1571555 - All saved logins missing in about:logins if any login can't be decrypted

Status: VERIFIED FIXED

(Firefox :: about:logins, defect, P1)

Description

[Randell Jesup [:jesup] (needinfo me)]

On my main profile, in Nightly, all my saved logins appear missing (or not visible in the UI via Prefs->Saved Logins) after a pull/rebuild of m-c on 7/29. (Linux64 Fedora 29).

When I go to the login page of (say) arstechnica or sso.mozilla.com, I see shared logins and passwords; but "View Saved Logins" also takes me to an empty list. I'm concerned doing anything with saved logins (saving new ones, closing Firefox, etc) might lose data, since I don't know why it's blank in the UI or what that implies.

Comment 1

[Sam Foster [:sfoster] (he/him)]

:jesup, Are there any exception in the browser console or terminal when you load about:logins?
Can get us the values of the signon.* prefs for this profile?
You can confirm your logins still exist in this profile by calling this at the toolbox/browser console:

Services.logins.getAllLogins()

You should get back a list of nsLoginInfo objects.

Next, if you can enable debug logging (set the signon.debug pref to true) and either attach here or send to either myself or MattN, we can take a look to see what might be going on.

Comment 2

[Randell Jesup [:jesup] (needinfo me)]

I see get "NS_ERROR_FAILURE: Couldn't decrypt strings: 2147942487 crypto-SDR.js:253" every time I open the logins page
No other errors, no other signon.* values set other then importedFromSqlite.
When I set signon.debug I don't see any logs in the browser console (including in 'logs').

Comment 3

[Jared Wein [:jaws] (please needinfo? me)]

The last change here was bug 1567667. Randall, do you have any usernames or passwords that contain non-ASCII characters?

Randall noted on IRC that when he disabled the new about:logins via about:config (signon.management.page.enabled=false and signon.management.overrideURI="") the logins appeared again in the old Password Manager via about:preferences.

Comment 4

[MarniePW [:marnie]]

[Tracking Requested - why for this release]:

Comment 5

[Randell Jesup [:jesup] (needinfo me)]

(In reply to Jared Wein [:jaws] (please needinfo? me) from comment #3)

The last change here was bug 1567667. Randall, do you have any usernames or passwords that contain non-ASCII characters?

How can I tell? I have hundreds of logins stored... (I don't think I would have any non-ascii; certainly not by choice)

Comment 6

[Randell Jesup [:jesup] (needinfo me)]

recap of IRC: I have 24 bad entries where the encryptedUsername field looks like "~..." -- a non-encrypted base64 value. the encryptedPassword entries have a website name (not base 64 or encrypted); usually the site name, but sometimes a different site in the database). Apparently this was from a long-ago bad migration to encrypted entries.

Comment 7

[Jared Wein [:jaws] (please needinfo? me)]

Attachment: Bug 1571555 - Use a blank string in place of the username or password when decryption fails. r=keeler!

Comment 8

[Jared Wein [:jaws] (please needinfo? me)]

Matt, can you finish the patch here?

Comment 9

[Pulsebot]

Pushed by mozilla@noorenberghe.ca:
https://hg.mozilla.org/integration/autoland/rev/65c6d801e7b4
Use a blank string in place of the username or password when decryption fails. r=keeler

Comment 10

[Daniel Varga [:dvarga]]

Backed out changeset 65c6d801e7b4 (Bug 1571555) for browser chrome failure at browser/components/aboutlogins/tests/browser/browser_masterPassword.js

Push with failure: https://treeherder.mozilla.org/#/jobs?repo=autoland&resultStatus=testfailed%2Cbusted%2Cexception&classifiedState=unclassified&revision=65c6d801e7b444d0a438f6908bb5b990f252e959

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=260963550&repo=autoland&lineNumber=20886

Backout link: https://treeherder.mozilla.org/#/jobs?repo=autoland&resultStatus=testfailed%2Cbusted%2Cexception&classifiedState=unclassified&revision=7299b42f767b43930931225de0129ba26553a074

[task 2019-08-10T19:05:17.225Z] 19:05:17     INFO - TEST-PASS | browser/components/aboutlogins/tests/browser/browser_masterPassword.js | No logins should be displayed when MP is set and unauthenticated - 
[task 2019-08-10T19:05:17.226Z] 19:05:17     INFO - Buffered messages finished
[task 2019-08-10T19:05:17.226Z] 19:05:17     INFO - TEST-UNEXPECTED-FAIL | browser/components/aboutlogins/tests/browser/browser_masterPassword.js | Uncaught exception - waiting for master-password-login-required notification - timed out after 50 tries.
[task 2019-08-10T19:05:17.226Z] 19:05:17     INFO - Leaving test bound test
[task 2019-08-10T19:05:17.226Z] 19:05:17     INFO - GECKO(1787) | ++DOCSHELL 0x121e04000 == 8 [pid = 1787] [id = {b43c67cb-bd1e-2b40-ab00-c2c4b68a4165}]
[task 2019-08-10T19:05:17.226Z] 19:05:17     INFO - GECKO(1787) | ++DOMWINDOW == 16 (0x10fd243e0) [pid = 1787] [serial = 18] [outer = 0x0]
[task 2019-08-10T19:05:17.226Z] 19:05:17     INFO - GECKO(1787) | ++DOMWINDOW == 17 (0x12347b800) [pid = 1787] [serial = 19] [outer = 0x10fd243e0]
[task 2019-08-10T19:05:17.226Z] 19:05:17     INFO - GECKO(1787) | [Parent 1787, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005: file /builds/worker/workspace/build/src/dom/base/ThirdPartyUtil.cpp, line 374
[task 2019-08-10T19:05:17.227Z] 19:05:17     INFO - GECKO(1787) | [Parent 1787, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x805D0021: file /builds/worker/workspace/build/src/modules/libjar/nsJARChannel.cpp, line 994
[task 2019-08-10T19:05:17.227Z] 19:05:17     INFO - GECKO(1787) | [Parent 1787, Main Thread] WARNING: NS_ENSURE_TRUE(root) failed: file /builds/worker/workspace/build/src/layout/base/nsDocumentViewer.cpp, line 3165
[task 2019-08-10T19:05:17.835Z] 19:05:17     INFO - Console message: OpenGL compositor Initialized Succesfully.
[task 2019-08-10T19:05:17.835Z] 19:05:17     INFO - Version: 2.1 INTEL-12.9.22
[task 2019-08-10T19:05:17.835Z] 19:05:17     INFO - Vendor: Intel Inc.
[task 2019-08-10T19:05:17.835Z] 19:05:17     INFO - Renderer: Intel Iris OpenGL Engine
[task 2019-08-10T19:05:17.836Z] 19:05:17     INFO - FBO Texture Target: TEXTURE_2D
[task 2019-08-10T19:05:18.574Z] 19:05:18     INFO - GECKO(1787) | --DOMWINDOW == 1 (0x121b56020) [pid = 1793] [serial = 1] [outer = 0x0] [url = about:blank]
[task 2019-08-10T19:05:19.609Z] 19:05:19     INFO - GECKO(1787) | --DOMWINDOW == 0 (0x126a29800) [pid = 1792] [serial = 2] [outer = 0x0] [url = about:blank]
[task 2019-08-10T19:05:20.683Z] 19:05:20     INFO - GECKO(1787) | --DOMWINDOW == 1 (0x126054020) [pid = 1794] [serial = 1] [outer = 0x0] [url = about:blank]
[task 2019-08-10T19:05:21.256Z] 19:05:21     INFO - GECKO(1787) | --DOMWINDOW == 16 (0x123481c00) [pid = 1787] [serial = 15] [outer = 0x0] [url = about:blank]
[task 2019-08-10T19:05:22.259Z] 19:05:22     INFO - GECKO(1787) | --DOMWINDOW == 1 (0x127859020) [pid = 1795] [serial = 1] [outer = 0x0] [url = about:blank]
[task 2019-08-10T19:05:22.884Z] 19:05:22     INFO - GECKO(1787) | --DOMWINDOW == 0 (0x121b2b400) [pid = 1793] [serial = 2] [outer = 0x0] [url = about:blank]
[task 2019-08-10T19:05:24.118Z] 19:05:24     INFO - GECKO(1787) | --DOMWINDOW == 1 (0x11e756020) [pid = 1796] [serial = 1] [outer = 0x0] [url = about:blank]
[task 2019-08-10T19:05:24.776Z] 19:05:24     INFO - GECKO(1787) | --DOMWINDOW == 0 (0x126029800) [pid = 1794] [serial = 2] [outer = 0x0] [url = about:blank]
[task 2019-08-10T19:05:26.592Z] 19:05:26     INFO - GECKO(1787) | --DOMWINDOW == 0 (0x12782b800) [pid = 1795] [serial = 2] [outer = 0x0] [url = about:blank]
[task 2019-08-10T19:05:28.533Z] 19:05:28     INFO - GECKO(1787) | --DOMWINDOW == 0 (0x11e729800) [pid = 1796] [serial = 2] [outer = 0x0] [url = about:blank]
[task 2019-08-10T19:11:18.064Z] 19:11:18     INFO -  [1784, Main Thread] WARNING: No active window: file /builds/worker/workspace/build/src/js/xpconnect/src/XPCJSContext.cpp, line 664
[task 2019-08-10T19:11:38.550Z] 19:11:38     INFO - Buffered messages finished
[task 2019-08-10T19:11:38.550Z] 19:11:38    ERROR - TEST-UNEXPECTED-TIMEOUT | browser/components/aboutlogins/tests/browser/browser_masterPassword.js | application timed out after 370 seconds with no output
[task 2019-08-10T19:11:38.550Z] 19:11:38    ERROR - Force-terminating active process(es).

Comment 12

[Matthew N. [:MattN]]

I updated the patch

Comment 13

[Pulsebot]

Pushed by mozilla@noorenberghe.ca:
https://hg.mozilla.org/integration/autoland/rev/ddf6f75cc5ee
Use a blank string in place of the username or password when decryption fails. r=keeler

Comment 14

[Matthew N. [:MattN]]

Attachment: Bug 1571555 - Mock the prompt service for the master password prompt in test_sdr.js. r=keeler

Comment 15

[Pulsebot]

Pushed by mozilla@noorenberghe.ca:
https://hg.mozilla.org/integration/autoland/rev/db9028d93ad6
Mock the prompt service for the master password prompt in test_sdr.js. r=keeler

Comment 16

[Narcis Beleuzu [:NarcisB]]

https://hg.mozilla.org/mozilla-central/rev/ddf6f75cc5ee
https://hg.mozilla.org/mozilla-central/rev/db9028d93ad6

Comment 17

[Cosmin Muntean [:cmuntean], Ecosystem QA]

In order to verify this issue I have used the following steps:

1. I have opened a new Firefox profile with Nightly 69.0a1 version and saved multiple logins.
2. I have opened the "logins.json" file.
3. I have added the "~..." string to the "encryptedUsername" value of one of the saved logins and saved the file.
4. I have opened the same profile with Nightly 70.0a1 build from 2019-08-16 when the issue was not fixed.
5. I have navigated to "about:logins" page. No logins were displayed.
6. I have updated the Nightly browser to the latest build (2019-08-19).
7. I have navigated to "about:logins" page. The logins were correctly displayed.

Matthew, can you please look over the steps and let me know if the steps are valid in order to verify the issue? If not, can you please give me some instructions on how should I verify the issue?

Comment 18

[Matthew N. [:MattN]]

I think those steps are good for testing one of the cases of failure. There are two other cases to test:

1. Testing with a valid unencrypted base64 value for encryptedUsername and/or encryptedPassword: https://www.base64encode.org/ (no ~)
2. Rename key4.db from the profile folder after saving logins and ensure that all logins are missing. Ensure you can save new logins and they show up in about:logins even after a restart of Firefox.

Thanks!

Comment 19

[Cosmin Muntean [:cmuntean], Ecosystem QA]

Thanks Matthew for the provided test cases!

I have verified this issue on latest Nightly 70.0a1 (2019-08-20) build on Windows 7 x64, Mac 10.14 and Ubuntu 18.04 x64.

1. Testing with a valid unencrypted base64 value for encryptedUsername and/or encryptedPassword: https://www.base64encode.org/ (no ~)

• Following the same steps described in comment 17, instead of using the "~..." string I have used a valid unencrypted base64 value for encryptedUsername and/or encryptedPassword. In all cases, the saved logins were correctly displayed on "about:logins" page on the latest Nightly 70.0a1 build.
• However, it seems that only the login where the encryptedUsername or encryptedPassword was modified, is not displayed in the Login List. @Matthew, can you please confirm if this is expected?

2. Rename key4.db from the profile folder after saving logins and ensure that all logins are missing. Ensure you can save new logins and they show up in about:logins even after a restart of Firefox.

• After renaming the "key4.db" file, no login is displayed in "about:logins" page. Even if the file was renamed, I was able to create and save new logins. Also, the newly created and saved logins are correctly displayed in "about:logins" page even after a browser restart.

Comment 20

[Matthew N. [:MattN]]

(In reply to Cosmin Muntean, Experiments QA from comment #19)

1. Testing with a valid unencrypted base64 value for encryptedUsername and/or encryptedPassword: https://www.base64encode.org/ (no ~)

• Following the same steps described in comment 17, instead of using the "~..." string I have used a valid unencrypted base64 value for encryptedUsername and/or encryptedPassword. In all cases, the saved logins were correctly displayed on "about:logins" page on the latest Nightly 70.0a1 build.
• However, it seems that only the login where the encryptedUsername or encryptedPassword was modified, is not displayed in the Login List. @Matthew, can you please confirm if this is expected?

Right, that's the point of this bug, that a failure in one login doesn't prevent the others from being seen. The same should have been true with step 7 in comment 17: You should have seen the one login you edited was missing from about:logins.

Comment 21

[Cosmin Muntean [:cmuntean], Ecosystem QA]

Yes, I have also noticed this in comment 17 at step 7 but I forgot to mention it (sorry about that). In all test cases that I verified, the edited login is not displayed in "about:logins" page but all the others saved logins are correctly displayed.

Thanks Matthew for helping me verify this issue.