mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-25 03:05:34 +00:00
Bug 1429148 - Policy: Don't let a Master Password to be set. r=keeler
MozReview-Commit-ID: 8Adqg0KU7cZ --HG-- extra : rebase_source : ec20e2f117d974edaa5df844091a086d12607771
This commit is contained in:
parent
254ff126ef
commit
d261cc7c57
@ -111,6 +111,14 @@ this.Policies = {
|
||||
}
|
||||
},
|
||||
|
||||
"CreateMasterPassword": {
|
||||
onBeforeUIStartup(manager, param) {
|
||||
if (!param) {
|
||||
manager.disallowFeature("createMasterPassword");
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
"DisableFirefoxScreenshots": {
|
||||
onBeforeAddons(manager, param) {
|
||||
if (param) {
|
||||
|
@ -13,6 +13,7 @@
|
||||
]
|
||||
},
|
||||
|
||||
"block_about_profiles": true
|
||||
"block_about_profiles": true,
|
||||
"CreateMasterPassword": false
|
||||
}
|
||||
}
|
||||
|
@ -67,6 +67,14 @@
|
||||
"enum": [true]
|
||||
},
|
||||
|
||||
"CreateMasterPassword": {
|
||||
"description": "If false, removes access to create a master password.",
|
||||
"first_available": "60.0",
|
||||
|
||||
"type": "boolean",
|
||||
"enum": [false]
|
||||
},
|
||||
|
||||
"DisableFirefoxScreenshots": {
|
||||
"description": "Prevents usage of the Firefox Screenshots feature.",
|
||||
"first_available": "60.0",
|
||||
|
@ -19,6 +19,7 @@ support-files =
|
||||
[browser_policy_block_set_desktop_background.js]
|
||||
[browser_policy_default_browser_check.js]
|
||||
[browser_policy_disable_fxscreenshots.js]
|
||||
[browser_policy_disable_masterpassword.js]
|
||||
[browser_policy_display_bookmarks.js]
|
||||
[browser_policy_disable_formhistory.js]
|
||||
[browser_policy_display_menu.js]
|
||||
|
@ -0,0 +1,79 @@
|
||||
/* Any copyright is dedicated to the Public Domain.
|
||||
* http://creativecommons.org/publicdomain/zero/1.0/ */
|
||||
|
||||
"use strict";
|
||||
|
||||
const MASTER_PASSWORD = "omgsecret!";
|
||||
const mpToken = Cc["@mozilla.org/security/pk11tokendb;1"]
|
||||
.getService(Ci.nsIPK11TokenDB)
|
||||
.getInternalKeyToken();
|
||||
|
||||
async function checkDeviceManager({buttonIsDisabled}) {
|
||||
let deviceManagerWindow = window.openDialog("chrome://pippki/content/device_manager.xul", "", "");
|
||||
await new Promise(resolve => {
|
||||
deviceManagerWindow.addEventListener("load", resolve, {once: true});
|
||||
});
|
||||
|
||||
let tree = deviceManagerWindow.document.getElementById("device_tree");
|
||||
ok(tree, "The device tree exists");
|
||||
|
||||
// Find and select the item related to the internal key token
|
||||
for (let i = 0; i < tree.view.rowCount; i++) {
|
||||
tree.view.selection.select(i);
|
||||
|
||||
try {
|
||||
let selected_token = deviceManagerWindow.selected_slot.getToken();
|
||||
if (selected_token.isInternalKeyToken) {
|
||||
break;
|
||||
}
|
||||
} catch (e) {}
|
||||
}
|
||||
|
||||
// Check to see if the button was updated correctly
|
||||
let changePwButton = deviceManagerWindow.document.getElementById("change_pw_button");
|
||||
is(changePwButton.getAttribute("disabled") == "true", buttonIsDisabled,
|
||||
"Change Password button is in the correct state: " + buttonIsDisabled);
|
||||
|
||||
await BrowserTestUtils.closeWindow(deviceManagerWindow);
|
||||
}
|
||||
|
||||
async function checkAboutPreferences({checkboxIsDisabled}) {
|
||||
await BrowserTestUtils.withNewTab("about:preferences#privacy", async browser => {
|
||||
// eslint-disable-next-line mozilla/no-cpows-in-tests
|
||||
is(browser.contentDocument.getElementById("useMasterPassword").disabled, checkboxIsDisabled,
|
||||
"Master Password checkbox is in the correct state: " + checkboxIsDisabled);
|
||||
});
|
||||
|
||||
}
|
||||
|
||||
add_task(async function test_policy_disable_masterpassword() {
|
||||
ok(!mpToken.hasPassword, "Starting the test with no password");
|
||||
|
||||
// No password and no policy: access to setting a master password
|
||||
// should be enabled.
|
||||
await checkDeviceManager({buttonIsDisabled: false});
|
||||
await checkAboutPreferences({checkboxIsDisabled: false});
|
||||
|
||||
await setupPolicyEngineWithJson({
|
||||
"policies": {
|
||||
"CreateMasterPassword": false
|
||||
}
|
||||
});
|
||||
|
||||
// With the `CreateMasterPassword: false` policy active, the
|
||||
// UI entry points for creating a Master Password should be disabled.
|
||||
await checkDeviceManager({buttonIsDisabled: true});
|
||||
await checkAboutPreferences({checkboxIsDisabled: true});
|
||||
|
||||
mpToken.changePassword("", MASTER_PASSWORD);
|
||||
ok(mpToken.hasPassword, "Master password was set");
|
||||
|
||||
// If a Master Password is already set, there's no point in disabling
|
||||
// the
|
||||
await checkDeviceManager({buttonIsDisabled: false});
|
||||
await checkAboutPreferences({checkboxIsDisabled: false});
|
||||
|
||||
// Clean up
|
||||
mpToken.changePassword(MASTER_PASSWORD, "");
|
||||
ok(!mpToken.hasPassword, "Master password was cleaned up");
|
||||
});
|
@ -1124,6 +1124,7 @@ var gPrivacyPane = {
|
||||
|
||||
var checkbox = document.getElementById("useMasterPassword");
|
||||
checkbox.checked = !noMP;
|
||||
checkbox.disabled = noMP && !Services.policies.isAllowed("createMasterPassword");
|
||||
},
|
||||
|
||||
/**
|
||||
|
@ -162,6 +162,12 @@ function enableButtons() {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!Services.policies.isAllowed("createMasterPassword") &&
|
||||
selected_token.isInternalKeyToken &&
|
||||
!selected_token.hasPassword) {
|
||||
pw_toggle = "true";
|
||||
}
|
||||
}
|
||||
showSlotInfo();
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user