Closed Bug 1559365 Opened 5 years ago Closed 5 years ago

Add breach indicators to saved logins

Categories

(Toolkit :: Password Manager, enhancement)

Product:
Toolkit
Component:
Password Manager
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla70
Tracking Flags:
Tracking Status
firefox70 --- fixed

People

(Reporter: groovecoder, Assigned: groovecoder)

References

(Blocks 1 open bug)

Details

Attachments

(1 file, 2 obsolete files)

Bug 1559365: UI indication of breached logins r=MattN
(deleted), text/x-phabricator-request
Details

PRD: https://docs.google.com/document/d/1Vp3UbyuXCawJd-X34IuTo5TiqAbujws44XyQM4N4Z9s/edit

Locally saved browser logins should provide an indication of compromise if the login domain saved matches breaches.

Should not show an indication on any saved logins where the date last modified is newer than the breach date.

Notes:
Breach data is available via RemoteSettings "fxmonitor-breaches" key.

Type: defect → enhancement
Attachment #9072313 - Attachment description: Bug 1559365: wip: UI indication of breahed logins r=jaws → Bug 1559365: wip: UI indication of breached logins r=jaws

Still need to filter indicator by:

  • Saved login date is older than breach date
  • Breach included passwords
Attachment #9072313 - Attachment description: Bug 1559365: wip: UI indication of breached logins r=jaws → Bug 1559365: UI indication of breahed logins r=jaws

Depends on D35105

Attachment #9075652 - Attachment is obsolete: true
Attachment #9072313 - Attachment description: Bug 1559365: UI indication of breahed logins r=jaws → Bug 1559365: UI indication of breached logins r=jaws
Attachment #9075652 - Attachment is obsolete: false
Blocks: 1563802
Pushed by jwein@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b4f0e8b4b6fa UI indication of breached logins r=jaws

Backed out changeset b4f0e8b4b6fa for causing browser-chrome failures in AboutLoginsParent.jsm

Backout link: https://hg.mozilla.org/integration/autoland/rev/91d8f385c5e5ec15c5cdb1d6c24b582fe1862acc

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&resultStatus=testfailed%2Cbusted%2Cexception&tochange=91d8f385c5e5ec15c5cdb1d6c24b582fe1862acc&fromchange=b4f0e8b4b6faec847999027e2cff9d5227077d21&searchStr=browser%2Cchrome&selectedJob=255028267

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=255028267&repo=autoland&lineNumber=2523

[task 2019-07-05T23:36:42.061Z] 23:36:42 INFO - TEST-UNEXPECTED-FAIL | browser/components/contextualidentity/test/browser/browser_aboutURLs.js | A promise chain failed to handle a rejection: [Exception... "Component not initialized" nsresult: "0xc1f30001 (NS_ERROR_NOT_INITIALIZED)" location: "JS frame :: resource:///modules/AboutLoginsParent.jsm :: receiveMessage :: line 186" data: no] - stack: receiveMessage@resource:///modules/AboutLoginsParent.jsm:186:24

Flags: needinfo?(lcrouch)
Assignee: nobody → lcrouch
Status: NEW → ASSIGNED

I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1564132 so I can push to try to fix these.

Flags: needinfo?(lcrouch)

I pushed my changeset to try and the tests seem to pass:

https://treeherder.mozilla.org/#/jobs?repo=try&selectedJob=255494766&revision=edba30ebe07e2ba55e926d93331256d739325315

Or else they are intermittent:

https://treeherder.mozilla.org/#/jobs?repo=try&revision=649fbfeaaad987fa1d7e9d39242b2a7f0799ba43&selectedJob=255506257

:malexandru - Does that mean I can land these? It's been a while since I've landed code into central.

Flags: needinfo?(malexandru)
Depends on: 1564539
No longer blocks: 1563802
Depends on: 1563802
Attachment #9072313 - Attachment description: Bug 1559365: UI indication of breached logins r=jaws → Bug 1559365: UI indication of breached logins r=MattN

Hello Luke,
for landing patches you just need to update the phabricator revision with your new changes, wait for review and click "View Stack in Lando" and then "Preview Landing" and land. You can also just put the keyword "checkin-needed" in the bug and the sheriffs will land it.

Landing code into central directly is rarely done, most of the time code is landed into the integration trees (autoland||inbound) and later merged into central (landing code with Lando/Phabricator puts the code into autoland).

Flags: needinfo?(malexandru)
Pushed by mozilla@noorenberghe.ca: https://hg.mozilla.org/integration/autoland/rev/6484c07ff836 UI indication of breached logins r=jaws,MattN

FWIW, when I click "Preview Landing" I get: " You have insufficient permissions to land. Level 3 Commit Access is required. "

https://hg.mozilla.org/mozilla-central/rev/6484c07ff836

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox70: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla70
Depends on: 1565267
Blocks: 1565326
No longer depends on: 1563802, 1564539, 1565267
Attachment #9079168 - Attachment description: Bug 1559365 Add breach alerts to login items - WIP r?jaws → Bug 1564539 Add breach alerts to login items - WIP r?jaws

Comment on attachment 9079168 [details]
Bug 1564539 Add breach alerts to login items - WIP r?jaws

Revision D38571 was moved to bug 1564539. Setting attachment 9079168 [details] to obsolete.

Attachment #9079168 - Attachment is obsolete: true
Attachment #9075652 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: