Closed
Bug 91656
Opened 23 years ago
Closed 21 years ago
Already have an existing POP session should not prompt for new password
Categories
(MailNews Core :: Networking: POP, defect)
MailNews Core
Networking: POP
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 219162
mozilla1.2alpha
People
(Reporter: caillon, Assigned: sspitzer)
References
Details
(Keywords: dataloss)
Attachments
(3 files)
(deleted),
image/png
|
Details | |
(deleted),
patch
|
Details | Diff | Splinter Review | |
(deleted),
image/jpeg
|
Details |
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2+) Gecko/20010718
BuildID: 2001071806
This has been ongoing for a few weeks now and I keep forgetting about it. I do
not know how this message gets generated by my mail server, but every so often I
get a message on logging in that I already have an active POP session and
therefore can't log in again.
Upon recieving this message, Mozilla prompts me for a new password and forgets
my old one.
Reproducible: Always
Steps to Reproduce:
1.Have Mail running.
2.Somehow get your mail server to respond back with you already have an active
pop session.
3.Try to retrieve mail.
Actual Results: Authentication failed, my password was forgotten, and I was
prompted for a new one.
Expected Results: Authentication failed.
I did telnet to my pop server and verified that I could not log in from there
either.
Reporter | ||
Comment 1•23 years ago
|
||
Comment 2•23 years ago
|
||
you can cancel the passed dialog. i think this is a won'tfix issue.
Reporter | ||
Comment 3•23 years ago
|
||
After the dialog (with the screenshot) pops up, I get a new dialog as if I
entered the wrong password. It should NOT prompt here for a new password since
the password check did not really fail. Instead, it should do nothing. The
only time you should get an invalid password dialog is when you enter an invalid
password or if it does not know your password (e.g. first use)
Re-assign/mark future if needed, but I don't think this should be marked as
wontfix. It is very confusing to the user, not to mention annoying.
Reporter | ||
Comment 5•23 years ago
|
||
RFC 1939 and RFC 2449 gives POP3 the right to issue error responses on the PASS
command, even if authentication was sucessful.
This is from RFC 1939 Sect. 7 (pg 13).
Possible Responses:
+OK maildrop locked and ready
-ERR invalid password
-ERR unable to lock maildrop
This is from RFC 2449:
8.1.2. The IN-USE response code
This occurs on an -ERR response to an AUTH, APOP, or PASS command.
It indicates the authentication was successful, but the user's
maildrop is currently in use (probably by another POP3 client).
We should parse the negative error respose issued by the PASS command before
forgetting the password. If it contains "IN-USE" or "mail-drop" the password
should NOT be forgotten.
Comment 7•23 years ago
|
||
platform / OS -> ALL / ALL
Reporter | ||
Comment 8•23 years ago
|
||
Hmm, it should have already been OS All because the other dupe was on Windows.
Really changing now.
Adding dataloss keyword since it loses your password. And by definition (
http://bugzilla.mozilla.org/bug_status.html#severity ), a dataloss bug is
severity critical
Comment 10•23 years ago
|
||
*** Bug 98161 has been marked as a duplicate of this bug. ***
Reporter | ||
Comment 11•23 years ago
|
||
I just tested out Eudora 5.02 and Outlook Express 5.5 on a pop server with a
locked maildrop.
Both Eudora and Outlook Express prompt you for a new password. However here,
they do not forget it. The old password can be seen as ********* hitting enter
to the prompt will try again for you without having to re-enter your password.
There is NO REASON for it to forget the password when there can be a server
error. The way I see it, there are two choices here:
1) Parse the server response message and forget the password if the server
responds with an auth error. Leave it alone if the maildrop is locked.
2) Do not EVER forget the mail password in this instance, display the error and
let the user decide if they need to retype the password.
Eudora and OE went with choice #2 it seems.
Reporter | ||
Comment 12•23 years ago
|
||
*** Bug 97810 has been marked as a duplicate of this bug. ***
Comment 13•23 years ago
|
||
*** Bug 98161 has been marked as a duplicate of this bug. ***
Comment 14•23 years ago
|
||
Here is how I think this problem can be fixed. If there is an -ERR response
on the pass command from the server, we can grep the server response text
for "user"/"password" and use the old password if grep fails.
cc jgmyers if he has better suggestion.
Comment 15•23 years ago
|
||
*** Bug 98706 has been marked as a duplicate of this bug. ***
Comment 16•23 years ago
|
||
The problem here is how do you distinguish between bad password and some
other error. I mean bad password response can be anything. Some examples
-invalid password
-invalid login
-failed to login
I cannot think of how we can fix this bug.
Comment 17•23 years ago
|
||
I think the only way we can fix it as caillon suggests is to follow
what outlook and eudora does, prefill the password.
Comment 18•23 years ago
|
||
Per section 8.1.2 of RFC 2449, a POP server can indicate the "mailbox locked"
case by putting an "[IN-USE]" extended response code after the "-ERR". This
does not help the case of nonextended servers.
Reporter | ||
Comment 19•23 years ago
|
||
Can we combine the two suggestions? Something like:
if (PASS fails) {
// display the server message as we do currently
// do NOT forget the password
if (server response contains "[IN-USE]" or "maildrop") {
// do NOT prompt for a new password.
}
else {
// prompt but pre-fill the password box.
}
}
Comment 20•23 years ago
|
||
Looks like Christopher Aillon is on to something. Please save us from this
dreaded password bug!
Comment 21•23 years ago
|
||
We don't prefill the password for imap either. I think we cannot just change
for one protocol and leave other as is. Also, it is debatable because some
users would complain that they have to delete the old password and
enter the new password.
I am willing to add the "[IN-USE]" check. Can I get a test account on a server
that sends this extended response code
Status: NEW → ASSIGNED
Reporter | ||
Comment 22•23 years ago
|
||
> users would complain that they have to delete the old password and
> enter the new password.
No they wouldn't. Give the password text field focus and highlight the existing
text. If they type, it should delete without them having to add any steps to
their process.
Comment 23•23 years ago
|
||
Comment 24•23 years ago
|
||
Can, I get a test server to test this fix.
Comment 25•23 years ago
|
||
Always a problem for me here: http://www.audioasylum.com/forums/HUG/bbs.html
Comment 26•23 years ago
|
||
Sorry about that last bogus coment, I was half asleep and was thinking about
95459...
There's something else going on with this, at least for me. When I get a
mailbox in use error, if I type in my correct password, I then get a bad login
error, which will prompt for a password, and if I type it in, I get the bad
login again. This will repeat indefinately, unless I cancel out, hit get
messages, and then type in the password. For some reason, while the original
diaplog box is up, it's not getting the right password.
Comment 27•23 years ago
|
||
I get this fairly frequently with the message "The PASS command did not succeed.
The mail server responded: mail storage services unavailable, wait a few minutes
and try again."
The solution in #19 would fail for me, it's obviously tricky to try and
determine what text could be included in trying to determine if the password
should be re-tried without prompting.
I like the solution in #22, no matter what the error why not prompt but prefill
the password leaving it selecting so that typing a new password dosn't require
further steps from the user, this reduces #19 to :
if (PASS fails) {
// display the server message as we do currently
// do NOT forget the password
// prompt but pre-fill the password box.
}
is there a reason why this cannot be the case?
Comment 28•23 years ago
|
||
Just wanted to add that this is a real problem occurring regularly for me
because i have Moz running at home and at work and sometimes they just try to
check mail at the same time.
I support the proposal at #22, but another solution would be to make the first
dialog like "The PASS command did not succeed. The mail server responded: mail
storage services unavailable, wait a few minutes
and try again. Change password?" (wording probably not good) with buttons Yes
and No. Another possibility would be "Try again?" or "Try again later?".
Comment 29•23 years ago
|
||
*** Bug 115408 has been marked as a duplicate of this bug. ***
Comment 30•23 years ago
|
||
How about this:
If PASS command fails and the dialog is displayed, there would also be a
checkbox (or whatever it is called in Mozilla) for "Do not ask for a new
password if this error occurs" and it could even be checked by default. Or maybe
even the other way around: leave it unchecked but reverse the meaning (like "ask
for a new password when this error occurs". Of course it could try to parse the
server response and decide which is the correct state for the checkbox. I'll add
a screenshot...
Comment 31•23 years ago
|
||
Reporter | ||
Updated•23 years ago
|
Keywords: mozilla0.9.8
Reporter | ||
Comment 32•23 years ago
|
||
*** Bug 115466 has been marked as a duplicate of this bug. ***
Reporter | ||
Comment 33•23 years ago
|
||
From comment 28
>it's obviously tricky to try and determine what text could be included in
>trying to determine if the password should be re-tried without prompting.
No it's not. It is in the RFC. If the mailserver you use doesn't follow the
standards, we certainly shouldn't go guessing. But there is nothing wrong with
omitting the prompt for those on servers who follow the RFC. It might be argued
that it is an unneeded check if we do the following. But I think though that
omitting the prompt is the best choice. The server tells us that it's not
letting us in because of a locked maildrop but the password is OK. We should
honor it.
Anyway we should always give the user the choice of changing the password in the
case that we determine PASS has failed for whatever reason and our check has failed.
Comment 34•23 years ago
|
||
>Anyway we should always give the user the choice of changing the password in the
>case that we determine PASS has failed for whatever reason and our check has
failed.
But you should give the user the choice to keep the pwd in case the server gives
the pass command not succeded answer and not always ask for it, too. The user
should be able to configure that.
In case you say, the mail server doesn't keep that and that standard, the normal
user is not interested. This always asking to my mind is a block for
daily/normal/business or whatever use of moz-mail.
For example my mail-provider yahoo had that problem for two days and I was so
f**** off of always typing in again the correct password that I thought of
changing to Outlook Express or other mail client (which I didn't do by now, but
will, in case that thing is not changed)
Comment 35•23 years ago
|
||
*** Bug 117223 has been marked as a duplicate of this bug. ***
Comment 36•23 years ago
|
||
*** Bug 121647 has been marked as a duplicate of this bug. ***
Comment 37•23 years ago
|
||
There is a CANCEL button in the dialog asking for a new server password.
If the user clicks CANCEL, the old pw should not be forgotten.
This should be true regardless of how or whether Mozilla can parse error
messages to recognize common situations. If Mozilla ends up asking for a
new password, then the old pw should be retained if the user doen't
supply a new one.
See also bug 121647
Comment 38•23 years ago
|
||
The Cancel button also cancels the mail client from retrying the login to the
mail server.
If this is the approach to take, then there also needs to be a [RETRY] with
cached password button, and this should be obvious in the pop-up dialog.
My ISP is admitting on their status page that their mail server is returning bad
password erroneously.
My personal preference is to set the password when I set up the POP/IMAP account
name up in the account settings, and that I would have to go there to change it.
Otherwise when there is any error with connecting to the mail server (As there
often is) I can either click [RETRY] or [CANCEL]. Also the dialog box on
Outlook being popped up does not prevent the mail server from retrying again,
and it removes the dialog box when the retry eventually succeeed.
Many mail server administrators do not seem to understand how to migrate from
one mail server to another. They seem to make the common mistake of putting the
new mail server on the Internet with no accounts, and then while it is happily
bouncing all incoming mail with "Account does not exist" adding the user accounts.
It is best to make the mail client tolerant of malfunctioning mail servers and
incompetent mail administrators.
Comment 39•23 years ago
|
||
It appears someone has changed the behavior in 2002012903 so that it retries
automatically on a mailbox in use failure. However, the problem noted in #26
hasn't been fixed, and it just loops indefinately (almost too fast to break out
of if you're Ethernet connected to the mail server) in a bad password loop and
never asks for a new one.
Reporter | ||
Comment 40•23 years ago
|
||
*** Bug 124227 has been marked as a duplicate of this bug. ***
Reporter | ||
Comment 41•23 years ago
|
||
*** Bug 125429 has been marked as a duplicate of this bug. ***
Comment 42•23 years ago
|
||
Discussed in 2/26 bug meeting with Mktg Engineering and PjM. Decision was to
nsbeta1 minus and move to 1.2.
Comment 43•23 years ago
|
||
I run Mozilla 0.9.9 under Win2k. The pop3-password stored in mozilla mail is
incorrect, and a dialogue box appers that sais: "The PASS Command did not
succeed. Mail server mail.wspse.de responded: Authentication failed (bad password?)
(Screenshot at http://s-inf.de/temp/pop3.gif )
Now mozilla does not offer _any_ way to correct the password. Is there a
workaround how I can access my mailbox without deleting and recreating the account?
In my opinion, on authenification error, mozilla should always ask for a new
password, and say: "The authentication wasn't successfull", with a "TRY AGAIN"
Buttion and the old password with ********. You can then retype a new password.
Mozilla should now ONLY save the new password IF the login with the new password
was successfull, otherwise keep the old one (as is most probably isn't a "bad
password" that prevents the user from logging in, and the user would lose his
correct, saved password).
Regards, Klaus.
Comment 44•23 years ago
|
||
> Is there a workaround how I can access my mailbox without deleting and
> recreating the account?
If an incorrect password was saved, you can always go into the password-manager
dialog and remove it. However you are correct in that the mailnews program
should have removed the bad password once it got an authentication failure.
Comment 45•23 years ago
|
||
No, the password must not be cleared automatically, because (as previously
mentioned) an authentication failure may also happen because of a mailbox lock.
Comment 46•23 years ago
|
||
Thank you for the advice.
If you don't know that the mail passwords are stored in the password manager,
you search for a long time how to change the password.
I suggest the following behavior of mozilla:
- if auth fails, say "Auth. failed, probably because of bad password" and offer
old password as ****** in a field.
- When user clicks OK, try with the password in the field.
- ONLY IF auth. now works with the new password, store it. Otherwise keep the
old password untouched.
Comment 47•23 years ago
|
||
Yes, if auth failed, it is not supposed to be remembered. I thought that's how
mail/news implemented it, but perhaps there is a bug in the implementation.
Comment 48•23 years ago
|
||
Oh, sorry, I didn't see comment #45 before I posted.
Is there no way to distinguish between the two types of failures? It would be
very desirable if you could.
Comment 49•23 years ago
|
||
Following on from <a HREF="#c45">comment #45</a>, I'd like to remind you guys
that authentication failures also occur because of a timeout during
establishment of the POP session. In other words if you don't type in the
password when promted, but leave the dialog hanging around for a minute or so,
it erases the old password and prompts you for a new one.
If this seems like an unlikely sceario, consider those of you like me, who
despite your 1Ghz laptop, still make sure to time booting up Mozilla in the
morning to coincide with fetching your first cup of coffee.
As a result, I have to reenter my password at least once a week! And since the
POP password given to me by my domaion provider is in fact an 'unguessable'
(read 'unmemorisable'!) password, like "EkUdslUdx", that means I have to leave
an easily accessible copy of the password lying around - which renders the whole
idea of having strong passwords redundent!
Also, I'm not sure why the keywords for this bug include mozilla0.9.8 0. I've
been experiencing this problem for as long as I can remember with the 0.x series!
Comment 50•23 years ago
|
||
HCI observation:
Server lock, timeout or failed connection (i.e. the password is good and needs
to be kept) is by far the more common use case and should be optimised for in
the UI, so retaining it and having a single click "try again" is essential.
Having the same dialogue also contain the starred password input box so it can
potentially be changed also makes it convenient for the rarer case where the
password is wrong.
It is possible to do this neatly and elegantly without trying to parse the
response code (which is at best a vague process, there's no standard) nor trying
to understand why the connection failed - that information can simply be
presented opaquely to the user, e.g. "Could not connect to the mail server -
reason given: xxxxx"
Christopher Allion (and Eudora and Microsoft) had it dead right to begin with.
Comment 51•23 years ago
|
||
Now that bug 121926 is fixed, this one will cause trouble again.
Comment 52•22 years ago
|
||
*** Bug 158508 has been marked as a duplicate of this bug. ***
Comment 53•22 years ago
|
||
*** Bug 158946 has been marked as a duplicate of this bug. ***
Reporter | ||
Comment 54•22 years ago
|
||
Re-nominating for nsbeta.
Comment 55•22 years ago
|
||
I never had any problems with this up to 1.0. I have installed 1.1a and now
1.1b and keep getting prompted for the password. This happens intermittently
when Mozilla polls for new messages, probably my ISP goes on the blink for a
minute. It is currently the most annoying "feature" of Mozilla.
Comment 56•22 years ago
|
||
*** Bug 162272 has been marked as a duplicate of this bug. ***
Comment 57•22 years ago
|
||
Could someone re-summarise this bug so that the description:
a. Makes more sense, and
b. Is easier to find when searching for dupes?
Perhaps:
POP3: should only forget/prompt for new password if password really incorrect
(although I'd like the word 'locked' in there somewhere).
Just a comment to note that RFC1939 does not mandate any message text at all in
the response to a failed PASS command. Also, I've seen a fair number of POP3
servers, and none of them implement the RESP-CODES capability in RFC 2449. I'm
sure some exist, but I wouldn't say they're in the majority.
Christopher is right. We should check for [IN-USE], but we must fallback to
providing a 'try again' option for servers that support RFC 1939 and not RFC
2449.
Comment 58•22 years ago
|
||
Just do it that way and everyone will be happy:
If login fails, open a Dialogue Box: "Login has failed. This could be because an
incorrect password, or another failure. You can edit your password here. The new
password will only be stored if Login is successful now.". The user now has a
field with the old password in *****.
If (and only if!) login is successful with the new password, store it. Otherwise
ignore the new password, and show the dialogue box again with the old password
in *****.
When the user presses "cancel", do never store a new password.
You will now be happy every time: You cannot accidently change your password
(because it is not stored if login failes again), but if login succeeds with the
new one, it will be stored.
You should not try to look at the POP3 responses; that's not a depandable way.
Regards,
Klaus
Comment 59•22 years ago
|
||
Another possibility would be to try twice before reprompting. That would take
care of some of the transient errors.
Comment 60•22 years ago
|
||
When Mozilla gets a bad password message, if it is not acknowleged, it should
just timeout and retry later with the last known good password.
There should be a button to tell it to retry later.
The user should not need to reenter their password unless they know for sure
that it changed.
The mail server that I must use for my home broadband connection regularly goes
into the mode where it eroneously claims a bad password. It will stay in this
state for hours at a time.
With other mail clients, this is not a big deal, as they will just retry.
Comment 61•22 years ago
|
||
OK, to finally close this annoying bug:
As we all seem to agree to this solution, could someone put this into the code:
1.)
If login falis, prompt for new password, with old password in "******". Show
buttons "RETRY" and "CANCEL", and a message "Note: New password will only be
stored if login is successful."
2a.) If user changes password and presses RETRY: Retry login with new password.
Store it and finish if succeeded, otherwise show dialogue again with old
password in "******".
2b.) If user presses RETRY without changing the password: Just retry with old
password. Success --> finish, Failure --> Show dialogue again.
2c.) If user presses CANCEL: Abort and close dialogue, do NOT change any saved
password.
3.) Mark this endless thrad solved :)
Regards,
Klaus
Comment 62•22 years ago
|
||
This sounds like a dup of bug 160425 for which I currently have a patch pending
and am waiting for reviews.
*** This bug has been marked as a duplicate of 160425 ***
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Comment 64•22 years ago
|
||
I don't think this is a dupe 160425, this happens all the time when the server
IS available. just now I cancelled the damn request, after giving it the
password 3 times and IMMEDIATELY pulled the mail from both POP accounts.
Comment 65•22 years ago
|
||
*** Bug 170713 has been marked as a duplicate of this bug. ***
Comment 66•22 years ago
|
||
reopening. that is an imho pretty bad way to fix this bug.
Something like comment 11 / comment 19 would be nice.
Status: VERIFIED → REOPENED
Resolution: DUPLICATE → ---
Comment 68•22 years ago
|
||
I am unsure if mine is the exact problem the others are complaining about.
I have already established my name and password on a news account. It should be
good for all 30,000 newsgroups it supports. Yet, every time I subscribe to a
newsgroup I am prompted yet again for a name & password. So how many [presumably
encrypted] copies of that passowrd are floating around? My news server is
happy with a single password entry, why isn't Mozilla?
I have tested on some smaller groups. It did not prompt me for a password. So
the problem may be confined to busier newsgroups (like over 100 message
headers). Also, unlike some comments below, my authentication works, so far.
Comment 69•22 years ago
|
||
*** Bug 188072 has been marked as a duplicate of this bug. ***
Comment 70•22 years ago
|
||
Additionally, if I type a wrong password for a first time, I get the window with
"wrong password" alert and the field for a new password. After typing new
(correct or not) password, dialog closes with no attempt to connect again.
Should it be trying to authenticate all the time until I hit "cancel" button?
Now, I have to restart mail fetch process.
Comment 71•22 years ago
|
||
*** Bug 191391 has been marked as a duplicate of this bug. ***
Updated•22 years ago
|
Keywords: mozilla0.9.8
Comment 73•21 years ago
|
||
I think have a similar problem as this one: after a bluescreen on w2k (page
fault in non paged segment) I'm no more able to send mails (as I did 800 times
before) The current state is that mozilla requires the password for my mail
account whenever I want top send a mail. But even if I enter the correct
password this pop-up window comes again and again disabling me to send any more
mails from within mozilla. Its a very strange behavior because on the outgoing
setting I unmarked the 'use name and password' item. (if I go to the provider's
web page and enter my mail right there everything works fine.) Even a
reinstallation of the account does not help. It seems like somewhere in the
registry an invalid pattern must be stored. --> problem cathegory: urgent, very
high priority
Comment 74•21 years ago
|
||
Parsing the servers error message is bad behaviour as this is only freetext
without real meaning.
Support for extended response codes according to RFC 2449 resp. 3206 has been
implemented through bug 151452 and bug 219282.
So the specific problem which this bug refers to is fixed (at least for servers
supporting the extended codes).
I think we should close this bug in favour of the more general and recent bugs
160425 and 219162.
Comment 75•21 years ago
|
||
I agree with Christian - resolving as dup of 219162
*** This bug has been marked as a duplicate of 219162 ***
Status: NEW → RESOLVED
Closed: 22 years ago → 21 years ago
Resolution: --- → DUPLICATE
Comment 76•21 years ago
|
||
Nice to see this bug (and bug 219162) fixed. But there is still a related issue
in bug 189633. Now, in case of POP error, MailNews doesn't forget the password
but annoy the user with endless error Alerts.
Updated•20 years ago
|
Product: MailNews → Core
Comment 77•17 years ago
|
||
Fixed! i don't see where its fixed, AFAIK it still does what it's always done, looses your password whatever the cause of the failed connection is. Regardless of the reason the mail client fails to connect (pop3 server down, busy, no internet connection, local network failure, wan failure etc.) pressing cancel should NOT remove the password from password manager unless requested to do so by the user. I use obscure passwords difficult to remember and multiple email accounts, it's VERY annoying to have to retype all the passwords every time Thunderbird fails to connect to the pop3 servers whatever the reason.
Updated•16 years ago
|
Product: Core → MailNews Core
You need to log in
before you can comment on or make changes to this bug.
Description
•