Blank username / generated password saved
Old username/password remain unchanged at this point.
On futher user action: door-hanger update action, the username/password and blank/generated_password get merged.
We currently handle the case where the preexisting saved login has an empty username by creating a dismissed change-password doorhanger when we fill the password field with a generated password. Nothing is auto-saved at this point. If you open the doorhanger and click "Update" on the doorhanger, that empty-username login will be updated with the new generated password.
I think we should treat the case where the form has a username value that matches an existing saved login in the same way. Filling a generated password should create a dismissed doorhanger. The username field in that doorhanger is pre-filled with the username value from the form - which matches that of the saved login. If you click "update" at this point - or later when the form is submitted and we show the doorhanger - that saved login will be updated with the new password. I'm suggesting we shouldn't auto-save an empty-username login in this scenario. We auto-save the new empty-username login when there is ambiguity about which login is being edited. We don't have that ambiguity in this case.
If that is the case, the change is to add a
autoSaveLogin = false; at #864 just like we do above for the formLoginWithoutUsername match.
Do you agree MattN?