Bug 1319176 - Open the SUMO page when the insecure login warning is clicked. r=seanlee, a=jcristau
authorMatthew Noorenberghe <mozilla@noorenberghe.ca>
Mon, 23 Jan 2017 16:06:22 -0800
changeset 375678 f5f482af2c7937f6db5a1180c7f09ba1bdc8c590
parent 375677 2cc634c870096a8cc5a8f5f57fd96f9b14992e20
child 375679 44d3a67db0f5aec366b6b00dbdfec1caa577ae63
push id6996
push userjlorenzo@mozilla.com
push dateMon, 06 Mar 2017 20:48:21 +0000
treeherdermozilla-beta@d89512dab048 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersseanlee, jcristau
bugs1319176
milestone53.0a2
Bug 1319176 - Open the SUMO page when the insecure login warning is clicked. r=seanlee, a=jcristau MozReview-Commit-ID: JxAps2ySOnZ
toolkit/components/passwordmgr/test/browser/browser.ini
toolkit/components/passwordmgr/test/browser/browser_autocomplete_insecure_warning.js
toolkit/components/passwordmgr/test/browser/browser_insecurePasswordConsoleWarning.js
toolkit/components/passwordmgr/test/browser/browser_insecurePasswordWarning.js
toolkit/components/satchel/AutoCompletePopup.jsm
toolkit/content/widgets/autocomplete.xml
--- a/toolkit/components/passwordmgr/test/browser/browser.ini
+++ b/toolkit/components/passwordmgr/test/browser/browser.ini
@@ -1,24 +1,26 @@
 [DEFAULT]
 support-files =
   ../formsubmit.sjs
   authenticate.sjs
   form_basic.html
   form_basic_iframe.html
   formless_basic.html
   form_same_origin_action.html
-  form_cross_origin_insecure_action.html
   form_cross_origin_secure_action.html
   head.js
   insecure_test.html
   insecure_test_subframe.html
   multiple_forms.html
   streamConverter_content.sjs
 
+[browser_autocomplete_insecure_warning.js]
+support-files =
+  form_cross_origin_insecure_action.html
 [browser_capture_doorhanger.js]
 support-files =
   subtst_notifications_1.html
   subtst_notifications_2.html
   subtst_notifications_2pw_0un.html
   subtst_notifications_2pw_1un_1text.html
   subtst_notifications_3.html
   subtst_notifications_4.html
@@ -41,17 +43,19 @@ support-files =
   subtst_notifications_change_p.html
 [browser_DOMFormHasPassword.js]
 [browser_DOMInputPasswordAdded.js]
 [browser_exceptions_dialog.js]
 [browser_formless_submit_chrome.js]
 [browser_hasInsecureLoginForms.js]
 [browser_hasInsecureLoginForms_streamConverter.js]
 [browser_http_autofill.js]
-[browser_insecurePasswordWarning.js]
+[browser_insecurePasswordConsoleWarning.js]
+support-files =
+  form_cross_origin_insecure_action.html
 [browser_notifications.js]
 [browser_notifications_username.js]
 [browser_notifications_password.js]
 [browser_notifications_2.js]
 skip-if = os == "linux" # Bug 1272849 Main action button disabled state intermittent
 [browser_passwordmgr_editing.js]
 skip-if = os == "linux"
 [browser_context_menu.js]
new file mode 100644
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/browser/browser_autocomplete_insecure_warning.js
@@ -0,0 +1,38 @@
+"use strict";
+
+const EXPECTED_SUPPORT_URL = Services.urlFormatter.formatURLPref("app.support.baseURL") +
+                             "insecure-password";
+
+add_task(function* test_clickInsecureFieldWarning() {
+  let url = "https://example.com" + DIRECTORY_PATH + "form_cross_origin_insecure_action.html";
+
+  yield BrowserTestUtils.withNewTab({
+    gBrowser,
+    url,
+  }, function*(browser) {
+    let popup = document.getElementById("PopupAutoComplete");
+    ok(popup, "Got popup");
+
+    let promiseShown = BrowserTestUtils.waitForEvent(popup, "popupshown");
+
+    // Focus the username field to open the popup.
+    yield ContentTask.spawn(browser, null, function openAutocomplete() {
+      content.document.getElementById("form-basic-username").focus();
+    });
+
+    yield promiseShown;
+    ok(promiseShown, "autocomplete shown");
+
+    let warningItem = document.getAnonymousElementByAttribute(popup, "type", "insecureWarning");
+    ok(warningItem, "Got warning richlistitem");
+
+    yield BrowserTestUtils.waitForCondition(() => !warningItem.collapsed, "Wait for warning to show");
+
+    info("Clicking on warning");
+    let supportTabPromise = BrowserTestUtils.waitForNewTab(gBrowser, EXPECTED_SUPPORT_URL);
+    EventUtils.synthesizeMouseAtCenter(warningItem, {});
+    let supportTab = yield supportTabPromise;
+    ok(supportTab, "Support tab opened");
+    yield BrowserTestUtils.removeTab(supportTab);
+  });
+});
rename from toolkit/components/passwordmgr/test/browser/browser_insecurePasswordWarning.js
rename to toolkit/components/passwordmgr/test/browser/browser_insecurePasswordConsoleWarning.js
--- a/toolkit/components/passwordmgr/test/browser/browser_insecurePasswordWarning.js
+++ b/toolkit/components/passwordmgr/test/browser/browser_insecurePasswordConsoleWarning.js
@@ -1,12 +1,10 @@
 "use strict";
 
-const TEST_URL_PATH = "/browser/toolkit/components/passwordmgr/test/browser/";
-
 const WARNING_PATTERN = [{
   key: "INSECURE_FORM_ACTION",
   msg: 'JavaScript Warning: "Password fields present in a form with an insecure (http://) form action. This is a security risk that allows user login credentials to be stolen."'
 }, {
   key: "INSECURE_PAGE",
   msg: 'JavaScript Warning: "Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen."'
 }];
 
@@ -53,17 +51,17 @@ add_task(function* testInsecurePasswordW
     ["http://example.com", "form_cross_origin_insecure_action.html", ["INSECURE_PAGE"]],
     ["https://example.com", "form_cross_origin_insecure_action.html", ["INSECURE_FORM_ACTION"]],
 
     // For a form with a secure (https) customized action link.
     ["http://127.0.0.1", "form_cross_origin_secure_action.html", []],
     ["http://example.com", "form_cross_origin_secure_action.html", ["INSECURE_PAGE"]],
     ["https://example.com", "form_cross_origin_secure_action.html", []],
   ]) {
-    let testURL = origin + TEST_URL_PATH + testFile;
+    let testURL = origin + DIRECTORY_PATH + testFile;
     let promiseConsoleMessages = new Promise(resolve => {
       warningPatternHandler = function(warning, originMessage) {
         ok(warning, "Handling a warning pattern");
         let fullMessage = `[${warning.msg} {file: "${testURL}" line: 0 column: 0 source: "0"}]`;
         is(originMessage, fullMessage, "Message full matched:" + originMessage);
 
         let index = expectWarnings.indexOf(warning.key);
         isnot(index, -1, "Found warning: " + warning.key + " for URL:" + testURL);
--- a/toolkit/components/satchel/AutoCompletePopup.jsm
+++ b/toolkit/components/satchel/AutoCompletePopup.jsm
@@ -266,18 +266,21 @@ this.AutoCompletePopup = {
       }
     }
     // Returning false to pacify ESLint, but this return value is
     // ignored by the messaging infrastructure.
     return false;
   },
 
   /**
-   * Despite its name, handleEnter is what is called when the
-   * user clicks on one of the items in the popup.
+   * Despite its name, this handleEnter is only called when the user clicks on
+   * one of the items in the popup since the popup is rendered in the parent process.
+   * The real controller's handleEnter is called directly in the content process
+   * for other methods of completing a selection (e.g. using the tab or enter
+   * keys) since the field with focus is in that process.
    */
   handleEnter(aIsPopupSelection) {
     if (this.openedPopup) {
       this.sendMessageToBrowser("FormAutoComplete:HandleEnter", {
         selectedIndex: this.openedPopup.selectedIndex,
         isPopupSelection: aIsPopupSelection,
       });
     }
--- a/toolkit/content/widgets/autocomplete.xml
+++ b/toolkit/content/widgets/autocomplete.xml
@@ -1512,16 +1512,26 @@ extends="chrome://global/content/binding
                 xbl:inherits="selected,actiontype">
         <xul:description class="ac-text-overflow-container">
           <xul:description anonid="action-text"
                            class="ac-action-text"
                            xbl:inherits="selected"/>
         </xul:description>
       </xul:hbox>
     </content>
+
+    <handlers>
+      <handler event="click" button="0"><![CDATA[
+        let baseURL = Services.urlFormatter.formatURLPref("app.support.baseURL");
+        window.openUILinkIn(baseURL + "insecure-password", "tab", {
+          relatedToCurrent: true,
+        });
+      ]]></handler>
+    </handlers>
+
     <implementation>
       <constructor><![CDATA[
         // Unlike other autocomplete items, the height of the insecure warning
         // increases by wrapping. So "forceHandleUnderflow" is for container to
         // recalculate an item's height and width.
         this.classList.add("forceHandleUnderflow");
       ]]></constructor>
     </implementation>