Mercurial > mozreview > gecko / changeset / 3ccd55a95a2d240be8c56476706d4cb84d4c2395
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1408180 - Ensure LoginRec.toString doesn't contain the password. r?kitcambridge draft
authorThom Chiovoloni <tchiovoloni@mozilla.com>
Thu, 12 Oct 2017 18:15:48 -0400
changeset 679561 3ccd55a95a2d240be8c56476706d4cb84d4c2395
parent 679523 a4cba1dec3a6460c90f340a6201cead3e33574b3
child 735648 e0fb9798b60a0663aba2cd1f8c43cd2b016b794d
push id84275
push userbmo:tchiovoloni@mozilla.com
push dateThu, 12 Oct 2017 22:16:05 +0000
reviewerskitcambridge
bugs1408180
milestone58.0a1
Bug 1408180 - Ensure LoginRec.toString doesn't contain the password. r?kitcambridge MozReview-Commit-ID: 5mV0g9LH4vE
services/sync/modules/engines/passwords.js file | annotate | diff | comparison | revisions
services/sync/tests/unit/test_password_store.js file | annotate | diff | comparison | revisions 
--- a/services/sync/modules/engines/passwords.js
+++ b/services/sync/modules/engines/passwords.js
@@ -46,16 +46,24 @@ function isSyncableChange(oldLogin, newL
 }
 
 this.LoginRec = function LoginRec(collection, id) {
   CryptoWrapper.call(this, collection, id);
 }
 LoginRec.prototype = {
   __proto__: CryptoWrapper.prototype,
   _logName: "Sync.Record.Login",
+
+  cleartextToString() {
+    let o = Object.assign({}, this.cleartext);
+    if (o.password) {
+      o.password = "X".repeat(o.password.length)
+    }
+    return JSON.stringify(o);
+  }
 };
 
 Utils.deferGetSet(LoginRec, "cleartext", [
     "hostname", "formSubmitURL",
     "httpRealm", "username", "password", "usernameField", "passwordField",
     "timeCreated", "timePasswordChanged",
     ]);
 
--- a/services/sync/tests/unit/test_password_store.js
+++ b/services/sync/tests/unit/test_password_store.js
@@ -136,16 +136,21 @@ async function test_apply_same_record_wi
   timePasswordChanged = await changePassword("A", "http://a.tn", "password2", 1, 500,
                                        100, 1536213005222, timePasswordChanged,
                                        true, true);
   timePasswordChanged = await changePassword("A", "http://a.tn", "password2", 1, 500,
                                        100, 800, timePasswordChanged, true, true);
   /* eslint-enable no-unsed-vars */
 }
 
+async function test_LoginRec_toString(store, recordData) {
+  let rec = await store.createRecord(recordData.id);
+  ok(rec);
+  ok(!rec.toString().includes(rec.password));
+}
 
 add_task(async function run_test() {
   initTestLogging("Trace");
   Log.repository.getLogger("Sync.Engine.Passwords").level = Log.Level.Trace;
   Log.repository.getLogger("Sync.Store.Passwords").level = Log.Level.Trace;
 
   const BOGUS_GUID_A = "zzzzzzzzzzzz";
   const BOGUS_GUID_B = "yyyyyyyyyyyy";
@@ -185,16 +190,18 @@ add_task(async function run_test() {
     _("Count: " + badCount.value + ", " + goodCount.value);
 
     do_check_eq(goodCount.value, 1);
     do_check_eq(badCount.value, 0);
 
     do_check_true(!!(await store.getAllIDs())[BOGUS_GUID_B]);
     do_check_true(!(await store.getAllIDs())[BOGUS_GUID_A]);
 
+    await test_LoginRec_toString(store, recordB);
+
     await test_apply_records_with_times("http://afoo.baz.com", undefined, undefined);
     await test_apply_records_with_times("http://bfoo.baz.com", 1000, undefined);
     await test_apply_records_with_times("http://cfoo.baz.com", undefined, 2000);
     await test_apply_records_with_times("http://dfoo.baz.com", 1000, 2000);
 
     await test_apply_multiple_records_with_times();
 
     await test_apply_same_record_with_different_times();
gecko
Deployed from af051c2a8da7 at 2024-04-29T16:08:02Z.