Don't prompt to save single-character passwords

VERIFIED FIXED in Firefox 68

Status

()

enhancement
P2
normal
VERIFIED FIXED
a month ago
29 days ago

People

(Reporter: MattN, Assigned: sfoster)

Tracking

(Blocks 1 bug)

Trunk
mozilla68
Points:
---
Dependency tree / graph
Bug Flags:
qe-verify +

Firefox Tracking Flags

(firefox68 verified)

Details

User Story

I think the best solution would be to change the `skipEmptyFields` argument to also cause the function to skip field with single-character password values.

Attachments

(2 attachments)

Sites use single-character values to defeat our skipEmptyFields heuristic at capture time. It's probably not useful to save a single-character password as most sites wouldn't allow such a short password.

This should fix sites like citi.com which have many hidden password fields with static single-character passwords.

Assignee

Updated

a month ago
Assignee: nobody → sfoster
Status: NEW → ASSIGNED
Assignee

Comment 1

a month ago

Test case: when submitting the form, we expect to get prompted to save a 12-character password with the username "actual-username".

Assignee

Comment 2

a month ago

Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=7919a2de2db581ee9804a8c32c5cfe7486b31626
I'm not sure if that test will run & pass on Android. We'll find out.

Comment 4

a month ago
Pushed by sfoster@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a1917a9966fb
use a minPasswordLength rather than skipEmptyFields property when collecting password fields. r=jaws

Backed out changeset a1917a9966fb (bug 1543449) for Android failures at tests/SimpleTest/SimpleTest.js

Backout: https://hg.mozilla.org/integration/autoland/rev/9790d2e8f40b840c55d15b918162b040a2a92e0e

Failure push: https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=a1917a9966fb544d1b4c172aa5acca7fa9bf5cae&selectedJob=240104549

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=240104549&repo=autoland&lineNumber=2357

[task 2019-04-13T04:36:51.585Z] 04:36:51 INFO - 388 INFO TEST-OK | toolkit/components/passwordmgr/test/mochitest/test_xhr_2.html | took 2475ms
[task 2019-04-13T04:36:51.586Z] 04:36:51 INFO - 389 INFO TEST-START | Shutdown
[task 2019-04-13T04:36:51.586Z] 04:36:51 INFO - 390 INFO Passed: 587
[task 2019-04-13T04:36:51.587Z] 04:36:51 INFO - 391 INFO Failed: 0
[task 2019-04-13T04:36:51.588Z] 04:36:51 INFO - 392 INFO Todo: 30
[task 2019-04-13T04:36:51.589Z] 04:36:51 INFO - 393 INFO Mode: non-e10s
[task 2019-04-13T04:36:51.589Z] 04:36:51 INFO - 394 INFO Slowest: 197723ms - /tests/toolkit/components/passwordmgr/test/mochitest/test_formless_submit_navigation_negative.html
[task 2019-04-13T04:36:51.589Z] 04:36:51 INFO - 395 INFO SimpleTest FINISHED
[task 2019-04-13T04:36:55.337Z] 04:36:55 INFO - wait for org.mozilla.fennec_aurora complete; top activity=com.android.launcher
[task 2019-04-13T04:36:55.544Z] 04:36:55 INFO - remoteautomation.py | Application ran for: 0:09:44.227681
[task 2019-04-13T04:36:59.606Z] 04:36:59 INFO - adb Ignoring attempt to chmod external storage
[task 2019-04-13T04:36:59.606Z] 04:36:59 INFO - runtests.py | Running with scheme: https
[task 2019-04-13T04:36:59.606Z] 04:36:59 INFO - runtests.py | Running with e10s: False
[task 2019-04-13T04:36:59.606Z] 04:36:59 INFO - runtests.py | Running with serviceworker_e10s: False
[task 2019-04-13T04:36:59.606Z] 04:36:59 INFO - runtests.py | Running with socketprocess_e10s: False
[task 2019-04-13T04:36:59.607Z] 04:36:59 INFO - runtests.py | Running tests: start.
[task 2019-04-13T04:36:59.923Z] 04:36:59 INFO - remoteautomation.py | runApp deleted /sdcard/tests/logs/mochitest.log
[task 2019-04-13T04:37:00.337Z] 04:37:00 INFO - adb launch_application: am start -W -n org.mozilla.fennec_aurora/org.mozilla.gecko.BrowserApp -a android.intent.action.VIEW --es env9 MOZ_CRASHREPORTER_NO_REPORT=1 --es env8 MOZ_UPLOAD_DIR=/sdcard/tests/mozlog --es args "-no-remote -profile /sdcard/tests/profile//" --es env3 DISABLE_UNSAFE_CPOW_WARNINGS=1 --es env2 R_LOG_VERBOSE=1 --es env1 XPCOM_DEBUG_BREAK=stack --es env0 MOZ_CRASHREPORTER=1 --es env7 R_LOG_DESTINATION=stderr --es env6 MOZ_CRASHREPORTER_SHUTDOWN=1 --es env5 MOZ_IN_AUTOMATION=1 --es env4 MOZ_DISABLE_NONLOCAL_CONNECTIONS=1 --es env11 MOZ_HIDE_RESULTS_TABLE=1 --es env10 R_LOG_LEVEL=6 -d "https://example.com:443/tests?autorun=1&closeWhenDone=1&logFile=%2Fsdcard%2Ftests%2Flogs%2Fmochitest.log&fileLevel=INFO&consoleLevel=INFO&hideResultsTable=1&manifestFile=tests.json&dumpOutputDirectory=%2Fsdcard%2Ftests"
[task 2019-04-13T04:37:11.572Z] 04:37:11 INFO - remoteautomation.py | Application pid: 3507
[task 2019-04-13T04:38:18.537Z] 04:38:18 INFO - 396 INFO SimpleTest START
[task 2019-04-13T04:38:18.537Z] 04:38:18 INFO - 397 INFO TEST-START | toolkit/components/passwordmgr/test/mochitest/test_password_length.html
[task 2019-04-13T04:38:28.751Z] 04:38:28 INFO - 398 INFO TEST-OK | toolkit/components/passwordmgr/test/mochitest/test_password_length.html | took 18509ms
[task 2019-04-13T04:38:28.751Z] 04:38:28 INFO - 399 INFO TEST-START | Shutdown
[task 2019-04-13T04:38:28.751Z] 04:38:28 INFO - 400 INFO Passed: 12
[task 2019-04-13T04:38:28.752Z] 04:38:28 INFO - 401 INFO Failed: 0
[task 2019-04-13T04:38:28.752Z] 04:38:28 INFO - 402 INFO Todo: 0
[task 2019-04-13T04:38:28.752Z] 04:38:28 INFO - 403 INFO Mode: non-e10s
[task 2019-04-13T04:38:28.752Z] 04:38:28 INFO - 404 INFO Slowest: 18490ms - /tests/toolkit/components/passwordmgr/test/mochitest/test_password_length.html
[task 2019-04-13T04:38:28.752Z] 04:38:28 INFO - 405 INFO SimpleTest FINISHED
[task 2019-04-13T04:38:34.015Z] 04:38:34 INFO - Failed to get top activity, retrying, once...
[task 2019-04-13T04:40:32.011Z] 04:40:32 INFO - 406 INFO TEST-UNEXPECTED-FAIL | unknown test url | uncaught exception - TypeError: SimpleTest.harnessParameters is undefined at SimpleTest_setTimeoutShim@https://example.com/tests/SimpleTest/SimpleTest.js:669:17
[task 2019-04-13T04:40:32.012Z] 04:40:32 INFO - add_task@https://example.com/tests/SimpleTest/AddTask.js:30:7
[task 2019-04-13T04:40:32.012Z] 04:40:32 INFO - @https://example.com/tests/toolkit/components/passwordmgr/test/mochitest/test_password_length.html:43:1
[task 2019-04-13T04:40:32.012Z] 04:40:32 INFO - simpletestOnerror@https://example.com/tests/SimpleTest/SimpleTest.js:1665:24
[task 2019-04-13T04:40:40.021Z] 04:40:40 INFO - 407 INFO TEST-UNEXPECTED-FAIL | | /tests/toolkit/components/passwordmgr/test/mochitest/test_password_length.html - finished in a non-clean fashion, probably because it didn't call SimpleTest.finish()
[task 2019-04-13T04:40:40.021Z] 04:40:40 INFO - {u'loaded_test_url': u'/tests/toolkit/components/passwordmgr/test/mochitest/test_password_length.html'}
[task 2019-04-13T04:40:40.022Z] 04:40:40 INFO - 408 INFO TEST-UNEXPECTED-ERROR | | Finished in 18169ms
[task 2019-04-13T04:40:40.022Z] 04:40:40 INFO - {u'runtime': 18169}
[task 2019-04-13T04:40:40.022Z] 04:40:40 INFO - TEST-INFO

Flags: needinfo?(sfoster)

Comment 6

a month ago
Pushed by sfoster@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/127dba490969
use a minPasswordLength rather than skipEmptyFields property when collecting password fields. r=jaws
Assignee

Comment 7

a month ago

Thanks for the backout :ccoroiu, I thought I had checked this against android but it looks like my try run only ran xpcshell tests so I missed this. The test is skipped for android in the latest push.

Flags: needinfo?(sfoster)

Comment 8

a month ago
bugherder
Status: ASSIGNED → RESOLVED
Last Resolved: a month ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68

Comment 9

a month ago
Pushed by mozilla@noorenberghe.ca:
https://hg.mozilla.org/integration/mozilla-inbound/rev/33f6d42d7fa9
Follow-up to properly clear the password field in the doorhanger. r=intermittent

Comment 12

a month ago
backoutbugherder
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Status: REOPENED → RESOLVED
Last Resolved: a month agoa month ago
Flags: needinfo?(sfoster)
Resolution: --- → FIXED

I have used the test case from comment 1:

  • Affected (Nightly v68.0a1 from 2019-04-08):
    The password manager pop-up to save the credentials would not appear at all.

  • Fixed (Nightly v68.0a1 from 2019-04-23):
    The password manager prompt to save password will appear for the "actual-username" username only.

I have also tested a different test case (https://bug1352544.bmoattachments.org/attachment.cgi?id=9050123):

  • Affected (Nightly v68.0a1 from 2019-04-08):
    When attempting to save a random username and a 1-letter password, the password manager prompt would appear and allow you to save a 1-letter password.
  • Fixed (Nightly v68.0a1 from 2019-04-23):
    When attempting to save a random username and a 1-letter password, the password manager prompt would NOT appear at all.

Does this test suffice to verify this bug? If not, please provide some extra steps to verify. Thanks!

Flags: needinfo?(MattN+bmo)

That sounds great

Status: RESOLVED → VERIFIED
Flags: needinfo?(MattN+bmo) → qe-verify+
You need to log in before you can comment on or make changes to this bug.