Open
Bug 223636
Opened 21 years ago
Updated 9 months ago
automatic login for HTTP authentication
Categories
(Toolkit :: Password Manager, enhancement, P5)
Toolkit
Password Manager
Tracking
()
NEW
People
(Reporter: moz.n1, Unassigned)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
(Keywords: parity-safari, Whiteboard: [passwords:http-auth])
Attachments
(1 file, 2 obsolete files)
|
20.90 KB,
patch
|
zpao
:
feedback+
|
Details | Diff | Splinter Review |
This is same as Bug 117592
That bug is for the password manager component in seamonkey, this one is to
request the same feature for firebird's password manager. I was asked to file a
seperate bug for firebird.
http://forums.mozillazine.org/viewtopic.php?t=29189&start=29
From orig. bug:
For pages where authentication is done via the "old school", pop up a dialog
method, rather than with forms and cookies, there should be an option to
automatically log in if the name/password pair is stored with the password
manager.
A checkbox "do not ask me again" should be added below the current "save this
password" checkbox. If both are checked, silently login in the future.
screenshot:
http://bugzilla.mozilla.org/attachment.cgi?id=132646&action=view
|
Reporter | |
Comment 1•21 years ago
|
||
Setting Hardware/OS to All/All.
OS: Windows XP → All
Hardware: PC → All
|
|
Reporter | |
Comment 2•21 years ago
|
||
Adding keyword 'conversion'
http://forums.mozillazine.org/viewtopic.php?p=347089#347089
Most of my coworkers face the same problem.
Keywords: conversion
|
||
Updated•21 years ago
|
Summary: [RFE] Automatically log into sites for which the name/password is stored (HTTP Basic Auth) → [RFE] Automatically log into sites for which the name/password is stored (HTTP Basi+c Auth)
Summary: [RFE] Automatically log into sites for which the name/password is stored (HTTP Basi+c Auth) → [RFE] Automatically log into sites for which the name/password is stored (HTTP Basic Auth)
This will need the ability to "uncheck" the box in some way other than removing
it from the password manager completely.
|
||
Comment 4•21 years ago
|
||
Maybe we could add an icon to the statusbar indicating that the browser is
currently sending authentication information. The user could also use this to
switch login information, or to effectively "logout".
It would be nice if this bug was expanded to include NTLM authentication as well.
|
|
Reporter | |
Comment 5•21 years ago
|
||
Would it be possible to add a hidden pref accessible via about:config in the
core, and leave any UI change (checkbox, status bar) for extensions?
|
||
Updated•21 years ago
|
Flags: blocking1.0?
|
||
Comment 6•21 years ago
|
||
+ing to get on bryner's radar, I'll let him decide if he wants to fix this.
Flags: blocking1.0? → blocking1.0+
|
|
||
Updated•20 years ago
|
Flags: blocking1.0+ → blocking1.0-
|
|
||
Updated•20 years ago
|
Priority: -- → P4
|
||
Comment 7•20 years ago
|
||
See also bug 231529, "Optionally enable unprompted NTLM authentication".
|
|
||
Comment 8•20 years ago
|
||
*** Bug 249112 has been marked as a duplicate of this bug. ***
|
|
Reporter | |
Comment 9•20 years ago
|
||
With the fix for bug 231529, IE-parity has been attained. I guess this bug can
still be left open as an RFE.. but the integrated windows auth. problem that
caused this bug report has been solved. Removing conversion keyword.
Keywords: conversion
|
|
||
Comment 10•20 years ago
|
||
*** Bug 270918 has been marked as a duplicate of this bug. ***
|
|
Reporter | |
Comment 11•19 years ago
|
||
resummarising
Summary: [RFE] Automatically log into sites for which the name/password is stored (HTTP Basic Auth) → [RFE] optionally enable unprompted http basic authentication (automatically log in when username/password is stored)
|
||
Updated•19 years ago
|
Assignee: bryner → nobody
Priority: P4 → --
QA Contact: davidpjames → password.manager
Summary: [RFE] optionally enable unprompted http basic authentication (automatically log in when username/password is stored) → optionally enable unprompted http basic authentication (automatically log in when username/password is stored)
|
||
Comment 12•18 years ago
|
||
*** Bug 341105 has been marked as a duplicate of this bug. ***
|
|
||
Comment 13•18 years ago
|
||
Ironic that because Safari has this feature and Firefox doesn't, I often end up using Safari to access Mozilla Corp's internal wiki ;)
|
|
||
Updated•18 years ago
|
Flags: blocking1.9?
Flags: blocking1.9? → blocking1.9-
Whiteboard: [p-safari] → [wanted-1.9] [p-safari]
|
||
Comment 14•18 years ago
|
||
anyone it is working on it? i need this feature, any workaround to make this automatic anyway? Thanks.
|
||
Comment 16•18 years ago
|
||
(In reply to comment #3)
> This will need the ability to "uncheck" the box in some way other than removing
> it from the password manager completely.
I suggest using URLs like http://user1@example.org, then "unchecking" would be easy. Unfortunately Firefox (2.0.0.3, haven’t tried a nightly build) doesn’t use the stored password with URLs like this. Also, the user is prompted if he really wants to login as user1 (bug 377786).
|
|
||
Comment 17•17 years ago
|
||
Apparently there's an extension that does this:
http://www.efinke.com/addons/autoauth/
|
||
Updated•17 years ago
|
Assignee: nobody → dolske
Target Milestone: --- → Firefox 3
|
|
||
Updated•17 years ago
|
Assignee: dolske → nobody
|
||
Updated•17 years ago
|
Flags: wanted-firefox3+
Whiteboard: [wanted-1.9] [p-safari] → [p-safari]
|
Assignee | |
Updated•16 years ago
|
Product: Firefox → Toolkit
|
|
||
Updated•16 years ago
|
Target Milestone: mozilla1.9 → mozilla2.0
|
|
||
Comment 19•16 years ago
|
||
Updating summary. One special case of this is for proxy authentication. We might want to consider having HTTP authentication default to always-prompt, but proxy-auth default to auto-login... My rough reasoning is that prompting for HTTP auth might be wanted as a safety-check step (eg, against CSRF), whereas for most people prompting for proxy auth is just an annoyance.
Summary: optionally enable unprompted http basic authentication (automatically log in when username/password is stored) → automatic login for HTTP/proxy authentication
|
|
||
Comment 20•16 years ago
|
||
That's a pretty weak CSRF defense. We shouldn't keep the prompt if it's just for CSRF defense.
|
|
||
Comment 21•16 years ago
|
||
We could probably do something with making HTTP auth automatic when it's the same-origin as the page, but still prompt otherwise. Not sure what the full UI should be, just noting that we could be more liberal with proxy auth than HTTP auth. Like I said, "rough reasoning." :)
|
||
Comment 22•16 years ago
|
||
FWIW, I voted for this bug because I want unprompted HTTP auth. I frequently have a page in my session store that I have the password saved for, and I'd like the login manager to just submit it for me without a dialog.
|
|
||
Updated•15 years ago
|
Assignee: nobody → dolske
Target Milestone: mozilla2.0 → mozilla1.9.2
|
|
||
Comment 23•15 years ago
|
||
This patch implements backend support for having logins automatically submit in HTTP auth, and makes promptAuth() skip the prompt when it's filled with an autologin login.
Three main areas of work before this can land:
* Want doorhanger UI so that it's easy to turn off automatic login
* Need to figure out UI for enabling automatic login
* Need to implement a way to suppress automatic login when we try but it fails (eg, if you password expired).
It would also be nice to figure out if/how automatic form logins should work. That's for a separate bug, but would be good to make sure we don't have to change the DB schema in a complicated way.
|
||
Comment 26•15 years ago
|
||
Bug 521467 has an alternative fix.
|
|
||
Comment 27•15 years ago
|
||
> * Need to implement a way to suppress automatic login when we
> try but it fails (eg, if you password expired).
My patch has that.
|
||
Comment 29•15 years ago
|
||
Is this bug related to the just-fixed-on-trunk bug 521467?
|
|
||
Comment 30•15 years ago
|
||
Yes. That bug allows to automatically log in to your *proxy* without prompt. It does not cover HTTP web servers (which have very different security and privacy characteristics.
The code there helps with the network code to notify us about login failures, which dolske referred to in comment 23 as:
> * Need to implement a way to suppress automatic login when we try but it
> fails (eg, if you password expired).
It does not help with the rest of the code needed here.
|
||
Comment 31•14 years ago
|
||
Hi,
Is there a patch for this that I can try in my Firefox installation?
Thanks and Regards,
Vinod.
|
|
||
Comment 32•14 years ago
|
||
Updated patch.
Hitting some odd breakage, though, in that I keep getting |undefined| for .autoLogin. Eg, with the logging in this patch I get:
...
PwMgr mozStorage: _findLogins: returning 1 logins
PwMgr mozStorage: ZZZ logins[0].autoLogin is: true
Pwmgr Prompter: found 1 matching logins.
Pwmgr Prompter: ZZZ selectedLogin.autoLogin is: undefined
Not sure what's going wrong. :-/
Attachment #380553 -
Attachment is obsolete: true
|
|
||
Comment 33•14 years ago
|
||
Grr. Was missing a QI. Problem fixed.
I think this is mostly done, just a few things to check and write tests. Also considering only having autoauth working for top level documents, so that embedded images/iframes would not log in automatically (perhaps only when when eTLD+1s differ?)
Attachment #449338 -
Attachment is obsolete: true
Attachment #449359 -
Flags: feedback?(paul)
|
||
Comment 34•14 years ago
|
||
Comment on attachment 449359 [details] [diff] [review]
Patch v.3
>+ _dbMigrateToVersion5 : function () {
>+ // Add the new column only if needed.
>+ if (!this._dbColumnExists("autoLogin")) {
>+ // XXX integer seems simplest here (0=false, 1=true), but maybe this
>+ // should be text. eg "yes/no/never" or for storing URLs for form
>+ // logins (ie, only autosubmit on certain URLs)?
>+ this._dbConnection.executeSimpleSQL(
>+ "ALTER TABLE moz_logins ADD COLUMN autoLogin INTEGER");
>+ }
I had a similar question - we could use "boolean" types instead of 0/1. I think internally it's the same to sqlite. But if we do go for a 3-state flag, then we probably shouldn't do text. Keep them as ints and define some constants. Not sure how I feel about storing urls...
Attachment #449359 -
Flags: feedback?(paul) → feedback+
|
||
Updated•14 years ago
|
Flags: wanted-fennec1.0?
|
||
Comment 35•13 years ago
|
||
Any news here?
|
|
||
Comment 36•13 years ago
|
||
FWIW, automatic HTTP proxy auth is implemented as part of Bug 521467. You just need to set pref "signon.autologin.proxy" = true (Boolean). Bug 646452 is about making it work by default.
Summary: automatic login for HTTP/proxy authentication → automatic login for HTTP authentication
|
|
||
Comment 37•13 years ago
|
||
(clearing assignment of bugs I'm no long planning to work on)
Assignee: dolske → nobody
|
||
Comment 38•11 years ago
|
||
I think that we can use the fix from Bug 521467 here. That fix gave us the convenient signon.autologin.proxy pref, so it should be pretty easy to add an autologin checkbox to the proxy dialog.
I'll try this out later.
|
||
Updated•8 years ago
|
Whiteboard: [p-safari] → [passwords:http-auth][parity-safari]
Target Milestone: mozilla1.9.2 → ---
|
|
||
Updated•8 years ago
|
Priority: -- → P5
|
|
||
Comment 40•7 years ago
|
||
Mass bug change to replace various 'parity' whiteboard flags with the new canonical keywords. (See bug 1443764 comment 13.)
Keywords: parity-safari
Whiteboard: [passwords:http-auth][parity-safari] → [passwords:http-auth]
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•