Closed Bug 1592467 Opened 5 years ago Closed 5 years ago

Implement design spec for Website Breach Banner / Notification

Categories

(Firefox :: about:logins, enhancement, P1)

Product:
Firefox
Component:
about:logins
Type:
enhancement

Tracking

()

Status:
VERIFIED FIXED
Milestone:
Firefox 76
Tracking Flags:
Tracking Status
relnote-firefox --- 76+
firefox76 --- verified

People

(Reporter: kcaldwell, Assigned: jaws)

References

(Blocks 1 open bug)

Details

Attachments

(9 files, 1 obsolete file)

website-breach-24.svg
(deleted), image/svg+xml
Details
Bug 1592467 - Add vulnerable password banner and share styles with the breach alert banner. r?sfoster!
(deleted), text/x-phabricator-request
Details
Bug 1592467 - Add strings for vulnerable password banner. r?sfoster!,flod!
(deleted), text/x-phabricator-request
Details
Bug 1592467 - Add date to the breach banner. r?sfoster!,flod!
(deleted), text/x-phabricator-request
Details
Bug 1592467 - Update styling for vulnerable password and breach alert banner. r?sfoster!
(deleted), text/x-phabricator-request
Details
Bug 1592467 - Remove dismiss button on breach alerts. r?sfoster!,flod!
(deleted), text/x-phabricator-request
Details
Bug 1592467 - Add 'Learn More' links and change breach alert inline link to point to the login origin. r?sfoster!,flod!
(deleted), text/x-phabricator-request
Details
Bug 1592467 - Add some basic tests for checking that the vulnerable login banner is displayed. r?sfoster!
(deleted), text/x-phabricator-request
Details
Bug 1592467 - Hide the breach alert and vulnerable alert if the password is changed. r?sfoster!
(deleted), text/x-phabricator-request
Details
Attached image website-breach-24.svg (obsolete) (deleted) —

Invision spec: https://mozilla.invisionapp.com/share/BEU7ZBJ486Y

• Pref-off dismissal code/UI
• add link to origin
• show breach date
• string changes
• change colours
• platform border-radius
• learn more link to SUMO

Flags: qe-verify+
Attached image website-breach-24.svg (deleted) —
Attachment #9105090 - Attachment is obsolete: true

(In reply to katieC from comment #0)

• Pref-off dismissal code/UI

According to UX, this also means that breaches that were previously dismissed should be shown again.

This is part of the vulnerable passwords project MVP.

status-firefox76: --- → affected
Priority: P2 → P1
Assignee: nobody → jaws
Status: NEW → ASSIGNED
Depends on: 1624716
Attachment #9135537 - Attachment description: Bug 1592467 - Add vulnerable password banner and share styles with the breach alert banner. r?sfoster → Bug 1592467 - Add vulnerable password banner and share styles with the breach alert banner. r?sfoster!
Attachment #9135539 - Attachment description: Bug 1592467 - Add strings for vulnerable password banner. r?sfoster → Bug 1592467 - Add strings for vulnerable password banner. r?sfoster!,flod!
Attachment #9135540 - Attachment description: Bug 1592467 - Add date to the breach banner. r?sfoster! → Bug 1592467 - Add date to the breach banner. r?sfoster!,flod!
Attachment #9135541 - Attachment description: Bug 1592467 - Update styling for vulnerable password and breach alert banner. r?sfoster → Bug 1592467 - Update styling for vulnerable password and breach alert banner. r?sfoster!
Attachment #9135542 - Attachment description: Bug 1592467 - Remove dismiss button on breach alerts. r?sfoster → Bug 1592467 - Remove dismiss button on breach alerts. r?sfoster!,flod!
Attachment #9135543 - Attachment description: Bug 1592467 - Add 'Learn More' links and change breach alert inline link to point to the login origin. r?sfoster → Bug 1592467 - Add 'Learn More' links and change breach alert inline link to point to the login origin. r?sfoster!,flod!
Attachment #9135544 - Attachment description: Bug 1592467 - Add some basic tests for checking that the vulnerable login banner is displayed. r?sfoster → Bug 1592467 - Add some basic tests for checking that the vulnerable login banner is displayed. r?sfoster!
Attachment #9135760 - Attachment description: Bug 1592467 - Hide the breach alert and vulnerable alert if the password is changed. r?sfoster → Bug 1592467 - Hide the breach alert and vulnerable alert if the password is changed. r?sfoster!
Pushed by jwein@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b25a1f80fe1d Add vulnerable password banner and share styles with the breach alert banner. r=sfoster https://hg.mozilla.org/integration/autoland/rev/464d4a60bb1d Add strings for vulnerable password banner. r=sfoster,fluent-reviewers,flod https://hg.mozilla.org/integration/autoland/rev/242b4157658f Add date to the breach banner. r=sfoster,fluent-reviewers,flod https://hg.mozilla.org/integration/autoland/rev/86f9d59bb221 Update styling for vulnerable password and breach alert banner. r=sfoster https://hg.mozilla.org/integration/autoland/rev/25f9704e31e1 Remove dismiss button on breach alerts. r=sfoster,fluent-reviewers,flod https://hg.mozilla.org/integration/autoland/rev/c64620a2abf9 Add 'Learn More' links and change breach alert inline link to point to the login origin. r=sfoster,fluent-reviewers,flod https://hg.mozilla.org/integration/autoland/rev/b353abb5f07f Add some basic tests for checking that the vulnerable login banner is displayed. r=sfoster https://hg.mozilla.org/integration/autoland/rev/7f78c8fb5c6e Hide the breach alert and vulnerable alert if the password is changed. r=sfoster
Flags: needinfo?(jaws)
Pushed by jwein@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/8f7aadac24ae Add vulnerable password banner and share styles with the breach alert banner. r=sfoster https://hg.mozilla.org/integration/autoland/rev/d761835fad77 Add strings for vulnerable password banner. r=sfoster,fluent-reviewers,flod https://hg.mozilla.org/integration/autoland/rev/7b6fbcf653b6 Add date to the breach banner. r=sfoster,fluent-reviewers,flod https://hg.mozilla.org/integration/autoland/rev/606a1d175248 Update styling for vulnerable password and breach alert banner. r=sfoster https://hg.mozilla.org/integration/autoland/rev/03d9dd9d5291 Remove dismiss button on breach alerts. r=sfoster,fluent-reviewers,flod https://hg.mozilla.org/integration/autoland/rev/dfdce184299f Add 'Learn More' links and change breach alert inline link to point to the login origin. r=sfoster,fluent-reviewers,flod https://hg.mozilla.org/integration/autoland/rev/b9ecb9293d6b Add some basic tests for checking that the vulnerable login banner is displayed. r=sfoster https://hg.mozilla.org/integration/autoland/rev/13a7265ed731 Hide the breach alert and vulnerable alert if the password is changed. r=sfoster

Backed out 8 changesets (bug 1592467) for bc failures on browser_alertDismissedAfterChangingPassword.js

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&resultStatus=testfailed%2Cbusted%2Cexception%2Cretry%2Cusercancel%2Crunning%2Cpending%2Crunnable&searchStr=mochitest-browser-chrome&fromchange=f9f7b5b1e6ec897fc1009fc5278fe7a650d57018&tochange=b3c74420492a2cdfe497de530c2dfb686b47aafc&selectedJob=295109844

Backout link: https://hg.mozilla.org/integration/autoland/rev/549556b9fb8cdbad425ddb7e957fc574187ba4e0

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=295109844&repo=autoland&lineNumber=1666

[task 2020-03-27T18:41:35.934Z] 18:41:35     INFO - Entering test bound test_added_login_shows_breach_warning
[task 2020-03-27T18:41:35.935Z] 18:41:35     INFO - TEST-PASS | browser/components/aboutlogins/tests/browser/browser_alertDismissedAfterChangingPassword.js | regular login should not be marked breached or vulnerable: undefined - true == true - 
[task 2020-03-27T18:41:35.935Z] 18:41:35     INFO - TEST-PASS | browser/components/aboutlogins/tests/browser/browser_alertDismissedAfterChangingPassword.js | vulnerable login should be marked vulnerable: login-list-item vulnerable - true == true - 
[task 2020-03-27T18:41:35.935Z] 18:41:35     INFO - TEST-PASS | browser/components/aboutlogins/tests/browser/browser_alertDismissedAfterChangingPassword.js | breached login should be marked breached: login-list-item breached selected - true == true - 
[task 2020-03-27T18:41:35.939Z] 18:41:35     INFO - leaving test early since the remaining part of the test requires 'edit' mode which requires 'oskeystore' login
[task 2020-03-27T18:41:35.939Z] 18:41:35     INFO - Buffered messages finished
[task 2020-03-27T18:41:35.939Z] 18:41:35     INFO - TEST-UNEXPECTED-FAIL | browser/components/aboutlogins/tests/browser/browser_alertDismissedAfterChangingPassword.js | Test timed out - 
[task 2020-03-27T18:41:35.973Z] 18:41:35     INFO - Console message: SENTINEL
[task 2020-03-27T18:41:35.991Z] 18:41:35     INFO - GECKO(1802) | MEMORY STAT | vsize 7581MB | residentFast 314MB | heapAllocated 100MB
[task 2020-03-27T18:41:35.992Z] 18:41:35     INFO - TEST-OK | browser/components/aboutlogins/tests/browser/browser_alertDismissedAfterChangingPassword.js | took 45085ms
[task 2020-03-27T18:41:36.019Z] 18:41:36     INFO - checking window state
[task 2020-03-27T18:41:36.019Z] 18:41:36     INFO - GECKO(1802) | must wait for focus
[task 2020-03-27T18:47:46.025Z] 18:47:46     INFO - Buffered messages finished
[task 2020-03-27T18:47:46.026Z] 18:47:46    ERROR - TEST-UNEXPECTED-TIMEOUT | browser/components/aboutlogins/tests/browser/browser_alertDismissedAfterChangingPassword.js (finished) | application timed out after 370 seconds with no output
[task 2020-03-27T18:47:46.026Z] 18:47:46    ERROR - Force-terminating active process(es).
[task 2020-03-27T18:47:46.026Z] 18:47:46     INFO - Determining child pids from psutil...
[task 2020-03-27T18:47:46.026Z] 18:47:46     INFO - [1808, 1803, 1804, 1805, 1838, 1807, 1811, 1806]
[task 2020-03-27T18:47:46.026Z] 18:47:46     INFO - ==> process 1802 launched child process 1803
[task 2020-03-27T18:47:46.030Z] 18:47:46     INFO - ==> process 1802 launched child process 1804
[task 2020-03-27T18:47:46.030Z] 18:47:46     INFO - ==> process 1802 launched child process 1805
[task 2020-03-27T18:47:46.030Z] 18:47:46     INFO - ==> process 1802 launched child process 1806
[task 2020-03-27T18:47:46.030Z] 18:47:46     INFO - ==> process 1802 launched child process 1807
[task 2020-03-27T18:47:46.030Z] 18:47:46     INFO - ==> process 1802 launched child process 1808
[task 2020-03-27T18:47:46.030Z] 18:47:46     INFO - ==> process 1802 launched child process 1811
[task 2020-03-27T18:47:46.030Z] 18:47:46     INFO - ==> process 1802 launched child process 1838
[task 2020-03-27T18:47:46.030Z] 18:47:46     INFO - Found child pids: set([1803, 1804, 1805, 1838, 1807, 1808, 1811, 1806])
[task 2020-03-27T18:47:46.030Z] 18:47:46     INFO - Killing process: 1803

https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=295123880&repo=autoland&lineNumber=3931

[task 2020-03-27T20:23:27.509Z] 20:23:27     INFO - TEST-START | browser/base/content/test/static/browser_parsable_css.js
[task 2020-03-27T20:23:28.282Z] 20:23:28     INFO - TEST-INFO | started process screentopng
[task 2020-03-27T20:23:28.599Z] 20:23:28     INFO - TEST-INFO | screentopng: exit 0
[task 2020-03-27T20:23:28.600Z] 20:23:28     INFO - <snipped 32 output lines - if you need more context, please use SimpleTest.requestCompleteLog() in your test>
[task 2020-03-27T20:23:28.601Z] 20:23:28     INFO - Buffered messages logged at 20:23:27
[task 2020-03-27T20:23:28.602Z] 20:23:28     INFO - Console message: [JavaScript Warning: "Unknown property ‘-moz-script-level’.  Declaration dropped." {file: "resource://gre-resources/mathml.css?always-parse-css-0.3637492784652425" line: 260}]
...
[task 2020-03-27T20:23:28.719Z] 20:23:28     INFO - Console message: [JavaScript Warning: "Unknown pseudo-class or pseudo-element ‘-moz-svg-marker-anon-child’.  Ruleset ignored due to bad selector." {file: "resource://gre/res/svg.css?always-parse-css-0.3637492784652425" line: 93}]
[task 2020-03-27T20:23:28.720Z] 20:23:28     INFO - Buffered messages finished
[task 2020-03-27T20:23:28.721Z] 20:23:28     INFO - TEST-UNEXPECTED-FAIL | browser/base/content/test/static/browser_parsable_css.js | custom property `--yellow-10` is not referenced - 
[task 2020-03-27T20:23:28.723Z] 20:23:28     INFO - Stack trace:
[task 2020-03-27T20:23:28.724Z] 20:23:28     INFO - chrome://mochikit/content/browser-test.js:test_ok:1292
[task 2020-03-27T20:23:28.725Z] 20:23:28     INFO - chrome://mochitests/content/browser/browser/base/content/test/static/browser_parsable_css.js:checkAllTheCSS:466
[task 2020-03-27T20:23:28.726Z] 20:23:28     INFO - chrome://mochikit/content/browser-test.js:Tester_execTest/<:1062
[task 2020-03-27T20:23:28.727Z] 20:23:28     INFO - chrome://mochikit/content/browser-test.js:Tester_execTest:1097
[task 2020-03-27T20:23:28.728Z] 20:23:28     INFO - chrome://mochikit/content/browser-test.js:nextTest/<:925
[task 2020-03-27T20:23:28.729Z] 20:23:28     INFO - chrome://mochikit/content/tests/SimpleTest/SimpleTest.js:SimpleTest.waitForFocus/waitForFocusInner/focusedOrLoaded/<:918
[task 2020-03-27T20:23:28.731Z] 20:23:28     INFO - Ignored error "Unknown pseudo-class or pseudo-element ‘-moz-has-dir-attr’.  Ruleset ignored due to bad selector." on resource://gre-resources/html.css because of whitelist item {"sourceName":"/\\b(contenteditable|EditorOverride|svg|forms|html|mathml|ua|pluginproblem)\\.css$/i","errorMessage":"/Unknown pseudo-class.*-moz-/i","isFromDevTools":false,"used":true}
...
[task 2020-03-27T20:23:28.862Z] 20:23:28     INFO - Ignored error "Unknown pseudo-class or pseudo-element ‘-moz-svg-marker-anon-child’.  Ruleset ignored due to bad selector." on resource://gre/res/svg.css because of whitelist item {"sourceName":"/\\b(contenteditable|EditorOverride|svg|forms|html|mathml|ua|pluginproblem)\\.css$/i","errorMessage":"/Unknown pseudo-class.*-moz-/i","isFromDevTools":false,"used":true}
[task 2020-03-27T20:23:28.863Z] 20:23:28     INFO - TEST-PASS | browser/base/content/test/static/browser_parsable_css.js | All the styles (243) loaded without errors. - 
[task 2020-03-27T20:23:28.864Z] 20:23:28     INFO - Leaving test bound checkAllTheCSS
[task 2020-03-27T20:23:28.865Z] 20:23:28     INFO - GECKO(5508) | MEMORY STAT | vsize 3329MB | residentFast 740MB | heapAllocated 503MB
[task 2020-03-27T20:23:28.866Z] 20:23:28     INFO - TEST-OK | browser/base/content/test/static/browser_parsable_css.js | took 798ms
Flags: needinfo?(jaws)
Flags: needinfo?(jaws)
Pushed by jwein@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/50c88cd7ef5a Add vulnerable password banner and share styles with the breach alert banner. r=sfoster https://hg.mozilla.org/integration/autoland/rev/b8d5ee7cb4b5 Add strings for vulnerable password banner. r=sfoster,fluent-reviewers,flod https://hg.mozilla.org/integration/autoland/rev/e6a4ba98182c Add date to the breach banner. r=sfoster,fluent-reviewers,flod https://hg.mozilla.org/integration/autoland/rev/1507b378b7b6 Update styling for vulnerable password and breach alert banner. r=sfoster https://hg.mozilla.org/integration/autoland/rev/ff79ec41cea6 Remove dismiss button on breach alerts. r=sfoster,fluent-reviewers,flod https://hg.mozilla.org/integration/autoland/rev/0d28d2cf7ed4 Add 'Learn More' links and change breach alert inline link to point to the login origin. r=sfoster,fluent-reviewers,flod https://hg.mozilla.org/integration/autoland/rev/24525f05d0ad Add some basic tests for checking that the vulnerable login banner is displayed. r=sfoster https://hg.mozilla.org/integration/autoland/rev/3bce0124e974 Hide the breach alert and vulnerable alert if the password is changed. r=sfoster
Pushed by jwein@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/808f509c6694 Add vulnerable password banner and share styles with the breach alert banner. r=sfoster https://hg.mozilla.org/integration/autoland/rev/9e0b72e7a231 Add strings for vulnerable password banner. r=sfoster,fluent-reviewers,flod https://hg.mozilla.org/integration/autoland/rev/6c6f90c703e9 Add date to the breach banner. r=sfoster,fluent-reviewers,flod https://hg.mozilla.org/integration/autoland/rev/803852200350 Update styling for vulnerable password and breach alert banner. r=sfoster https://hg.mozilla.org/integration/autoland/rev/d0f9cc46d8ad Remove dismiss button on breach alerts. r=sfoster,fluent-reviewers,flod https://hg.mozilla.org/integration/autoland/rev/5f8ab83ce630 Add 'Learn More' links and change breach alert inline link to point to the login origin. r=sfoster,fluent-reviewers,flod https://hg.mozilla.org/integration/autoland/rev/4dac11b24d9f Add some basic tests for checking that the vulnerable login banner is displayed. r=sfoster https://hg.mozilla.org/integration/autoland/rev/c66061ca48a2 Hide the breach alert and vulnerable alert if the password is changed. r=sfoster

I have verified this issue using the latest Nightly 76.0a1 (Build ID: 20200401212659) on Windows 10 x64, Mac 10.14, Ubuntu 18.04 x64.

  • The "breached website" notification is correctly displayed with the new styling.
  • The "vulnerable password" notification is correctly displayed with the new styling.
  • The breached/vulnerable notifications can no longer be dismissed.
  • The breach date is correctly displayed for breached logins.
  • The "Learn more" link from the "vulnerable password" notification is correctly displayed and redirected to the SUMO page.
  • The "Learn more" link from the "breached website" notification is correctly displayed and redirected to the login origin on Firefox Monitor website.
  • If the password is changed the notifications are no longer displayed.
Status: RESOLVED → VERIFIED
status-firefox76: fixedverified
Flags: qe-verify+
Flags: needinfo?(jaws)

Release Note Request
[Why is this notable]: More password hygiene features in about:logins
[Affects Firefox for Android]: No
[Suggested wording]: Warnings appear on saved logins if the same password was stored for a site during a website breach.
[Links (documentation, blog post, etc)]: https://support.mozilla.org/1/firefox/76.0a1/Darwin/en-US/lockwise-alerts will be updated eventually

relnote-firefox: --- → ?
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: