Thunderbird does not (offer to) remember authenticated proxy password

RESOLVED FIXED in Thunderbird 11.0

Status

Thunderbird
Security
RESOLVED FIXED
8 years ago
6 years ago

People

(Reporter: Kai Stukenbrock, Assigned: Irving)

Tracking

(Blocks: 1 bug)

unspecified
Thunderbird 11.0
Dependency tree / graph
Bug Flags:
in-litmus +

Thunderbird Tracking Flags

(thunderbird3.1 .17-fixed, thunderbird9 fixed, thunderbird10 fixed)

Details

Attachments

(1 attachment)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
Build Identifier: Thunderbird 3.0

I am sitting behind an authenticated proxy. When I open an HTML email that loads parts of the mail contents (e.g. images) through HTTP, the password dialogue for proxy authentication pops up (multiple times, actually, but that is a separate bug 469117). The proxy authentication dialogue window offers no checkbox to tell Thunderbird to remember the password. So the next time I start Thunderbird I have to enter the proxy username and password again (and again, multiple times).

This is a major annoyance, and a massive regression in behavior over Thunderbird 2.

Reproducible: Always
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 469117
(Reporter)

Comment 2

8 years ago
Sorry, but I beg to differ: this bug is _not_ a duplicate of bug 469117!

THIS bug is about Thunderbird not offering to save the proxy authentication password when opening an email.

Bug 469117 is about proxy authentication triggering multiple authentication windows. Fixing bug 469117 does _not_ fix this bug.
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
(In reply to comment #2)
 
> Bug 469117 is about proxy authentication triggering multiple authentication
> windows. Fixing bug 469117 does _not_ fix this bug.

How about it does it because the passwords are not saved.
Component: General → Security
QA Contact: general → thunderbird
(Reporter)

Comment 4

8 years ago
I am no expert on any of the code used here, but I doubt that; the multiple proxy authentication dialogues issue is also present in Firefox (bug 475053). Yet, in Firefox there is no problem with FF remembering (i.e storing in in the password manager and recalling it on next startup) the proxy authentication. So I would assume that the multiple authentication dialogues issue and the unwillingness to remember the proxy authentication are separate issues.

Comment 5

7 years ago
I add my voice to Kai on this bug. The behaviour on the latest version of Thunderbird is exactly as described. AND it is really annoying.

Comment 6

7 years ago
The really odd/frustrating thing with this bug is that (at least in 3.0.5), non-message things CAN use stored proxy settings. The "What's New" page for example can not only store the username and password, but will use it just fine.

Also, I'm getting this on Ubuntu 10.04. It's not platform dependant.

Comment 7

6 years ago
This is ANOYING LIKE HELL! Please fix it soon! PLEEEEEEZE!!

Comment 8

6 years ago
I confirm that this issue is present and VERY ANNOYING!!!
I'm using thunderbird V3.1.11 and at each update I hope to find the bug solved

Comment 9

6 years ago
I think this bug goes together with 469117 . i think if Tb would save the credentials, the bug #469117 would be solved too. 

Axel

Comment 10

6 years ago
Firefox had these two bugs, and they were distinct bugs.

1. Don't remember credentials.
2. Popup multiple password questions.

When you fix 1., you still get multiple password questions the first time round, because the password isn't remembered yet.  In other words you get 20 simultaneous dialog boxes BEFORE you can tick "remember", and click OK.

In fact, Firefox then ended up with a third problem: assuming your password locker has a master password, Firefox would popup 20 simultaneous questions for the master password.  You could work around that by not having a master password.

1. Remember credentials.
2. Make ask-for-password blocking, so only one dialog box at a time pops up.

The bugs are strongly related, and could probably be fixed by the same person.

For the Firefox bug, see # 475053 mentioned earlier by Kai.

Comment 11

6 years ago
hey there!
we got the same problem: our thunderbird v7 is on three winXP machines. all connected to the internet via squid proxy for which an authentication is needed. the proxy is added in the connection settings of thunderbird.

problem: if an email from our local email server is received which contains a HTML formatted email, for every single element, which needs to be downloaded from the net, a authentication dialog appears and asking for username and password... but: this dialog doesn't show a "remember"-option for the credentials.

workaround: whenever you startup thunderbird, first go to the menu Help -> About Thunderbird.. this checks for a new version of thunderbird in the internet. the authentication dialog appears with prefilled credentials and a "remember"-checkbox. once you just hit ok, thunderbird checks for a new version. just close the "about thunderbird"-dialog and open up a HTML-formatted email - é viola, the HTML content is loaded without authentication-dialog.

anyway, this really annoying but needs a fix! I would think that it can't be so hard to implement a "remember"-function to the dialog?! or just use the credentials which are used for the thunderbird-update-check..
Blocks: 564148
Assignee: nobody → irving
Created attachment 574692 [details] [diff] [review]
Only return notificationbox elements from getNotificationBox()

getNotificationBox() was returning a parent XUL element of the content window without checking that it was actually a XUL notificationbox; this caused the caller to later throw a no-such-method exception because it called a notificationbox method on the element.

By returning null when a notificationbox isn't obviously available, the password manager instead displays a checkbox in the notification dialog and correctly saves the password.
Attachment #574692 - Flags: review?(mbanner)
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
OS: Windows XP → All
Hardware: x86 → All
Blocks: 469117
Comment on attachment 574692 [details] [diff] [review]
Only return notificationbox elements from getNotificationBox()

yep, this now does the right thing for what we want, and is a big improvement.
Attachment #574692 - Flags: review?(mbanner) → review+
Checked into trunk builds:

http://hg.mozilla.org/comm-central/rev/69b52d8af4fa

Ludovic: these feels like something we should have some sort of test for. I'm not sure it is easy to do in automated testing with our current set up, there again I'm not sure about doing it in litmus. Thoughts?
Status: ASSIGNED → RESOLVED
Last Resolved: 8 years ago6 years ago
Flags: in-litmus?(ludovic)
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 11.0
Comment on attachment 574692 [details] [diff] [review]
Only return notificationbox elements from getNotificationBox()

I'm considering porting this to our branches so that it gets released earlier. It would be useful if folks seeing the issue could test today's nightly builds (a separate profile/backup is recommended) in a few hours when they appear here:

http://ftp.mozilla.org/pub/mozilla.org/thunderbird/nightly/latest-comm-central/
Attachment #574692 - Flags: approval-comm-beta?
Attachment #574692 - Flags: approval-comm-aurora?
There is some existing test code for proxies in

https://mxr.mozilla.org/comm-central/source/mozilla/netwerk/test/unit/test_auth_proxy.js

and

https://mxr.mozilla.org/comm-central/source/mozilla/browser/base/content/test/authenticate.sjs

but I'm not sure how easy it would be to get the UI side of the test working. We could at least trap the nasty exception log messages that the old code dumped (at least in debug builds).

Comment 17

6 years ago
(In reply to Mark Banner (:standard8) from comment #15)
> Comment on attachment 574692 [details] [diff] [review] [diff] [details] [review]
> I'm considering porting this to our branches so that it gets released
> earlier. It would be useful if folks seeing the issue could test today's
> nightly builds (a separate profile/backup is recommended) in a few hours
> when they appear here:

1st:

YES PLEASE! please backport to pretty much any older TB (up to TB3 :) ) ! This bug was a blocker in many ways for TB3+ use in enterprises.

2nd - Nightly Tests:

i tested nightly thunderbird-2011-11-15 >> FAILED
i tested nightly thunderbird-2011-11-16 >> PASSED!!!!!

GREAT JOB! 
As soon the Patch got back ported into the todays stable TB Version, hundreds if not thousands will be happy!

best regards
Axel

Comment 18

6 years ago
Yes, I'm agree with Axel.
Please backport to Thunderbird 3.1 as soon as possible !!!!! 200 users will be happy in our enterprise !! ;)))

I tested the last nightly of Thunderbird and it's ok  !!! Thank you very much.

best regards

Vincent
Attachment #574692 - Flags: approval-comm-beta?
Attachment #574692 - Flags: approval-comm-beta+
Attachment #574692 - Flags: approval-comm-aurora?
Attachment #574692 - Flags: approval-comm-aurora+
Attachment #574692 - Flags: approval-thunderbird3.1.17?
Checked in to branches for 9 & 10:

http://hg.mozilla.org/releases/comm-aurora/rev/4bfc00a0d86a
http://hg.mozilla.org/releases/comm-beta/rev/29a808426771
status-thunderbird10: --- → fixed
status-thunderbird9: --- → fixed
(In reply to Mark Banner (:standard8) from comment #14)
> Checked into trunk builds:
> 
> http://hg.mozilla.org/comm-central/rev/69b52d8af4fa
> 
> Ludovic: these feels like something we should have some sort of test for.
> I'm not sure it is easy to do in automated testing with our current set up,
> there again I'm not sure about doing it in litmus. Thoughts?

I'll add some litmus test - but the proxy part is almost *never* run. Having some test in litmus can't help. Running them specifically is more tricky as the user needs to have some kind of proxy setup.

https://litmus.mozilla.org/show_test.cgi?id=40446
Flags: in-litmus?(ludovic) → in-litmus+
Comment on attachment 574692 [details] [diff] [review]
Only return notificationbox elements from getNotificationBox()

Whilst this doesn't really fit under the normal rules of acceptability stability and security releases, and 3.1 support will be ending in a few months, we recognise that it is a significant issue for people seeing this bug and therefore we'll include the fix in for 3.1.17.
Attachment #574692 - Flags: approval-thunderbird3.1.17? → approval-thunderbird3.1.17+
Checked in: http://hg.mozilla.org/releases/comm-1.9.2/rev/9a0b75bf6ad7
status-thunderbird3.1: --- → .17-fixed
You need to log in before you can comment on or make changes to this bug.