This is an automated email from the git hooks/post-receive script.
pierov pushed a commit to branch tor-browser-91.10.0esr-11.0-1 in repository tor-browser.
commit 33902e926b76011537180a26a0287a31c7fe21dc Author: Mike Kaply mozilla@kaply.com AuthorDate: Thu Apr 14 19:41:32 2022 +0000
Bug 1520913 - Allow password manager exceptions in policy. r=mstriemer,flod,Gijs a=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D142886 --- browser/components/enterprisepolicies/Policies.jsm | 6 ++ .../schemas/policies-schema.json | 8 +++ .../tests/xpcshell/test_permissions.js | 17 ++++++ .../components/preferences/dialogs/permissions.js | 40 ++++++++++++- browser/components/preferences/tests/browser.ini | 1 + .../tests/browser_site_login_exceptions_policy.js | 65 ++++++++++++++++++++++ .../browser/policies/policies-descriptions.ftl | 2 + 7 files changed, 136 insertions(+), 3 deletions(-)
diff --git a/browser/components/enterprisepolicies/Policies.jsm b/browser/components/enterprisepolicies/Policies.jsm index 5ed84aa236bbf..63cd0ad2f7b1c 100644 --- a/browser/components/enterprisepolicies/Policies.jsm +++ b/browser/components/enterprisepolicies/Policies.jsm @@ -1419,6 +1419,12 @@ var Policies = { }, },
+ PasswordManagerExceptions: { + onBeforeUIStartup(manager, param) { + addAllowDenyPermissions("login-saving", null, param); + }, + }, + PDFjs: { onBeforeAddons(manager, param) { if ("Enabled" in param) { diff --git a/browser/components/enterprisepolicies/schemas/policies-schema.json b/browser/components/enterprisepolicies/schemas/policies-schema.json index 1c3447f2c736b..5ef762f85336d 100644 --- a/browser/components/enterprisepolicies/schemas/policies-schema.json +++ b/browser/components/enterprisepolicies/schemas/policies-schema.json @@ -787,6 +787,14 @@ "type": "boolean" },
+ "PasswordManagerExceptions": { + "type": "array", + "strict": false, + "items": { + "type": "origin" + } + }, + "PDFjs": { "type": "object", "properties": { diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js b/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js index f5b4571039d7e..f4440e53f59d4 100644 --- a/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js @@ -336,3 +336,20 @@ add_task(async function test_autolaunchprotocolsfromorigins() { Ci.nsIPermissionManager.ALLOW_ACTION ); }); + +// This again seems out of places, but PasswordManagerExceptions +// is all permissions. +add_task(async function test_passwordmanagerexceptions() { + await setupPolicyEngineWithJson({ + policies: { + PasswordManagerExceptions: ["https://pwexception.example.com"], + }, + }); + equal( + PermissionTestUtils.testPermission( + URI("https://pwexception.example.com"), + "login-saving" + ), + Ci.nsIPermissionManager.DENY_ACTION + ); +}); diff --git a/browser/components/preferences/dialogs/permissions.js b/browser/components/preferences/dialogs/permissions.js index db568c92dd01a..30a501932013e 100644 --- a/browser/components/preferences/dialogs/permissions.js +++ b/browser/components/preferences/dialogs/permissions.js @@ -346,6 +346,7 @@ var gPermissionManager = { },
_createPermissionListItem(permission) { + let disabledByPolicy = this._permissionDisabledByPolicy(permission); let richlistitem = document.createXULElement("richlistitem"); richlistitem.setAttribute("origin", permission.origin); let row = document.createXULElement("hbox"); @@ -353,6 +354,8 @@ var gPermissionManager = {
let hbox = document.createXULElement("hbox"); let website = document.createXULElement("label"); + website.setAttribute("disabled", disabledByPolicy); + website.setAttribute("class", "website-name-value"); website.setAttribute("value", permission.origin); hbox.setAttribute("width", "0"); hbox.setAttribute("class", "website-name"); @@ -363,6 +366,7 @@ var gPermissionManager = { if (!this._hideStatusColumn) { hbox = document.createXULElement("hbox"); let capability = document.createXULElement("label"); + capability.setAttribute("disabled", disabledByPolicy); capability.setAttribute("class", "website-capability-value"); document.l10n.setAttributes( capability, @@ -434,15 +438,31 @@ var gPermissionManager = { }
let hasSelection = this._list.selectedIndex >= 0; - let hasRows = this._list.itemCount > 0; - this._removeButton.disabled = !hasSelection; - this._removeAllButton.disabled = !hasRows; + + let disabledByPolicy = false; + if (Services.policies.status === Services.policies.ACTIVE && hasSelection) { + let origin = this._list.selectedItem.getAttribute("origin"); + disabledByPolicy = this._permissionDisabledByPolicy( + this._permissions.get(origin) + ); + } + + this._removeButton.disabled = !hasSelection || disabledByPolicy; + let disabledItems = this._list.querySelectorAll( + "label.website-name-value[disabled='true']" + ); + + this._removeAllButton.disabled = + this._list.itemCount == disabledItems.length; },
onPermissionDelete() { let richlistitem = this._list.selectedItem; let origin = richlistitem.getAttribute("origin"); let permission = this._permissions.get(origin); + if (this._permissionDisabledByPolicy(permission)) { + return; + }
this._removePermission(permission);
@@ -451,6 +471,9 @@ var gPermissionManager = {
onAllPermissionsDelete() { for (let permission of this._permissions.values()) { + if (this._permissionDisabledByPolicy(permission)) { + continue; + } this._removePermission(permission); }
@@ -513,6 +536,17 @@ var gPermissionManager = { this._setRemoveButtonState(); },
+ _permissionDisabledByPolicy(permission) { + let permissionObject = Services.perms.getPermissionObject( + permission.principal, + this._type, + false + ); + return ( + permissionObject?.expireType == Ci.nsIPermissionManager.EXPIRE_POLICY + ); + }, + _sortPermissions(list, frag, column) { let sortDirection;
diff --git a/browser/components/preferences/tests/browser.ini b/browser/components/preferences/tests/browser.ini index 74658f7aba9b0..6f6bcc972d89e 100644 --- a/browser/components/preferences/tests/browser.ini +++ b/browser/components/preferences/tests/browser.ini @@ -115,6 +115,7 @@ skip-if = [browser_security-2.js] [browser_spotlight.js] [browser_site_login_exceptions.js] +[browser_site_login_exceptions_policy.js] [browser_permissions_dialog.js] [browser_permissions_dialog_default_perm.js] [browser_statePartitioning_PBM_strings.js] diff --git a/browser/components/preferences/tests/browser_site_login_exceptions_policy.js b/browser/components/preferences/tests/browser_site_login_exceptions_policy.js new file mode 100644 index 0000000000000..499fd28222a08 --- /dev/null +++ b/browser/components/preferences/tests/browser_site_login_exceptions_policy.js @@ -0,0 +1,65 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const { EnterprisePolicyTesting } = ChromeUtils.import( + "resource://testing-common/EnterprisePolicyTesting.jsm" +); + +const PERMISSIONS_URL = + "chrome://browser/content/preferences/dialogs/permissions.xhtml"; + +var exceptionsDialog; + +add_task(async function openLoginExceptionsSubDialog() { + // ensure rememberSignons is off for this test; + ok( + !Services.prefs.getBoolPref("signon.rememberSignons"), + "Check initial value of signon.rememberSignons pref" + ); + + // Undo the save password change. + registerCleanupFunction(async function() { + await SpecialPowers.spawn(gBrowser.selectedBrowser, [], function() { + let doc = content.document; + let savePasswordCheckBox = doc.getElementById("savePasswords"); + if (savePasswordCheckBox.checked) { + savePasswordCheckBox.click(); + } + }); + + gBrowser.removeCurrentTab(); + await EnterprisePolicyTesting.setupPolicyEngineWithJson(""); + }); + + await EnterprisePolicyTesting.setupPolicyEngineWithJson({ + policies: { + PasswordManagerExceptions: ["https://pwexception.example.com"], + }, + }); + + await openPreferencesViaOpenPreferencesAPI("privacy", { leaveOpen: true }); + + let dialogOpened = promiseLoadSubDialog(PERMISSIONS_URL); + + await SpecialPowers.spawn(gBrowser.selectedBrowser, [], function() { + let doc = content.document; + let savePasswordCheckBox = doc.getElementById("savePasswords"); + savePasswordCheckBox.click(); + + let loginExceptionsButton = doc.getElementById("passwordExceptions"); + loginExceptionsButton.click(); + }); + + exceptionsDialog = await dialogOpened; + + let doc = exceptionsDialog.document; + + let richlistbox = doc.getElementById("permissionsBox"); + Assert.equal(richlistbox.itemCount, 1, `Row count should initially be 1`); + + richlistbox.focus(); + richlistbox.selectedIndex = 0; + Assert.ok(doc.getElementById("removePermission").disabled); +}); diff --git a/browser/locales/en-US/browser/policies/policies-descriptions.ftl b/browser/locales/en-US/browser/policies/policies-descriptions.ftl index 8fefeebf6916e..e38e9225f7e19 100644 --- a/browser/locales/en-US/browser/policies/policies-descriptions.ftl +++ b/browser/locales/en-US/browser/policies/policies-descriptions.ftl @@ -158,6 +158,8 @@ policy-OverridePostUpdatePage = Override the post-update “What’s New” page
policy-PasswordManagerEnabled = Enable saving passwords to the password manager.
+policy-PasswordManagerExceptions = Prevent { -brand-short-name } from saving passwords for specific sites. + # PDF.js and PDF should not be translated policy-PDFjs = Disable or configure PDF.js, the built-in PDF viewer in { -brand-short-name }.