Author Topic: PasswordMaker 1.7 beta4 for Firefox/Mozilla/Netscape/Flock/SeaMonkey  (Read 21012 times)

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Hi,

PasswordMaker 1.7 beta4 for Firefox/Mozilla/Netscape/Flock/SeaMonkey is now available here. A lot of the comments from here and here have been implemented. There is one remaining known bug, as discussed in the release notes here.

Hope you enjoy it,
Eric

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: PasswordMaker 1.7 beta4 for Firefox/Mozilla/Netscape/Flock/SeaMonkey
« Reply #1 on: August 26, 2007, 03:39:23 AM »
I'm getting a 'Not a valid package' error...

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Re: PasswordMaker 1.7 beta4 for Firefox/Mozilla/Netscape/Flock/SeaMonkey
« Reply #2 on: August 26, 2007, 02:02:28 PM »
I'm getting a 'Not a valid package' error...

Thanks. As usual, I uploaded it with the filename passwdmaker-?.?b?.xpi but link to it in the html as passwdmaker-?.?beta-?.xpi. Fixed now.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Re: PasswordMaker 1.7 beta4 for Firefox/Mozilla/Netscape/Flock/SeaMonkey
« Reply #3 on: August 26, 2007, 08:33:04 PM »
I sat down today to fix the remaining bug in 1.7 of which I'm aware and found I cannot recreate the bug.  Can someone be kind enough to try it? As I wrote here, the bug is:

Quote
when using auto-populate and prompted for the MPW, the comparison against the stored hash (if any) doesn't succeed.

So to recreate, you have to (1) use the new stored Master Password Fingerprint feature, (2) turn on auto-populate, and (3) not store your MPW in memory or on disk. Now when you visit a site that requires login*, you'll get prompted to enter your master password. You should be forced to enter the correct master password. Previous versions of PasswordMaker did not force you to enter the correct mater password, but now, providing (1) and (3) have been done, you will only be able to enter the correct mpw to have the webpage's username/password populated.

*If you turn on auto-populate for the "Default" account, then any site with a login will prompt you for the master password. If you turn on auto-populate for a specific account (i.e., not the Default account), you must enter a URL pattern on the URLs tab for that account. Now you'll be prompted for the master password only when visiting a URL that matches the specified URLs pattern(s) you entered on the URLs tab for that account.

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: PasswordMaker 1.7 beta4 for Firefox/Mozilla/Netscape/Flock/SeaMonkey
« Reply #4 on: August 26, 2007, 09:27:20 PM »
Hi Eric,

Ok, here we go...

First, as for the bug, I too was unable to reproduce it...

I stored the hash for my PWM forums account, enabled it for auto-pop, logged out, refreshed the page, entered my correct MPW when prompted, and it populated the fields and I logged in fine.

I then logged out, refreshed the page again, and entered an incorrect MPW when prompted, and it did *not* populate the fields, it told me the MPW was incorrect, as it should...

So, either the bug is site dependent somehow, or you already fixed it...

Now, for the UI changes... I know you're working hard on this to get it released, but this new functionality definitely adds something new capable of confusing people, and I hope you'll agree the more visually understandable and simpler it is, the better.

I like the work done so far... definitely more user friendly, and the 'I use more than one MPW' was an excellent addition. But... (sorry, I guess I just can't help myself)... ;)

I think you can still simplify it even further...

When I check 'I use more than one MPW', in essence, that makes the 'Defaults' account just another account, no?

With that in mind - instead of adding a second row, with 'Status xxx' and buttons, why not simply change the 'Status: xxx' to 'Status for Selected Account: xxx'... this way there is no need to show two sets of Hash Status' and their buttons...

Also - just a niggling thing (been meaning to ask you about this for a *long* time) - any reason you don't like to use some kind of separator for field labels and their contents? For example, for the Status stuff, it looks funny to me without a colon (or maybe a hyphen - something) between the word 'Status' and the actual status that is then displayed.

Regardless - and I mean this - great work! I'm loving the MPW Hash functionality...

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Re: PasswordMaker 1.7 beta4 for Firefox/Mozilla/Netscape/Flock/SeaMonkey
« Reply #5 on: August 27, 2007, 12:28:57 PM »
Thanks for doing the testing. It looks like the bug is gone. As for the UI changes you suggest, I like the idea and will get it into 1.7 before it's released. Thanks for the idea! I'm also still waiting on final translations from the translators.

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: PasswordMaker 1.7 beta4 for Firefox/Mozilla/Netscape/Flock/SeaMonkey
« Reply #6 on: August 27, 2007, 12:38:10 PM »
You da man! This is going to be an excellent release...

Now to make the time to start updating the wiki... all of this great new funxctionality really needs to be documented to make it easier for people new to PWM to hit the ground running...

I should be done with the 2 new servers I'm building/testing by the end of next week - then after a short project, I should have a bit of time to dedicate to it...

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: PasswordMaker 1.7 beta4 for Firefox/Mozilla/Netscape/Flock/SeaMonkey
« Reply #7 on: August 27, 2007, 07:26:22 PM »
Thanks for doing the testing. It looks like the bug is gone.
Eric - hold off on releasing... I found a bug (if it isn't the same one) - am posting details now...

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: PasswordMaker 1.7 beta4 for Firefox/Mozilla/Netscape/Flock/SeaMonkey
« Reply #8 on: August 27, 2007, 08:24:28 PM »
Ok, here's the bug report...

I have the 'I use more than one MPW' checkbox checked, and I just tried to log into an account that I have NOT stored the hash for - and that uses a *different* MPW from the one that is used for the account that I stored the hash for - and it gave me the warning that the password didn't match the hash.

:(

When I open PWM, and select the account in question, the top 'Status' says 'Doesn't Match', and the bottom 'Status' says 'Not stored on disk'.

Can you (or anyone else) confirm this?

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: PasswordMaker 1.7 beta4 for Firefox/Mozilla/Netscape/Flock/SeaMonkey
« Reply #9 on: August 27, 2007, 08:29:40 PM »
Question...

What is the intended behavior if the user switches between 'I use more than one MPW' and not... I'm assuming  that when you switch it on, it simply starts allowing you to save a hash for an individual account...

But what if you do this, then switch it back? I'm assuming here that the individual hash's are not deleted, but that all accounts just start using the hash for the 'Defaults' account?

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Re: PasswordMaker 1.7 beta4 for Firefox/Mozilla/Netscape/Flock/SeaMonkey
« Reply #10 on: August 27, 2007, 10:32:17 PM »
What is the intended behavior if the user switches between 'I use more than one MPW' and not... I'm assuming  that when you switch it on, it simply starts allowing you to save a hash for an individual account...

But what if you do this, then switch it back? I'm assuming here that the individual hash's are not deleted, but that all accounts just start using the hash for the 'Defaults' account?

No, not the defaults account. There's actually a hash stored in the global area in the RDF file (<RDF:Description RDF:about="http://passwordmaker.mozdev.org/globalSettings); i.e., it's not account-specific. This is the hash that's supposed to be used when that checkbox isn't checked. Yes, one can be stored in the default section, too, which is incredibly confusing and the reason for my initial hesitation to support multiple MPW hashes. Other things stored in the global section, for example, are the settings on the Global Settings tab. Now that I have an idea of how to reproduce this, I'll work on it later tonight. Perhaps I should prevent the user from storing the MPW hash for the default account? Thanks for the testing!!
« Last Edit: August 27, 2007, 10:34:49 PM by Eric H. Jung »

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: PasswordMaker 1.7 beta4 for Firefox/Mozilla/Netscape/Flock/SeaMonkey
« Reply #11 on: August 28, 2007, 01:31:34 AM »
I'm assuming here that the individual hash's are not deleted, but that all accounts just start using the hash for the 'Defaults' account?
No, not the defaults account. There's actually a hash stored in the global area in the RDF file (<RDF:Description RDF:about="http://passwordmaker.mozdev.org/globalSettings); i.e., it's not account-specific. This is the hash that's supposed to be used when that checkbox isn't checked.
Ah, ok...

Quote
Yes, one can be stored in the default section, too, which is incredibly confusing and the reason for my initial hesitation to support multiple MPW hashes. Other things stored in the global section, for example, are the settings on the Global Settings tab. Now that I have an idea of how to reproduce this, I'll work on it later tonight. Perhaps I should prevent the user from storing the MPW hash for the default account?
I don't like that idea - storing the Hash is much too useful to not be able to take advantage of it with the Defaults account, imo...

Let me think...

I think this is the source of my bug... If I have the 'I use multiple MPW' checkbox checked, apparently if no Hash is stored for an account, it uses the Global Hash, when, in my mind, it should use none.

Ok, idea time... why not just mimic the way the auto-populate function works on a per account basis... storing the hash 'enables' the feature, clearing it 'disables' it. What do you think?

Quote
Thanks for the testing!!
Heh - thank *you* for PWM! :)

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Re: PasswordMaker 1.7 beta4 for Firefox/Mozilla/Netscape/Flock/SeaMonkey
« Reply #12 on: August 28, 2007, 03:42:25 AM »
I think this is the source of my bug... If I have the 'I use multiple MPW' checkbox checked, apparently if no Hash is stored for an account, it uses the Global Hash, when, in my mind, it should use none.

No, there is a legitimate bug which I've fixed. In beta4, the global settings hash is always used for auto-populate mpw confirmation when it should be:

1. use the global hash if "I use more than one master password" is unchecked
2. use the account-specific hash if "I use more than one master password" is checked
3. do not perform auto-populate mpw confirmation if:
  a. "I use more than one master password" is unchecked and mpw hash is not stored on disk (i.e., 1.6 behavior)
  b. "I use more than one master password" is checked but the selected account has no hash stored on disk

Quote
Ok, idea time... why not just mimic the way the auto-populate function works on a per account basis... storing the hash 'enables' the feature, clearing it 'disables' it. What do you think?

I don't understand. You mean pressing the clear button unchecks the checkbox?

edit: the above rules 1-3b should be put in the wiki! I'm sure people will be asking about this behavior in the future, and here it is... documented!

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: PasswordMaker 1.7 beta4 for Firefox/Mozilla/Netscape/Flock/SeaMonkey
« Reply #13 on: August 28, 2007, 01:15:35 PM »
No, there is a legitimate bug which I've fixed. In beta4, the global settings hash is always used for auto-populate mpw confirmation when it should be:

1. use the global hash if "I use more than one master password" is unchecked
2. use the account-specific hash if "I use more than one master password" is checked
3. do not perform auto-populate mpw confirmation if:
  a. "I use more than one master password" is unchecked and mpw hash is not stored on disk (i.e., 1.6 behavior)
  b. "I use more than one master password" is checked but the selected account has no hash stored on disk

Ahh... ok, makes sense. Thanks!

Quote
Quote
Ok, idea time... why not just mimic the way the auto-populate function works on a per account basis... storing the hash 'enables' the feature, clearing it 'disables' it. What do you think?

I don't understand. You mean pressing the clear button unchecks the checkbox?

Never mind... I was trying to suggest a way to make it totally account independent, but if it does indeed work as you described above (and that is how it was *supposed* to work), that will solve the problem.

Quote
edit: the above rules 1-3b should be put in the wiki! I'm sure people will be asking about this behavior in the future, and here it is... documented!

Ask, and ye shall receive - hopefully it is to your liking.

I also edited the main Firefox edition page for a basic structure (copied from the 'Manual' section on the current website).

One thing I don't know if you'll like... I like brevity, so I also added a page under the 'Introduction' (main) page, defining some acronyms, so editing pages will go faster - like, PWM=PasswordMaker, MPW=Master Password, etc... if you don't like this, I'll delete it and use the full words when adding pages...

Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1157
  • Programmer
Re: PasswordMaker 1.7 beta4 for Firefox/Mozilla/Netscape/Flock/SeaMonkey
« Reply #14 on: August 29, 2007, 12:52:20 AM »
There is a Firefox manual page actually.
"I'm not drunk, just sleep deprived."

PasswordMaker Forums

Re: PasswordMaker 1.7 beta4 for Firefox/Mozilla/Netscape/Flock/SeaMonkey
« Reply #14 on: August 29, 2007, 12:52:20 AM »