Closed Bug 1518155 Opened 6 years ago Closed 6 years ago

[autoconfig] Exchange AutoDiscover: Ask for username, only if necessary

Categories

(Thunderbird :: Account Manager, enhancement, P2)

Product:
Thunderbird
Component:
Account Manager
Type:
enhancement

Tracking

(thunderbird_esr6065+ fixed, thunderbird65 fixed, thunderbird66 fixed)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 66.0
Tracking Flags:
Tracking Status
thunderbird_esr60 65+ fixed
thunderbird65 --- fixed
thunderbird66 --- fixed

People

(Reporter: BenB, Assigned: BenB)

References

(Regressed 1 open bug)

Details

Attachments

(4 files, 7 obsolete files)

Fix, v8 - first land
12.38 KB, patch
neil
: review+
Details | Diff | Splinter Review
Avoid duplicated labels and element IDs - second land
4.81 KB, patch
Details | Diff | Splinter Review
Fix, v9 - combined
12.40 KB, patch
Details | Diff | Splinter Review
Fix, v9, new locale strings removed, for TB 60
16.56 KB, patch
jorgk-bmo
: approval-comm-beta+
jorgk-bmo
: approval-comm-esr60+
Details | Diff | Splinter Review
The account creation dialog has the philosophy that it needs to work seamlessly for the least computer-savvy end user. It needs to ask the absolute minimum amount of information to set up an account, which is the email address and password (and the user's real name, unless we can get it from the OS). That works for many accounts. Bug 1500105 added Exchange AutoDiscover support. The Exchange AutoDiscover protocol as designed by Microsoft has the very unfortunate property that it requires a login before even returning a config. That's a bad chicken and egg problem, because the login username format (which is not necessarily the same as the email address) is exactly part of the config that we are trying to find out. Formats can differ wildly: * foo@example.com * foo * EXAMPLE\foo etc.. Any one of them might be required, and the others will likely not work. Finding out which exact username format is expected by the server is part of the frustration of setting up an account. *1 The account creation dialog tried to take that away. Unfortunately, Exchange AutoDiscover doesn't let us. I consider that a serious design fault of the protocol. Luckily, a good deal of the servers accept the email address as login username now. For them, bug 1500105 already works. Unfortunately, a good deal of servers still does not accept the email address as login username. For them, bug 1500105 does not work. What happens is that we try to log in to the AutoDiscover server with the email address as username. The server doesn't recognize the username, and sends us "Authentication failed". We consequently ignore AutoDiscover. Instead, we should detect this specific situation. If the AutoDiscover server sends us "Authentication failed", then we should additionally ask the end user for the username. Most likely, this is a Windows domain login of the form * EXAMPLE\foo so we need to show that as a hint to the end user, so that he knows which username form to use. Affected users will likely recognize this as domain login and know which username is meant. It's important that we do this only in this specific case. We do *not* want to bother users who are not affected by these subpar environments with manually entering a username, given that 95% of users won't need to enter it. This bug tracks the implementation of this feature tweak.
Assignee: nobody → ben.bucksch
Status: NEW → ASSIGNED
Priority: -- → P2
Blocks: exchange-meta
Attached patch Fix, v1 (obsolete) — Splinter Review

This implements the feature.

I tested that the new username text field appears, and that the value entered in the username field is accepted and used as username.
I could not test with an account that actually needs this configuration. Somebody promised me one, I'll test with that account once I receive it.

Attachment #9034877 - Flags: review?(neil)
Attached patch Fix, v2 (obsolete) — Splinter Review
Attachment #9034877 - Attachment is obsolete: true
Attachment #9034877 - Flags: review?(neil)
Attachment #9034879 - Flags: review?(neil)

I've received the test account of a university which does not accept email addresses as login usernames, but requires the Windows domain\username as login, including for AutoDiscover.
And it works with that account. We get a HTTP 401, we detect this situation, you get the additional username prompt, you enter your Windows domain login username, and click Continue, and we get the AutoDiscover response, a correct server, we offer Owl addon, and we set up the Owl account.

Comment on attachment 9034879 [details] [diff] [review]
Fix, v2

+          console.error(e);
+          // must call error callback in any case, to stop the discover mode

Do you need to log all errors here?

-  let url1 = "https://" + sanitize.hostname(domain) +
-             "/autodiscover/autodiscover.xml";
+  let url1 = "http://autodiscover." + sanitize.hostname(domain) +
+             "/autodiscover/autodiscover.xml"; // needed by email hosters
  let url2 = "https://autodiscover." + sanitize.hostname(domain) +
             "/autodiscover/autodiscover.xml";
-  let url3 = "http://autodiscover." + sanitize.hostname(domain) +
-             "/autodiscover/autodiscover.xml"; // needed by email hosters
+  let url3 = "https://" + sanitize.hostname(domain) +
+             "/autodiscover/autodiscover.xml";

Why the swap?

<!ENTITY password.text                   "Optional, will only be used to validate the username">
<!ENTITY rememberPassword.label          "Remember password">
<!ENTITY rememberPassword.accesskey      "m">
+<!ENTITY username.label                      "Your login:">
+<!ENTITY username.accesskey                  "l">
+<!ENTITY username.placeholder                "YOURDOMAIN\yourusername">
+<!ENTITY username.text                       "Domain login, e.g. YOURDOMAIN\yourusername">

<!ENTITY imapLong.label                  "IMAP (remote folders)">
<!ENTITY pop3Long.label                  "POP3 (keep mail on your computer)">

Nit: Strange indent

+please_enter_username=Please enter your user name, e.g. YOURDOMAIN\yourusername

Unused?

Do you need to log all errors here?

I'd like to see whether there are cases where out status = 401 detection fails. If a user reports that we don't recognize AutoDiscover although it exists, I can ask him to send me the longs, and this output would give me clues. So, this wasn't just for my own dev debugging, but I need this for debugging end users.
I guess I should expand it, actually, because console.log by default collapses the object and a simply copy&paste will not suffice. So, I should make a more explicit log line.

Nit: Strange indent

Thanks.

Why the swap?

That's a subtle one. The PriorityOrderAbortable class, once all fail, reports the exception of one of these calls as representative the error for all of them. It takes the error of the first one, because that's by definition (of the class) the preferred one. In this case, the servers return different errors, because https://example.com/ is just the website and often returns 404 or "host not found" for email domains, while autodiscover returns 401. We need that error code here.

Attached patch Fix, v3 (obsolete) — Splinter Review
  • Review requests fixed
  • I didn't need the logging after all, because the errors are already logged as-is
  • I've put https://autodiscover.example.com as first URL
  • Neil had a good point that I should check all calls for a 401 errors, not just the first one. I've implemented that.
Attachment #9035395 - Flags: review?(neil)
Attached patch Fix, v4 (obsolete) — Splinter Review
Attachment #9034879 - Attachment is obsolete: true
Attachment #9035395 - Attachment is obsolete: true
Attachment #9034879 - Flags: review?(neil)
Attachment #9035395 - Flags: review?(neil)
Attachment #9035396 - Flags: review?(neil)
Attached patch Fix, v5 (obsolete) — Splinter Review

Reduced explanation text. Added l10n note.

Attachment #9035396 - Attachment is obsolete: true
Attachment #9035396 - Flags: review?(neil)
Attachment #9035401 - Flags: review?(neil)
Attached patch Fix, v6 (obsolete) — Splinter Review

Logging tweak: Add error code to already existing debug output. For network errors (e.g. timeouts, DNS errors etc.), now gives "failed with 0 at <" instead of "failed with at <".

Attachment #9035401 - Attachment is obsolete: true
Attachment #9035401 - Flags: review?(neil)
Attachment #9035403 - Flags: review?(neil)

Comment on attachment 9035403 [details] [diff] [review]
Fix, v6

-  let url1 = "https://" + sanitize.hostname(domain) +
+  let url1 = "https://autodiscover." + sanitize.hostname(domain) +
             "/autodiscover/autodiscover.xml";
-  let url2 = "https://autodiscover." + sanitize.hostname(domain) +
+  let url2 = "http://autodiscover." + sanitize.hostname(domain) +
+             "/autodiscover/autodiscover.xml";
+  let url3 = "https://" + sanitize.hostname(domain) +
             "/autodiscover/autodiscover.xml";
-  let url3 = "http://autodiscover." + sanitize.hostname(domain) +
-             "/autodiscover/autodiscover.xml"; // needed by email hosters

These can go back in their original order now, right? r=me with that fixed.

+      ddump("call " + this.position + " took " + (Date.now() - this._time) +
+          "ms and failed with " + e.code + " " + e +
          (this.callerAbortable && this.callerAbortable._url ? " at <" + this.callerAbortable._url + ">" : ""));

Nit: e.code might be undefined, which looks odd in the Error Console.

Attachment #9035403 - Flags: review?(neil) → review+

These can go back in their original order now, right?

No. They still have an order of priority (class PriorityOrderAbortable).
If several of these return a result, we want to prefer the one from https, not the http one. That's the current change.

Nit: e.code might be undefined, which looks odd in the Error Console.

Right, I can put a ? in there.

Attached patch Fix, v7 (obsolete) — Splinter Review
  • Debug output fixed
  • URL order as in v6
Attachment #9035403 - Attachment is obsolete: true
Attachment #9035644 - Flags: review?(neil)
Attachment #9035644 - Attachment is obsolete: true
Attachment #9035644 - Flags: review?(neil)
Attachment #9035647 - Flags: review?(neil)
Attachment #9035647 - Flags: review?(neil) → review+

Impact if declined:
Users with Exchange hosts that do not accept email addresses as usernames will not be detected and bug 1500105 will not have any positive effect for them.
This appears to be a sizable portion of self-hosted Exchange servers.

tracking-thunderbird65: --- → ?
tracking-thunderbird66: --- → ?
Keywords: checkin-needed

Risk:
The new username field appears only if the Exchange AutoDiscover server responsed and failed with error code 401 Unauthorized.

I don't know what the tracking flags are for. This will land now on TB 66, so why track it. If you want beta uplift, please request it on the patch. However, there are string changes, so not a good idea. TB 66 beta comes out at the end of January.

tracking-thunderbird65: ? → ---
tracking-thunderbird66: ? → ---
Target Milestone: --- → Thunderbird 66.0
Comment on attachment 9035647 [details] [diff] [review] Fix, v8 - first land Review of attachment 9035647 [details] [diff] [review]: ----------------------------------------------------------------- ::: mail/components/accountcreation/content/emailWizard.js @@ +617,5 @@ > + fetch = fetchConfigFromExchange(domain, > + emailAddress, this._exchangeUsername, this._password, > + call.successCallback(), > + (e, allErrors) => { > + // Must call error callback in any case, to stop the discover mode Please make sure all comments adhere to coding standards. Full stop missing. @@ +620,5 @@ > + (e, allErrors) => { > + // Must call error callback in any case, to stop the discover mode > + call.errorCallback()(e); // ()(e) is correct > + if (e.code == 401 || allErrors && allErrors.find(e => e.code == 401)) { // Auth failed > + // ask user for username Upper case and full stop. I'll fix it.

Pushed by mozilla@jorgk.com:
https://hg.mozilla.org/comm-central/rev/130e9b3087d7
[autoconfig] Exchange AutoDiscover: Ask for username only if necessary. r=Neil

Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Keywords: checkin-needed
Resolution: --- → FIXED

Please make sure all comments adhere to coding standards. Full stop missing. ... Upper case

FWIW, I have not found such a coding standard in https://developer.mozilla.org/en-US/docs/Mozilla/Developer_guide/Coding_Style (I searched for "comment" on this page).

Existing Thunderbird code does not adhere to these rules at all. See e.g.
https://searchfox.org/comm-central/source/mailnews/imap/src/nsImapIncomingSerer.cpp#807
// do nothing; return NS_OK; for queuing
...
rv = NS_BINDING_ABORTED; // user cancelled
...
else // cannot get anyone to handle the url queue it
...
// caller will queue the url
and many many other examples like it.

The rule I use is: Full stop only to separate sentences. If there are not at least 2 sentences (i.e. only one phrase, or not even a phrase), I do not finish with a full stop. This is similar to user interfaces, which generally do not use full stop, either, unless there's a paragraph with several sentences.

Which rules are you referring to?

Well, there has been much discussion about inline comments. The comments in question here were full line comments:

// Must call error callback in any case, to stop the discover mode
// ask user for username

There we prefer full English sentences starting with uppercase and ending with a full-stop.

Good English and punctuation are always very welcome ;-)

username.label now occurs twice in the file mail/locales/en-US/chrome/messenger/accountCreation.dtd, on line 21 and on line 33.

Status: RESOLVED → REOPENED
Resolution: FIXED → ---

Pushed by mozilla@jorgk.com:
https://hg.mozilla.org/comm-central/rev/389458d07470
Follow-up: Rename some strings to avoid duplication. r=me DONTBUILD

Status: REOPENED → RESOLVED
Closed: 6 years ago6 years ago
Resolution: --- → FIXED

Ben, to avoid a backout here, I went ahead and fixed the issue. I also renamed a two IDs of elements, however, usernametextEx appears to be unused, so why have it?

Flags: needinfo?(ben.bucksch)

username.label now occurs twice

Arg! :-(
Thanks for catching that.

Flags: needinfo?(ben.bucksch)

Yes, I have reviewed it after the fact. r=BenB

TODO: Make patch without string changes for TB beta and TB 60.

(In reply to Ben Bucksch (:BenB) from comment #28)

TODO: Make patch without string changes for TB beta and TB 60.

Coming up?

Yes, but this will be Wednesday probably. I wanted to do it today, but didn't get to it, sorry.

I'll do this ASAP

Attachment #9035647 - Attachment description: Fix, v8 → Fix, v8 - first land

This is the same patch that was landed as fixup. Attached just for the record.

This is the combination of Fix v8 and Avoid duplication
It is the complete fix for this bug.

Attachment #9036905 - Attachment description: Fix, v9 → Fix, v9 - combined

Comment on attachment 9036926 [details] [diff] [review]
Fix, v9, new locale strings removed, for TB 60

[Approval Request Comment]
Regression caused by (bug #):
User impact if declined:
Bug 1500105 will not work for users whose server requires a Windows domain username (instead of the email address). I think this concerns a large percentage of on-premise Exchange servers.

Testing completed (on c-c, etc.):
TB trunk

Risk to taking this patch (and alternatives if risky):

Attachment #9036926 - Attachment description: Fix, v9, for TB 60 → Fix, v9, new locale strings removed, for TB 60
Attachment #9036926 - Flags: approval-comm-esr60?
Attachment #9036926 - Flags: approval-comm-beta?
Attachment #9036926 - Flags: approval-comm-beta? → approval-comm-beta+

TB 65 beta 3:
https://hg.mozilla.org/releases/comm-beta/rev/d90827241325c5d38974e01ea61bdac3c7cd1fbb

Please check this, I had to rebase the ESR60 patch which didn't cleanly apply to C-B:
$ hg qpush
applying autoconfig-exchange-username-1518155-9-tb60.diff
patching file mail/components/accountcreation/content/emailWizard.js
Hunk #2 FAILED at 455
Hunk #3 FAILED at 626
2 out of 4 hunks FAILED -- saving rejects to file mail/components/accountcreation/content/emailWizard.js.rej
patching file mail/components/accountcreation/content/exchangeAutoDiscover.js
Hunk #2 succeeded at 117 with fuzz 1 (offset 0 lines).
patch failed, unable to continue (try -v)
patch failed, rejects left in working directory
errors during apply, please fix and qrefresh autoconfig-exchange-username-1518155-9-tb60.diff

status-thunderbird65: --- → fixed
status-thunderbird66: --- → fixed
Flags: needinfo?(ben.bucksch)

Hey Jörg, Neil did a try build based on TB 60:
https://treeherder.mozilla.org/#/jobs?repo=try-comm-central&revision=a141ab4f4e83bdaba447e4a0a330fc61311821b3
He had to fix up a few patches. If you apply the patches from that try push, in the same order, they should work.
I meant to attach them to the bugs, but didn't get around to it yet. Sorry about that.

Flags: needinfo?(ben.bucksch)

Please check this, I had to rebase the ESR60 patch which didn't cleanly apply to C-B:

Ah, sorry, you're talking about 65 beta, not TB 60.
I manually compared your TB 65 beta commit with my TB 60 patch and it looks OK to me.

I did my best, but four eyes are always better. Yes, this is for the beta.

(In reply to Ben Bucksch (:BenB) from comment #37)

Hey Jörg, Neil did a try build based on TB 60:
https://treeherder.mozilla.org/#/jobs?repo=try-comm-central&revision=a141ab4f4e83bdaba447e4a0a330fc61311821b3
He had to fix up a few patches. If you apply the patches from that try push, in the same order, they should work.
I meant to attach them to the bugs, but didn't get around to it yet. Sorry about that.

I see. Well, the seven patches in the try are all on "approval-comm-esr60?" Knowing that, I can get them from the try if you want. Let me know.

Yes, please get them from that try build. I think that's easiest for all parties. It also shows the order of the patches.

Just the last one there, the patch for this bug here, has a bad commit message:
7396bd09b5ccBB Remove 'Windows username', too
is wrong and my mistake. Instead, the commit message should be:

Bug 1518155 - [autoconfig] Exchange AutoDiscover: Ask for username only if necessary. r=Neil

Comment on attachment 9036926 [details] [diff] [review] Fix, v9, new locale strings removed, for TB 60 Same as Neil's try.
Attachment #9036926 - Flags: approval-comm-esr60? → approval-comm-esr60+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: