Closed Bug 1622293 Opened 4 years ago Closed 4 years ago

Port bug 1194529: Ask the user for their OS account password before showing the password dialogs

Categories

(Thunderbird :: Preferences, task)

Product:
Thunderbird
Component:
Preferences
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 76.0

People

(Reporter: Paenglab, Assigned: Paenglab)

References

(Depends on 1 open bug)

Details

Attachments

(2 files, 4 obsolete files)

Linux-OS-dialog.png
44.75 KB, image/png
Details
1622293-ask-OS-password.patch
10.90 KB, patch
mkmelin
: review+
Details | Diff | Splinter Review

This bug is to use the OS to check if the current user is the one that logged in.

Attached patch 1622293-ask-OS-password.patch (obsolete) — Splinter Review

Tested on all platforms when trying to set a master password or showing/copying the passwords in the Saved Passwords dialog. On Linux, entered once it remembers it during the session.

On Windows it doesn't show the brand name automatically like FX. For this I had to add the messageTitle. And this is a bit weird as I needed to add the -brand-full-name in the other two FTL files as a variable. Directly reference it in the JS files doesn't work because of the leading dash (I tested this with removing it).

Assignee: nobody → richard.marti
Status: NEW → ASSIGNED
Attachment #9133210 - Flags: review?(mkmelin+mozilla)
Comment on attachment 9133210 [details] [diff] [review]
1622293-ask-OS-password.patch

Review of attachment 9133210 [details] [diff] [review]:
-----------------------------------------------------------------

I think we should see if OSKeyStore.jsm can move  to toolkit/
Depends on: 1622514
Comment on attachment 9133210 [details] [diff] [review]
1622293-ask-OS-password.patch

Review of attachment 9133210 [details] [diff] [review]:
-----------------------------------------------------------------

::: mail/components/preferences/passwordManager.js
@@ -481,5 @@
>      "PWMGR_MANAGE_VISIBILITY_TOGGLED"
>    );
>  }
>  
> -async function AskUserShowPasswords() {

Since OSKeyStore doesn't work on Linux yet you may want to leave this for them.

@@ +788,5 @@
>    let token = tokendb.getInternalKeyToken();
>  
>    // If there is no master password, still give the user a chance to opt-out of displaying passwords
>    if (token.checkPassword("")) {
> +    // Require OS authentication before the user can set a Master Password

I think you copied this comment here by mistake

::: mail/locales/en-US/messenger/preferences/passwordManager.ftl
@@ +78,5 @@
> +# This message can be seen by trying to show or copy the passwords.
> +password-os-auth-dialog-message = Verify your identity to access your Passwords.
> +
> +# This message can be seen by trying to show or copy the passwords.
> +# The macOS strings are preceded by the operating system with "Thunderbird trying to "

Nit: missing "is"
Attached image Linux-OS-dialog.png

(In reply to Matthew N. [:MattN] (PM me if request are blocking you) from comment #3)

Comment on attachment 9133210 [details] [diff] [review]
1622293-ask-OS-password.patch

Review of attachment 9133210 [details] [diff] [review]:

::: mail/components/preferences/passwordManager.js
@@ -481,5 @@

 "PWMGR_MANAGE_VISIBILITY_TOGGLED"

);
}

-async function AskUserShowPasswords() {

Since OSKeyStore doesn't work on Linux yet you may want to leave this for
them.

Hmm, I see a dialog on Linux, see screenshot. What doesn't work on Linux?

Flags: needinfo?(MattN+bmo)
Comment on attachment 9133210 [details] [diff] [review]
1622293-ask-OS-password.patch

Review of attachment 9133210 [details] [diff] [review]:
-----------------------------------------------------------------

::: mail/components/preferences/passwordManager.js
@@ +807,5 @@
> +          id: brandName,
> +        },
> +      ]);
> +      let loggedIn = await OSKeyStore.ensureLoggedIn(messageText.value,
> +        messageTitle.value);

You are missing the last two arguments
https://searchfox.org/mozilla-central/rev/fb3b0075d1a9c4dafbdf339b835d462b5ae55a0e/browser/components/aboutlogins/AboutLoginsParent.jsm#347,350-351 which are important. See https://searchfox.org/mozilla-central/rev/fb3b0075d1a9c4dafbdf339b835d462b5ae55a0e/browser/modules/OSKeyStore.jsm#125-142

(In reply to Richard Marti (:Paenglab) from comment #4)
> Hmm, I see a dialog on Linux, see screenshot. 

That's because you didn't pass the last argument. I don't think this will work properly but I could be wrong. It's been over a year since I looked into it.

> What doesn't work on Linux?

Bug 1527745
Attachment #9133210 - Flags: review-
Flags: needinfo?(MattN+bmo)
Comment on attachment 9133210 [details] [diff] [review]
1622293-ask-OS-password.patch

Review of attachment 9133210 [details] [diff] [review]:
-----------------------------------------------------------------

::: mail/base/modules/OSKeyStore.jsm
@@ +39,5 @@
> +var OSKeyStore = {
> +  /**
> +   * On macOS this becomes part of the name label visible on Keychain Acesss as
> +   * "org.mozilla.nss.keystore.thunderbird" (where "thunderbird" is
> +   * the MOZ_APP_NAME).

We are very likely to break compatibility with this name since it's currently somewhat ugly. You should consider all of the actually key storage parts (like the Linux dialog you saw from not skipping key generation) to be experimental and subject to break at any point.

The OS re-auth dialogs (which are mostly independent of key storage) are more stable but note that we have new crashes already.
Depends on: 1527745
Attached patch 1622293-ask-OS-password.patch (obsolete) — Splinter Review

This should fix all of Matt's comments. I missed to port bug 1506602.

I added now in passwordManager.js a check, if Linux, then show the TB confirm dialog.

Attachment #9133210 - Attachment is obsolete: true
Attachment #9133210 - Flags: review?(mkmelin+mozilla)
Attachment #9133432 - Flags: review?(mkmelin+mozilla)
Attached patch 1622293-ask-OS-password.patch (obsolete) — Splinter Review

Updated patch to follow bug 1622304.

Attachment #9133432 - Attachment is obsolete: true
Attachment #9133432 - Flags: review?(mkmelin+mozilla)
Attachment #9134756 - Flags: review?(mkmelin+mozilla)
Comment on attachment 9134756 [details] [diff] [review]
1622293-ask-OS-password.patch

Bug 1622514 was accepted.
Attachment #9134756 - Flags: review?(mkmelin+mozilla)
Attached patch 1622293-ask-OS-password.patch (obsolete) — Splinter Review

Updated patch using the toolkit OSKeyStore.jsm.

This time linting works locally and I get:
z:/Mozilla/comm-central/comm/mail/components/preferences/passwordManager.js
843:5 error Async function 'masterPasswordLogin' expected no return value. consistent-return (eslint)
856:3 error Async function 'masterPasswordLogin' expected no return value. consistent-return (eslint)

Please can you guide me what is needed to fix this? Removing the return values makes the passwords no more shown.

Attachment #9134756 - Attachment is obsolete: true
Attachment #9135911 - Flags: review?(mkmelin+mozilla)

(In reply to Richard Marti (:Paenglab) from comment #10)

Created attachment 9135911 [details] [diff] [review]
1622293-ask-OS-password.patch

Updated patch using the toolkit OSKeyStore.jsm.

This time linting works locally and I get:
z:/Mozilla/comm-central/comm/mail/components/preferences/passwordManager.js
843:5 error Async function 'masterPasswordLogin' expected no return value. consistent-return (eslint)
856:3 error Async function 'masterPasswordLogin' expected no return value. consistent-return (eslint)

Please can you guide me what is needed to fix this? Removing the return values makes the passwords no more shown.

Don't remove the return, instead have it return a consistent type. You are adding return; without a value which existing returns are returning a value (a boolean?).

Comment on attachment 9135911 [details] [diff] [review]
1622293-ask-OS-password.patch

Review of attachment 9135911 [details] [diff] [review]:
-----------------------------------------------------------------

::: mail/locales/en-US/messenger/preferences/passwordManager.ftl
@@ +72,5 @@
> +
> +## OS Authentication dialog
> +
> +# This message can be seen by trying to show or copy the passwords.
> +password-os-auth-dialog-message = Verify your identity to access your Passwords.

lowercase p
But maybe better to (almost) copy ff: Verify your identity to reveal the saved passwords.

@@ +78,5 @@
> +# This message can be seen by trying to show or copy the passwords.
> +# The macOS strings are preceded by the operating system with "Thunderbird is trying to "
> +# and includes subtitle of "Enter password for the user "xxx" to allow this." These
> +# notes are only valid for English. Please test in your locale.
> +password-os-auth-dialog-message-macosx = access your Passwords

Not sure what's going on with the casing here? I think it should be lower case p in this case.
Attachment #9135911 - Flags: review?(mkmelin+mozilla)

Linting is okay now and it works on Mac/Windows with the system dialog and on Linux with the show password dialog.

Strings fixed.

Attachment #9135911 - Attachment is obsolete: true
Attachment #9136112 - Flags: review?(mkmelin+mozilla)
Comment on attachment 9136112 [details] [diff] [review]
1622293-ask-OS-password.patch

Review of attachment 9136112 [details] [diff] [review]:
-----------------------------------------------------------------

Seems good, thx! r=mkmelin
Attachment #9136112 - Flags: review?(mkmelin+mozilla) → review+
Keywords: checkin-needed-tb

Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/92e53e3108d1
Port bug 1194529: Ask the user for their OS account password before showing the password dialogs. r=mkmelin

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Keywords: checkin-needed-tb
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 76.0
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: