Bug 1888981 - SHowing breaches and vulnerabilities at logins. r=sgalich

Differential Revision: https://phabricator.services.mozilla.com/D206279
This commit is contained in:
Sidharth Sachdev 2024-04-01 21:25:59 +00:00
parent 733fb2d4df
commit ff68b67b5e
2 changed files with 76 additions and 16 deletions

View file

@ -241,6 +241,7 @@ export class DataSourceBase {
this.lines.splice(index, 0, line);
}
this.lines[index].record = record;
return this.lines[index];
}
*enumerateLinesForMatchingRecords(searchText, stats, match) {

View file

@ -2,10 +2,30 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs";
import { LoginHelper } from "resource://gre/modules/LoginHelper.sys.mjs";
import { DataSourceBase } from "resource://gre/modules/megalist/aggregator/datasources/DataSourceBase.sys.mjs";
import { LoginCSVImport } from "resource://gre/modules/LoginCSVImport.sys.mjs";
const lazy = {};
ChromeUtils.defineESModuleGetters(lazy, {
LoginBreaches: "resource:///modules/LoginBreaches.sys.mjs",
});
XPCOMUtils.defineLazyPreferenceGetter(
lazy,
"BREACH_ALERTS_ENABLED",
"signon.management.page.breach-alerts.enabled",
false
);
XPCOMUtils.defineLazyPreferenceGetter(
lazy,
"VULNERABLE_PASSWORDS_ENABLED",
"signon.management.page.vulnerable-passwords.enabled",
false
);
/**
* Data source for Logins.
*
@ -74,8 +94,8 @@ export class LoginDataSource extends DataSourceBase {
const copyCommand = { id: "Copy", label: copyCommandLabel };
const editCommand = { id: "Edit", label: editCommandLabel };
const deleteCommand = { id: "Delete", label: deleteCommandLabel };
const warningBreach = { type: "warning", label: "BREACH" };
const riskBreach = { type: "risk", label: "RISK" };
this.breachedSticker = { type: "warning", label: "BREACH" };
this.vulnerableSticker = { type: "risk", label: "🤮 Vulnerable" };
this.#loginsDisabledMessage = passwordsDisabled;
this.#header = this.createHeaderLine(headerLabel);
this.#header.commands.push(
@ -127,17 +147,6 @@ export class LoginDataSource extends DataSourceBase {
deleteCommand,
],
},
stickers: {
*get() {
if (this.record.origin.includes("maz")) {
yield warningBreach;
}
if (this.record.origin.includes(".net")) {
yield riskBreach;
}
},
},
executeCopy: {
value() {
this.copyToClipboard(this.record.origin);
@ -247,6 +256,14 @@ export class LoginDataSource extends DataSourceBase {
Services.obs.addObserver(this, "passwordmgr-storage-changed");
Services.prefs.addObserver("signon.rememberSignons", this);
Services.prefs.addObserver(
"signon.management.page.breach-alerts.enabled",
this
);
Services.prefs.addObserver(
"signon.management.page.vulnerable-passwords.enabled",
this
);
this.#reloadDataSource();
}
);
@ -375,6 +392,11 @@ export class LoginDataSource extends DataSourceBase {
const logins = await LoginHelper.getAllUserFacingLogins();
this.beforeReloadingDataSource();
const breachesMap = lazy.BREACH_ALERTS_ENABLED
? await lazy.LoginBreaches.getPotentialBreachesByLoginGUID(logins)
: new Map();
logins.forEach(login => {
// Similar domains will be grouped together
// www. will have least effect on the sorting
@ -388,10 +410,45 @@ export class LoginDataSource extends DataSourceBase {
const domain = parts.reverse().join(".");
const lineId = `${domain}:${login.username}:${login.guid}`;
this.addOrUpdateLine(login, lineId + "0", this.#originPrototype);
let originLine = this.addOrUpdateLine(
login,
lineId + "0",
this.#originPrototype
);
this.addOrUpdateLine(login, lineId + "1", this.#usernamePrototype);
this.addOrUpdateLine(login, lineId + "2", this.#passwordPrototype);
let passwordLine = this.addOrUpdateLine(
login,
lineId + "2",
this.#passwordPrototype
);
let breachIndex =
originLine.stickers?.findIndex(s => s === this.breachedSticker) ?? -1;
let breach = breachesMap.get(login.guid);
if (breach && breachIndex < 0) {
originLine.stickers ??= [];
originLine.stickers.push(this.breachedSticker);
} else if (!breach && breachIndex >= 0) {
originLine.stickers.splice(breachIndex, 1);
}
const vulnerable = lazy.VULNERABLE_PASSWORDS_ENABLED
? lazy.LoginBreaches.getPotentiallyVulnerablePasswordsByLoginGUID([
login,
]).size
: 0;
let vulnerableIndex =
passwordLine.stickers?.findIndex(s => s === this.vulnerableSticker) ??
-1;
if (vulnerable && vulnerableIndex < 0) {
passwordLine.stickers ??= [];
passwordLine.stickers.push(this.vulnerableSticker);
} else if (!vulnerable && vulnerableIndex >= 0) {
passwordLine.stickers.splice(vulnerableIndex, 1);
}
});
this.afterReloadingDataSource();
}
@ -405,7 +462,9 @@ export class LoginDataSource extends DataSourceBase {
observe(_subj, topic, message) {
if (
topic == "passwordmgr-storage-changed" ||
message == "signon.rememberSignons"
message == "signon.rememberSignons" ||
message == "signon.management.page.breach-alerts.enabled" ||
message == "signon.management.page.vulnerable-passwords.enabled"
) {
this.#reloadDataSource();
}