391514 - Login Manager gets confused with password/PIN on usaa.com

Status: RESOLVED FIXED

(Toolkit :: Password Manager, defect)

Description

[u88484]

When I login to my bank site and use my pin, if I tell Firefox to remember it, the site tells me to use only numbers.  When I don't tell Firefox to remember it, no problems.  I'll try to find the regression range which is between fixing of the million master password dialogs and the master password change it and lose passwords bugs.  I believe the bug fix for the master password change and lose passwords caused this but I'll find the regression.

Comment 1

[u88484]

Well this started before the patch for bug 388403 landed so I'm clueless on where to look for the regression range now.  

Here are further steps:
1) I go to my bank usaa.com
2) master password prompt comes up asking for password
3) enter password and my username/password are filled in, i hit log on
4) I click on my checking account
5) a page comes up asking for my pin (Which is already filled in) i enter enter and firefox asks if it can remember it (it already has remembered it since it is pre filled in)?
6) I hit yes and my bank site tells me to only enter numbers.
7) i logout and do steps 1-5 again
8)i backspace to clear the pin input field, I type my pin and hit the button to submit it and Firefox asks me again if it can remember it and same thing happens telling me to only enter numbers.

It i don't tell firefox not to remember it, no problems.

Nothing in the error console either and now I'm locked out of my account so I can't give anymore details for now.

Comment 2

[Peter S.]

Same thing at MySpace.com.  I filed this in the 20070809 [Trunk] thread:

http://forums.mozillazine.org/viewtopic.php?p=3004005#3004005


I cannot log in to myspace.com when telling password manager to remember password. I get the standard login screen, then it acts as if I entered some wrong information. When not telling myspace or firefox to remember my login information, it acts normal.


I assume my issue has to do with the recent password manager issues?

Comment 3

[Justin Dolske [:Dolske]]

(In reply to comment #1)

> 5) a page comes up asking for my pin (Which is already filled in) i enter enter

What's happening at this point is that the Login Manager sees a form with 1 password field, and no username field. It has a login for the site already (your account username/password), and so it fills in the password. This is basically by design, for sites that remember your username (eg, via cookie), and present you with just a password field. "Welcome back Bob! Enter your password to login: [      ]".

In this particular case, I think we can mitigate this by not filling in a login if the stored values exceed the length of the input field's max size. For example, a typical PIN field would look like <input type="password" maxlength="4">. If your stored login has a password that's 5 or more characters long, then we shouldn't try to cram it in, since you wouldn't have been able to type it anyway.


> 8)i backspace to clear the pin input field, I type my pin and hit the button to
> submit it and Firefox asks me again if it can remember it and same thing
> happens telling me to only enter numbers.

Hmm, that's a bit surprising because saving password-only logins isn't quite working yet (bug 386150).

Oh... I see why:

<div style="display: none">
    <input type="text" name="hidden_text_input" maxlength="1" size="1" value="/>
</div>

I suppose this might be an issue for fixing 386150.

There may also be some interaction here with the issue mentioned in bug 394611... If it sees you enter a login with a known username but a different password, it may automatically update the stored password (thinking that it has an old value stored). 394611 suggests that we probably don't want to do that automatically now.

Comment 4

[u88484]

Attachment: code

This bug isn't about the main page, you have to be able to login to get to this page so here is the code attached.

Here is the code on that page for the input  

<td><input id="cppindatacontainer.verifypin" name="cppindatacontainer.verifypin" maxlength="4" size="5" type="password">

Comment 5

[Justin Dolske [:Dolske]]

(In reply to comment #2)
> Same thing at MySpace.com.  I filed this in the 20070809 [Trunk] thread:
> 
> http://forums.mozillazine.org/viewtopic.php?p=3004005#3004005

Saving MySpace logins WFM, and I don't see anything there that seems related to the issues in this bug. If you can reproduce your problem with a clean profile, please open a new bug for your issue.

Comment 6

[Justin Dolske [:Dolske]]

Attachment: Patch for review, v.1

(The last chunk here is just s/foundLogin/matchingLogin/, to avoid confusion with the new foundLogins variable I added. I needed foundLogins so that if the list was filtered in one form, the next form to reuse the list shouldn't get the filtered list).

Comment 7

[Justin Dolske [:Dolske]]

Attachment: Mochitests

Comment 8

[Justin Dolske [:Dolske]]

Marking this as FIXED. Bug 222589 probably helps things work better overall, though.

Checking in toolkit/components/passwordmgr/src/nsLoginManager.js;
/cvsroot/mozilla/toolkit/components/passwordmgr/src/nsLoginManager.js,v  <--  nsLoginManager.js
new revision: 1.18; previous revision: 1.17
done
Checking in toolkit/components/passwordmgr/test/Makefile.in;
/cvsroot/mozilla/toolkit/components/passwordmgr/test/Makefile.in,v  <--  Makefile.in
new revision: 1.9; previous revision: 1.8
done
RCS file: /cvsroot/mozilla/toolkit/components/passwordmgr/test/test_bug_391514.html,v
done
Checking in toolkit/components/passwordmgr/test/test_bug_391514.html;
/cvsroot/mozilla/toolkit/components/passwordmgr/test/test_bug_391514.html,v  <--  test_bug_391514.html
initial revision: 1.1
done

Comment 9

[Justin Dolske [:Dolske]]

(In reply to comment #8)
> Marking this as FIXED. Bug 222589 probably helps things work better overall,
> though.

Bah, I mean bug 386150.

Comment 10

[u88484]

Justin, still can't save my pin, but I can log in without it telling me that its the wrong password :) I get these in the error console:

Error: [Exception... "'Can't add a login with a null or empty username.' when calling method: [nsILoginManager::addLogin]"  nsresult: "0x8057001e (NS_ERROR_XPC_JS_THREW_STRING)"  location: "JS frame :: file:///C:/Program%20Files/firefox/components/nsLoginManagerPrompter.js :: anonymous :: line 344"  data: no]
Source File: file:///C:/Program%20Files/firefox/components/nsLoginManagerPrompter.js
Line: 344

Error: uncaught exception: [Exception... "'Can't add a login with a null or empty username.' when calling method: [nsILoginManager::addLogin]"  nsresult: "0x8057001e (NS_ERROR_XPC_JS_THREW_STRING)"  location: "JS frame :: file:///C:/Program%20Files/firefox/components/nsLoginManagerPrompter.js :: anonymous :: line 344"  data: no]

or this actually bug 386150?  Should I add those to that bug?

Comment 11

[Justin Dolske [:Dolske]]

I don't expect that to work until after 386150 is fixed. When I tested with that fix, things worked fine, open a new bug if there are problems after it lands.