Closed Bug 880670 Opened 10 years ago Closed 9 years ago

[email/activesync] some ActiveSync implementations blacklist Mozilla in the user-agent string and return a 440 status code; we should change our reported user agent

Categories

(Firefox OS Graveyard :: Gaia::E-Mail, defect)

ARM
Gonk (Firefox OS)
defect
Not set
normal

Tracking

(blocking-b2g:1.3+, b2g-v1.3 fixed, b2g-v1.3T fixed, b2g-v1.4 fixed, b2g-v2.0 verified, b2g-v2.1 verified)

RESOLVED FIXED
2.0 S4 (20june)
blocking-b2g 1.3+
Tracking Status
b2g-v1.3 --- fixed
b2g-v1.3T --- fixed
b2g-v1.4 --- fixed
b2g-v2.0 --- verified
b2g-v2.1 --- verified

People

(Reporter: juanpbf, Assigned: squib)

Details

Attachments

(5 files)

Reported by operator during IOT
Seen on Ikura

QC RIL version:
"ro.build.firmware_revision=V1.01.00.01.019.120"
gaia commit:
50abeb2 Merge pull request #10032 from alivedise/bugzilla/872912_v1.0.1b
gecko commit:
a6a5487 Bug 875483 - YouTube HTML5 Playback hangs Firefox. r=derf,a=tef+


When configuring an Email account, if you enter a wrong user or a wrong password, the message shown is not accurate

STEPS TO REPRODUCE:
    1. Open Email app. 
    2. Add a new account. 
    3. Enter the requested fields, but enter a wrong password.
    4. Check the error message shown.

CURRENT BEHAVIOUR:
"Hay un problema con "HTTPS://mailar.telefonica,com". Pruebe de nuevo pasados unos minutos."
("There is a problem with xxxx. Try again a few minutes later")

EXPECTED BEHAVIOUR:
There should be a message specifying that you have entered a wrong password
Can you provide the (unlocalized) error code in brackets displayed below the error message?  Also, please describe how you are setting up the account; manual setup or automatic?  What domain do you actually enter for the account?

We explicitly map 401 errors to 'bad-user-or-pass' which has some unit-test coverage, but the autodiscover function does have unconditional failover logic to trying a second domain in the event of any http error on the first domain.  Assuming there's not a problem with the telefonica server, we are likely turning the 401 into a dns lookup failure.
Flags: needinfo?(juan.perezbedmar)
Summary: [Email] Inaccurate message when wrong user/password is introduced → [email/activesync] bad-user-or-pass error may not be correctly reported during initial activesync account setup/configuration if a bad password/credentials are entered
I will contact with the reporter in the operator side as it was him who reproduced the bug. 

I'll come back with the feedback ASAP

BR
Flags: needinfo?(juan.perezbedmar)
This is the screenshot provided by the reporter. According to this, the error message received is 440
HTTP 440 isn't listed anywhere in the ActiveSync specs. While it's possible we're doing what comment 1 suggests, I doubt that's the issue here. Are you sure the server is configured correctly? HTTP 440 is used for Exchange (not ActiveSync, as far as I can tell), and refers to "login timeout".

Here's the best reference I could find to this: http://support.microsoft.com/kb/917686
Ok, I figured out why this is happening (or at least, I figured out one of the "whys"): c2s.fr is blocking ActiveSync connections if the User-Agent contains the string "Mozilla".

Maybe it's trying to block web browsers, since I'm pretty sure all of them have the string "Mozilla"?
Summary: [email/activesync] bad-user-or-pass error may not be correctly reported during initial activesync account setup/configuration if a bad password/credentials are entered → [email/activesync] some ActiveSync implementations blacklist Mozilla in the user-agent string and return a 440 status code; we should change our reported user agent
I encounter the same problem with my company's Exchange Server 2010: the OPTION request fails with HTTP 440 status.

Changing my phone user agent string (since it cannot be overridden at XMLHttpRequest level) to anything not containing "Mozilla" as described in https://wiki.mozilla.org/B2G/QA/Tips_And_Tricks#User_Agent makes ActiveSync works fine.
Assignee: nobody → squibblyflabbetydoo
Status: NEW → ASSIGNED
Attachment #8438822 - Flags: review?(bugmail)
Attachment #8438822 - Flags: review?(bugmail) → review+
Attachment #8438848 - Flags: review?(bugmail)
Attached file Update in Gaia
Attachment #8438849 - Flags: review?(bugmail)
Attachment #8438848 - Flags: review?(bugmail) → review+
Attachment #8438849 - Flags: review?(bugmail) → review+
Attachment #8438822 - Attachment description: Fix it in jsas → Fix it in jsas [checked in]
Attachment #8438848 - Attachment description: Update in GELAM → Update in GELAM [checked in]
Comment on attachment 8438849 [details] [review]
Update in Gaia

I've verified that this works with a real account that was experiencing the issue, so we can land this just as soon as the tree reopens.
Landed.
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Flags: in-testsuite-
Resolution: --- → FIXED
Comment on attachment 8438849 [details] [review]
Update in Gaia

[Approval Request Comment]
[Bug caused by] (feature/regressing bug #): Has always existed; a problem with ActiveSync servers that sniff the user-agent to decide whether they're talking to an ActiveSync client or a web browser.
[User impact] if declined: Bug 1020069, a 1.3 cert-blocker cannot be uplifted/fixed, people get sad.
[Testing completed]: :squib tested.
[Risk to taking this patch] (and alternatives if risky):  Risk is considered low, but the fundamental risk would be that there is some type of other user-agent sniffing going on out there where ActiveSync servers really want to see "Mozilla" or something like that in the user-agent.  This is deemed unlikely because no ActiveSync clients out there are believed to do this.  Waiting is unlikely to help us gain additional confidence about this.
[String changes made]: No l10n-related strings were touched.
Attachment #8438849 - Flags: approval-gaia-v1.3?
Blocking a 1.3 blocker, clearing for uplift.
blocking-b2g: 1.3? → 1.3+
Thanks for that quick fix!
This means that contrarily to what is told in bug 627942 it is now allowed to override user agent on XMLHttpRequest. Is this allowed for privileged apps / extensions only? Is this behavior documented somewhere?
Attachment #8438849 - Flags: approval-gaia-v1.3? → approval-gaia-v1.3+
Attached image Verify_image.png
This issue has been verified successfully on Flame 2.0,2.1

See attachment: Verify_image.png
Reproducing rate: 0/5
Flame 2.1 build:
Gaia-Rev        db2e84860f5a7cc334464618c6ea9e92ff82e9dd
Gecko-Rev       https://hg.mozilla.org/releases/mozilla-b2g34_v2_1/rev/211eae88f119
Build-ID        20141126001202
Version         34.0
FLame 2.0 build:
Gaia-Rev        f9d6e3d83c3922e9399a6c27f5ce4cdd27bdfd05
Gecko-Rev       https://hg.mozilla.org/releases/mozilla-b2g32_v2_0/rev/45112935086f
Build-ID        20141126000203
Version         32.0
You need to log in before you can comment on or make changes to this bug.