Closed
Bug 229762
Opened 21 years ago
Closed 18 years ago
If username field is prefilled by page to a value that matches a stored signon, pwmgr should prefill password
Categories
(Toolkit :: Password Manager, defect, P2)
Toolkit
Password Manager
Tracking
()
RESOLVED
FIXED
mozilla1.7.4
People
(Reporter: bugs, Assigned: bryner)
References
Details
(Keywords: fixed-aviary1.0)
Attachments
(1 file)
|
2.95 KB,
patch
|
Details | Diff | Splinter Review |
If I go to dell.com and try to sign in to my account there, dell.com uses a
cookie with my username saved to prefill the username field on the login page.
This causes pwmgr to NOT fill in the password because it thinks there's a
default value and it shouldn't meddle, even though the default value matches a
username that the pwmgr has stored.
I think the logic should work like this:
if (page default value)
if (page default value == any of the saved signons)
pwmgr fill password for that signon
else
do nothing, attach autocomplete widget.
else
if (more than one signon)
do nothing, attach autocomplete widget
else
prefill username and password
This means that in the case where there is more than one signon saved, cookies
set by a page have the power to select a password from the available set. This
would streamline entry to sites where users have more than one signon but only
one is frequently used.
|
Reporter | |
Comment 1•21 years ago
|
||
Twiddling bits.
Severity: normal → enhancement
Priority: -- → P3
Target Milestone: --- → Firebird0.9
|
||
Comment 2•21 years ago
|
||
The fix for this might also fix bug 218135, "Going back to page with saved password does not refill password".
|
Assignee | |
Comment 3•21 years ago
|
||
*** Bug 233723 has been marked as a duplicate of this bug. ***
|
||
Comment 4•20 years ago
|
||
Operational workaround for prefilled ID ; - Click ID field in the form, then Firefox fills password This workaround was effective at amazaon.co.jp site.
|
||
Comment 5•20 years ago
|
||
Confirming workaround. This should be upgraded from enhancement, though... it's really annoying!
|
||
Comment 6•20 years ago
|
||
In bug 242239 I describe a second case of this bug, where the username field is prefilled by the page with a value that is a leading-substring of a stored signon. This bug and case 1 in bug 242239 can be considered a subcase of what I described above - meaning the leading-substring *is* the complete username
|
|
Reporter | |
Updated•20 years ago
|
Flags: blocking1.0+
Target Milestone: Firefox0.9 → Firefox1.0
|
|
Reporter | |
Comment 7•20 years ago
|
||
*** Bug 218135 has been marked as a duplicate of this bug. ***
|
|
Reporter | |
Updated•20 years ago
|
Severity: enhancement → normal
Priority: P3 → P2
Target Milestone: Firefox1.0 → Firefox1.0beta
|
|
Reporter | |
Updated•20 years ago
|
Flags: blocking-aviary1.0RC1+
|
|
Assignee | |
Comment 8•20 years ago
|
||
Instead of bailing when there's a prefilled value, check whether it's the same as the username we're looking at. If it is, prefill the corresponding password. Also, don't bail out of the loop as soon as we discover a second matching username, since there may be a later one that matches the prefilled value. Instead, just keep track of whether we've attached the autocomplete listener yet. Finally, this patch changes the behavior when DecryptData() fails to avoid multiple prompts if the user is trying to cancel the master password dialog. If decryption fails, we bail immediately. I tested this at paypal which I believe prefills the username value if you log out and then go to log in again.
|
|
Assignee | |
Updated•20 years ago
|
Attachment #154244 -
Flags: review?(bugs)
|
|
Reporter | |
Comment 9•20 years ago
|
||
will test with this tomorrow on some of the usual suspects
|
|
Assignee | |
Comment 10•20 years ago
|
||
checked in per ben's request to get wider testing
|
||
Comment 11•20 years ago
|
||
Comment on attachment 154244 [details] [diff] [review] patch Clearing obsolete review request...
Attachment #154244 -
Flags: review?(bugs)
|
||
Comment 12•19 years ago
|
||
(In reply to comment #0) > if (page default value) > if (page default value == any of the saved signons) > pwmgr fill password for that signon > else > do nothing, attach autocomplete widget. Might it be the else case has not been fixed/regressed? See for example the testcase under http://www-lehre.inf.uos.de/~rfreund/firefox-pw-test.php. Type in some username/password pair, save it and revisit website. Observe username value="test" gets overwritten, per Comment 0 this shouldn't happen IMHO (has default value, saved signon doesn't match default value).
|
|
Assignee | |
Comment 13•19 years ago
|
||
reopening per reporter comments. We need to make sure this works as expected or it can become a major usability problem with password manager. Nominating for 1.1 so we don't lose track of it.
Status: RESOLVED → REOPENED
Flags: blocking-aviary1.1?
Resolution: FIXED → ---
|
|
||
Comment 14•19 years ago
|
||
(In reply to comment #12) Comfirmed problem of comment #12 on Mozilla trunk 2005041005(Win-2K) too. When I changed pre-filled value of "test" to other string(say "abcd"), password manager saved with Username of "abcd". And the value of "test" in following <input> field was replaced by "abcd" when visiting the test site again and password was filled automatically. <input type="text" name="username" value="test" /> Password managers said "abcd" is the Username for this site, and "Show Password" displayed saved password correctly. Fix for this bug is applied to Mozilla too? (In my test in the past, this bug's original problem didn't occur on Mozilla and it was Firefox only problem.) Regression by fix for this bug? Or independent problem?
|
|
||
Comment 15•19 years ago
|
||
(In reply to comment #14) > (In reply to comment #12) > Comfirmed problem of comment #12 on Mozilla trunk 2005041005(Win-2K) too. [...] > Regression by fix for this bug? Or independent problem? Independent problem, Firefox uses different code for Password Manager.
|
||
Comment 16•19 years ago
|
||
*** Bug 294458 has been marked as a duplicate of this bug. ***
|
|
||
Comment 17•19 years ago
|
||
As bug 294458 noted, this is extra ugly if the filled-in username that we are clobbering is actually a readonly field - we don't attach the autocomplete widget to a readonly field if you have two usernames saved, but if you only have one we clobber the filled-in value and you're stuck with no way of changing it.
|
||
Comment 18•19 years ago
|
||
Just another comment: I had similar problems with mailman: The web interface requests a "list administration password" (the user is implicit the list's name). Firefox then prompt "Do you want to change the default password for XXXX?". In some other cases the password isn't rememebered (or suggested to do so) at all. I don't know if you can do much about that, but when you are on it...
|
||
Comment 19•19 years ago
|
||
lets take a crack at getting a fix here, the readonly case sounds wonderfully annoying.
Flags: blocking-aviary1.1? → blocking-aviary1.1+
|
|
||
Comment 20•19 years ago
|
||
most likely not going to make it for 1.5 hopefully we can get some traction on this early in
Flags: blocking-aviary1.5+
|
|
||
Comment 21•19 years ago
|
||
*** Bug 265985 has been marked as a duplicate of this bug. ***
|
|
||
Comment 22•19 years ago
|
||
Marking depends on bug 270558, which also covers the part that this is reopened for, complete with testcases, since I keep finding just one or the other instead of both.
Depends on: 270558
|
||
Comment 23•19 years ago
|
||
*** Bug 312877 has been marked as a duplicate of this bug. ***
|
|
||
Comment 24•18 years ago
|
||
Fixed in bug 270558, so back to FIXED
Status: REOPENED → RESOLVED
Closed: 20 years ago → 18 years ago
Resolution: --- → FIXED
|
||
Updated•16 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•