Closed
Bug 499938
Opened 15 years ago
Closed 15 years ago
can't add a login with a null or empty password
Categories
(Toolkit :: Password Manager, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 399703
People
(Reporter: haircut, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 When using basic HTTP authentication to login to a site where the login has a username but no password, Firefox cannot memorize the login information for later auto-login. Reproducible: Always Steps to Reproduce: 1. visit https://mifos.dev.java.net/svn/mifos/ 2. enter username "guest", with no password 3. notice prompt: "Do you want Firefox to remember this password?" 4. click "Remember" Actual Results: Nothing appears to happen, but an exception can be seen in the error console: Error: [Exception... "'Can't add a login with a null or empty password.' when calling method: [nsILoginManager::addLogin]" nsresult: "0x8057001e (NS_ERROR_XPC_JS_THREW_STRING)" location: "JS frame :: file:///usr/lib/xulrunner-1.9.0.11/components/nsLoginManagerPrompter.js :: anonymous :: line 635" data: no] Source File: file:///usr/lib/xulrunner-1.9.0.11/components/nsLoginManagerPrompter.js Line: 635 Expected Results: Firefox would store the login information and pre-populate the basic HTTP auth login form on future visits to the realm. * Clicking "Never for This Site" or "Not Now" works as expected. * I'm using Firefox 3.0.11 on Ubuntu 9.04
Also seen on Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729) (Windows Vista, Firefox 3.0.11) From http://mxr.mozilla.org/mozilla-central/source/toolkit/components/passwordmgr/src/nsLoginManager.js#413 if (login.password == null || login.password.length == 0) throw "Can't add a login with a null or empty password."; Can anyone think of any reasons why we shouldn't allow null/empty passwords? If not, removing that check ought to fix the problem.
Reporter | ||
Comment 2•15 years ago
|
||
Here's an idea: if (login.password == null && login.password.length == 0) throw "Can't add a login with a null or empty username AND a null or empty password.";
Reporter | ||
Comment 3•15 years ago
|
||
Ugh, nevermind, that's not correct.
Updated•15 years ago
|
Component: Location Bar and Autocomplete → Password Manager
Product: Firefox → Toolkit
QA Contact: location.bar → password.manager
Even then, why shouldn't you be allowed to submit an empty username/password pair? If it violates the RFC (I haven't looked) password manager shouldn't be the one deciding that, it should be netwerk.
Comment 5•15 years ago
|
||
Fwiw, this is a dupe of bug 399703, and I am still of the opinion this should be saved and not be a special case. Reopening and duping.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Well, it is a dupe, though not a regression because the original bug was never fixed in 399703. I agree with Frédéric Wenzel that the requested behavior and not the implemented behavior should be the way to go. See my comments on 399703. At the moment though, not only is the behavior (in my opinion) incorrect it's actually different for HTML Forms and Protocol Authentication.
Scratch the last, this has been fixed on trunk, although in my (and Frédéric's) opinion in the wrong direction.
You need to log in
before you can comment on or make changes to this bug.
Description
•