[tor-commits] [tor-browser] 15/43: Bug 1520913 - Allow password manager exceptions in policy. r=mstriemer, flod, Gijs a=RyanVM
gitolite role
git at cupani.torproject.org
Tue May 31 07:06:58 UTC 2022
This is an automated email from the git hooks/post-receive script.
pierov pushed a commit to branch tor-browser-91.10.0esr-11.0-1
in repository tor-browser.
commit 33902e926b76011537180a26a0287a31c7fe21dc
Author: Mike Kaply <mozilla at kaply.com>
AuthorDate: Thu Apr 14 19:41:32 2022 +0000
Bug 1520913 - Allow password manager exceptions in policy. r=mstriemer,flod,Gijs a=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D142886
---
browser/components/enterprisepolicies/Policies.jsm | 6 ++
.../schemas/policies-schema.json | 8 +++
.../tests/xpcshell/test_permissions.js | 17 ++++++
.../components/preferences/dialogs/permissions.js | 40 ++++++++++++-
browser/components/preferences/tests/browser.ini | 1 +
.../tests/browser_site_login_exceptions_policy.js | 65 ++++++++++++++++++++++
.../browser/policies/policies-descriptions.ftl | 2 +
7 files changed, 136 insertions(+), 3 deletions(-)
diff --git a/browser/components/enterprisepolicies/Policies.jsm b/browser/components/enterprisepolicies/Policies.jsm
index 5ed84aa236bbf..63cd0ad2f7b1c 100644
--- a/browser/components/enterprisepolicies/Policies.jsm
+++ b/browser/components/enterprisepolicies/Policies.jsm
@@ -1419,6 +1419,12 @@ var Policies = {
},
},
+ PasswordManagerExceptions: {
+ onBeforeUIStartup(manager, param) {
+ addAllowDenyPermissions("login-saving", null, param);
+ },
+ },
+
PDFjs: {
onBeforeAddons(manager, param) {
if ("Enabled" in param) {
diff --git a/browser/components/enterprisepolicies/schemas/policies-schema.json b/browser/components/enterprisepolicies/schemas/policies-schema.json
index 1c3447f2c736b..5ef762f85336d 100644
--- a/browser/components/enterprisepolicies/schemas/policies-schema.json
+++ b/browser/components/enterprisepolicies/schemas/policies-schema.json
@@ -787,6 +787,14 @@
"type": "boolean"
},
+ "PasswordManagerExceptions": {
+ "type": "array",
+ "strict": false,
+ "items": {
+ "type": "origin"
+ }
+ },
+
"PDFjs": {
"type": "object",
"properties": {
diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js b/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js
index f5b4571039d7e..f4440e53f59d4 100644
--- a/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js
+++ b/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js
@@ -336,3 +336,20 @@ add_task(async function test_autolaunchprotocolsfromorigins() {
Ci.nsIPermissionManager.ALLOW_ACTION
);
});
+
+// This again seems out of places, but PasswordManagerExceptions
+// is all permissions.
+add_task(async function test_passwordmanagerexceptions() {
+ await setupPolicyEngineWithJson({
+ policies: {
+ PasswordManagerExceptions: ["https://pwexception.example.com"],
+ },
+ });
+ equal(
+ PermissionTestUtils.testPermission(
+ URI("https://pwexception.example.com"),
+ "login-saving"
+ ),
+ Ci.nsIPermissionManager.DENY_ACTION
+ );
+});
diff --git a/browser/components/preferences/dialogs/permissions.js b/browser/components/preferences/dialogs/permissions.js
index db568c92dd01a..30a501932013e 100644
--- a/browser/components/preferences/dialogs/permissions.js
+++ b/browser/components/preferences/dialogs/permissions.js
@@ -346,6 +346,7 @@ var gPermissionManager = {
},
_createPermissionListItem(permission) {
+ let disabledByPolicy = this._permissionDisabledByPolicy(permission);
let richlistitem = document.createXULElement("richlistitem");
richlistitem.setAttribute("origin", permission.origin);
let row = document.createXULElement("hbox");
@@ -353,6 +354,8 @@ var gPermissionManager = {
let hbox = document.createXULElement("hbox");
let website = document.createXULElement("label");
+ website.setAttribute("disabled", disabledByPolicy);
+ website.setAttribute("class", "website-name-value");
website.setAttribute("value", permission.origin);
hbox.setAttribute("width", "0");
hbox.setAttribute("class", "website-name");
@@ -363,6 +366,7 @@ var gPermissionManager = {
if (!this._hideStatusColumn) {
hbox = document.createXULElement("hbox");
let capability = document.createXULElement("label");
+ capability.setAttribute("disabled", disabledByPolicy);
capability.setAttribute("class", "website-capability-value");
document.l10n.setAttributes(
capability,
@@ -434,15 +438,31 @@ var gPermissionManager = {
}
let hasSelection = this._list.selectedIndex >= 0;
- let hasRows = this._list.itemCount > 0;
- this._removeButton.disabled = !hasSelection;
- this._removeAllButton.disabled = !hasRows;
+
+ let disabledByPolicy = false;
+ if (Services.policies.status === Services.policies.ACTIVE && hasSelection) {
+ let origin = this._list.selectedItem.getAttribute("origin");
+ disabledByPolicy = this._permissionDisabledByPolicy(
+ this._permissions.get(origin)
+ );
+ }
+
+ this._removeButton.disabled = !hasSelection || disabledByPolicy;
+ let disabledItems = this._list.querySelectorAll(
+ "label.website-name-value[disabled='true']"
+ );
+
+ this._removeAllButton.disabled =
+ this._list.itemCount == disabledItems.length;
},
onPermissionDelete() {
let richlistitem = this._list.selectedItem;
let origin = richlistitem.getAttribute("origin");
let permission = this._permissions.get(origin);
+ if (this._permissionDisabledByPolicy(permission)) {
+ return;
+ }
this._removePermission(permission);
@@ -451,6 +471,9 @@ var gPermissionManager = {
onAllPermissionsDelete() {
for (let permission of this._permissions.values()) {
+ if (this._permissionDisabledByPolicy(permission)) {
+ continue;
+ }
this._removePermission(permission);
}
@@ -513,6 +536,17 @@ var gPermissionManager = {
this._setRemoveButtonState();
},
+ _permissionDisabledByPolicy(permission) {
+ let permissionObject = Services.perms.getPermissionObject(
+ permission.principal,
+ this._type,
+ false
+ );
+ return (
+ permissionObject?.expireType == Ci.nsIPermissionManager.EXPIRE_POLICY
+ );
+ },
+
_sortPermissions(list, frag, column) {
let sortDirection;
diff --git a/browser/components/preferences/tests/browser.ini b/browser/components/preferences/tests/browser.ini
index 74658f7aba9b0..6f6bcc972d89e 100644
--- a/browser/components/preferences/tests/browser.ini
+++ b/browser/components/preferences/tests/browser.ini
@@ -115,6 +115,7 @@ skip-if =
[browser_security-2.js]
[browser_spotlight.js]
[browser_site_login_exceptions.js]
+[browser_site_login_exceptions_policy.js]
[browser_permissions_dialog.js]
[browser_permissions_dialog_default_perm.js]
[browser_statePartitioning_PBM_strings.js]
diff --git a/browser/components/preferences/tests/browser_site_login_exceptions_policy.js b/browser/components/preferences/tests/browser_site_login_exceptions_policy.js
new file mode 100644
index 0000000000000..499fd28222a08
--- /dev/null
+++ b/browser/components/preferences/tests/browser_site_login_exceptions_policy.js
@@ -0,0 +1,65 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const { EnterprisePolicyTesting } = ChromeUtils.import(
+ "resource://testing-common/EnterprisePolicyTesting.jsm"
+);
+
+const PERMISSIONS_URL =
+ "chrome://browser/content/preferences/dialogs/permissions.xhtml";
+
+var exceptionsDialog;
+
+add_task(async function openLoginExceptionsSubDialog() {
+ // ensure rememberSignons is off for this test;
+ ok(
+ !Services.prefs.getBoolPref("signon.rememberSignons"),
+ "Check initial value of signon.rememberSignons pref"
+ );
+
+ // Undo the save password change.
+ registerCleanupFunction(async function() {
+ await SpecialPowers.spawn(gBrowser.selectedBrowser, [], function() {
+ let doc = content.document;
+ let savePasswordCheckBox = doc.getElementById("savePasswords");
+ if (savePasswordCheckBox.checked) {
+ savePasswordCheckBox.click();
+ }
+ });
+
+ gBrowser.removeCurrentTab();
+ await EnterprisePolicyTesting.setupPolicyEngineWithJson("");
+ });
+
+ await EnterprisePolicyTesting.setupPolicyEngineWithJson({
+ policies: {
+ PasswordManagerExceptions: ["https://pwexception.example.com"],
+ },
+ });
+
+ await openPreferencesViaOpenPreferencesAPI("privacy", { leaveOpen: true });
+
+ let dialogOpened = promiseLoadSubDialog(PERMISSIONS_URL);
+
+ await SpecialPowers.spawn(gBrowser.selectedBrowser, [], function() {
+ let doc = content.document;
+ let savePasswordCheckBox = doc.getElementById("savePasswords");
+ savePasswordCheckBox.click();
+
+ let loginExceptionsButton = doc.getElementById("passwordExceptions");
+ loginExceptionsButton.click();
+ });
+
+ exceptionsDialog = await dialogOpened;
+
+ let doc = exceptionsDialog.document;
+
+ let richlistbox = doc.getElementById("permissionsBox");
+ Assert.equal(richlistbox.itemCount, 1, `Row count should initially be 1`);
+
+ richlistbox.focus();
+ richlistbox.selectedIndex = 0;
+ Assert.ok(doc.getElementById("removePermission").disabled);
+});
diff --git a/browser/locales/en-US/browser/policies/policies-descriptions.ftl b/browser/locales/en-US/browser/policies/policies-descriptions.ftl
index 8fefeebf6916e..e38e9225f7e19 100644
--- a/browser/locales/en-US/browser/policies/policies-descriptions.ftl
+++ b/browser/locales/en-US/browser/policies/policies-descriptions.ftl
@@ -158,6 +158,8 @@ policy-OverridePostUpdatePage = Override the post-update “What’s New” page
policy-PasswordManagerEnabled = Enable saving passwords to the password manager.
+policy-PasswordManagerExceptions = Prevent { -brand-short-name } from saving passwords for specific sites.
+
# PDF.js and PDF should not be translated
policy-PDFjs = Disable or configure PDF.js, the built-in PDF viewer in { -brand-short-name }.
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the tor-commits
mailing list