Open Bug 1560468 Opened 5 years ago Updated 1 year ago

Offer a choice of usernames and passwords when prompting to save or update a password

Categories

(Toolkit :: Password Manager, defect, P3)

Product:
Toolkit
Component:
Password Manager
Version:
67 Branch
Type:
defect

Tracking

()

People

(Reporter: zerosumgame0005, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Keywords: parity-chrome, Whiteboard: [passwords:capture-UI])

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0

Steps to reproduce:

use new password at sight, get prompt to update.

Actual results:

sign out, go to site again and try to use "updated" password and am told it does not work, enter new password and get prompt AGAIN to "update", and around and around and around forever

Expected results:

password SHOULD have been updated but is not

I didn't managed to reproduce the issue on the latest release version of Firefox (v67.0.4) using Windows 10.

Could you please provide more information related to this issue? And maybe try to restart the browser with the add-ons disabled? (Go to about:profiles and click the "Restart with Add-ons Disabled..." button)

Flags: needinfo?(zerosumgame0005)

a couple more questions;
WTH is this? "Zarro Boogs found"?
why are passwords no longer saved? I used to have several places like DIsqus that logged me in automatically, they no longer do that and force me to re-log in for every page I visit? are you trying to be our nanny and think we are too stupid to protect ourselves?
add those to the original question.
my version is 67.0.4 (64-bit) and it is very disappointing all around!
As to addons I was using the exact same ones before you FORCED the last update down my throat and are needed to block stupid ads and pp-ups so no I will not disable them. I am just shopping around for a new browser to replace Firefox that I have been using for years because you think screwing your users is a smart thing to do

Flags: needinfo?(zerosumgame0005)

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → Application Update
Product: Firefox → Toolkit
Component: Application Update → Untriaged
Product: Toolkit → Firefox
Summary: last update broke saving/updating of passwords → saving/updating of passwords no longer works after latest update

I've tried to reproduce this issue using the DIsqus website but unfortunately, I couldn't reproduce it. Could you provide other websites or any other information that could help us?

I have had this issue for months. It happens on all sites across all installs of Firefox. This includes 1 real machine install on Windows 10, 2-3 on Windows 7 VMs, 2 installs on real machines running Linux, and 2-3 VMs running Linux.

The common usage pattern I see is as follows:

  1. Log into site, credentials are saved correctly.
  2. Credentials auto-fill and work for ~3 months.
  3. Password is expired by site. I am prompted to update credentials.
  4. Update form only has password and password confirmation dialog.
  5. New password is saved for site with blank username, updated password.
  6. Login form is auto-filled with username/Old-Password combo.
  7. Hit submit, login fails. Password field prompts for which password to use.
  8. Select "No Username - xx/xx/xx" where xx/xx/xx is the date of the latest password update.
  9. Password changes, login success.
  10. Update dialog appears, shows username/*ed out password and prompts for an update.
  11. Select update.
  12. Return to step 6 until new password expires, in which case return to step 3.
  13. Black username/password does update.

I most often see this with Securelink sites as I interact with about 2-dozen such sites on a regular basis.

For completeness sake here's the User Agent line from the machines where this has affected me recently:

  • Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0
  • Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0
  • Mozilla/5.0 (Windows NT 6.1; rv:71.0) Gecko/20100101 Firefox/71.0

Top one is a Windows 10, real machine. 2nd is Xubuntu 19.10 virtual running under Virtualbox. Third is Windows 7 VM under Virtualbox.

Component: Untriaged → Password Manager
Product: Firefox → Toolkit

The issue with creating a 2nd saved login with a no username would be improved if we could offer a choice of potential usernames (logins saved on the same origin) in the /save/update-password doorhanger. This would both draw attention to the fact that we've not found a username and a new login will be saved with an empty username, as well as providing a practical way to avoid getting into the situation the original reporter had - if I understand that correctly.

Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Summary: saving/updating of passwords no longer works after latest update → Offer a choice of usernames when prompting to save or update a password
See Also: → 1570319
Depends on: 1154763

I think there are two issues here.

  1. When a password is updated on a site and the username is not on the update page, a 2nd login is created.
  2. When logging in with saved information, failing, and using the no-username option with a username in the form, the save dialog asks to update the username/password (not the no-username/password) credentials and fails to do so.

The first one is not unexpected and really, just a minor annoyance.

The second one is the real issue. Firefox is giving us a prompt that shows the correct username, the correct password (when unrevealed) and when we accept the update it does not update. This leads to an endless loop of the user agreeing to an update that never happens. Avoiding creating the No-Username credentials would mitigate the 2nd issue, but not eliminate it.

(In reply to Steve Lamb from comment #8)


2. When logging in with saved information, failing, and using the no-username option with a username in the form, the save dialog asks to update the username/password (not the no-username/password) credentials and fails to do so.

The second one is the real issue. Firefox is giving us a prompt that shows the correct username, the correct password (when unrevealed) and when we accept the update it does not update. This leads to an endless loop of the user agreeing to an update that never happens. Avoiding creating the No-Username credentials would mitigate the 2nd issue, but not eliminate it.

Can you please file a separate bug for this issue as I think it would be higher priority to fix? Please include the debug logs and steps to reproduce the issue.

Flags: needinfo?(grey)

(In reply to Matthew N. [:MattN] (PM me if requests are blocking you) from comment #9)

Can you please file a separate bug for this issue as I think it would be higher priority to fix? Please include the debug logs and steps to reproduce the issue.

Uhm, this is that report. Please note the initial report from 6 months ago reads, "sign out, go to site again and try to use "updated" password and am told it does not work, enter new password and get prompt AGAIN to "update", and around and around and around forever".

Last month I gave a multi-step method of replication.

A month after that the bug description was changed "saving/updating of passwords no longer works after latest update → Offer a choice of usernames when prompting to save or update a password" and all of a sudden instead of the focus being on the save dialog not updating the password we're talking about clarifying a dialog?

Flags: needinfo?(grey)
Keywords: parity-chrome
Priority: P3 → P2
Whiteboard: [passwords:capture-UI]
Depends on: 1626792
Summary: Offer a choice of usernames when prompting to save or update a password → Offer a choice of usernames and passwords when prompting to save or update a password
Blocks: 1600397
No longer depends on: 1154763
Priority: P2 → P3
See Also: → 1600397
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.