Closed Bug 1504268 Opened 5 years ago Closed 5 years ago

Update the label shown on the OS login UI when retrieving credit card numbers

Categories

(Firefox :: WebPayments UI, defect, P1)

defect

Tracking

()

VERIFIED FIXED
Firefox 65
Tracking Status
firefox65 --- fixed
firefox66 --- verified

People

(Reporter: timdream, Assigned: timdream)

References

Details

(Whiteboard: [webpayments-reserve])

Attachments

(5 files)

With bug 1429265 we will invoke OS login UI when

1) The user selects a credit card entry from the autofill UI. This can be tested at

https://luke-chang.github.io/autofill-demo/basic_cc.html

2) When the user enters the credit card management UI in Preferences

3) When the user confirms basic card payment by hitting the [Pay] button in Web Payment dialog.

We can provide a label to the OS when showing the UI. The default string in macOS is "Nightly would like to make changes" which doesn't make sense. There is no default string on Windows.

Ideally, we should provide 3 different strings for the different situations above.

I will post a screenshot in Windows here.
This is the Windows dialog. If there isn't a description label, it would just show a shorter dialog without that line.
Brian, can you provide strings for the 3 cases? The string would replace the "Description Label" portion shown in the screenshot of attachment 1 [details] [diff] [review] and similar UIs on macOS.
Flags: qe-verify+
Flags: needinfo?(brjones)
Priority: -- → P3
QA Contact: hani.yacoub
Whiteboard: [webpayments-reserve]
Matt, can you help me understand what the string is trying to accomplish? Is the intent to alert user that Nightly/Firefox needs to change something (and what is that "something"?)? Is the change affecting the OS or Nightly/Firefox only? And can I assume that user can't decline this change and get desired result?
Flags: needinfo?(brjones) → needinfo?(MattN+bmo)
The main intent is to confirm that the user trying to "use" the credit card is a user authorized to do so by having the user prove that they have access to the operating system account (e.g. via re-entering the password or using TouchID, etc.).

We are trying to avoid strangers or children getting access to the credit card in Firefox without them at least having some hurdle, in this case re-authenticating with the operating system.

You can test this out in a recent Nightly on Window or MacOS using the UIs listed in comment 0.

Example for #1 and #3: "Mozilla Firefox is trying to use a credit card"
Example for #2: "Mozilla Firefox is trying to show a credit card" (based on Chrome's similar string for showing passwords).
Flags: needinfo?(MattN+bmo)
Blocks: 1429265
Thank you for the context, MattN. This message needs to clearly indicate that what's being requested is system password (not Firefox pw), making it a little bit long.

For #1/#3:
Firefox is trying to use stored credit card information. Enter system password to allow this.

For #2:
Firefox is trying to show credit card information. Enter system password to allow this.

For Mac users, would we ask for "Apple ID" instead of "system?" I'm unsure what exactly would be asked for.
Assignee: nobody → timdream
Status: NEW → ASSIGNED
(In reply to Brian Jones from comment #5)
> For Mac users, would we ask for "Apple ID" instead of "system?" I'm unsure
> what exactly would be asked for.

The OS login password is different than the Apple ID password.
Priority: P3 → P1
For Mac:
#1/#3: Firefox is trying to use stored credit card information. Enter password to allow this.
#2: Firefox is trying to show credit card information. Enter password to allow thi
There may not be a password required at all (e.g. TouchID, FaceID, Windows Hello, etc.) and that's not per-OS so it would be great to have a text that doesn't need to know which authentication methods are available as that would get complicated.
Brian, see the attached image from Jared showing Windows Hello options which gives the option of using a password, PIN, or fingerprint.

The "Firefox would like to use your credit card" string in that image is the one we're talking about in this bug for 3 different contexts.
Do you have new suggestions for the strings that aren't "password"-specific?
Flags: needinfo?(brjones)
For the Win Hello signin:
#1/#3: Firefox is trying to use stored credit card information. Confirm using one of the verification options below.
#2: Firefox is trying to show password information. Confirm using one of the verification options below.
Flags: needinfo?(brjones)
I don't think we tell the difference b/t triggering a normal Windows dialog v.s. triggering a Windows Hello dialog?
Flags: needinfo?(franziskuskiefer)
(In reply to Brian Jones from comment #14)
> For the Win Hello signin:
> #1/#3: Firefox is trying to use stored credit card information. Confirm
> using one of the verification options below.
> #2: Firefox is trying to show password information. Confirm using one of the
> verification options below.

Note that the "More Choices" section is closed by default (AFAICT) so I'm not sure this is 

I would really prefer if we have one string for each of these three cases which is cross-platform. Can we skip the "Enter system password to allow this." portion of the comment 5 strings and leave it at that?
Flags: needinfo?(brjones)
(Quoting Matthew N. [:MattN] (PM me if requests are blocking you) from comment #16)
> Note that the "More Choices" section is closed by default (AFAICT) so I'm
> not sure this is 

…that clear.
> I don't think we tell the difference b/t triggering a normal Windows dialog v.s. triggering a Windows Hello dialog?

We currently can't. There's away to distinguish different types of logins used but then we also have to consider PINs, fingerprints and whatever else Windows comes up with. But note that this wouldn't solve the issue as far as I understand it as the user can chose what to use for authentication after the dialogue is displayed, i.e. after we set a string.
Flags: needinfo?(franziskuskiefer)
(In reply to Matthew N. [:MattN] (PM me if requests are blocking you) from comment #16)
> (In reply to Brian Jones from comment #14)
> > For the Win Hello signin:
> > #1/#3: Firefox is trying to use stored credit card information. Confirm
> > using one of the verification options below.
> > #2: Firefox is trying to show password information. Confirm using one of the
> > verification options below.
> 
> Note that the "More Choices" section is closed by default (AFAICT) so I'm
> not sure this is 
> 
> I would really prefer if we have one string for each of these three cases
> which is cross-platform. Can we skip the "Enter system password to allow
> this." portion of the comment 5 strings and leave it at that?

I'm not convinced it's clear what pw is being requested without the "system" reference. Ca we add it to user testing to find out? (The Mac instance is more clear, assuming the system "face" icon is included in the dialog.)
Flags: needinfo?(brjones)
Do you need any help from me to facilitate user testing like producing the test builds? Please let me know.
Flags: needinfo?(brjones)
Tim, MattN and Sharon Bautista would have better insight into needs for the test builds.
Flags: needinfo?(brjones)
User testing was already in progress last week so we'd need to do a new user test for this. You could ask Sharon if you think it's worth it.

(In reply to Brian Jones from comment #14)
> For the Win Hello signin:
> #1/#3: Firefox is trying to use stored credit card information. Confirm
> using one of the verification options below.
> #2: Firefox is trying to show password information. Confirm using one of the
> verification options below.

What about replacing the last sentence with one of the following:
* "Confirm access to this Windows account below."
* "Confirm access to your Windows account below."
?

That would handle Windows 7 and Windows Hello.
Flags: needinfo?(brjones)
MattN, I'm fine w/ this string you suggested
Confirm access to this Windows access below.
Flags: needinfo?(brjones)
I'll update the patch.
Patch updated.
Pushed by tchien@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/bc720a5a993c
Show proper OS login dialog labels when filling/editing credit cards r=MattN
https://hg.mozilla.org/mozilla-central/rev/bc720a5a993c
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 65
On macOS both messages are displayed:
#1/#3: Firefox is trying to use stored credit card information. Enter password to allow this.
#2: Firefox is trying to show credit card information. Enter password to allow this.

But on Windows 10/7 random characters are displayed instead of the messages from above.
(Please see screenshot attached)

Should I log a separate bug for this?
Flags: needinfo?(timdream)
Ouch. Please log a separate bug.
Flags: needinfo?(timdream)
Logged Bug 1508936 for the issue mentioned above on Windows.
Depends on: 1508936
Dear Sir,

Need more information to Reproduce the bug in Firefox 65.0b6, Windows 7
Flags: needinfo?(timdream)
Turn on the feature on Nightly on Windows and attempt to access a credit card.
Flags: needinfo?(timdream)
Similar to comment 32:

Firefox 66.0a1 20181230093119 (32-bit) on Windows 8.1

With the steps to reproduce from bug 1508936, the Windows OS login dialog doesn't get shown here. Are there any requirements on the OS/user account to get the dialog?
Flags: needinfo?(timdream)
Did we turn this off on Nightly?
Flags: needinfo?(timdream) → needinfo?(MattN+bmo)
Yes, off by default since bug 1510470 which you reviewed.
Flags: needinfo?(MattN+bmo)

Verified as fixed on Firefox Nightly 66.0a1 (2019-01-27) on Windows 10 x 64, Windows 7 x32, Mac OS X 10.14 and on Ubuntu 16.04 x64.

Status: RESOLVED → VERIFIED
Flags: qe-verify+
Regressions: 1624646
You need to log in before you can comment on or make changes to this bug.