I'd like to suggest a fix for this bug.
This bug appeared with the fix of bug 447788 somewhere around version
3.5.
In bug 447788 the problem seems to be that when you register on a
mediawiki Wiki site, you can register using a lowercase user name,
"john" but the site then pre-fills the user name using an initial
capital, "John". The complain, if not mistaken, was that the password,
even though it was saved, was not auto-filled. The reason was that
Firefox did not match username "John" with the saved username "john".
The fix was to make the whole password manager case insensitive. Justin
Dolke noted: "The main problem I was worried about was if doing this
could cause interactions resulting in saving duplicate logins for
"myname" and "Myname". But I don't think that's the case (and may even
help avoid it)." But since then there have been numerous complaints
about Firefox forbidding logins with different cases.
So I'd like to suggest the following behavior for the case-sensitivity problem:
User name auto-fill
- FF has a method that identifies a password field and the associated username
field.
- If the username is blank and FF has a single username/password saved for that
web page, then the username and password should be auto-filled from the saved
username. That should happen when the page loads.
- In no circumstance should FF change the username that was pre-filled by the
web site or entered by the user.
Password autofill
- If the username gets autofilled when the page loads, the password should be
auto-filled at the same time.
- If the username was pre-filled by the web site, and the username matches a
saved username/password, then the password should be auto-filled when the page
loads.
- When leaving the username field, if the username field was changed and the
username matches a saved username/password, then the password should be
auto-filled with the saved password.
- Which username "matches" a saved username/password is described below.
Saved usernames/passwords
- A flag "case-insensitive" tells that a saved username/password entry also
applies to all alternate cases for the username.
- A username that is marked case-insensitive cannot appear with a different
case among saved usernames/passwords.
Matching usernames with saved usernames
- A saved username matches the exact same username or, if the flag is set, any
username that is equal ignoring case.
Saving the password
- When a user submits a form:
- If the web page is flagged never to save passwords, do nothing
- If the username matches a saved username/password and the password
matches, do nothing.
- If there is no matching username saved for that web site, ask the usual
question:
"Remember password for user "xxx" on yyy?" with options "never", "not
now" and "remember".
Remember stores the username/password. If another username exists,
identical but with another case, then save it as case-insensitive, else save it
as case-sensitive.
- If there is a matching username/password and the username uses the same
case as saved, but the password is different, ask the usual question:
"Update saved password for user "xxx" on yyy?" with options "not now" and
"update".
Update replaces the password in the saved username/password entry.
- If there is a matching username/password and the username uses a different
case and a different password than saved ask:
"Replace saved username and password for user "xxx" on yyy?" with options
"not now", "replace" and "remember both (case insensitive)".
Replace replaces the username and password in the saved username/password
entry.
Remember both (case insensitive) creates a new entry and marks both
entries as case-sensitive.
Note: here, "xxx" is the saved username.
Password manager.
- The case-sensitive flag should be visible in the password manager. It should
be possible to set it (make it case-insensitive) but only after deleting
duplicates.
- There is no other way to revert to "case-insensitive", as it involves
removing saved username/password entries.
Summary
The saving of passwords remains case-insensitive as long as no conflict occurs.
If the user uses different accounts with different cases, but still with the
same password, then saving a single password with a case-insensitive username
is still appropriate. Only when trying to set a different password for a
different username case will FF ask how to treat case-sensitivity.
One thing that is still missing is the possibility to change the case of
a username that was saved wrongly. The problem being that it will auto-
fill with the wrong case. For that, the last case ("replace?") should
also be triggered when the user submits a form, and the username was
auto-filled from the saved usernames, but the user changed the case
manually. I don't know if that logic can be implemented in a simple
way.
Best regards,
Florian Fischer
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/480671
Title:
Firefox auto-completes login fields in a case-insensitive manner
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
