Closed Bug 1849069 Opened 2 years ago Closed 2 years ago

Real name change doesn't work if "New email address" is pre-filled with different email by password manager or something

Categories

(bugzilla.mozilla.org :: General, defect)

Product:
bugzilla.mozilla.org
Component:
General
Version:
Production
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: Laurent.Lyaudet, Assigned: Laurent.Lyaudet)

Details

Attachments

(1 file)

GitHub Pull Request
46 bytes, text/x-github-pull-request
Details | Review

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0

Steps to reproduce:

I looked at my bugzilla account preferences.
I filled my real name Laurent Lyaudet, and clicked on save.

Actual results:

Account Already Exists
There is already an account with the login name laurent.lyaudet@gmail.com.

Please press Back and try again.

Expected results:

It should have saved my updated account preferences.

Can you provide the following info ?

Flags: needinfo?(Laurent.Lyaudet)

Hello :)
Thanks for the fast answer.

"bugzilla account preferences" is https://bugzilla.mozilla.org/userprefs.cgi?tab=account ?

"clicked on save" means clicking "Submit Changes" button ?

  • Yes exactly.

have you filled any other field than "Your real name" field?

  • No I only filled "Your real name:". The rest was ok.

Thanks :), best regards,
Laurent Lyaudet

Flags: needinfo?(Laurent.Lyaudet)

Just to make sure, when you visit https://bugzilla.mozilla.org/userprefs.cgi page, is there any field that's pre-filled, other than "Your real name" ?

The "There is already an account with the login name ..." error can happen if "New email address" field is filled, and it's different than the current email address.

Also, one more question, your current email address starts with uppercase letter "L", but the email address in the error message starts with lowercase letter "l".
Have you tried updating the email address with different case, have you already updated the email address in that way, or perhaps the "new email address" field is somehow pre-filled with the different case email address?

Flags: needinfo?(Laurent.Lyaudet)

My real name was empty. There is my email that is pre-filled with "laurent.lyaudet@gmail.com" instead of "Laurent.Lyaudet@gmail.com".
I just filled my real name "Laurent Lyaudet" and corrected the email to "Laurent.Lyaudet@gmail.com", and it worked.
You were right.
The bug is that the pre-fill of the email address lowercases it.

Flags: needinfo?(Laurent.Lyaudet)

Thank you for your help for investigating the issue, and good to see that it worked.

The remaining question is why the field was pre-filled, and also why it was in lower case.
So far I don't see any code in the bugzilla server side or client side which pre-fills the "New email address" field or modifies the field value.
Thus this should caused by browser feature, or perhaps some extension which manages the login or something,
and the lowercase issue would also be there, instead of bugzilla.

Are you using Firefox's password manager, or some password manager extension?

For example, Firefox's password manager can pre-fill the "New email address" field if there's only one candidate for the login for the domain.
(which doesn't seem to be expected behavior for the form's case, given the field should be filled only when the user wants to change the email address...)
But as far as I can see, Firefox's password manager also pre-fills the "Current password" field, so it might be different in this case?
or perhaps the "Current password" field was also pre-filled?

Summary: I cannot fill my real name in my account preferences → Real name change doesn't work if "New email address" is pre-filled with different email by password manager or something

As arai mentioned, something is filling in the email address portion of the form with your current address. That field is specifically if you want to change your current email address to something else. An extension of some kind is prefilling the field. Please clear the field before hitting submit and you should be fine. This is not an issue with Bugzilla itself.

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → INVALID

The "Current password" field was also pre-filled.
You are right in your analysis.
This is Firefox password manager that was pre-filling the fields.
My account on Bugzilla was created a long time ago with "Laurent.Lyaudet@gmail.com".
When I wanted to report another bug yesterday, I used the feature to reset my password.
And when I saved the new password in Firefox password manager,
it was saved with "laurent.lyaudet@gmail.com".
The fact is that I can login to bugzilla with both emails.
I just tested it right now.
Maybe, it could be the same logic for login and preferences save.
I know that with gmail and many email providers, the email address is made case insensitive.
And most websites do the same by lowercasing everything.
If the login did not work with both cases, I would not have suggested to keep the same logic in preferences.
But since it is already done for login, it makes sense to keep it case insensitive elsewhere also :)

Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---

I just saw your comment David.
You are partly right.
But I believe the mismatch between logic in login and save of preferences is still a bug in Bugzilla.

(In reply to Laurent Lyaudet from comment #7)

The "Current password" field was also pre-filled.
You are right in your analysis.
This is Firefox password manager that was pre-filling the fields.
My account on Bugzilla was created a long time ago with "Laurent.Lyaudet@gmail.com".
When I wanted to report another bug yesterday, I used the feature to reset my password.
And when I saved the new password in Firefox password manager,
it was saved with "laurent.lyaudet@gmail.com".
The fact is that I can login to bugzilla with both emails.
I just tested it right now.
Maybe, it could be the same logic for login and preferences save.
I know that with gmail and many email providers, the email address is made case insensitive.
And most websites do the same by lowercasing everything.
If the login did not work with both cases, I would not have suggested to keep the same logic in preferences.
But since it is already done for login, it makes sense to keep it case insensitive elsewhere also :)

Since Bugzilla is using MySQL on the backend, string comparisons are case-insensitive so the email Laurent.Lyaudet@gmail.com is treated the same as laurent.lyaudet@gmail.com when comparing. So the way Bugzilla is coded, if you try to enter an email address in the form for changing your real name or password as well, it thinks you are trying to change the email to a new value. It then checks to see if the new value exists in the DB already and will throw an error if it finds it. It does not check first to see if your current email is the same as the one you are trying to change to. It is not smart that way. So basically if you clear the email address portion of the form and then submit it will work as expected.

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago2 years ago
Resolution: --- → INVALID

MySQL can do case sensitive string comparisons if it is needed.
I don't see the point of this technical argumentation when there is a functional bug.
You could solve it if you wanted to : technical solutions for that exists.
If a user reports a similar bug at my job I solve it.
I don't turn around the problem.
It is not RESOLVED and it is not INVALID.
At best it is a WONTFIX.

I think there can be 2 possible improvements:

(1) if being case-insensitive is intentional, the following code could use case-insensitive comparison

https://github.com/mozilla-bteam/bmo/blob/master/userprefs.cgi#L132

    if ($user->login ne $new_login_name) {

(2) if the "New email address" field should be filled only when the user wants to change the email, the field should prevent Firefox's password manager (or any other browser or its extension) from pre-filling, if possible

(In reply to Tooru Fujisawa [:arai] from comment #11)

I think there can be 2 possible improvements:

(1) if being case-insensitive is intentional, the following code could use case-insensitive comparison

https://github.com/mozilla-bteam/bmo/blob/master/userprefs.cgi#L132

    if ($user->login ne $new_login_name) {

This can be acceptable for the email changing form under userprefs but I would not want this for new account creation as we have the possibility of multiple similar accounts being created that look to the same to casual user and can cause confusion or possible security issues. I know some other sites allow different accounts with mixed case but I am not sure that would be good for BMO.

Another alternative to the code above would be to just not throw an error if the new email is the same as the old and just let the other changes happen normally.

(2) if the "New email address" field should be filled only when the user wants to change the email, the field should prevent Firefox's password manager (or any other browser or its extension) from pre-filling, if possible

We can add autocomplete="off" to the email and new password fields which could help.

Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: INVALID → ---

Indeed, I never wrote some PERL code but it appears the lc() function lowercases a string.
I just submitted a PR here: https://github.com/mozilla-bteam/bmo/pull/2106

Merged
https://github.com/mozilla-bteam/bmo/commit/e89226f8639616f47f41697bd61113ba492617a2

Assignee: nobody → Laurent.Lyaudet
Status: REOPENED → RESOLVED
Closed: 2 years ago2 years ago
Resolution: --- → FIXED

After some delay, this fix is now on production.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: