Closed
Bug 733217
Opened 12 years ago
Closed 9 years ago
Password is not auto-filled on accounts.google.com with a hidden username field
Categories
(Toolkit :: Password Manager, enhancement)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: dean.prog, Unassigned)
References
(Depends on 1 open bug, )
Details
Attachments
(2 files, 1 obsolete file)
Google's Login Page
The password manager is not usable when you have more than one account at a site which does not include a username field on the same page as the password field. Google does this (screenshot attached) as well as some banks. Happens: Always Steps to reproduce: * Create multiple GMail accounts * Visit http://gmail.com/ Log in to each account (allow firefox to save passwords) * Delete all google cookies * Visit http://gmail.com/ * OK: can type/select username and then password field is automatically filled-in. * finish the login * Wait for login to time-out (can simulate this by deleting all google cookies EXCEPT "LSID" cookie to accounts.google.com) * Visit http://gmail.com/ * NOT OK: Google presents login page, but no username field is present (username displayed in a span element; also exists in a hidden input field, but that does not seem to tip off firefox either), so password manager can not fill in password. It would be really nice if there were a way to insert the password on sites that do this. Due to the difficulty of extracting the user name, I would not expect firefox to auto-fill the correct password for the current account (my bank web page puts the user name and password fields on completely separate pages which would make that completely impossible). One possible solution/interface: Display a list of known logins for the current site in the popup menu you get from right-clicking on the password field: [ Undo ] [ Cut ] [ Copy ] [ ... ] [ Insert Password For: ] [ dean@serenevy.net ] [ bob@example.com ] Upon selecting one of the login names, the corresponding password would be inserted into the password field. If no username is known for one or more password, display either "UNKNOWN USER 1", "UNKNOWN USER 2", ... or perhaps the first 2-3 characters of the password followed by stars: "foo*********", "bar**********" in place of the username in the popup menu (though the security risk may not be desirable there). Thank you.
|
||
Updated•11 years ago
|
Component: Untriaged → Password Manager
Product: Firefox → Toolkit
|
||
Comment 1•11 years ago
|
||
Hello Dean, thanks for the detailed steps to reproduce. (In reply to Dean Serenevy from comment #0) > * NOT OK: Google presents login page, but no username field is present > (username displayed in a span element; also exists in a hidden input field, > but that does not seem to tip off firefox either), so password manager can > not fill in password. In this case we should probably try to fill in the password based on the username in the hidden input. No additional UI should be necessary for this.
Summary: Password Manager usability when no username field present → Password is not auto-filled on accounts.google.com with a hidden username field
|
||
Comment 2•11 years ago
|
||
Does the username actually exist as a hidden input element? We don't do any explicit checks for that, so it should already work.
|
|
||
Comment 3•11 years ago
|
||
Comment 0 claims that it is but I didn't try to reproduce the bug to confirm for myself.
|
|
||
Comment 4•11 years ago
|
||
(In reply to Dean Serenevy from comment #0) > * Wait for login to time-out (can simulate this by deleting all google > cookies EXCEPT "LSID" cookie to accounts.google.com) This doesn't work for me. I just get tossed back to the full login page (i.e., with both username and password inputs).
|
Reporter | |
Comment 5•11 years ago
|
||
Attachment #603114 -
Attachment is obsolete: true
|
|
Reporter | |
Comment 6•11 years ago
|
||
Well, they seem to have changed their code in the year and a half since I reported the bug. However it still happens if you wait for your login to time out - I couldn't find the right combination of cookies to delete to trigger it manually. However, I've attached an updated screenshot and a copy of the HTML. The relevant section is: <div class="email-div"> <label for="Email"><strong class="email-label">Email</strong></label> <input type="hidden" name="Email" id="Email" value="duelafn@gmail.com" > <input type="hidden" name="PersistentCookie" value="yes"> <span id="reauthEmail" class="reauth">duelafn@gmail.com</span> </div> <div class="passwd-div"> <label for="Passwd"><strong class="passwd-label">Password</strong></label> <input type="password" name="Passwd" id="Passwd" > </div>
|
|
||
Comment 8•9 years ago
|
||
This is related to bug 551948 so I'm copying my comment from there: (Quoting Matthew N. [:MattN] from bug 551948 comment #4) > The reason the hidden input doesn't work is because we don't allow hidden > inputs to be usernames [1]. a readonly or disabled username input should > work along with the display:none trick. After bug 1119067, the standard way > of doing this would be <input type=hidden value=someusername > autocomplete=username />. > > Without using @autocomplete, we could also search <input type=hidden /> and > see if any have a value that matches a username we know about. > > [1] https://mxr.mozilla.org/mozilla-central/source/toolkit/components/passwordmgr/LoginManagerContent.jsm?rev=12a7e4dd8949#346
|
|
||
Comment 9•9 years ago
|
||
Google has fixed this on their end AFAICT as they now use <input type="email" class="hidden"> with the style:
.hidden {
height: 0px;
width: 0px;
overflow: hidden;
visibility: hidden;
display: none !important;
}
Reopen if you are still seeing a problem with this. Multiple accounts are properly handled this way too.Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•