--- a/toolkit/components/passwordmgr/test/mochitest/test_prompt_http.html
+++ b/toolkit/components/passwordmgr/test/mochitest/test_prompt_http.html
@@ -19,43 +19,69 @@
 <pre id="test">
 <script class="testbody" type="text/javascript">
 var state, action;
 var iframe = document.getElementById("iframe");
 
 // Force parent to not look for tab-modal prompts, as they're not used for auth prompts.
 isTabModal = false;
 
+const AUTHENTICATE_PATH = new URL("authenticate.sjs", window.location.href).pathname;
+
 let chromeScript = runInParent(SimpleTest.getTestFileURL("pwmgr_common.js"));
 
 runInParent(() => {
   const { classes: Cc, interfaces: Ci, utils: Cu } = Components;
   Cu.import("resource://gre/modules/Services.jsm");
 
   let pwmgr = Cc["@mozilla.org/login-manager;1"].
               getService(Ci.nsILoginManager);
 
   let login3A, login3B, login4;
   login3A = Cc["@mozilla.org/login-manager/loginInfo;1"].
             createInstance(Ci.nsILoginInfo);
   login3B = Cc["@mozilla.org/login-manager/loginInfo;1"].
             createInstance(Ci.nsILoginInfo);
   login4  = Cc["@mozilla.org/login-manager/loginInfo;1"].
             createInstance(Ci.nsILoginInfo);
+  let httpUpgradeLogin = Cc["@mozilla.org/login-manager/loginInfo;1"].
+                         createInstance(Ci.nsILoginInfo);
+  let httpsDowngradeLogin = Cc["@mozilla.org/login-manager/loginInfo;1"].
+                            createInstance(Ci.nsILoginInfo);
+  let dedupeHttpUpgradeLogin  = Cc["@mozilla.org/login-manager/loginInfo;1"].
+                                createInstance(Ci.nsILoginInfo);
+  let dedupeHttpsUpgradeLogin = Cc["@mozilla.org/login-manager/loginInfo;1"].
+                                createInstance(Ci.nsILoginInfo);
+
 
   login3A.init("http://mochi.test:8888", null, "mochitest",
                "mochiuser1", "mochipass1", "", "");
   login3B.init("http://mochi.test:8888", null, "mochitest2",
                "mochiuser2", "mochipass2", "", "");
   login4.init("http://mochi.test:8888", null, "mochitest3",
-               "mochiuser3", "mochipass3-old", "", "");
+              "mochiuser3", "mochipass3-old", "", "");
+  // Logins to test scheme upgrades (allowed) and downgrades (disallowed)
+  httpUpgradeLogin.init("http://example.com", null, "schemeUpgrade",
+                        "httpUser", "httpPass", "", "");
+  httpsDowngradeLogin.init("https://example.com", null, "schemeDowngrade",
+                           "httpsUser", "httpsPass", "", "");
+  // HTTP and HTTPS version of the same domain and realm but with different passwords.
+  dedupeHttpUpgradeLogin.init("http://example.org", null, "schemeUpgradeDedupe",
+                              "dedupeUser", "httpPass", "", "");
+  dedupeHttpsUpgradeLogin.init("https://example.org", null, "schemeUpgradeDedupe",
+                               "dedupeUser", "httpsPass", "", "");
+
 
   pwmgr.addLogin(login3A);
   pwmgr.addLogin(login3B);
   pwmgr.addLogin(login4);
+  pwmgr.addLogin(httpUpgradeLogin);
+  pwmgr.addLogin(httpsDowngradeLogin);
+  pwmgr.addLogin(dedupeHttpUpgradeLogin);
+  pwmgr.addLogin(dedupeHttpsUpgradeLogin);
 });
 
 add_task(function* test_iframe() {
   state = {
     msg         : "http://mochi.test:8888 is requesting your username and password.\n\nThe site says: “mochitest”",
     title       : "Authentication Required",
     textValue   : "mochiuser1",
     passValue   : "mochipass1",
@@ -229,12 +255,109 @@ add_task(function* test_iframe() {
   promptShownPromise = promisePromptShown("passwordmgr-prompt-save");
   iframe.src = "authenticate.sjs?user=mochiuser3&pass=mochipass3-old&realm=mochitest3";
   yield promptDone;
   yield iframeLoaded;
   checkEchoedAuthInfo({user: "mochiuser3", pass: "mochipass3-old"},
                       iframe.contentDocument);
   yield promptShownPromise;
 });
+
+add_task(function* test_schemeUpgrade() {
+  let state = {
+    msg         : "https://example.com is requesting your username and password.\n\n" +
+                  "WARNING: Your password will not be sent to the website you are currently visiting!",
+    title       : "Authentication Required",
+    textValue   : "httpUser",
+    passValue   : "httpPass",
+    iconClass   : "authentication-icon question-icon",
+    titleHidden : true,
+    textHidden  : false,
+    passHidden  : false,
+    checkHidden : true,
+    checkMsg    : "",
+    checked     : false,
+    focused     : "textField",
+    defButton   : "button0",
+  };
+  let action = {
+    buttonClick : "ok",
+  };
+  let promptDone = handlePrompt(state, action);
+
+  // The following tests are driven by iframe loads
+
+  let iframeLoaded = onloadPromiseFor("iframe");
+  iframe.src = "https://example.com" + AUTHENTICATE_PATH +
+               "?user=httpUser&pass=httpPass&realm=schemeUpgrade";
+  yield promptDone;
+  yield iframeLoaded;
+  checkEchoedAuthInfo({user: "httpUser", pass: "httpPass"},
+                      SpecialPowers.wrap(iframe).contentDocument);
+});
+
+add_task(function* test_schemeDowngrade() {
+  let state = {
+    msg         : "http://example.com is requesting your username and password.\n\n" +
+                  "WARNING: Your password will not be sent to the website you are currently visiting!",
+    title       : "Authentication Required",
+    textValue   : "", // empty because we shouldn't downgrade
+    passValue   : "",
+    iconClass   : "authentication-icon question-icon",
+    titleHidden : true,
+    textHidden  : false,
+    passHidden  : false,
+    checkHidden : true,
+    checkMsg    : "",
+    checked     : false,
+    focused     : "textField",
+    defButton   : "button0",
+  };
+  let action = {
+    buttonClick : "cancel",
+  };
+  let promptDone = handlePrompt(state, action);
+
+  // The following tests are driven by iframe loads
+
+  let iframeLoaded = onloadPromiseFor("iframe");
+  iframe.src = "http://example.com" + AUTHENTICATE_PATH +
+               "?user=unused&pass=unused&realm=schemeDowngrade";
+  yield promptDone;
+  yield iframeLoaded;
+});
+
+add_task(function* test_schemeUpgrade_dedupe() {
+  let state = {
+    msg         : "https://example.org is requesting your username and password.\n\n" +
+                  "WARNING: Your password will not be sent to the website you are currently visiting!",
+    title       : "Authentication Required",
+    textValue   : "dedupeUser",
+    passValue   : "httpsPass",
+    iconClass   : "authentication-icon question-icon",
+    titleHidden : true,
+    textHidden  : false,
+    passHidden  : false,
+    checkHidden : true,
+    checkMsg    : "",
+    checked     : false,
+    focused     : "textField",
+    defButton   : "button0",
+  };
+  let action = {
+    buttonClick : "ok",
+  };
+  let promptDone = handlePrompt(state, action);
+
+  // The following tests are driven by iframe loads
+
+  let iframeLoaded = onloadPromiseFor("iframe");
+  iframe.src = "https://example.org" + AUTHENTICATE_PATH +
+               "?user=dedupeUser&pass=httpsPass&realm=schemeUpgradeDedupe";
+  yield promptDone;
+  yield iframeLoaded;
+  checkEchoedAuthInfo({user: "dedupeUser", pass: "httpsPass"},
+                      SpecialPowers.wrap(iframe).contentDocument);
+});
 </script>
 </pre>
 </body>
 </html>