[epiphany/mcatanzaro/password-fixes: 6/6] FormManager: sanity-check before saving passwords

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [epiphany/mcatanzaro/password-fixes: 6/6] FormManager: sanity-check before saving passwords
Date: Wed, 14 Nov 2018 21:22:00 +0000 (UTC)
commit b570c29ce814f916078b4d5e33252c66af799dc9
Author: Michael Catanzaro <mcatanzaro igalia com>
Date:   Tue Nov 13 16:44:14 2018 -0600

    FormManager: sanity-check before saving passwords
    
    This implements the same sanity checks we now have in the UI process,
    but in the web process as well, to avoid bothering the UI process if the
    password is just going to be dropped anyway.
    
    In combination with several previous commits, this fixes #575.

 embed/web-extension/resources/js/ephy.js | 44 ++++++++++++++++++--------------
 1 file changed, 25 insertions(+), 19 deletions(-)
---
diff --git a/embed/web-extension/resources/js/ephy.js b/embed/web-extension/resources/js/ephy.js
index 4ef0c0e9e..fc453584b 100644
--- a/embed/web-extension/resources/js/ephy.js
+++ b/embed/web-extension/resources/js/ephy.js
@@ -500,9 +500,19 @@ Ephy.FormManager = class FormManager
             return;
         }
 
-        if (!this._formAuth.passwordNode.value)
+        if (!this._formAuth.passwordNode.value || !this._formAuth.passwordNode.name)
             return;
 
+        let password = this._formAuth.passwordNode.value;
+        let passwordField = this._formAuth.passwordNode.name;
+
+        let username = null;
+        let usernameField = null;
+        if (this._formAuth.usernameNode && this._formAuth.usernameNode.value && 
this._formAuth.usernameNode.name) {
+            username = this._formAuth.usernameNode.value;
+            usernameField = this._formAuth.usernameNode.name;
+        }
+
         this._formAuth.url = new URL(String(window.location));
         try {
             this._formAuth.targetURL = new URL(this._form.action);
@@ -523,23 +533,21 @@ Ephy.FormManager = class FormManager
         Ephy.passwordManager.query(
             this._formAuth.url.origin,
             this._formAuth.targetURL.origin,
-            this._formAuth.usernameNode && this._formAuth.usernameNode.value ? 
this._formAuth.usernameNode.value : null,
-            this._formAuth.usernameNode ? this._formAuth.usernameNode.name : null,
-            this._formAuth.passwordNode.name ? this._formAuth.passwordNode.name : null).then(function 
(authInfo) {
+            username,
+            usernameField,
+            passwordField).then(function (authInfo) {
                 if (authInfo) {
-                    if (authInfo.username == self._formAuth.usernameNode.value &&
-                        authInfo.password == self._formAuth.passwordNode.value) {
+                    if (authInfo.username == username && authInfo.password == password) {
                         Ephy.log('User/password already stored. Not asking about storing.');
                         return;
                     }
 
                     if (permission == Ephy.Permission.PERMIT) {
                         Ephy.log('User/password not yet stored. Storing.');
-                        Ephy.passwordManager.save(self._formAuth.url.origin, self._formAuth.targetURL.origin,
-                                                  self._formAuth.usernameNode && 
self._formAuth.usernameNode.value ? self._formAuth.usernameNode.value : null,
-                                                  self._formAuth.passwordNode.value ? 
self._formAuth.passwordNode.value : null,
-                                                  self._formAuth.usernameNode ? 
self._formAuth.usernameNode.name : null,
-                                                  self._formAuth.passwordNode.name ? 
self._formAuth.passwordNode.name : null,
+                        Ephy.passwordManager.save(self._formAuth.url.origin,
+                                                  self._formAuth.targetURL.origin,
+                                                  username, password,
+                                                  usernameField, passwordField,
                                                   false);
                         return;
                     }
@@ -549,14 +557,12 @@ Ephy.FormManager = class FormManager
                     Ephy.log('No result on query; asking whether we should store.');
                 }
 
-                Ephy.passwordManager.requestSave(
-                    self._formAuth.url.origin, self._formAuth.targetURL.origin,
-                    self._formAuth.usernameNode && self._formAuth.usernameNode.value ? 
self._formAuth.usernameNode.value : null,
-                    self._formAuth.passwordNode.value ? self._formAuth.passwordNode.value : null,
-                    self._formAuth.usernameNode ? self._formAuth.usernameNode.name : null,
-                    self._formAuth.passwordNode.name ? self._formAuth.passwordNode.name : null,
-                    authInfo == null,
-                    self._pageID);
+                Ephy.passwordManager.requestSave(self._formAuth.url.origin,
+                                                 self._formAuth.targetURL.origin,
+                                                 username, password,
+                                                 usernameField, passwordField,
+                                                 authInfo == null,
+                                                 self._pageID);
             }
         );
     }
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]