Closed Bug 184571 Opened 22 years ago Closed 22 years ago

password saved on one mail acnt can interfere with another mail accounts in a new profile

Categories

(MailNews Core :: Backend, defect)

Product:
MailNews Core
Component:
Backend
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 184436

People

(Reporter: grylchan, Assigned: Bienvenu)

Details

Attachments

(4 files, 1 obsolete file)

IMAP logfile showing problem
13.75 KB, text/plain
Details
pref.js file
5.76 KB, text/plain
Details
different user names, passwords, and mail servers log
47.26 KB, text/plain
Details
Different user name but same password & mail servers log
45.07 KB, text/plain
Details
Using commercial trunk 2002-12-09-08-trunk on XP, Mac os x 10.1.5 If you create a new profile and create 4 mail accounts. If I save a password for one account, it can interfere with the accounts following it. It will either give you an error mesg when logging into 3rd or 4th accnt or in one case log you in to 3rd/4th account without prompting for password. For my specific example. Mail acnt 1: imap: test1@foo.com Mail acnt 2: imap: name@email.com Mail acnt 3: pop: test2@foo.com Mail acnt 4: imap: test3@foo.com In this case Mail acnt 1,3,4 have the same password and the same mail server. the only difference is the login name. Steps for test case 1: 1.Create a new profile. 2.Create the 4 mail accounts from above 3.login to the first account 4.Save the password for the first account. 5.Get mesgs for the first account. 6.Login into 2nd, 3rd, and 4th account result: 2nd account you get the mesg 'Login to server <blah> failed' 3rd and 4th account you can login without getting prompted for the password (since it's same as the first account) expected: to login to 2nd account and be prompted for my password on 3rd and 4th accounts Steps for test case 2: 1.Remove any previous saved passwords you did for test case 1 2.quit/restart same profile 3.login to the first account Don't save the password 4.Get mesgs for the first account. 5.Login into 2nd account 6.save the password. 7.get the megs for 2nd acnt 8.login to the 3rd or 4th mail accounts result: mesg appears 'the Pass command did not succeed. Mail server <name> responded: Invalid login' expected: to get the login prompt for 3rd and 4th mail accounts. possibly related to bug 85227?
Comment on attachment 108825 [details] Log file of what Gary and I see. sorry, wrong line-endings (had word-wrap enabled in notepad)
Attachment #108825 - Attachment is obsolete: true
QA Contact: gayatri → stephend
I'm seeing this on 2002120708 running on win2k. For me, it is happening with my pop accounts. If there is one password saved for a single mail account, it tries to use that password for all of the accounts without prompting you to correct the password. I get a "PASS command failed" or something to that tune. This is quite serious and quite annoying. There does not seem to be a workaround, you just have to delete the saved password using the password manager.
I suggest changing the Summary to just say "other accounts" rather than just 3rd and 4th. I will also add that in my case, the profile was newly created as was the reporter's.
I tried this with two imap accounts and didn't have a problem. Does it have to be an imap account and then a pop account for you? Does only the first account have a remembered password? Wait, these accounts have the same password, but it doesn't work? That's especially odd.
Changing summary and adding two test cases for only 2 mail accounts: test case 3 1.create new profile 2.create a imap account 3.don't login at the prompt. 4.create a 2nd imap account (this one doesn't use same password as the first account) 5.login to 1st imap acnt 6.save the password 7.get mesgs 8.login to 2nd imap acnt. result: error 'login to <server name> failed' test case 4 1.create new profile 2.create a imap account 3.don't login at the prompt. 4.create a 2nd imap account or pop account (this one uses the same password as the first account) 5.login to 1st imap acnt 6.save the password 7.get mesgs 8.login to 2nd imap or pop acnt. result: I login to 2nd account without getting password prompt
Summary: password saved on one mail acnt can interfere with 3rd or 4th mail accounts in a new profile → password saved on one mail acnt can interfere with another mail accounts in a new profile
taking
Assignee: mscott → bienvenu
the protocol log attached shows an attempt to logon to two different servers, doesn't it? dredd and judge? I thought the server name was the same but the user name was different.
Status: NEW → ASSIGNED
correct. stephen replicated the problem with 2 different servers. I can replicate with same servers or differet servers. I can attach a log w/2 mail accnts on same server and using same password. I think what server you use is independent of the problem?
does this only happen on new profiles? For the different servers case, are the user names the same, or is everything different? Can you send me a prefs.js for one of these accounts (and tell me roughly what the account setup is)? Thx!
Attached file pref.js file
>does this only happen on new profiles? I believe so. stephen tried with old profiles (password saved on all accnts?) and didn't run into this problem. >For the different servers case, are the >user names the same, or is everything different? The user names are different. But servers are the same (dredd) >Can you send me a prefs.js for one of these accounts (and tell me roughly what >the account setup is)? Thx! Account setup is default. i didn't change any pref, folder names etc..
I think the fix for bug 182490 caused this - at least, when I back out that fix locally, things work again. I'll try to step through the code some more to see where it's going wrong.
bienvenu: ugh! the chain of regressions is never ending it seems... remind me not to make changes to wallet in the future :(
I thought it was just me with the regressions :-) I'll try to figure this out tomorrow.
No worries at all, Darin. From chaos and obstaculation, stronger things tend to ensue. Here is a Zen story for you: The son of a master thief asked his father to teach him the secrets of the trade. The old thief agreed and that night took his son to burglarize a large house. While the family was asleep, he silently led his young apprentice into a room that contained a clothes closet. The father told his son to go into the closet to pick out some clothes. When he did, his father quickly shut the door and locked him in. Then he went back outside, knocked loudly on the front door, thereby waking the family, and quickly slipped away before anyone saw him. Hours later, his son returned home, bedraggled and exhausted. "Father," he cried angrily, "Why did you lock me in that closet? If I hadn't been made desperate by my fear of getting caught, I never would have escaped. It took all my ingenuity to get out!" The old thief smiled. "Son, you have had your first lesson in the art of burglary." - Copied from _Zen Stories to Tell Your Neighbours_
Basically, the password manager is picking the first password if there's no matching realm. The original code was goofy - there's a local var called userName that's always empty but we check if it's empty and if it's empty, we say we want to pick the first user... Anyway, in si_GetUser, we call si_GetCompositeURL, which, if the legacyRealm is empty, will always return the user for the first entry in wallet. So if we don't find the password realm, we'll always use the legacy realm. For mail/news, this is wrong - I'm not sure why it's right for the browser. I'm not sure what legacyRealm is but I'm pretty sure mail/news isn't interested in it.
dup of 184436, which has a fix attached and will be fixed soon, I believe. *** This bug has been marked as a duplicate of 184436 ***
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Seems like the fix must have worked. I am using 2002121308 on WINNT 5 and it is working fine now.
verified dup
Status: RESOLVED → VERIFIED
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: