Bug 1272507 - Upgrade HTTP auth passwords to HTTPS on the same domain. r=Dolske
authorMatthew Noorenberghe <mozilla@noorenberghe.ca>
Wed, 07 Sep 2016 23:37:44 -0700
changeset 357497 5555d5ae4ca2e852a5a4f2e90a4bb6f405c79b29
parent 357496 fdc068413084b15bc0831482af66d9445dd59246
child 357498 9879b00007bdeba1b436b57c4250819a4f1012f5
push id1324
push usermtabara@mozilla.com
push dateMon, 16 Jan 2017 13:07:44 +0000
treeherdermozilla-release@a01c49833940 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersDolske
bugs1272507, 227632
milestone51.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1272507 - Upgrade HTTP auth passwords to HTTPS on the same domain. r=Dolske We can't use LoginHelper.searchLoginsWithObject({ schmeUpgrades: true, …}) in place of countLogins since it would trigger a MP prompt. This approach adds some inconsistency but until we have a login picker in the auth dialog (bug 227632), I don't think we will want much looser searches anyways. MozReview-Commit-ID: GgMCAwKdhl1
toolkit/components/passwordmgr/nsLoginManagerPrompter.js
--- a/toolkit/components/passwordmgr/nsLoginManagerPrompter.js
+++ b/toolkit/components/passwordmgr/nsLoginManagerPrompter.js
@@ -83,16 +83,20 @@ LoginManagerPromptFactory.prototype = {
     }
 
     // If login manger has logins for this host, defer prompting if we're
     // already waiting on a master password entry.
     var prompt = this._asyncPrompts[hashKey];
     var prompter = prompt.prompter;
     var [hostname, httpRealm] = prompter._getAuthTarget(prompt.channel, prompt.authInfo);
     var hasLogins = (prompter._pwmgr.countLogins(hostname, null, httpRealm) > 0);
+    if (!hasLogins && LoginHelper.schemeUpgrades && hostname.startsWith("https://")) {
+      let httpHostname = hostname.replace(/^https:\/\//, "http://");
+      hasLogins = (prompter._pwmgr.countLogins(httpHostname, null, httpRealm) > 0);
+    }
     if (hasLogins && prompter._pwmgr.uiBusy) {
       this.log("_doAsyncPrompt:run bypassed, master password UI busy");
       return;
     }
 
     this._asyncPromptInProgress = true;
     prompt.inProgress = true;
 
@@ -506,31 +510,41 @@ LoginManagerPrompter.prototype = {
    */
   promptAuth : function (aChannel, aLevel, aAuthInfo) {
     var selectedLogin = null;
     var checkbox = { value : false };
     var checkboxLabel = null;
     var epicfail = false;
     var canAutologin = false;
     var notifyObj;
+    var foundLogins;
 
     try {
       this.log("===== promptAuth called =====");
 
       // If the user submits a login but it fails, we need to remove the
       // notification bar that was displayed. Conveniently, the user will
       // be prompted for authentication again, which brings us here.
       this._removeLoginNotifications();
 
       var [hostname, httpRealm] = this._getAuthTarget(aChannel, aAuthInfo);
 
       // Looks for existing logins to prefill the prompt with.
-      var foundLogins = this._pwmgr.findLogins({},
-                                               hostname, null, httpRealm);
-      this.log("found " + foundLogins.length + " matching logins.");
+      foundLogins = LoginHelper.searchLoginsWithObject({
+        hostname,
+        httpRealm,
+        schemeUpgrades: LoginHelper.schemeUpgrades,
+      });
+      this.log("found", foundLogins.length, "matching logins.");
+      let resolveBy = [
+        "scheme",
+        "timePasswordChanged",
+      ];
+      foundLogins = LoginHelper.dedupeLogins(foundLogins, ["username"], resolveBy, hostname);
+      this.log(foundLogins.length, "matching logins remain after deduping");
 
       // XXX Can't select from multiple accounts yet. (bug 227632)
       if (foundLogins.length > 0) {
         selectedLogin = foundLogins[0];
         this._SetAuthInfo(aAuthInfo, selectedLogin.username,
                                      selectedLogin.password);
 
         // Allow automatic proxy login