Closed Bug 499938 Opened 15 years ago Closed 15 years ago

can't add a login with a null or empty password

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 399703

People

(Reporter: haircut, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11

When using basic HTTP authentication to login to a site where the login has a username but no password, Firefox cannot memorize the login information for later auto-login.

Reproducible: Always

Steps to Reproduce:
1. visit https://mifos.dev.java.net/svn/mifos/
2. enter username "guest", with no password
3. notice prompt: "Do you want Firefox to remember this password?"
4. click "Remember"
Actual Results:  
Nothing appears to happen, but an exception can be seen in the error console:

Error: [Exception... "'Can't add a login with a null or empty password.' when calling method: [nsILoginManager::addLogin]"  nsresult: "0x8057001e (NS_ERROR_XPC_JS_THREW_STRING)"  location: "JS frame :: file:///usr/lib/xulrunner-1.9.0.11/components/nsLoginManagerPrompter.js :: anonymous :: line 635"  data: no]
Source File: file:///usr/lib/xulrunner-1.9.0.11/components/nsLoginManagerPrompter.js
Line: 635



Expected Results:  
Firefox would store the login information and pre-populate the basic HTTP auth login form on future visits to the realm.

* Clicking "Never for This Site" or "Not Now" works as expected.
* I'm using Firefox 3.0.11 on Ubuntu 9.04
Blocks: 61681
Also seen on Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729) (Windows Vista, Firefox 3.0.11)

From http://mxr.mozilla.org/mozilla-central/source/toolkit/components/passwordmgr/src/nsLoginManager.js#413

if (login.password == null || login.password.length == 0)
     throw "Can't add a login with a null or empty password.";

Can anyone think of any reasons why we shouldn't allow null/empty passwords?  If not, removing that check ought to fix the problem.
Here's an idea:

  if (login.password == null && login.password.length == 0)
      throw "Can't add a login with a null or empty username AND a null or empty password.";
Ugh, nevermind, that's not correct.
Component: Location Bar and Autocomplete → Password Manager
Product: Firefox → Toolkit
QA Contact: location.bar → password.manager
Even then, why shouldn't you be allowed to submit an empty username/password pair?  If it violates the RFC (I haven't looked) password manager shouldn't be the one deciding that, it should be netwerk.
Fwiw, this is a dupe of bug 399703, and I am still of the opinion this should be saved and not be a special case. Reopening and duping.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Well, it is a dupe, though not a regression because the original bug was never fixed in 399703.  I agree with Frédéric Wenzel that the requested behavior and not the implemented behavior should be the way to go.  See my comments on 399703.  At the moment though, not only is the behavior (in my opinion) incorrect it's actually different for HTML Forms and Protocol Authentication.
Scratch the last, this has been fixed on trunk, although in my (and Frédéric's) opinion in the wrong direction.
You need to log in before you can comment on or make changes to this bug.