nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity

Bug 1825977 - Allow saving creds with an empty realm. r=credential-management-reviewers,mtigley

Browse source 
Perhaps unusual, but an "" realm should work.

Differential Revision: https://phabricator.services.mozilla.com/D191383
This commit is contained in:
Magnus Melin 2023-11-08 13:14:21 +00:00
parent 24cf9730c1
commit 03d6e69b71
6 changed files with 16 additions and 13 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

2
toolkit/components/passwordmgr/LoginHelper.sys.mjs
View file

@ -955,7 +955,7 @@ export const LoginHelper = {
"Can't add a login with both a httpRealm and formActionOrigin." "Can't add a login with both a httpRealm and formActionOrigin."
); );
} }
} else if (newLogin.httpRealm) { } else if (newLogin.httpRealm || newLogin.httpRealm == "") {
// We have a HTTP realm. Can't have a form submit URL. // We have a HTTP realm. Can't have a form submit URL.
if (newLogin.formActionOrigin != null) { if (newLogin.formActionOrigin != null) {
throw new Error( throw new Error(

4
toolkit/components/passwordmgr/LoginManager.sys.mjs
View file

@ -251,7 +251,7 @@ LoginManager.prototype = {
throw new Error("Can't add a login with a null or empty password."); throw new Error("Can't add a login with a null or empty password.");
} }
// Duplicated from toolkit/components/passwordmgr/LoginHelper.jsm // Duplicated from toolkit/components/passwordmgr/LoginHelper.sys.jms
// TODO: move all validations into this function. // TODO: move all validations into this function.
// //
// In theory these nulls should just be rolled up into the encrypted // In theory these nulls should just be rolled up into the encrypted
@ -269,7 +269,7 @@ LoginManager.prototype = {
"Can't add a login with both a httpRealm and formActionOrigin." "Can't add a login with both a httpRealm and formActionOrigin."
); );
} }
} else if (login.httpRealm) { } else if (login.httpRealm || login.httpRealm == "") {
// We have a HTTP realm. Can't have a form submit URL. // We have a HTTP realm. Can't have a form submit URL.
if (login.formActionOrigin != null) { if (login.formActionOrigin != null) {
throw new Error( throw new Error(

8
toolkit/components/passwordmgr/test/LoginTestUtils.sys.mjs
View file

@ -431,6 +431,14 @@ LoginTestUtils.testData = {
"the username", "the username",
"the password" "the password"
), ),
// null formActionOrigin, empty httpRealm
new LoginInfo(
"http://example.net",
null,
"",
"the username",
"the password"
),
// --- Examples of logins added by extensions (chrome scheme) --- // --- Examples of logins added by extensions (chrome scheme) ---

8
toolkit/components/passwordmgr/test/unit/test_logins_change.js
View file

@ -182,7 +182,7 @@ add_task(async function event_data_includes_plaintext_username_and_password() {
* Tests invalid combinations of httpRealm and formActionOrigin. * Tests invalid combinations of httpRealm and formActionOrigin.
* *
* For an nsILoginInfo to be valid for storage, one of the two properties should * For an nsILoginInfo to be valid for storage, one of the two properties should
* be strictly equal to null, and the other must not be null or an empty string. * be strictly equal to null, and the other must not be null.
* *
* The legacy case of an empty string in formActionOrigin and a null value in * The legacy case of an empty string in formActionOrigin and a null value in
* httpRealm is also supported for storage at the moment. * httpRealm is also supported for storage at the moment.
@ -194,12 +194,6 @@ add_task(async function test_invalid_httpRealm_formActionOrigin() {
/without a httpRealm or formActionOrigin/ /without a httpRealm or formActionOrigin/
); );
// httpRealm === "", formActionOrigin === null
await checkLoginInvalid(
TestData.authLogin({ httpRealm: "" }),
/without a httpRealm or formActionOrigin/
);
// httpRealm === null, formActionOrigin === "" // httpRealm === null, formActionOrigin === ""
// TODO: This is not enforced for now. // TODO: This is not enforced for now.
// await checkLoginInvalid(TestData.formLogin({ formActionOrigin: "" }), // await checkLoginInvalid(TestData.formLogin({ formActionOrigin: "" }),

6
toolkit/components/passwordmgr/test/unit/test_logins_search.js
View file

@ -94,11 +94,11 @@ add_setup(async () => {
*/ */
add_task(function test_search_all_basic() { add_task(function test_search_all_basic() {
// Find all logins, using no filters in the search functions. // Find all logins, using no filters in the search functions.
checkAllSearches({}, 27); checkAllSearches({}, 28);
// Find all form logins, then all authentication logins. // Find all form logins, then all authentication logins.
checkAllSearches({ httpRealm: null }, 17); checkAllSearches({ httpRealm: null }, 17);
checkAllSearches({ formActionOrigin: null }, 10); checkAllSearches({ formActionOrigin: null }, 11);
// Find all form logins on one host, then all authentication logins. // Find all form logins on one host, then all authentication logins.
checkAllSearches({ origin: "http://www4.example.com", httpRealm: null }, 3); checkAllSearches({ origin: "http://www4.example.com", httpRealm: null }, 3);
@ -169,7 +169,7 @@ add_task(function test_searchLogins() {
checkSearchLogins({ passwordField: "form_field_password" }, 13); checkSearchLogins({ passwordField: "form_field_password" }, 13);
// Find all logins with an empty usernameField, including for authentication. // Find all logins with an empty usernameField, including for authentication.
checkSearchLogins({ usernameField: "" }, 15); checkSearchLogins({ usernameField: "" }, 16);
// Find form logins with an empty usernameField. // Find form logins with an empty usernameField.
checkSearchLogins({ httpRealm: null, usernameField: "" }, 5); checkSearchLogins({ httpRealm: null, usernameField: "" }, 5);

1
toolkit/components/passwordmgr/test/unit/test_module_LoginExport.js
View file

@ -201,6 +201,7 @@ add_task(async function test_export_multiple_rows() {
'"http://example.net","the username","the password","The HTTP Realm",,,,,', '"http://example.net","the username","the password","The HTTP Realm",,,,,',
'"http://example.net","username two","the password","The HTTP Realm Other",,,,,', '"http://example.net","username two","the password","The HTTP Realm Other",,,,,',
'"ftp://example.net","the username","the password","ftp://example.net",,,,,', '"ftp://example.net","the username","the password","ftp://example.net",,,,,',
'"http://example.net","the username","the password","",,,,,',
'"chrome://example_extension","the username","the password one","Example Login One",,,,,', '"chrome://example_extension","the username","the password one","Example Login One",,,,,',
'"chrome://example_extension","the username","the password two","Example Login Two",,,,,', '"chrome://example_extension","the username","the password two","Example Login Two",,,,,',
'"file://","file: username","file: password",,"file://",,,,', '"file://","file: username","file: password",,"file://",,,,',