[tbb-commits] [tor-browser] 15/43: Bug 1520913 - Allow password manager exceptions in policy. r=mstriemer, flod, Gijs a=RyanVM

gitolite role git at cupani.torproject.org
Tue May 31 07:06:58 UTC 2022


This is an automated email from the git hooks/post-receive script.

pierov pushed a commit to branch tor-browser-91.10.0esr-11.0-1
in repository tor-browser.

commit 33902e926b76011537180a26a0287a31c7fe21dc
Author: Mike Kaply <mozilla at kaply.com>
AuthorDate: Thu Apr 14 19:41:32 2022 +0000

    Bug 1520913 - Allow password manager exceptions in policy. r=mstriemer,flod,Gijs a=RyanVM
    
    Differential Revision: https://phabricator.services.mozilla.com/D142886
---
 browser/components/enterprisepolicies/Policies.jsm |  6 ++
 .../schemas/policies-schema.json                   |  8 +++
 .../tests/xpcshell/test_permissions.js             | 17 ++++++
 .../components/preferences/dialogs/permissions.js  | 40 ++++++++++++-
 browser/components/preferences/tests/browser.ini   |  1 +
 .../tests/browser_site_login_exceptions_policy.js  | 65 ++++++++++++++++++++++
 .../browser/policies/policies-descriptions.ftl     |  2 +
 7 files changed, 136 insertions(+), 3 deletions(-)

diff --git a/browser/components/enterprisepolicies/Policies.jsm b/browser/components/enterprisepolicies/Policies.jsm
index 5ed84aa236bbf..63cd0ad2f7b1c 100644
--- a/browser/components/enterprisepolicies/Policies.jsm
+++ b/browser/components/enterprisepolicies/Policies.jsm
@@ -1419,6 +1419,12 @@ var Policies = {
     },
   },
 
+  PasswordManagerExceptions: {
+    onBeforeUIStartup(manager, param) {
+      addAllowDenyPermissions("login-saving", null, param);
+    },
+  },
+
   PDFjs: {
     onBeforeAddons(manager, param) {
       if ("Enabled" in param) {
diff --git a/browser/components/enterprisepolicies/schemas/policies-schema.json b/browser/components/enterprisepolicies/schemas/policies-schema.json
index 1c3447f2c736b..5ef762f85336d 100644
--- a/browser/components/enterprisepolicies/schemas/policies-schema.json
+++ b/browser/components/enterprisepolicies/schemas/policies-schema.json
@@ -787,6 +787,14 @@
       "type": "boolean"
     },
 
+    "PasswordManagerExceptions": {
+      "type": "array",
+      "strict": false,
+      "items": {
+        "type": "origin"
+      }
+    },
+
     "PDFjs": {
       "type": "object",
       "properties": {
diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js b/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js
index f5b4571039d7e..f4440e53f59d4 100644
--- a/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js
+++ b/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js
@@ -336,3 +336,20 @@ add_task(async function test_autolaunchprotocolsfromorigins() {
     Ci.nsIPermissionManager.ALLOW_ACTION
   );
 });
+
+// This again seems out of places, but PasswordManagerExceptions
+// is all permissions.
+add_task(async function test_passwordmanagerexceptions() {
+  await setupPolicyEngineWithJson({
+    policies: {
+      PasswordManagerExceptions: ["https://pwexception.example.com"],
+    },
+  });
+  equal(
+    PermissionTestUtils.testPermission(
+      URI("https://pwexception.example.com"),
+      "login-saving"
+    ),
+    Ci.nsIPermissionManager.DENY_ACTION
+  );
+});
diff --git a/browser/components/preferences/dialogs/permissions.js b/browser/components/preferences/dialogs/permissions.js
index db568c92dd01a..30a501932013e 100644
--- a/browser/components/preferences/dialogs/permissions.js
+++ b/browser/components/preferences/dialogs/permissions.js
@@ -346,6 +346,7 @@ var gPermissionManager = {
   },
 
   _createPermissionListItem(permission) {
+    let disabledByPolicy = this._permissionDisabledByPolicy(permission);
     let richlistitem = document.createXULElement("richlistitem");
     richlistitem.setAttribute("origin", permission.origin);
     let row = document.createXULElement("hbox");
@@ -353,6 +354,8 @@ var gPermissionManager = {
 
     let hbox = document.createXULElement("hbox");
     let website = document.createXULElement("label");
+    website.setAttribute("disabled", disabledByPolicy);
+    website.setAttribute("class", "website-name-value");
     website.setAttribute("value", permission.origin);
     hbox.setAttribute("width", "0");
     hbox.setAttribute("class", "website-name");
@@ -363,6 +366,7 @@ var gPermissionManager = {
     if (!this._hideStatusColumn) {
       hbox = document.createXULElement("hbox");
       let capability = document.createXULElement("label");
+      capability.setAttribute("disabled", disabledByPolicy);
       capability.setAttribute("class", "website-capability-value");
       document.l10n.setAttributes(
         capability,
@@ -434,15 +438,31 @@ var gPermissionManager = {
     }
 
     let hasSelection = this._list.selectedIndex >= 0;
-    let hasRows = this._list.itemCount > 0;
-    this._removeButton.disabled = !hasSelection;
-    this._removeAllButton.disabled = !hasRows;
+
+    let disabledByPolicy = false;
+    if (Services.policies.status === Services.policies.ACTIVE && hasSelection) {
+      let origin = this._list.selectedItem.getAttribute("origin");
+      disabledByPolicy = this._permissionDisabledByPolicy(
+        this._permissions.get(origin)
+      );
+    }
+
+    this._removeButton.disabled = !hasSelection || disabledByPolicy;
+    let disabledItems = this._list.querySelectorAll(
+      "label.website-name-value[disabled='true']"
+    );
+
+    this._removeAllButton.disabled =
+      this._list.itemCount == disabledItems.length;
   },
 
   onPermissionDelete() {
     let richlistitem = this._list.selectedItem;
     let origin = richlistitem.getAttribute("origin");
     let permission = this._permissions.get(origin);
+    if (this._permissionDisabledByPolicy(permission)) {
+      return;
+    }
 
     this._removePermission(permission);
 
@@ -451,6 +471,9 @@ var gPermissionManager = {
 
   onAllPermissionsDelete() {
     for (let permission of this._permissions.values()) {
+      if (this._permissionDisabledByPolicy(permission)) {
+        continue;
+      }
       this._removePermission(permission);
     }
 
@@ -513,6 +536,17 @@ var gPermissionManager = {
     this._setRemoveButtonState();
   },
 
+  _permissionDisabledByPolicy(permission) {
+    let permissionObject = Services.perms.getPermissionObject(
+      permission.principal,
+      this._type,
+      false
+    );
+    return (
+      permissionObject?.expireType == Ci.nsIPermissionManager.EXPIRE_POLICY
+    );
+  },
+
   _sortPermissions(list, frag, column) {
     let sortDirection;
 
diff --git a/browser/components/preferences/tests/browser.ini b/browser/components/preferences/tests/browser.ini
index 74658f7aba9b0..6f6bcc972d89e 100644
--- a/browser/components/preferences/tests/browser.ini
+++ b/browser/components/preferences/tests/browser.ini
@@ -115,6 +115,7 @@ skip-if =
 [browser_security-2.js]
 [browser_spotlight.js]
 [browser_site_login_exceptions.js]
+[browser_site_login_exceptions_policy.js]
 [browser_permissions_dialog.js]
 [browser_permissions_dialog_default_perm.js]
 [browser_statePartitioning_PBM_strings.js]
diff --git a/browser/components/preferences/tests/browser_site_login_exceptions_policy.js b/browser/components/preferences/tests/browser_site_login_exceptions_policy.js
new file mode 100644
index 0000000000000..499fd28222a08
--- /dev/null
+++ b/browser/components/preferences/tests/browser_site_login_exceptions_policy.js
@@ -0,0 +1,65 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const { EnterprisePolicyTesting } = ChromeUtils.import(
+  "resource://testing-common/EnterprisePolicyTesting.jsm"
+);
+
+const PERMISSIONS_URL =
+  "chrome://browser/content/preferences/dialogs/permissions.xhtml";
+
+var exceptionsDialog;
+
+add_task(async function openLoginExceptionsSubDialog() {
+  // ensure rememberSignons is off for this test;
+  ok(
+    !Services.prefs.getBoolPref("signon.rememberSignons"),
+    "Check initial value of signon.rememberSignons pref"
+  );
+
+  // Undo the save password change.
+  registerCleanupFunction(async function() {
+    await SpecialPowers.spawn(gBrowser.selectedBrowser, [], function() {
+      let doc = content.document;
+      let savePasswordCheckBox = doc.getElementById("savePasswords");
+      if (savePasswordCheckBox.checked) {
+        savePasswordCheckBox.click();
+      }
+    });
+
+    gBrowser.removeCurrentTab();
+    await EnterprisePolicyTesting.setupPolicyEngineWithJson("");
+  });
+
+  await EnterprisePolicyTesting.setupPolicyEngineWithJson({
+    policies: {
+      PasswordManagerExceptions: ["https://pwexception.example.com"],
+    },
+  });
+
+  await openPreferencesViaOpenPreferencesAPI("privacy", { leaveOpen: true });
+
+  let dialogOpened = promiseLoadSubDialog(PERMISSIONS_URL);
+
+  await SpecialPowers.spawn(gBrowser.selectedBrowser, [], function() {
+    let doc = content.document;
+    let savePasswordCheckBox = doc.getElementById("savePasswords");
+    savePasswordCheckBox.click();
+
+    let loginExceptionsButton = doc.getElementById("passwordExceptions");
+    loginExceptionsButton.click();
+  });
+
+  exceptionsDialog = await dialogOpened;
+
+  let doc = exceptionsDialog.document;
+
+  let richlistbox = doc.getElementById("permissionsBox");
+  Assert.equal(richlistbox.itemCount, 1, `Row count should initially be 1`);
+
+  richlistbox.focus();
+  richlistbox.selectedIndex = 0;
+  Assert.ok(doc.getElementById("removePermission").disabled);
+});
diff --git a/browser/locales/en-US/browser/policies/policies-descriptions.ftl b/browser/locales/en-US/browser/policies/policies-descriptions.ftl
index 8fefeebf6916e..e38e9225f7e19 100644
--- a/browser/locales/en-US/browser/policies/policies-descriptions.ftl
+++ b/browser/locales/en-US/browser/policies/policies-descriptions.ftl
@@ -158,6 +158,8 @@ policy-OverridePostUpdatePage = Override the post-update “What’s New” page
 
 policy-PasswordManagerEnabled = Enable saving passwords to the password manager.
 
+policy-PasswordManagerExceptions = Prevent { -brand-short-name } from saving passwords for specific sites.
+
 # PDF.js and PDF should not be translated
 policy-PDFjs = Disable or configure PDF.js, the built-in PDF viewer in { -brand-short-name }.
 

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.


More information about the tbb-commits mailing list