Password generation forgets password on change |
|||||
Issue descriptionSteps to reproduce: 1) Go to https://rsolomakhin.github.io/autofill/ 2) In the Name/Password section generate a password. 3) Verify that the password appears in chrome://settings/passwords 4) Append any character to the password Now observe that the password is not stored anymore according to chrome://settings/passwords.
,
Jun 22 2018
One caveat, in order to see an updated password in chrome://settings/passwords, the password needs to be hidden and then shown again, for some reasons it's not updated when visible.
,
Jun 22 2018
====== 1) Go to https://rsolomakhin.github.io/autofill/ ====== Message: PasswordAutofillAgent::DidStartProvisionalLoad The new state of the UI: 0 Message: PasswordAutofillAgent::SendPasswordForms only_visible: false Security origin: https://rsolomakhin.github.io/ Number of all forms: 7 Form is a password form: { Action : https://example.com/ , New password element : , Origin : https://rsolomakhin.github.io/ , PSL match : false, Password element : password , Password generated : false, Scheme : HTML , Signon realm : https://rsolomakhin.github.io/ , Times used : 0, Username element : name } Message: PasswordManager::CreatePendingLoginManagers SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Number of pending login managers (before): 0 Adding manager for form: { Signature of form: 11161482137509878464 Signon realm: https://rsolomakhin.github.io/ Origin: https://rsolomakhin.github.io/ Action: https://example.com/ Form name: np Form fields: name: 3489289364, type=text password: 2051817934, type=password } Message: FormFetcherImpl::Fetch FormFetcherImpl::state_: 1 Number of pending login managers (after): 1 Message: Generation invalid PasswordForm Message: Generation invalid PasswordForm Message: Generation invalid PasswordForm Message: Generation invalid PasswordForm SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Message: Generation invalid PasswordForm Message: Generation invalid PasswordForm Message: Generation invalid PasswordForm Generation possible account creation forms: 1 Message: Generation: no non-blacklisted confirmation SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Server predictions: { Signature of form: 10519201316547307791 Origin: https://rsolomakhin.github.io/ Action: https://example.com/ Form fields: name: 3489289364, type=text, SERVER_PREDICTION: NAME_FULL address: 509334676, type=text, SERVER_PREDICTION: ADDRESS_HOME_STREET_ADDRESS city: 2098554694, type=text, SERVER_PREDICTION: ADDRESS_HOME_CITY state: 1878375253, type=select-one, SERVER_PREDICTION: ADDRESS_HOME_STATE zip: 569224803, type=text, SERVER_PREDICTION: ADDRESS_HOME_ZIP country: 3654076265, type=text, SERVER_PREDICTION: ADDRESS_HOME_COUNTRY email: 420638584, type=text, SERVER_PREDICTION: EMAIL_ADDRESS phone: 1635119699, type=text, SERVER_PREDICTION: PHONE_HOME_CITY_AND_NUMBER } Server predictions: { Signature of form: 9118006264864951514 Origin: https://rsolomakhin.github.io/ Action: https://example.com/ Form fields: name: 3489289364, type=text, SERVER_PREDICTION: CREDIT_CARD_NAME_FULL CCNo: 2038457965, type=text, SERVER_PREDICTION: CREDIT_CARD_NUMBER CCExpiresMonth: 1874155745, type=select-one, SERVER_PREDICTION: CREDIT_CARD_EXP_MONTH CCExpiresYear: 2992415869, type=select-one, SERVER_PREDICTION: CREDIT_CARD_EXP_4_DIGIT_YEAR cvc: 2836487997, type=text, SERVER_PREDICTION: CREDIT_CARD_VERIFICATION_CODE } Server predictions: { Signature of form: 2414262792596421371 Origin: https://rsolomakhin.github.io/ Action: https://example.com/ Form fields: name: 3489289364, type=text, autocomplete=off, SERVER_PREDICTION: NAME_FULL address: 509334676, type=text, autocomplete=off, SERVER_PREDICTION: ADDRESS_HOME_STREET_ADDRESS city: 2098554694, type=text, autocomplete=off, SERVER_PREDICTION: ADDRESS_HOME_CITY state: 1878375253, type=select-one, autocomplete=off, SERVER_PREDICTION: ADDRESS_HOME_STATE zip: 569224803, type=text, autocomplete=off, SERVER_PREDICTION: ADDRESS_HOME_ZIP email: 420638584, type=text, autocomplete=off, SERVER_PREDICTION: EMAIL_ADDRESS phone: 1635119699, type=text, autocomplete=off, SERVER_PREDICTION: PHONE_HOME_CITY_AND_NUMBER } Server predictions: { Signature of form: 13447302746672280161 Origin: https://rsolomakhin.github.io/ Action: https://example.com/ Form fields: name: 3489289364, type=text, SERVER_PREDICTION: NAME_FULL address: 509334676, type=text, SERVER_PREDICTION: ADDRESS_HOME_STREET_ADDRESS city: 2098554694, type=text, SERVER_PREDICTION: ADDRESS_HOME_CITY state: 1878375253, type=select-one, SERVER_PREDICTION: ADDRESS_HOME_STATE zip: 569224803, type=text, SERVER_PREDICTION: ADDRESS_HOME_ZIP country: 3654076265, type=text, SERVER_PREDICTION: ADDRESS_HOME_COUNTRY email: 420638584, type=text, SERVER_PREDICTION: EMAIL_ADDRESS same: 2770979949, type=checkbox s_name: 2114321042, type=text, SERVER_PREDICTION: NAME_FULL s_address: 1183287088, type=text, SERVER_PREDICTION: ADDRESS_HOME_STREET_ADDRESS s_city: 427350874, type=text, SERVER_PREDICTION: ADDRESS_HOME_CITY s_state: 2524899095, type=select-one, SERVER_PREDICTION: ADDRESS_HOME_STATE s_zip: 152203277, type=text, SERVER_PREDICTION: ADDRESS_HOME_ZIP s_country: 3978392364, type=text, SERVER_PREDICTION: ADDRESS_HOME_COUNTRY s_email: 2115670289, type=text, SERVER_PREDICTION: EMAIL_ADDRESS } Message: PasswordAutofillAgent::SendPasswordForms only_visible: true Security origin: https://rsolomakhin.github.io/ Number of all forms: 7 Form found on page: { Action : https://example.com/ , Form name or ID : addr1_1 } Form is visible: true Form found on page: { Action : , Form name or ID : form300 } Form is visible: true Form found on page: { Action : , Form name or ID : form300off } Form is visible: true Form found on page: { Action : https://example.com/ , Form name or ID : cc1_1 } Form is visible: true Form found on page: { Action : https://example.com/ , Form name or ID : np } Form is visible: true Form is a password form: { Action : https://example.com/ , New password element : , Origin : https://rsolomakhin.github.io/ , PSL match : false, Password element : password , Password generated : false, Scheme : HTML , Signon realm : https://rsolomakhin.github.io/ , Times used : 0, Username element : name } Form found on page: { Action : https://example.com/ , Form name or ID : addr1_1off } Form is visible: true Form found on page: { Action : https://example.com/ , Form name or ID : addr1_sections } Form is visible: true Some control elements not associated to a form element are visible: false Message: PasswordManager::CreatePendingLoginManagers SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Number of pending login managers (before): 1 Number of pending login managers (after): 1 Message: PasswordManager::OnPasswordFormsRendered Message: PasswordManager::CanProvisionalManagerSave Message: No provisional save manager Message: Generation invalid PasswordForm Message: Generation invalid PasswordForm Message: Generation invalid PasswordForm Message: Generation invalid PasswordForm SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Message: Generation invalid PasswordForm Message: Generation invalid PasswordForm Message: Generation invalid PasswordForm Generation possible account creation forms: 2 Message: Generation: no non-blacklisted confirmation Message: Generation: no non-blacklisted confirmation Message: FormFetcherImpl::OnGetPasswordStoreResults Number of results from the password store: 0 Message: PasswordFormManager::ProcessMatches SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Message: Generation: no server signal Message: Generation: no server signal ====== 2) In the Name/Password section generate a password. ====== Captured password manager logs are listed below. Logs are cleared and no longer captured when all password-manager-internals pages are closed. Message: Show generation popup triggered manually Message: Generated password accepted SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Message: PasswordFormManager::ProcessMatches The new state of the UI: 2 ====== 3) Verify that the password appears in chrome://settings/passwords ====== [no output] ====== 4) Append any character to the password ====== [I focussed the password field, appended the character 'a' and unfocussed the password field] SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Message: PasswordFormManager::ProcessMatches The new state of the UI: 2 Message: FormFetcherImpl::Fetch FormFetcherImpl::state_: 1 Message: FormFetcherImpl::OnGetPasswordStoreResults Number of results from the password store: 1 Message: PasswordFormManager::ProcessMatches SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Message: PasswordManager::Autofill wait_for_username: false Message: Generation: account creation form already found Message: PasswordAutofillAgent::OnFillPasswordForm ambiguous_or_empty_names: false Number of potential forms to fill: 1 form_data's wait_for_username: false form_contains_fillable_username_field: false username_field_name empty: true password_field_name empty: false Message: FillUserNameAndPassword in PasswordAutofillAgent Message: Username to fill matches that on the page SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Message: PasswordFormManager::ProcessMatches The new state of the UI: 3 Filled password element named: password Message: FormFetcherImpl::Fetch FormFetcherImpl::state_: 1 Message: FormFetcherImpl::OnGetPasswordStoreResults Number of results from the password store: 0 Message: PasswordFormManager::ProcessMatches SSL errors present: false IsPasswordManagementEnabledForCurrentPage: true Message: Generation: account creation form already found ====== 5) Observe that no credential is stored ====== - At this point chrome://settings/passwords has no entry for https://rsolomakhin.github.io/ (even if I refresh the page) - At this point, https://rsolomakhin.github.io/autofill/ still shows the key icon in the omnibar. If I refresh, the key icon is gone. Chromium 69.0.3470.0 (Developer Build) custom (64-bit) Revision abd8e1e73eafee7c8d16e47a830733af2fcad8bc-refs/heads/master@{#569613} OS Linux
,
Jun 22 2018
,
Jun 22 2018
,
Jun 28 2018
The reason is the following: 1.When password is updated PasswordFormManager makes presaving, which consists of removing previous password and adding new one. 2.UI code in ManagePasswordsState::ProcessLoginsChanged processes passwords updates, finds that there is deletion and initiates filling in PasswordFormManager by calling PasswordManager::UpdateFormManagers(); 3.PasswordFormManager fills the generated password and not it's not considered generated anymore (because it's filled). 4.As result PasswordFormManager::PasswordNoLongerGenerated is called, which removes the generated password from the store. The immediate reason of this regression is the CL https://chromium-review.googlesource.com/c/chromium/src/+/1092745 which captures username. But this CL is correct (before this CL, no username was captures and UI code can't find deletion, because it matches by username). The main problem is that UI tries to propagate information about deletion to backend, despite this deletion has nothing to do with UI. I'm going to fix it. Also it would be better not to autofill generated password to avoid such regression in future.
,
Jul 5
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/cdc4b34576d0d2a5b9391b5dc976edb76a918e8f commit cdc4b34576d0d2a5b9391b5dc976edb76a918e8f Author: Vadym Doroshenko <dvadym@chromium.org> Date: Thu Jul 05 17:25:25 2018 UI code updates PasswordFormManagers only on deletion. UI code should update PasswordFormManager on operations that are initiated from UI but not from operations that initiated from backend. Ideally it would be great that updates have information whether this update come from UI (i.e. from the user) or backend. This CL makes that UI initiates update of PasswordFormManager only when all updates are deletion, now it means or the user cleared browsing data or removed credentials in bubble. In order to test this change, method UpdateFormManager of PasswordManagerClient is introduced. This CL fixes bug with deletion of pre-saved generated password on editing. The details are on the bug. Bug: 852430 Change-Id: Ib9f00edba216d7e16ef3db39ea0dc54a537908db Reviewed-on: https://chromium-review.googlesource.com/1118551 Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org> Commit-Queue: Vadym Doroshenko <dvadym@chromium.org> Cr-Commit-Position: refs/heads/master@{#572822} [modify] https://crrev.com/cdc4b34576d0d2a5b9391b5dc976edb76a918e8f/chrome/browser/password_manager/chrome_password_manager_client.cc [modify] https://crrev.com/cdc4b34576d0d2a5b9391b5dc976edb76a918e8f/chrome/browser/password_manager/chrome_password_manager_client.h [modify] https://crrev.com/cdc4b34576d0d2a5b9391b5dc976edb76a918e8f/chrome/browser/ui/passwords/manage_passwords_state.cc [modify] https://crrev.com/cdc4b34576d0d2a5b9391b5dc976edb76a918e8f/chrome/browser/ui/passwords/manage_passwords_state_unittest.cc [modify] https://crrev.com/cdc4b34576d0d2a5b9391b5dc976edb76a918e8f/components/password_manager/core/browser/password_manager_client.h
,
Jul 5
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by dvadym@chromium.org
, Jun 22 2018