Open Bug 1626472 Opened 4 years ago Updated 3 months ago

Allow revealing of passwords in the capture doorhanger with OS reauthentication

Categories

(Toolkit :: Password Manager, enhancement, P3)

Product:
Toolkit
Component:
Password Manager
Type:
enhancement

Tracking

()

People

(Reporter: sfoster, Assigned: ssachdev)

References

Details

(Whiteboard: [passwords:capture-UI] [lang=js] [fxcm-os-auth])

Attachments

(3 obsolete files)

The password visibility checkbox in the save and change password doorhangers currently has a set of conditions and heuristics to try and prevent password snooping.

The OS reauth mechanism is now used for this purpose in about:logins (bug 1194529) and could be used here for a better and more consistent user experience.

  • New canReauth method on OSKeyStore
  • Move MP and OSKeyStore.ensureLoggedIn checks from AboutLoginParent to new requestReauth method on LoginHelper
  • Remove OSKeyStoreTestUtils.canTestOSKeyStoreLogin in favor of OSKeyStore.canReauth
  • Set a default value for the TEST_ONLY_REAUTH pref in aboutlogins b-c tests using OSKeyStore.canReauth to match actual platform support
Assignee: nobody → sfoster
Status: NEW → ASSIGNED
See Also: → 1630556

Comment on attachment 9146661 [details]
Bug 1626472 - Provide a helper for getting a nsIMIMEInfo on DownloadsCommon. r?Gijs

Revision D74354 was moved to bug 1191591. Setting attachment 9146661 [details] to obsolete.

Attachment #9146661 - Attachment is obsolete: true

(In reply to Phabricator Automation from comment #4)

Revision D74354 was moved to bug 1191591. Setting attachment 9146661 [details] to obsolete.

Thanks for fixing my copy pasta.

Depends on: 1639347

Comment on attachment 9137620 [details]
Bug 1626472 - Refactor the OSKeyStore reauthentication into a LoginHelper method, add canReauth method on OSKeyStore. r?Jaws

Revision D67681 was moved to bug 1639347. Setting attachment 9137620 [details] to obsolete.

Attachment #9137620 - Attachment is obsolete: true

I'm unassigning myself. The patch on phabricator represents pretty much where I got to with this, but I'm happy to sit down and discuss. With the LoginHelper.requestReauth patch landed, the remaining work should be fairly straight-forward to hook the request into the prompt code.

Assignee: sfoster → nobody
Status: ASSIGNED → NEW
Attachment #9137621 - Attachment is obsolete: true

https://phabricator.services.mozilla.com/D68967 will need rebasing before continuing. That was work-in-progress and isn't expected to work as-is, but I'm happy to walk through what the goal is here and how to get there.

Mentor: sfoster
Priority: P2 → P3
Whiteboard: [passwords:capture-UI] → [passwords:capture-UI] [lang=js]
Severity: normal → S3
Mentor: sfoster
Assignee: nobody → ssachdev
Whiteboard: [passwords:capture-UI] [lang=js] → [passwords:capture-UI] [lang=js] [fxcm-os-auth]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: