Auto-save used generated passwords as long as there isn't already a login with an empty username for the site.
Categories
(Toolkit :: Password Manager, enhancement, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr68 | --- | unaffected |
| firefox68 | --- | unaffected |
| firefox69 | --- | unaffected |
| firefox70 | --- | verified |
People
(Reporter: MattN, Assigned: sfoster)
References
Details
(Whiteboard: [passwords:generation] [skyline])
Attachments
(3 files)
Bug 1548857 only implemented auto-saving of filled generated passwords if there were no logins saved for the site (to not overwrite existing ones before they're no longer needed) but to improve consistency and reduce data loss we should save whenever their isn't already a login with an empty username.
|
Assignee | |
Updated•6 years ago
|
|
Reporter | |
Comment 1•6 years ago
|
||
Previously we only auto-saved if there were no logins for the site.
|
|
Reporter | |
Comment 2•6 years ago
|
||
I had a WIP patch the other day so I attached it here but please feel free to commandeer the Phab revision.
|
|
Assignee | |
Comment 3•6 years ago
|
||
|
||
Updated•6 years ago
|
|
|
||
Updated•6 years ago
|
|
|
||
Updated•6 years ago
|
|
|
||
Updated•6 years ago
|
|
||
Comment 5•6 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/46f1d5ddd453
https://hg.mozilla.org/mozilla-central/rev/9234c94b4b9a
|
||
Comment 6•6 years ago
•
|
||
Out of the top 15 websites, only Google, Yahoo and Pinterest appear to have password fields with the autocomplete attribute having the value "new-password" so I will test these 3 for the case when the password manager drop-down contains a generated password option:
This implementation appears to be working correctly in the case of Google and Yahoo. When on these sites and the user changes the password with a generated one, in any of the 3 cases:
- There is a saved login with both username and password for the site -> A new password is automatically saved without a username.
A dismissed door hanger with the message "Password saved!" is displayed and a blue key-like icon is displayed. - There is a saved login with only a password for the site -> A new password is NOT saved automatically.
A dismissed door hanger is displayed and a grey key-like icon, but no message (except for Pinterest, where no grey-key like icon is seen) - There is no saved login for this site -> A new password is automatically saved without a username.
A dismissed door hanger with the message "Password saved!" is displayed and a blue key-like icon is displayed.
Out of the other top 15 sites, from the ones that do not have a password field with attribute autocomplete="new-password", I have chosen to use Facebook and Amazon. I will test the same 3 cases:
- There is a saved login with both username and password for the site -> A new password is automatically saved without a username.
A dismissed door hanger with the message "Password saved!" is displayed and a blue key-like icon is displayed. - There is a saved login with only a password for the site -> A new password is NOT saved automatically.
A dismissed door hanger is displayed and a grey key-like icon, but no message. - There is no saved login for this site -> A new password is automatically saved without a username.
A dismissed door hanger with the message "Password saved!" is displayed and a blue key-like icon is displayed.
A case that seems problematic is seen when changing the password of Pinterest while having a login saved with a blank username: bug 1570282.
In conclusion, I believe that this implementation bug should be considered verified. A new bug is logged for the edge case remaining.
Verified on Nightly v70.0a1 (2019-07-30) on Windows 10.
|
|
||
Comment 7•6 years ago
|
||
|
|
Reporter | |
Updated•5 years ago
|
Description
•