Open Bug 551948 Opened 11 years ago Updated 2 years ago
"Select which login to update:" UI appears when doing a password change with multiple diff
. saved logins and no editable username field
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 actually all I did is trying to create change password form, which has: 1) current password 2) new password the problem is that when posting this, the password manager - popup asks which user's password we would like to change. so: we gave him the user name (=email) in a hidden textbox. this will prevent the popup to raise. but it is a bad design. I would prefer doing this using a hidden field - this is not working! Reproducible: Always Steps to Reproduce: 1. have a web site with users and passwords 2. create 3 users in your site, 2 of them have the save password allowed for your site. 3. change password page - create a form with hidden field, current password, new password 4. enter with the 3rd user (the one that didn't allow saving his password) and try to change his password. 5. now the password manager will ask for the user who change his password, although the tool should understand it because of the hidden field with the email. Actual Results: password manager - popup raised Expected Results: change the password without user intervention
please provide either a testcase as attachment or a link to a public site as an example to your report to make your issue understandable.
Component: Security → General
QA Contact: firefox → general
If the password manager has multiple logins stored for a site, when it sees a form with only password fields it doesn't know which username the form is for. Most people never see this (because they only have 1 account on a site). Your fix (hidden username field) is exactly what I'd recommend. I suppose it's possible that we could be smarter about using the login which has a password matching the value being changed, although that's not always reliable.
Component: General → Password Manager
Product: Firefox → Toolkit
QA Contact: general → password.manager
@Xtc4uall - right now I don't have a public site, will be up later on this year, but I wrote the case exactly. @justin - I suggest to replace the hidden text box with hidden field this is the bug. I would like the programmers to have the option to add a hidden field with the username\email. I agree that matching the value is not good enough and error prune.
(In reply to shani from comment #3) > @justin - I suggest to replace the hidden text box with hidden field this is > the bug. I would like the programmers to have the option to add a hidden > field with the username\email. The reason the hidden input doesn't work is because we don't allow hidden inputs to be usernames . a readonly or disabled username input should work along with the display:none trick. After bug 1119067, the standard way of doing this would be <input type=hidden value=someusername autocomplete=username />. Without using @autocomplete, we could also search <input type=hidden /> and see if any have a value that matches a username we know about.  https://mxr.mozilla.org/mozilla-central/source/toolkit/components/passwordmgr/LoginManagerContent.jsm?rev=12a7e4dd8949#346
Attachment #8546945 - Attachment mime type: text/plain → text/html
Summary: No offer to update a password when there are multiple saved logins → "Select which login to update:" UI appears when doing a password change with multiple diff. saved logins and no editable username field
You need to log in before you can comment on or make changes to this bug.