fission breaks 2nd level bank authentication mechanism
Categories
(Core :: DOM: Navigation, defect, P1)
Tracking
()
| Fission Milestone | MVP |
| Tracking | Status | |
|---|---|---|
| firefox-esr78 | --- | disabled |
| firefox-esr91 | --- | disabled |
| firefox93 | --- | disabled |
| firefox94 | --- | unaffected |
| firefox95 | + | unaffected |
People
(Reporter: je-vv, Unassigned)
Details
(Keywords: regression)
Attachments
(6 files)
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
Steps to reproduce:
set "fission.autostart" to true, and try to authenticate on the bank account:
https://gmalvonline.mutualaj.fi.cr/internet/autenticacion_aut.action
which comes from:
Actual results:
Then you'll notice that it attempts to get to the 2nd level authentication page, but really quickly gets back to the 1st page. The 1st page requires providing username and password, and the 2nd requires providing an OTP sent to the user... Though with fission enabled, one never gets to the 2nd page, it's attempted, but gets back to the 1st.
Expected results:
there should be no issues by accessing the 2nd level authentication page, whether Fission is enabled or not, however it does work with Fission disabled, but it doesn't with it enabled, :(
I'm attaching the inspect console logs produced when authenticating on the 1st page, and attempting to get to the 2nd, without fission (good case) and with fission (bad case, cycles back to the 1st page)...
|
||
Comment 2•4 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::DOM: Navigation' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.
|
||
Updated•4 years ago
|
|
||
Comment 3•4 years ago
|
||
Is there any chance you could try this on a nightly build and see if it repros there? (Comment 0 mentions Firefox 91, is that right?)
|
||
Comment 4•4 years ago
|
||
Do you need credentials to the bank to reproduce this?
|
|
||
Comment 5•4 years ago
|
||
In nightly I get the same error with and without fission, using a bogus set of credentials. "El usuario o contraseña es incorrecto, favor verifique esta información "
|
|
||
Comment 6•4 years ago
|
||
Yeah, that just says that your credentials are invalid. Given this is about the 2FA page, I suspect you need at least a correct usermame and pass.
|
||
Comment 8•4 years ago
|
||
Setting the keyword regression because it is regressed by Fission and we are getting close to shipping it.
|
|
||
Updated•4 years ago
|
|
Reporter | |
Comment 10•4 years ago
|
||
|
|
Reporter | |
Comment 11•4 years ago
|
||
BTW, the user agent collection when I submitted the ticket was wrong, since I do have RFP enabled, so I did report it on the right version...
That said, I tried nightly as requested. I can't reproduce on nightly from Today. Attached go the nightly console logs. Comparing the logs without fission and with fission show only subtle differences, not meaningful ones...
|
|
Reporter | |
Comment 12•4 years ago
|
||
What I meant with "I can't reporduce", is that it works wihout and with fission enabled on nightly, from Today.
|
|
||
Comment 13•4 years ago
|
||
That's great to hear!
If you have the time (it should take you ~15 minutes), could you run:
$ pip install --user mozregression
$ mozregression --bad 93 --find-fix --pref fission.autostart=true -a https://www.grupomutual.fi.cr/
To find what was the fix? That'd ensure that we don't ship it broken in 94. Or alternatively (should take even less) try a beta build with fission enabled and confirm it works there?
If you don't have the time that's also ok, thanks so much for confirming that it works on Nightly!
|
||
Updated•4 years ago
|
|
||
Comment 14•4 years ago
|
||
(In reply to je-vv from comment #12)
What I meant with "I can't reporduce", is that it works wihout and with fission enabled on nightly, from Today.
Thanks for checking. In that case, I will mark Nightly (95) as unaffected by this bug.
If you can test whether the website works with Fission in Beta (94), that would be very helpful. We plan to ship Fission to the Firefox Release channel in version 94. Beta installer: https://www.mozilla.org/en-US/firefox/channel/desktop/
By the way, RFP can break some websites. If a website isn't working, trying without RFP is a good first step to diagnose the problem.
|
|
Reporter | |
Comment 15•4 years ago
|
||
I tested on beta as well, as requested, and I couldn't reproduce the issue on beta either (v. 94.0b5), meaning the bank web page could go through the authentication stages successfully... So 94 is also working fine.
|
|
Reporter | |
Comment 16•4 years ago
|
||
|
|
Reporter | |
Comment 17•4 years ago
|
||
|
|
Reporter | |
Comment 18•4 years ago
|
||
I attached already the beta console logs without and with fission.autostart set... Notice, once again, the differences are really subtle, not meaningful at all...
|
|
Reporter | |
Comment 19•4 years ago
|
||
BTW, RFP is one of the things I 1st suspect. But for this 2nd level authentication looping back to the 1st level immediately, RFP was not involved. I turned RFP off and on, with no effect. The only setting making a difference is fission.autostart being set. Which was really weird to be honest. It's the only web page I've noticed affected...
|
|
Reporter | |
Comment 20•4 years ago
|
||
(In reply to Chris Peterson [:cpeterson] from comment #14)
So I hope I covered your request and comments, :)
|
|
Reporter | |
Comment 21•4 years ago
|
||
(In reply to Emilio Cobos Álvarez (:emilio) from comment #13)
I already tried on beta (v. 94.0b5), and it's fine as well. So it should be OK as well... That covers your request as well (though I didn't execute mozzregression)...
|
|
Reporter | |
Comment 22•4 years ago
|
||
Ohh, so firefox94 status should be changed to unaffected, I'd guess...
|
|
||
Comment 23•4 years ago
|
||
Yep, thanks! Let's call this WFM as we don't know exactly what fixed it.
Description
•