Protection report asks to sign in to see monitor breaches even though I am signed in
Categories
(Firefox :: Protections UI, defect, P1)
Tracking
()
People
(Reporter: TheOne, Assigned: ewright)
Details
(Whiteboard: [rca - Logical Error])
Attachments
(1 file)
47 bytes,
text/x-phabricator-request
|
lizzard
:
approval-mozilla-release+
|
Details | Review |
I am signed in into my Firefox Account on Firefox and it's happily syncing. I do not have any logins stored.
The protection report page asks me to "Sign up for Breach Alerts", but I don't think it should. I am signed in and have connected my FxA to monitor.
Further investigation turns out that it works if you add any login to Firefox.
STR:
- Create a new profile
- Sign in with a Firefox account that is connected to monitor
- Go to
about:protections
--> You'll see "Sign up for Breach Alerts" - Go to
about:logins
and save a new login forexample.com
and random credentials (or any other random domain) - Refresh/revisit
about:protections
--> You'll see your data breach summary
Comment 1•5 years ago
|
||
[Tracking Requested - why for this release]:
Skyline headline feature. Do we still have any way to get into 70 at this point? The fix should probably be simple.
Assignee | ||
Comment 2•5 years ago
|
||
Updated•5 years ago
|
Pushed by ewright@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/f862ddde6893 Monitor integration card does not require lockwise logins to be saved. r=johannh
Assignee | ||
Updated•5 years ago
|
Comment 4•5 years ago
|
||
Not without building a 3rd release candidate. That might be possible but it's quite unlikely and may delay the release (and burn everyone out)
Can we plan to put this into the first possible dot release? I think we will have one fairly soon after the initial launch.
Updated•5 years ago
|
Comment 5•5 years ago
|
||
Possibly related: I had initially gotten this as a release note, "When you are signed into your Firefox account, you can sign into other Firefox services with one click and stay signed into all the apps and services (like Monitor) associated with your account." But then was told by the FxA team that we aren't shipping with that capability until 71.
Comment 6•5 years ago
|
||
bugherder |
Comment 7•5 years ago
|
||
(In reply to Liz Henry (:lizzard) from comment #4)
Not without building a 3rd release candidate. That might be possible but it's quite unlikely and may delay the release (and burn everyone out)
Can we plan to put this into the first possible dot release? I think we will have one fairly soon after the initial launch.
I understand. Let's get this onto a dot release, then!
(In reply to Liz Henry (:lizzard) from comment #5)
Possibly related: I had initially gotten this as a release note, "When you are signed into your Firefox account, you can sign into other Firefox services with one click and stay signed into all the apps and services (like Monitor) associated with your account." But then was told by the FxA team that we aren't shipping with that capability until 71.
That's correct, but more or less unrelated to this bug, this was just a simple oversight.
Erica, can you file the release uplift request and please also a follow-up bug for adding a regression test for this scenario? This seems like such a basic use case that we should have it covered.
Thanks!
Assignee | ||
Comment 8•5 years ago
|
||
Comment on attachment 9101927 [details]
Bug 1589441 - Monitor integration card does not require lockwise logins to be saved.
Beta/Release Uplift Approval Request
- User impact if declined: Users who have not saved a password are unable to see their data on the monitor card even if they have authenticated.
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): A check for logins was being done, but was otherwise unused, this has been removed. Simple and straightforward code, not affecting any other parts of the code.
- String changes made/needed: none
Comment 9•5 years ago
|
||
Can you suggest a process for QA to go through to verify the fix in beta 71?
Updated•5 years ago
|
Updated•5 years ago
|
Comment 10•5 years ago
|
||
I've managed to reproduce this issue on Firefox 70.0, by following these steps:
- Launch Firefox on a clean profile.
- Sign into FxA with an user account that doesn't have any saved credentials (this is very important because it is not reproducible otherwise).
- Sign into monitor.firefox.com website with the same account.
- Go to
about:protections
and observe the “Look out for data breaches” card.
ER:
The “Sign Up for Breach Alerts” button is not displayed anymore, instead the data breach summary is shown.
The issue is verified as fixed on Beta 71.0b4, across OSes: Windows 10 x64, macOS 10.13 and Ubuntu 18.04 x64.
Assignee | ||
Comment 11•5 years ago
|
||
Thank you Ciprian, I didn't get to this NI in time.
Comment 12•5 years ago
|
||
Comment on attachment 9101927 [details]
Bug 1589441 - Monitor integration card does not require lockwise logins to be saved.
Fix for signin flow, verified in nightly, OK for uplift for 70.1
Comment 13•5 years ago
|
||
bugherder uplift |
Comment 14•5 years ago
|
||
This is also verified as fixed on 70.0.1 (20191030021342) across platforms: Windows 10 x64, macOS 10.13 and Ubuntu 18.04 x64.
Comment 15•4 years ago
|
||
This bug has been identified as part of a pilot on determining root causes of blocking and dot release drivers.
It needs a root-cause set for it. Please see the list at https://docs.google.com/document/d/1FFEGsmoU8T0N8R9kk-MXWptOPtXXXRRIe4vQo3_HgMw/.
Add the root cause as a whiteboard
tag in the form [rca - <cause> ]
and remove the rca-needed
keyword.
If you have questions, please contact :tmaity.
Assignee | ||
Updated•4 years ago
|
Description
•