[epiphany/mcatanzaro/password-fixes: 5/5] FormManager: sanity-check before saving passwords

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [epiphany/mcatanzaro/password-fixes: 5/5] FormManager: sanity-check before saving passwords
Date: Tue, 13 Nov 2018 23:10:15 +0000 (UTC)
commit 30313ad34ca9cf49c80fad7a549b2dd7eb92ca38
Author: Michael Catanzaro <mcatanzaro igalia com>
Date:   Tue Nov 13 16:44:14 2018 -0600

    FormManager: sanity-check before saving passwords
    
    This implements the same sanity checks we now have in the UI process,
    but in the web process as well, to avoid bothering the UI process if the
    password is just going to be dropped anyway.
    
    In combination with several previous commits, this fixes #575.

 embed/web-extension/resources/js/ephy.js | 44 ++++++++++++++++++--------------
 1 file changed, 25 insertions(+), 19 deletions(-)
---
diff --git a/embed/web-extension/resources/js/ephy.js b/embed/web-extension/resources/js/ephy.js
index 4ef0c0e9e..fc453584b 100644
--- a/embed/web-extension/resources/js/ephy.js
+++ b/embed/web-extension/resources/js/ephy.js
@@ -500,9 +500,19 @@ Ephy.FormManager = class FormManager
             return;
         }
 
-        if (!this._formAuth.passwordNode.value)
+        if (!this._formAuth.passwordNode.value || !this._formAuth.passwordNode.name)
             return;
 
+        let password = this._formAuth.passwordNode.value;
+        let passwordField = this._formAuth.passwordNode.name;
+
+        let username = null;
+        let usernameField = null;
+        if (this._formAuth.usernameNode && this._formAuth.usernameNode.value && 
this._formAuth.usernameNode.name) {
+            username = this._formAuth.usernameNode.value;
+            usernameField = this._formAuth.usernameNode.name;
+        }
+
         this._formAuth.url = new URL(String(window.location));
         try {
             this._formAuth.targetURL = new URL(this._form.action);
@@ -523,23 +533,21 @@ Ephy.FormManager = class FormManager
         Ephy.passwordManager.query(
             this._formAuth.url.origin,
             this._formAuth.targetURL.origin,
-            this._formAuth.usernameNode && this._formAuth.usernameNode.value ? 
this._formAuth.usernameNode.value : null,
-            this._formAuth.usernameNode ? this._formAuth.usernameNode.name : null,
-            this._formAuth.passwordNode.name ? this._formAuth.passwordNode.name : null).then(function 
(authInfo) {
+            username,
+            usernameField,
+            passwordField).then(function (authInfo) {
                 if (authInfo) {
-                    if (authInfo.username == self._formAuth.usernameNode.value &&
-                        authInfo.password == self._formAuth.passwordNode.value) {
+                    if (authInfo.username == username && authInfo.password == password) {
                         Ephy.log('User/password already stored. Not asking about storing.');
                         return;
                     }
 
                     if (permission == Ephy.Permission.PERMIT) {
                         Ephy.log('User/password not yet stored. Storing.');
-                        Ephy.passwordManager.save(self._formAuth.url.origin, self._formAuth.targetURL.origin,
-                                                  self._formAuth.usernameNode && 
self._formAuth.usernameNode.value ? self._formAuth.usernameNode.value : null,
-                                                  self._formAuth.passwordNode.value ? 
self._formAuth.passwordNode.value : null,
-                                                  self._formAuth.usernameNode ? 
self._formAuth.usernameNode.name : null,
-                                                  self._formAuth.passwordNode.name ? 
self._formAuth.passwordNode.name : null,
+                        Ephy.passwordManager.save(self._formAuth.url.origin,
+                                                  self._formAuth.targetURL.origin,
+                                                  username, password,
+                                                  usernameField, passwordField,
                                                   false);
                         return;
                     }
@@ -549,14 +557,12 @@ Ephy.FormManager = class FormManager
                     Ephy.log('No result on query; asking whether we should store.');
                 }
 
-                Ephy.passwordManager.requestSave(
-                    self._formAuth.url.origin, self._formAuth.targetURL.origin,
-                    self._formAuth.usernameNode && self._formAuth.usernameNode.value ? 
self._formAuth.usernameNode.value : null,
-                    self._formAuth.passwordNode.value ? self._formAuth.passwordNode.value : null,
-                    self._formAuth.usernameNode ? self._formAuth.usernameNode.name : null,
-                    self._formAuth.passwordNode.name ? self._formAuth.passwordNode.name : null,
-                    authInfo == null,
-                    self._pageID);
+                Ephy.passwordManager.requestSave(self._formAuth.url.origin,
+                                                 self._formAuth.targetURL.origin,
+                                                 username, password,
+                                                 usernameField, passwordField,
+                                                 authInfo == null,
+                                                 self._pageID);
             }
         );
     }
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]