Closed Bug 623795 Opened 15 years ago Closed 15 years ago

Sync setup and Add a Device wizard should trigger master password dialog and bail if that's cancelled

Categories

(Firefox :: Sync, defect)

Product:
Firefox
Component:
Sync
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
blocking2.0 --- betaN+

People

(Reporter: rnewman, Assigned: rnewman)

References

Details

(Whiteboard: [softblocker][has patch][has review])

Attachments

(2 files, 5 obsolete files)

fx-sync part. v2
5.01 KB, patch
philikon
: review+
Details | Diff | Splinter Review
m-c UI/wizard changes. v3
4.75 KB, patch
philikon
: review+
Details | Diff | Splinter Review
Its inability to apply common sense leads to Sync being "set up", yet having no credentials after restart. That's no good. See also Bug 620992.
The wizard prompts for the MP at the end, so this is only a problem if you cancel it.
Summary: Sync setup wizard should refuse to finish if master password is locked → Sync setup wizard should refuse to finish if master password is cancelled
Looking into this.
Assignee: nobody → rnewman
Status: NEW → ASSIGNED
I think we should prompt for the MP at the very beginning of the wizard and if the MP dialog is cancelled, we just should bail out of the wizard altogether. This also goes for the Add a Device wizard. There are several good reasons for this, the most important ones of which are: * Going through a multiple step wizard and THEN being told "owait we can't let you do this if you don't unlock your master password" sucks * We already create the user account before the last step, so the acocunt would've been created but the credentials wouldn't have been stored locally. FAIL. This also applies to the Add a Device wizard.
Summary: Sync setup wizard should refuse to finish if master password is cancelled → Sync setup and Add a Device wizard should trigger master password dialog and bail if that's cancelled
Note that I use a master password re-locking plugin that locks MP a certain number of seconds after it's unlocked, so you'll still need to make sure MP is unlocked at various places during setup.
Attached patch Util for unlocking MP. v1 (obsolete) — Splinter Review
First half. This adds a function to Weave.Utils to unlock the master password, returning true if it's unlocked (or doesn't need it). No automated tests for this: we'd only be able to test the uninteresting part.
Attachment #502842 - Flags: review?(philipp)
Attached patch m-c UI/wizard changes. v1 (obsolete) — Splinter Review
Second half. This adds appropriate unlock calls to: * Each button in the setup wizard * onWizardAdvance, to catch re-locks (though I haven't tested timed re-locks; I don't think that should be an explicitly supported case, but this addition was easy enough) * The "Add a Device" link in Sync Prefs, which ensures that the J-PAKE sender can actually access its credentials! I tried to put appropriate User annotations into the patch, Philipp; I don't think my L3 access has been assigned yet, so you'll be on the hook for committing this. Sorry.
Attachment #502843 - Flags: review?(philipp)
Note that these changes don't affect the add-on UI yet. Coming soon.
Attached patch Sync UI. v1 (obsolete) — Splinter Review
Attachment #502859 - Flags: review?(philipp)
Attached patch Util for unlocking MP. v2 (obsolete) — Splinter Review
This needs proper review.
Attachment #502842 - Attachment is obsolete: true
Attachment #502862 - Flags: review?
Attachment #502842 - Flags: review?(philipp)
Attached patch m-c UI/wizard changes. v2 (obsolete) — Splinter Review
Renaming method.
Attachment #502843 - Attachment is obsolete: true
Attachment #502864 - Flags: review?(philipp)
Attachment #502843 - Flags: review?(philipp)
blocking2.0: --- → betaN+
Comment on attachment 502862 [details] [diff] [review] Util for unlocking MP. v2 This is now a blocker, dolske :). Could you review or suggest somebody else who could?
Attachment #502862 - Flags: review? → review?(dolske)
Whiteboard: [softblocker]
Whiteboard: [softblocker] → [softblocker][has patch][needs review dolske][needs review philipp]
Comment on attachment 502862 [details] [diff] [review] Util for unlocking MP. v2 >--- a/services/sync/modules/util.js ... >+ ensureMPUnlocked: function ensureMPUnlocked(force) { >+ let d = Cc["@mozilla.org/security/pk11tokendb;1"].getService(Ci.nsIPK11TokenDB); I'd ideally like to just use a Login Manager interface here (since the end goal is to store the Sync credential there), but since you want to support this code on Firefox 3.6 nsILoginManagerCrypto isn't available there... So let's not worry too much about that for now. :) Why is |force| an argument here? It's not used. >+ if (!token.needsLogin()) >+ return true; >+ token.login(force); I'm a little wary of this; nothing else seems to call this particular API, and experience from bug 437904 does not give me the greatest confidence in this code. :/ I'd just just using nsISecretDecoderRing, and try encrypting a test string. Either it will work (no MP, or user entered it), or it will throw (user canceled MP entry or something is terribly broken). eg ensureMPUnlocked() { sdr = Cc["@mozilla.org/security/sdr;1"].getService(Ci.nsISecretDecoderRing); var ok = false; try { sdr.encryptString("bacon"); ok = true; } catch(e) { } return ok; }
Attachment #502862 - Flags: review?(dolske) → review-
(In reply to comment #13) > I'd just just using nsISecretDecoderRing, and try encrypting a test string. > Either it will work (no MP, or user entered it), or it will throw (user > canceled MP entry or something is terribly broken). That's what I like to see :D Thanks dolske! Will resubmit using ISDR.
Attached patch fx-sync part. v2Splinter Review
This version: * Incorporates dolske's function in its entirety, so the separate patch is gone. Works on 3.5.16. * Also fixes Bug 620613 by refusing to open the sync key dialog unless the MP is unlocked. I'm building and testing on m-c now.
Attachment #502859 - Attachment is obsolete: true
Attachment #502862 - Attachment is obsolete: true
Attachment #503376 - Flags: review?(philipp)
Attachment #502859 - Flags: review?(philipp)
Fixes Bug 620613, tested with dolske's new function.
Attachment #502864 - Attachment is obsolete: true
Attachment #503388 - Flags: review?(philipp)
Attachment #502864 - Flags: review?(philipp)
Blocks: 620613
Whiteboard: [softblocker][has patch][needs review dolske][needs review philipp] → [softblocker][has patch][needs review philipp]
Flags: in-litmus?
Comment on attachment 503376 [details] [diff] [review] fx-sync part. v2 > onWizardAdvance: function () { >+ // Check pageIndex so we don't prompt before the Sync setup wizard appears. >+ // This is a fallback in case the Master Password gets locked mid-wizard. >+ if ((this.wizard.pageIndex >= 0) && >+ !Weave.Utils.ensureMPUnlocked()) { >+ >+ // Leave canAdvance set according to onPageShow, because it dictates >+ // whether the Next button stays enabled. Return false to prevent the >+ // wizard from advancing to the next page. >+ this.onPageShow(); >+ return false; Why is onPageShow() needed here? onPageShow() effectively resets the page's state to what it was when you first hit it. I don't think that's the behaviour we want when we refuse to advance. Now fortunately, for some pages it calls checkFields() so it may magically work. That doesn't mean it's correct.
Attachment #503376 - Flags: review?(philipp) → review+
Comment on attachment 503388 [details] [diff] [review] m-c UI/wizard changes. v3 Same question regarding onPageShow()
Attachment #503388 - Flags: review?(philipp) → review+
Whiteboard: [softblocker][has patch][needs review philipp] → [softblocker][has patch][has review]
(In reply to comment #17) > Why is onPageShow() needed here? It's not. Removed! Pushed in two parts: Utils: http://hg.mozilla.org/services/fx-sync/rev/8c27e8eacc65 UI: http://hg.mozilla.org/services/fx-sync/rev/e7aaaf3d7dae m-c next.
Landed m-c bits: http://hg.mozilla.org/mozilla-central/rev/c5f1cf237550
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Of course I forgot to apply the review comments: http://hg.mozilla.org/mozilla-central/rev/9f412256da4c
No longer blocks: 615950
(In reply to comment #13) >>+ if (!token.needsLogin()) >>+ return true; >>+ token.login(force); >I'm a little wary of this; nothing else seems to call this particular API, and >experience from bug 437904 does not give me the greatest confidence in this >code. :/ Although to be fair that was logging out, not logging in.
removing in-litmus flag, it no longer exists
Flags: in-litmus?
Component: Firefox Sync: Backend → Sync
Product: Cloud Services → Firefox
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: