Don't prompt to save single-character passwords
Categories
(Toolkit :: Password Manager, enhancement, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox68 | --- | verified |
People
(Reporter: MattN, Assigned: sfoster)
References
Details
User Story
I think the best solution would be to change the `skipEmptyFields` argument to also cause the function to skip field with single-character password values.
Attachments
(2 files)
Sites use single-character values to defeat our skipEmptyFields
heuristic at capture time. It's probably not useful to save a single-character password as most sites wouldn't allow such a short password.
This should fix sites like citi.com which have many hidden password fields with static single-character passwords.
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 1•5 years ago
|
||
Test case: when submitting the form, we expect to get prompted to save a 12-character password with the username "actual-username".
Assignee | ||
Comment 2•5 years ago
|
||
Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=7919a2de2db581ee9804a8c32c5cfe7486b31626
I'm not sure if that test will run & pass on Android. We'll find out.
Assignee | ||
Comment 3•5 years ago
|
||
Pushed by sfoster@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/a1917a9966fb use a minPasswordLength rather than skipEmptyFields property when collecting password fields. r=jaws
Comment 5•5 years ago
|
||
Backed out changeset a1917a9966fb (bug 1543449) for Android failures at tests/SimpleTest/SimpleTest.js
Backout: https://hg.mozilla.org/integration/autoland/rev/9790d2e8f40b840c55d15b918162b040a2a92e0e
Failure push: https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=a1917a9966fb544d1b4c172aa5acca7fa9bf5cae&selectedJob=240104549
Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=240104549&repo=autoland&lineNumber=2357
[task 2019-04-13T04:36:51.585Z] 04:36:51 INFO - 388 INFO TEST-OK | toolkit/components/passwordmgr/test/mochitest/test_xhr_2.html | took 2475ms
[task 2019-04-13T04:36:51.586Z] 04:36:51 INFO - 389 INFO TEST-START | Shutdown
[task 2019-04-13T04:36:51.586Z] 04:36:51 INFO - 390 INFO Passed: 587
[task 2019-04-13T04:36:51.587Z] 04:36:51 INFO - 391 INFO Failed: 0
[task 2019-04-13T04:36:51.588Z] 04:36:51 INFO - 392 INFO Todo: 30
[task 2019-04-13T04:36:51.589Z] 04:36:51 INFO - 393 INFO Mode: non-e10s
[task 2019-04-13T04:36:51.589Z] 04:36:51 INFO - 394 INFO Slowest: 197723ms - /tests/toolkit/components/passwordmgr/test/mochitest/test_formless_submit_navigation_negative.html
[task 2019-04-13T04:36:51.589Z] 04:36:51 INFO - 395 INFO SimpleTest FINISHED
[task 2019-04-13T04:36:55.337Z] 04:36:55 INFO - wait for org.mozilla.fennec_aurora complete; top activity=com.android.launcher
[task 2019-04-13T04:36:55.544Z] 04:36:55 INFO - remoteautomation.py | Application ran for: 0:09:44.227681
[task 2019-04-13T04:36:59.606Z] 04:36:59 INFO - adb Ignoring attempt to chmod external storage
[task 2019-04-13T04:36:59.606Z] 04:36:59 INFO - runtests.py | Running with scheme: https
[task 2019-04-13T04:36:59.606Z] 04:36:59 INFO - runtests.py | Running with e10s: False
[task 2019-04-13T04:36:59.606Z] 04:36:59 INFO - runtests.py | Running with serviceworker_e10s: False
[task 2019-04-13T04:36:59.606Z] 04:36:59 INFO - runtests.py | Running with socketprocess_e10s: False
[task 2019-04-13T04:36:59.607Z] 04:36:59 INFO - runtests.py | Running tests: start.
[task 2019-04-13T04:36:59.923Z] 04:36:59 INFO - remoteautomation.py | runApp deleted /sdcard/tests/logs/mochitest.log
[task 2019-04-13T04:37:00.337Z] 04:37:00 INFO - adb launch_application: am start -W -n org.mozilla.fennec_aurora/org.mozilla.gecko.BrowserApp -a android.intent.action.VIEW --es env9 MOZ_CRASHREPORTER_NO_REPORT=1 --es env8 MOZ_UPLOAD_DIR=/sdcard/tests/mozlog --es args "-no-remote -profile /sdcard/tests/profile//" --es env3 DISABLE_UNSAFE_CPOW_WARNINGS=1 --es env2 R_LOG_VERBOSE=1 --es env1 XPCOM_DEBUG_BREAK=stack --es env0 MOZ_CRASHREPORTER=1 --es env7 R_LOG_DESTINATION=stderr --es env6 MOZ_CRASHREPORTER_SHUTDOWN=1 --es env5 MOZ_IN_AUTOMATION=1 --es env4 MOZ_DISABLE_NONLOCAL_CONNECTIONS=1 --es env11 MOZ_HIDE_RESULTS_TABLE=1 --es env10 R_LOG_LEVEL=6 -d "https://example.com:443/tests?autorun=1&closeWhenDone=1&logFile=%2Fsdcard%2Ftests%2Flogs%2Fmochitest.log&fileLevel=INFO&consoleLevel=INFO&hideResultsTable=1&manifestFile=tests.json&dumpOutputDirectory=%2Fsdcard%2Ftests"
[task 2019-04-13T04:37:11.572Z] 04:37:11 INFO - remoteautomation.py | Application pid: 3507
[task 2019-04-13T04:38:18.537Z] 04:38:18 INFO - 396 INFO SimpleTest START
[task 2019-04-13T04:38:18.537Z] 04:38:18 INFO - 397 INFO TEST-START | toolkit/components/passwordmgr/test/mochitest/test_password_length.html
[task 2019-04-13T04:38:28.751Z] 04:38:28 INFO - 398 INFO TEST-OK | toolkit/components/passwordmgr/test/mochitest/test_password_length.html | took 18509ms
[task 2019-04-13T04:38:28.751Z] 04:38:28 INFO - 399 INFO TEST-START | Shutdown
[task 2019-04-13T04:38:28.751Z] 04:38:28 INFO - 400 INFO Passed: 12
[task 2019-04-13T04:38:28.752Z] 04:38:28 INFO - 401 INFO Failed: 0
[task 2019-04-13T04:38:28.752Z] 04:38:28 INFO - 402 INFO Todo: 0
[task 2019-04-13T04:38:28.752Z] 04:38:28 INFO - 403 INFO Mode: non-e10s
[task 2019-04-13T04:38:28.752Z] 04:38:28 INFO - 404 INFO Slowest: 18490ms - /tests/toolkit/components/passwordmgr/test/mochitest/test_password_length.html
[task 2019-04-13T04:38:28.752Z] 04:38:28 INFO - 405 INFO SimpleTest FINISHED
[task 2019-04-13T04:38:34.015Z] 04:38:34 INFO - Failed to get top activity, retrying, once...
[task 2019-04-13T04:40:32.011Z] 04:40:32 INFO - 406 INFO TEST-UNEXPECTED-FAIL | unknown test url | uncaught exception - TypeError: SimpleTest.harnessParameters is undefined at SimpleTest_setTimeoutShim@https://example.com/tests/SimpleTest/SimpleTest.js:669:17
[task 2019-04-13T04:40:32.012Z] 04:40:32 INFO - add_task@https://example.com/tests/SimpleTest/AddTask.js:30:7
[task 2019-04-13T04:40:32.012Z] 04:40:32 INFO - @https://example.com/tests/toolkit/components/passwordmgr/test/mochitest/test_password_length.html:43:1
[task 2019-04-13T04:40:32.012Z] 04:40:32 INFO - simpletestOnerror@https://example.com/tests/SimpleTest/SimpleTest.js:1665:24
[task 2019-04-13T04:40:40.021Z] 04:40:40 INFO - 407 INFO TEST-UNEXPECTED-FAIL | | /tests/toolkit/components/passwordmgr/test/mochitest/test_password_length.html - finished in a non-clean fashion, probably because it didn't call SimpleTest.finish()
[task 2019-04-13T04:40:40.021Z] 04:40:40 INFO - {u'loaded_test_url': u'/tests/toolkit/components/passwordmgr/test/mochitest/test_password_length.html'}
[task 2019-04-13T04:40:40.022Z] 04:40:40 INFO - 408 INFO TEST-UNEXPECTED-ERROR | | Finished in 18169ms
[task 2019-04-13T04:40:40.022Z] 04:40:40 INFO - {u'runtime': 18169}
[task 2019-04-13T04:40:40.022Z] 04:40:40 INFO - TEST-INFO
Pushed by sfoster@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/127dba490969 use a minPasswordLength rather than skipEmptyFields property when collecting password fields. r=jaws
Assignee | ||
Comment 7•5 years ago
|
||
Thanks for the backout :ccoroiu, I thought I had checked this against android but it looks like my try run only ran xpcshell tests so I missed this. The test is skipped for android in the latest push.
Comment 8•5 years ago
|
||
bugherder |
Pushed by mozilla@noorenberghe.ca: https://hg.mozilla.org/integration/mozilla-inbound/rev/33f6d42d7fa9 Follow-up to properly clear the password field in the doorhanger. r=intermittent
Comment 10•5 years ago
|
||
bugherder |
Comment 11•5 years ago
|
||
Backed out changeset 33f6d42d7fa9 (bug 1543449) for turning 1272849 into perma
push that casued the backout: https://treeherder.mozilla.org/#/jobs?repo=mozilla-inbound&resultStatus=testfailed%2Cbusted%2Cexception%2Cretry%2Cusercancel%2Crunning%2Cpending%2Crunnable&searchStr=browser-chrome&revision=e9be442c871e173a409f3b969f5bcea0e1ae4d71
backout: https://hg.mozilla.org/integration/mozilla-inbound/rev/2f7d2b9798c226df217f96a5d9a9862798647792
Comment 12•5 years ago
|
||
backout bugherder |
Updated•5 years ago
|
Reporter | ||
Updated•5 years ago
|
Comment 13•5 years ago
|
||
I have used the test case from comment 1:
-
Affected (Nightly v68.0a1 from 2019-04-08):
The password manager pop-up to save the credentials would not appear at all. -
Fixed (Nightly v68.0a1 from 2019-04-23):
The password manager prompt to save password will appear for the "actual-username" username only.
I have also tested a different test case (https://bug1352544.bmoattachments.org/attachment.cgi?id=9050123):
- Affected (Nightly v68.0a1 from 2019-04-08):
When attempting to save a random username and a 1-letter password, the password manager prompt would appear and allow you to save a 1-letter password. - Fixed (Nightly v68.0a1 from 2019-04-23):
When attempting to save a random username and a 1-letter password, the password manager prompt would NOT appear at all.
Does this test suffice to verify this bug? If not, please provide some extra steps to verify. Thanks!
Reporter | ||
Comment 14•5 years ago
|
||
That sounds great
Description
•