1590411 - Filling generated password (from subdomain) using a domain username will create new saved login

Status: NEW

(Toolkit :: Password Manager, enhancement, P3)

Description

[Adrian Florinescu [:aflorinescu]]

[Description:]

There are quite a few flows that end up in this same situation: an existing username needs updating, hence the expectancy + door-hanger would suggest that the existing entry gets updated, not a new entry created for the domain/sub-domain.

[Envinronment:]

Windows 10, Ubuntu 16.04
71.0b3 20191021164841
72.0a1 20191021215155

[Steps:]

1. Open Firefox - new profile.
2. Access facebook.com
3. Input and Save a bogus u/p.
4. Access ro-ro.facebook.com
5. Input and Save a different bogus u/p.
6. Open a new tab, open either of the above (domain/subdomain)
7. Use autocomplete to fill in the username from the domain/subdomain.
8. Use Generate secure password.
9. Use door-hanger to "update" the credentials

[Actual Result:]

A new entry is saved - username/generated password.
log: https://pastebin.com/Gz4MAkAd

[Expected Result:]

Adding sub-domains capability for the autocomplete and given the fact that the password generation is done on principal (hence all subdomains will generate a distinct secure password), I feel that the expected result would be that we'd merge for this case.

[Note:]

A point we noted was that given subdomain and etld+1 support, we'd want to avoid introducing "duplicate" entries.

Comment 1

[Matthew N. [:MattN]]

This depends on bug 1559631 though it should already work properly if you don't use generation I think.

Comment 2

[Matthew N. [:MattN]]

We discussed this for a long time in our team meeting and we don't have any reasonable solutions for the moment but we also don't consider it a blocker for shipping subdomain support.

Comment 3

[Simon Friedberger (:simonf) PTO]

Given https://bugzilla.mozilla.org/show_bug.cgi?id=1871769 I wonder if this and/or https://bugzilla.mozilla.org/show_bug.cgi?id=1559631 are still unfixed.