Closed Bug 1641391 Opened 4 years ago Closed 4 years ago

Protect login export behind Master Password and/or OS Reauthentication

Categories

(Firefox :: about:logins, defect, P1)

Product:
Firefox
Component:
about:logins
Platform:
Desktop
All
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
Firefox 79
Tracking Flags:
Tracking Status
firefox78 --- disabled
firefox79 --- verified

People

(Reporter: MattN, Assigned: petcuandrei)

References

Details

Attachments

(1 file)

Bug 1641391 Protect login export behind Master Password and/or OS Reauthentication
47 bytes, text/x-phabricator-request
Details | Review

If the user has a master password set or OS re-authentication is enabled we should prompt for them before exporting.

For the OS re-auth prompt we would need two strings: one for Windows and on for macOS like the ones for reveal/copy/edit.

Flags: qe-verify+

What API do I need to call here? Is there an example?

Unfortunately bug 1639347 got backed out due to test failures but if you pull that commit in locally you would use LoginHelper.requestReauth. See the examples in that bug's commit.

Btw. we would also want the telemetry reporting for this re-auth use too.

status-firefox78: --- → disabled
status-firefox79: --- → fixed

Strings were approved by Meridel now:

macOS: [Firefox is trying to] export saved logins and passwords.
Windows: To export your logins, enter your Windows login credentials. This helps protect the security of your accounts.

Status: NEW → ASSIGNED
Pushed by mozilla@noorenberghe.ca:
https://hg.mozilla.org/integration/autoland/rev/c6b1d2548c4e
Protect login export behind Master Password and/or OS Reauthentication r=MattN,fluent-reviewers,flod

https://hg.mozilla.org/mozilla-central/rev/c6b1d2548c4e

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox79: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 79

I have verified this issue using the latest Firefox Nightly 79.0a1 (Build ID: 20200603214922) on Windows 10 x64, Ubuntu 18.04, Mac 10.14.6, Windows 7 x64.

  • If a Master Password is set, the Master Password prompt is shown after clicking on the “Export” button from the “Export logins and passwords” dialog.

    • After entering the Master Password the “Export logins file” window is displayed and the logins can be saved as a CSV file.
    • The {method: reauthenticate; object: “master_password”; value: “success”} event is registered after entering the Master Password.
    • The {method: reauthenticate; object: “master_password”; value: “fail”} event is registered after canceling the Master Password prompt.

  • If an OS password is set, the OS auth dialog is shown after clicking on the “Export” button from the “Export logins and passwords” dialog. (not available on Linux)

    • The “To export your logins, enter your Windows login credentials. This helps protect the security of your accounts.” title is displayed on Windows and the “[Firefox is trying to] export saved logins and passwords.” title is displayed on MacOS.
    • After entering the OS password the “Export logins file” window is displayed and the logins can be saved as a CSV file.
    • The {method: reauthenticate; object: “os_auth”; value: “success”} event is registered after entering the OS password/PIN.
    • The {method: reauthenticate; object: “os_auth”; value: “fail”} event is registered after canceling the OS auth dialog.
    • On Ubuntu, the {method: reauthenticate; object: “os_auth”; value: “success_unsupported_platform”} event is registered after clicking on the “Export…” button from the “Export logins and passwords” dialog.
Status: RESOLVED → VERIFIED
status-firefox79: fixedverified
Flags: qe-verify+
Depends on: 1648804
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: