Last Comment Bug 312473 - extension update does not try authentication if needed (e.g. proxy auth at startup)
: extension update does not try authentication if needed (e.g. proxy auth at st...
Status: RESOLVED FIXED
: fixed1.8.1.5
Product: Core Graveyard
Classification: Graveyard
Component: Installer: XPInstall Engine (show other bugs)
: 1.8 Branch
: x86 Windows 2000
: P2 normal with 8 votes (vote)
: mozilla1.9alpha6
Assigned To: Dave Townsend [:mossop]
:
:
Mentors:
: 346974 351751 357262 359171 359749 359940 360074 360721 361033 361034 361263 364087 365757 367014 367877 369459 369792 379688 380255 381908 383104 388134 (view as bug list)
Depends on:
Blocks: 390760
  Show dependency treegraph
 
Reported: 2005-10-14 08:26 PDT by Christian Schaefer
Modified: 2015-12-11 07:21 PST (History)
31 users (show)
mconnor: blocking1.8.1-
dtownsend: in‑testsuite+
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
patch rev 1 (1.79 KB, patch)
2007-06-07 05:32 PDT, Dave Townsend [:mossop]
dveditz: review+
jbecerra: approval1.8.1.5+
Details | Diff | Splinter Review

Description Christian Schaefer 2005-10-14 08:26:25 PDT
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1

if an extension on a server is protected via http authentication the automatic
update function of the extension manager will fail giving the following error
message:

	Firefox could not install the file at
	http://www.homeofmyext.com/myext.xpi
	because: Not a valid install package

I would expect the usual authentication request dialog to popup and the update
to fail only in the case that the authentication fails.

Reproducible: Always

Steps to Reproduce:
1. install an extension from a server that you control.
2. protect the xpi file with http authentication suing ie a .htaccess file
3. in the extension manager try 'find update'
4. if there is an update available (you'll have to make sure of that of course)
hit update

Actual Results:  
the update will fail giving this (rather unspecific) error message:

	Firefox could not install the file at
	http://www.homeofmyext.com/myext.xpi
	because: Not a valid install package


Expected Results:  
it should have opened a common http authentication request dialog to enter
username and password and update the extension as soon as the authentication is
sucessful or fail giving a useful message if the authentication failed.
Comment 1 Robert Strong [:rstrong] (use needinfo to contact me) 2005-10-14 18:00:18 PDT
Do you have a need for this?
Comment 2 Christian Schaefer 2005-10-15 00:03:09 PDT
> Do you have a need for this?

well yes I have indeed.
I currently develop an extension for a client. this extension is used as an
administrational tool for the clients website and therefor should not be
publically available. the client however may chose a number of employees that
are allowed to have access to that extension.
now the easiest way to provide software updates is using the update mechanism of
the extension manager. but as long as the http authentication is not working I
can see no way to benefit of the ease of that mechanism while maintaining a
strict security level.

now just to assure you of my appreciation of extension building: next to the
extension itself I write a report of the developing process explaining my
problems and the solutions I found. this of course will be publically available
as soon as the extension is released to the client.

thanks a lot!
/christian
Comment 3 Robert Strong [:rstrong] (use needinfo to contact me) 2006-02-11 21:30:24 PST
Daniel, this needs to happen in XPInstall unless I am badly mistaken.
Comment 4 Robert Strong [:rstrong] (use needinfo to contact me) 2006-07-18 10:20:05 PDT
XPInstall performs the download and needs to prompt for authentication when needed.
Comment 5 Darin Fisher 2006-07-18 14:16:38 PDT
-> me
Comment 6 Mike Beltzner [:beltzner, not reading bugmail] 2006-07-19 10:45:42 PDT
We should definitely fix this, but fwiw I'm pretty sure that I've seen the HTTP authentication request dialog pop up for extension updates (in fact, I remember being frustrated about it because it would do so when I started Firefox and block the rest of my UI).
Comment 7 Robert Strong [:rstrong] (use needinfo to contact me) 2006-07-19 11:01:50 PDT
I suspect that the authentication dialog wasn't shown due to extension update and was shown for some other reason... xpinstall has never had the code to do so afaict.
Comment 8 :Gavin Sharp [email: gavin@gavinsharp.com] 2006-07-19 11:29:50 PDT
I believe the joga extension made it's own request for updates (seperate from the Firefox's built-in updates), so that probably explains what beltzner saw.
Comment 9 Mike Connor [:mconnor] 2006-07-25 15:26:42 PDT
Too late to muck with xpinstall at this late stage, but we should look at getting this on trunk ASAP.
Comment 10 Robert Strong [:rstrong] (use needinfo to contact me) 2006-08-02 06:08:12 PDT
*** Bug 346974 has been marked as a duplicate of this bug. ***
Comment 11 Robert Strong [:rstrong] (use needinfo to contact me) 2006-09-07 17:14:04 PDT
*** Bug 351751 has been marked as a duplicate of this bug. ***
Comment 12 Bryan 2006-09-07 17:19:45 PDT
I've run into this three or four times lately and thought it was something I've done but in fact it turned out that the add-ons manager didn't prompt for proxy auth.

~B
Comment 13 Mike Connor [:mconnor] 2006-09-08 17:04:22 PDT
If it was too late in July, its way too late six weeks later.
Comment 14 Dave Townsend [:mossop] 2006-11-02 03:47:11 PST
*** Bug 359171 has been marked as a duplicate of this bug. ***
Comment 15 Matthias Versen [:Matti] 2006-11-06 23:22:35 PST
*** Bug 359749 has been marked as a duplicate of this bug. ***
Comment 16 Nick Thomas [:nthomas] 2006-11-08 04:59:40 PST
*** Bug 359940 has been marked as a duplicate of this bug. ***
Comment 17 Nick Thomas [:nthomas] 2006-11-09 02:53:11 PST
*** Bug 360074 has been marked as a duplicate of this bug. ***
Comment 18 Phil Ringnalda (:philor) 2006-11-14 15:27:53 PST
*** Bug 360721 has been marked as a duplicate of this bug. ***
Comment 19 Chanlô 2006-11-16 08:21:39 PST
As described in bug #351751, the same problem occurs when you have extensions or themes installed and use a proxy connection which requires authentication. When you launch FF and it detects available extension or theme updates, the update window pops up, but when you click on the update button the download fails, because FF doesn't ask for the proxy authentication. 

If you first browse a URL and authenticate on the proxy, then try to update the same extensions or themes using the Tools->extensions menu, then it works, because you are already authenticated on the proxy server.
Comment 20 Matthias Versen [:Matti] 2006-11-17 06:54:35 PST
*** Bug 361034 has been marked as a duplicate of this bug. ***
Comment 21 Matthias Versen [:Matti] 2006-11-17 06:56:02 PST
*** Bug 361033 has been marked as a duplicate of this bug. ***
Comment 22 Jo Hermans 2006-11-20 05:05:42 PST
*** Bug 361263 has been marked as a duplicate of this bug. ***
Comment 23 Dave Townsend [:mossop] 2006-12-17 04:16:43 PST
*** Bug 364087 has been marked as a duplicate of this bug. ***
Comment 24 Dave Townsend [:mossop] 2007-01-03 13:04:28 PST
*** Bug 365757 has been marked as a duplicate of this bug. ***
Comment 25 Dave Townsend [:mossop] 2007-01-07 13:42:00 PST
*** Bug 357262 has been marked as a duplicate of this bug. ***
Comment 26 Phil Ringnalda (:philor) 2007-01-15 01:34:31 PST
*** Bug 367014 has been marked as a duplicate of this bug. ***
Comment 27 Nick Thomas [:nthomas] 2007-01-23 05:46:42 PST
*** Bug 367877 has been marked as a duplicate of this bug. ***
Comment 28 Daniel Veditz [:dveditz] 2007-01-25 11:49:49 PST
This was minused for 1.9a1, which somehow turned into a 1.9 minus. Since that time FF2 shipped and we've collected a lot of dupes because of the issue described in comment 19. It's the same underlying issue as the original problem but a circumstance that's far more common than those considered when this was originally minused.
Comment 29 Matthias Versen [:Matti] 2007-02-06 03:50:07 PST
*** Bug 369459 has been marked as a duplicate of this bug. ***
Comment 30 Robert Strong [:rstrong] (use needinfo to contact me) 2007-02-08 16:18:42 PST
*** Bug 369792 has been marked as a duplicate of this bug. ***
Comment 31 Dave Townsend [:mossop] 2007-05-04 04:25:32 PDT
*** Bug 379688 has been marked as a duplicate of this bug. ***
Comment 32 Dave Townsend [:mossop] 2007-05-10 02:39:51 PDT
*** Bug 380255 has been marked as a duplicate of this bug. ***
Comment 33 Dave Townsend [:mossop] 2007-05-24 12:47:25 PDT
*** Bug 381908 has been marked as a duplicate of this bug. ***
Comment 34 Nick Thomas [:nthomas] 2007-06-04 05:55:01 PDT
*** Bug 383104 has been marked as a duplicate of this bug. ***
Comment 35 Dave Townsend [:mossop] 2007-06-07 05:32:58 PDT
Created attachment 267567 [details] [diff] [review]
patch rev 1

Given the lack of progress here I'll take this. This is a patch that works in my testing and is basically taken from the xmlhttprequest code.
Comment 36 Daniel Veditz [:dveditz] 2007-06-14 15:12:00 PDT
Comment on attachment 267567 [details] [diff] [review]
patch rev 1

r/sr=dveditz

We probably want to make this better in FF2 also
Comment 37 Dave Townsend [:mossop] 2007-06-15 10:22:01 PDT
Checking in nsXPInstallManager.cpp;
/cvsroot/mozilla/xpinstall/src/nsXPInstallManager.cpp,v  <--  nsXPInstallManager.cpp
new revision: 1.148; previous revision: 1.147
done
Comment 38 juan becerra [:juanb] 2007-06-27 10:59:33 PDT
Comment on attachment 267567 [details] [diff] [review]
patch rev 1

approved for 1.8.1.5, a=juanb for release-drivers
Comment 39 Jay Patel [:jay] 2007-07-12 13:42:40 PDT
Christian:  Can you please help us verify this fix with the latest 1.8 (2.0.0.5pre) nightly?

If anyone else has a testcase or extension setup behind an http auth, please share.  Thanks!
Comment 40 Dave Townsend [:mossop] 2007-07-14 06:28:48 PDT
*** Bug 388134 has been marked as a duplicate of this bug. ***
Comment 41 Dave Townsend [:mossop] 2007-08-02 02:03:43 PDT
(In reply to comment #39)
> If anyone else has a testcase or extension setup behind an http auth, please
> share.  Thanks!

Jay I've just verified that this works for me in 2.0.0.6 with an extension update behind a proxy server requiring auth.
Comment 42 Paolo Marani 2007-08-02 10:27:03 PDT
I'm behind a Squid-proxy server.
I can confirm that 2.0.0.6 works well, i receive an authentication request
and the update download is authorized.
The only problem is that this authorization request appear not to be forwarded.
I mean, as far as i open another web page, the auth request will pop up again.
After that i can continue browsing without receiving any other auth request.
In a nutshell, it works, but in the case that an authorization is requested
at startup for an update, it will be requested TWICE, this is unnecessary as
far the user already have authenticated itself on the first run.
Should we file another bug for this ?
Comment 43 Dave Townsend [:mossop] 2007-08-02 10:35:47 PDT
(In reply to comment #42)
> Should we file another bug for this ?

Yes please
Comment 44 Robert Strong [:rstrong] (use needinfo to contact me) 2007-08-02 10:38:44 PDT
Please cc me on the new bug... we've had a few discussions on the restart on startup requirement when installing extensions which causes this and we really need to fix that to fix this.
Comment 45 Paolo Marani 2008-05-26 11:00:35 PDT
Something screwed up in latest firefox update.
Proxy auth dialog popup unexpectly without caching the previously saved authentication data. The checkbox for saving data dont stuck checked.

Note You need to log in before you can comment on or make changes to this bug.