« New Windows Media Player Plug-in and non-Firefox Browsers | Main | How May I Direct Your Call »
June 3, 2007
New Password Manager and Extensions
In Firefox 3 (Mozilla 1.9), toolkit now has a new password manager interface called nsILoginManager which isn't backwards compatible with the old nsIPasswordManager interface. MDC has a good article covering the new API, including how extension authors can detect which API to use.
While an extension could store a password on its own (and a couple of extensions I've seen do or have done in the past), using the built-in password API is a better choice, since you get all the extra built-in features for free (master password support, the show passwords feature in preferences). In fact, the top two questions my Gmail Notifier extension gets is whether it uses https to talk to Gmail and if the passwords are stored using the built-in password manager.
Back to the new API, I ran into an "issue" with the Gmail Notifier when I added support for the new API that I thought would be useful to document. I'd like to note that this isn't a bug per se but rather a side-effect of a choice I made that I think other extension authors have made as well. The choice was that using the old api, I was using "chrome://gm-notifier" as the host name when storing passwords. This allowed me to easily fetch all passwords for the extension, users could easily distinguish them in the password manager and it wouldn't interfere with any websites. However, once you udgrade to a new build with the new API, I ran into some issues.
If you've read the new API, you know that it now allows one to store a http realm (for protocol logins) or an action url (for form logins). The issue at hand is that when a user, who for example was using Firefox 2 and the Gmail Notifier, updates to a build that has the new API.
Firefox will migrate the stored passwords to the new format. For the ones the Gmail Notifier added manually from JavaScript, it creates an entry that has no http realm or action url. And nsILoginManager's findLogins method requires either an http realm or an action url to be supplied, else it throws an error. So the Gmail Notifier couldn't search for the entries. Luckily, there is a method to enumerate all logins.
So the solution (aka hack) I had to do was to do my own migration of the passwords. I decided to use "chrome://gm-notifier" as my http realm as well (which may not be a good choice btw). If the findLogins method returned nothing, it enumerates all logins and if the host name is "chrome://gm-notifier", it adds the http realm to it. And then reruns the search.
I'm not sure how many extensions will run into this, but if enough do, perhaps nsILoginManager should take this use case into account.
Posted by doron at June 3, 2007 7:41 AM
Comments
I've noticed recently that logging into the Gmail Notifier doesn't log me into all Google sites (such as Google Reader), as it used to. Is this at all related to this?
Posted by: Brien at June 3, 2007 6:34 PM
Just to let you know that since your last update to Gmail Notifier, I can no longer open two tabs with gmail. I have set the preference to open in a new tab, but instead of opening the a new Gmail window, It switches back to the Gmail window that is already open. This is really not kosher. That makes the Notifier no more that a login manager and really makes it inconvenient by having to work with two browsers.
H R Read
Posted by: H R Read at June 10, 2007 4:55 PM
Firefox doesn't recognize my old password. How do I get it to give me a new password or recognize my old password?
Posted by: Mike Myers at July 16, 2007 9:58 PM
I ran into the same problem with Gmail Notifier. It won't let me log in - I mean, it's doesn't work for me at all. So I just uninstalled it. I found this site, hoping to find an updated version of Notifier. Good to know you are aware of the issue.
Posted by: Chad at November 3, 2007 7:56 PM