Bug 1408180 - Ensure LoginRec.toString doesn't contain the password. r?kitcambridge
MozReview-Commit-ID: 5mV0g9LH4vE
--- a/services/sync/modules/engines/passwords.js
+++ b/services/sync/modules/engines/passwords.js
@@ -46,16 +46,24 @@ function isSyncableChange(oldLogin, newL
}
this.LoginRec = function LoginRec(collection, id) {
CryptoWrapper.call(this, collection, id);
}
LoginRec.prototype = {
__proto__: CryptoWrapper.prototype,
_logName: "Sync.Record.Login",
+
+ cleartextToString() {
+ let o = Object.assign({}, this.cleartext);
+ if (o.password) {
+ o.password = "X".repeat(o.password.length)
+ }
+ return JSON.stringify(o);
+ }
};
Utils.deferGetSet(LoginRec, "cleartext", [
"hostname", "formSubmitURL",
"httpRealm", "username", "password", "usernameField", "passwordField",
"timeCreated", "timePasswordChanged",
]);
--- a/services/sync/tests/unit/test_password_store.js
+++ b/services/sync/tests/unit/test_password_store.js
@@ -136,16 +136,21 @@ async function test_apply_same_record_wi
timePasswordChanged = await changePassword("A", "http://a.tn", "password2", 1, 500,
100, 1536213005222, timePasswordChanged,
true, true);
timePasswordChanged = await changePassword("A", "http://a.tn", "password2", 1, 500,
100, 800, timePasswordChanged, true, true);
/* eslint-enable no-unsed-vars */
}
+async function test_LoginRec_toString(store, recordData) {
+ let rec = await store.createRecord(recordData.id);
+ ok(rec);
+ ok(!rec.toString().includes(rec.password));
+}
add_task(async function run_test() {
initTestLogging("Trace");
Log.repository.getLogger("Sync.Engine.Passwords").level = Log.Level.Trace;
Log.repository.getLogger("Sync.Store.Passwords").level = Log.Level.Trace;
const BOGUS_GUID_A = "zzzzzzzzzzzz";
const BOGUS_GUID_B = "yyyyyyyyyyyy";
@@ -185,16 +190,18 @@ add_task(async function run_test() {
_("Count: " + badCount.value + ", " + goodCount.value);
do_check_eq(goodCount.value, 1);
do_check_eq(badCount.value, 0);
do_check_true(!!(await store.getAllIDs())[BOGUS_GUID_B]);
do_check_true(!(await store.getAllIDs())[BOGUS_GUID_A]);
+ await test_LoginRec_toString(store, recordB);
+
await test_apply_records_with_times("http://afoo.baz.com", undefined, undefined);
await test_apply_records_with_times("http://bfoo.baz.com", 1000, undefined);
await test_apply_records_with_times("http://cfoo.baz.com", undefined, 2000);
await test_apply_records_with_times("http://dfoo.baz.com", 1000, 2000);
await test_apply_multiple_records_with_times();
await test_apply_same_record_with_different_times();