastPass fills password to all text fields that has no password type attribute.

Is this code covered by automated tests?: Yes

Has the fix been verified in Nightly?: Yes

Needs manual test from QE?: Yes

If yes, steps to reproduce: 1. Have an account and login setup on LinkedIn saved in LastPass.
2. Go to http://linkedin.com
3. Click on the password field.
4. Click the popup dialog that shows up from LastPass to auto-fill your password.

AR
Both, username and password fields are filled with the password.

ER
Don't fill password on non-password field.

List of other uplifts needed: None

Risk to taking this patch: Low

Why is the change risky/not risky? (and alternatives if risky): Before this fix, we set a hint to all text fields as generic text (if no number type etc).  But it causes this issue on LastPass unfortunately.

Firefox desktop (autofill JS module) has login field detection for username ans password fields.  So this fix uses this desktop's Javascript module to detect username field and password field, then we set a valid hint to autofill framework for username and password correctly.

String changes made/needed:
Flags: needinfo?(m_kato)
Attachment #9033308 - Flags: approval-mozilla-beta?
Attachment #9027466 - Flags: approval-mozilla-beta?
Attachment #9027468 - Flags: approval-mozilla-beta?
Flags: qe-verify+
Comment on attachment 9033308 [details] [diff] [review]
rebasing for beta: Bug 1497682 - Part 1. Add API to recognize username field and password field from a field in form. r=MattN

[Triage Comment]
Important compat fix for LastPass users. Makes me a bit nervous, but we're still early enough in the beta cycle that we should be able to notice any regressions in time. Let's have QA give this a solid pass as well. Thanks for including an automated test. Approved for 65.0b7.
Attachment #9033308 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Attachment #9027466 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Attachment #9027468 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Target Milestone: Firefox 66 → mozilla66
Device:
 - Google Pixel C(tab) (Android 8.0.0)
 - Google Pixel XL (Android 9.0.0 / P)
 - Google Pixel 3 XL(Android 9.0.0 / P)
 - Samsung Galaxy Note 9 (Android 8.1.0)

Verified as fixed in the latest Beta build 65b.0b7 and the latest Nightly Build 66.0a1(07-Jan-2019).
Note that I verified the login at least 5 times for each device and it worked every time, the username and password were assigned in the right field.
Status: RESOLVED → VERIFIED
status-firefox65: fixedverified
status-firefox66: fixedverified
Flags: qe-verify+
Whiteboard: [geckoview:fenix:p1]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: