Bug 1403081 - Optionally protect filling of saved logins with OS authentication (including biometrics). r=sgalich,settings-reviewers,fluent-reviewers,flod

Depends on D207219 Differential Revision: https://phabricator.services.mozilla.com/D201276
2024-11-27 23:02:20 +00:00 · 2024-05-06 15:58:23 +00:00 · 2024-05-06 15:58:23 +00:00 · af09912b96
commit af09912b96
parent cb23288dd3
6 changed files with 91 additions and 24 deletions
--- a/browser/components/aboutlogins/AboutLoginsParent.sys.mjs
+++ b/browser/components/aboutlogins/AboutLoginsParent.sys.mjs
@ -17,7 +17,6 @@ ChromeUtils.defineESModuleGetters(lazy, {
  LoginExport: "resource://gre/modules/LoginExport.sys.mjs",
  LoginHelper: "resource://gre/modules/LoginHelper.sys.mjs",
  MigrationUtils: "resource:///modules/MigrationUtils.sys.mjs",
-  OSKeyStore: "resource://gre/modules/OSKeyStore.sys.mjs",
  UIState: "resource://services-sync/UIState.sys.mjs",
 });

@ -36,12 +35,6 @@ XPCOMUtils.defineLazyPreferenceGetter(
  "identity.fxaccounts.enabled",
  false
 );
-XPCOMUtils.defineLazyPreferenceGetter(
-  lazy,
-  "OS_AUTH_ENABLED",
-  "signon.management.page.os-auth.enabled",
-  true
-);
 XPCOMUtils.defineLazyPreferenceGetter(
  lazy,
  "VULNERABLE_PASSWORDS_ENABLED",
@ -266,11 +259,15 @@ export class AboutLoginsParent extends JSWindowActorParent {
    let messageText = { value: "NOT SUPPORTED" };
    let captionText = { value: "" };

+    const isOSAuthEnabled = lazy.LoginHelper.getOSAuthEnabled(
+      lazy.LoginHelper.OS_AUTH_FOR_PASSWORDS_PREF
+    );
+
    // This feature is only supported on Windows and macOS
    // but we still call in to OSKeyStore on Linux to get
    // the proper auth_details for Telemetry.
    // See bug 1614874 for Linux support.
-    if (lazy.OS_AUTH_ENABLED && lazy.OSKeyStore.canReauth()) {
+    if (isOSAuthEnabled) {
      messageId += "-" + AppConstants.platform;
      [messageText, captionText] = await lazy.AboutLoginsL10n.formatMessages([
        {
@ -284,7 +281,7 @@ export class AboutLoginsParent extends JSWindowActorParent {

    let { isAuthorized, telemetryEvent } = await lazy.LoginHelper.requestReauth(
      this.browsingContext.embedderElement,
-      lazy.OS_AUTH_ENABLED,
+      isOSAuthEnabled,
      AboutLogins._authExpirationTime,
      messageText.value,
      captionText.value
@ -378,11 +375,15 @@ export class AboutLoginsParent extends JSWindowActorParent {
    let messageText = { value: "NOT SUPPORTED" };
    let captionText = { value: "" };

+    const isOSAuthEnabled = lazy.LoginHelper.getOSAuthEnabled(
+      lazy.LoginHelper.OS_AUTH_FOR_PASSWORDS_PREF
+    );
+
    // This feature is only supported on Windows and macOS
    // but we still call in to OSKeyStore on Linux to get
    // the proper auth_details for Telemetry.
    // See bug 1614874 for Linux support.
-    if (lazy.OSKeyStore.canReauth()) {
+    if (isOSAuthEnabled) {
      const messageId =
        EXPORT_PASSWORD_OS_AUTH_DIALOG_MESSAGE_IDS[AppConstants.platform];
      if (!messageId) {
--- a/browser/components/preferences/privacy.inc.xhtml
+++ b/browser/components/preferences/privacy.inc.xhtml
@ -551,6 +551,12 @@
      />
    </hbox>
  </vbox>
+  <vbox>
+    <hbox id="osReauthRow" align="center">
+      <checkbox id="osReauthCheckbox"
+                data-l10n-id="forms-os-reauth"/>
+    </hbox>
+  </vbox>
  <vbox>
    <hbox id="masterPasswordRow" align="center">
      <checkbox id="useMasterPassword"
--- a/browser/components/preferences/privacy.js
+++ b/browser/components/preferences/privacy.js
@ -60,6 +60,10 @@ ChromeUtils.defineLazyGetter(this, "AlertsServiceDND", function () {
  }
 });

+ChromeUtils.defineLazyGetter(lazy, "AboutLoginsL10n", () => {
+  return new Localization(["branding/brand.ftl", "browser/aboutLogins.ftl"]);
+});
+
 XPCOMUtils.defineLazyServiceGetter(
  lazy,
  "gParentalControlsService",
@ -67,13 +71,6 @@ XPCOMUtils.defineLazyServiceGetter(
  "nsIParentalControlsService"
 );

-XPCOMUtils.defineLazyPreferenceGetter(
-  this,
-  "OS_AUTH_ENABLED",
-  "signon.management.page.os-auth.enabled",
-  true
-);
-
 XPCOMUtils.defineLazyPreferenceGetter(
  this,
  "gIsFirstPartyIsolated",
@ -1053,6 +1050,7 @@ var gPrivacyPane = {
    this._initPasswordGenerationUI();
    this._initRelayIntegrationUI();
    this._initMasterPasswordUI();
+    this._initOSAuthentication();

    this.initListenersForExtensionControllingPasswordManager();

@ -2863,8 +2861,7 @@ var gPrivacyPane = {
    // OS reauthenticate functionality is not available on Linux yet (bug 1527745)
    if (
      !LoginHelper.isPrimaryPasswordSet() &&
-      OS_AUTH_ENABLED &&
-      OSKeyStore.canReauth()
+      LoginHelper.getOSAuthEnabled(LoginHelper.OS_AUTH_FOR_PASSWORDS_PREF)
    ) {
      // Uses primary-password-os-auth-dialog-message-win and
      // primary-password-os-auth-dialog-message-macosx via concatenation:
@ -2961,6 +2958,54 @@ var gPrivacyPane = {
    this._updateRelayIntegrationUI();
  },

+  async _toggleOSAuth() {
+    let osReauthCheckbox = document.getElementById("osReauthCheckbox");
+
+    const messageText = await lazy.AboutLoginsL10n.formatValue(
+      "about-logins-os-auth-dialog-message"
+    );
+    const captionText = await lazy.AboutLoginsL10n.formatValue(
+      "about-logins-os-auth-dialog-caption"
+    );
+    let win =
+      osReauthCheckbox.ownerGlobal.docShell.chromeEventHandler.ownerGlobal;
+
+    // Calling OSKeyStore.ensureLoggedIn() instead of LoginHelper.verifyOSAuth()
+    // since we want to authenticate user each time this stting is changed.
+    let isAuthorized = (
+      await OSKeyStore.ensureLoggedIn(messageText, captionText, win, false)
+    ).authenticated;
+    if (!isAuthorized) {
+      osReauthCheckbox.checked = !osReauthCheckbox.checked;
+      return;
+    }
+
+    // If osReauthCheckbox is checked enable osauth.
+    LoginHelper.setOSAuthEnabled(
+      LoginHelper.OS_AUTH_FOR_PASSWORDS_PREF,
+      osReauthCheckbox.checked
+    );
+  },
+
+  _initOSAuthentication() {
+    let osReauthCheckbox = document.getElementById("osReauthCheckbox");
+    if (!OSKeyStore.canReauth()) {
+      osReauthCheckbox.hidden = true;
+      return;
+    }
+
+    osReauthCheckbox.setAttribute(
+      "checked",
+      LoginHelper.getOSAuthEnabled(LoginHelper.OS_AUTH_FOR_PASSWORDS_PREF)
+    );
+
+    setEventListener(
+      "osReauthCheckbox",
+      "command",
+      gPrivacyPane._toggleOSAuth.bind(gPrivacyPane)
+    );
+  },
+
  /**
   * Shows the sites where the user has saved passwords and the associated login
   * information.
--- a/browser/locales/en-US/browser/aboutLogins.ftl
+++ b/browser/locales/en-US/browser/aboutLogins.ftl
@ -140,6 +140,14 @@ about-logins-os-auth-dialog-caption = { -brand-full-name }
 ## and includes subtitle of "Enter password for the user "xxx" to allow this." These
 ## notes are only valid for English. Please test in your respected locale.

+# The macOS strings are preceded by the operating system with "Firefox is trying to ".
+# This message can be seen when attempting to disable osauth in about:preferences.
+about-logins-os-auth-dialog-message=
+  { PLATFORM() ->
+    [macos] change the settings for passwords
+    *[other] { -brand-short-name } is trying to change the settings for passwords. Use your device sign in to allow this.
+  }
+
 # This message can be seen when attempting to edit a login in about:logins on Windows.
 about-logins-edit-login-os-auth-dialog-message2-win = To edit your password, enter your Windows login credentials. This helps protect the security of your accounts.
 # This message can be seen when attempting to edit a login in about:logins
--- a/browser/locales/en-US/browser/preferences/preferences.ftl
+++ b/browser/locales/en-US/browser/preferences/preferences.ftl
@ -1036,6 +1036,9 @@ forms-saved-passwords =
 forms-primary-pw-use =
    .label = Use a Primary Password
    .accesskey = U
+# This operation requires the user to authenticate with the operating system (device sign-in)
+forms-os-reauth =
+    .label = Require device sign in to fill and manage passwords
 forms-primary-pw-learn-more-link = Learn more
 # This string uses the former name of the Primary Password feature
 # ("Master Password" in English) so that the preferences can be found
--- a/toolkit/components/passwordmgr/LoginHelper.sys.mjs
+++ b/toolkit/components/passwordmgr/LoginHelper.sys.mjs
@ -373,7 +373,7 @@ class ImportRowProcessor {
    return this.summary;
  }
 }
-
+const OS_AUTH_FOR_PASSWORDS_PREF = "signon.management.page.os-auth.optout";
 /**
 * Contains functions shared by different Login Manager components.
 */
@ -401,6 +401,7 @@ export const LoginHelper = {
  testOnlyUserHasInteractedWithDocument: null,
  userInputRequiredToCapture: null,
  captureInputChanges: null,
+  OS_AUTH_FOR_PASSWORDS_PREF,

  init() {
    // Watch for pref changes to update cached pref values.
@ -1728,18 +1729,21 @@ export const LoginHelper = {
    }
    // Use the OS auth dialog if there is no primary password
    if (!token.hasPassword && OSReauthEnabled) {
-      let result = await lazy.OSKeyStore.ensureLoggedIn(
+      let isAuthorized = await this.verifyUserOSAuth(
+        OS_AUTH_FOR_PASSWORDS_PREF,
        messageText,
        captionText,
        browser.ownerGlobal,
        false
      );
-      isAuthorized = result.authenticated;
+      let value = lazy.OSKeyStore.canReauth()
+        ? "success"
+        : "success_unsupported_platform";
+
      telemetryEvent = {
        object: "os_auth",
        method: "reauthenticate",
-        value: result.auth_details,
-        extra: result.auth_details_extra,
+        value: isAuthorized ? value : "fail",
      };
      return {
        isAuthorized,