Clear Private Data can trigger master password prompt

VERIFIED FIXED in mozilla1.9beta3

Status

()

Toolkit
Password Manager
VERIFIED FIXED
10 years ago
9 years ago

People

(Reporter: Dolske, Assigned: Dolske)

Tracking

Trunk
mozilla1.9beta3
Points:
---
Bug Flags:
in-testsuite +
in-litmus +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Assignee)

Description

10 years ago
Created attachment 294716 [details] [diff] [review]
Patch for review, v.1

The sanitizer just wants to know if any passwords are saved in the password manager, so it can enable or disable the checkbox to clear saved passwords. It currently has to use getAllLogins(), which can result in the user being prompted for a master password.

This issue is similar to bug 378667, which was fixed by implementing countLogins() for the Page Info dialog.
Attachment #294716 - Flags: review?(gavin.sharp)
Comment on attachment 294716 [details] [diff] [review]
Patch for review, v.1

>Index: toolkit/components/passwordmgr/src/storage-Legacy.js

>+            // For consistency with how aFormSubmitURL and aHttpRealm work
>+            return 0;

Document this in the IDL too?

(I'm assuming you're going to add tests for this too)
Attachment #294716 - Flags: review?(gavin.sharp) → review+
Flags: in-testsuite?
(Assignee)

Updated

10 years ago
Attachment #294716 - Flags: approval1.9?
Comment on attachment 294716 [details] [diff] [review]
Patch for review, v.1

nit: else after return is unnecessary here
Comment on attachment 294716 [details] [diff] [review]
Patch for review, v.1

a=mconnor on behalf of drivers, please add tests on checkin
Attachment #294716 - Flags: approval1.9? → approval1.9+
(Assignee)

Comment 4

10 years ago
Created attachment 295000 [details] [diff] [review]
Patch v.2, checked in

Fixed review nits and added tests.
Attachment #294716 - Attachment is obsolete: true
(Assignee)

Comment 5

10 years ago
Checking in browser/base/content/sanitize.js;
/cvsroot/mozilla/browser/base/content/sanitize.js,v  <--  sanitize.js
new revision: 1.24; previous revision: 1.23
done
Checking in browser/modules/Sanitizer.jsm;
/cvsroot/mozilla/browser/modules/Sanitizer.jsm,v  <--  Sanitizer.jsm
new revision: 1.24; previous revision: 1.23
done
Checking in toolkit/components/passwordmgr/public/nsILoginManager.idl;
/cvsroot/mozilla/toolkit/components/passwordmgr/public/nsILoginManager.idl,v  <--  nsILoginManager.idl
new revision: 1.7; previous revision: 1.6
done
Checking in toolkit/components/passwordmgr/public/nsILoginManagerStorage.idl;
/cvsroot/mozilla/toolkit/components/passwordmgr/public/nsILoginManagerStorage.idl,v  <--  nsILoginManagerStorage.idl
new revision: 1.9; previous revision: 1.8
done
Checking in toolkit/components/passwordmgr/src/storage-Legacy.js;
/cvsroot/mozilla/toolkit/components/passwordmgr/src/storage-Legacy.js,v  <--  storage-Legacy.js
new revision: 1.20; previous revision: 1.19
done
Checking in toolkit/components/passwordmgr/test/unit/test_storage_legacy_1.js;
/cvsroot/mozilla/toolkit/components/passwordmgr/test/unit/test_storage_legacy_1.js,v  <--  test_storage_legacy_1.js
new revision: 1.8; previous revision: 1.7
done

For a litmus test, one basically just needs to:
1: Enable master password
2: Tools -> Clear Private Data
3: Clear authenticated sessions (just in MP had already been entered)
4: Tools -> Clear Private Data

A master password prompt should not appear after step 2 or 4.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Flags: in-testsuite?
Flags: in-testsuite+
Flags: in-litmus?
Resolution: --- → FIXED
verified fixed using Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9b3pre) Gecko/2008010204 Minefield/3.0b3pre. I verified using the steps that dolske notes in Comment 5.
Status: RESOLVED → VERIFIED
https://litmus.mozilla.org/show_test.cgi?id=5069 has been added to Litmus to cover this issue.
Flags: in-litmus? → in-litmus+
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.