Edited Passwords are not synced.

RESOLVED FIXED in Firefox 67

Status

()

defect
P1
normal
RESOLVED FIXED
2 months ago
a month ago

People

(Reporter: frano2000, Assigned: eoger, NeedInfo)

Tracking

({dataloss})

Firefox 65
Firefox 67
ARM
Android
Points:
---

Firefox Tracking Flags

(firefox65 wontfix, firefox66 wontfix, firefox67 verified)

Details

Attachments

(1 attachment)

(Reporter)

Description

2 months ago

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0

Steps to reproduce:

A windows 10 PC and Android Oreo Device are synced in the same account (passwords) and doing fine.

But if I start the ff password manager on Android, use the "Edit"-funktion on a login + password combination, this entry is no longer synced.

Android ff 65.0.1 Win10 ff 65.0.2 64-Bit

Actual results:

It disappears on other devices instead of being updated with the editet data. The other passwords are still synced fine.

Expected results:

The edited combination of login+pw should be synced and so be updated on the win-pc as well and not disappear.

Hello,

I have managed to reproduce the issue on the latest version of Nightly (67.0a1), Beta (66.0b11) and Release (65.0.1) using the devices OnePlus A3000 (Android 6.0.1) and Google Pixel C (Android 8.0.0).
If a password is edited on an Android device it will disappear from all other connected devices, Mobile or PC.

Based on the Description and my comment I will set this issue as new.

Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Unspecified → Android
Hardware: Unspecified → ARM

Might this be a server side issue?

Flags: needinfo?(stefan.arentz)
Keywords: dataloss
Priority: -- → P1
(Assignee)

Comment 3

2 months ago

I've identified the problem, I'll post a patch soon.

(Assignee)

Updated

2 months ago
Assignee: nobody → eoger
Status: NEW → ASSIGNED
(Assignee)

Updated

2 months ago
Flags: needinfo?(stefan.arentz)

AFIK this was intentional. We should be careful that we are not breaking some assumptions. NAlexander may remember.

Flags: needinfo?(nalexander)

Comment 6

2 months ago
Pushed by eoger@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/632248682d29
Update login instead delete then add. r=nalexander

Nick reviewed it so I guess this is fine.

Flags: needinfo?(nalexander)

Comment 8

2 months ago
bugherder
Status: ASSIGNED → RESOLVED
Last Resolved: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 67
(Assignee)

Comment 9

2 months ago

Comment on attachment 9048920 [details]
Bug 1532098 - Update login instead delete then add.

Beta/Release Uplift Approval Request

  • Feature/Bug causing the regression: ?
  • User impact if declined: Data loss: A sync user modifying their passwords on Android will lose them on all their other computers.
  • Is this code covered by automated tests?: Unknown
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: Yes
  • If yes, steps to reproduce: 1. Connect Firefox Desktop and Firefox for Android to the same Sync account
  1. Create a "Saved Login" on Desktop (typing garbage in https://news.ycombinator.com/login works) and force a sync.
  2. On Android, force a sync, modify the username for the newly created login, and force a sync.
  3. On Desktop, force a sync.

OLD BEHAVIOR:
5. On Desktop, in the "Saved Logins" dialog, the login disappeared.
NEW CORRECTED BEHAVIOR:
5. On Desktop, in the "Saved Logins" dialog, the login username has changed to whatever was typed on the Android phone.

  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): This is trivial JS code that exercise well known login methods.
  • String changes made/needed: None
Attachment #9048920 - Flags: approval-mozilla-beta?

(In reply to Kevin Brosnan [:kbrosnan] from comment #5)

AFIK this was intentional. We should be careful that we are not breaking some assumptions. NAlexander may remember.

I'm not aware of any reason for the old behaviour. We definitely expect locally changed passwords to be synced correctly.

(In reply to Kevin Brosnan [:kbrosnan] from comment #7)

Nick reviewed it so I guess this is fine.

A risky business, that :)

Flags: qe-verify+

Sorina, is it possible to do a little extra testing around sync and passwords? Kevin thinks this change could be somewhat risky and we might run into undefined behavior. I can fill out a PI request as well but I'm not sure that I'm doing that correctly.

Flags: needinfo?(sorina.florean)
QA Whiteboard: [qa-triaged]

Hi Liz,

I have tested following the steps from Comment 9, with Samsung Galaxy S8 (Android 8.0), OnePlus 5T (Android 9.0), and Windows 10, on Nightly 67.0a1 (2019-03-08). The issue did not reproduce.

I also tested with other scenarios:

  1. After signing in on both, Android and Desktop, from the Manage Account page, I changed the password on Android. On Desktop, I was signed out automatically, and I signed back in using the new password.

  2. I tapped on Forgot password link on Android, went to email, and reset the password. On Desktop, I was signed out automatically, and I signed back in using the new password.

All three scenarios suggest that sync worked when the password was changed.

I will mark this issue as fixed, and remove the [qa-triaged] flag.

Status: RESOLVED → VERIFIED
QA Whiteboard: [qa-triaged]
Flags: qe-verify+
Flags: needinfo?(sorina.florean)

Guys, do you think I should test a different scenario?
Thank you!

Flags: needinfo?(nalexander)
Flags: needinfo?(kbrosnan)
Status: VERIFIED → RESOLVED
Last Resolved: 2 months ago2 months ago

Thank you Mirabela! That's reassuring!

Comment on attachment 9048920 [details]
Bug 1532098 - Update login instead delete then add.

Prevents user data loss, verified in nightly.
Let's uplift for the 66 RC.

Attachment #9048920 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

(In reply to miralobontiu from comment #12)

Hi Liz,

I have tested following the steps from Comment 9, with Samsung Galaxy S8 (Android 8.0), OnePlus 5T (Android 9.0), and Windows 10, on Nightly 67.0a1 (2019-03-08). The issue did not reproduce.

I also tested with other scenarios:

  1. After signing in on both, Android and Desktop, from the Manage Account page, I changed the password on Android. On Desktop, I was signed out automatically, and I signed back in using the new password.

  2. I tapped on Forgot password link on Android, went to email, and reset the password. On Desktop, I was signed out automatically, and I signed back in using the new password.

All three scenarios suggest that sync worked when the password was changed.

I will mark this issue as fixed, and remove the [qa-triaged] flag.

Wait, this has nothing to do with #c9. This is changing an account password for a single site/service, Firefox Accounts. #c9 is about editing saved logins in the Firefox for Android product and ensuring they are synced to other products, i.e., Firefox for Desktop and for iOS. And indeed that the edited login is used in autofill on the originating Firefox for Android device. For example, you might test with a Facebook account or a Spotify account.

miralobontiu: do you understand how these are different?

NI for previous comment.

Flags: needinfo?(nalexander) → needinfo?(mirabela.lobontiu)

Uplifting this to beta (nearly release 66) when the wrong thing was tested seems dangerous.

Flags: needinfo?(kbrosnan) → needinfo?(lhenry)

Hmm. OK. Thanks for pointing that out. I'll ask the sheriffs to back this out.

Flags: needinfo?(lhenry)
Attachment #9048920 - Flags: approval-mozilla-beta+ → approval-mozilla-beta-

With Kevin and Nick's misgivings here I'm getting the feeling we should let this stay unfixed in 66 and test it more in 67 beta.

(In reply to Liz Henry (:lizzard) (use needinfo) from comment #20)

Hmm. OK. Thanks for pointing that out. I'll ask the sheriffs to back this out.

backout link: https://hg.mozilla.org/releases/mozilla-beta/rev/d5a11a79f7bdfa73a6033e5198ae48c07791a4f7

Hi,

Sorry for the misunderstanding.
I will resume here what I`ve tested on Friday:

The login username and/or password had changed to whatever was typed on the Android/iOS devices. None of the saved logins disappeared after the editing.

Environment: Windows 10, OnePlus 5T (Android 9), iPhone SE (12.1.4), Samsung Galaxy S8 (Android 8.0)

(In reply to Nick Alexander :nalexander [he/him] from comment #16)

(In reply to miralobontiu from comment #12)

Hi Liz,

I have tested following the steps from Comment 9, with Samsung Galaxy S8 (Android 8.0), OnePlus 5T (Android 9.0), and Windows 10, on Nightly 67.0a1 (2019-03-08). The issue did not reproduce.

These other scenarios were extra testing, to verify that sync worked as expected.

I also tested with other scenarios:

  1. After signing in on both, Android and Desktop, from the Manage Account page, I changed the password on Android. On Desktop, I was signed out automatically, and I signed back in using the new password.

  2. I tapped on Forgot password link on Android, went to email, and reset the password. On Desktop, I was signed out automatically, and I signed back in using the new password.

All three scenarios suggest that sync worked when the password was changed.

I will mark this issue as fixed, and remove the [qa-triaged] flag.

Wait, this has nothing to do with #c9. This is changing an account password for a single site/service, Firefox Accounts. #c9 is about editing saved logins in the Firefox for Android product and ensuring they are synced to other products, i.e., Firefox for Desktop and for iOS. And indeed that the edited login is used in autofill on the originating Firefox for Android device. For example, you might test with a Facebook account or a Spotify account.

miralobontiu: do you understand how these are different?

Yes, I`ve tested multiple scenarios, but please let me know if there is a different way to test this issue.

Thank you!

Flags: needinfo?(mirabela.lobontiu) → needinfo?(nalexander)

Hi,

Did some more testing today on multiple devices, and I found out that the edited usernames do not sync from Android to Desktop (filed a new bug 1534290). It is not reproducible from Desktop to Android.
This behavior happens only on Nightly 67.0a1 (2019-03-11).

Devices:

  • HTC 10 (Android 8.0);
  • Samsung Galaxy Note 8 (Android 8.0);
  • Huawei P9 Lite (Android 6.0);
  • Sony Xperia Z5 Premium (Android 7.1.1).
You need to log in before you can comment on or make changes to this bug.