368939 - Can't store/access different credentials (in the Keychain) for different httpAuth realms on the same host

Status: RESOLVED FIXED

(Camino Graveyard :: OS Integration, defect)

Description

[Smokey Ardisson (offline for a while; not following bugs - do not email)]

STR:

1. Visit a httpAuth realm on a server, log in, and save the login and password
2. Visit another httpAuth realm on the same server
2a. Replace the pre-filled credentials with the appropriate ones for this realm and save
3. Visit the original realm and see the credentials from realm 2 filled in

Note: If you visit the 2 realms in Safari first and save them, Camino will not read those passwords at all, and will prompt you with a blank auth sheet for the first realm you visit.

"Camino Auth Test" - http://www.ardisson.org/smokey/moz/authtest/ - camino:cmtest1
"Chimera Auth Test" - http://www.ardisson.org/smokey/moz/chimera/ - smorgan:imti7an

Comment 1

[Stuart Morgan]

Looking at the code, this should be easy to fix. Us not using Safari's entries surprises me though, so I'll have to look into that.

Comment 2

[Stuart Morgan]

(In reply to comment #0)
> Note: If you visit the 2 realms in Safari first and save them, Camino will not
> read those passwords at all

Spun into bug 370112, since it's a port issue, not a realm issue.

I'm confident that I can fix this for 1.1, but it's going to rely on the work I did for the security change, so I want to wait for that to land before posting a patch. Pulling to 1.1 though so I don't forget.

Comment 3

[Stuart Morgan]

Attachment: fix

Uses realm for HTTPAuth. Also fixes a bug I noticed in the form security code where we could attach the initial action host to the wrong entry if we were starting with a non-Camino entry and changing the account.

Comment 4

[Mike Pinkerton (not reading bugmail)]

Comment on attachment 257206 [details] [diff] [review]
fix

sr=pink

Comment 5

[Stuart Morgan]

Checked in on trunk and MOZILLA_1_8_BRANCH.