Login Manager gets confused with password/PIN on usaa.com

RESOLVED FIXED in mozilla1.9alpha8

Status

()

defect
RESOLVED FIXED
12 years ago
11 years ago

People

(Reporter: u88484, Assigned: Dolske)

Tracking

({regression})

Trunk
mozilla1.9alpha8
Points:
---
Bug Flags:
blocking1.9 +
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(3 attachments)

(Reporter)

Description

12 years ago
When I login to my bank site and use my pin, if I tell Firefox to remember it, the site tells me to use only numbers.  When I don't tell Firefox to remember it, no problems.  I'll try to find the regression range which is between fixing of the million master password dialogs and the master password change it and lose passwords bugs.  I believe the bug fix for the master password change and lose passwords caused this but I'll find the regression.
(Reporter)

Comment 1

12 years ago
Well this started before the patch for bug 388403 landed so I'm clueless on where to look for the regression range now.  

Here are further steps:
1) I go to my bank usaa.com
2) master password prompt comes up asking for password
3) enter password and my username/password are filled in, i hit log on
4) I click on my checking account
5) a page comes up asking for my pin (Which is already filled in) i enter enter and firefox asks if it can remember it (it already has remembered it since it is pre filled in)?
6) I hit yes and my bank site tells me to only enter numbers.
7) i logout and do steps 1-5 again
8)i backspace to clear the pin input field, I type my pin and hit the button to submit it and Firefox asks me again if it can remember it and same thing happens telling me to only enter numbers.

It i don't tell firefox not to remember it, no problems.

Nothing in the error console either and now I'm locked out of my account so I can't give anymore details for now.
(Reporter)

Updated

12 years ago
Flags: blocking-firefox3?

Comment 2

12 years ago
Same thing at MySpace.com.  I filed this in the 20070809 [Trunk] thread:

http://forums.mozillazine.org/viewtopic.php?p=3004005#3004005


I cannot log in to myspace.com when telling password manager to remember password. I get the standard login screen, then it acts as if I entered some wrong information. When not telling myspace or firefox to remember my login information, it acts normal.


I assume my issue has to do with the recent password manager issues?
Flags: blocking-firefox3? → blocking-firefox3+
Assignee: nobody → dolske
Target Milestone: --- → Firefox 3 M8
(Assignee)

Comment 3

12 years ago
(In reply to comment #1)

> 5) a page comes up asking for my pin (Which is already filled in) i enter enter

What's happening at this point is that the Login Manager sees a form with 1 password field, and no username field. It has a login for the site already (your account username/password), and so it fills in the password. This is basically by design, for sites that remember your username (eg, via cookie), and present you with just a password field. "Welcome back Bob! Enter your password to login: [      ]".

In this particular case, I think we can mitigate this by not filling in a login if the stored values exceed the length of the input field's max size. For example, a typical PIN field would look like <input type="password" maxlength="4">. If your stored login has a password that's 5 or more characters long, then we shouldn't try to cram it in, since you wouldn't have been able to type it anyway.


> 8)i backspace to clear the pin input field, I type my pin and hit the button to
> submit it and Firefox asks me again if it can remember it and same thing
> happens telling me to only enter numbers.

Hmm, that's a bit surprising because saving password-only logins isn't quite working yet (bug 386150).

Oh... I see why:

<div style="display: none">
    <input type="text" name="hidden_text_input" maxlength="1" size="1" value="/>
</div>

I suppose this might be an issue for fixing 386150.

There may also be some interaction here with the issue mentioned in bug 394611... If it sees you enter a login with a known username but a different password, it may automatically update the stored password (thinking that it has an old value stored). 394611 suggests that we probably don't want to do that automatically now.
(Assignee)

Updated

12 years ago
Summary: Clicking remember password results in input character change → Login Manager gets confused with password/PIN on usaa.com
(Reporter)

Comment 4

12 years ago
Posted file code
This bug isn't about the main page, you have to be able to login to get to this page so here is the code attached.

Here is the code on that page for the input  

<td><input id="cppindatacontainer.verifypin" name="cppindatacontainer.verifypin" maxlength="4" size="5" type="password">
(Assignee)

Comment 5

12 years ago
(In reply to comment #2)
> Same thing at MySpace.com.  I filed this in the 20070809 [Trunk] thread:
> 
> http://forums.mozillazine.org/viewtopic.php?p=3004005#3004005

Saving MySpace logins WFM, and I don't see anything there that seems related to the issues in this bug. If you can reproduce your problem with a clean profile, please open a new bug for your issue.
(Assignee)

Comment 6

12 years ago
(The last chunk here is just s/foundLogin/matchingLogin/, to avoid confusion with the new foundLogins variable I added. I needed foundLogins so that if the list was filtered in one form, the next form to reuse the list shouldn't get the filtered list).
Attachment #279409 - Flags: review?(gavin.sharp)
(Assignee)

Updated

12 years ago
OS: Windows XP → All
Hardware: PC → All
(Assignee)

Comment 7

12 years ago
Posted patch MochitestsSplinter Review
Attachment #279411 - Flags: review?(gavin.sharp)
Attachment #279409 - Flags: review?(gavin.sharp) → review+
Attachment #279411 - Flags: review?(gavin.sharp) → review+
(Assignee)

Comment 8

12 years ago
Marking this as FIXED. Bug 222589 probably helps things work better overall, though.

Checking in toolkit/components/passwordmgr/src/nsLoginManager.js;
/cvsroot/mozilla/toolkit/components/passwordmgr/src/nsLoginManager.js,v  <--  nsLoginManager.js
new revision: 1.18; previous revision: 1.17
done
Checking in toolkit/components/passwordmgr/test/Makefile.in;
/cvsroot/mozilla/toolkit/components/passwordmgr/test/Makefile.in,v  <--  Makefile.in
new revision: 1.9; previous revision: 1.8
done
RCS file: /cvsroot/mozilla/toolkit/components/passwordmgr/test/test_bug_391514.html,v
done
Checking in toolkit/components/passwordmgr/test/test_bug_391514.html;
/cvsroot/mozilla/toolkit/components/passwordmgr/test/test_bug_391514.html,v  <--  test_bug_391514.html
initial revision: 1.1
done
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
(Assignee)

Comment 9

12 years ago
(In reply to comment #8)
> Marking this as FIXED. Bug 222589 probably helps things work better overall,
> though.

Bah, I mean bug 386150.
(Reporter)

Comment 10

12 years ago
Justin, still can't save my pin, but I can log in without it telling me that its the wrong password :) I get these in the error console:

Error: [Exception... "'Can't add a login with a null or empty username.' when calling method: [nsILoginManager::addLogin]"  nsresult: "0x8057001e (NS_ERROR_XPC_JS_THREW_STRING)"  location: "JS frame :: file:///C:/Program%20Files/firefox/components/nsLoginManagerPrompter.js :: anonymous :: line 344"  data: no]
Source File: file:///C:/Program%20Files/firefox/components/nsLoginManagerPrompter.js
Line: 344

Error: uncaught exception: [Exception... "'Can't add a login with a null or empty username.' when calling method: [nsILoginManager::addLogin]"  nsresult: "0x8057001e (NS_ERROR_XPC_JS_THREW_STRING)"  location: "JS frame :: file:///C:/Program%20Files/firefox/components/nsLoginManagerPrompter.js :: anonymous :: line 344"  data: no]

or this actually bug 386150?  Should I add those to that bug?
(Assignee)

Comment 11

12 years ago
I don't expect that to work until after 386150 is fixed. When I tested with that fix, things worked fine, open a new bug if there are problems after it lands.
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.