456904 - Add affordance for a user to manually add login credentials in Saved Passwords

Status: RESOLVED DUPLICATE of bug 1549801

(Toolkit :: Password Manager, defect, P2)

Description

[Fabio]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.2) Gecko/2008091620 Firefox/3.0.2
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.2) Gecko/2008091620 Firefox/3.0.2

Firefox is not able to save the password for some websites which redirects the user after signing in.

To fix this situation either simply adds an "Add" button in Saved Passwords to store new password or fix the issue.

I don't have the url in which firefox could not save the password. As soon as i have, i can post in here.

Thank u

PS: IT HAPPENS ONLY WHEN THE WEBSITE REDIRECTS YOU RIGHT AFTER YOU SIGN IN.



Reproducible: Always

Steps to Reproduce:
1. Go to a website which redirects you to another page right after sinning in
2. Sign Up
3. Firefox will prompt for store the password.
4. Clicking Save won't have any result.
5. Check the Saved Passwords list, this website is not gonna be there.

Comment 1

[Dave Townsend [:mossop]]

I suspect the correct way to fix this is just to make the password manager handle redirects correctly. See also bug 264201 and bug 409922 when editing passwords in the UI is considered a WONTFIX.

Comment 2

[Justin Dolske [:Dolske]]

Yeah, an "add login" is WONTFIX. You'd have to provide the form submit URL and field names, which is terrible UI.

OTOH, site redirects should be handled, so if you can find a site to reproduce your original problem on please file that as a new bug. The notification bar for saving a login will go away when the the location changes, but only if that happens after a delay (10 seconds, iirc). This was a tradeoff to allow redirects when need (eg, logins to gmail.com), while still removing the bar when the user clicks a link or somesuch.

Comment 3

[Fabio]

http://www.flickr.com/signin/

Comment 4

[Justin Dolske [:Dolske]]

Yahoo logins are not saved due to the site setting autocomplete="off" on the form. You can use a bookmarklet to clear the attribute and allow saving the login:

https://www.squarefree.com/bookmarklets/forms.html#remember_password

Comment 5

[Fabio]

Thank you!

I will try to find the website which redirects you. and post a new ticket as you said.

Comment 6

[Matthew N. [:MattN]]

(In reply to Justin Dolske [:Dolske] from comment #2)
> You'd have to provide the form submit URL and field names, which is terrible UI.

I think we're going to revisit the need for the form submit URL in the near future.

Comment 7

[Ryan Feeley [:rfeeley]]

See the New Login tab of the LucidChart document.

Comment 8

[Matthew N. [:MattN]]

I think we can store a wildcard formSubmitURL but how should we handle the HTTP Auth Realm. Currently the realm is displayed in the same column as the form origin but in brackets. I'm not sure it's worth moving it to its own column since it adds complexity but what if a user wants to manually add an HTTP auth credential? I believe a login can currently either be for forms or HTTP auth but not both.

Comment 9

[Matthew N. [:MattN]]

Pre-landing strings so we can do this in 42 with the rest of the editability that already landed.

Comment 10

[Pulsebot]

https://hg.mozilla.org/integration/fx-team/rev/39d8f49f142e

Comment 11

[Phil Ringnalda (:philor)]

https://hg.mozilla.org/mozilla-central/rev/39d8f49f142e

Comment 12

[Riadh Chtara[:rchtara]]

Attachment: add.patch

not finished yet  patch

Comment 13

[Riadh Chtara[:rchtara]]

This is the patch I start working on before moving to migration because it have greater priority.

Comment 16

[alex_mayorga]

[Tracking Requested - why for this release]: Would be a nice feature to have and by the number of duplicates it is a sought after feature plus it has a work in progress patch.

Comment 17

[Matthew N. [:MattN]]

While I also very much wish this was implemented, there's no reason for this to be tracked for 57.

Comment 18

[Firefox Bug Husbandry Bot]

https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Move_fix-optionals

Comment 19

[Aquila]

I was looking for this feature too, because I thought that I could manage other logins which aren't related to the internet and web sites in Firefox, so that I don't need another application to manage them.

Comment 20

[Peter Bittner]

I understand that this bug report deals almost entirely with actual "login form recognition" problems.

But wouldn't it be acceptable to simply provide and "Add" and "Edit" button in the Password Manager dialog, in addition?

This would make all those users happy that lost one of their favorite extensions with Quantum: the Saved Password Editor. https://addons.mozilla.org/en-US/firefox/addon/saved-password-editor/

Comment 21

[Ryan Feeley [:rfeeley]]

Attachment: fill-login-current.png

When a password field is present on a page, the contextual menu has a Fill Login section that allows user to fill in existing saved logins (if there are any) and View Saved Logins. See attached.

I imagine that this section could be reworked to support manually saving credentials in advance of submitting the form.

Imagine the context menu with something like:

> Select All
> ----------------
> Saved Logins
>
>> Save This Login
>> ----------------
>> user1@example.com
>> user2@example.com
>> ----------------
>> View Saved Logins
>
> ----------------
> Inspect Element

There would be more to it then this, as you you disable Save This Login when the form is blank, or filled with an existing credential, but this would be a start.

I understand that the Lockbox team will be working on core password features of the browser. Ryan Gaddis, any thoughts on this?

Comment 22

[rgaddis]

We're currently exploring a rework of the Saved Logins that would include the ability to add new logins manually, within an improved Management-style interface. From there, we'd consider additional secondary measures (such as context menus) to help provide additional means for saving. 

Additionally, we're considering a Saved Logins doorhanger that would allow easier access to logins and management. 

We're preparing for a Shield experiment that would help test some of our approaches in the browser soon. I'll provide additional info here once we move forward.

Comment 23

[Peter Bittner]

This sounds super-promising! If you also considered adding auto-generating strong random passwords then this would make it obsolete having to rely on plugins like [1]. And some confidence indicators on how safe or strong a password is.

[1] https://addons.mozilla.org/en-US/firefox/addon/secure-password-generator/

Comment 24

[rgaddis]

Absolutely Peter, and pw generation certainly has been discussed by our team as a good value once we have a better foundation in place :)

Comment 26

[mark.f.bennett]

(In reply to rgaddis from comment #22)
> We're currently exploring a rework of the Saved Logins that would include
> the ability to add new logins manually, within an improved Management-style
> interface. From there, we'd consider additional secondary measures (such as
> context menus) to help provide additional means for saving. 
> 
> Additionally, we're considering a Saved Logins doorhanger that would allow
> easier access to logins and management. 
> 
> We're preparing for a Shield experiment that would help test some of our
> approaches in the browser soon. I'll provide additional info here once we
> move forward.

@rgaddis I'm a web developer (JS, Rails, React, etc.) curious if there's anything I can do to help with code for this as this is a feature I'd really like to see roll out sooner rather than later (specifically, manually storing passwords and automatically generating strong passwords)

Thanks, and thanks to everyone on the Firefox team. :)

Comment 27

[pavel.lutskov]

Maybe first just implement an "Add" button in the Saved Logins for manual creation/editing
as soon as possible? Because currently there doesn't exist any sane way to save a password
for sites, on which the login forms aren't automatically detected. 

This would not be the perfect solution, but right now the users have to resort to copy-pasting
passwords from text files or third-party apps like KeePass, which is even further from ideal.

Comment 28

[rgaddis]

(In reply to mark.f.bennett from comment #26)
> (In reply to rgaddis from comment #22)
> > We're currently exploring a rework of the Saved Logins that would include
> > the ability to add new logins manually, within an improved Management-style
> > interface. From there, we'd consider additional secondary measures (such as
> > context menus) to help provide additional means for saving. 
> > 
> > Additionally, we're considering a Saved Logins doorhanger that would allow
> > easier access to logins and management. 
> > 
> > We're preparing for a Shield experiment that would help test some of our
> > approaches in the browser soon. I'll provide additional info here once we
> > move forward.
> 
> @rgaddis I'm a web developer (JS, Rails, React, etc.) curious if there's
> anything I can do to help with code for this as this is a feature I'd really
> like to see roll out sooner rather than later (specifically, manually
> storing passwords and automatically generating strong passwords)
> 
> Thanks, and thanks to everyone on the Firefox team. :)

Hey Mark, thanks for the offer! We'd love to have you as a contributor :)

We're currently getting everything in place for our repo and planning; I'll be able to provide our repo and some additional context at the start of the year, and I'll reply to this thread once we're in a position to take you up on the offer!

Comment 29

[rgaddis]

(In reply to pavel.lutskov from comment #27)
> Maybe first just implement an "Add" button in the Saved Logins for manual
> creation/editing
> as soon as possible? Because currently there doesn't exist any sane way to
> save a password
> for sites, on which the login forms aren't automatically detected. 
> 
> This would not be the perfect solution, but right now the users have to
> resort to copy-pasting
> passwords from text files or third-party apps like KeePass, which is even
> further from ideal.

Hey Pavel,

Thanks for the comment; unfortunately, a seemingly simple fix (adding a button for manual entry) is more complicated than it would seem, due to the underlying code that powers saved logins... but we're going to be instituting a way in which there will be a better saved logins experience starting in early 2019, including a completely revamped UI and better management capabilities (including adding entries manually)

Stay tuned!

Comment 30

[rgaddis]

(In reply to mark.f.bennett from comment #26)

(In reply to rgaddis from comment #22)

We're currently exploring a rework of the Saved Logins that would include
the ability to add new logins manually, within an improved Management-style
interface. From there, we'd consider additional secondary measures (such as
context menus) to help provide additional means for saving.

Additionally, we're considering a Saved Logins doorhanger that would allow
easier access to logins and management.

We're preparing for a Shield experiment that would help test some of our
approaches in the browser soon. I'll provide additional info here once we
move forward.

@rgaddis I'm a web developer (JS, Rails, React, etc.) curious if there's
anything I can do to help with code for this as this is a feature I'd really
like to see roll out sooner rather than later (specifically, manually
storing passwords and automatically generating strong passwords)

Thanks, and thanks to everyone on the Firefox team. :)

Hey Mark,

Happy New Year! As promised, here's the repo for our work around building out a new approach for managing and accessing saved logins within the browser: https://github.com/mozilla-lockbox/lockbox-addon

Please look things over and feel free to reach out or contribute as you see fit!

Comment 31

[mark.f.bennett]

Thanks @rgaddis I'll check out the issues in the repo! Really cool to see Mozilla looking at building addons for other platforms beyond just Firefox.

Comment 32

[Matthew N. [:MattN]]

(In reply to rgaddis from comment #29)

(In reply to pavel.lutskov from comment #27)

Maybe first just implement an "Add" button in the Saved Logins for manual
creation/editing
as soon as possible? Because currently there doesn't exist any sane way to
save a password
for sites, on which the login forms aren't automatically detected.

This would not be the perfect solution, but right now the users have to
resort to copy-pasting
passwords from text files or third-party apps like KeePass, which is even
further from ideal.

Hey Pavel,

Thanks for the comment; unfortunately, a seemingly simple fix (adding a
button for manual entry) is more complicated than it would seem, due to the
underlying code that powers saved logins...

This isn't true, it's actually quite straight-forward but the password manager just wasn't prioritized for many years unfortunately.