Closed Bug 1575681 Opened 5 months ago Closed 5 months ago

Provide a policy to disable the password manager altogether

Categories

(Firefox :: Enterprise Policies, defect, P1)

defect

Tracking

()

VERIFIED FIXED
Firefox 70
Tracking Status
firefox-esr68 --- verified
firefox70 --- verified

People

(Reporter: mkaply, Assigned: mkaply)

References

Details

(Whiteboard: [passwords:management] [skyline])

Attachments

(2 files, 2 obsolete files)

If the signons policy is locked to off, remove access to about:logins and lock pref.privacy.disable_button.view_passwords

Whiteboard: [passwords:management] [skyline]
Summary: Locking rememberSignons to off should disable button and block about:logins → Provide a policy to disable the password manager altogether
Pushed by mozilla@kaply.com:
https://hg.mozilla.org/integration/autoland/rev/a63410d10c7a
Add policy to remove access to the password manager. r=MattN,fluent-reviewers,flod
Status: ASSIGNED → RESOLVED
Closed: 5 months ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 70
Attachment #9087459 - Attachment is obsolete: true

Comment on attachment 9088543 [details]
Bug 1575681 - Add policy to remove access to the password manager.

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration: Parity with corresponding Firefox version.
  • User impact if declined: No way to explicitly disable the password manager dialog via policy
  • Fix Landed on Version: 70/71
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Policy, has multiple tests
  • String or UUID changes made by this patch: Adds one Fluent string for policy description.
Attachment #9088543 - Flags: approval-mozilla-esr68?

Comment on attachment 9088543 [details]
Bug 1575681 - Add policy to remove access to the password manager.

Policy addition, approved for 68.2esr.

Attachment #9088543 - Flags: approval-mozilla-esr68? → approval-mozilla-esr68+

Backed out changeset 861b54de7570 (bug 1575681) for browser-chrome failures at browser/components/enterprisepolicies/tests/browser/browser_policy_block_about.js

Backout: https://hg.mozilla.org/releases/mozilla-esr68/rev/1e2fca22a0368f9e8945693526fb0f89af0625fa

Failure push: https://treeherder.mozilla.org/#/jobs?repo=mozilla-esr68&revision=86981b66c0ce813515653d57f9e4651981174f07

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=268384793&repo=mozilla-esr68&lineNumber=13882

16:06:33 INFO - TEST-PASS | browser/components/enterprisepolicies/tests/browser/browser_policy_block_about.js | Sanity check the temporary file doesn't exist. - true == true -
16:06:33 INFO - Buffered messages logged at 16:05:09
16:06:33 INFO - Console message: [JavaScript Error: "[Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIWebNavigation.loadURI]" nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)" location: "JS frame :: resource://gre/actors/WebNavigationChild.jsm :: loadURI/< :: line 175" data: no]"]
16:06:33 INFO - loadURI/<@resource://gre/actors/WebNavigationChild.jsm:175:33
16:06:33 INFO - _wrapURIChangeCall@resource://gre/actors/WebNavigationChild.jsm:78:7
16:06:33 INFO - loadURI@resource://gre/actors/WebNavigationChild.jsm:174:10
16:06:33 INFO - receiveMessage@resource://gre/actors/WebNavigationChild.jsm:60:14
16:06:33 INFO - receiveMessage@resource://gre/modules/ActorManagerChild.jsm:179:30
16:06:33 INFO -
16:06:33 INFO - Buffered messages finished
16:06:33 INFO - TEST-UNEXPECTED-FAIL | browser/components/enterprisepolicies/tests/browser/browser_policy_block_about.js | Test timed out -
16:06:33 INFO - TEST-PASS | browser/components/enterprisepolicies/tests/browser/browser_policy_block_about.js | Engine is inactive at the end of the test -
16:06:33 INFO - TEST-FAIL | browser/components/enterprisepolicies/tests/browser/browser_policy_block_about.js | Assertion count 4 is greater than expected range 0-0 assertions. -
16:06:33 INFO - GECKO(1926) | MEMORY STAT | vsize 7636MB | residentFast 336MB | heapAllocated 85MB
16:06:33 INFO - TEST-OK | browser/components/enterprisepolicies/tests/browser/browser_policy_block_about.js | took 90093ms
16:06:33 INFO - Not taking screenshot here: see the one that was previously logged
16:06:33 INFO - TEST-UNEXPECTED-FAIL | browser/components/enterprisepolicies/tests/browser/browser_policy_block_about.js | Found a tab after previous test timed out: about:blank -
16:06:33 INFO - GECKO(1926) | [Child 1933, Main Thread] WARNING: No active window: file /builds/worker/workspace/build/src/js/xpconnect/src/XPCJSContext.cpp, line 662
16:06:33 INFO - GECKO(1926) | ++DOCSHELL 0x107349000 == 1 [pid = 1930] [id = {d3aeccac-7ee6-f147-9086-40320245d622}]
16:06:33 INFO - GECKO(1926) | ++DOMWINDOW == 3 (0x11eb157a0) [pid = 1930] [serial = 3] [outer = 0x0]
16:06:33 INFO - GECKO(1926) | ++DOMWINDOW == 4 (0x11eb65000) [pid = 1930] [serial = 4] [outer = 0x11eb157a0]
16:06:33 INFO - GECKO(1926) | ++DOMWINDOW == 5 (0x141d46c00) [pid = 1930] [serial = 5] [outer = 0x11eb157a0]
16:06:33 INFO - checking window state

Flags: needinfo?(mozilla)
Attached patch ESR patch (obsolete) — Splinter Review

This patch removes the about:logins test since it doesn't exist on the ESR.

I still block about:logins because there's no harm in that and the rest of the code depends on that.

Flags: needinfo?(mozilla)

This was backed out of esr68 due to these failures: https://treeherder.mozilla.org/#/jobs?repo=mozilla-esr68&resultStatus=testfailed%2Cbusted%2Cexception&revision=4ce4d8ccc5c09426914b3fda55027954760a8755&selectedJob=269071011

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=269071011&repo=mozilla-esr68&lineNumber=8028

[task 2019-09-30T15:22:06.922Z] 15:22:06 INFO - TEST-PASS | browser/components/enterprisepolicies/tests/browser/browser_policy_passwordmanager.js | Sanity check the temporary file doesn't exist. - true == true -
[task 2019-09-30T15:22:06.923Z] 15:22:06 INFO - Buffered messages finished
[task 2019-09-30T15:22:06.923Z] 15:22:06 INFO - TEST-UNEXPECTED-FAIL | browser/components/enterprisepolicies/tests/browser/browser_policy_passwordmanager.js | showPasswords should be disabled. - Got false, expected true
[task 2019-09-30T15:22:06.923Z] 15:22:06 INFO - Stack trace:
[task 2019-09-30T15:22:06.924Z] 15:22:06 INFO - chrome://mochikit/content/browser-test.js:test_is:1602
[task 2019-09-30T15:22:06.924Z] 15:22:06 INFO - chrome://mochitests/content/browser/browser/components/enterprisepolicies/tests/browser/browser_policy_passwordmanager.js:test_pwmanagerbutton/<:16
[task 2019-09-30T15:22:06.924Z] 15:22:06 INFO - resource://testing-common/BrowserTestUtils.jsm:withNewTab:124
[task 2019-09-30T15:22:06.925Z] 15:22:06 INFO - GECKO(2544) | [Child 2669, Main Thread] WARNING: No active window: file /builds/worker/workspace/build/src/js/xpconnect/src/XPCJSContext.cpp, line 662
[task 2019-09-30T15:22:06.925Z] 15:22:06 INFO - Leaving test bound test_pwmanagerbutton
[task 2019-09-30T15:22:06.926Z] 15:22:06 INFO - TEST-PASS | browser/components/enterprisepolicies/tests/browser/browser_policy_passwordmanager.js | Engine is inactive at the end of the test -

Flags: needinfo?(mozilla)
Duplicate of this bug: 1585125
Attached patch ESE PatchSplinter Review

This is the correct ESR patch. I have tested it every way possibly and made sure the test is included. Very sorry the previous version broke things.

Attachment #9096890 - Attachment is obsolete: true
Flags: needinfo?(mozilla)

This is verified fixed using Firefox 70.0 (BuildId:20191016161957) and Firefox 68.2.0esr (BuildId:20191016163237) on Windows 10 64bit, macOS 10.13.6 and Ubuntu 18.04 64bit.

Status: RESOLVED → VERIFIED
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.