Closed Bug 1567230 Opened 1 year ago Closed 1 year ago

Master password prompt before copying/revealing passwords in about:logins

Categories

(Firefox :: about:logins, defect, P1)

Desktop
All
defect

Tracking

()

VERIFIED FIXED
Firefox 70
Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- unaffected
firefox68 --- unaffected
firefox69 --- wontfix
firefox70 --- verified

People

(Reporter: MattN, Assigned: jaws)

References

(Depends on 1 open bug, Regression)

Details

(Keywords: regression, Whiteboard: [passwords:management] [skyline])

Attachments

(2 files)

To prevent snooping and parity with the old management UI, we need to prompt for MP before copying/revealing passwords.

Flags: qe-verify+
Assignee: nobody → jaws
Status: NEW → ASSIGNED
Attachment #9080230 - Attachment description: Bug 1567230 - Move copying of login detail to the parent process to workaround limitations in the Clipboard API. r?MattN → Bug 1567230 - Move copying of login detail to AboutLoginsChild.jsm to workaround limitations in the Clipboard API. r?MattN
Pushed by jwein@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/6115bb93cc3c
Move copying of login detail to AboutLoginsChild.jsm to workaround limitations in the Clipboard API. r=MattN
https://hg.mozilla.org/integration/autoland/rev/755c7d187626
Require master password auth before copying or revealing passwords in about:logins. r=MattN

Backed out 2 changesets for causing failures in browser_masterPassword.js

Backout link: https://hg.mozilla.org/integration/autoland/rev/af37a24bac5db7671dd5394173584789567d2304

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&resultStatus=testfailed%2Cbusted%2Cexception&fromchange=755c7d187626dd1be04708d94c19ddfc99662823&tochange=af37a24bac5db7671dd5394173584789567d2304&selectedJob=258428041

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=258428041&repo=autoland&lineNumber=2981

[task 2019-07-26T01:46:37.013Z] 01:46:37 INFO - TEST-PASS | browser/components/aboutlogins/tests/browser/browser_masterPassword.js | Logins should be displayed when MP is set and authenticated -
[task 2019-07-26T01:46:37.018Z] 01:46:37 INFO - TEST-PASS | browser/components/aboutlogins/tests/browser/browser_masterPassword.js | Dialog is the Master Password dialog -
[task 2019-07-26T01:46:37.019Z] 01:46:37 INFO - Master Password dialog shown and canceled
[task 2019-07-26T01:46:37.021Z] 01:46:37 INFO - Clicking copy password button again
[task 2019-07-26T01:46:37.022Z] 01:46:37 INFO - TEST-PASS | browser/components/aboutlogins/tests/browser/browser_masterPassword.js | Dialog is the Master Password dialog -
[task 2019-07-26T01:46:37.023Z] 01:46:37 INFO - Buffered messages finished
[task 2019-07-26T01:46:37.025Z] 01:46:37 INFO - TEST-UNEXPECTED-FAIL | browser/components/aboutlogins/tests/browser/browser_masterPassword.js | Test timed out -
[task 2019-07-26T01:46:37.026Z] 01:46:37 INFO - GECKO(2216) | MP change from omgsecret! to
[task 2019-07-26T01:46:37.027Z] 01:46:37 INFO - GECKO(2216) | MEMORY STAT | vsize 20974919MB | residentFast 1031MB
[task 2019-07-26T01:46:37.029Z] 01:46:37 INFO - TEST-OK | browser/components/aboutlogins/tests/browser/browser_masterPassword.js | took 90269ms
[task 2019-07-26T01:46:37.030Z] 01:46:37 INFO - checking window state
[task 2019-07-26T01:46:37.031Z] 01:46:37 INFO - GECKO(2216) | JavaScript error: resource://testing-common/PromiseTestUtils.jsm, line 112: uncaught exception: Object
[task 2019-07-26T01:46:37.033Z] 01:46:37 INFO - TEST-START | browser/components/aboutlogins/tests/browser/browser_openFiltered.js

Flags: needinfo?(jaws)
Depends on: 1569789
Flags: needinfo?(jaws)
Pushed by jwein@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/1f122ed713cb
Move copying of login detail to AboutLoginsChild.jsm to workaround limitations in the Clipboard API. r=MattN
https://hg.mozilla.org/integration/autoland/rev/04a64d6707ea
Require master password auth before copying or revealing passwords in about:logins. r=MattN
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla70

I have verified this issue on the latest Nightly 70.0a1 (2019-07-31) (64-bit) on Windows 10 x64, Windows 7 x64, MacOS 10.14 and Ubuntu 18.04.

  • The master password pop-up is correctly displayed when the "Show Password" and "Copy password" buttons are clicked. The password is not revealed/copied until the master password is entered.
Status: RESOLVED → VERIFIED
Flags: qe-verify+
Depends on: 1572478
Component: Password Manager → about:logins
Product: Toolkit → Firefox
Target Milestone: mozilla70 → Firefox 70
You need to log in before you can comment on or make changes to this bug.