New issue
Advanced search Search tips

Issue 611035 link

Starred by 0 users
Status: Fixed
Owner:
vasi...@chromium.org
Closed: May 2016
Cc:
vasi...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug



Sign in to add a comment

Credential Manager API: Clash between password and federated creds with the same username

Project Member Reported by vabr@chromium.org, May 11 2016 
Version: 52.0.2732.0
OS: GNU/Linux, but platform independent

What steps will reproduce the problem?
(1) Visit https://w3c.github.io/webappsec/demos/credential-management/
(2) Sign in with "Sign in via identityindustries.com", accept to save the credential.
(3) Sign out.
(4) Sign in via the password form. Use ichabald@industrious.com as the username and anything non-empty as password. Accept to save the credential.

What is the expected output?
Both credentials get saved.

What do you see instead?
The second credential replaces the first. Chrome outputs:
[31148:31172:0511/154557:ERROR:connection.cc(1912)] Passwords sqlite error 2067, errno 0: UNIQUE constraint failed: logins.origin_url, logins.username_element, logins.username_value, logins.password_element, logins.signon_realm, sql: INSERT INTO logins (origin_url, action_url, username_element, username_value,  password_element, password_value, submit_element,  signon_realm, ssl_valid, preferred, date_created, blacklisted_by_user,  scheme, password_type, possible_usernames, times_used, form_data,  date_synced, display_name, icon_url, federation_url, skip_zero_click, generation_upload_status) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)

Comment 1 by vasi...@chromium.org, May 11 2016

Owner: vasi...@chromium.org
Status: Started (was: Available)

Comment 2 by vasi...@chromium.org, May 11 2016 

Federated credentials have wrong signon_realm. It's a result of r391260.
Project Member

Comment 3 by bugdroid1@chromium.org, May 11 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/032bf70d261ff99daeae51e28583fd23e2458415

commit 032bf70d261ff99daeae51e28583fd23e2458415
Author: vasilii <vasilii@chromium.org>
Date: Wed May 11 18:16:00 2016

Save federated credential's signon_realm in the correct format.

It should be "federation://<origin>/<federation provider>". After https://codereview.chromium.org/1946563003 it became just "<origin>" like for normal credentials. Therefore, password and federated credentials started to overwrite each other in the password storage.

BUG= 611035 

Review-Url: https://codereview.chromium.org/1965413003
Cr-Commit-Position: refs/heads/master@{#392994}

[modify] https://crrev.com/032bf70d261ff99daeae51e28583fd23e2458415/components/password_manager/content/browser/credential_manager_impl_unittest.cc
[modify] https://crrev.com/032bf70d261ff99daeae51e28583fd23e2458415/components/password_manager/core/browser/password_form_manager.cc

Comment 4 by vasi...@chromium.org, May 12 2016

Labels: Merge-Request-51
I want to merge r392994. Without the fix all the federated credentials saved in the wrong format.

Comment 5 by tin...@google.com, May 12 2016

Labels: -Merge-Request-51 Merge-Approved-51 Hotlist-Merge-Approved
Your change meets the bar and is auto-approved for M51 (branch: 2704)

Comment 6 by gov...@chromium.org, May 12 2016 

Please merge your change to M51 branch 2704 before 5:00 PM PST, Monday (05/16/16), so we can take it in for next week LAST M51 beta release. Thank you.
Project Member

Comment 7 by bugdroid1@chromium.org, May 13 2016

Labels: -merge-approved-51 merge-merged-2704
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4c9e6fdc6f7288622d8030401190d0a25eca746f

commit 4c9e6fdc6f7288622d8030401190d0a25eca746f
Author: Vasilii Sukhanov <vasilii@chromium.org>
Date: Fri May 13 13:39:34 2016

Save federated credential's signon_realm in the correct format.

It should be "federation://<origin>/<federation provider>". After https://codereview.chromium.org/1946563003 it became just "<origin>" like for normal credentials. Therefore, password and federated credentials started to overwrite each other in the password storage.

BUG= 611035 
TBR=cfroussios@chromium.org

Review-Url: https://codereview.chromium.org/1965413003
Cr-Commit-Position: refs/heads/master@{#392994}
(cherry picked from commit 032bf70d261ff99daeae51e28583fd23e2458415)

Review URL: https://codereview.chromium.org/1978513003 .

Cr-Commit-Position: refs/branch-heads/2704@{#534}
Cr-Branched-From: 6e53600def8f60d8c632fadc70d7c1939ccea347-refs/heads/master@{#386251}

[modify] https://crrev.com/4c9e6fdc6f7288622d8030401190d0a25eca746f/components/password_manager/content/browser/credential_manager_dispatcher_unittest.cc
[modify] https://crrev.com/4c9e6fdc6f7288622d8030401190d0a25eca746f/components/password_manager/core/browser/password_form_manager.cc

Comment 8 by vasi...@chromium.org, May 13 2016

Status: Fixed (was: Started)

Comment 9 by kavvaru@chromium.org, May 18 2016

Labels: TE-Verified-51.0.2704.54 TE-Verified-M51
Tested the issue on windows 7, Linux Ubuntu 14.04 and Mac 10.11.4 using chrome version 51.0.2704.54.
Able to see the two passwords saved with same username.Please find the attached screen cast for the same.

Adding TE-Verified label.

Thanks,
611035.mp4
1.8 MB Download

Sign in to add a comment