Bug 1825977 - Allow saving creds with an empty realm. r=credential-management-reviewers,mtigley

Perhaps unusual, but an "" realm should work. Differential Revision: https://phabricator.services.mozilla.com/D191383
2023-11-08 13:14:21 +00:00 · 2023-11-08 13:14:21 +00:00 · 03d6e69b71
commit 03d6e69b71
parent 24cf9730c1
6 changed files with 16 additions and 13 deletions
--- a/toolkit/components/passwordmgr/LoginHelper.sys.mjs
+++ b/toolkit/components/passwordmgr/LoginHelper.sys.mjs
@ -955,7 +955,7 @@ export const LoginHelper = {
          "Can't add a login with both a httpRealm and formActionOrigin."
        );
      }
-    } else if (newLogin.httpRealm) {
+    } else if (newLogin.httpRealm || newLogin.httpRealm == "") {
      // We have a HTTP realm. Can't have a form submit URL.
      if (newLogin.formActionOrigin != null) {
        throw new Error(
--- a/toolkit/components/passwordmgr/LoginManager.sys.mjs
+++ b/toolkit/components/passwordmgr/LoginManager.sys.mjs
@ -251,7 +251,7 @@ LoginManager.prototype = {
      throw new Error("Can't add a login with a null or empty password.");
    }

-    // Duplicated from toolkit/components/passwordmgr/LoginHelper.jsm
+    // Duplicated from toolkit/components/passwordmgr/LoginHelper.sys.jms
    // TODO: move all validations into this function.
    //
    // In theory these nulls should just be rolled up into the encrypted
@ -269,7 +269,7 @@ LoginManager.prototype = {
          "Can't add a login with both a httpRealm and formActionOrigin."
        );
      }
-    } else if (login.httpRealm) {
+    } else if (login.httpRealm || login.httpRealm == "") {
      // We have a HTTP realm. Can't have a form submit URL.
      if (login.formActionOrigin != null) {
        throw new Error(
--- a/toolkit/components/passwordmgr/test/LoginTestUtils.sys.mjs
+++ b/toolkit/components/passwordmgr/test/LoginTestUtils.sys.mjs
@ -431,6 +431,14 @@ LoginTestUtils.testData = {
        "the username",
        "the password"
      ),
+      // null formActionOrigin, empty httpRealm
+      new LoginInfo(
+        "http://example.net",
+        null,
+        "",
+        "the username",
+        "the password"
+      ),

      // --- Examples of logins added by extensions (chrome scheme) ---

--- a/toolkit/components/passwordmgr/test/unit/test_logins_change.js
+++ b/toolkit/components/passwordmgr/test/unit/test_logins_change.js
@ -182,7 +182,7 @@ add_task(async function event_data_includes_plaintext_username_and_password() {
 * Tests invalid combinations of httpRealm and formActionOrigin.
 *
 * For an nsILoginInfo to be valid for storage, one of the two properties should
- * be strictly equal to null, and the other must not be null or an empty string.
+ * be strictly equal to null, and the other must not be null.
 *
 * The legacy case of an empty string in formActionOrigin and a null value in
 * httpRealm is also supported for storage at the moment.
@ -194,12 +194,6 @@ add_task(async function test_invalid_httpRealm_formActionOrigin() {
    /without a httpRealm or formActionOrigin/
  );

-  // httpRealm === "", formActionOrigin === null
-  await checkLoginInvalid(
-    TestData.authLogin({ httpRealm: "" }),
-    /without a httpRealm or formActionOrigin/
-  );
-
  // httpRealm === null, formActionOrigin === ""
  // TODO: This is not enforced for now.
  // await checkLoginInvalid(TestData.formLogin({ formActionOrigin: "" }),
--- a/toolkit/components/passwordmgr/test/unit/test_logins_search.js
+++ b/toolkit/components/passwordmgr/test/unit/test_logins_search.js
@ -94,11 +94,11 @@ add_setup(async () => {
 */
 add_task(function test_search_all_basic() {
  // Find all logins, using no filters in the search functions.
-  checkAllSearches({}, 27);
+  checkAllSearches({}, 28);

  // Find all form logins, then all authentication logins.
  checkAllSearches({ httpRealm: null }, 17);
-  checkAllSearches({ formActionOrigin: null }, 10);
+  checkAllSearches({ formActionOrigin: null }, 11);

  // Find all form logins on one host, then all authentication logins.
  checkAllSearches({ origin: "http://www4.example.com", httpRealm: null }, 3);
@ -169,7 +169,7 @@ add_task(function test_searchLogins() {
  checkSearchLogins({ passwordField: "form_field_password" }, 13);

  // Find all logins with an empty usernameField, including for authentication.
-  checkSearchLogins({ usernameField: "" }, 15);
+  checkSearchLogins({ usernameField: "" }, 16);

  // Find form logins with an empty usernameField.
  checkSearchLogins({ httpRealm: null, usernameField: "" }, 5);
--- a/toolkit/components/passwordmgr/test/unit/test_module_LoginExport.js
+++ b/toolkit/components/passwordmgr/test/unit/test_module_LoginExport.js
@ -201,6 +201,7 @@ add_task(async function test_export_multiple_rows() {
    '"http://example.net","the username","the password","The HTTP Realm",,,,,',
    '"http://example.net","username two","the password","The HTTP Realm Other",,,,,',
    '"ftp://example.net","the username","the password","ftp://example.net",,,,,',
+    '"http://example.net","the username","the password","",,,,,',
    '"chrome://example_extension","the username","the password one","Example Login One",,,,,',
    '"chrome://example_extension","the username","the password two","Example Login Two",,,,,',
    '"file://","file: username","file: password",,"file://",,,,',