Bug 771073 – Should not offer to save passwords if password entry is left blank

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 771073 - Should not offer to save passwords if password entry is left blank


Summary:	Should not offer to save passwords if password entry is left blank


Status:	RESOLVED FIXED

Product:	epiphany
Classification:	Core
Component:	Passwords, Cookies, & Certificates
Version:	3.20.x (obsolete)
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Michael Catanzaro
QA Contact:	Epiphany Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2016-09-08 17:46 UTC by Michael Catanzaro
Modified:	2017-01-04 17:01 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
web-extension: Never automatically save password (1.20 KB, patch) 2017-01-04 17:01 UTC, Michael Catanzaro	committed	Details \| Review
web-extension: Avoid unneeded use of g_str_equal (1.09 KB, patch) 2017-01-04 17:01 UTC, Michael Catanzaro	committed	Details \| Review
web-extension: Only offer to remember nonempty passwords (2.26 KB, patch) 2017-01-04 17:01 UTC, Michael Catanzaro	committed	Details \| Review

Description Michael Catanzaro 2016-09-08 17:46:06 UTC

Should not offer to save passwords if password entry is left blank

E.g. on paste.gnome.org

Comment 1 Michael Catanzaro 2017-01-04 17:01:22 UTC

The following fixes have been pushed:
51aac01 web-extension: Only offer to remember nonempty passwords

Comment 2 Michael Catanzaro 2017-01-04 17:01:25 UTC

Created attachment 342877 [details] [review]
web-extension: Never automatically save password

This codepath can only be reached if you manually edit your permissions
file, since it's not exposed in the UI, but it was a bad idea. We should
never automatically save passwords because typing the password wrong
once would automatically delete your saved passwords.

Comment 3 Michael Catanzaro 2017-01-04 17:01:29 UTC

Created attachment 342878 [details] [review]
web-extension: Avoid unneeded use of g_str_equal

This is intended for hash tables only.

Comment 4 Michael Catanzaro 2017-01-04 17:01:33 UTC

Created attachment 342879 [details] [review]
web-extension: Only offer to remember nonempty passwords

Asking to remember an empty password is stupid. Avoids the password
prompt on sites like paste.gnome.org and paste.fedoraproject.org.