Open Bug 1616776 Opened 6 years ago Updated 3 years ago

Saved passwords - port number makes no distinction

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Version:
74 Branch
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: mozilla.cuddle821, Unassigned, NeedInfo)

Details

User Agent: Mozilla/5.0 (X11; Fedora; Linux; rv:73.0) Gecko/20100101 Firefox/73.0

Steps to reproduce:

74.0b5
i am using two URLs/login forms:
https://server.host.name:2083
https://server.host.name:2087
Each has different username and password.
But Firefox pre-fill wrong username/password, like it does nto distinct port number. One port is for admin area, other for user area.
I hope you can make Firefox to make difference between port numbers so it does not confuse me by pre-filling wrong login credentials.

Component: Untriaged → Password Manager
Product: Firefox → Toolkit
Type: enhancement → defect

Hello, I do see some unusual things… can you please attach the debug logs? https://wiki.mozilla.org/Toolkit:Password_Manager/Debugging#Enable_Debug_Logging

Flags: needinfo?(czautohits)

(In reply to Matthew N. [:MattN] (PM me if request are blocking you) from comment #1)

debug logs?

I think that i was wrong. Firefox seems to differentiate by port number (it should right?), because for one mentioned URL i have saved two logins and for other only one and FF shows this properly. Problem (if it is problem) i see somewhere else:

On that login page that has two logins saved, these two are not both for the main login form. Only one of these. Other is for the form that is located inside the client area, which was accessed using the first login. But Firefox does not recognize the difference apparently, because it pre-fill the inside-client-area password into the primary - main login form.

I tried to load that main login form page with two logins saved while debugging was enabled and this is what appeated in the console:
Invalid chrome URI: /
Unchecked lastError value: Error: prefs_ is undefined app.js:7
send moz-extension://phrasehere-unsureifnotconfidential/includes/app.js:7

also then (maybe after i used inside login form?) i seen: TypeError: window is null WebRequestContent.js:143:7

Flags: needinfo?(czautohits)

Thanks. Could you give more details and the whole logs? The part you shared isn't relevant and aren't the logs enabled by signon.debug. Knowing the (censored) URLs of the saved logins and the (censored) URLs of the page the form is on would be helpful too.

Flags: needinfo?(czautohits)

I enabled "signon.debug" on page "about:config" and open that login page (i linked it in my previous post), then i do Ctrl+Shift+J and ensure all things like debug,warning,errors are enabled. What else exactly i need to do to get the logs you require. thanks

Flags: needinfo?(czautohits) → needinfo?(MattN+bmo)

Keep the browser console open and reproduce the issue. After that right-click in the browser console -> Export Visible Messages to -> Clipboard.
Create a text document and use Paste to copy over the content from the Clipboard. Save and upload that file here via Attach New File.

Flags: needinfo?(MattN+bmo)

(In reply to Timea Cernea [:tbabos] from comment #5)

yes, i just did that and this is what was in the clipboard
then i enabled displaying XHR and requests and this is what was shown (pa$$word ff)

The priority flag is not set for this bug.
:MattN, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(MattN+bmo)

Unfortunately those still aren't the correct logs. Try using the Browser Content Toolbox instead?

Flags: needinfo?(MattN+bmo) → needinfo?(czautohits)

(In reply to Matthew N. [:MattN] (PM me if request are blocking you) from comment #8)

i am not a dev. and searching for the tool you mentioned does not made me to understand how to access it and use it. Note that i have non english FF so i prefer if i can use some keyboard shortcut to open it. Please mention exact steps to do to deliver needed data.

Flags: needinfo?(czautohits) → needinfo?(MattN+bmo)

(In reply to 794632548 from comment #9)

(In reply to Matthew N. [:MattN] (PM me if request are blocking you) from comment #8)

i am not a dev. and searching for the tool you mentioned does not made me to understand how to access it and use it. Note that i have non english FF so i prefer if i can use some keyboard shortcut to open it. Please mention exact steps to do to deliver needed data.

Hello,

Hopefully these steps help.

  1. Enable the Browser Content Toolbox
    https://developer.mozilla.org/en-US/docs/Tools/Browser_Toolbox#Enabling_the_Browser_Toolbox

  2. Open the Browser Content Toolbox with Ctrl + Alt +Shift + I
    https://developer.mozilla.org/en-US/docs/Tools/Browser_Toolbox#Opening_the_Browser_Toolbox

  3. Reproduce your issue

  4. In the Browser Content Toolbox, open the 'console' tab

  5. Right click anywhere in the logs -> select 'Export Visible Messages To' -> select 'File' -> confirm saving to a file

  6. Upload the file in your response here.

It can be hard to tell what parts of the log will be useful, so sending the entire file will be very helpful for us.

Thanks!

Flags: needinfo?(MattN+bmo) → needinfo?(czautohits)

i do not want to permit remote debugging ("A remote client can take complete control over your browser"): https://developer.mozilla.org/en-US/docs/Tools/Browser_Toolbox#Opening_the_Browser_Toolbox

Flags: needinfo?(czautohits)

If you ever see that popup during normal browsing you definitely should not accept it. In this instance though, the remote connection is from the Browser Content Toolbox (i.e., the remote client is you). You're also welcome to turn the preference back off after you've captured the logs.

In comment #4 you mentioned that you enabled signon.debug in about:config. Did you also enable devtools.browserconsole.contentMessages? Because that's also important.

If not, you can try the following steps, which won't require remote debugging.

  1. From about:config, make sure ALL of the following prefs are set to true:
    signon.debug
    devtools.browserconsole.contentMessages
    devtools.browserconsole.filter.error
    devtools.browserconsole.filter.warn
    devtools.browserconsole.filter.info
    devtools.browserconsole.filter.log
    devtools.browserconsole.filter.debug

  2. Restart Firefox

  3. Open the Browser Console (Ctrl+Shift+J)

  4. Clear existing logs by clicking on the trash can icon at the top left

  5. Near the top left, filter for "login"

  6. Reproduce your bug

  7. Right click in the console -> 'export all visible messages to' -> 'file' -> attach that file to your reply (It's important to include all visible messages here. The two or three most recent logs will often not include any relevant information)

It would also help a lot if you could give us the (censored, if you prefer) URLs of these pages. E.g., https://{CENSORED}.com/admin-login, https://{CENSORED}.com/client-login

Flags: needinfo?(czautohits)

When you say to reproduce a bug (while debugging is enabled) what should i do exactly? (Check the first post of this issue)
Is enough to load both login pages? (that is where issue happen - firefox show me wrong login)
Do i have to login both pages
Or do i even have to login the login form that is accessible after i login one of the login pages? (one of the wrongly suggested logins is for the inner login form that is accessible from within "client area")
Also should i mask something particular in the debug file?

Flags: needinfo?(czautohits) → needinfo?(severin.mozilla)

To reproduce, do whatever is the smallest number of steps possible that cause the problem you're reporting.

Flags: needinfo?(severin.mozilla) → needinfo?(czautohits)
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.