Always pass the generated password guid to promptToChangePassword when it is available
Categories
(Toolkit :: Password Manager, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox69 | --- | unaffected |
firefox70 | --- | verified |
firefox71 | --- | verified |
People
(Reporter: sfoster, Assigned: sfoster)
References
Details
(Whiteboard: [passwords:generation] [skyline])
Attachments
(2 files, 1 obsolete file)
47 bytes,
text/x-phabricator-request
|
lizzard
:
approval-mozilla-beta+
|
Details | Review |
47 bytes,
text/x-phabricator-request
|
lizzard
:
approval-mozilla-beta+
|
Details | Review |
As it is possible to change both the username and password from the password-change doorhanger, we should always pass the autoSavedLoginGuid param to promptToChangePassword, when an autosaved (generated-password) login on that origin exists.
This bug was found during verification of bug 1560042, see comments there for more context.
STR:
- From https://twitter.com/login, save a new login by entering "user1" as username and password "password123" in the form,
- Click "Log in" and confirm the save-password prompt that appears
- Load https://twitter.com/login again, clear out any autofilled fields
- Focus the password field and enter a generated password from the context menu (right-click, "Fill Password" -> "Use a securely generated password"
- (a confirmation hint shows up confirming the auto-saving of a new login with this password)
- Type in "user1" into the username field and submit the form
- When the "Update this login" doorhanger appears, confirm it with no changes to username or password values in the prompt fields.
- Load about:logins to examine the outcome
ER:
- A single login for twitter.com, with username "user1" and the generated password value
AR:
- A "user1" login with unchanged password "password123"
- A "" (no username) login with the generated password
- In the console a "Unexpected match of multiple logins" error is logged
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 1•5 years ago
|
||
Assignee | ||
Comment 2•5 years ago
|
||
Depends on D45238
Comment 3•5 years ago
|
||
Comment on attachment 9091543 [details]
Bug 1579540 - Part2: Always provide autoSavedLoginGuid to promptToChangePassword when available. r?MattN
Revision D45239 was moved to bug 1579540. Setting attachment 9091543 [details] to obsolete.
Updated•5 years ago
|
Assignee | ||
Comment 4•5 years ago
|
||
Depends on D45238
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Pushed by sfoster@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d52c05e448ff Part 1: Share some form test helpers. r=MattN https://hg.mozilla.org/integration/autoland/rev/f57e70feeea0 Part 2: Always provide autoSavedLoginGuid to promptToChangePassword when available. r=MattN
Comment 6•5 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/d52c05e448ff
https://hg.mozilla.org/mozilla-central/rev/f57e70feeea0
Comment 7•5 years ago
|
||
Comment on attachment 9091542 [details]
Bug 1579539 - Part 1: Share some form test helpers. r?MattN
Beta/Release Uplift Approval Request
- User impact if declined: A user's username changes in the save login doorhanger could be lost
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: Yes
- If yes, steps to reproduce: Should be verified using steps in comment 0.
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Good test coverage
- String changes made/needed: None
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Comment 8•5 years ago
|
||
Comment on attachment 9091542 [details]
Bug 1579539 - Part 1: Share some form test helpers. r?MattN
Support for Skyline feature, has test coverage, OK for uplift for beta 7.
Updated•5 years ago
|
Updated•5 years ago
|
Comment 9•5 years ago
|
||
bugherder uplift |
Comment 10•5 years ago
|
||
I have managed to reproduce this issue using Firefox 71.0a1 (BuildId:20190906215007) on Windows 10 64bit.
This issue is verified fixed using Firefox 71.0a1 (BuildId:20190915214245) and Firefox 70.0b7 (provided in comment 9) on Windows 10 64bit, Ubuntu 18.04 64bit and macOS 10.13.6
Comment 11•5 years ago
|
||
Added a test case for this scenario in our Password Manager & Form autofill suite.
Description
•