From 5f8de423f190bbb79a62f804151bc24824fa32d8 Mon Sep 17 00:00:00 2001 From: "Matt A. Tobin" Date: Fri, 2 Feb 2018 04:16:08 -0500 Subject: Add m-esr52 at 52.6.0 --- toolkit/components/passwordmgr/.eslintrc.js | 36 + .../passwordmgr/InsecurePasswordUtils.jsm | 150 ++ toolkit/components/passwordmgr/LoginHelper.jsm | 725 +++++++++ toolkit/components/passwordmgr/LoginImport.jsm | 173 ++ .../components/passwordmgr/LoginManagerContent.jsm | 1619 +++++++++++++++++++ .../passwordmgr/LoginManagerContextMenu.jsm | 199 +++ .../components/passwordmgr/LoginManagerParent.jsm | 511 ++++++ toolkit/components/passwordmgr/LoginRecipes.jsm | 260 +++ toolkit/components/passwordmgr/LoginStore.jsm | 136 ++ toolkit/components/passwordmgr/OSCrypto.jsm | 22 + toolkit/components/passwordmgr/OSCrypto_win.js | 245 +++ .../passwordmgr/content/passwordManager.js | 728 +++++++++ .../passwordmgr/content/passwordManager.xul | 134 ++ .../components/passwordmgr/content/recipes.json | 31 + toolkit/components/passwordmgr/crypto-SDR.js | 207 +++ toolkit/components/passwordmgr/jar.mn | 9 + toolkit/components/passwordmgr/moz.build | 78 + toolkit/components/passwordmgr/nsILoginInfo.idl | 120 ++ toolkit/components/passwordmgr/nsILoginManager.idl | 262 +++ .../passwordmgr/nsILoginManagerCrypto.idl | 67 + .../passwordmgr/nsILoginManagerPrompter.idl | 94 ++ .../passwordmgr/nsILoginManagerStorage.idl | 211 +++ .../components/passwordmgr/nsILoginMetaInfo.idl | 55 + toolkit/components/passwordmgr/nsLoginInfo.js | 93 ++ toolkit/components/passwordmgr/nsLoginManager.js | 541 +++++++ .../passwordmgr/nsLoginManagerPrompter.js | 1701 ++++++++++++++++++++ .../components/passwordmgr/passwordmgr.manifest | 17 + toolkit/components/passwordmgr/storage-json.js | 514 ++++++ .../components/passwordmgr/storage-mozStorage.js | 1262 +++++++++++++++ toolkit/components/passwordmgr/test/.eslintrc.js | 13 + .../components/passwordmgr/test/LoginTestUtils.jsm | 295 ++++ .../components/passwordmgr/test/authenticate.sjs | 228 +++ toolkit/components/passwordmgr/test/blank.html | 8 + .../passwordmgr/test/browser/.eslintrc.js | 7 + .../passwordmgr/test/browser/authenticate.sjs | 110 ++ .../passwordmgr/test/browser/browser.ini | 72 + .../test/browser/browser_DOMFormHasPassword.js | 94 ++ .../test/browser/browser_DOMInputPasswordAdded.js | 99 ++ .../browser_autocomplete_insecure_warning.js | 41 + .../test/browser/browser_capture_doorhanger.js | 600 +++++++ .../browser_capture_doorhanger_httpsUpgrade.js | 123 ++ .../browser_capture_doorhanger_window_open.js | 144 ++ .../test/browser/browser_context_menu.js | 432 +++++ ...rowser_context_menu_autocomplete_interaction.js | 99 ++ .../test/browser/browser_context_menu_iframe.js | 144 ++ .../test/browser/browser_exceptions_dialog.js | 56 + .../test/browser/browser_formless_submit_chrome.js | 126 ++ .../test/browser/browser_hasInsecureLoginForms.js | 93 ++ ...rowser_hasInsecureLoginForms_streamConverter.js | 102 ++ .../test/browser/browser_http_autofill.js | 78 + .../browser_insecurePasswordConsoleWarning.js | 94 ++ .../browser_master_password_autocomplete.js | 59 + .../test/browser/browser_notifications.js | 81 + .../test/browser/browser_notifications_2.js | 125 ++ .../test/browser/browser_notifications_password.js | 145 ++ .../test/browser/browser_notifications_username.js | 119 ++ .../browser/browser_passwordmgr_contextmenu.js | 100 ++ .../test/browser/browser_passwordmgr_editing.js | 126 ++ .../test/browser/browser_passwordmgr_fields.js | 65 + .../test/browser/browser_passwordmgr_observers.js | 129 ++ .../test/browser/browser_passwordmgr_sort.js | 208 +++ .../test/browser/browser_passwordmgr_switchtab.js | 42 + .../test/browser/browser_passwordmgrdlg.js | 192 +++ .../test/browser/browser_username_select_dialog.js | 144 ++ .../test/browser/form_autofocus_js.html | 10 + .../passwordmgr/test/browser/form_basic.html | 12 + .../test/browser/form_basic_iframe.html | 13 + .../browser/form_cross_origin_insecure_action.html | 12 + .../browser/form_cross_origin_secure_action.html | 12 + .../test/browser/form_same_origin_action.html | 12 + .../passwordmgr/test/browser/formless_basic.html | 18 + .../components/passwordmgr/test/browser/head.js | 137 ++ .../passwordmgr/test/browser/insecure_test.html | 9 + .../test/browser/insecure_test_subframe.html | 13 + .../passwordmgr/test/browser/multiple_forms.html | 129 ++ .../test/browser/streamConverter_content.sjs | 6 + .../test/browser/subtst_notifications_1.html | 29 + .../test/browser/subtst_notifications_10.html | 27 + .../test/browser/subtst_notifications_11.html | 25 + .../browser/subtst_notifications_11_popup.html | 32 + .../test/browser/subtst_notifications_2.html | 30 + .../test/browser/subtst_notifications_2pw_0un.html | 27 + .../subtst_notifications_2pw_1un_1text.html | 31 + .../test/browser/subtst_notifications_3.html | 30 + .../test/browser/subtst_notifications_4.html | 30 + .../test/browser/subtst_notifications_5.html | 26 + .../test/browser/subtst_notifications_6.html | 27 + .../test/browser/subtst_notifications_8.html | 29 + .../test/browser/subtst_notifications_9.html | 29 + .../browser/subtst_notifications_change_p.html | 32 + .../components/passwordmgr/test/chrome/chrome.ini | 13 + .../passwordmgr/test/chrome/notification_common.js | 111 ++ .../chrome/privbrowsing_perwindowpb_iframe.html | 9 + .../test/chrome/subtst_privbrowsing_1.html | 33 + .../test/chrome/subtst_privbrowsing_2.html | 33 + .../test/chrome/subtst_privbrowsing_3.html | 29 + .../test/chrome/subtst_privbrowsing_4.html | 40 + .../test/chrome/test_privbrowsing_perwindowpb.html | 322 ++++ .../components/passwordmgr/test/chrome_timeout.js | 11 + toolkit/components/passwordmgr/test/formsubmit.sjs | 37 + toolkit/components/passwordmgr/test/mochitest.ini | 20 + .../test/mochitest/auth2/authenticate.sjs | 220 +++ .../passwordmgr/test/mochitest/mochitest.ini | 69 + .../mochitest/test_autocomplete_https_upgrade.html | 218 +++ .../mochitest/test_autofill_https_upgrade.html | 117 ++ .../mochitest/test_autofill_password-only.html | 143 ++ .../test/mochitest/test_autofocus_js.html | 115 ++ .../test/mochitest/test_basic_form.html | 44 + .../test/mochitest/test_basic_form_0pw.html | 72 + .../test/mochitest/test_basic_form_1pw.html | 167 ++ .../test/mochitest/test_basic_form_1pw_2.html | 109 ++ .../test/mochitest/test_basic_form_2pw_1.html | 187 +++ .../test/mochitest/test_basic_form_2pw_2.html | 105 ++ .../test/mochitest/test_basic_form_3pw_1.html | 177 ++ .../mochitest/test_basic_form_autocomplete.html | 859 ++++++++++ .../test/mochitest/test_basic_form_html5.html | 164 ++ .../test/mochitest/test_basic_form_pwevent.html | 55 + .../test/mochitest/test_basic_form_pwonly.html | 213 +++ .../test/mochitest/test_bug_627616.html | 145 ++ .../test/mochitest/test_bug_776171.html | 56 + .../test/mochitest/test_case_differences.html | 147 ++ .../test/mochitest/test_form_action_1.html | 137 ++ .../test/mochitest/test_form_action_2.html | 170 ++ .../mochitest/test_form_action_javascript.html | 52 + .../test/mochitest/test_formless_autofill.html | 147 ++ .../test/mochitest/test_formless_submit.html | 183 +++ .../mochitest/test_formless_submit_navigation.html | 191 +++ .../test_formless_submit_navigation_negative.html | 121 ++ .../test/mochitest/test_input_events.html | 96 ++ .../test_input_events_for_identical_values.html | 51 + .../test_insecure_form_field_autocomplete.html | 861 ++++++++++ .../test_insecure_form_field_no_saved_login.html | 103 ++ .../passwordmgr/test/mochitest/test_maxlength.html | 137 ++ .../test_password_field_autocomplete.html | 291 ++++ .../mochitest/test_passwords_in_type_password.html | 122 ++ .../passwordmgr/test/mochitest/test_prompt.html | 705 ++++++++ .../test/mochitest/test_prompt_http.html | 362 +++++ .../test/mochitest/test_prompt_noWindow.html | 81 + .../test/mochitest/test_prompt_promptAuth.html | 406 +++++ .../mochitest/test_prompt_promptAuth_proxy.html | 264 +++ .../test/mochitest/test_recipe_login_fields.html | 145 ++ .../test/mochitest/test_username_focus.html | 263 +++ .../passwordmgr/test/mochitest/test_xhr_2.html | 55 + .../components/passwordmgr/test/prompt_common.js | 79 + .../components/passwordmgr/test/pwmgr_common.js | 509 ++++++ .../passwordmgr/test/subtst_master_pass.html | 12 + .../passwordmgr/test/subtst_prompt_async.html | 12 + .../passwordmgr/test/test_master_password.html | 308 ++++ .../passwordmgr/test/test_prompt_async.html | 540 +++++++ toolkit/components/passwordmgr/test/test_xhr.html | 201 +++ .../components/passwordmgr/test/test_xml_load.html | 191 +++ .../components/passwordmgr/test/unit/.eslintrc.js | 7 + .../passwordmgr/test/unit/data/corruptDB.sqlite | Bin 0 -> 32772 bytes .../components/passwordmgr/test/unit/data/key3.db | Bin 0 -> 16384 bytes .../passwordmgr/test/unit/data/signons-v1.sqlite | Bin 0 -> 8192 bytes .../passwordmgr/test/unit/data/signons-v1v2.sqlite | Bin 0 -> 10240 bytes .../passwordmgr/test/unit/data/signons-v2.sqlite | Bin 0 -> 11264 bytes .../passwordmgr/test/unit/data/signons-v2v3.sqlite | Bin 0 -> 12288 bytes .../passwordmgr/test/unit/data/signons-v3.sqlite | Bin 0 -> 11264 bytes .../passwordmgr/test/unit/data/signons-v3v4.sqlite | Bin 0 -> 11264 bytes .../passwordmgr/test/unit/data/signons-v4.sqlite | Bin 0 -> 294912 bytes .../passwordmgr/test/unit/data/signons-v4v5.sqlite | Bin 0 -> 327680 bytes .../passwordmgr/test/unit/data/signons-v5v6.sqlite | Bin 0 -> 327680 bytes .../test/unit/data/signons-v999-2.sqlite | Bin 0 -> 8192 bytes .../passwordmgr/test/unit/data/signons-v999.sqlite | Bin 0 -> 11264 bytes toolkit/components/passwordmgr/test/unit/head.js | 135 ++ .../passwordmgr/test/unit/test_OSCrypto_win.js | 75 + .../passwordmgr/test/unit/test_context_menu.js | 165 ++ .../passwordmgr/test/unit/test_dedupeLogins.js | 284 ++++ .../passwordmgr/test/unit/test_disabled_hosts.js | 196 +++ .../passwordmgr/test/unit/test_getFormFields.js | 147 ++ .../test/unit/test_getPasswordFields.js | 156 ++ .../test/unit/test_getPasswordOrigin.js | 28 + .../passwordmgr/test/unit/test_isOriginMatching.js | 40 + .../test/unit/test_legacy_empty_formSubmitURL.js | 107 ++ .../test/unit/test_legacy_validation.js | 76 + .../passwordmgr/test/unit/test_logins_change.js | 384 +++++ .../test/unit/test_logins_decrypt_failure.js | 77 + .../passwordmgr/test/unit/test_logins_metainfo.js | 284 ++++ .../passwordmgr/test/unit/test_logins_search.js | 221 +++ .../passwordmgr/test/unit/test_maybeImportLogin.js | 169 ++ .../test/unit/test_module_LoginImport.js | 243 +++ .../test/unit/test_module_LoginStore.js | 206 +++ .../passwordmgr/test/unit/test_notifications.js | 172 ++ .../passwordmgr/test/unit/test_recipes_add.js | 177 ++ .../passwordmgr/test/unit/test_recipes_content.js | 39 + .../test/unit/test_removeLegacySignonFiles.js | 69 + .../test/unit/test_search_schemeUpgrades.js | 184 +++ .../passwordmgr/test/unit/test_storage.js | 102 ++ .../test/unit/test_storage_mozStorage.js | 507 ++++++ .../passwordmgr/test/unit/test_telemetry.js | 187 +++ .../test/unit/test_user_autocomplete_result.js | 488 ++++++ .../components/passwordmgr/test/unit/xpcshell.ini | 46 + 193 files changed, 31386 insertions(+) create mode 100644 toolkit/components/passwordmgr/.eslintrc.js create mode 100644 toolkit/components/passwordmgr/InsecurePasswordUtils.jsm create mode 100644 toolkit/components/passwordmgr/LoginHelper.jsm create mode 100644 toolkit/components/passwordmgr/LoginImport.jsm create mode 100644 toolkit/components/passwordmgr/LoginManagerContent.jsm create mode 100644 toolkit/components/passwordmgr/LoginManagerContextMenu.jsm create mode 100644 toolkit/components/passwordmgr/LoginManagerParent.jsm create mode 100644 toolkit/components/passwordmgr/LoginRecipes.jsm create mode 100644 toolkit/components/passwordmgr/LoginStore.jsm create mode 100644 toolkit/components/passwordmgr/OSCrypto.jsm create mode 100644 toolkit/components/passwordmgr/OSCrypto_win.js create mode 100644 toolkit/components/passwordmgr/content/passwordManager.js create mode 100644 toolkit/components/passwordmgr/content/passwordManager.xul create mode 100644 toolkit/components/passwordmgr/content/recipes.json create mode 100644 toolkit/components/passwordmgr/crypto-SDR.js create mode 100644 toolkit/components/passwordmgr/jar.mn create mode 100644 toolkit/components/passwordmgr/moz.build create mode 100644 toolkit/components/passwordmgr/nsILoginInfo.idl create mode 100644 toolkit/components/passwordmgr/nsILoginManager.idl create mode 100644 toolkit/components/passwordmgr/nsILoginManagerCrypto.idl create mode 100644 toolkit/components/passwordmgr/nsILoginManagerPrompter.idl create mode 100644 toolkit/components/passwordmgr/nsILoginManagerStorage.idl create mode 100644 toolkit/components/passwordmgr/nsILoginMetaInfo.idl create mode 100644 toolkit/components/passwordmgr/nsLoginInfo.js create mode 100644 toolkit/components/passwordmgr/nsLoginManager.js create mode 100644 toolkit/components/passwordmgr/nsLoginManagerPrompter.js create mode 100644 toolkit/components/passwordmgr/passwordmgr.manifest create mode 100644 toolkit/components/passwordmgr/storage-json.js create mode 100644 toolkit/components/passwordmgr/storage-mozStorage.js create mode 100644 toolkit/components/passwordmgr/test/.eslintrc.js create mode 100644 toolkit/components/passwordmgr/test/LoginTestUtils.jsm create mode 100644 toolkit/components/passwordmgr/test/authenticate.sjs create mode 100644 toolkit/components/passwordmgr/test/blank.html create mode 100644 toolkit/components/passwordmgr/test/browser/.eslintrc.js create mode 100644 toolkit/components/passwordmgr/test/browser/authenticate.sjs create mode 100644 toolkit/components/passwordmgr/test/browser/browser.ini create mode 100644 toolkit/components/passwordmgr/test/browser/browser_DOMFormHasPassword.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_DOMInputPasswordAdded.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_autocomplete_insecure_warning.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_capture_doorhanger.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_capture_doorhanger_httpsUpgrade.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_capture_doorhanger_window_open.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_context_menu.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_context_menu_autocomplete_interaction.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_context_menu_iframe.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_exceptions_dialog.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_formless_submit_chrome.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_hasInsecureLoginForms.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_hasInsecureLoginForms_streamConverter.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_http_autofill.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_insecurePasswordConsoleWarning.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_master_password_autocomplete.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_notifications.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_notifications_2.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_notifications_password.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_notifications_username.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_passwordmgr_contextmenu.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_passwordmgr_editing.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_passwordmgr_fields.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_passwordmgr_observers.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_passwordmgr_sort.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_passwordmgr_switchtab.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_passwordmgrdlg.js create mode 100644 toolkit/components/passwordmgr/test/browser/browser_username_select_dialog.js create mode 100644 toolkit/components/passwordmgr/test/browser/form_autofocus_js.html create mode 100644 toolkit/components/passwordmgr/test/browser/form_basic.html create mode 100644 toolkit/components/passwordmgr/test/browser/form_basic_iframe.html create mode 100644 toolkit/components/passwordmgr/test/browser/form_cross_origin_insecure_action.html create mode 100644 toolkit/components/passwordmgr/test/browser/form_cross_origin_secure_action.html create mode 100644 toolkit/components/passwordmgr/test/browser/form_same_origin_action.html create mode 100644 toolkit/components/passwordmgr/test/browser/formless_basic.html create mode 100644 toolkit/components/passwordmgr/test/browser/head.js create mode 100644 toolkit/components/passwordmgr/test/browser/insecure_test.html create mode 100644 toolkit/components/passwordmgr/test/browser/insecure_test_subframe.html create mode 100644 toolkit/components/passwordmgr/test/browser/multiple_forms.html create mode 100644 toolkit/components/passwordmgr/test/browser/streamConverter_content.sjs create mode 100644 toolkit/components/passwordmgr/test/browser/subtst_notifications_1.html create mode 100644 toolkit/components/passwordmgr/test/browser/subtst_notifications_10.html create mode 100644 toolkit/components/passwordmgr/test/browser/subtst_notifications_11.html create mode 100644 toolkit/components/passwordmgr/test/browser/subtst_notifications_11_popup.html create mode 100644 toolkit/components/passwordmgr/test/browser/subtst_notifications_2.html create mode 100644 toolkit/components/passwordmgr/test/browser/subtst_notifications_2pw_0un.html create mode 100644 toolkit/components/passwordmgr/test/browser/subtst_notifications_2pw_1un_1text.html create mode 100644 toolkit/components/passwordmgr/test/browser/subtst_notifications_3.html create mode 100644 toolkit/components/passwordmgr/test/browser/subtst_notifications_4.html create mode 100644 toolkit/components/passwordmgr/test/browser/subtst_notifications_5.html create mode 100644 toolkit/components/passwordmgr/test/browser/subtst_notifications_6.html create mode 100644 toolkit/components/passwordmgr/test/browser/subtst_notifications_8.html create mode 100644 toolkit/components/passwordmgr/test/browser/subtst_notifications_9.html create mode 100644 toolkit/components/passwordmgr/test/browser/subtst_notifications_change_p.html create mode 100644 toolkit/components/passwordmgr/test/chrome/chrome.ini create mode 100644 toolkit/components/passwordmgr/test/chrome/notification_common.js create mode 100644 toolkit/components/passwordmgr/test/chrome/privbrowsing_perwindowpb_iframe.html create mode 100644 toolkit/components/passwordmgr/test/chrome/subtst_privbrowsing_1.html create mode 100644 toolkit/components/passwordmgr/test/chrome/subtst_privbrowsing_2.html create mode 100644 toolkit/components/passwordmgr/test/chrome/subtst_privbrowsing_3.html create mode 100644 toolkit/components/passwordmgr/test/chrome/subtst_privbrowsing_4.html create mode 100644 toolkit/components/passwordmgr/test/chrome/test_privbrowsing_perwindowpb.html create mode 100644 toolkit/components/passwordmgr/test/chrome_timeout.js create mode 100644 toolkit/components/passwordmgr/test/formsubmit.sjs create mode 100644 toolkit/components/passwordmgr/test/mochitest.ini create mode 100644 toolkit/components/passwordmgr/test/mochitest/auth2/authenticate.sjs create mode 100644 toolkit/components/passwordmgr/test/mochitest/mochitest.ini create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_autocomplete_https_upgrade.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_autofill_https_upgrade.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_autofill_password-only.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_autofocus_js.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_basic_form.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_basic_form_0pw.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_basic_form_1pw.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_basic_form_1pw_2.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_basic_form_2pw_1.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_basic_form_2pw_2.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_basic_form_3pw_1.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_basic_form_autocomplete.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_basic_form_html5.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_basic_form_pwevent.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_basic_form_pwonly.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_bug_627616.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_bug_776171.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_case_differences.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_form_action_1.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_form_action_2.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_form_action_javascript.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_formless_autofill.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_formless_submit.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_formless_submit_navigation.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_formless_submit_navigation_negative.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_input_events.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_input_events_for_identical_values.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_insecure_form_field_autocomplete.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_insecure_form_field_no_saved_login.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_maxlength.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_password_field_autocomplete.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_passwords_in_type_password.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_prompt.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_prompt_http.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_prompt_noWindow.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_prompt_promptAuth.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_prompt_promptAuth_proxy.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_recipe_login_fields.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_username_focus.html create mode 100644 toolkit/components/passwordmgr/test/mochitest/test_xhr_2.html create mode 100644 toolkit/components/passwordmgr/test/prompt_common.js create mode 100644 toolkit/components/passwordmgr/test/pwmgr_common.js create mode 100644 toolkit/components/passwordmgr/test/subtst_master_pass.html create mode 100644 toolkit/components/passwordmgr/test/subtst_prompt_async.html create mode 100644 toolkit/components/passwordmgr/test/test_master_password.html create mode 100644 toolkit/components/passwordmgr/test/test_prompt_async.html create mode 100644 toolkit/components/passwordmgr/test/test_xhr.html create mode 100644 toolkit/components/passwordmgr/test/test_xml_load.html create mode 100644 toolkit/components/passwordmgr/test/unit/.eslintrc.js create mode 100644 toolkit/components/passwordmgr/test/unit/data/corruptDB.sqlite create mode 100644 toolkit/components/passwordmgr/test/unit/data/key3.db create mode 100644 toolkit/components/passwordmgr/test/unit/data/signons-v1.sqlite create mode 100644 toolkit/components/passwordmgr/test/unit/data/signons-v1v2.sqlite create mode 100644 toolkit/components/passwordmgr/test/unit/data/signons-v2.sqlite create mode 100644 toolkit/components/passwordmgr/test/unit/data/signons-v2v3.sqlite create mode 100644 toolkit/components/passwordmgr/test/unit/data/signons-v3.sqlite create mode 100644 toolkit/components/passwordmgr/test/unit/data/signons-v3v4.sqlite create mode 100644 toolkit/components/passwordmgr/test/unit/data/signons-v4.sqlite create mode 100644 toolkit/components/passwordmgr/test/unit/data/signons-v4v5.sqlite create mode 100644 toolkit/components/passwordmgr/test/unit/data/signons-v5v6.sqlite create mode 100644 toolkit/components/passwordmgr/test/unit/data/signons-v999-2.sqlite create mode 100644 toolkit/components/passwordmgr/test/unit/data/signons-v999.sqlite create mode 100644 toolkit/components/passwordmgr/test/unit/head.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_OSCrypto_win.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_context_menu.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_dedupeLogins.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_disabled_hosts.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_getFormFields.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_getPasswordFields.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_getPasswordOrigin.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_isOriginMatching.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_legacy_empty_formSubmitURL.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_legacy_validation.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_logins_change.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_logins_decrypt_failure.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_logins_metainfo.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_logins_search.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_maybeImportLogin.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_module_LoginImport.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_module_LoginStore.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_notifications.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_recipes_add.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_recipes_content.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_removeLegacySignonFiles.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_search_schemeUpgrades.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_storage.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_storage_mozStorage.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_telemetry.js create mode 100644 toolkit/components/passwordmgr/test/unit/test_user_autocomplete_result.js create mode 100644 toolkit/components/passwordmgr/test/unit/xpcshell.ini (limited to 'toolkit/components/passwordmgr') diff --git a/toolkit/components/passwordmgr/.eslintrc.js b/toolkit/components/passwordmgr/.eslintrc.js new file mode 100644 index 000000000..188f7eeff --- /dev/null +++ b/toolkit/components/passwordmgr/.eslintrc.js @@ -0,0 +1,36 @@ +"use strict"; + +module.exports = { // eslint-disable-line no-undef + "extends": "../../.eslintrc.js", + "rules": { + // Require spacing around => + "arrow-spacing": "error", + + // No newline before open brace for a block + "brace-style": ["error", "1tbs", {"allowSingleLine": true}], + + // No space before always a space after a comma + "comma-spacing": ["error", {"before": false, "after": true}], + + // Commas at the end of the line not the start + "comma-style": "error", + + // Use [] instead of Array() + "no-array-constructor": "error", + + // Use {} instead of new Object() + "no-new-object": "error", + + // No using undeclared variables + "no-undef": "error", + + // Don't allow unused local variables unless they match the pattern + "no-unused-vars": ["error", {"args": "none", "vars": "local", "varsIgnorePattern": "^(ids|ignored|unused)$"}], + + // Always require semicolon at end of statement + "semi": ["error", "always"], + + // Require spaces around operators + "space-infix-ops": "error", + } +}; diff --git a/toolkit/components/passwordmgr/InsecurePasswordUtils.jsm b/toolkit/components/passwordmgr/InsecurePasswordUtils.jsm new file mode 100644 index 000000000..5351e45b2 --- /dev/null +++ b/toolkit/components/passwordmgr/InsecurePasswordUtils.jsm @@ -0,0 +1,150 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +this.EXPORTED_SYMBOLS = [ "InsecurePasswordUtils" ]; + +const { classes: Cc, interfaces: Ci, results: Cr, utils: Cu } = Components; +const STRINGS_URI = "chrome://global/locale/security/security.properties"; + +Cu.import("resource://gre/modules/Services.jsm"); +Cu.import("resource://gre/modules/XPCOMUtils.jsm"); + +XPCOMUtils.defineLazyModuleGetter(this, "devtools", + "resource://devtools/shared/Loader.jsm"); +XPCOMUtils.defineLazyServiceGetter(this, "gContentSecurityManager", + "@mozilla.org/contentsecuritymanager;1", + "nsIContentSecurityManager"); +XPCOMUtils.defineLazyServiceGetter(this, "gScriptSecurityManager", + "@mozilla.org/scriptsecuritymanager;1", + "nsIScriptSecurityManager"); +XPCOMUtils.defineLazyGetter(this, "WebConsoleUtils", () => { + return this.devtools.require("devtools/server/actors/utils/webconsole-utils").Utils; +}); + +/* + * A module that provides utility functions for form security. + * + * Note: + * This module uses isSecureContextIfOpenerIgnored instead of isSecureContext. + * + * We don't want to expose JavaScript APIs in a non-Secure Context even if + * the context is only insecure because the windows has an insecure opener. + * Doing so prevents sites from implementing postMessage workarounds to enable + * an insecure opener to gain access to Secure Context-only APIs. However, + * in the case of form fields such as password fields we don't need to worry + * about whether the opener is secure or not. In fact to flag a password + * field as insecure in such circumstances would unnecessarily confuse our + * users. + */ +this.InsecurePasswordUtils = { + _formRootsWarned: new WeakMap(), + _sendWebConsoleMessage(messageTag, domDoc) { + let windowId = WebConsoleUtils.getInnerWindowId(domDoc.defaultView); + let category = "Insecure Password Field"; + // All web console messages are warnings for now. + let flag = Ci.nsIScriptError.warningFlag; + let bundle = Services.strings.createBundle(STRINGS_URI); + let message = bundle.GetStringFromName(messageTag); + let consoleMsg = Cc["@mozilla.org/scripterror;1"].createInstance(Ci.nsIScriptError); + consoleMsg.initWithWindowID(message, domDoc.location.href, 0, 0, 0, flag, category, windowId); + + Services.console.logMessage(consoleMsg); + }, + + /** + * Gets the security state of the passed form. + * + * @param {FormLike} aForm A form-like object. @See {FormLikeFactory} + * + * @returns {Object} An object with the following boolean values: + * isFormSubmitHTTP: if the submit action is an http:// URL + * isFormSubmitSecure: if the submit action URL is secure, + * either because it is HTTPS or because its origin is considered trustworthy + */ + _checkFormSecurity(aForm) { + let isFormSubmitHTTP = false, isFormSubmitSecure = false; + if (aForm.rootElement instanceof Ci.nsIDOMHTMLFormElement) { + let uri = Services.io.newURI(aForm.rootElement.action || aForm.rootElement.baseURI, + null, null); + let principal = gScriptSecurityManager.getCodebasePrincipal(uri); + + if (uri.schemeIs("http")) { + isFormSubmitHTTP = true; + if (gContentSecurityManager.isOriginPotentiallyTrustworthy(principal)) { + isFormSubmitSecure = true; + } + } else { + isFormSubmitSecure = true; + } + } + + return { isFormSubmitHTTP, isFormSubmitSecure }; + }, + + /** + * Checks if there are insecure password fields present on the form's document + * i.e. passwords inside forms with http action, inside iframes with http src, + * or on insecure web pages. + * + * @param {FormLike} aForm A form-like object. @See {LoginFormFactory} + * @return {boolean} whether the form is secure + */ + isFormSecure(aForm) { + // Ignores window.opener, see top level documentation. + let isSafePage = aForm.ownerDocument.defaultView.isSecureContextIfOpenerIgnored; + let { isFormSubmitSecure, isFormSubmitHTTP } = this._checkFormSecurity(aForm); + + return isSafePage && (isFormSubmitSecure || !isFormSubmitHTTP); + }, + + /** + * Report insecure password fields in a form to the web console to warn developers. + * + * @param {FormLike} aForm A form-like object. @See {FormLikeFactory} + */ + reportInsecurePasswords(aForm) { + if (this._formRootsWarned.has(aForm.rootElement) || + this._formRootsWarned.get(aForm.rootElement)) { + return; + } + + let domDoc = aForm.ownerDocument; + // Ignores window.opener, see top level documentation. + let isSafePage = domDoc.defaultView.isSecureContextIfOpenerIgnored; + + let { isFormSubmitHTTP, isFormSubmitSecure } = this._checkFormSecurity(aForm); + + if (!isSafePage) { + if (domDoc.defaultView == domDoc.defaultView.parent) { + this._sendWebConsoleMessage("InsecurePasswordsPresentOnPage", domDoc); + } else { + this._sendWebConsoleMessage("InsecurePasswordsPresentOnIframe", domDoc); + } + this._formRootsWarned.set(aForm.rootElement, true); + } else if (isFormSubmitHTTP && !isFormSubmitSecure) { + this._sendWebConsoleMessage("InsecureFormActionPasswordsPresent", domDoc); + this._formRootsWarned.set(aForm.rootElement, true); + } + + // The safety of a password field determined by the form action and the page protocol + let passwordSafety; + if (isSafePage) { + if (isFormSubmitSecure) { + passwordSafety = 0; + } else if (isFormSubmitHTTP) { + passwordSafety = 1; + } else { + passwordSafety = 2; + } + } else if (isFormSubmitSecure) { + passwordSafety = 3; + } else if (isFormSubmitHTTP) { + passwordSafety = 4; + } else { + passwordSafety = 5; + } + + Services.telemetry.getHistogramById("PWMGR_LOGIN_PAGE_SAFETY").add(passwordSafety); + }, +}; diff --git a/toolkit/components/passwordmgr/LoginHelper.jsm b/toolkit/components/passwordmgr/LoginHelper.jsm new file mode 100644 index 000000000..e0c4d872b --- /dev/null +++ b/toolkit/components/passwordmgr/LoginHelper.jsm @@ -0,0 +1,725 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/** + * Contains functions shared by different Login Manager components. + * + * This JavaScript module exists in order to share code between the different + * XPCOM components that constitute the Login Manager, including implementations + * of nsILoginManager and nsILoginManagerStorage. + */ + +"use strict"; + +this.EXPORTED_SYMBOLS = [ + "LoginHelper", +]; + +// Globals + +const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components; + +Cu.import("resource://gre/modules/Services.jsm"); +Cu.import("resource://gre/modules/XPCOMUtils.jsm"); + +// LoginHelper + +/** + * Contains functions shared by different Login Manager components. + */ +this.LoginHelper = { + /** + * Warning: these only update if a logger was created. + */ + debug: Services.prefs.getBoolPref("signon.debug"), + formlessCaptureEnabled: Services.prefs.getBoolPref("signon.formlessCapture.enabled"), + schemeUpgrades: Services.prefs.getBoolPref("signon.schemeUpgrades"), + insecureAutofill: Services.prefs.getBoolPref("signon.autofillForms.http"), + showInsecureFieldWarning: Services.prefs.getBoolPref("security.insecure_field_warning.contextual.enabled"), + + createLogger(aLogPrefix) { + let getMaxLogLevel = () => { + return this.debug ? "debug" : "warn"; + }; + + // Create a new instance of the ConsoleAPI so we can control the maxLogLevel with a pref. + let ConsoleAPI = Cu.import("resource://gre/modules/Console.jsm", {}).ConsoleAPI; + let consoleOptions = { + maxLogLevel: getMaxLogLevel(), + prefix: aLogPrefix, + }; + let logger = new ConsoleAPI(consoleOptions); + + // Watch for pref changes and update this.debug and the maxLogLevel for created loggers + Services.prefs.addObserver("signon.", () => { + this.debug = Services.prefs.getBoolPref("signon.debug"); + this.formlessCaptureEnabled = Services.prefs.getBoolPref("signon.formlessCapture.enabled"); + this.schemeUpgrades = Services.prefs.getBoolPref("signon.schemeUpgrades"); + this.insecureAutofill = Services.prefs.getBoolPref("signon.autofillForms.http"); + logger.maxLogLevel = getMaxLogLevel(); + }, false); + + Services.prefs.addObserver("security.insecure_field_warning.", () => { + this.showInsecureFieldWarning = Services.prefs.getBoolPref("security.insecure_field_warning.contextual.enabled"); + }, false); + + return logger; + }, + + /** + * Due to the way the signons2.txt file is formatted, we need to make + * sure certain field values or characters do not cause the file to + * be parsed incorrectly. Reject hostnames that we can't store correctly. + * + * @throws String with English message in case validation failed. + */ + checkHostnameValue(aHostname) { + // Nulls are invalid, as they don't round-trip well. Newlines are also + // invalid for any field stored as plaintext, and a hostname made of a + // single dot cannot be stored in the legacy format. + if (aHostname == "." || + aHostname.indexOf("\r") != -1 || + aHostname.indexOf("\n") != -1 || + aHostname.indexOf("\0") != -1) { + throw new Error("Invalid hostname"); + } + }, + + /** + * Due to the way the signons2.txt file is formatted, we need to make + * sure certain field values or characters do not cause the file to + * be parsed incorrectly. Reject logins that we can't store correctly. + * + * @throws String with English message in case validation failed. + */ + checkLoginValues(aLogin) { + function badCharacterPresent(l, c) { + return ((l.formSubmitURL && l.formSubmitURL.indexOf(c) != -1) || + (l.httpRealm && l.httpRealm.indexOf(c) != -1) || + l.hostname.indexOf(c) != -1 || + l.usernameField.indexOf(c) != -1 || + l.passwordField.indexOf(c) != -1); + } + + // Nulls are invalid, as they don't round-trip well. + // Mostly not a formatting problem, although ".\0" can be quirky. + if (badCharacterPresent(aLogin, "\0")) { + throw new Error("login values can't contain nulls"); + } + + // In theory these nulls should just be rolled up into the encrypted + // values, but nsISecretDecoderRing doesn't use nsStrings, so the + // nulls cause truncation. Check for them here just to avoid + // unexpected round-trip surprises. + if (aLogin.username.indexOf("\0") != -1 || + aLogin.password.indexOf("\0") != -1) { + throw new Error("login values can't contain nulls"); + } + + // Newlines are invalid for any field stored as plaintext. + if (badCharacterPresent(aLogin, "\r") || + badCharacterPresent(aLogin, "\n")) { + throw new Error("login values can't contain newlines"); + } + + // A line with just a "." can have special meaning. + if (aLogin.usernameField == "." || + aLogin.formSubmitURL == ".") { + throw new Error("login values can't be periods"); + } + + // A hostname with "\ \(" won't roundtrip. + // eg host="foo (", realm="bar" --> "foo ( (bar)" + // vs host="foo", realm=" (bar" --> "foo ( (bar)" + if (aLogin.hostname.indexOf(" (") != -1) { + throw new Error("bad parens in hostname"); + } + }, + + /** + * Returns a new XPCOM property bag with the provided properties. + * + * @param {Object} aProperties + * Each property of this object is copied to the property bag. This + * parameter can be omitted to return an empty property bag. + * + * @return A new property bag, that is an instance of nsIWritablePropertyBag, + * nsIWritablePropertyBag2, nsIPropertyBag, and nsIPropertyBag2. + */ + newPropertyBag(aProperties) { + let propertyBag = Cc["@mozilla.org/hash-property-bag;1"] + .createInstance(Ci.nsIWritablePropertyBag); + if (aProperties) { + for (let [name, value] of Object.entries(aProperties)) { + propertyBag.setProperty(name, value); + } + } + return propertyBag.QueryInterface(Ci.nsIPropertyBag) + .QueryInterface(Ci.nsIPropertyBag2) + .QueryInterface(Ci.nsIWritablePropertyBag2); + }, + + /** + * Helper to avoid the `count` argument and property bags when calling + * Services.logins.searchLogins from JS. + * + * @param {Object} aSearchOptions - A regular JS object to copy to a property bag before searching + * @return {nsILoginInfo[]} - The result of calling searchLogins. + */ + searchLoginsWithObject(aSearchOptions) { + return Services.logins.searchLogins({}, this.newPropertyBag(aSearchOptions)); + }, + + /** + * @param {String} aLoginOrigin - An origin value from a stored login's + * hostname or formSubmitURL properties. + * @param {String} aSearchOrigin - The origin that was are looking to match + * with aLoginOrigin. This would normally come + * from a form or page that we are considering. + * @param {nsILoginFindOptions} aOptions - Options to affect whether the origin + * from the login (aLoginOrigin) is a + * match for the origin we're looking + * for (aSearchOrigin). + */ + isOriginMatching(aLoginOrigin, aSearchOrigin, aOptions = { + schemeUpgrades: false, + }) { + if (aLoginOrigin == aSearchOrigin) { + return true; + } + + if (!aOptions) { + return false; + } + + if (aOptions.schemeUpgrades) { + try { + let loginURI = Services.io.newURI(aLoginOrigin, null, null); + let searchURI = Services.io.newURI(aSearchOrigin, null, null); + if (loginURI.scheme == "http" && searchURI.scheme == "https" && + loginURI.hostPort == searchURI.hostPort) { + return true; + } + } catch (ex) { + // newURI will throw for some values e.g. chrome://FirefoxAccounts + return false; + } + } + + return false; + }, + + doLoginsMatch(aLogin1, aLogin2, { + ignorePassword = false, + ignoreSchemes = false, + }) { + if (aLogin1.httpRealm != aLogin2.httpRealm || + aLogin1.username != aLogin2.username) + return false; + + if (!ignorePassword && aLogin1.password != aLogin2.password) + return false; + + if (ignoreSchemes) { + let hostname1URI = Services.io.newURI(aLogin1.hostname, null, null); + let hostname2URI = Services.io.newURI(aLogin2.hostname, null, null); + if (hostname1URI.hostPort != hostname2URI.hostPort) + return false; + + if (aLogin1.formSubmitURL != "" && aLogin2.formSubmitURL != "" && + Services.io.newURI(aLogin1.formSubmitURL, null, null).hostPort != + Services.io.newURI(aLogin2.formSubmitURL, null, null).hostPort) + return false; + } else { + if (aLogin1.hostname != aLogin2.hostname) + return false; + + // If either formSubmitURL is blank (but not null), then match. + if (aLogin1.formSubmitURL != "" && aLogin2.formSubmitURL != "" && + aLogin1.formSubmitURL != aLogin2.formSubmitURL) + return false; + } + + // The .usernameField and .passwordField values are ignored. + + return true; + }, + + /** + * Creates a new login object that results by modifying the given object with + * the provided data. + * + * @param aOldStoredLogin + * Existing nsILoginInfo object to modify. + * @param aNewLoginData + * The new login values, either as nsILoginInfo or nsIProperyBag. + * + * @return The newly created nsILoginInfo object. + * + * @throws String with English message in case validation failed. + */ + buildModifiedLogin(aOldStoredLogin, aNewLoginData) { + function bagHasProperty(aPropName) { + try { + aNewLoginData.getProperty(aPropName); + return true; + } catch (ex) { } + return false; + } + + aOldStoredLogin.QueryInterface(Ci.nsILoginMetaInfo); + + let newLogin; + if (aNewLoginData instanceof Ci.nsILoginInfo) { + // Clone the existing login to get its nsILoginMetaInfo, then init it + // with the replacement nsILoginInfo data from the new login. + newLogin = aOldStoredLogin.clone(); + newLogin.init(aNewLoginData.hostname, + aNewLoginData.formSubmitURL, aNewLoginData.httpRealm, + aNewLoginData.username, aNewLoginData.password, + aNewLoginData.usernameField, aNewLoginData.passwordField); + newLogin.QueryInterface(Ci.nsILoginMetaInfo); + + // Automatically update metainfo when password is changed. + if (newLogin.password != aOldStoredLogin.password) { + newLogin.timePasswordChanged = Date.now(); + } + } else if (aNewLoginData instanceof Ci.nsIPropertyBag) { + // Clone the existing login, along with all its properties. + newLogin = aOldStoredLogin.clone(); + newLogin.QueryInterface(Ci.nsILoginMetaInfo); + + // Automatically update metainfo when password is changed. + // (Done before the main property updates, lest the caller be + // explicitly updating both .password and .timePasswordChanged) + if (bagHasProperty("password")) { + let newPassword = aNewLoginData.getProperty("password"); + if (newPassword != aOldStoredLogin.password) { + newLogin.timePasswordChanged = Date.now(); + } + } + + let propEnum = aNewLoginData.enumerator; + while (propEnum.hasMoreElements()) { + let prop = propEnum.getNext().QueryInterface(Ci.nsIProperty); + switch (prop.name) { + // nsILoginInfo + case "hostname": + case "httpRealm": + case "formSubmitURL": + case "username": + case "password": + case "usernameField": + case "passwordField": + // nsILoginMetaInfo + case "guid": + case "timeCreated": + case "timeLastUsed": + case "timePasswordChanged": + case "timesUsed": + newLogin[prop.name] = prop.value; + break; + + // Fake property, allows easy incrementing. + case "timesUsedIncrement": + newLogin.timesUsed += prop.value; + break; + + // Fail if caller requests setting an unknown property. + default: + throw new Error("Unexpected propertybag item: " + prop.name); + } + } + } else { + throw new Error("newLoginData needs an expected interface!"); + } + + // Sanity check the login + if (newLogin.hostname == null || newLogin.hostname.length == 0) { + throw new Error("Can't add a login with a null or empty hostname."); + } + + // For logins w/o a username, set to "", not null. + if (newLogin.username == null) { + throw new Error("Can't add a login with a null username."); + } + + if (newLogin.password == null || newLogin.password.length == 0) { + throw new Error("Can't add a login with a null or empty password."); + } + + if (newLogin.formSubmitURL || newLogin.formSubmitURL == "") { + // We have a form submit URL. Can't have a HTTP realm. + if (newLogin.httpRealm != null) { + throw new Error("Can't add a login with both a httpRealm and formSubmitURL."); + } + } else if (newLogin.httpRealm) { + // We have a HTTP realm. Can't have a form submit URL. + if (newLogin.formSubmitURL != null) { + throw new Error("Can't add a login with both a httpRealm and formSubmitURL."); + } + } else { + // Need one or the other! + throw new Error("Can't add a login without a httpRealm or formSubmitURL."); + } + + // Throws if there are bogus values. + this.checkLoginValues(newLogin); + + return newLogin; + }, + + /** + * Removes duplicates from a list of logins while preserving the sort order. + * + * @param {nsILoginInfo[]} logins + * A list of logins we want to deduplicate. + * @param {string[]} [uniqueKeys = ["username", "password"]] + * A list of login attributes to use as unique keys for the deduplication. + * @param {string[]} [resolveBy = ["timeLastUsed"]] + * Ordered array of keyword strings used to decide which of the + * duplicates should be used. "scheme" would prefer the login that has + * a scheme matching `preferredOrigin`'s if there are two logins with + * the same `uniqueKeys`. The default preference to distinguish two + * logins is `timeLastUsed`. If there is no preference between two + * logins, the first one found wins. + * @param {string} [preferredOrigin = undefined] + * String representing the origin to use for preferring one login over + * another when they are dupes. This is used with "scheme" for + * `resolveBy` so the scheme from this origin will be preferred. + * + * @returns {nsILoginInfo[]} list of unique logins. + */ + dedupeLogins(logins, uniqueKeys = ["username", "password"], + resolveBy = ["timeLastUsed"], + preferredOrigin = undefined) { + const KEY_DELIMITER = ":"; + + if (!preferredOrigin && resolveBy.includes("scheme")) { + throw new Error("dedupeLogins: `preferredOrigin` is required in order to " + + "prefer schemes which match it."); + } + + let preferredOriginScheme; + if (preferredOrigin) { + try { + preferredOriginScheme = Services.io.newURI(preferredOrigin, null, null).scheme; + } catch (ex) { + // Handle strings that aren't valid URIs e.g. chrome://FirefoxAccounts + } + } + + if (!preferredOriginScheme && resolveBy.includes("scheme")) { + log.warn("dedupeLogins: Deduping with a scheme preference but couldn't " + + "get the preferred origin scheme."); + } + + // We use a Map to easily lookup logins by their unique keys. + let loginsByKeys = new Map(); + + // Generate a unique key string from a login. + function getKey(login, uniqueKeys) { + return uniqueKeys.reduce((prev, key) => prev + KEY_DELIMITER + login[key], ""); + } + + /** + * @return {bool} whether `login` is preferred over its duplicate (considering `uniqueKeys`) + * `existingLogin`. + * + * `resolveBy` is a sorted array so we can return true the first time `login` is preferred + * over the existingLogin. + */ + function isLoginPreferred(existingLogin, login) { + if (!resolveBy || resolveBy.length == 0) { + // If there is no preference, prefer the existing login. + return false; + } + + for (let preference of resolveBy) { + switch (preference) { + case "scheme": { + if (!preferredOriginScheme) { + break; + } + + try { + // Only `hostname` is currently considered + let existingLoginURI = Services.io.newURI(existingLogin.hostname, null, null); + let loginURI = Services.io.newURI(login.hostname, null, null); + // If the schemes of the two logins are the same or neither match the + // preferredOriginScheme then we have no preference and look at the next resolveBy. + if (loginURI.scheme == existingLoginURI.scheme || + (loginURI.scheme != preferredOriginScheme && + existingLoginURI.scheme != preferredOriginScheme)) { + break; + } + + return loginURI.scheme == preferredOriginScheme; + } catch (ex) { + // Some URLs aren't valid nsIURI (e.g. chrome://FirefoxAccounts) + log.debug("dedupeLogins/shouldReplaceExisting: Error comparing schemes:", + existingLogin.hostname, login.hostname, + "preferredOrigin:", preferredOrigin, ex); + } + break; + } + case "timeLastUsed": + case "timePasswordChanged": { + // If we find a more recent login for the same key, replace the existing one. + let loginDate = login.QueryInterface(Ci.nsILoginMetaInfo)[preference]; + let storedLoginDate = existingLogin.QueryInterface(Ci.nsILoginMetaInfo)[preference]; + if (loginDate == storedLoginDate) { + break; + } + + return loginDate > storedLoginDate; + } + default: { + throw new Error("dedupeLogins: Invalid resolveBy preference: " + preference); + } + } + } + + return false; + } + + for (let login of logins) { + let key = getKey(login, uniqueKeys); + + if (loginsByKeys.has(key)) { + if (!isLoginPreferred(loginsByKeys.get(key), login)) { + // If there is no preference for the new login, use the existing one. + continue; + } + } + loginsByKeys.set(key, login); + } + + // Return the map values in the form of an array. + return [...loginsByKeys.values()]; + }, + + /** + * Open the password manager window. + * + * @param {Window} window + * the window from where we want to open the dialog + * + * @param {string} [filterString=""] + * the filterString parameter to pass to the login manager dialog + */ + openPasswordManager(window, filterString = "") { + let win = Services.wm.getMostRecentWindow("Toolkit:PasswordManager"); + if (win) { + win.setFilter(filterString); + win.focus(); + } else { + window.openDialog("chrome://passwordmgr/content/passwordManager.xul", + "Toolkit:PasswordManager", "", + {filterString : filterString}); + } + }, + + /** + * Checks if a field type is username compatible. + * + * @param {Element} element + * the field we want to check. + * + * @returns {Boolean} true if the field type is one + * of the username types. + */ + isUsernameFieldType(element) { + if (!(element instanceof Ci.nsIDOMHTMLInputElement)) + return false; + + let fieldType = (element.hasAttribute("type") ? + element.getAttribute("type").toLowerCase() : + element.type); + if (fieldType == "text" || + fieldType == "email" || + fieldType == "url" || + fieldType == "tel" || + fieldType == "number") { + return true; + } + return false; + }, + + /** + * Add the login to the password manager if a similar one doesn't already exist. Merge it + * otherwise with the similar existing ones. + * @param {Object} loginData - the data about the login that needs to be added. + * @returns {nsILoginInfo} the newly added login, or null if no login was added. + * Note that we will also return null if an existing login + * was modified. + */ + maybeImportLogin(loginData) { + // create a new login + let login = Cc["@mozilla.org/login-manager/loginInfo;1"].createInstance(Ci.nsILoginInfo); + login.init(loginData.hostname, + loginData.formSubmitURL || (typeof(loginData.httpRealm) == "string" ? null : ""), + typeof(loginData.httpRealm) == "string" ? loginData.httpRealm : null, + loginData.username, + loginData.password, + loginData.usernameElement || "", + loginData.passwordElement || ""); + + login.QueryInterface(Ci.nsILoginMetaInfo); + login.timeCreated = loginData.timeCreated; + login.timeLastUsed = loginData.timeLastUsed || loginData.timeCreated; + login.timePasswordChanged = loginData.timePasswordChanged || loginData.timeCreated; + login.timesUsed = loginData.timesUsed || 1; + // While here we're passing formSubmitURL and httpRealm, they could be empty/null and get + // ignored in that case, leading to multiple logins for the same username. + let existingLogins = Services.logins.findLogins({}, login.hostname, + login.formSubmitURL, + login.httpRealm); + // Check for an existing login that matches *including* the password. + // If such a login exists, we do not need to add a new login. + if (existingLogins.some(l => login.matches(l, false /* ignorePassword */))) { + return null; + } + // Now check for a login with the same username, where it may be that we have an + // updated password. + let foundMatchingLogin = false; + for (let existingLogin of existingLogins) { + if (login.username == existingLogin.username) { + foundMatchingLogin = true; + existingLogin.QueryInterface(Ci.nsILoginMetaInfo); + if (login.password != existingLogin.password & + login.timePasswordChanged > existingLogin.timePasswordChanged) { + // if a login with the same username and different password already exists and it's older + // than the current one, update its password and timestamp. + let propBag = Cc["@mozilla.org/hash-property-bag;1"]. + createInstance(Ci.nsIWritablePropertyBag); + propBag.setProperty("password", login.password); + propBag.setProperty("timePasswordChanged", login.timePasswordChanged); + Services.logins.modifyLogin(existingLogin, propBag); + } + } + } + // if the new login is an update or is older than an exiting login, don't add it. + if (foundMatchingLogin) { + return null; + } + return Services.logins.addLogin(login); + }, + + /** + * Convert an array of nsILoginInfo to vanilla JS objects suitable for + * sending over IPC. + * + * NB: All members of nsILoginInfo and nsILoginMetaInfo are strings. + */ + loginsToVanillaObjects(logins) { + return logins.map(this.loginToVanillaObject); + }, + + /** + * Same as above, but for a single login. + */ + loginToVanillaObject(login) { + let obj = {}; + for (let i in login.QueryInterface(Ci.nsILoginMetaInfo)) { + if (typeof login[i] !== 'function') { + obj[i] = login[i]; + } + } + + return obj; + }, + + /** + * Convert an object received from IPC into an nsILoginInfo (with guid). + */ + vanillaObjectToLogin(login) { + let formLogin = Cc["@mozilla.org/login-manager/loginInfo;1"]. + createInstance(Ci.nsILoginInfo); + formLogin.init(login.hostname, login.formSubmitURL, + login.httpRealm, login.username, + login.password, login.usernameField, + login.passwordField); + + formLogin.QueryInterface(Ci.nsILoginMetaInfo); + for (let prop of ["guid", "timeCreated", "timeLastUsed", "timePasswordChanged", "timesUsed"]) { + formLogin[prop] = login[prop]; + } + return formLogin; + }, + + /** + * As above, but for an array of objects. + */ + vanillaObjectsToLogins(logins) { + return logins.map(this.vanillaObjectToLogin); + }, + + removeLegacySignonFiles() { + const {Constants, Path, File} = Cu.import("resource://gre/modules/osfile.jsm").OS; + + const profileDir = Constants.Path.profileDir; + const defaultSignonFilePrefs = new Map([ + ["signon.SignonFileName", "signons.txt"], + ["signon.SignonFileName2", "signons2.txt"], + ["signon.SignonFileName3", "signons3.txt"] + ]); + const toDeletes = new Set(); + + for (let [pref, val] of defaultSignonFilePrefs.entries()) { + toDeletes.add(Path.join(profileDir, val)); + + try { + let signonFile = Services.prefs.getCharPref(pref); + + toDeletes.add(Path.join(profileDir, signonFile)); + Services.prefs.clearUserPref(pref); + } catch (e) {} + } + + for (let file of toDeletes) { + File.remove(file); + } + }, + + /** + * Returns true if the user has a master password set and false otherwise. + */ + isMasterPasswordSet() { + let secmodDB = Cc["@mozilla.org/security/pkcs11moduledb;1"]. + getService(Ci.nsIPKCS11ModuleDB); + let slot = secmodDB.findSlotByName(""); + if (!slot) { + return false; + } + let hasMP = slot.status != Ci.nsIPKCS11Slot.SLOT_UNINITIALIZED && + slot.status != Ci.nsIPKCS11Slot.SLOT_READY; + return hasMP; + }, + + /** + * Send a notification when stored data is changed. + */ + notifyStorageChanged(changeType, data) { + let dataObject = data; + // Can't pass a raw JS string or array though notifyObservers(). :-( + if (Array.isArray(data)) { + dataObject = Cc["@mozilla.org/array;1"]. + createInstance(Ci.nsIMutableArray); + for (let i = 0; i < data.length; i++) { + dataObject.appendElement(data[i], false); + } + } else if (typeof(data) == "string") { + dataObject = Cc["@mozilla.org/supports-string;1"]. + createInstance(Ci.nsISupportsString); + dataObject.data = data; + } + Services.obs.notifyObservers(dataObject, "passwordmgr-storage-changed", changeType); + } +}; + +XPCOMUtils.defineLazyGetter(this, "log", () => { + let logger = LoginHelper.createLogger("LoginHelper"); + return logger; +}); diff --git a/toolkit/components/passwordmgr/LoginImport.jsm b/toolkit/components/passwordmgr/LoginImport.jsm new file mode 100644 index 000000000..a1d5c988a --- /dev/null +++ b/toolkit/components/passwordmgr/LoginImport.jsm @@ -0,0 +1,173 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80 filetype=javascript: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/** + * Provides an object that has a method to import login-related data from the + * previous SQLite storage format. + */ + +"use strict"; + +this.EXPORTED_SYMBOLS = [ + "LoginImport", +]; + +// Globals + +const Cc = Components.classes; +const Ci = Components.interfaces; +const Cu = Components.utils; +const Cr = Components.results; + +Cu.import("resource://gre/modules/XPCOMUtils.jsm"); +Cu.import("resource://gre/modules/Task.jsm"); + +XPCOMUtils.defineLazyModuleGetter(this, "OS", + "resource://gre/modules/osfile.jsm"); +XPCOMUtils.defineLazyModuleGetter(this, "Sqlite", + "resource://gre/modules/Sqlite.jsm"); +XPCOMUtils.defineLazyModuleGetter(this, "NetUtil", + "resource://gre/modules/NetUtil.jsm"); + +// LoginImport + +/** + * Provides an object that has a method to import login-related data from the + * previous SQLite storage format. + * + * @param aStore + * LoginStore object where imported data will be added. + * @param aPath + * String containing the file path of the SQLite login database. + */ +this.LoginImport = function (aStore, aPath) { + this.store = aStore; + this.path = aPath; +}; + +this.LoginImport.prototype = { + /** + * LoginStore object where imported data will be added. + */ + store: null, + + /** + * String containing the file path of the SQLite login database. + */ + path: null, + + /** + * Imports login-related data from the previous SQLite storage format. + */ + import: Task.async(function* () { + // We currently migrate data directly from the database to the JSON store at + // first run, then we set a preference to prevent repeating the import. + // Thus, merging with existing data is not a use case we support. This + // restriction might be removed to support re-importing passwords set by an + // old version by flipping the import preference and restarting. + if (this.store.data.logins.length > 0 || + this.store.data.disabledHosts.length > 0) { + throw new Error("Unable to import saved passwords because some data " + + "has already been imported or saved."); + } + + // When a timestamp is not specified, we will use the same reference time. + let referenceTimeMs = Date.now(); + + let connection = yield Sqlite.openConnection({ path: this.path }); + try { + let schemaVersion = yield connection.getSchemaVersion(); + + // We support importing database schema versions from 3 onwards. + // Version 3 was implemented in bug 316084 (Firefox 3.6, March 2009). + // Version 4 was implemented in bug 465636 (Firefox 4, March 2010). + // Version 5 was implemented in bug 718817 (Firefox 13, February 2012). + if (schemaVersion < 3) { + throw new Error("Unable to import saved passwords because " + + "the existing profile is too old."); + } + + let rows = yield connection.execute("SELECT * FROM moz_logins"); + for (let row of rows) { + try { + let hostname = row.getResultByName("hostname"); + let httpRealm = row.getResultByName("httpRealm"); + let formSubmitURL = row.getResultByName("formSubmitURL"); + let usernameField = row.getResultByName("usernameField"); + let passwordField = row.getResultByName("passwordField"); + let encryptedUsername = row.getResultByName("encryptedUsername"); + let encryptedPassword = row.getResultByName("encryptedPassword"); + + // The "guid" field was introduced in schema version 2, and the + // "enctype" field was introduced in schema version 3. We don't + // support upgrading from older versions of the database. + let guid = row.getResultByName("guid"); + let encType = row.getResultByName("encType"); + + // The time and count fields were introduced in schema version 4. + let timeCreated = null; + let timeLastUsed = null; + let timePasswordChanged = null; + let timesUsed = null; + try { + timeCreated = row.getResultByName("timeCreated"); + timeLastUsed = row.getResultByName("timeLastUsed"); + timePasswordChanged = row.getResultByName("timePasswordChanged"); + timesUsed = row.getResultByName("timesUsed"); + } catch (ex) { } + + // These columns may be null either because they were not present in + // the database or because the record was created on a new schema + // version by an old application version. + if (!timeCreated) { + timeCreated = referenceTimeMs; + } + if (!timeLastUsed) { + timeLastUsed = referenceTimeMs; + } + if (!timePasswordChanged) { + timePasswordChanged = referenceTimeMs; + } + if (!timesUsed) { + timesUsed = 1; + } + + this.store.data.logins.push({ + id: this.store.data.nextId++, + hostname: hostname, + httpRealm: httpRealm, + formSubmitURL: formSubmitURL, + usernameField: usernameField, + passwordField: passwordField, + encryptedUsername: encryptedUsername, + encryptedPassword: encryptedPassword, + guid: guid, + encType: encType, + timeCreated: timeCreated, + timeLastUsed: timeLastUsed, + timePasswordChanged: timePasswordChanged, + timesUsed: timesUsed, + }); + } catch (ex) { + Cu.reportError("Error importing login: " + ex); + } + } + + rows = yield connection.execute("SELECT * FROM moz_disabledHosts"); + for (let row of rows) { + try { + let hostname = row.getResultByName("hostname"); + + this.store.data.disabledHosts.push(hostname); + } catch (ex) { + Cu.reportError("Error importing disabled host: " + ex); + } + } + } finally { + yield connection.close(); + } + }), +}; diff --git a/toolkit/components/passwordmgr/LoginManagerContent.jsm b/toolkit/components/passwordmgr/LoginManagerContent.jsm new file mode 100644 index 000000000..60805530d --- /dev/null +++ b/toolkit/components/passwordmgr/LoginManagerContent.jsm @@ -0,0 +1,1619 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +this.EXPORTED_SYMBOLS = [ "LoginManagerContent", + "LoginFormFactory", + "UserAutoCompleteResult" ]; + +const { classes: Cc, interfaces: Ci, results: Cr, utils: Cu } = Components; +const PASSWORD_INPUT_ADDED_COALESCING_THRESHOLD_MS = 1; +const AUTOCOMPLETE_AFTER_CONTEXTMENU_THRESHOLD_MS = 250; + +Cu.import("resource://gre/modules/XPCOMUtils.jsm"); +Cu.import("resource://gre/modules/Services.jsm"); +Cu.import("resource://gre/modules/PrivateBrowsingUtils.jsm"); +Cu.import("resource://gre/modules/InsecurePasswordUtils.jsm"); +Cu.import("resource://gre/modules/Promise.jsm"); +Cu.import("resource://gre/modules/Preferences.jsm"); +Cu.import("resource://gre/modules/Timer.jsm"); + +XPCOMUtils.defineLazyModuleGetter(this, "DeferredTask", "resource://gre/modules/DeferredTask.jsm"); +XPCOMUtils.defineLazyModuleGetter(this, "FormLikeFactory", + "resource://gre/modules/FormLikeFactory.jsm"); +XPCOMUtils.defineLazyModuleGetter(this, "LoginRecipesContent", + "resource://gre/modules/LoginRecipes.jsm"); +XPCOMUtils.defineLazyModuleGetter(this, "LoginHelper", + "resource://gre/modules/LoginHelper.jsm"); +XPCOMUtils.defineLazyModuleGetter(this, "InsecurePasswordUtils", + "resource://gre/modules/InsecurePasswordUtils.jsm"); + +XPCOMUtils.defineLazyServiceGetter(this, "gNetUtil", + "@mozilla.org/network/util;1", + "nsINetUtil"); + +XPCOMUtils.defineLazyGetter(this, "log", () => { + let logger = LoginHelper.createLogger("LoginManagerContent"); + return logger.log.bind(logger); +}); + +// These mirror signon.* prefs. +var gEnabled, gAutofillForms, gStoreWhenAutocompleteOff; +var gLastContextMenuEventTimeStamp = Number.NEGATIVE_INFINITY; + +var observer = { + QueryInterface : XPCOMUtils.generateQI([Ci.nsIObserver, + Ci.nsIFormSubmitObserver, + Ci.nsIWebProgressListener, + Ci.nsIDOMEventListener, + Ci.nsISupportsWeakReference]), + + // nsIFormSubmitObserver + notify(formElement, aWindow, actionURI) { + log("observer notified for form submission."); + + // We're invoked before the content's |onsubmit| handlers, so we + // can grab form data before it might be modified (see bug 257781). + + try { + let formLike = LoginFormFactory.createFromForm(formElement); + LoginManagerContent._onFormSubmit(formLike); + } catch (e) { + log("Caught error in onFormSubmit(", e.lineNumber, "):", e.message); + Cu.reportError(e); + } + + return true; // Always return true, or form submit will be canceled. + }, + + onPrefChange() { + gEnabled = Services.prefs.getBoolPref("signon.rememberSignons"); + gAutofillForms = Services.prefs.getBoolPref("signon.autofillForms"); + gStoreWhenAutocompleteOff = Services.prefs.getBoolPref("signon.storeWhenAutocompleteOff"); + }, + + // nsIWebProgressListener + onLocationChange(aWebProgress, aRequest, aLocation, aFlags) { + // Only handle pushState/replaceState here. + if (!(aFlags & Ci.nsIWebProgressListener.LOCATION_CHANGE_SAME_DOCUMENT) || + !(aWebProgress.loadType & Ci.nsIDocShell.LOAD_CMD_PUSHSTATE)) { + return; + } + + log("onLocationChange handled:", aLocation.spec, aWebProgress.DOMWindow.document); + + LoginManagerContent._onNavigation(aWebProgress.DOMWindow.document); + }, + + onStateChange(aWebProgress, aRequest, aState, aStatus) { + if (!(aState & Ci.nsIWebProgressListener.STATE_START)) { + return; + } + + // We only care about when a page triggered a load, not the user. For example: + // clicking refresh/back/forward, typing a URL and hitting enter, and loading a bookmark aren't + // likely to be when a user wants to save a login. + let channel = aRequest.QueryInterface(Ci.nsIChannel); + let triggeringPrincipal = channel.loadInfo.triggeringPrincipal; + if (triggeringPrincipal.isNullPrincipal || + triggeringPrincipal.equals(Services.scriptSecurityManager.getSystemPrincipal())) { + return; + } + + // Don't handle history navigation, reload, or pushState not triggered via chrome UI. + // e.g. history.go(-1), location.reload(), history.replaceState() + if (!(aWebProgress.loadType & Ci.nsIDocShell.LOAD_CMD_NORMAL)) { + log("onStateChange: loadType isn't LOAD_CMD_NORMAL:", aWebProgress.loadType); + return; + } + + log("onStateChange handled:", channel); + LoginManagerContent._onNavigation(aWebProgress.DOMWindow.document); + }, + + handleEvent(aEvent) { + if (!aEvent.isTrusted) { + return; + } + + if (!gEnabled) { + return; + } + + switch (aEvent.type) { + // Only used for username fields. + case "focus": { + LoginManagerContent._onUsernameFocus(aEvent); + break; + } + + case "contextmenu": { + gLastContextMenuEventTimeStamp = Date.now(); + break; + } + + default: { + throw new Error("Unexpected event"); + } + } + }, +}; + +Services.obs.addObserver(observer, "earlyformsubmit", false); +var prefBranch = Services.prefs.getBranch("signon."); +prefBranch.addObserver("", observer.onPrefChange, false); + +observer.onPrefChange(); // read initial values + + +function messageManagerFromWindow(win) { + return win.QueryInterface(Ci.nsIInterfaceRequestor) + .getInterface(Ci.nsIWebNavigation) + .QueryInterface(Ci.nsIDocShell) + .QueryInterface(Ci.nsIInterfaceRequestor) + .getInterface(Ci.nsIContentFrameMessageManager); +} + +// This object maps to the "child" process (even in the single-process case). +var LoginManagerContent = { + + __formFillService : null, // FormFillController, for username autocompleting + get _formFillService() { + if (!this.__formFillService) + this.__formFillService = + Cc["@mozilla.org/satchel/form-fill-controller;1"]. + getService(Ci.nsIFormFillController); + return this.__formFillService; + }, + + _getRandomId() { + return Cc["@mozilla.org/uuid-generator;1"] + .getService(Ci.nsIUUIDGenerator).generateUUID().toString(); + }, + + _messages: [ "RemoteLogins:loginsFound", + "RemoteLogins:loginsAutoCompleted" ], + + /** + * WeakMap of the root element of a FormLike to the FormLike representing its fields. + * + * This is used to be able to lookup an existing FormLike for a given root element since multiple + * calls to LoginFormFactory won't give the exact same object. When batching fills we don't always + * want to use the most recent list of elements for a FormLike since we may end up doing multiple + * fills for the same set of elements when a field gets added between arming and running the + * DeferredTask. + * + * @type {WeakMap} + */ + _formLikeByRootElement: new WeakMap(), + + /** + * WeakMap of the root element of a WeakMap to the DeferredTask to fill its fields. + * + * This is used to be able to throttle fills for a FormLike since onDOMInputPasswordAdded gets + * dispatched for each password field added to a document but we only want to fill once per + * FormLike when multiple fields are added at once. + * + * @type {WeakMap} + */ + _deferredPasswordAddedTasksByRootElement: new WeakMap(), + + // Map from form login requests to information about that request. + _requests: new Map(), + + // Number of outstanding requests to each manager. + _managers: new Map(), + + _takeRequest(msg) { + let data = msg.data; + let request = this._requests.get(data.requestId); + + this._requests.delete(data.requestId); + + let count = this._managers.get(msg.target); + if (--count === 0) { + this._managers.delete(msg.target); + + for (let message of this._messages) + msg.target.removeMessageListener(message, this); + } else { + this._managers.set(msg.target, count); + } + + return request; + }, + + _sendRequest(messageManager, requestData, + name, messageData) { + let count; + if (!(count = this._managers.get(messageManager))) { + this._managers.set(messageManager, 1); + + for (let message of this._messages) + messageManager.addMessageListener(message, this); + } else { + this._managers.set(messageManager, ++count); + } + + let requestId = this._getRandomId(); + messageData.requestId = requestId; + + messageManager.sendAsyncMessage(name, messageData); + + let deferred = Promise.defer(); + requestData.promise = deferred; + this._requests.set(requestId, requestData); + return deferred.promise; + }, + + receiveMessage(msg, window) { + if (msg.name == "RemoteLogins:fillForm") { + this.fillForm({ + topDocument: window.document, + loginFormOrigin: msg.data.loginFormOrigin, + loginsFound: LoginHelper.vanillaObjectsToLogins(msg.data.logins), + recipes: msg.data.recipes, + inputElement: msg.objects.inputElement, + }); + return; + } + + let request = this._takeRequest(msg); + switch (msg.name) { + case "RemoteLogins:loginsFound": { + let loginsFound = LoginHelper.vanillaObjectsToLogins(msg.data.logins); + request.promise.resolve({ + form: request.form, + loginsFound: loginsFound, + recipes: msg.data.recipes, + }); + break; + } + + case "RemoteLogins:loginsAutoCompleted": { + let loginsFound = + LoginHelper.vanillaObjectsToLogins(msg.data.logins); + // If we're in the parent process, don't pass a message manager so our + // autocomplete result objects know they can remove the login from the + // login manager directly. + let messageManager = + (Services.appinfo.processType === Services.appinfo.PROCESS_TYPE_CONTENT) ? + msg.target : undefined; + request.promise.resolve({ logins: loginsFound, messageManager }); + break; + } + } + }, + + /** + * Get relevant logins and recipes from the parent + * + * @param {HTMLFormElement} form - form to get login data for + * @param {Object} options + * @param {boolean} options.showMasterPassword - whether to show a master password prompt + */ + _getLoginDataFromParent(form, options) { + let doc = form.ownerDocument; + let win = doc.defaultView; + + let formOrigin = LoginUtils._getPasswordOrigin(doc.documentURI); + if (!formOrigin) { + return Promise.reject("_getLoginDataFromParent: A form origin is required"); + } + let actionOrigin = LoginUtils._getActionOrigin(form); + + let messageManager = messageManagerFromWindow(win); + + // XXX Weak?? + let requestData = { form: form }; + let messageData = { formOrigin: formOrigin, + actionOrigin: actionOrigin, + options: options }; + + return this._sendRequest(messageManager, requestData, + "RemoteLogins:findLogins", + messageData); + }, + + _autoCompleteSearchAsync(aSearchString, aPreviousResult, + aElement, aRect) { + let doc = aElement.ownerDocument; + let form = LoginFormFactory.createFromField(aElement); + let win = doc.defaultView; + + let formOrigin = LoginUtils._getPasswordOrigin(doc.documentURI); + let actionOrigin = LoginUtils._getActionOrigin(form); + + let messageManager = messageManagerFromWindow(win); + + let remote = (Services.appinfo.processType === + Services.appinfo.PROCESS_TYPE_CONTENT); + + let previousResult = aPreviousResult ? + { searchString: aPreviousResult.searchString, + logins: LoginHelper.loginsToVanillaObjects(aPreviousResult.logins) } : + null; + + let requestData = {}; + let messageData = { formOrigin: formOrigin, + actionOrigin: actionOrigin, + searchString: aSearchString, + previousResult: previousResult, + rect: aRect, + isSecure: InsecurePasswordUtils.isFormSecure(form), + isPasswordField: aElement.type == "password", + remote: remote }; + + return this._sendRequest(messageManager, requestData, + "RemoteLogins:autoCompleteLogins", + messageData); + }, + + setupProgressListener(window) { + if (!LoginHelper.formlessCaptureEnabled) { + return; + } + + try { + let webProgress = window.QueryInterface(Ci.nsIInterfaceRequestor). + getInterface(Ci.nsIWebNavigation). + QueryInterface(Ci.nsIDocShell). + QueryInterface(Ci.nsIInterfaceRequestor). + getInterface(Ci.nsIWebProgress); + webProgress.addProgressListener(observer, + Ci.nsIWebProgress.NOTIFY_STATE_DOCUMENT | + Ci.nsIWebProgress.NOTIFY_LOCATION); + } catch (ex) { + // Ignore NS_ERROR_FAILURE if the progress listener was already added + } + }, + + onDOMFormHasPassword(event, window) { + if (!event.isTrusted) { + return; + } + + let form = event.target; + let formLike = LoginFormFactory.createFromForm(form); + log("onDOMFormHasPassword:", form, formLike); + this._fetchLoginsFromParentAndFillForm(formLike, window); + }, + + onDOMInputPasswordAdded(event, window) { + if (!event.isTrusted) { + return; + } + + let pwField = event.target; + if (pwField.form) { + // Fill is handled by onDOMFormHasPassword which is already throttled. + return; + } + + // Only setup the listener for formless inputs. + // Capture within a
but without a submit event is bug 1287202. + this.setupProgressListener(window); + + let formLike = LoginFormFactory.createFromField(pwField); + log("onDOMInputPasswordAdded:", pwField, formLike); + + let deferredTask = this._deferredPasswordAddedTasksByRootElement.get(formLike.rootElement); + if (!deferredTask) { + log("Creating a DeferredTask to call _fetchLoginsFromParentAndFillForm soon"); + this._formLikeByRootElement.set(formLike.rootElement, formLike); + + deferredTask = new DeferredTask(function* deferredInputProcessing() { + // Get the updated formLike instead of the one at the time of creating the DeferredTask via + // a closure since it could be stale since FormLike.elements isn't live. + let formLike2 = this._formLikeByRootElement.get(formLike.rootElement); + log("Running deferred processing of onDOMInputPasswordAdded", formLike2); + this._deferredPasswordAddedTasksByRootElement.delete(formLike2.rootElement); + this._fetchLoginsFromParentAndFillForm(formLike2, window); + }.bind(this), PASSWORD_INPUT_ADDED_COALESCING_THRESHOLD_MS); + + this._deferredPasswordAddedTasksByRootElement.set(formLike.rootElement, deferredTask); + } + + if (deferredTask.isArmed) { + log("DeferredTask is already armed so just updating the FormLike"); + // We update the FormLike so it (most important .elements) is fresh when the task eventually + // runs since changes to the elements could affect our field heuristics. + this._formLikeByRootElement.set(formLike.rootElement, formLike); + } else if (window.document.readyState == "complete") { + log("Arming the DeferredTask we just created since document.readyState == 'complete'"); + deferredTask.arm(); + } else { + window.addEventListener("DOMContentLoaded", function armPasswordAddedTask() { + window.removeEventListener("DOMContentLoaded", armPasswordAddedTask); + log("Arming the onDOMInputPasswordAdded DeferredTask due to DOMContentLoaded"); + deferredTask.arm(); + }); + } + }, + + /** + * Fetch logins from the parent for a given form and then attempt to fill it. + * + * @param {FormLike} form to fetch the logins for then try autofill. + * @param {Window} window + */ + _fetchLoginsFromParentAndFillForm(form, window) { + this._detectInsecureFormLikes(window); + + let messageManager = messageManagerFromWindow(window); + messageManager.sendAsyncMessage("LoginStats:LoginEncountered"); + + if (!gEnabled) { + return; + } + + this._getLoginDataFromParent(form, { showMasterPassword: true }) + .then(this.loginsFound.bind(this)) + .then(null, Cu.reportError); + }, + + onPageShow(event, window) { + this._detectInsecureFormLikes(window); + }, + + /** + * Maps all DOM content documents in this content process, including those in + * frames, to the current state used by the Login Manager. + */ + loginFormStateByDocument: new WeakMap(), + + /** + * Retrieves a reference to the state object associated with the given + * document. This is initialized to an object with default values. + */ + stateForDocument(document) { + let loginFormState = this.loginFormStateByDocument.get(document); + if (!loginFormState) { + loginFormState = { + /** + * Keeps track of filled fields and values. + */ + fillsByRootElement: new WeakMap(), + loginFormRootElements: new Set(), + }; + this.loginFormStateByDocument.set(document, loginFormState); + } + return loginFormState; + }, + + /** + * Compute whether there is an insecure login form on any frame of the current page, and + * notify the parent process. This is used to control whether insecure password UI appears. + */ + _detectInsecureFormLikes(topWindow) { + log("_detectInsecureFormLikes", topWindow.location.href); + + // Returns true if this window or any subframes have insecure login forms. + let hasInsecureLoginForms = (thisWindow) => { + let doc = thisWindow.document; + let hasLoginForm = this.stateForDocument(doc).loginFormRootElements.size > 0; + // Ignores window.opener, because it's not relevant for indicating + // form security. See InsecurePasswordUtils docs for details. + return (hasLoginForm && !thisWindow.isSecureContextIfOpenerIgnored) || + Array.some(thisWindow.frames, + frame => hasInsecureLoginForms(frame)); + }; + + let messageManager = messageManagerFromWindow(topWindow); + messageManager.sendAsyncMessage("RemoteLogins:insecureLoginFormPresent", { + hasInsecureLoginForms: hasInsecureLoginForms(topWindow), + }); + }, + + /** + * Perform a password fill upon user request coming from the parent process. + * The fill will be in the form previously identified during page navigation. + * + * @param An object with the following properties: + * { + * topDocument: + * DOM document currently associated to the the top-level window + * for which the fill is requested. This may be different from the + * document that originally caused the login UI to be displayed. + * loginFormOrigin: + * String with the origin for which the login UI was displayed. + * This must match the origin of the form used for the fill. + * loginsFound: + * Array containing the login to fill. While other messages may + * have more logins, for this use case this is expected to have + * exactly one element. The origin of the login may be different + * from the origin of the form used for the fill. + * recipes: + * Fill recipes transmitted together with the original message. + * inputElement: + * Username or password input element from the form we want to fill. + * } + */ + fillForm({ topDocument, loginFormOrigin, loginsFound, recipes, inputElement }) { + if (!inputElement) { + log("fillForm: No input element specified"); + return; + } + if (LoginUtils._getPasswordOrigin(topDocument.documentURI) != loginFormOrigin) { + if (!inputElement || + LoginUtils._getPasswordOrigin(inputElement.ownerDocument.documentURI) != loginFormOrigin) { + log("fillForm: The requested origin doesn't match the one form the", + "document. This may mean we navigated to a document from a different", + "site before we had a chance to indicate this change in the user", + "interface."); + return; + } + } + + let clobberUsername = true; + let options = { + inputElement, + }; + + let form = LoginFormFactory.createFromField(inputElement); + if (inputElement.type == "password") { + clobberUsername = false; + } + this._fillForm(form, true, clobberUsername, true, true, loginsFound, recipes, options); + }, + + loginsFound({ form, loginsFound, recipes }) { + let doc = form.ownerDocument; + let autofillForm = gAutofillForms && !PrivateBrowsingUtils.isContentWindowPrivate(doc.defaultView); + + this._fillForm(form, autofillForm, false, false, false, loginsFound, recipes); + }, + + /** + * Focus event handler for username fields to decide whether to show autocomplete. + * @param {FocusEvent} event + */ + _onUsernameFocus(event) { + let focusedField = event.target; + if (!focusedField.mozIsTextField(true) || focusedField.readOnly) { + return; + } + + if (this._isLoginAlreadyFilled(focusedField)) { + log("_onUsernameFocus: Already filled"); + return; + } + + /* + * A `focus` event is fired before a `contextmenu` event if a user right-clicks into an + * unfocused field. In that case we don't want to show both autocomplete and a context menu + * overlapping so we spin the event loop to see if a `contextmenu` event is coming next. If no + * `contextmenu` event was seen and the focused field is still focused by the form fill + * controller then show the autocomplete popup. + */ + let timestamp = Date.now(); + setTimeout(function maybeOpenAutocompleteAfterFocus() { + // Even though the `focus` event happens first, its .timeStamp is greater in + // testing and I don't want to rely on that so the absolute value is used. + let timeDiff = Math.abs(gLastContextMenuEventTimeStamp - timestamp); + if (timeDiff < AUTOCOMPLETE_AFTER_CONTEXTMENU_THRESHOLD_MS) { + log("Not opening autocomplete after focus since a context menu was opened within", + timeDiff, "ms"); + return; + } + + if (this._formFillService.focusedInput == focusedField) { + log("maybeOpenAutocompleteAfterFocus: Opening the autocomplete popup. Time diff:", timeDiff); + this._formFillService.showPopup(); + } else { + log("maybeOpenAutocompleteAfterFocus: FormFillController has a different focused input"); + } + }.bind(this), 0); + }, + + /** + * Listens for DOMAutoComplete and blur events on an input field. + */ + onUsernameInput(event) { + if (!event.isTrusted) + return; + + if (!gEnabled) + return; + + var acInputField = event.target; + + // This is probably a bit over-conservatative. + if (!(acInputField.ownerDocument instanceof Ci.nsIDOMHTMLDocument)) + return; + + if (!LoginHelper.isUsernameFieldType(acInputField)) + return; + + var acForm = LoginFormFactory.createFromField(acInputField); + if (!acForm) + return; + + // If the username is blank, bail out now -- we don't want + // fillForm() to try filling in a login without a username + // to filter on (bug 471906). + if (!acInputField.value) + return; + + log("onUsernameInput from", event.type); + + let doc = acForm.ownerDocument; + let messageManager = messageManagerFromWindow(doc.defaultView); + let recipes = messageManager.sendSyncMessage("RemoteLogins:findRecipes", { + formOrigin: LoginUtils._getPasswordOrigin(doc.documentURI), + })[0]; + + // Make sure the username field fillForm will use is the + // same field as the autocomplete was activated on. + var [usernameField, passwordField, ignored] = + this._getFormFields(acForm, false, recipes); + if (usernameField == acInputField && passwordField) { + this._getLoginDataFromParent(acForm, { showMasterPassword: false }) + .then(({ form, loginsFound, recipes }) => { + this._fillForm(form, true, false, true, true, loginsFound, recipes); + }) + .then(null, Cu.reportError); + } else { + // Ignore the event, it's for some input we don't care about. + } + }, + + /** + * @param {FormLike} form - the FormLike to look for password fields in. + * @param {bool} [skipEmptyFields=false] - Whether to ignore password fields with no value. + * Used at capture time since saving empty values isn't + * useful. + * @return {Array|null} Array of password field elements for the specified form. + * If no pw fields are found, or if more than 3 are found, then null + * is returned. + */ + _getPasswordFields(form, skipEmptyFields = false) { + // Locate the password fields in the form. + let pwFields = []; + for (let i = 0; i < form.elements.length; i++) { + let element = form.elements[i]; + if (!(element instanceof Ci.nsIDOMHTMLInputElement) || + element.type != "password") { + continue; + } + + if (skipEmptyFields && !element.value.trim()) { + continue; + } + + pwFields[pwFields.length] = { + index : i, + element : element + }; + } + + // If too few or too many fields, bail out. + if (pwFields.length == 0) { + log("(form ignored -- no password fields.)"); + return null; + } else if (pwFields.length > 3) { + log("(form ignored -- too many password fields. [ got ", pwFields.length, "])"); + return null; + } + + return pwFields; + }, + + /** + * Returns the username and password fields found in the form. + * Can handle complex forms by trying to figure out what the + * relevant fields are. + * + * @param {FormLike} form + * @param {bool} isSubmission + * @param {Set} recipes + * @return {Array} [usernameField, newPasswordField, oldPasswordField] + * + * usernameField may be null. + * newPasswordField will always be non-null. + * oldPasswordField may be null. If null, newPasswordField is just + * "theLoginField". If not null, the form is apparently a + * change-password field, with oldPasswordField containing the password + * that is being changed. + * + * Note that even though we can create a FormLike from a text field, + * this method will only return a non-null usernameField if the + * FormLike has a password field. + */ + _getFormFields(form, isSubmission, recipes) { + var usernameField = null; + var pwFields = null; + var fieldOverrideRecipe = LoginRecipesContent.getFieldOverrides(recipes, form); + if (fieldOverrideRecipe) { + var pwOverrideField = LoginRecipesContent.queryLoginField( + form, + fieldOverrideRecipe.passwordSelector + ); + if (pwOverrideField) { + // The field from the password override may be in a different FormLike. + let formLike = LoginFormFactory.createFromField(pwOverrideField); + pwFields = [{ + index : [...formLike.elements].indexOf(pwOverrideField), + element : pwOverrideField, + }]; + } + + var usernameOverrideField = LoginRecipesContent.queryLoginField( + form, + fieldOverrideRecipe.usernameSelector + ); + if (usernameOverrideField) { + usernameField = usernameOverrideField; + } + } + + if (!pwFields) { + // Locate the password field(s) in the form. Up to 3 supported. + // If there's no password field, there's nothing for us to do. + pwFields = this._getPasswordFields(form, isSubmission); + } + + if (!pwFields) { + return [null, null, null]; + } + + if (!usernameField) { + // Locate the username field in the form by searching backwards + // from the first password field, assume the first text field is the + // username. We might not find a username field if the user is + // already logged in to the site. + for (var i = pwFields[0].index - 1; i >= 0; i--) { + var element = form.elements[i]; + if (!LoginHelper.isUsernameFieldType(element)) { + continue; + } + + if (fieldOverrideRecipe && fieldOverrideRecipe.notUsernameSelector && + element.matches(fieldOverrideRecipe.notUsernameSelector)) { + continue; + } + + usernameField = element; + break; + } + } + + if (!usernameField) + log("(form -- no username field found)"); + else + log("Username field ", usernameField, "has name/value:", + usernameField.name, "/", usernameField.value); + + // If we're not submitting a form (it's a page load), there are no + // password field values for us to use for identifying fields. So, + // just assume the first password field is the one to be filled in. + if (!isSubmission || pwFields.length == 1) { + var passwordField = pwFields[0].element; + log("Password field", passwordField, "has name: ", passwordField.name); + return [usernameField, passwordField, null]; + } + + + // Try to figure out WTF is in the form based on the password values. + var oldPasswordField, newPasswordField; + var pw1 = pwFields[0].element.value; + var pw2 = pwFields[1].element.value; + var pw3 = (pwFields[2] ? pwFields[2].element.value : null); + + if (pwFields.length == 3) { + // Look for two identical passwords, that's the new password + + if (pw1 == pw2 && pw2 == pw3) { + // All 3 passwords the same? Weird! Treat as if 1 pw field. + newPasswordField = pwFields[0].element; + oldPasswordField = null; + } else if (pw1 == pw2) { + newPasswordField = pwFields[0].element; + oldPasswordField = pwFields[2].element; + } else if (pw2 == pw3) { + oldPasswordField = pwFields[0].element; + newPasswordField = pwFields[2].element; + } else if (pw1 == pw3) { + // A bit odd, but could make sense with the right page layout. + newPasswordField = pwFields[0].element; + oldPasswordField = pwFields[1].element; + } else { + // We can't tell which of the 3 passwords should be saved. + log("(form ignored -- all 3 pw fields differ)"); + return [null, null, null]; + } + } else if (pw1 == pw2) { + // pwFields.length == 2 + // Treat as if 1 pw field + newPasswordField = pwFields[0].element; + oldPasswordField = null; + } else { + // Just assume that the 2nd password is the new password + oldPasswordField = pwFields[0].element; + newPasswordField = pwFields[1].element; + } + + log("Password field (new) id/name is: ", newPasswordField.id, " / ", newPasswordField.name); + if (oldPasswordField) { + log("Password field (old) id/name is: ", oldPasswordField.id, " / ", oldPasswordField.name); + } else { + log("Password field (old):", oldPasswordField); + } + return [usernameField, newPasswordField, oldPasswordField]; + }, + + + /** + * @return true if the page requests autocomplete be disabled for the + * specified element. + */ + _isAutocompleteDisabled(element) { + return element && element.autocomplete == "off"; + }, + + /** + * Trigger capture on any relevant FormLikes due to a navigation alone (not + * necessarily due to an actual form submission). This method is used to + * capture logins for cases where form submit events are not used. + * + * To avoid multiple notifications for the same FormLike, this currently + * avoids capturing when dealing with a real which are ideally already + * using a submit event. + * + * @param {Document} document being navigated + */ + _onNavigation(aDocument) { + let state = this.stateForDocument(aDocument); + let loginFormRootElements = state.loginFormRootElements; + log("_onNavigation: state:", state, "loginFormRootElements size:", loginFormRootElements.size, + "document:", aDocument); + + for (let formRoot of state.loginFormRootElements) { + if (formRoot instanceof Ci.nsIDOMHTMLFormElement) { + // For now only perform capture upon navigation for FormLike's without + // a to avoid capture from both an earlyformsubmit and + // navigation for the same "form". + log("Ignoring navigation for the form root to avoid multiple prompts " + + "since it was for a real "); + continue; + } + let formLike = this._formLikeByRootElement.get(formRoot); + this._onFormSubmit(formLike); + } + }, + + /** + * Called by our observer when notified of a form submission. + * [Note that this happens before any DOM onsubmit handlers are invoked.] + * Looks for a password change in the submitted form, so we can update + * our stored password. + * + * @param {FormLike} form + */ + _onFormSubmit(form) { + log("_onFormSubmit", form); + var doc = form.ownerDocument; + var win = doc.defaultView; + + if (PrivateBrowsingUtils.isContentWindowPrivate(win)) { + // We won't do anything in private browsing mode anyway, + // so there's no need to perform further checks. + log("(form submission ignored in private browsing mode)"); + return; + } + + // If password saving is disabled (globally or for host), bail out now. + if (!gEnabled) + return; + + var hostname = LoginUtils._getPasswordOrigin(doc.documentURI); + if (!hostname) { + log("(form submission ignored -- invalid hostname)"); + return; + } + + let formSubmitURL = LoginUtils._getActionOrigin(form); + let messageManager = messageManagerFromWindow(win); + + let recipes = messageManager.sendSyncMessage("RemoteLogins:findRecipes", { + formOrigin: hostname, + })[0]; + + // Get the appropriate fields from the form. + var [usernameField, newPasswordField, oldPasswordField] = + this._getFormFields(form, true, recipes); + + // Need at least 1 valid password field to do anything. + if (newPasswordField == null) + return; + + // Check for autocomplete=off attribute. We don't use it to prevent + // autofilling (for existing logins), but won't save logins when it's + // present and the storeWhenAutocompleteOff pref is false. + // XXX spin out a bug that we don't update timeLastUsed in this case? + if ((this._isAutocompleteDisabled(form) || + this._isAutocompleteDisabled(usernameField) || + this._isAutocompleteDisabled(newPasswordField) || + this._isAutocompleteDisabled(oldPasswordField)) && + !gStoreWhenAutocompleteOff) { + log("(form submission ignored -- autocomplete=off found)"); + return; + } + + // Don't try to send DOM nodes over IPC. + let mockUsername = usernameField ? + { name: usernameField.name, + value: usernameField.value } : + null; + let mockPassword = { name: newPasswordField.name, + value: newPasswordField.value }; + let mockOldPassword = oldPasswordField ? + { name: oldPasswordField.name, + value: oldPasswordField.value } : + null; + + // Make sure to pass the opener's top in case it was in a frame. + let openerTopWindow = win.opener ? win.opener.top : null; + + messageManager.sendAsyncMessage("RemoteLogins:onFormSubmit", + { hostname: hostname, + formSubmitURL: formSubmitURL, + usernameField: mockUsername, + newPasswordField: mockPassword, + oldPasswordField: mockOldPassword }, + { openerTopWindow }); + }, + + /** + * Attempt to find the username and password fields in a form, and fill them + * in using the provided logins and recipes. + * + * @param {LoginForm} form + * @param {bool} autofillForm denotes if we should fill the form in automatically + * @param {bool} clobberUsername controls if an existing username can be overwritten. + * If this is false and an inputElement of type password + * is also passed, the username field will be ignored. + * If this is false and no inputElement is passed, if the username + * field value is not found in foundLogins, it will not fill the password. + * @param {bool} clobberPassword controls if an existing password value can be + * overwritten + * @param {bool} userTriggered is an indication of whether this filling was triggered by + * the user + * @param {nsILoginInfo[]} foundLogins is an array of nsILoginInfo that could be used for the form + * @param {Set} recipes that could be used to affect how the form is filled + * @param {Object} [options = {}] is a list of options for this method. + - [inputElement] is an optional target input element we want to fill + */ + _fillForm(form, autofillForm, clobberUsername, clobberPassword, + userTriggered, foundLogins, recipes, {inputElement} = {}) { + if (form instanceof Ci.nsIDOMHTMLFormElement) { + throw new Error("_fillForm should only be called with FormLike objects"); + } + + log("_fillForm", form.elements); + let ignoreAutocomplete = true; + // Will be set to one of AUTOFILL_RESULT in the `try` block. + let autofillResult = -1; + const AUTOFILL_RESULT = { + FILLED: 0, + NO_PASSWORD_FIELD: 1, + PASSWORD_DISABLED_READONLY: 2, + NO_LOGINS_FIT: 3, + NO_SAVED_LOGINS: 4, + EXISTING_PASSWORD: 5, + EXISTING_USERNAME: 6, + MULTIPLE_LOGINS: 7, + NO_AUTOFILL_FORMS: 8, + AUTOCOMPLETE_OFF: 9, + INSECURE: 10, + }; + + try { + // Nothing to do if we have no matching logins available, + // and there isn't a need to show the insecure form warning. + if (foundLogins.length == 0 && + (InsecurePasswordUtils.isFormSecure(form) || + !LoginHelper.showInsecureFieldWarning)) { + // We don't log() here since this is a very common case. + autofillResult = AUTOFILL_RESULT.NO_SAVED_LOGINS; + return; + } + + // Heuristically determine what the user/pass fields are + // We do this before checking to see if logins are stored, + // so that the user isn't prompted for a master password + // without need. + var [usernameField, passwordField, ignored] = + this._getFormFields(form, false, recipes); + + // If we have a password inputElement parameter and it's not + // the same as the one heuristically found, use the parameter + // one instead. + if (inputElement) { + if (inputElement.type == "password") { + passwordField = inputElement; + if (!clobberUsername) { + usernameField = null; + } + } else if (LoginHelper.isUsernameFieldType(inputElement)) { + usernameField = inputElement; + } else { + throw new Error("Unexpected input element type."); + } + } + + // Need a valid password field to do anything. + if (passwordField == null) { + log("not filling form, no password field found"); + autofillResult = AUTOFILL_RESULT.NO_PASSWORD_FIELD; + return; + } + + // If the password field is disabled or read-only, there's nothing to do. + if (passwordField.disabled || passwordField.readOnly) { + log("not filling form, password field disabled or read-only"); + autofillResult = AUTOFILL_RESULT.PASSWORD_DISABLED_READONLY; + return; + } + + // Attach autocomplete stuff to the username field, if we have + // one. This is normally used to select from multiple accounts, + // but even with one account we should refill if the user edits. + // We would also need this attached to show the insecure login + // warning, regardless of saved login. + if (usernameField) { + this._formFillService.markAsLoginManagerField(usernameField); + } + + // Nothing to do if we have no matching logins available. + // Only insecure pages reach this block and logs the same + // telemetry flag. + if (foundLogins.length == 0) { + // We don't log() here since this is a very common case. + autofillResult = AUTOFILL_RESULT.NO_SAVED_LOGINS; + return; + } + + // Prevent autofilling insecure forms. + if (!userTriggered && !LoginHelper.insecureAutofill && + !InsecurePasswordUtils.isFormSecure(form)) { + log("not filling form since it's insecure"); + autofillResult = AUTOFILL_RESULT.INSECURE; + return; + } + + var isAutocompleteOff = false; + if (this._isAutocompleteDisabled(form) || + this._isAutocompleteDisabled(usernameField) || + this._isAutocompleteDisabled(passwordField)) { + isAutocompleteOff = true; + } + + // Discard logins which have username/password values that don't + // fit into the fields (as specified by the maxlength attribute). + // The user couldn't enter these values anyway, and it helps + // with sites that have an extra PIN to be entered (bug 391514) + var maxUsernameLen = Number.MAX_VALUE; + var maxPasswordLen = Number.MAX_VALUE; + + // If attribute wasn't set, default is -1. + if (usernameField && usernameField.maxLength >= 0) + maxUsernameLen = usernameField.maxLength; + if (passwordField.maxLength >= 0) + maxPasswordLen = passwordField.maxLength; + + var logins = foundLogins.filter(function (l) { + var fit = (l.username.length <= maxUsernameLen && + l.password.length <= maxPasswordLen); + if (!fit) + log("Ignored", l.username, "login: won't fit"); + + return fit; + }, this); + + if (logins.length == 0) { + log("form not filled, none of the logins fit in the field"); + autofillResult = AUTOFILL_RESULT.NO_LOGINS_FIT; + return; + } + + // Don't clobber an existing password. + if (passwordField.value && !clobberPassword) { + log("form not filled, the password field was already filled"); + autofillResult = AUTOFILL_RESULT.EXISTING_PASSWORD; + return; + } + + // Select a login to use for filling in the form. + var selectedLogin; + if (!clobberUsername && usernameField && (usernameField.value || + usernameField.disabled || + usernameField.readOnly)) { + // If username was specified in the field, it's disabled or it's readOnly, only fill in the + // password if we find a matching login. + var username = usernameField.value.toLowerCase(); + + let matchingLogins = logins.filter(l => + l.username.toLowerCase() == username); + if (matchingLogins.length == 0) { + log("Password not filled. None of the stored logins match the username already present."); + autofillResult = AUTOFILL_RESULT.EXISTING_USERNAME; + return; + } + + // If there are multiple, and one matches case, use it + for (let l of matchingLogins) { + if (l.username == usernameField.value) { + selectedLogin = l; + } + } + // Otherwise just use the first + if (!selectedLogin) { + selectedLogin = matchingLogins[0]; + } + } else if (logins.length == 1) { + selectedLogin = logins[0]; + } else { + // We have multiple logins. Handle a special case here, for sites + // which have a normal user+pass login *and* a password-only login + // (eg, a PIN). Prefer the login that matches the type of the form + // (user+pass or pass-only) when there's exactly one that matches. + let matchingLogins; + if (usernameField) + matchingLogins = logins.filter(l => l.username); + else + matchingLogins = logins.filter(l => !l.username); + + if (matchingLogins.length != 1) { + log("Multiple logins for form, so not filling any."); + autofillResult = AUTOFILL_RESULT.MULTIPLE_LOGINS; + return; + } + + selectedLogin = matchingLogins[0]; + } + + // We will always have a selectedLogin at this point. + + if (!autofillForm) { + log("autofillForms=false but form can be filled"); + autofillResult = AUTOFILL_RESULT.NO_AUTOFILL_FORMS; + return; + } + + if (isAutocompleteOff && !ignoreAutocomplete) { + log("Not filling the login because we're respecting autocomplete=off"); + autofillResult = AUTOFILL_RESULT.AUTOCOMPLETE_OFF; + return; + } + + // Fill the form + + if (usernameField) { + // Don't modify the username field if it's disabled or readOnly so we preserve its case. + let disabledOrReadOnly = usernameField.disabled || usernameField.readOnly; + + let userNameDiffers = selectedLogin.username != usernameField.value; + // Don't replace the username if it differs only in case, and the user triggered + // this autocomplete. We assume that if it was user-triggered the entered text + // is desired. + let userEnteredDifferentCase = userTriggered && userNameDiffers && + usernameField.value.toLowerCase() == selectedLogin.username.toLowerCase(); + + if (!disabledOrReadOnly && !userEnteredDifferentCase && userNameDiffers) { + usernameField.setUserInput(selectedLogin.username); + } + } + + let doc = form.ownerDocument; + if (passwordField.value != selectedLogin.password) { + passwordField.setUserInput(selectedLogin.password); + let autoFilledLogin = { + guid: selectedLogin.QueryInterface(Ci.nsILoginMetaInfo).guid, + username: selectedLogin.username, + usernameField: usernameField ? Cu.getWeakReference(usernameField) : null, + password: selectedLogin.password, + passwordField: Cu.getWeakReference(passwordField), + }; + log("Saving autoFilledLogin", autoFilledLogin.guid, "for", form.rootElement); + this.stateForDocument(doc).fillsByRootElement.set(form.rootElement, autoFilledLogin); + } + + log("_fillForm succeeded"); + autofillResult = AUTOFILL_RESULT.FILLED; + + let win = doc.defaultView; + let messageManager = messageManagerFromWindow(win); + messageManager.sendAsyncMessage("LoginStats:LoginFillSuccessful"); + } finally { + if (autofillResult == -1) { + // eslint-disable-next-line no-unsafe-finally + throw new Error("_fillForm: autofillResult must be specified"); + } + + if (!userTriggered) { + // Ignore fills as a result of user action for this probe. + Services.telemetry.getHistogramById("PWMGR_FORM_AUTOFILL_RESULT").add(autofillResult); + + if (usernameField) { + let focusedElement = this._formFillService.focusedInput; + if (usernameField == focusedElement && + autofillResult !== AUTOFILL_RESULT.FILLED) { + log("_fillForm: Opening username autocomplete popup since the form wasn't autofilled"); + this._formFillService.showPopup(); + } + } + } + + if (usernameField) { + log("_fillForm: Attaching event listeners to usernameField"); + usernameField.addEventListener("focus", observer); + usernameField.addEventListener("contextmenu", observer); + } + + Services.obs.notifyObservers(form.rootElement, "passwordmgr-processed-form", null); + } + }, + + /** + * Given a field, determine whether that field was last filled as a username + * field AND whether the username is still filled in with the username AND + * whether the associated password field has the matching password. + * + * @note This could possibly be unified with getFieldContext but they have + * slightly different use cases. getFieldContext looks up recipes whereas this + * method doesn't need to since it's only returning a boolean based upon the + * recipes used for the last fill (in _fillForm). + * + * @param {HTMLInputElement} aUsernameField element contained in a FormLike + * cached in _formLikeByRootElement. + * @returns {Boolean} whether the username and password fields still have the + * last-filled values, if previously filled. + */ + _isLoginAlreadyFilled(aUsernameField) { + let formLikeRoot = FormLikeFactory.findRootForField(aUsernameField); + // Look for the existing FormLike. + let existingFormLike = this._formLikeByRootElement.get(formLikeRoot); + if (!existingFormLike) { + throw new Error("_isLoginAlreadyFilled called with a username field with " + + "no rootElement FormLike"); + } + + log("_isLoginAlreadyFilled: existingFormLike", existingFormLike); + let filledLogin = this.stateForDocument(aUsernameField.ownerDocument).fillsByRootElement.get(formLikeRoot); + if (!filledLogin) { + return false; + } + + // Unpack the weak references. + let autoFilledUsernameField = filledLogin.usernameField ? filledLogin.usernameField.get() : null; + let autoFilledPasswordField = filledLogin.passwordField.get(); + + // Check username and password values match what was filled. + if (!autoFilledUsernameField || + autoFilledUsernameField != aUsernameField || + autoFilledUsernameField.value != filledLogin.username || + !autoFilledPasswordField || + autoFilledPasswordField.value != filledLogin.password) { + return false; + } + + return true; + }, + + /** + * Verify if a field is a valid login form field and + * returns some information about it's FormLike. + * + * @param {Element} aField + * A form field we want to verify. + * + * @returns {Object} an object with information about the + * FormLike username and password field + * or null if the passed field is invalid. + */ + getFieldContext(aField) { + // If the element is not a proper form field, return null. + if (!(aField instanceof Ci.nsIDOMHTMLInputElement) || + (aField.type != "password" && !LoginHelper.isUsernameFieldType(aField)) || + !aField.ownerDocument) { + return null; + } + let form = LoginFormFactory.createFromField(aField); + + let doc = aField.ownerDocument; + let messageManager = messageManagerFromWindow(doc.defaultView); + let recipes = messageManager.sendSyncMessage("RemoteLogins:findRecipes", { + formOrigin: LoginUtils._getPasswordOrigin(doc.documentURI), + })[0]; + + let [usernameField, newPasswordField] = + this._getFormFields(form, false, recipes); + + // If we are not verifying a password field, we want + // to use aField as the username field. + if (aField.type != "password") { + usernameField = aField; + } + + return { + usernameField: { + found: !!usernameField, + disabled: usernameField && (usernameField.disabled || usernameField.readOnly), + }, + passwordField: { + found: !!newPasswordField, + disabled: newPasswordField && (newPasswordField.disabled || newPasswordField.readOnly), + }, + }; + }, +}; + +var LoginUtils = { + /** + * Get the parts of the URL we want for identification. + * Strip out things like the userPass portion + */ + _getPasswordOrigin(uriString, allowJS) { + var realm = ""; + try { + var uri = Services.io.newURI(uriString, null, null); + + if (allowJS && uri.scheme == "javascript") + return "javascript:"; + + // Build this manually instead of using prePath to avoid including the userPass portion. + realm = uri.scheme + "://" + uri.hostPort; + } catch (e) { + // bug 159484 - disallow url types that don't support a hostPort. + // (although we handle "javascript:..." as a special case above.) + log("Couldn't parse origin for", uriString, e); + realm = null; + } + + return realm; + }, + + _getActionOrigin(form) { + var uriString = form.action; + + // A blank or missing action submits to where it came from. + if (uriString == "") + uriString = form.baseURI; // ala bug 297761 + + return this._getPasswordOrigin(uriString, true); + }, +}; + +// nsIAutoCompleteResult implementation +function UserAutoCompleteResult(aSearchString, matchingLogins, {isSecure, messageManager, isPasswordField}) { + function loginSort(a, b) { + var userA = a.username.toLowerCase(); + var userB = b.username.toLowerCase(); + + if (userA < userB) + return -1; + + if (userA > userB) + return 1; + + return 0; + } + + function findDuplicates(loginList) { + let seen = new Set(); + let duplicates = new Set(); + for (let login of loginList) { + if (seen.has(login.username)) { + duplicates.add(login.username); + } + seen.add(login.username); + } + return duplicates; + } + + this._showInsecureFieldWarning = (!isSecure && LoginHelper.showInsecureFieldWarning) ? 1 : 0; + this.searchString = aSearchString; + this.logins = matchingLogins.sort(loginSort); + this.matchCount = matchingLogins.length + this._showInsecureFieldWarning; + this._messageManager = messageManager; + this._stringBundle = Services.strings.createBundle("chrome://passwordmgr/locale/passwordmgr.properties"); + this._dateAndTimeFormatter = new Intl.DateTimeFormat(undefined, + { day: "numeric", month: "short", year: "numeric" }); + + this._isPasswordField = isPasswordField; + + this._duplicateUsernames = findDuplicates(matchingLogins); + + if (this.matchCount > 0) { + this.searchResult = Ci.nsIAutoCompleteResult.RESULT_SUCCESS; + this.defaultIndex = 0; + } +} + +UserAutoCompleteResult.prototype = { + QueryInterface : XPCOMUtils.generateQI([Ci.nsIAutoCompleteResult, + Ci.nsISupportsWeakReference]), + + // private + logins : null, + + // Allow autoCompleteSearch to get at the JS object so it can + // modify some readonly properties for internal use. + get wrappedJSObject() { + return this; + }, + + // Interfaces from idl... + searchString : null, + searchResult : Ci.nsIAutoCompleteResult.RESULT_NOMATCH, + defaultIndex : -1, + errorDescription : "", + matchCount : 0, + + getValueAt(index) { + if (index < 0 || index >= this.matchCount) { + throw new Error("Index out of range."); + } + + if (this._showInsecureFieldWarning && index === 0) { + return ""; + } + + let selectedLogin = this.logins[index - this._showInsecureFieldWarning]; + + return this._isPasswordField ? selectedLogin.password : selectedLogin.username; + }, + + getLabelAt(index) { + if (index < 0 || index >= this.matchCount) { + throw new Error("Index out of range."); + } + + if (this._showInsecureFieldWarning && index === 0) { + return this._stringBundle.GetStringFromName("insecureFieldWarningDescription") + " " + + this._stringBundle.GetStringFromName("insecureFieldWarningLearnMore"); + } + + let that = this; + + function getLocalizedString(key, formatArgs) { + if (formatArgs) { + return that._stringBundle.formatStringFromName(key, formatArgs, formatArgs.length); + } + return that._stringBundle.GetStringFromName(key); + } + + let login = this.logins[index - this._showInsecureFieldWarning]; + let username = login.username; + // If login is empty or duplicated we want to append a modification date to it. + if (!username || this._duplicateUsernames.has(username)) { + if (!username) { + username = getLocalizedString("noUsername"); + } + let meta = login.QueryInterface(Ci.nsILoginMetaInfo); + let time = this._dateAndTimeFormatter.format(new Date(meta.timePasswordChanged)); + username = getLocalizedString("loginHostAge", [username, time]); + } + + return username; + }, + + getCommentAt(index) { + return ""; + }, + + getStyleAt(index) { + if (index == 0 && this._showInsecureFieldWarning) { + return "insecureWarning"; + } + + return "login"; + }, + + getImageAt(index) { + return ""; + }, + + getFinalCompleteValueAt(index) { + return this.getValueAt(index); + }, + + removeValueAt(index, removeFromDB) { + if (index < 0 || index >= this.matchCount) { + throw new Error("Index out of range."); + } + + if (this._showInsecureFieldWarning && index === 0) { + // Ignore the warning message item. + return; + } + if (this._showInsecureFieldWarning) { + index--; + } + + var [removedLogin] = this.logins.splice(index, 1); + + this.matchCount--; + if (this.defaultIndex > this.logins.length) + this.defaultIndex--; + + if (removeFromDB) { + if (this._messageManager) { + let vanilla = LoginHelper.loginToVanillaObject(removedLogin); + this._messageManager.sendAsyncMessage("RemoteLogins:removeLogin", + { login: vanilla }); + } else { + Services.logins.removeLogin(removedLogin); + } + } + } +}; + +/** + * A factory to generate FormLike objects that represent a set of login fields + * which aren't necessarily marked up with a element. + */ +var LoginFormFactory = { + /** + * Create a LoginForm object from a . + * + * @param {HTMLFormElement} aForm + * @return {LoginForm} + * @throws Error if aForm isn't an HTMLFormElement + */ + createFromForm(aForm) { + let formLike = FormLikeFactory.createFromForm(aForm); + formLike.action = LoginUtils._getActionOrigin(aForm); + + let state = LoginManagerContent.stateForDocument(formLike.ownerDocument); + state.loginFormRootElements.add(formLike.rootElement); + log("adding", formLike.rootElement, "to loginFormRootElements for", formLike.ownerDocument); + + LoginManagerContent._formLikeByRootElement.set(formLike.rootElement, formLike); + return formLike; + }, + + /** + * Create a LoginForm object from a password or username field. + * + * If the field is in a , construct the LoginForm from the form. + * Otherwise, create a LoginForm with a rootElement (wrapper) according to + * heuristics. Currently all not in a are one LoginForm but this + * shouldn't be relied upon as the heuristics may change to detect multiple + * "forms" (e.g. registration and login) on one page with a . + * + * Note that two LoginForms created from the same field won't return the same LoginForm object. + * Use the `rootElement` property on the LoginForm as a key instead. + * + * @param {HTMLInputElement} aField - a password or username field in a document + * @return {LoginForm} + * @throws Error if aField isn't a password or username field in a document + */ + createFromField(aField) { + if (!(aField instanceof Ci.nsIDOMHTMLInputElement) || + (aField.type != "password" && !LoginHelper.isUsernameFieldType(aField)) || + !aField.ownerDocument) { + throw new Error("createFromField requires a password or username field in a document"); + } + + if (aField.form) { + return this.createFromForm(aField.form); + } + + let formLike = FormLikeFactory.createFromField(aField); + formLike.action = LoginUtils._getPasswordOrigin(aField.ownerDocument.baseURI); + log("Created non-form FormLike for rootElement:", aField.ownerDocument.documentElement); + + let state = LoginManagerContent.stateForDocument(formLike.ownerDocument); + state.loginFormRootElements.add(formLike.rootElement); + log("adding", formLike.rootElement, "to loginFormRootElements for", formLike.ownerDocument); + + + LoginManagerContent._formLikeByRootElement.set(formLike.rootElement, formLike); + + return formLike; + }, +}; diff --git a/toolkit/components/passwordmgr/LoginManagerContextMenu.jsm b/toolkit/components/passwordmgr/LoginManagerContextMenu.jsm new file mode 100644 index 000000000..5c88687bf --- /dev/null +++ b/toolkit/components/passwordmgr/LoginManagerContextMenu.jsm @@ -0,0 +1,199 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +this.EXPORTED_SYMBOLS = ["LoginManagerContextMenu"]; + +const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components; +Cu.import("resource://gre/modules/XPCOMUtils.jsm"); +Cu.import("resource://gre/modules/Services.jsm"); + +XPCOMUtils.defineLazyModuleGetter(this, "LoginHelper", + "resource://gre/modules/LoginHelper.jsm"); +XPCOMUtils.defineLazyModuleGetter(this, "LoginManagerParent", + "resource://gre/modules/LoginManagerParent.jsm"); + +/* + * Password manager object for the browser contextual menu. + */ +var LoginManagerContextMenu = { + /** + * Look for login items and add them to the contextual menu. + * + * @param {HTMLInputElement} inputElement + * The target input element of the context menu click. + * @param {xul:browser} browser + * The browser for the document the context menu was open on. + * @param {nsIURI} documentURI + * The URI of the document that the context menu was activated from. + * This isn't the same as the browser's top-level document URI + * when subframes are involved. + * @returns {DocumentFragment} a document fragment with all the login items. + */ + addLoginsToMenu(inputElement, browser, documentURI) { + let foundLogins = this._findLogins(documentURI); + + if (!foundLogins.length) { + return null; + } + + let fragment = browser.ownerDocument.createDocumentFragment(); + let duplicateUsernames = this._findDuplicates(foundLogins); + for (let login of foundLogins) { + let item = fragment.ownerDocument.createElement("menuitem"); + + let username = login.username; + // If login is empty or duplicated we want to append a modification date to it. + if (!username || duplicateUsernames.has(username)) { + if (!username) { + username = this._getLocalizedString("noUsername"); + } + let meta = login.QueryInterface(Ci.nsILoginMetaInfo); + let time = this.dateAndTimeFormatter.format(new Date(meta.timePasswordChanged)); + username = this._getLocalizedString("loginHostAge", [username, time]); + } + item.setAttribute("label", username); + item.setAttribute("class", "context-login-item"); + + // login is bound so we can keep the reference to each object. + item.addEventListener("command", function(login, event) { + this._fillTargetField(login, inputElement, browser, documentURI); + }.bind(this, login)); + + fragment.appendChild(item); + } + + return fragment; + }, + + /** + * Undoes the work of addLoginsToMenu for the same menu. + * + * @param {Document} + * The context menu owner document. + */ + clearLoginsFromMenu(document) { + let loginItems = document.getElementsByClassName("context-login-item"); + while (loginItems.item(0)) { + loginItems.item(0).remove(); + } + }, + + /** + * Find logins for the current URI. + * + * @param {nsIURI} documentURI + * URI object with the hostname of the logins we want to find. + * This isn't the same as the browser's top-level document URI + * when subframes are involved. + * + * @returns {nsILoginInfo[]} a login list + */ + _findLogins(documentURI) { + let searchParams = { + hostname: documentURI.prePath, + schemeUpgrades: LoginHelper.schemeUpgrades, + }; + let logins = LoginHelper.searchLoginsWithObject(searchParams); + let resolveBy = [ + "scheme", + "timePasswordChanged", + ]; + logins = LoginHelper.dedupeLogins(logins, ["username", "password"], resolveBy, documentURI.prePath); + + // Sort logins in alphabetical order and by date. + logins.sort((loginA, loginB) => { + // Sort alphabetically + let result = loginA.username.localeCompare(loginB.username); + if (result) { + // Forces empty logins to be at the end + if (!loginA.username) { + return 1; + } + if (!loginB.username) { + return -1; + } + return result; + } + + // Same username logins are sorted by last change date + let metaA = loginA.QueryInterface(Ci.nsILoginMetaInfo); + let metaB = loginB.QueryInterface(Ci.nsILoginMetaInfo); + return metaB.timePasswordChanged - metaA.timePasswordChanged; + }); + + return logins; + }, + + /** + * Find duplicate usernames in a login list. + * + * @param {nsILoginInfo[]} loginList + * A list of logins we want to look for duplicate usernames. + * + * @returns {Set} a set with the duplicate usernames. + */ + _findDuplicates(loginList) { + let seen = new Set(); + let duplicates = new Set(); + for (let login of loginList) { + if (seen.has(login.username)) { + duplicates.add(login.username); + } + seen.add(login.username); + } + return duplicates; + }, + + /** + * @param {nsILoginInfo} login + * The login we want to fill the form with. + * @param {Element} inputElement + * The target input element we want to fill. + * @param {xul:browser} browser + * The target tab browser. + * @param {nsIURI} documentURI + * URI of the document owning the form we want to fill. + * This isn't the same as the browser's top-level + * document URI when subframes are involved. + */ + _fillTargetField(login, inputElement, browser, documentURI) { + LoginManagerParent.fillForm({ + browser: browser, + loginFormOrigin: documentURI.prePath, + login: login, + inputElement: inputElement, + }).catch(Cu.reportError); + }, + + /** + * @param {string} key + * The localized string key + * @param {string[]} formatArgs + * An array of formatting argument string + * + * @returns {string} the localized string for the specified key, + * formatted with arguments if required. + */ + _getLocalizedString(key, formatArgs) { + if (formatArgs) { + return this._stringBundle.formatStringFromName(key, formatArgs, formatArgs.length); + } + return this._stringBundle.GetStringFromName(key); + }, +}; + +XPCOMUtils.defineLazyGetter(LoginManagerContextMenu, "_stringBundle", function() { + return Services.strings. + createBundle("chrome://passwordmgr/locale/passwordmgr.properties"); +}); + +XPCOMUtils.defineLazyGetter(LoginManagerContextMenu, "dateAndTimeFormatter", function() { + return new Intl.DateTimeFormat(undefined, { + day: "numeric", + month: "short", + year: "numeric", + }); +}); diff --git a/toolkit/components/passwordmgr/LoginManagerParent.jsm b/toolkit/components/passwordmgr/LoginManagerParent.jsm new file mode 100644 index 000000000..e472fb61c --- /dev/null +++ b/toolkit/components/passwordmgr/LoginManagerParent.jsm @@ -0,0 +1,511 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +const { classes: Cc, interfaces: Ci, results: Cr, utils: Cu } = Components; + +Cu.importGlobalProperties(["URL"]); +Cu.import("resource://gre/modules/XPCOMUtils.jsm"); +Cu.import("resource://gre/modules/Services.jsm"); +Cu.import("resource://gre/modules/Task.jsm"); + +XPCOMUtils.defineLazyModuleGetter(this, "UserAutoCompleteResult", + "resource://gre/modules/LoginManagerContent.jsm"); +XPCOMUtils.defineLazyModuleGetter(this, "AutoCompletePopup", + "resource://gre/modules/AutoCompletePopup.jsm"); +XPCOMUtils.defineLazyModuleGetter(this, "DeferredTask", + "resource://gre/modules/DeferredTask.jsm"); +XPCOMUtils.defineLazyModuleGetter(this, "LoginHelper", + "resource://gre/modules/LoginHelper.jsm"); + +XPCOMUtils.defineLazyGetter(this, "log", () => { + let logger = LoginHelper.createLogger("LoginManagerParent"); + return logger.log.bind(logger); +}); + +this.EXPORTED_SYMBOLS = [ "LoginManagerParent" ]; + +var LoginManagerParent = { + /** + * Reference to the default LoginRecipesParent (instead of the initialization promise) for + * synchronous access. This is a temporary hack and new consumers should yield on + * recipeParentPromise instead. + * + * @type LoginRecipesParent + * @deprecated + */ + _recipeManager: null, + + // Tracks the last time the user cancelled the master password prompt, + // to avoid spamming master password prompts on autocomplete searches. + _lastMPLoginCancelled: Math.NEGATIVE_INFINITY, + + _searchAndDedupeLogins: function (formOrigin, actionOrigin) { + let logins; + try { + logins = LoginHelper.searchLoginsWithObject({ + hostname: formOrigin, + formSubmitURL: actionOrigin, + schemeUpgrades: LoginHelper.schemeUpgrades, + }); + } catch (e) { + // Record the last time the user cancelled the MP prompt + // to avoid spamming them with MP prompts for autocomplete. + if (e.result == Cr.NS_ERROR_ABORT) { + log("User cancelled master password prompt."); + this._lastMPLoginCancelled = Date.now(); + return []; + } + throw e; + } + + // Dedupe so the length checks below still make sense with scheme upgrades. + let resolveBy = [ + "scheme", + "timePasswordChanged", + ]; + return LoginHelper.dedupeLogins(logins, ["username"], resolveBy, formOrigin); + }, + + init: function() { + let mm = Cc["@mozilla.org/globalmessagemanager;1"] + .getService(Ci.nsIMessageListenerManager); + mm.addMessageListener("RemoteLogins:findLogins", this); + mm.addMessageListener("RemoteLogins:findRecipes", this); + mm.addMessageListener("RemoteLogins:onFormSubmit", this); + mm.addMessageListener("RemoteLogins:autoCompleteLogins", this); + mm.addMessageListener("RemoteLogins:removeLogin", this); + mm.addMessageListener("RemoteLogins:insecureLoginFormPresent", this); + + XPCOMUtils.defineLazyGetter(this, "recipeParentPromise", () => { + const { LoginRecipesParent } = Cu.import("resource://gre/modules/LoginRecipes.jsm", {}); + this._recipeManager = new LoginRecipesParent({ + defaults: Services.prefs.getComplexValue("signon.recipes.path", Ci.nsISupportsString).data, + }); + return this._recipeManager.initializationPromise; + }); + }, + + receiveMessage: function (msg) { + let data = msg.data; + switch (msg.name) { + case "RemoteLogins:findLogins": { + // TODO Verify msg.target's principals against the formOrigin? + this.sendLoginDataToChild(data.options.showMasterPassword, + data.formOrigin, + data.actionOrigin, + data.requestId, + msg.target.messageManager); + break; + } + + case "RemoteLogins:findRecipes": { + let formHost = (new URL(data.formOrigin)).host; + return this._recipeManager.getRecipesForHost(formHost); + } + + case "RemoteLogins:onFormSubmit": { + // TODO Verify msg.target's principals against the formOrigin? + this.onFormSubmit(data.hostname, + data.formSubmitURL, + data.usernameField, + data.newPasswordField, + data.oldPasswordField, + msg.objects.openerTopWindow, + msg.target); + break; + } + + case "RemoteLogins:insecureLoginFormPresent": { + this.setHasInsecureLoginForms(msg.target, data.hasInsecureLoginForms); + break; + } + + case "RemoteLogins:autoCompleteLogins": { + this.doAutocompleteSearch(data, msg.target); + break; + } + + case "RemoteLogins:removeLogin": { + let login = LoginHelper.vanillaObjectToLogin(data.login); + AutoCompletePopup.removeLogin(login); + break; + } + } + + return undefined; + }, + + /** + * Trigger a login form fill and send relevant data (e.g. logins and recipes) + * to the child process (LoginManagerContent). + */ + fillForm: Task.async(function* ({ browser, loginFormOrigin, login, inputElement }) { + let recipes = []; + if (loginFormOrigin) { + let formHost; + try { + formHost = (new URL(loginFormOrigin)).host; + let recipeManager = yield this.recipeParentPromise; + recipes = recipeManager.getRecipesForHost(formHost); + } catch (ex) { + // Some schemes e.g. chrome aren't supported by URL + } + } + + // Convert the array of nsILoginInfo to vanilla JS objects since nsILoginInfo + // doesn't support structured cloning. + let jsLogins = [LoginHelper.loginToVanillaObject(login)]; + + let objects = inputElement ? {inputElement} : null; + browser.messageManager.sendAsyncMessage("RemoteLogins:fillForm", { + loginFormOrigin, + logins: jsLogins, + recipes, + }, objects); + }), + + /** + * Send relevant data (e.g. logins and recipes) to the child process (LoginManagerContent). + */ + sendLoginDataToChild: Task.async(function*(showMasterPassword, formOrigin, actionOrigin, + requestId, target) { + let recipes = []; + if (formOrigin) { + let formHost; + try { + formHost = (new URL(formOrigin)).host; + let recipeManager = yield this.recipeParentPromise; + recipes = recipeManager.getRecipesForHost(formHost); + } catch (ex) { + // Some schemes e.g. chrome aren't supported by URL + } + } + + if (!showMasterPassword && !Services.logins.isLoggedIn) { + try { + target.sendAsyncMessage("RemoteLogins:loginsFound", { + requestId: requestId, + logins: [], + recipes, + }); + } catch (e) { + log("error sending message to target", e); + } + return; + } + + // If we're currently displaying a master password prompt, defer + // processing this form until the user handles the prompt. + if (Services.logins.uiBusy) { + log("deferring sendLoginDataToChild for", formOrigin); + let self = this; + let observer = { + QueryInterface: XPCOMUtils.generateQI([Ci.nsIObserver, + Ci.nsISupportsWeakReference]), + + observe: function (subject, topic, data) { + log("Got deferred sendLoginDataToChild notification:", topic); + // Only run observer once. + Services.obs.removeObserver(this, "passwordmgr-crypto-login"); + Services.obs.removeObserver(this, "passwordmgr-crypto-loginCanceled"); + if (topic == "passwordmgr-crypto-loginCanceled") { + target.sendAsyncMessage("RemoteLogins:loginsFound", { + requestId: requestId, + logins: [], + recipes, + }); + return; + } + + self.sendLoginDataToChild(showMasterPassword, formOrigin, actionOrigin, + requestId, target); + }, + }; + + // Possible leak: it's possible that neither of these notifications + // will fire, and if that happens, we'll leak the observer (and + // never return). We should guarantee that at least one of these + // will fire. + // See bug XXX. + Services.obs.addObserver(observer, "passwordmgr-crypto-login", false); + Services.obs.addObserver(observer, "passwordmgr-crypto-loginCanceled", false); + return; + } + + let logins = this._searchAndDedupeLogins(formOrigin, actionOrigin); + + log("sendLoginDataToChild:", logins.length, "deduped logins"); + // Convert the array of nsILoginInfo to vanilla JS objects since nsILoginInfo + // doesn't support structured cloning. + var jsLogins = LoginHelper.loginsToVanillaObjects(logins); + target.sendAsyncMessage("RemoteLogins:loginsFound", { + requestId: requestId, + logins: jsLogins, + recipes, + }); + }), + + doAutocompleteSearch: function({ formOrigin, actionOrigin, + searchString, previousResult, + rect, requestId, isSecure, isPasswordField, + remote }, target) { + // Note: previousResult is a regular object, not an + // nsIAutoCompleteResult. + + // Cancel if we unsuccessfully prompted for the master password too recently. + if (!Services.logins.isLoggedIn) { + let timeDiff = Date.now() - this._lastMPLoginCancelled; + if (timeDiff < this._repromptTimeout) { + log("Not searching logins for autocomplete since the master password " + + `prompt was last cancelled ${Math.round(timeDiff / 1000)} seconds ago.`); + // Send an empty array to make LoginManagerContent clear the + // outstanding request it has temporarily saved. + target.messageManager.sendAsyncMessage("RemoteLogins:loginsAutoCompleted", { + requestId, + logins: [], + }); + return; + } + } + + let searchStringLower = searchString.toLowerCase(); + let logins; + if (previousResult && + searchStringLower.startsWith(previousResult.searchString.toLowerCase())) { + log("Using previous autocomplete result"); + + // We have a list of results for a shorter search string, so just + // filter them further based on the new search string. + logins = LoginHelper.vanillaObjectsToLogins(previousResult.logins); + } else { + log("Creating new autocomplete search result."); + + logins = this._searchAndDedupeLogins(formOrigin, actionOrigin); + } + + let matchingLogins = logins.filter(function(fullMatch) { + let match = fullMatch.username; + + // Remove results that are too short, or have different prefix. + // Also don't offer empty usernames as possible results except + // for password field. + if (isPasswordField) { + return true; + } + return match && match.toLowerCase().startsWith(searchStringLower); + }); + + // XXX In the E10S case, we're responsible for showing our own + // autocomplete popup here because the autocomplete protocol hasn't + // been e10s-ized yet. In the non-e10s case, our caller is responsible + // for showing the autocomplete popup (via the regular + // nsAutoCompleteController). + if (remote) { + let results = new UserAutoCompleteResult(searchString, matchingLogins, {isSecure}); + AutoCompletePopup.showPopupWithResults({ browser: target.ownerDocument.defaultView, rect, results }); + } + + // Convert the array of nsILoginInfo to vanilla JS objects since nsILoginInfo + // doesn't support structured cloning. + var jsLogins = LoginHelper.loginsToVanillaObjects(matchingLogins); + target.messageManager.sendAsyncMessage("RemoteLogins:loginsAutoCompleted", { + requestId: requestId, + logins: jsLogins, + }); + }, + + onFormSubmit: function(hostname, formSubmitURL, + usernameField, newPasswordField, + oldPasswordField, openerTopWindow, + target) { + function getPrompter() { + var prompterSvc = Cc["@mozilla.org/login-manager/prompter;1"]. + createInstance(Ci.nsILoginManagerPrompter); + prompterSvc.init(target.ownerDocument.defaultView); + prompterSvc.browser = target; + prompterSvc.opener = openerTopWindow; + return prompterSvc; + } + + function recordLoginUse(login) { + // Update the lastUsed timestamp and increment the use count. + let propBag = Cc["@mozilla.org/hash-property-bag;1"]. + createInstance(Ci.nsIWritablePropertyBag); + propBag.setProperty("timeLastUsed", Date.now()); + propBag.setProperty("timesUsedIncrement", 1); + Services.logins.modifyLogin(login, propBag); + } + + if (!Services.logins.getLoginSavingEnabled(hostname)) { + log("(form submission ignored -- saving is disabled for:", hostname, ")"); + return; + } + + var formLogin = Cc["@mozilla.org/login-manager/loginInfo;1"]. + createInstance(Ci.nsILoginInfo); + formLogin.init(hostname, formSubmitURL, null, + (usernameField ? usernameField.value : ""), + newPasswordField.value, + (usernameField ? usernameField.name : ""), + newPasswordField.name); + + // Below here we have one login per hostPort + action + username with the + // matching scheme being preferred. + let logins = this._searchAndDedupeLogins(hostname, formSubmitURL); + + // If we didn't find a username field, but seem to be changing a + // password, allow the user to select from a list of applicable + // logins to update the password for. + if (!usernameField && oldPasswordField && logins.length > 0) { + var prompter = getPrompter(); + + if (logins.length == 1) { + var oldLogin = logins[0]; + + if (oldLogin.password == formLogin.password) { + recordLoginUse(oldLogin); + log("(Not prompting to save/change since we have no username and the " + + "only saved password matches the new password)"); + return; + } + + formLogin.username = oldLogin.username; + formLogin.usernameField = oldLogin.usernameField; + + prompter.promptToChangePassword(oldLogin, formLogin); + } else { + // Note: It's possible that that we already have the correct u+p saved + // but since we don't have the username, we don't know if the user is + // changing a second account to the new password so we ask anyways. + + prompter.promptToChangePasswordWithUsernames( + logins, logins.length, formLogin); + } + + return; + } + + + var existingLogin = null; + // Look for an existing login that matches the form login. + for (let login of logins) { + let same; + + // If one login has a username but the other doesn't, ignore + // the username when comparing and only match if they have the + // same password. Otherwise, compare the logins and match even + // if the passwords differ. + if (!login.username && formLogin.username) { + var restoreMe = formLogin.username; + formLogin.username = ""; + same = LoginHelper.doLoginsMatch(formLogin, login, { + ignorePassword: false, + ignoreSchemes: LoginHelper.schemeUpgrades, + }); + formLogin.username = restoreMe; + } else if (!formLogin.username && login.username) { + formLogin.username = login.username; + same = LoginHelper.doLoginsMatch(formLogin, login, { + ignorePassword: false, + ignoreSchemes: LoginHelper.schemeUpgrades, + }); + formLogin.username = ""; // we know it's always blank. + } else { + same = LoginHelper.doLoginsMatch(formLogin, login, { + ignorePassword: true, + ignoreSchemes: LoginHelper.schemeUpgrades, + }); + } + + if (same) { + existingLogin = login; + break; + } + } + + if (existingLogin) { + log("Found an existing login matching this form submission"); + + // Change password if needed. + if (existingLogin.password != formLogin.password) { + log("...passwords differ, prompting to change."); + prompter = getPrompter(); + prompter.promptToChangePassword(existingLogin, formLogin); + } else if (!existingLogin.username && formLogin.username) { + log("...empty username update, prompting to change."); + prompter = getPrompter(); + prompter.promptToChangePassword(existingLogin, formLogin); + } else { + recordLoginUse(existingLogin); + } + + return; + } + + + // Prompt user to save login (via dialog or notification bar) + prompter = getPrompter(); + prompter.promptToSavePassword(formLogin); + }, + + /** + * Maps all the elements for tabs in the parent process to the + * current state used to display tab-specific UI. + * + * This mapping is not updated in case a web page is moved to a different + * chrome window by the swapDocShells method. In this case, it is possible + * that a UI update just requested for the login fill doorhanger and then + * delayed by a few hundred milliseconds will be lost. Later requests would + * use the new browser reference instead. + * + * Given that the case above is rare, and it would not cause any origin + * mismatch at the time of filling because the origin is checked later in the + * content process, this case is left unhandled. + */ + loginFormStateByBrowser: new WeakMap(), + + /** + * Retrieves a reference to the state object associated with the given + * browser. This is initialized to an empty object. + */ + stateForBrowser(browser) { + let loginFormState = this.loginFormStateByBrowser.get(browser); + if (!loginFormState) { + loginFormState = {}; + this.loginFormStateByBrowser.set(browser, loginFormState); + } + return loginFormState; + }, + + /** + * Returns true if the page currently loaded in the given browser element has + * insecure login forms. This state may be updated asynchronously, in which + * case a custom event named InsecureLoginFormsStateChange will be dispatched + * on the browser element. + */ + hasInsecureLoginForms(browser) { + return !!this.stateForBrowser(browser).hasInsecureLoginForms; + }, + + /** + * Called to indicate whether an insecure password field is present so + * insecure password UI can know when to show. + */ + setHasInsecureLoginForms(browser, hasInsecureLoginForms) { + let state = this.stateForBrowser(browser); + + // Update the data to use to the latest known values. Since messages are + // processed in order, this will always be the latest version to use. + state.hasInsecureLoginForms = hasInsecureLoginForms; + + // Report the insecure login form state immediately. + browser.dispatchEvent(new browser.ownerDocument.defaultView + .CustomEvent("InsecureLoginFormsStateChange")); + }, +}; + +XPCOMUtils.defineLazyPreferenceGetter(LoginManagerParent, "_repromptTimeout", + "signon.masterPasswordReprompt.timeout_ms", 900000); // 15 Minutes diff --git a/toolkit/components/passwordmgr/LoginRecipes.jsm b/toolkit/components/passwordmgr/LoginRecipes.jsm new file mode 100644 index 000000000..4a8124bbc --- /dev/null +++ b/toolkit/components/passwordmgr/LoginRecipes.jsm @@ -0,0 +1,260 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +this.EXPORTED_SYMBOLS = ["LoginRecipesContent", "LoginRecipesParent"]; + +const { classes: Cc, interfaces: Ci, results: Cr, utils: Cu } = Components; +const REQUIRED_KEYS = ["hosts"]; +const OPTIONAL_KEYS = ["description", "notUsernameSelector", "passwordSelector", "pathRegex", "usernameSelector"]; +const SUPPORTED_KEYS = REQUIRED_KEYS.concat(OPTIONAL_KEYS); + +Cu.importGlobalProperties(["URL"]); + +Cu.import("resource://gre/modules/NetUtil.jsm"); +Cu.import("resource://gre/modules/Services.jsm"); +Cu.import("resource://gre/modules/XPCOMUtils.jsm"); + +XPCOMUtils.defineLazyModuleGetter(this, "LoginHelper", + "resource://gre/modules/LoginHelper.jsm"); + +XPCOMUtils.defineLazyGetter(this, "log", () => LoginHelper.createLogger("LoginRecipes")); + +/** + * Create an instance of the object to manage recipes in the parent process. + * Consumers should wait until {@link initializationPromise} resolves before + * calling methods on the object. + * + * @constructor + * @param {String} [aOptions.defaults=null] the URI to load the recipes from. + * If it's null, nothing is loaded. + * +*/ +function LoginRecipesParent(aOptions = { defaults: null }) { + if (Services.appinfo.processType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT) { + throw new Error("LoginRecipesParent should only be used from the main process"); + } + this._defaults = aOptions.defaults; + this.reset(); +} + +LoginRecipesParent.prototype = { + /** + * Promise resolved with an instance of itself when the module is ready. + * + * @type {Promise} + */ + initializationPromise: null, + + /** + * @type {bool} Whether default recipes were loaded at construction time. + */ + _defaults: null, + + /** + * @type {Map} Map of hosts (including non-default port numbers) to Sets of recipes. + * e.g. "example.com:8080" => Set({...}) + */ + _recipesByHost: null, + + /** + * @param {Object} aRecipes an object containing recipes to load for use. The object + * should be compatible with JSON (e.g. no RegExp). + * @return {Promise} resolving when the recipes are loaded + */ + load(aRecipes) { + let recipeErrors = 0; + for (let rawRecipe of aRecipes.siteRecipes) { + try { + rawRecipe.pathRegex = rawRecipe.pathRegex ? new RegExp(rawRecipe.pathRegex) : undefined; + this.add(rawRecipe); + } catch (ex) { + recipeErrors++; + log.error("Error loading recipe", rawRecipe, ex); + } + } + + if (recipeErrors) { + return Promise.reject(`There were ${recipeErrors} recipe error(s)`); + } + + return Promise.resolve(); + }, + + /** + * Reset the set of recipes to the ones from the time of construction. + */ + reset() { + log.debug("Resetting recipes with defaults:", this._defaults); + this._recipesByHost = new Map(); + + if (this._defaults) { + let channel = NetUtil.newChannel({uri: NetUtil.newURI(this._defaults, "UTF-8"), + loadUsingSystemPrincipal: true}); + channel.contentType = "application/json"; + + try { + this.initializationPromise = new Promise(function(resolve) { + NetUtil.asyncFetch(channel, function (stream, result) { + if (!Components.isSuccessCode(result)) { + throw new Error("Error fetching recipe file:" + result); + } + let count = stream.available(); + let data = NetUtil.readInputStreamToString(stream, count, { charset: "UTF-8" }); + resolve(JSON.parse(data)); + }); + }).then(recipes => { + return this.load(recipes); + }).then(resolve => { + return this; + }); + } catch (e) { + throw new Error("Error reading recipe file:" + e); + } + } else { + this.initializationPromise = Promise.resolve(this); + } + }, + + /** + * Validate the recipe is sane and then add it to the set of recipes. + * + * @param {Object} recipe + */ + add(recipe) { + log.debug("Adding recipe:", recipe); + let recipeKeys = Object.keys(recipe); + let unknownKeys = recipeKeys.filter(key => SUPPORTED_KEYS.indexOf(key) == -1); + if (unknownKeys.length > 0) { + throw new Error("The following recipe keys aren't supported: " + unknownKeys.join(", ")); + } + + let missingRequiredKeys = REQUIRED_KEYS.filter(key => recipeKeys.indexOf(key) == -1); + if (missingRequiredKeys.length > 0) { + throw new Error("The following required recipe keys are missing: " + missingRequiredKeys.join(", ")); + } + + if (!Array.isArray(recipe.hosts)) { + throw new Error("'hosts' must be a array"); + } + + if (!recipe.hosts.length) { + throw new Error("'hosts' must be a non-empty array"); + } + + if (recipe.pathRegex && recipe.pathRegex.constructor.name != "RegExp") { + throw new Error("'pathRegex' must be a regular expression"); + } + + const OPTIONAL_STRING_PROPS = ["description", "passwordSelector", "usernameSelector"]; + for (let prop of OPTIONAL_STRING_PROPS) { + if (recipe[prop] && typeof(recipe[prop]) != "string") { + throw new Error(`'${prop}' must be a string`); + } + } + + // Add the recipe to the map for each host + for (let host of recipe.hosts) { + if (!this._recipesByHost.has(host)) { + this._recipesByHost.set(host, new Set()); + } + this._recipesByHost.get(host).add(recipe); + } + }, + + /** + * Currently only exact host matches are returned but this will eventually handle parent domains. + * + * @param {String} aHost (e.g. example.com:8080 [non-default port] or sub.example.com) + * @return {Set} of recipes that apply to the host ordered by host priority + */ + getRecipesForHost(aHost) { + let hostRecipes = this._recipesByHost.get(aHost); + if (!hostRecipes) { + return new Set(); + } + + return hostRecipes; + }, +}; + + +var LoginRecipesContent = { + /** + * @param {Set} aRecipes - Possible recipes that could apply to the form + * @param {FormLike} aForm - We use a form instead of just a URL so we can later apply + * tests to the page contents. + * @return {Set} a subset of recipes that apply to the form with the order preserved + */ + _filterRecipesForForm(aRecipes, aForm) { + let formDocURL = aForm.ownerDocument.location; + let hostRecipes = aRecipes; + let recipes = new Set(); + log.debug("_filterRecipesForForm", aRecipes); + if (!hostRecipes) { + return recipes; + } + + for (let hostRecipe of hostRecipes) { + if (hostRecipe.pathRegex && !hostRecipe.pathRegex.test(formDocURL.pathname)) { + continue; + } + recipes.add(hostRecipe); + } + + return recipes; + }, + + /** + * Given a set of recipes that apply to the host, choose the one most applicable for + * overriding login fields in the form. + * + * @param {Set} aRecipes The set of recipes to consider for the form + * @param {FormLike} aForm The form where login fields exist. + * @return {Object} The recipe that is most applicable for the form. + */ + getFieldOverrides(aRecipes, aForm) { + let recipes = this._filterRecipesForForm(aRecipes, aForm); + log.debug("getFieldOverrides: filtered recipes:", recipes); + if (!recipes.size) { + return null; + } + + let chosenRecipe = null; + // Find the first (most-specific recipe that involves field overrides). + for (let recipe of recipes) { + if (!recipe.usernameSelector && !recipe.passwordSelector && + !recipe.notUsernameSelector) { + continue; + } + + chosenRecipe = recipe; + break; + } + + return chosenRecipe; + }, + + /** + * @param {HTMLElement} aParent the element to query for the selector from. + * @param {CSSSelector} aSelector the CSS selector to query for the login field. + * @return {HTMLElement|null} + */ + queryLoginField(aParent, aSelector) { + if (!aSelector) { + return null; + } + let field = aParent.ownerDocument.querySelector(aSelector); + if (!field) { + log.debug("Login field selector wasn't matched:", aSelector); + return null; + } + if (!(field instanceof aParent.ownerDocument.defaultView.HTMLInputElement)) { + log.warn("Login field isn't an so ignoring it:", aSelector); + return null; + } + return field; + }, +}; diff --git a/toolkit/components/passwordmgr/LoginStore.jsm b/toolkit/components/passwordmgr/LoginStore.jsm new file mode 100644 index 000000000..9fa6e7dff --- /dev/null +++ b/toolkit/components/passwordmgr/LoginStore.jsm @@ -0,0 +1,136 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/** + * Handles serialization of the data and persistence into a file. + * + * The file is stored in JSON format, without indentation, using UTF-8 encoding. + * With indentation applied, the file would look like this: + * + * { + * "logins": [ + * { + * "id": 2, + * "hostname": "http://www.example.com", + * "httpRealm": null, + * "formSubmitURL": "http://www.example.com/submit-url", + * "usernameField": "username_field", + * "passwordField": "password_field", + * "encryptedUsername": "...", + * "encryptedPassword": "...", + * "guid": "...", + * "encType": 1, + * "timeCreated": 1262304000000, + * "timeLastUsed": 1262304000000, + * "timePasswordChanged": 1262476800000, + * "timesUsed": 1 + * }, + * { + * "id": 4, + * (...) + * } + * ], + * "disabledHosts": [ + * "http://www.example.org", + * "http://www.example.net" + * ], + * "nextId": 10, + * "version": 1 + * } + */ + +"use strict"; + +this.EXPORTED_SYMBOLS = [ + "LoginStore", +]; + +// Globals + +const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components; + +Cu.import("resource://gre/modules/XPCOMUtils.jsm"); +Cu.import("resource://gre/modules/Services.jsm"); + +XPCOMUtils.defineLazyModuleGetter(this, "JSONFile", + "resource://gre/modules/JSONFile.jsm"); + +/** + * Current data version assigned by the code that last touched the data. + * + * This number should be updated only when it is important to understand whether + * an old version of the code has touched the data, for example to execute an + * update logic. In most cases, this number should not be changed, in + * particular when no special one-time update logic is needed. + * + * For example, this number should NOT be changed when a new optional field is + * added to a login entry. + */ +const kDataVersion = 2; + +// The permission type we store in the permission manager. +const PERMISSION_SAVE_LOGINS = "login-saving"; + +// LoginStore + +/** + * Inherits from JSONFile and handles serialization of login-related data and + * persistence into a file. + * + * @param aPath + * String containing the file path where data should be saved. + */ +function LoginStore(aPath) { + JSONFile.call(this, { + path: aPath, + dataPostProcessor: this._dataPostProcessor.bind(this) + }); +} + +LoginStore.prototype = Object.create(JSONFile.prototype); +LoginStore.prototype.constructor = LoginStore; + +/** + * Synchronously work on the data just loaded into memory. + */ +LoginStore.prototype._dataPostProcessor = function(data) { + if (data.nextId === undefined) { + data.nextId = 1; + } + + // Create any arrays that are not present in the saved file. + if (!data.logins) { + data.logins = []; + } + + // Stub needed for login imports before data has been migrated. + if (!data.disabledHosts) { + data.disabledHosts = []; + } + + if (data.version === 1) { + this._migrateDisabledHosts(data); + } + + // Indicate that the current version of the code has touched the file. + data.version = kDataVersion; + + return data; +}; + +/** + * Migrates disabled hosts to the permission manager. + */ +LoginStore.prototype._migrateDisabledHosts = function (data) { + for (let host of data.disabledHosts) { + try { + let uri = Services.io.newURI(host, null, null); + Services.perms.add(uri, PERMISSION_SAVE_LOGINS, Services.perms.DENY_ACTION); + } catch (e) { + Cu.reportError(e); + } + } + + delete data.disabledHosts; +}; diff --git a/toolkit/components/passwordmgr/OSCrypto.jsm b/toolkit/components/passwordmgr/OSCrypto.jsm new file mode 100644 index 000000000..04254f66f --- /dev/null +++ b/toolkit/components/passwordmgr/OSCrypto.jsm @@ -0,0 +1,22 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/** + * Common front for various implementations of OSCrypto + */ + +"use strict"; + +Components.utils.import("resource://gre/modules/AppConstants.jsm"); +Components.utils.import("resource://gre/modules/Services.jsm"); + +this.EXPORTED_SYMBOLS = ["OSCrypto"]; + +var OSCrypto = {}; + +if (AppConstants.platform == "win") { + Services.scriptloader.loadSubScript("resource://gre/modules/OSCrypto_win.js", this); +} else { + throw new Error("OSCrypto.jsm isn't supported on this platform"); +} diff --git a/toolkit/components/passwordmgr/OSCrypto_win.js b/toolkit/components/passwordmgr/OSCrypto_win.js new file mode 100644 index 000000000..0f52f4269 --- /dev/null +++ b/toolkit/components/passwordmgr/OSCrypto_win.js @@ -0,0 +1,245 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +var { classes: Cc, interfaces: Ci, results: Cr, utils: Cu } = Components; + +Cu.import("resource://gre/modules/Services.jsm"); +Cu.import("resource://gre/modules/XPCOMUtils.jsm"); + +XPCOMUtils.defineLazyModuleGetter(this, "ctypes", "resource://gre/modules/ctypes.jsm"); + +const FLAGS_NOT_SET = 0; + +const wintypes = { + BOOL: ctypes.bool, + BYTE: ctypes.uint8_t, + DWORD: ctypes.uint32_t, + PBYTE: ctypes.unsigned_char.ptr, + PCHAR: ctypes.char.ptr, + PDWORD: ctypes.uint32_t.ptr, + PVOID: ctypes.voidptr_t, + WORD: ctypes.uint16_t, +}; + +function OSCrypto() { + this._structs = {}; + this._functions = new Map(); + this._libs = new Map(); + this._structs.DATA_BLOB = new ctypes.StructType("DATA_BLOB", + [ + {cbData: wintypes.DWORD}, + {pbData: wintypes.PVOID} + ]); + + try { + + this._libs.set("crypt32", ctypes.open("Crypt32")); + this._libs.set("kernel32", ctypes.open("Kernel32")); + + this._functions.set("CryptProtectData", + this._libs.get("crypt32").declare("CryptProtectData", + ctypes.winapi_abi, + wintypes.DWORD, + this._structs.DATA_BLOB.ptr, + wintypes.PVOID, + wintypes.PVOID, + wintypes.PVOID, + wintypes.PVOID, + wintypes.DWORD, + this._structs.DATA_BLOB.ptr)); + this._functions.set("CryptUnprotectData", + this._libs.get("crypt32").declare("CryptUnprotectData", + ctypes.winapi_abi, + wintypes.DWORD, + this._structs.DATA_BLOB.ptr, + wintypes.PVOID, + wintypes.PVOID, + wintypes.PVOID, + wintypes.PVOID, + wintypes.DWORD, + this._structs.DATA_BLOB.ptr)); + this._functions.set("LocalFree", + this._libs.get("kernel32").declare("LocalFree", + ctypes.winapi_abi, + wintypes.DWORD, + wintypes.PVOID)); + } catch (ex) { + Cu.reportError(ex); + this.finalize(); + throw ex; + } +} +OSCrypto.prototype = { + /** + * Convert an array containing only two bytes unsigned numbers to a string. + * @param {number[]} arr - the array that needs to be converted. + * @returns {string} the string representation of the array. + */ + arrayToString(arr) { + let str = ""; + for (let i = 0; i < arr.length; i++) { + str += String.fromCharCode(arr[i]); + } + return str; + }, + + /** + * Convert a string to an array. + * @param {string} str - the string that needs to be converted. + * @returns {number[]} the array representation of the string. + */ + stringToArray(str) { + let arr = []; + for (let i = 0; i < str.length; i++) { + arr.push(str.charCodeAt(i)); + } + return arr; + }, + + /** + * Calculate the hash value used by IE as the name of the registry value where login details are + * stored. + * @param {string} data - the string value that needs to be hashed. + * @returns {string} the hash value of the string. + */ + getIELoginHash(data) { + // return the two-digit hexadecimal code for a byte + function toHexString(charCode) { + return ("00" + charCode.toString(16)).slice(-2); + } + + // the data needs to be encoded in null terminated UTF-16 + data += "\0"; + let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]. + createInstance(Ci.nsIScriptableUnicodeConverter); + converter.charset = "UTF-16"; + // result is an out parameter, + // result.value will contain the array length + let result = {}; + // dataArray is an array of bytes + let dataArray = converter.convertToByteArray(data, result); + // calculation of SHA1 hash value + let cryptoHash = Cc["@mozilla.org/security/hash;1"]. + createInstance(Ci.nsICryptoHash); + cryptoHash.init(cryptoHash.SHA1); + cryptoHash.update(dataArray, dataArray.length); + let hash = cryptoHash.finish(false); + + let tail = 0; // variable to calculate value for the last 2 bytes + // convert to a character string in hexadecimal notation + for (let c of hash) { + tail += c.charCodeAt(0); + } + hash += String.fromCharCode(tail % 256); + + // convert the binary hash data to a hex string. + let hashStr = Array.from(hash, (c, i) => toHexString(hash.charCodeAt(i))).join(""); + return hashStr.toUpperCase(); + }, + + /** + * Decrypt a string using the windows CryptUnprotectData API. + * @param {string} data - the encrypted string that needs to be decrypted. + * @param {?string} entropy - the entropy value of the decryption (could be null). Its value must + * be the same as the one used when the data was encrypted. + * @returns {string} the decryption of the string. + */ + decryptData(data, entropy = null) { + let array = this.stringToArray(data); + let decryptedData = ""; + let encryptedData = wintypes.BYTE.array(array.length)(array); + let inData = new this._structs.DATA_BLOB(encryptedData.length, encryptedData); + let outData = new this._structs.DATA_BLOB(); + let entropyParam; + if (entropy) { + let entropyArray = this.stringToArray(entropy); + entropyArray.push(0); + let entropyData = wintypes.WORD.array(entropyArray.length)(entropyArray); + let optionalEntropy = new this._structs.DATA_BLOB(entropyData.length * 2, + entropyData); + entropyParam = optionalEntropy.address(); + } else { + entropyParam = null; + } + + let status = this._functions.get("CryptUnprotectData")(inData.address(), null, + entropyParam, + null, null, FLAGS_NOT_SET, + outData.address()); + if (status === 0) { + throw new Error("decryptData failed: " + status); + } + + // convert byte array to JS string. + let len = outData.cbData; + let decrypted = ctypes.cast(outData.pbData, + wintypes.BYTE.array(len).ptr).contents; + for (let i = 0; i < decrypted.length; i++) { + decryptedData += String.fromCharCode(decrypted[i]); + } + + this._functions.get("LocalFree")(outData.pbData); + return decryptedData; + }, + + /** + * Encrypt a string using the windows CryptProtectData API. + * @param {string} data - the string that is going to be encrypted. + * @param {?string} entropy - the entropy value of the encryption (could be null). Its value must + * be the same as the one that is going to be used for the decryption. + * @returns {string} the encrypted string. + */ + encryptData(data, entropy = null) { + let encryptedData = ""; + let decryptedData = wintypes.BYTE.array(data.length)(this.stringToArray(data)); + + let inData = new this._structs.DATA_BLOB(data.length, decryptedData); + let outData = new this._structs.DATA_BLOB(); + let entropyParam; + if (!entropy) { + entropyParam = null; + } else { + let entropyArray = this.stringToArray(entropy); + entropyArray.push(0); + let entropyData = wintypes.WORD.array(entropyArray.length)(entropyArray); + let optionalEntropy = new this._structs.DATA_BLOB(entropyData.length * 2, + entropyData); + entropyParam = optionalEntropy.address(); + } + + let status = this._functions.get("CryptProtectData")(inData.address(), null, + entropyParam, + null, null, FLAGS_NOT_SET, + outData.address()); + if (status === 0) { + throw new Error("encryptData failed: " + status); + } + + // convert byte array to JS string. + let len = outData.cbData; + let encrypted = ctypes.cast(outData.pbData, + wintypes.BYTE.array(len).ptr).contents; + encryptedData = this.arrayToString(encrypted); + this._functions.get("LocalFree")(outData.pbData); + return encryptedData; + }, + + /** + * Must be invoked once after last use of any of the provided helpers. + */ + finalize() { + this._structs = {}; + this._functions.clear(); + for (let lib of this._libs.values()) { + try { + lib.close(); + } catch (ex) { + Cu.reportError(ex); + } + } + this._libs.clear(); + }, +}; diff --git a/toolkit/components/passwordmgr/content/passwordManager.js b/toolkit/components/passwordmgr/content/passwordManager.js new file mode 100644 index 000000000..333dc1d24 --- /dev/null +++ b/toolkit/components/passwordmgr/content/passwordManager.js @@ -0,0 +1,728 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/** * =================== SAVED SIGNONS CODE =================== ***/ +const { classes: Cc, interfaces: Ci, results: Cr, utils: Cu } = Components; + +Cu.import("resource://gre/modules/AppConstants.jsm"); +Cu.import("resource://gre/modules/XPCOMUtils.jsm"); +Cu.import("resource://gre/modules/Services.jsm"); + +XPCOMUtils.defineLazyModuleGetter(this, "DeferredTask", + "resource://gre/modules/DeferredTask.jsm"); +XPCOMUtils.defineLazyModuleGetter(this, "PlacesUtils", + "resource://gre/modules/PlacesUtils.jsm"); + +let kSignonBundle; + +// Default value for signon table sorting +let lastSignonSortColumn = "hostname"; +let lastSignonSortAscending = true; + +let showingPasswords = false; + +// password-manager lists +let signons = []; +let deletedSignons = []; + +// Elements that would be used frequently +let filterField; +let togglePasswordsButton; +let signonsIntro; +let removeButton; +let removeAllButton; +let signonsTree; + +let signonReloadDisplay = { + observe: function(subject, topic, data) { + if (topic == "passwordmgr-storage-changed") { + switch (data) { + case "addLogin": + case "modifyLogin": + case "removeLogin": + case "removeAllLogins": + if (!signonsTree) { + return; + } + signons.length = 0; + LoadSignons(); + // apply the filter if needed + if (filterField && filterField.value != "") { + FilterPasswords(); + } + break; + } + Services.obs.notifyObservers(null, "passwordmgr-dialog-updated", null); + } + } +}; + +// Formatter for localization. +let dateFormatter = new Intl.DateTimeFormat(undefined, + { day: "numeric", month: "short", year: "numeric" }); +let dateAndTimeFormatter = new Intl.DateTimeFormat(undefined, + { day: "numeric", month: "short", year: "numeric", + hour: "numeric", minute: "numeric" }); + +function Startup() { + // be prepared to reload the display if anything changes + Services.obs.addObserver(signonReloadDisplay, "passwordmgr-storage-changed", false); + + signonsTree = document.getElementById("signonsTree"); + kSignonBundle = document.getElementById("signonBundle"); + filterField = document.getElementById("filter"); + togglePasswordsButton = document.getElementById("togglePasswords"); + signonsIntro = document.getElementById("signonsIntro"); + removeButton = document.getElementById("removeSignon"); + removeAllButton = document.getElementById("removeAllSignons"); + + togglePasswordsButton.label = kSignonBundle.getString("showPasswords"); + togglePasswordsButton.accessKey = kSignonBundle.getString("showPasswordsAccessKey"); + signonsIntro.textContent = kSignonBundle.getString("loginsDescriptionAll"); + document.getElementsByTagName("treecols")[0].addEventListener("click", (event) => { + let { target, button } = event; + let sortField = target.getAttribute("data-field-name"); + + if (target.nodeName != "treecol" || button != 0 || !sortField) { + return; + } + + SignonColumnSort(sortField); + Services.telemetry.getKeyedHistogramById("PWMGR_MANAGE_SORTED").add(sortField); + }); + + LoadSignons(); + + // filter the table if requested by caller + if (window.arguments && + window.arguments[0] && + window.arguments[0].filterString) { + setFilter(window.arguments[0].filterString); + Services.telemetry.getHistogramById("PWMGR_MANAGE_OPENED").add(1); + } else { + Services.telemetry.getHistogramById("PWMGR_MANAGE_OPENED").add(0); + } + + FocusFilterBox(); +} + +function Shutdown() { + Services.obs.removeObserver(signonReloadDisplay, "passwordmgr-storage-changed"); +} + +function setFilter(aFilterString) { + filterField.value = aFilterString; + FilterPasswords(); +} + +let signonsTreeView = { + // Keep track of which favicons we've fetched or started fetching. + // Maps a login origin to a favicon URL. + _faviconMap: new Map(), + _filterSet: [], + // Coalesce invalidations to avoid repeated flickering. + _invalidateTask: new DeferredTask(() => { + signonsTree.treeBoxObject.invalidateColumn(signonsTree.columns.siteCol); + }, 10), + _lastSelectedRanges: [], + selection: null, + + rowCount: 0, + setTree(tree) {}, + getImageSrc(row, column) { + if (column.element.getAttribute("id") !== "siteCol") { + return ""; + } + + const signon = this._filterSet.length ? this._filterSet[row] : signons[row]; + + // We already have the favicon URL or we started to fetch (value is null). + if (this._faviconMap.has(signon.hostname)) { + return this._faviconMap.get(signon.hostname); + } + + // Record the fact that we already starting fetching a favicon for this + // origin in order to avoid multiple requests for the same origin. + this._faviconMap.set(signon.hostname, null); + + PlacesUtils.promiseFaviconLinkUrl(signon.hostname) + .then(faviconURI => { + this._faviconMap.set(signon.hostname, faviconURI.spec); + this._invalidateTask.arm(); + }).catch(Cu.reportError); + + return ""; + }, + getProgressMode(row, column) {}, + getCellValue(row, column) {}, + getCellText(row, column) { + let time; + let signon = this._filterSet.length ? this._filterSet[row] : signons[row]; + switch (column.id) { + case "siteCol": + return signon.httpRealm ? + (signon.hostname + " (" + signon.httpRealm + ")") : + signon.hostname; + case "userCol": + return signon.username || ""; + case "passwordCol": + return signon.password || ""; + case "timeCreatedCol": + time = new Date(signon.timeCreated); + return dateFormatter.format(time); + case "timeLastUsedCol": + time = new Date(signon.timeLastUsed); + return dateAndTimeFormatter.format(time); + case "timePasswordChangedCol": + time = new Date(signon.timePasswordChanged); + return dateFormatter.format(time); + case "timesUsedCol": + return signon.timesUsed; + default: + return ""; + } + }, + isEditable(row, col) { + if (col.id == "userCol" || col.id == "passwordCol") { + return true; + } + return false; + }, + isSeparator(index) { return false; }, + isSorted() { return false; }, + isContainer(index) { return false; }, + cycleHeader(column) {}, + getRowProperties(row) { return ""; }, + getColumnProperties(column) { return ""; }, + getCellProperties(row, column) { + if (column.element.getAttribute("id") == "siteCol") + return "ltr"; + + return ""; + }, + setCellText(row, col, value) { + // If there is a filter, _filterSet needs to be used, otherwise signons is used. + let table = signonsTreeView._filterSet.length ? signonsTreeView._filterSet : signons; + function _editLogin(field) { + if (value == table[row][field]) { + return; + } + let existingLogin = table[row].clone(); + table[row][field] = value; + table[row].timePasswordChanged = Date.now(); + Services.logins.modifyLogin(existingLogin, table[row]); + signonsTree.treeBoxObject.invalidateRow(row); + } + + if (col.id == "userCol") { + _editLogin("username"); + + } else if (col.id == "passwordCol") { + if (!value) { + return; + } + _editLogin("password"); + } + }, +}; + +function SortTree(column, ascending) { + let table = signonsTreeView._filterSet.length ? signonsTreeView._filterSet : signons; + // remember which item was selected so we can restore it after the sort + let selections = GetTreeSelections(); + let selectedNumber = selections.length ? table[selections[0]].number : -1; + + function compareFunc(a, b) { + let valA, valB; + switch (column) { + case "hostname": + let realmA = a.httpRealm; + let realmB = b.httpRealm; + realmA = realmA == null ? "" : realmA.toLowerCase(); + realmB = realmB == null ? "" : realmB.toLowerCase(); + + valA = a[column].toLowerCase() + realmA; + valB = b[column].toLowerCase() + realmB; + break; + case "username": + case "password": + valA = a[column].toLowerCase(); + valB = b[column].toLowerCase(); + break; + + default: + valA = a[column]; + valB = b[column]; + } + + if (valA < valB) + return -1; + if (valA > valB) + return 1; + return 0; + } + + // do the sort + table.sort(compareFunc); + if (!ascending) { + table.reverse(); + } + + // restore the selection + let selectedRow = -1; + if (selectedNumber >= 0 && false) { + for (let s = 0; s < table.length; s++) { + if (table[s].number == selectedNumber) { + // update selection + // note: we need to deselect before reselecting in order to trigger ...Selected() + signonsTree.view.selection.select(-1); + signonsTree.view.selection.select(s); + selectedRow = s; + break; + } + } + } + + // display the results + signonsTree.treeBoxObject.invalidate(); + if (selectedRow >= 0) { + signonsTree.treeBoxObject.ensureRowIsVisible(selectedRow); + } +} + +function LoadSignons() { + // loads signons into table + try { + signons = Services.logins.getAllLogins(); + } catch (e) { + signons = []; + } + signons.forEach(login => login.QueryInterface(Ci.nsILoginMetaInfo)); + signonsTreeView.rowCount = signons.length; + + // sort and display the table + signonsTree.view = signonsTreeView; + // The sort column didn't change. SortTree (called by + // SignonColumnSort) assumes we want to toggle the sort + // direction but here we don't so we have to trick it + lastSignonSortAscending = !lastSignonSortAscending; + SignonColumnSort(lastSignonSortColumn); + + // disable "remove all signons" button if there are no signons + if (signons.length == 0) { + removeAllButton.setAttribute("disabled", "true"); + togglePasswordsButton.setAttribute("disabled", "true"); + } else { + removeAllButton.removeAttribute("disabled"); + togglePasswordsButton.removeAttribute("disabled"); + } + + return true; +} + +function GetTreeSelections() { + let selections = []; + let select = signonsTree.view.selection; + if (select) { + let count = select.getRangeCount(); + let min = {}; + let max = {}; + for (let i = 0; i < count; i++) { + select.getRangeAt(i, min, max); + for (let k = min.value; k <= max.value; k++) { + if (k != -1) { + selections[selections.length] = k; + } + } + } + } + return selections; +} + +function SignonSelected() { + let selections = GetTreeSelections(); + if (selections.length) { + removeButton.removeAttribute("disabled"); + } else { + removeButton.setAttribute("disabled", true); + } +} + +function DeleteSignon() { + let filterSet = signonsTreeView._filterSet; + let syncNeeded = (filterSet.length != 0); + let tree = signonsTree; + let view = signonsTreeView; + let table = filterSet.length ? filterSet : signons; + + // Turn off tree selection notifications during the deletion + tree.view.selection.selectEventsSuppressed = true; + + // remove selected items from list (by setting them to null) and place in deleted list + let selections = GetTreeSelections(); + for (let s = selections.length - 1; s >= 0; s--) { + let i = selections[s]; + deletedSignons.push(table[i]); + table[i] = null; + } + + // collapse list by removing all the null entries + for (let j = 0; j < table.length; j++) { + if (table[j] == null) { + let k = j; + while ((k < table.length) && (table[k] == null)) { + k++; + } + table.splice(j, k - j); + view.rowCount -= k - j; + tree.treeBoxObject.rowCountChanged(j, j - k); + } + } + + // update selection and/or buttons + if (table.length) { + // update selection + let nextSelection = (selections[0] < table.length) ? selections[0] : table.length - 1; + tree.view.selection.select(nextSelection); + tree.treeBoxObject.ensureRowIsVisible(nextSelection); + } else { + // disable buttons + removeButton.setAttribute("disabled", "true"); + removeAllButton.setAttribute("disabled", "true"); + } + tree.view.selection.selectEventsSuppressed = false; + FinalizeSignonDeletions(syncNeeded); +} + +function DeleteAllSignons() { + let prompter = Cc["@mozilla.org/embedcomp/prompt-service;1"] + .getService(Ci.nsIPromptService); + + // Confirm the user wants to remove all passwords + let dummy = { value: false }; + if (prompter.confirmEx(window, + kSignonBundle.getString("removeAllPasswordsTitle"), + kSignonBundle.getString("removeAllPasswordsPrompt"), + prompter.STD_YES_NO_BUTTONS + prompter.BUTTON_POS_1_DEFAULT, + null, null, null, null, dummy) == 1) // 1 == "No" button + return; + + let filterSet = signonsTreeView._filterSet; + let syncNeeded = (filterSet.length != 0); + let view = signonsTreeView; + let table = filterSet.length ? filterSet : signons; + + // remove all items from table and place in deleted table + for (let i = 0; i < table.length; i++) { + deletedSignons.push(table[i]); + } + table.length = 0; + + // clear out selections + view.selection.select(-1); + + // update the tree view and notify the tree + view.rowCount = 0; + + let box = signonsTree.treeBoxObject; + box.rowCountChanged(0, -deletedSignons.length); + box.invalidate(); + + // disable buttons + removeButton.setAttribute("disabled", "true"); + removeAllButton.setAttribute("disabled", "true"); + FinalizeSignonDeletions(syncNeeded); + Services.telemetry.getHistogramById("PWMGR_MANAGE_DELETED_ALL").add(1); +} + +function TogglePasswordVisible() { + if (showingPasswords || masterPasswordLogin(AskUserShowPasswords)) { + showingPasswords = !showingPasswords; + togglePasswordsButton.label = kSignonBundle.getString(showingPasswords ? "hidePasswords" : "showPasswords"); + togglePasswordsButton.accessKey = kSignonBundle.getString(showingPasswords ? "hidePasswordsAccessKey" : "showPasswordsAccessKey"); + document.getElementById("passwordCol").hidden = !showingPasswords; + FilterPasswords(); + } + + // Notify observers that the password visibility toggling is + // completed. (Mostly useful for tests) + Services.obs.notifyObservers(null, "passwordmgr-password-toggle-complete", null); + Services.telemetry.getHistogramById("PWMGR_MANAGE_VISIBILITY_TOGGLED").add(showingPasswords); +} + +function AskUserShowPasswords() { + let prompter = Cc["@mozilla.org/embedcomp/prompt-service;1"].getService(Ci.nsIPromptService); + let dummy = { value: false }; + + // Confirm the user wants to display passwords + return prompter.confirmEx(window, + null, + kSignonBundle.getString("noMasterPasswordPrompt"), prompter.STD_YES_NO_BUTTONS, + null, null, null, null, dummy) == 0; // 0=="Yes" button +} + +function FinalizeSignonDeletions(syncNeeded) { + for (let s = 0; s < deletedSignons.length; s++) { + Services.logins.removeLogin(deletedSignons[s]); + Services.telemetry.getHistogramById("PWMGR_MANAGE_DELETED").add(1); + } + // If the deletion has been performed in a filtered view, reflect the deletion in the unfiltered table. + // See bug 405389. + if (syncNeeded) { + try { + signons = Services.logins.getAllLogins(); + } catch (e) { + signons = []; + } + } + deletedSignons.length = 0; +} + +function HandleSignonKeyPress(e) { + // If editing is currently performed, don't do anything. + if (signonsTree.getAttribute("editing")) { + return; + } + if (e.keyCode == KeyboardEvent.DOM_VK_DELETE || + (AppConstants.platform == "macosx" && + e.keyCode == KeyboardEvent.DOM_VK_BACK_SPACE)) { + DeleteSignon(); + } +} + +function getColumnByName(column) { + switch (column) { + case "hostname": + return document.getElementById("siteCol"); + case "username": + return document.getElementById("userCol"); + case "password": + return document.getElementById("passwordCol"); + case "timeCreated": + return document.getElementById("timeCreatedCol"); + case "timeLastUsed": + return document.getElementById("timeLastUsedCol"); + case "timePasswordChanged": + return document.getElementById("timePasswordChangedCol"); + case "timesUsed": + return document.getElementById("timesUsedCol"); + } + return undefined; +} + +function SignonColumnSort(column) { + let sortedCol = getColumnByName(column); + let lastSortedCol = getColumnByName(lastSignonSortColumn); + + // clear out the sortDirection attribute on the old column + lastSortedCol.removeAttribute("sortDirection"); + + // determine if sort is to be ascending or descending + lastSignonSortAscending = (column == lastSignonSortColumn) ? !lastSignonSortAscending : true; + + // sort + lastSignonSortColumn = column; + SortTree(lastSignonSortColumn, lastSignonSortAscending); + + // set the sortDirection attribute to get the styling going + // first we need to get the right element + sortedCol.setAttribute("sortDirection", lastSignonSortAscending ? + "ascending" : "descending"); +} + +function SignonClearFilter() { + let singleSelection = (signonsTreeView.selection.count == 1); + + // Clear the Tree Display + signonsTreeView.rowCount = 0; + signonsTree.treeBoxObject.rowCountChanged(0, -signonsTreeView._filterSet.length); + signonsTreeView._filterSet = []; + + // Just reload the list to make sure deletions are respected + LoadSignons(); + + // Restore selection + if (singleSelection) { + signonsTreeView.selection.clearSelection(); + for (let i = 0; i < signonsTreeView._lastSelectedRanges.length; ++i) { + let range = signonsTreeView._lastSelectedRanges[i]; + signonsTreeView.selection.rangedSelect(range.min, range.max, true); + } + } else { + signonsTreeView.selection.select(0); + } + signonsTreeView._lastSelectedRanges = []; + + signonsIntro.textContent = kSignonBundle.getString("loginsDescriptionAll"); +} + +function FocusFilterBox() { + if (filterField.getAttribute("focused") != "true") { + filterField.focus(); + } +} + +function SignonMatchesFilter(aSignon, aFilterValue) { + if (aSignon.hostname.toLowerCase().indexOf(aFilterValue) != -1) + return true; + if (aSignon.username && + aSignon.username.toLowerCase().indexOf(aFilterValue) != -1) + return true; + if (aSignon.httpRealm && + aSignon.httpRealm.toLowerCase().indexOf(aFilterValue) != -1) + return true; + if (showingPasswords && aSignon.password && + aSignon.password.toLowerCase().indexOf(aFilterValue) != -1) + return true; + + return false; +} + +function _filterPasswords(aFilterValue, view) { + aFilterValue = aFilterValue.toLowerCase(); + return signons.filter(s => SignonMatchesFilter(s, aFilterValue)); +} + +function SignonSaveState() { + // Save selection + let seln = signonsTreeView.selection; + signonsTreeView._lastSelectedRanges = []; + let rangeCount = seln.getRangeCount(); + for (let i = 0; i < rangeCount; ++i) { + let min = {}; let max = {}; + seln.getRangeAt(i, min, max); + signonsTreeView._lastSelectedRanges.push({ min: min.value, max: max.value }); + } +} + +function FilterPasswords() { + if (filterField.value == "") { + SignonClearFilter(); + return; + } + + let newFilterSet = _filterPasswords(filterField.value, signonsTreeView); + if (!signonsTreeView._filterSet.length) { + // Save Display Info for the Non-Filtered mode when we first + // enter Filtered mode. + SignonSaveState(); + } + signonsTreeView._filterSet = newFilterSet; + + // Clear the display + let oldRowCount = signonsTreeView.rowCount; + signonsTreeView.rowCount = 0; + signonsTree.treeBoxObject.rowCountChanged(0, -oldRowCount); + // Set up the filtered display + signonsTreeView.rowCount = signonsTreeView._filterSet.length; + signonsTree.treeBoxObject.rowCountChanged(0, signonsTreeView.rowCount); + + // if the view is not empty then select the first item + if (signonsTreeView.rowCount > 0) + signonsTreeView.selection.select(0); + + signonsIntro.textContent = kSignonBundle.getString("loginsDescriptionFiltered"); +} + +function CopyPassword() { + // Don't copy passwords if we aren't already showing the passwords & a master + // password hasn't been entered. + if (!showingPasswords && !masterPasswordLogin()) + return; + // Copy selected signon's password to clipboard + let clipboard = Cc["@mozilla.org/widget/clipboardhelper;1"]. + getService(Ci.nsIClipboardHelper); + let row = signonsTree.currentIndex; + let password = signonsTreeView.getCellText(row, {id : "passwordCol" }); + clipboard.copyString(password); + Services.telemetry.getHistogramById("PWMGR_MANAGE_COPIED_PASSWORD").add(1); +} + +function CopyUsername() { + // Copy selected signon's username to clipboard + let clipboard = Cc["@mozilla.org/widget/clipboardhelper;1"]. + getService(Ci.nsIClipboardHelper); + let row = signonsTree.currentIndex; + let username = signonsTreeView.getCellText(row, {id : "userCol" }); + clipboard.copyString(username); + Services.telemetry.getHistogramById("PWMGR_MANAGE_COPIED_USERNAME").add(1); +} + +function EditCellInSelectedRow(columnName) { + let row = signonsTree.currentIndex; + let columnElement = getColumnByName(columnName); + signonsTree.startEditing(row, signonsTree.columns.getColumnFor(columnElement)); +} + +function UpdateContextMenu() { + let singleSelection = (signonsTreeView.selection.count == 1); + let menuItems = new Map(); + let menupopup = document.getElementById("signonsTreeContextMenu"); + for (let menuItem of menupopup.querySelectorAll("menuitem")) { + menuItems.set(menuItem.id, menuItem); + } + + if (!singleSelection) { + for (let menuItem of menuItems.values()) { + menuItem.setAttribute("disabled", "true"); + } + return; + } + + let selectedRow = signonsTree.currentIndex; + + // Disable "Copy Username" if the username is empty. + if (signonsTreeView.getCellText(selectedRow, { id: "userCol" }) != "") { + menuItems.get("context-copyusername").removeAttribute("disabled"); + } else { + menuItems.get("context-copyusername").setAttribute("disabled", "true"); + } + + menuItems.get("context-editusername").removeAttribute("disabled"); + menuItems.get("context-copypassword").removeAttribute("disabled"); + + // Disable "Edit Password" if the password column isn't showing. + if (!document.getElementById("passwordCol").hidden) { + menuItems.get("context-editpassword").removeAttribute("disabled"); + } else { + menuItems.get("context-editpassword").setAttribute("disabled", "true"); + } +} + +function masterPasswordLogin(noPasswordCallback) { + // This doesn't harm if passwords are not encrypted + let tokendb = Cc["@mozilla.org/security/pk11tokendb;1"] + .createInstance(Ci.nsIPK11TokenDB); + let token = tokendb.getInternalKeyToken(); + + // If there is no master password, still give the user a chance to opt-out of displaying passwords + if (token.checkPassword("")) + return noPasswordCallback ? noPasswordCallback() : true; + + // So there's a master password. But since checkPassword didn't succeed, we're logged out (per nsIPK11Token.idl). + try { + // Relogin and ask for the master password. + token.login(true); // 'true' means always prompt for token password. User will be prompted until + // clicking 'Cancel' or entering the correct password. + } catch (e) { + // An exception will be thrown if the user cancels the login prompt dialog. + // User is also logged out of Software Security Device. + } + + return token.isLoggedIn(); +} + +function escapeKeyHandler() { + // If editing is currently performed, don't do anything. + if (signonsTree.getAttribute("editing")) { + return; + } + window.close(); +} + +function OpenMigrator() { + const { MigrationUtils } = Cu.import("resource:///modules/MigrationUtils.jsm", {}); + // We pass in the type of source we're using for use in telemetry: + MigrationUtils.showMigrationWizard(window, [MigrationUtils.MIGRATION_ENTRYPOINT_PASSWORDS]); +} diff --git a/toolkit/components/passwordmgr/content/passwordManager.xul b/toolkit/components/passwordmgr/content/passwordManager.xul new file mode 100644 index 000000000..d248283b6 --- /dev/null +++ b/toolkit/components/passwordmgr/content/passwordManager.xul @@ -0,0 +1,134 @@ + +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + + + + + + + + + + + diff --git a/toolkit/components/passwordmgr/test/browser/head.js b/toolkit/components/passwordmgr/test/browser/head.js new file mode 100644 index 000000000..926cb6616 --- /dev/null +++ b/toolkit/components/passwordmgr/test/browser/head.js @@ -0,0 +1,137 @@ +const DIRECTORY_PATH = "/browser/toolkit/components/passwordmgr/test/browser/"; + +Cu.import("resource://testing-common/LoginTestUtils.jsm", this); +Cu.import("resource://testing-common/ContentTaskUtils.jsm", this); + +registerCleanupFunction(function* cleanup_removeAllLoginsAndResetRecipes() { + Services.logins.removeAllLogins(); + + let recipeParent = LoginTestUtils.recipes.getRecipeParent(); + if (!recipeParent) { + // No need to reset the recipes if the recipe module wasn't even loaded. + return; + } + yield recipeParent.then(recipeParentResult => recipeParentResult.reset()); +}); + +/** + * Loads a test page in `DIRECTORY_URL` which automatically submits to formsubmit.sjs and returns a + * promise resolving with the field values when the optional `aTaskFn` is done. + * + * @param {String} aPageFile - test page file name which auto-submits to formsubmit.sjs + * @param {Function} aTaskFn - task which can be run before the tab closes. + * @param {String} [aOrigin="http://example.com"] - origin of the server to use + * to load `aPageFile`. + */ +function testSubmittingLoginForm(aPageFile, aTaskFn, aOrigin = "http://example.com") { + return BrowserTestUtils.withNewTab({ + gBrowser, + url: aOrigin + DIRECTORY_PATH + aPageFile, + }, function*(browser) { + ok(true, "loaded " + aPageFile); + let fieldValues = yield ContentTask.spawn(browser, undefined, function*() { + yield ContentTaskUtils.waitForCondition(() => { + return content.location.pathname.endsWith("/formsubmit.sjs") && + content.document.readyState == "complete"; + }, "Wait for form submission load (formsubmit.sjs)"); + let username = content.document.getElementById("user").textContent; + let password = content.document.getElementById("pass").textContent; + return { + username, + password, + }; + }); + ok(true, "form submission loaded"); + if (aTaskFn) { + yield* aTaskFn(fieldValues); + } + return fieldValues; + }); +} + +function checkOnlyLoginWasUsedTwice({ justChanged }) { + // Check to make sure we updated the timestamps and use count on the + // existing login that was submitted for the test. + let logins = Services.logins.getAllLogins(); + is(logins.length, 1, "Should only have 1 login"); + ok(logins[0] instanceof Ci.nsILoginMetaInfo, "metainfo QI"); + is(logins[0].timesUsed, 2, "check .timesUsed for existing login submission"); + ok(logins[0].timeCreated < logins[0].timeLastUsed, "timeLastUsed bumped"); + if (justChanged) { + is(logins[0].timeLastUsed, logins[0].timePasswordChanged, "timeLastUsed == timePasswordChanged"); + } else { + is(logins[0].timeCreated, logins[0].timePasswordChanged, "timeChanged not updated"); + } +} + +// Begin popup notification (doorhanger) functions // + +const REMEMBER_BUTTON = 0; +const NEVER_BUTTON = 1; + +const CHANGE_BUTTON = 0; +const DONT_CHANGE_BUTTON = 1; + +/** + * Checks if we have a password capture popup notification + * of the right type and with the right label. + * + * @param {String} aKind The desired `passwordNotificationType` + * @param {Object} [popupNotifications = PopupNotifications] + * @return the found password popup notification. + */ +function getCaptureDoorhanger(aKind, popupNotifications = PopupNotifications) { + ok(true, "Looking for " + aKind + " popup notification"); + let notification = popupNotifications.getNotification("password"); + if (notification) { + is(notification.options.passwordNotificationType, aKind, "Notification type matches."); + if (aKind == "password-change") { + is(notification.mainAction.label, "Update", "Main action label matches update doorhanger."); + } else if (aKind == "password-save") { + is(notification.mainAction.label, "Remember", "Main action label matches save doorhanger."); + } + } + return notification; +} + +/** + * Clicks the specified popup notification button. + * + * @param {Element} aPopup Popup Notification element + * @param {Number} aButtonIndex Number indicating which button to click. + * See the constants in this file. + */ +function clickDoorhangerButton(aPopup, aButtonIndex) { + ok(true, "Looking for action at index " + aButtonIndex); + + let notifications = aPopup.owner.panel.childNodes; + ok(notifications.length > 0, "at least one notification displayed"); + ok(true, notifications.length + " notification(s)"); + let notification = notifications[0]; + + if (aButtonIndex == 0) { + ok(true, "Triggering main action"); + notification.button.doCommand(); + } else if (aButtonIndex <= aPopup.secondaryActions.length) { + ok(true, "Triggering secondary action " + aButtonIndex); + notification.childNodes[aButtonIndex].doCommand(); + } +} + +/** + * Checks the doorhanger's username and password. + * + * @param {String} username The username. + * @param {String} password The password. + */ +function* checkDoorhangerUsernamePassword(username, password) { + yield BrowserTestUtils.waitForCondition(() => { + return document.getElementById("password-notification-username").value == username; + }, "Wait for nsLoginManagerPrompter writeDataToUI()"); + is(document.getElementById("password-notification-username").value, username, + "Check doorhanger username"); + is(document.getElementById("password-notification-password").value, password, + "Check doorhanger password"); +} + +// End popup notification (doorhanger) functions // diff --git a/toolkit/components/passwordmgr/test/browser/insecure_test.html b/toolkit/components/passwordmgr/test/browser/insecure_test.html new file mode 100644 index 000000000..fedea1428 --- /dev/null +++ b/toolkit/components/passwordmgr/test/browser/insecure_test.html @@ -0,0 +1,9 @@ + + + + + + + + diff --git a/toolkit/components/passwordmgr/test/browser/streamConverter_content.sjs b/toolkit/components/passwordmgr/test/browser/streamConverter_content.sjs new file mode 100644 index 000000000..84c75437e --- /dev/null +++ b/toolkit/components/passwordmgr/test/browser/streamConverter_content.sjs @@ -0,0 +1,6 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +function handleRequest(request, response) { + response.setHeader("Content-Type", "test/content", false); +} diff --git a/toolkit/components/passwordmgr/test/browser/subtst_notifications_1.html b/toolkit/components/passwordmgr/test/browser/subtst_notifications_1.html new file mode 100644 index 000000000..b96faf2ee --- /dev/null +++ b/toolkit/components/passwordmgr/test/browser/subtst_notifications_1.html @@ -0,0 +1,29 @@ + + + + + Subtest for Login Manager notifications - Basic 1un 1pw + + +

Subtest 1

+ + + + + + + + + diff --git a/toolkit/components/passwordmgr/test/browser/subtst_notifications_10.html b/toolkit/components/passwordmgr/test/browser/subtst_notifications_10.html new file mode 100644 index 000000000..2dc96b4fd --- /dev/null +++ b/toolkit/components/passwordmgr/test/browser/subtst_notifications_10.html @@ -0,0 +1,27 @@ + + + + + Subtest for Login Manager notifications + + +

Subtest 10

+
+ + +
+ + + + diff --git a/toolkit/components/passwordmgr/test/browser/subtst_notifications_11.html b/toolkit/components/passwordmgr/test/browser/subtst_notifications_11.html new file mode 100644 index 000000000..cf3df5275 --- /dev/null +++ b/toolkit/components/passwordmgr/test/browser/subtst_notifications_11.html @@ -0,0 +1,25 @@ + + + + + Subtest for Login Manager notifications - Popup Windows + + +

Subtest 11 (popup windows)

+ + + diff --git a/toolkit/components/passwordmgr/test/browser/subtst_notifications_11_popup.html b/toolkit/components/passwordmgr/test/browser/subtst_notifications_11_popup.html new file mode 100644 index 000000000..2e8e4135c --- /dev/null +++ b/toolkit/components/passwordmgr/test/browser/subtst_notifications_11_popup.html @@ -0,0 +1,32 @@ + + + + + Subtest for Login Manager notifications + + +

Subtest 11

+
+ + + +
+ + + + diff --git a/toolkit/components/passwordmgr/test/browser/subtst_notifications_2.html b/toolkit/components/passwordmgr/test/browser/subtst_notifications_2.html new file mode 100644 index 000000000..72651d6c1 --- /dev/null +++ b/toolkit/components/passwordmgr/test/browser/subtst_notifications_2.html @@ -0,0 +1,30 @@ + + + + + Subtest for Login Manager notifications - autocomplete=off on the username field + + +

Subtest 2

+(username autocomplete=off) +
+ + + +
+ + + + diff --git a/toolkit/components/passwordmgr/test/browser/subtst_notifications_2pw_0un.html b/toolkit/components/passwordmgr/test/browser/subtst_notifications_2pw_0un.html new file mode 100644 index 000000000..7ddbf0851 --- /dev/null +++ b/toolkit/components/passwordmgr/test/browser/subtst_notifications_2pw_0un.html @@ -0,0 +1,27 @@ + + + + + Subtest for Login Manager notifications with 2 password fields and no username + + +

Subtest 24

+
+ + + +
+ + + + diff --git a/toolkit/components/passwordmgr/test/browser/subtst_notifications_2pw_1un_1text.html b/toolkit/components/passwordmgr/test/browser/subtst_notifications_2pw_1un_1text.html new file mode 100644 index 000000000..893f18724 --- /dev/null +++ b/toolkit/components/passwordmgr/test/browser/subtst_notifications_2pw_1un_1text.html @@ -0,0 +1,31 @@ + + + + + Subtest for Login Manager notifications with 2 password fields and 1 username field and one other text field before the first password field + + +

1 username field followed by a text field followed by 2 username fields

+
+ + + + + +
+ + + + diff --git a/toolkit/components/passwordmgr/test/browser/subtst_notifications_3.html b/toolkit/components/passwordmgr/test/browser/subtst_notifications_3.html new file mode 100644 index 000000000..291e735d0 --- /dev/null +++ b/toolkit/components/passwordmgr/test/browser/subtst_notifications_3.html @@ -0,0 +1,30 @@ + + + + + Subtest for Login Manager notifications - autocomplete=off on the password field + + +

Subtest 3

+(password autocomplete=off) +
+ + + +
+ + + + diff --git a/toolkit/components/passwordmgr/test/browser/subtst_notifications_4.html b/toolkit/components/passwordmgr/test/browser/subtst_notifications_4.html new file mode 100644 index 000000000..63df3a42d --- /dev/null +++ b/toolkit/components/passwordmgr/test/browser/subtst_notifications_4.html @@ -0,0 +1,30 @@ + + + + + Subtest for Login Manager notifications + + +

Subtest 4

+(form autocomplete=off) +
+ + + +
+ + + + diff --git a/toolkit/components/passwordmgr/test/browser/subtst_notifications_5.html b/toolkit/components/passwordmgr/test/browser/subtst_notifications_5.html new file mode 100644 index 000000000..72a3df95f --- /dev/null +++ b/toolkit/components/passwordmgr/test/browser/subtst_notifications_5.html @@ -0,0 +1,26 @@ + + + + + Subtest for Login Manager notifications - Form with only a username field + + +

Subtest 5

+
+ + +
+ + + + diff --git a/toolkit/components/passwordmgr/test/browser/subtst_notifications_6.html b/toolkit/components/passwordmgr/test/browser/subtst_notifications_6.html new file mode 100644 index 000000000..47e23e972 --- /dev/null +++ b/toolkit/components/passwordmgr/test/browser/subtst_notifications_6.html @@ -0,0 +1,27 @@ + + + + + Subtest for Login Manager notifications + + +

Subtest 6

+(password-only form) +
+ + +
+ + + + diff --git a/toolkit/components/passwordmgr/test/browser/subtst_notifications_8.html b/toolkit/components/passwordmgr/test/browser/subtst_notifications_8.html new file mode 100644 index 000000000..abeea4262 --- /dev/null +++ b/toolkit/components/passwordmgr/test/browser/subtst_notifications_8.html @@ -0,0 +1,29 @@ + + + + + Subtest for Login Manager notifications + + +

Subtest 8

+
+ + + +
+ + + + diff --git a/toolkit/components/passwordmgr/test/browser/subtst_notifications_9.html b/toolkit/components/passwordmgr/test/browser/subtst_notifications_9.html new file mode 100644 index 000000000..c6f741068 --- /dev/null +++ b/toolkit/components/passwordmgr/test/browser/subtst_notifications_9.html @@ -0,0 +1,29 @@ + + + + + Subtest for Login Manager notifications + + +

Subtest 9

+
+ + + +
+ + + + diff --git a/toolkit/components/passwordmgr/test/browser/subtst_notifications_change_p.html b/toolkit/components/passwordmgr/test/browser/subtst_notifications_change_p.html new file mode 100644 index 000000000..d74f3bcdf --- /dev/null +++ b/toolkit/components/passwordmgr/test/browser/subtst_notifications_change_p.html @@ -0,0 +1,32 @@ + + + + + Subtest for Login Manager notifications + + +

Change password

+
+ + + + +
+ + + + diff --git a/toolkit/components/passwordmgr/test/chrome/chrome.ini b/toolkit/components/passwordmgr/test/chrome/chrome.ini new file mode 100644 index 000000000..093b87b7d --- /dev/null +++ b/toolkit/components/passwordmgr/test/chrome/chrome.ini @@ -0,0 +1,13 @@ +[DEFAULT] +skip-if = os == 'android' + +[test_privbrowsing_perwindowpb.html] +skip-if = true # Bug 1173337 +support-files = + ../formsubmit.sjs + notification_common.js + privbrowsing_perwindowpb_iframe.html + subtst_privbrowsing_1.html + subtst_privbrowsing_2.html + subtst_privbrowsing_3.html + subtst_privbrowsing_4.html diff --git a/toolkit/components/passwordmgr/test/chrome/notification_common.js b/toolkit/components/passwordmgr/test/chrome/notification_common.js new file mode 100644 index 000000000..e8a52929d --- /dev/null +++ b/toolkit/components/passwordmgr/test/chrome/notification_common.js @@ -0,0 +1,111 @@ +/* + * Initialization: for each test, remove any prior notifications. + */ +function cleanUpPopupNotifications() { + var container = getPopupNotifications(window.top); + var notes = container._currentNotifications; + info(true, "Removing " + notes.length + " popup notifications."); + for (var i = notes.length - 1; i >= 0; i--) { + notes[i].remove(); + } +} +cleanUpPopupNotifications(); + +/* + * getPopupNotifications + * + * Fetches the popup notification for the specified window. + */ +function getPopupNotifications(aWindow) { + var Ci = SpecialPowers.Ci; + var Cc = SpecialPowers.Cc; + ok(Ci != null, "Access Ci"); + ok(Cc != null, "Access Cc"); + + var chromeWin = SpecialPowers.wrap(aWindow) + .QueryInterface(Ci.nsIInterfaceRequestor) + .getInterface(Ci.nsIWebNavigation) + .QueryInterface(Ci.nsIDocShell) + .chromeEventHandler.ownerDocument.defaultView; + + var popupNotifications = chromeWin.PopupNotifications; + return popupNotifications; +} + + +/** + * Checks if we have a password popup notification + * of the right type and with the right label. + * + * @deprecated Write a browser-chrome test instead and use the fork of this method there. + * @returns the found password popup notification. + */ +function getPopup(aPopupNote, aKind) { + ok(true, "Looking for " + aKind + " popup notification"); + var notification = aPopupNote.getNotification("password"); + if (notification) { + is(notification.options.passwordNotificationType, aKind, "Notification type matches."); + if (aKind == "password-change") { + is(notification.mainAction.label, "Update", "Main action label matches update doorhanger."); + } else if (aKind == "password-save") { + is(notification.mainAction.label, "Remember", "Main action label matches save doorhanger."); + } + } + return notification; +} + + +/** + * @deprecated - Use a browser chrome test instead. + * + * Clicks the specified popup notification button. + */ +function clickPopupButton(aPopup, aButtonIndex) { + ok(true, "Looking for action at index " + aButtonIndex); + + var notifications = SpecialPowers.wrap(aPopup.owner).panel.childNodes; + ok(notifications.length > 0, "at least one notification displayed"); + ok(true, notifications.length + " notifications"); + var notification = notifications[0]; + + if (aButtonIndex == 0) { + ok(true, "Triggering main action"); + notification.button.doCommand(); + } else if (aButtonIndex <= aPopup.secondaryActions.length) { + var index = aButtonIndex; + ok(true, "Triggering secondary action " + index); + notification.childNodes[index].doCommand(); + } +} + +const kRememberButton = 0; +const kNeverButton = 1; + +const kChangeButton = 0; +const kDontChangeButton = 1; + +function dumpNotifications() { + try { + // PopupNotifications + var container = getPopupNotifications(window.top); + ok(true, "is popup panel open? " + container.isPanelOpen); + var notes = container._currentNotifications; + ok(true, "Found " + notes.length + " popup notifications."); + for (let i = 0; i < notes.length; i++) { + ok(true, "#" + i + ": " + notes[i].id); + } + + // Notification bars + var chromeWin = SpecialPowers.wrap(window.top) + .QueryInterface(Ci.nsIInterfaceRequestor) + .getInterface(Ci.nsIWebNavigation) + .QueryInterface(Ci.nsIDocShell) + .chromeEventHandler.ownerDocument.defaultView; + var nb = chromeWin.getNotificationBox(window.top); + notes = nb.allNotifications; + ok(true, "Found " + notes.length + " notification bars."); + for (let i = 0; i < notes.length; i++) { + ok(true, "#" + i + ": " + notes[i].getAttribute("value")); + } + } catch (e) { todo(false, "WOAH! " + e); } +} diff --git a/toolkit/components/passwordmgr/test/chrome/privbrowsing_perwindowpb_iframe.html b/toolkit/components/passwordmgr/test/chrome/privbrowsing_perwindowpb_iframe.html new file mode 100644 index 000000000..2efdab265 --- /dev/null +++ b/toolkit/components/passwordmgr/test/chrome/privbrowsing_perwindowpb_iframe.html @@ -0,0 +1,9 @@ + + + + + + + + + diff --git a/toolkit/components/passwordmgr/test/chrome/subtst_privbrowsing_1.html b/toolkit/components/passwordmgr/test/chrome/subtst_privbrowsing_1.html new file mode 100644 index 000000000..8c7202dd0 --- /dev/null +++ b/toolkit/components/passwordmgr/test/chrome/subtst_privbrowsing_1.html @@ -0,0 +1,33 @@ + + + + + Subtest for Login Manager notifications (private browsing) + + +

Subtest 1

+ +
+ + + +
+ + + + diff --git a/toolkit/components/passwordmgr/test/chrome/subtst_privbrowsing_2.html b/toolkit/components/passwordmgr/test/chrome/subtst_privbrowsing_2.html new file mode 100644 index 000000000..bf3b85159 --- /dev/null +++ b/toolkit/components/passwordmgr/test/chrome/subtst_privbrowsing_2.html @@ -0,0 +1,33 @@ + + + + + Subtest for Login Manager notifications (private browsing) + + +

Subtest 2

+ +
+ + + +
+ + + + diff --git a/toolkit/components/passwordmgr/test/chrome/subtst_privbrowsing_3.html b/toolkit/components/passwordmgr/test/chrome/subtst_privbrowsing_3.html new file mode 100644 index 000000000..e88a302e0 --- /dev/null +++ b/toolkit/components/passwordmgr/test/chrome/subtst_privbrowsing_3.html @@ -0,0 +1,29 @@ + + + + + Subtest for Login Manager notifications (private browsing) + + +

Subtest 3

+ +
+ + + +
+ + + + diff --git a/toolkit/components/passwordmgr/test/chrome/subtst_privbrowsing_4.html b/toolkit/components/passwordmgr/test/chrome/subtst_privbrowsing_4.html new file mode 100644 index 000000000..184142743 --- /dev/null +++ b/toolkit/components/passwordmgr/test/chrome/subtst_privbrowsing_4.html @@ -0,0 +1,40 @@ + + + + + Subtest for Login Manager notifications (private browsing) + + + +

Subtest 4

+ +
+ + + +
+ + + + diff --git a/toolkit/components/passwordmgr/test/chrome/test_privbrowsing_perwindowpb.html b/toolkit/components/passwordmgr/test/chrome/test_privbrowsing_perwindowpb.html new file mode 100644 index 000000000..6b7d4abb3 --- /dev/null +++ b/toolkit/components/passwordmgr/test/chrome/test_privbrowsing_perwindowpb.html @@ -0,0 +1,322 @@ + + + + + + Test for Private Browsing + + + + + +Mozilla Bug 248970 +

+
+
+
+ + + diff --git a/toolkit/components/passwordmgr/test/chrome_timeout.js b/toolkit/components/passwordmgr/test/chrome_timeout.js new file mode 100644 index 000000000..9049d0bea --- /dev/null +++ b/toolkit/components/passwordmgr/test/chrome_timeout.js @@ -0,0 +1,11 @@ +const Cc = Components.classes; +const Ci = Components.interfaces; + +addMessageListener('setTimeout', msg => { + let timer = Cc['@mozilla.org/timer;1'].createInstance(Ci.nsITimer); + timer.init(_ => { + sendAsyncMessage('timeout'); + }, msg.delay, Ci.nsITimer.TYPE_ONE_SHOT); +}); + +sendAsyncMessage('ready'); diff --git a/toolkit/components/passwordmgr/test/formsubmit.sjs b/toolkit/components/passwordmgr/test/formsubmit.sjs new file mode 100644 index 000000000..4b4a387f7 --- /dev/null +++ b/toolkit/components/passwordmgr/test/formsubmit.sjs @@ -0,0 +1,37 @@ +function handleRequest(request, response) +{ + try { + reallyHandleRequest(request, response); + } catch (e) { + response.setStatusLine("1.0", 200, "AlmostOK"); + response.write("Error handling request: " + e); + } +} + + +function reallyHandleRequest(request, response) { + var match; + var requestAuth = true; + + // XXX I bet this doesn't work for POST requests. + var query = request.queryString; + + var user = null, pass = null; + // user=xxx + match = /user=([^&]*)/.exec(query); + if (match) + user = match[1]; + + // pass=xxx + match = /pass=([^&]*)/.exec(query); + if (match) + pass = match[1]; + + response.setStatusLine("1.0", 200, "OK"); + + response.setHeader("Content-Type", "application/xhtml+xml", false); + response.write(""); + response.write("

User: " + user + "

\n"); + response.write("

Pass: " + pass + "

\n"); + response.write(""); +} diff --git a/toolkit/components/passwordmgr/test/mochitest.ini b/toolkit/components/passwordmgr/test/mochitest.ini new file mode 100644 index 000000000..640f5c256 --- /dev/null +++ b/toolkit/components/passwordmgr/test/mochitest.ini @@ -0,0 +1,20 @@ +[DEFAULT] +skip-if = e10s +support-files = + authenticate.sjs + blank.html + formsubmit.sjs + prompt_common.js + pwmgr_common.js + subtst_master_pass.html + subtst_prompt_async.html + chrome_timeout.js + +[test_master_password.html] +skip-if = toolkit == 'android' # Tests desktop prompts +[test_prompt_async.html] +skip-if = toolkit == 'android' # Tests desktop prompts +[test_xhr.html] +skip-if = toolkit == 'android' # Tests desktop prompts +[test_xml_load.html] +skip-if = toolkit == 'android' # Tests desktop prompts diff --git a/toolkit/components/passwordmgr/test/mochitest/auth2/authenticate.sjs b/toolkit/components/passwordmgr/test/mochitest/auth2/authenticate.sjs new file mode 100644 index 000000000..d2f650013 --- /dev/null +++ b/toolkit/components/passwordmgr/test/mochitest/auth2/authenticate.sjs @@ -0,0 +1,220 @@ +function handleRequest(request, response) +{ + try { + reallyHandleRequest(request, response); + } catch (e) { + response.setStatusLine("1.0", 200, "AlmostOK"); + response.write("Error handling request: " + e); + } +} + + +function reallyHandleRequest(request, response) { + var match; + var requestAuth = true, requestProxyAuth = true; + + // Allow the caller to drive how authentication is processed via the query. + // Eg, http://localhost:8888/authenticate.sjs?user=foo&realm=bar + // The extra ? allows the user/pass/realm checks to succeed if the name is + // at the beginning of the query string. + var query = "?" + request.queryString; + + var expected_user = "", expected_pass = "", realm = "mochitest"; + var proxy_expected_user = "", proxy_expected_pass = "", proxy_realm = "mochi-proxy"; + var huge = false, plugin = false, anonymous = false; + var authHeaderCount = 1; + // user=xxx + match = /[^_]user=([^&]*)/.exec(query); + if (match) + expected_user = match[1]; + + // pass=xxx + match = /[^_]pass=([^&]*)/.exec(query); + if (match) + expected_pass = match[1]; + + // realm=xxx + match = /[^_]realm=([^&]*)/.exec(query); + if (match) + realm = match[1]; + + // proxy_user=xxx + match = /proxy_user=([^&]*)/.exec(query); + if (match) + proxy_expected_user = match[1]; + + // proxy_pass=xxx + match = /proxy_pass=([^&]*)/.exec(query); + if (match) + proxy_expected_pass = match[1]; + + // proxy_realm=xxx + match = /proxy_realm=([^&]*)/.exec(query); + if (match) + proxy_realm = match[1]; + + // huge=1 + match = /huge=1/.exec(query); + if (match) + huge = true; + + // plugin=1 + match = /plugin=1/.exec(query); + if (match) + plugin = true; + + // multiple=1 + match = /multiple=([^&]*)/.exec(query); + if (match) + authHeaderCount = match[1]+0; + + // anonymous=1 + match = /anonymous=1/.exec(query); + if (match) + anonymous = true; + + // Look for an authentication header, if any, in the request. + // + // EG: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== + // + // This test only supports Basic auth. The value sent by the client is + // "username:password", obscured with base64 encoding. + + var actual_user = "", actual_pass = "", authHeader, authPresent = false; + if (request.hasHeader("Authorization")) { + authPresent = true; + authHeader = request.getHeader("Authorization"); + match = /Basic (.+)/.exec(authHeader); + if (match.length != 2) + throw new Error("Couldn't parse auth header: " + authHeader); + + var userpass = base64ToString(match[1]); // no atob() :-( + match = /(.*):(.*)/.exec(userpass); + if (match.length != 3) + throw new Error("Couldn't decode auth header: " + userpass); + actual_user = match[1]; + actual_pass = match[2]; + } + + var proxy_actual_user = "", proxy_actual_pass = ""; + if (request.hasHeader("Proxy-Authorization")) { + authHeader = request.getHeader("Proxy-Authorization"); + match = /Basic (.+)/.exec(authHeader); + if (match.length != 2) + throw new Error("Couldn't parse auth header: " + authHeader); + + var userpass = base64ToString(match[1]); // no atob() :-( + match = /(.*):(.*)/.exec(userpass); + if (match.length != 3) + throw new Error("Couldn't decode auth header: " + userpass); + proxy_actual_user = match[1]; + proxy_actual_pass = match[2]; + } + + // Don't request authentication if the credentials we got were what we + // expected. + if (expected_user == actual_user && + expected_pass == actual_pass) { + requestAuth = false; + } + if (proxy_expected_user == proxy_actual_user && + proxy_expected_pass == proxy_actual_pass) { + requestProxyAuth = false; + } + + if (anonymous) { + if (authPresent) { + response.setStatusLine("1.0", 400, "Unexpected authorization header found"); + } else { + response.setStatusLine("1.0", 200, "Authorization header not found"); + } + } else { + if (requestProxyAuth) { + response.setStatusLine("1.0", 407, "Proxy authentication required"); + for (i = 0; i < authHeaderCount; ++i) + response.setHeader("Proxy-Authenticate", "basic realm=\"" + proxy_realm + "\"", true); + } else if (requestAuth) { + response.setStatusLine("1.0", 401, "Authentication required"); + for (i = 0; i < authHeaderCount; ++i) + response.setHeader("WWW-Authenticate", "basic realm=\"" + realm + "\"", true); + } else { + response.setStatusLine("1.0", 200, "OK"); + } + } + + response.setHeader("Content-Type", "application/xhtml+xml", false); + response.write(""); + response.write("

Login: " + (requestAuth ? "FAIL" : "PASS") + "

\n"); + response.write("

Proxy: " + (requestProxyAuth ? "FAIL" : "PASS") + "

\n"); + response.write("

Auth: " + authHeader + "

\n"); + response.write("

User: " + actual_user + "

\n"); + response.write("

Pass: " + actual_pass + "

\n"); + + if (huge) { + response.write("
"); + for (i = 0; i < 100000; i++) { + response.write("123456789\n"); + } + response.write("
"); + response.write("This is a footnote after the huge content fill"); + } + + if (plugin) { + response.write("\n"); + } + + response.write(""); +} + + +// base64 decoder +// +// Yoinked from extensions/xml-rpc/src/nsXmlRpcClient.js because btoa() +// doesn't seem to exist. :-( +/* Convert Base64 data to a string */ +const toBinaryTable = [ + -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, + -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, + -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,62, -1,-1,-1,63, + 52,53,54,55, 56,57,58,59, 60,61,-1,-1, -1, 0,-1,-1, + -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10, 11,12,13,14, + 15,16,17,18, 19,20,21,22, 23,24,25,-1, -1,-1,-1,-1, + -1,26,27,28, 29,30,31,32, 33,34,35,36, 37,38,39,40, + 41,42,43,44, 45,46,47,48, 49,50,51,-1, -1,-1,-1,-1 +]; +const base64Pad = '='; + +function base64ToString(data) { + + var result = ''; + var leftbits = 0; // number of bits decoded, but yet to be appended + var leftdata = 0; // bits decoded, but yet to be appended + + // Convert one by one. + for (var i = 0; i < data.length; i++) { + var c = toBinaryTable[data.charCodeAt(i) & 0x7f]; + var padding = (data[i] == base64Pad); + // Skip illegal characters and whitespace + if (c == -1) continue; + + // Collect data into leftdata, update bitcount + leftdata = (leftdata << 6) | c; + leftbits += 6; + + // If we have 8 or more bits, append 8 bits to the result + if (leftbits >= 8) { + leftbits -= 8; + // Append if not padding. + if (!padding) + result += String.fromCharCode((leftdata >> leftbits) & 0xff); + leftdata &= (1 << leftbits) - 1; + } + } + + // If there are any bits left, the base64 string was corrupted + if (leftbits) + throw Components.Exception('Corrupted base64 string'); + + return result; +} diff --git a/toolkit/components/passwordmgr/test/mochitest/mochitest.ini b/toolkit/components/passwordmgr/test/mochitest/mochitest.ini new file mode 100644 index 000000000..a4170d7e0 --- /dev/null +++ b/toolkit/components/passwordmgr/test/mochitest/mochitest.ini @@ -0,0 +1,69 @@ +[DEFAULT] +support-files = + ../../../prompts/test/chromeScript.js + ../../../prompts/test/prompt_common.js + ../../../satchel/test/parent_utils.js + ../../../satchel/test/satchel_common.js + ../authenticate.sjs + ../blank.html + ../browser/form_autofocus_js.html + ../browser/form_basic.html + ../browser/form_cross_origin_secure_action.html + ../pwmgr_common.js + auth2/authenticate.sjs + +[test_autocomplete_https_upgrade.html] +skip-if = toolkit == 'android' # autocomplete +[test_autofill_https_upgrade.html] +skip-if = toolkit == 'android' # Bug 1259768 +[test_autofill_password-only.html] +[test_autofocus_js.html] +skip-if = toolkit == 'android' # autocomplete +[test_basic_form.html] +[test_basic_form_0pw.html] +[test_basic_form_1pw.html] +[test_basic_form_1pw_2.html] +[test_basic_form_2pw_1.html] +[test_basic_form_2pw_2.html] +[test_basic_form_3pw_1.html] +[test_basic_form_autocomplete.html] +skip-if = toolkit == 'android' # android:autocomplete. +[test_insecure_form_field_autocomplete.html] +skip-if = toolkit == 'android' # android:autocomplete. +[test_password_field_autocomplete.html] +skip-if = toolkit == 'android' # android:autocomplete. +[test_insecure_form_field_no_saved_login.html] +skip-if = toolkit == 'android' || os == 'linux' # android:autocomplete., linux: bug 1325778 +[test_basic_form_html5.html] +[test_basic_form_pwevent.html] +[test_basic_form_pwonly.html] +[test_bug_627616.html] +skip-if = toolkit == 'android' # Tests desktop prompts +[test_bug_776171.html] +[test_case_differences.html] +skip-if = toolkit == 'android' # autocomplete +[test_form_action_1.html] +[test_form_action_2.html] +[test_form_action_javascript.html] +[test_formless_autofill.html] +[test_formless_submit.html] +[test_formless_submit_navigation.html] +[test_formless_submit_navigation_negative.html] +[test_input_events.html] +[test_input_events_for_identical_values.html] +[test_maxlength.html] +[test_passwords_in_type_password.html] +[test_prompt.html] +skip-if = os == "linux" || toolkit == 'android' # Tests desktop prompts +[test_prompt_http.html] +skip-if = os == "linux" || toolkit == 'android' # Tests desktop prompts +[test_prompt_noWindow.html] +skip-if = e10s || toolkit == 'android' # Tests desktop prompts. e10s: bug 1217876 +[test_prompt_promptAuth.html] +skip-if = os == "linux" || toolkit == 'android' # Tests desktop prompts +[test_prompt_promptAuth_proxy.html] +skip-if = e10s || os == "linux" || toolkit == 'android' # Tests desktop prompts +[test_recipe_login_fields.html] +[test_username_focus.html] +skip-if = toolkit == 'android' # android:autocomplete. +[test_xhr_2.html] diff --git a/toolkit/components/passwordmgr/test/mochitest/test_autocomplete_https_upgrade.html b/toolkit/components/passwordmgr/test/mochitest/test_autocomplete_https_upgrade.html new file mode 100644 index 000000000..7d5725322 --- /dev/null +++ b/toolkit/components/passwordmgr/test/mochitest/test_autocomplete_https_upgrade.html @@ -0,0 +1,218 @@ + + + + + Test autocomplete on an HTTPS page using upgraded HTTP logins + + + + + + + + + +

+ + +
+ +
+ +
+
+
+ + diff --git a/toolkit/components/passwordmgr/test/mochitest/test_autofill_https_upgrade.html b/toolkit/components/passwordmgr/test/mochitest/test_autofill_https_upgrade.html new file mode 100644 index 000000000..ee1424002 --- /dev/null +++ b/toolkit/components/passwordmgr/test/mochitest/test_autofill_https_upgrade.html @@ -0,0 +1,117 @@ + + + + + Test autocomplete on an HTTPS page using upgraded HTTP logins + + + + + + + + + +

+ + +
+ +
+ +
+
+
+ + diff --git a/toolkit/components/passwordmgr/test/mochitest/test_autofill_password-only.html b/toolkit/components/passwordmgr/test/mochitest/test_autofill_password-only.html new file mode 100644 index 000000000..983356371 --- /dev/null +++ b/toolkit/components/passwordmgr/test/mochitest/test_autofill_password-only.html @@ -0,0 +1,143 @@ + + + + + Test password-only forms should prefer a password-only login when present + + + + + +Login Manager test: Bug 444968 + + +

+ +
+
+
+ + diff --git a/toolkit/components/passwordmgr/test/mochitest/test_autofocus_js.html b/toolkit/components/passwordmgr/test/mochitest/test_autofocus_js.html new file mode 100644 index 000000000..2ce3293dd --- /dev/null +++ b/toolkit/components/passwordmgr/test/mochitest/test_autofocus_js.html @@ -0,0 +1,115 @@ + + + + + Test login autocomplete is activated when focused by js on load + + + + + + + + + +

+ +
+ +
+ +
+
+
+ + diff --git a/toolkit/components/passwordmgr/test/mochitest/test_basic_form.html b/toolkit/components/passwordmgr/test/mochitest/test_basic_form.html new file mode 100644 index 000000000..3c38343a5 --- /dev/null +++ b/toolkit/components/passwordmgr/test/mochitest/test_basic_form.html @@ -0,0 +1,44 @@ + + + + + Test basic autofill + + + + + +Login Manager test: simple form fill + + + +

+ + + +

+
+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_basic_form_0pw.html b/toolkit/components/passwordmgr/test/mochitest/test_basic_form_0pw.html
new file mode 100644
index 000000000..0b416673b
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_basic_form_0pw.html
@@ -0,0 +1,72 @@
+
+
+
+  
+  Test forms with no password fields
+  
+  
+  
+
+
+Login Manager test: forms with no password fields
+

+
+
+
+
+
+

+
+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_basic_form_1pw.html b/toolkit/components/passwordmgr/test/mochitest/test_basic_form_1pw.html
new file mode 100644
index 000000000..3937fad4b
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_basic_form_1pw.html
@@ -0,0 +1,167 @@
+
+
+
+  
+  Test autofill for forms with 1 password field
+  
+  
+  
+
+
+Login Manager test: forms with 1 password field
+
+

+
+
+
+
+
+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_basic_form_1pw_2.html b/toolkit/components/passwordmgr/test/mochitest/test_basic_form_1pw_2.html
new file mode 100644
index 000000000..0f6566b9c
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_basic_form_1pw_2.html
@@ -0,0 +1,109 @@
+
+
+
+  
+  Test forms with 1 password field, part 2
+  
+  
+  
+
+
+Login Manager test: forms with 1 password field, part 2
+
+

+
+
+
+
+
+

+
+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_basic_form_2pw_1.html b/toolkit/components/passwordmgr/test/mochitest/test_basic_form_2pw_1.html
new file mode 100644
index 000000000..128ffca7c
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_basic_form_2pw_1.html
@@ -0,0 +1,187 @@
+
+
+
+  
+  Test autofill for forms with 2 password fields
+  
+  
+  
+
+
+Login Manager test: forms with 2 password fields
+
+

+
+
+
+
+
+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_basic_form_2pw_2.html b/toolkit/components/passwordmgr/test/mochitest/test_basic_form_2pw_2.html
new file mode 100644
index 000000000..eba811cf9
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_basic_form_2pw_2.html
@@ -0,0 +1,105 @@
+
+
+
+  
+  Test for form fill with 2 password fields
+  
+  
+  
+
+
+Login Manager test: form fill, 2 password fields
+

+
+
+
+

+
+
+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_basic_form_3pw_1.html b/toolkit/components/passwordmgr/test/mochitest/test_basic_form_3pw_1.html
new file mode 100644
index 000000000..30b5a319f
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_basic_form_3pw_1.html
@@ -0,0 +1,177 @@
+
+
+
+  
+  Test autofill for forms with 3 password fields
+  
+  
+  
+
+
+Login Manager test: forms with 3 password fields (form filling)
+
+

+
+
+
+
+
+

+
+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_basic_form_autocomplete.html b/toolkit/components/passwordmgr/test/mochitest/test_basic_form_autocomplete.html
new file mode 100644
index 000000000..0eee8e696
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_basic_form_autocomplete.html
@@ -0,0 +1,859 @@
+
+
+
+  
+  Test basic login autocomplete
+  
+  
+  
+  
+  
+  
+
+
+Login Manager test: multiple login autocomplete
+
+
+

+
+
+

+
+  
+  

+    
+    
+    
+  

+
+  
+  

+    
+    
+    
+  

+
+  

+    
+    
+    
+  

+
+  

+    
+    
+    
+  

+
+  

+    
+    
+    
+  

+
+  
+  

+    
+    
+    
+  

+
+  
+  

+    
+    
+    
+  

+
+  
+  

+    
+    
+    
+  

+
+  
+  

+    
+    
+    
+  

+
+  
+  

+    
+    
+    
+  

+
+  
+  

+     
+     
+     
+   

+

+
+
+
+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_basic_form_html5.html b/toolkit/components/passwordmgr/test/mochitest/test_basic_form_html5.html
new file mode 100644
index 000000000..40e322afd
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_basic_form_html5.html
@@ -0,0 +1,164 @@
+
+
+
+  
+  Test for html5 input types (email, tel, url, etc.)
+  
+  
+  
+
+
+Login Manager test: html5 input types (email, tel, url, etc.)
+
+
+

+
+
+
+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_basic_form_pwevent.html b/toolkit/components/passwordmgr/test/mochitest/test_basic_form_pwevent.html
new file mode 100644
index 000000000..e0a2883c8
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_basic_form_pwevent.html
@@ -0,0 +1,55 @@
+
+
+
+
+  
+  Test for Bug 355063
+  
+  
+  
+  
+
+
+Mozilla Bug 355063
+

+

+forms go here!
+

+
+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_basic_form_pwonly.html b/toolkit/components/passwordmgr/test/mochitest/test_basic_form_pwonly.html
new file mode 100644
index 000000000..40fec8c46
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_basic_form_pwonly.html
@@ -0,0 +1,213 @@
+
+
+
+  
+  Test forms and logins without a username
+  
+  
+  
+
+
+Login Manager test: forms and logins without a username.
+
+

+
+
+
+
+
+

+
+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_bug_627616.html b/toolkit/components/passwordmgr/test/mochitest/test_bug_627616.html
new file mode 100644
index 000000000..ad4a41cdb
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_bug_627616.html
@@ -0,0 +1,145 @@
+
+
+
+  
+  Test bug 627616 related to proxy authentication
+  
+  
+  
+
+
+
+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_bug_776171.html b/toolkit/components/passwordmgr/test/mochitest/test_bug_776171.html
new file mode 100644
index 000000000..4ad08bee2
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_bug_776171.html
@@ -0,0 +1,56 @@
+
+
+
+
+  
+  Test for Bug 776171 related to HTTP auth
+  
+  
+  
+
+
+
+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_case_differences.html b/toolkit/components/passwordmgr/test/mochitest/test_case_differences.html
new file mode 100644
index 000000000..316f59da7
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_case_differences.html
@@ -0,0 +1,147 @@
+
+
+
+  
+  Test autocomplete due to multiple matching logins
+  
+  
+  
+  
+  
+  
+
+
+Login Manager test: autocomplete due to multiple matching logins
+
+
+

+
+
+

+
+  
+  

+    
+    
+    
+  

+
+

+
+
+
+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_form_action_1.html b/toolkit/components/passwordmgr/test/mochitest/test_form_action_1.html
new file mode 100644
index 000000000..430081b3a
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_form_action_1.html
@@ -0,0 +1,137 @@
+
+
+
+  
+  Test for considering form action
+  
+  
+  
+
+
+Login Manager test: Bug 360493
+
+

+
+
+
+

+
+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_form_action_2.html b/toolkit/components/passwordmgr/test/mochitest/test_form_action_2.html
new file mode 100644
index 000000000..0f0056de0
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_form_action_2.html
@@ -0,0 +1,170 @@
+
+
+
+  
+  Test for considering form action
+  
+  
+  
+
+
+Login Manager test: Bug 360493
+
+

+
+
+
+

+
+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_form_action_javascript.html b/toolkit/components/passwordmgr/test/mochitest/test_form_action_javascript.html
new file mode 100644
index 000000000..d37e92c40
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_form_action_javascript.html
@@ -0,0 +1,52 @@
+
+
+
+  
+  Test forms with a JS submit action
+  
+  
+  
+
+
+Login Manager test: form with JS submit action
+
+
+

+
+
+
+

+
+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_formless_autofill.html b/toolkit/components/passwordmgr/test/mochitest/test_formless_autofill.html
new file mode 100644
index 000000000..6263c818d
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_formless_autofill.html
@@ -0,0 +1,147 @@
+
+
+
+  
+  Test autofilling of fields outside of a form
+  
+  
+  
+  
+
+
+
+
+

+
+

+  
+

+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_formless_submit.html b/toolkit/components/passwordmgr/test/mochitest/test_formless_submit.html
new file mode 100644
index 000000000..468da1e7f
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_formless_submit.html
@@ -0,0 +1,183 @@
+
+
+
+  
+  Test capturing of fields outside of a form
+  
+  
+  
+  
+
+
+
+
+

+
+

+  
+

+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_formless_submit_navigation.html b/toolkit/components/passwordmgr/test/mochitest/test_formless_submit_navigation.html
new file mode 100644
index 000000000..b07d0886c
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_formless_submit_navigation.html
@@ -0,0 +1,191 @@
+
+
+
+  
+  Test capturing of fields outside of a form due to navigation
+  
+  
+  
+  
+
+
+
+
+

+
+

+  
+

+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_formless_submit_navigation_negative.html b/toolkit/components/passwordmgr/test/mochitest/test_formless_submit_navigation_negative.html
new file mode 100644
index 000000000..4283f128c
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_formless_submit_navigation_negative.html
@@ -0,0 +1,121 @@
+
+
+
+  
+  Test no capturing of fields outside of a form due to navigation
+  
+  
+  
+  
+
+
+
+
+

+
+

+  
+

+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_input_events.html b/toolkit/components/passwordmgr/test/mochitest/test_input_events.html
new file mode 100644
index 000000000..0e77956d8
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_input_events.html
@@ -0,0 +1,96 @@
+
+
+
+  
+  Test for input events in Login Manager
+  
+  
+  
+
+
+Login Manager test: input events should fire.
+
+
+
+

+
+
+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_input_events_for_identical_values.html b/toolkit/components/passwordmgr/test/mochitest/test_input_events_for_identical_values.html
new file mode 100644
index 000000000..d058a87f9
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_input_events_for_identical_values.html
@@ -0,0 +1,51 @@
+
+
+
+  
+  Test for input events in Login Manager when username/password are filled in already
+  
+  
+  
+  
+
+
+Login Manager test: input events should fire.
+
+
+
+

+
+

+
+  

+    
This is form 1.

+    
+    
+
+    
+    
+  

+
+

+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_insecure_form_field_autocomplete.html b/toolkit/components/passwordmgr/test/mochitest/test_insecure_form_field_autocomplete.html
new file mode 100644
index 000000000..c5d0a44fa
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_insecure_form_field_autocomplete.html
@@ -0,0 +1,861 @@
+
+
+
+  
+  Test insecure form field autocomplete
+  
+  
+  
+  
+  
+  
+
+
+
+
+

+
+
+

+
+  
+  

+    
+    
+    
+  

+
+  
+  

+    
+    
+    
+  

+
+  

+    
+    
+    
+  

+
+  

+    
+    
+    
+  

+
+  

+    
+    
+    
+  

+
+  
+  

+    
+    
+    
+  

+
+  
+  

+    
+    
+    
+  

+
+  
+  

+    
+    
+    
+  

+
+  
+  

+    
+    
+    
+  

+
+  
+  

+    
+    
+    
+  

+
+  
+  

+     
+     
+     
+   

+

+
+
+
+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_insecure_form_field_no_saved_login.html b/toolkit/components/passwordmgr/test/mochitest/test_insecure_form_field_no_saved_login.html
new file mode 100644
index 000000000..c3a894958
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_insecure_form_field_no_saved_login.html
@@ -0,0 +1,103 @@
+
+
+
+  
+  Test basic login, contextual inscure password warning without saved logins
+  
+  
+  
+  
+  
+  
+
+
+Login Manager test: contextual inscure password warning without saved logins
+
+
+

+
+
+

+
+  

+    
+    
+    
+  

+
+

+
+
+
+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_maxlength.html b/toolkit/components/passwordmgr/test/mochitest/test_maxlength.html
new file mode 100644
index 000000000..2b6da33ec
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_maxlength.html
@@ -0,0 +1,137 @@
+
+
+
+  
+  Test for maxlength attributes
+  
+  
+  
+
+
+Login Manager test: Bug 391514
+
+

+
+
+
+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_password_field_autocomplete.html b/toolkit/components/passwordmgr/test/mochitest/test_password_field_autocomplete.html
new file mode 100644
index 000000000..443c8a5e9
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_password_field_autocomplete.html
@@ -0,0 +1,291 @@
+
+
+
+  
+  Test basic login autocomplete
+  
+  
+  
+  
+  
+  
+
+
+Login Manager test: multiple login autocomplete
+
+
+

+
+
+

+
+  
+  

+    
+    
+    
+  

+
+  

+    
+    
+    
+  

+
+  

+    
+    
+    
+  

+
+

+
+
+
+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_passwords_in_type_password.html b/toolkit/components/passwordmgr/test/mochitest/test_passwords_in_type_password.html
new file mode 100644
index 000000000..e107cebe6
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_passwords_in_type_password.html
@@ -0,0 +1,122 @@
+
+
+
+  
+  Test that passwords only get filled in type=password
+  
+  
+  
+
+
+Login Manager test: Bug 242956
+
+

+
+
+
+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_prompt.html b/toolkit/components/passwordmgr/test/mochitest/test_prompt.html
new file mode 100644
index 000000000..1050ab66b
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_prompt.html
@@ -0,0 +1,705 @@
+
+
+
+  
+  Test prompter.{prompt,promptPassword,promptUsernameAndPassword}
+  
+  
+  
+  
+  
+
+
+

+
+
+
+
+
+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_prompt_http.html b/toolkit/components/passwordmgr/test/mochitest/test_prompt_http.html
new file mode 100644
index 000000000..0dc8fdf9c
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_prompt_http.html
@@ -0,0 +1,362 @@
+
+
+
+  
+  Test HTTP auth prompts by loading authenticate.sjs
+  
+  
+  
+  
+  
+
+
+

+
+
+
+
+
+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_prompt_noWindow.html b/toolkit/components/passwordmgr/test/mochitest/test_prompt_noWindow.html
new file mode 100644
index 000000000..92af172ca
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_prompt_noWindow.html
@@ -0,0 +1,81 @@
+
+
+
+  
+  Test HTTP auth prompts by loading authenticate.sjs with no window
+  
+  
+  
+  
+  
+
+
+

+
+
+
+
+
+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_prompt_promptAuth.html b/toolkit/components/passwordmgr/test/mochitest/test_prompt_promptAuth.html
new file mode 100644
index 000000000..36f53a54a
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_prompt_promptAuth.html
@@ -0,0 +1,406 @@
+
+
+
+  
+  Test promptAuth prompts
+  
+  
+  
+  
+  
+
+
+

+
+
+
+
+
+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_prompt_promptAuth_proxy.html b/toolkit/components/passwordmgr/test/mochitest/test_prompt_promptAuth_proxy.html
new file mode 100644
index 000000000..95dd4c7bc
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_prompt_promptAuth_proxy.html
@@ -0,0 +1,264 @@
+
+
+
+  
+  Test promptAuth proxy prompts
+  
+  
+  
+  
+  
+
+
+

+
+
+
+
+
+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_recipe_login_fields.html b/toolkit/components/passwordmgr/test/mochitest/test_recipe_login_fields.html
new file mode 100644
index 000000000..943bffc52
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_recipe_login_fields.html
@@ -0,0 +1,145 @@
+
+
+
+  
+  Test for recipes overriding login fields
+  
+  
+  
+  
+
+
+
+
+

+
+

+  // Forms are inserted dynamically
+

+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_username_focus.html b/toolkit/components/passwordmgr/test/mochitest/test_username_focus.html
new file mode 100644
index 000000000..c93c1e9c9
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_username_focus.html
@@ -0,0 +1,263 @@
+
+
+
+
+  
+  Test interaction between autocomplete and focus on username fields
+  
+  
+  
+  
+  
+  
+
+
+
+
+

+

+  
+
+  
+  

+    
+    
+    
+  

+
+  
+  

+    
+    
+    
+  

+
+  
+  

+    
+    
+    
+  

+
+
+  
+
+  
+  

+    
+    
+    
+  

+
+  
+  

+    
+    
+    
+  

+
+  
+  

+    
+    
+    
+  

+
+  
+  

+    
+    
+    
+  

+
+  
+  

+    
+    
+    
+  

+
+

+
+
+

+
+
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_xhr_2.html b/toolkit/components/passwordmgr/test/mochitest/test_xhr_2.html
new file mode 100644
index 000000000..fa8357792
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_xhr_2.html
@@ -0,0 +1,55 @@
+
+
+
+
+  
+  Test XHR auth with user and pass arguments
+  
+  
+  
+
+
+
+
+
diff --git a/toolkit/components/passwordmgr/test/prompt_common.js b/toolkit/components/passwordmgr/test/prompt_common.js
new file mode 100644
index 000000000..267e697ae
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/prompt_common.js
@@ -0,0 +1,79 @@
+/**
+ * NOTE:
+ * This file is currently only being used for tests which haven't been
+ * fixed to work with e10s. Favor using the `prompt_common.js` file that
+ * is in `toolkit/components/prompts/test/` instead.
+ */
+
+var Ci = SpecialPowers.Ci;
+ok(Ci != null, "Access Ci");
+var Cc = SpecialPowers.Cc;
+ok(Cc != null, "Access Cc");
+
+var didDialog;
+
+var timer; // keep in outer scope so it's not GC'd before firing
+function startCallbackTimer() {
+    didDialog = false;
+
+    // Delay before the callback twiddles the prompt.
+    const dialogDelay = 10;
+
+    // Use a timer to invoke a callback to twiddle the authentication dialog
+    timer = Cc["@mozilla.org/timer;1"].createInstance(Ci.nsITimer);
+    timer.init(observer, dialogDelay, Ci.nsITimer.TYPE_ONE_SHOT);
+}
+
+
+var observer = SpecialPowers.wrapCallbackObject({
+    QueryInterface : function (iid) {
+        const interfaces = [Ci.nsIObserver,
+                            Ci.nsISupports, Ci.nsISupportsWeakReference];
+
+        if (!interfaces.some( function(v) { return iid.equals(v); } ))
+            throw SpecialPowers.Components.results.NS_ERROR_NO_INTERFACE;
+        return this;
+    },
+
+    observe : function (subject, topic, data) {
+        var doc = getDialogDoc();
+        if (doc)
+            handleDialog(doc, testNum);
+        else
+            startCallbackTimer(); // try again in a bit
+    }
+});
+
+function getDialogDoc() {
+  // Find the  which contains notifyWindow, by looking
+  // through all the open windows and all the  in each.
+  var wm = Cc["@mozilla.org/appshell/window-mediator;1"].
+           getService(Ci.nsIWindowMediator);
+  // var enumerator = wm.getEnumerator("navigator:browser");
+  var enumerator = wm.getXULWindowEnumerator(null);
+
+  while (enumerator.hasMoreElements()) {
+    var win = enumerator.getNext();
+    var windowDocShell = win.QueryInterface(Ci.nsIXULWindow).docShell;
+
+    var containedDocShells = windowDocShell.getDocShellEnumerator(
+                                      Ci.nsIDocShellTreeItem.typeChrome,
+                                      Ci.nsIDocShell.ENUMERATE_FORWARDS);
+    while (containedDocShells.hasMoreElements()) {
+        // Get the corresponding document for this docshell
+        var childDocShell = containedDocShells.getNext();
+        // We don't want it if it's not done loading.
+        if (childDocShell.busyFlags != Ci.nsIDocShell.BUSY_FLAGS_NONE)
+          continue;
+        var childDoc = childDocShell.QueryInterface(Ci.nsIDocShell)
+                                    .contentViewer
+                                    .DOMDocument;
+
+        // ok(true, "Got window: " + childDoc.location.href);
+        if (childDoc.location.href == "chrome://global/content/commonDialog.xul")
+          return childDoc;
+    }
+  }
+
+  return null;
+}
diff --git a/toolkit/components/passwordmgr/test/pwmgr_common.js b/toolkit/components/passwordmgr/test/pwmgr_common.js
new file mode 100644
index 000000000..fa7c4fd85
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/pwmgr_common.js
@@ -0,0 +1,509 @@
+const TESTS_DIR = "/tests/toolkit/components/passwordmgr/test/";
+
+/**
+ * Returns the element with the specified |name| attribute.
+ */
+function $_(formNum, name) {
+  var form = document.getElementById("form" + formNum);
+  if (!form) {
+    logWarning("$_ couldn't find requested form " + formNum);
+    return null;
+  }
+
+  var element = form.children.namedItem(name);
+  if (!element) {
+    logWarning("$_ couldn't find requested element " + name);
+    return null;
+  }
+
+  // Note that namedItem is a bit stupid, and will prefer an
+  // |id| attribute over a |name| attribute when looking for
+  // the element. Login Mananger happens to use .namedItem
+  // anyway, but let's rigorously check it here anyway so
+  // that we don't end up with tests that mistakenly pass.
+
+  if (element.getAttribute("name") != name) {
+    logWarning("$_ got confused.");
+    return null;
+  }
+
+  return element;
+}
+
+/**
+ * Check a form for expected values. If an argument is null, a field's
+ * expected value will be the default value.
+ *
+ * 

+ * checkForm(#, "foo");
+ */
+function checkForm(formNum, val1, val2, val3) {
+  var e, form = document.getElementById("form" + formNum);
+  ok(form, "Locating form " + formNum);
+
+  var numToCheck = arguments.length - 1;
+
+  if (!numToCheck--)
+    return;
+  e = form.elements[0];
+  if (val1 == null)
+    is(e.value, e.defaultValue, "Test default value of field " + e.name +
+       " in form " + formNum);
+  else
+    is(e.value, val1, "Test value of field " + e.name +
+       " in form " + formNum);
+
+
+  if (!numToCheck--)
+    return;
+  e = form.elements[1];
+  if (val2 == null)
+    is(e.value, e.defaultValue, "Test default value of field " + e.name +
+       " in form " + formNum);
+  else
+    is(e.value, val2, "Test value of field " + e.name +
+       " in form " + formNum);
+
+
+  if (!numToCheck--)
+    return;
+  e = form.elements[2];
+  if (val3 == null)
+    is(e.value, e.defaultValue, "Test default value of field " + e.name +
+       " in form " + formNum);
+  else
+    is(e.value, val3, "Test value of field " + e.name +
+       " in form " + formNum);
+}
+
+/**
+ * Check a form for unmodified values from when page was loaded.
+ *
+ * 
+ * checkUnmodifiedForm(#);
+ */
+function checkUnmodifiedForm(formNum) {
+  var form = document.getElementById("form" + formNum);
+  ok(form, "Locating form " + formNum);
+
+  for (var i = 0; i < form.elements.length; i++) {
+    var ele = form.elements[i];
+
+    // No point in checking form submit/reset buttons.
+    if (ele.type == "submit" || ele.type == "reset")
+      continue;
+
+    is(ele.value, ele.defaultValue, "Test to default value of field " +
+       ele.name + " in form " + formNum);
+  }
+}
+
+/**
+ * Mochitest gives us a sendKey(), but it's targeted to a specific element.
+ * This basically sends an untargeted key event, to whatever's focused.
+ */
+function doKey(aKey, modifier) {
+  var keyName = "DOM_VK_" + aKey.toUpperCase();
+  var key = KeyEvent[keyName];
+
+  // undefined --> null
+  if (!modifier)
+    modifier = null;
+
+  // Window utils for sending fake sey events.
+  var wutils = SpecialPowers.wrap(window).
+               QueryInterface(SpecialPowers.Ci.nsIInterfaceRequestor).
+               getInterface(SpecialPowers.Ci.nsIDOMWindowUtils);
+
+  if (wutils.sendKeyEvent("keydown",  key, 0, modifier)) {
+    wutils.sendKeyEvent("keypress", key, 0, modifier);
+  }
+  wutils.sendKeyEvent("keyup",    key, 0, modifier);
+}
+
+/**
+ * Init with a common login
+ * If selfFilling is true or non-undefined, fires an event at the page so that
+ * the test can start checking filled-in values. Tests that check observer
+ * notifications might be confused by this.
+ */
+function commonInit(selfFilling) {
+  var pwmgr = SpecialPowers.Cc["@mozilla.org/login-manager;1"].
+              getService(SpecialPowers.Ci.nsILoginManager);
+  ok(pwmgr != null, "Access LoginManager");
+
+  // Check that initial state has no logins
+  var logins = pwmgr.getAllLogins();
+  is(logins.length, 0, "Not expecting logins to be present");
+  var disabledHosts = pwmgr.getAllDisabledHosts();
+  if (disabledHosts.length) {
+    ok(false, "Warning: wasn't expecting disabled hosts to be present.");
+    for (var host of disabledHosts)
+      pwmgr.setLoginSavingEnabled(host, true);
+  }
+
+  // Add a login that's used in multiple tests
+  var login = SpecialPowers.Cc["@mozilla.org/login-manager/loginInfo;1"].
+              createInstance(SpecialPowers.Ci.nsILoginInfo);
+  login.init("http://mochi.test:8888", "http://mochi.test:8888", null,
+             "testuser", "testpass", "uname", "pword");
+  pwmgr.addLogin(login);
+
+  // Last sanity check
+  logins = pwmgr.getAllLogins();
+  is(logins.length, 1, "Checking for successful init login");
+  disabledHosts = pwmgr.getAllDisabledHosts();
+  is(disabledHosts.length, 0, "Checking for no disabled hosts");
+
+  if (selfFilling)
+    return;
+
+  if (this.sendAsyncMessage) {
+    sendAsyncMessage("registerRunTests");
+  } else {
+    registerRunTests();
+  }
+}
+
+function registerRunTests() {
+  return new Promise(resolve => {
+    // We provide a general mechanism for our tests to know when they can
+    // safely run: we add a final form that we know will be filled in, wait
+    // for the login manager to tell us that it's filled in and then continue
+    // with the rest of the tests.
+    window.addEventListener("DOMContentLoaded", (event) => {
+      var form = document.createElement('form');
+      form.id = 'observerforcer';
+      var username = document.createElement('input');
+      username.name = 'testuser';
+      form.appendChild(username);
+      var password = document.createElement('input');
+      password.name = 'testpass';
+      password.type = 'password';
+      form.appendChild(password);
+
+      var observer = SpecialPowers.wrapCallback(function(subject, topic, data) {
+        var formLikeRoot = subject.QueryInterface(SpecialPowers.Ci.nsIDOMNode);
+        if (formLikeRoot.id !== 'observerforcer')
+          return;
+        SpecialPowers.removeObserver(observer, "passwordmgr-processed-form");
+        formLikeRoot.remove();
+        SimpleTest.executeSoon(() => {
+          var runTestEvent = new Event("runTests");
+          window.dispatchEvent(runTestEvent);
+          resolve();
+        });
+      });
+      SpecialPowers.addObserver(observer, "passwordmgr-processed-form", false);
+
+      document.body.appendChild(form);
+    });
+  });
+}
+
+const masterPassword = "omgsecret!";
+
+function enableMasterPassword() {
+  setMasterPassword(true);
+}
+
+function disableMasterPassword() {
+  setMasterPassword(false);
+}
+
+function setMasterPassword(enable) {
+  var oldPW, newPW;
+  if (enable) {
+    oldPW = "";
+    newPW = masterPassword;
+  } else {
+    oldPW = masterPassword;
+    newPW = "";
+  }
+  // Set master password. Note that this does not log you in, so the next
+  // invocation of pwmgr can trigger a MP prompt.
+
+  var pk11db = Cc["@mozilla.org/security/pk11tokendb;1"].getService(Ci.nsIPK11TokenDB);
+  var token = pk11db.findTokenByName("");
+  info("MP change from " + oldPW + " to " + newPW);
+  token.changePassword(oldPW, newPW);
+}
+
+function logoutMasterPassword() {
+  var sdr = Cc["@mozilla.org/security/sdr;1"].getService(Ci.nsISecretDecoderRing);
+  sdr.logoutAndTeardown();
+}
+
+function dumpLogins(pwmgr) {
+  var logins = pwmgr.getAllLogins();
+  ok(true, "----- dumpLogins: have " + logins.length + " logins. -----");
+  for (var i = 0; i < logins.length; i++)
+    dumpLogin("login #" + i + " --- ", logins[i]);
+}
+
+function dumpLogin(label, login) {
+  var loginText = "";
+  loginText += "host: ";
+  loginText += login.hostname;
+  loginText += " / formURL: ";
+  loginText += login.formSubmitURL;
+  loginText += " / realm: ";
+  loginText += login.httpRealm;
+  loginText += " / user: ";
+  loginText += login.username;
+  loginText += " / pass: ";
+  loginText += login.password;
+  loginText += " / ufield: ";
+  loginText += login.usernameField;
+  loginText += " / pfield: ";
+  loginText += login.passwordField;
+  ok(true, label + loginText);
+}
+
+function getRecipeParent() {
+  var { LoginManagerParent } = SpecialPowers.Cu.import("resource://gre/modules/LoginManagerParent.jsm", {});
+  if (!LoginManagerParent.recipeParentPromise) {
+    return null;
+  }
+  return LoginManagerParent.recipeParentPromise.then((recipeParent) => {
+    return SpecialPowers.wrap(recipeParent);
+  });
+}
+
+/**
+ * Resolves when a specified number of forms have been processed.
+ */
+function promiseFormsProcessed(expectedCount = 1) {
+  var processedCount = 0;
+  return new Promise((resolve, reject) => {
+    function onProcessedForm(subject, topic, data) {
+      processedCount++;
+      if (processedCount == expectedCount) {
+        SpecialPowers.removeObserver(onProcessedForm, "passwordmgr-processed-form");
+        resolve(SpecialPowers.Cu.waiveXrays(subject), data);
+      }
+    }
+    SpecialPowers.addObserver(onProcessedForm, "passwordmgr-processed-form", false);
+  });
+}
+
+function loadRecipes(recipes) {
+  info("Loading recipes");
+  return new Promise(resolve => {
+    chromeScript.addMessageListener("loadedRecipes", function loaded() {
+      chromeScript.removeMessageListener("loadedRecipes", loaded);
+      resolve(recipes);
+    });
+    chromeScript.sendAsyncMessage("loadRecipes", recipes);
+  });
+}
+
+function resetRecipes() {
+  info("Resetting recipes");
+  return new Promise(resolve => {
+    chromeScript.addMessageListener("recipesReset", function reset() {
+      chromeScript.removeMessageListener("recipesReset", reset);
+      resolve();
+    });
+    chromeScript.sendAsyncMessage("resetRecipes");
+  });
+}
+
+function promiseStorageChanged(expectedChangeTypes) {
+  return new Promise((resolve, reject) => {
+    function onStorageChanged({ topic, data }) {
+      let changeType = expectedChangeTypes.shift();
+      is(data, changeType, "Check expected passwordmgr-storage-changed type");
+      if (expectedChangeTypes.length === 0) {
+        chromeScript.removeMessageListener("storageChanged", onStorageChanged);
+        resolve();
+      }
+    }
+    chromeScript.addMessageListener("storageChanged", onStorageChanged);
+  });
+}
+
+function promisePromptShown(expectedTopic) {
+  return new Promise((resolve, reject) => {
+    function onPromptShown({ topic, data }) {
+      is(topic, expectedTopic, "Check expected prompt topic");
+      chromeScript.removeMessageListener("promptShown", onPromptShown);
+      resolve();
+    }
+    chromeScript.addMessageListener("promptShown", onPromptShown);
+  });
+}
+
+/**
+ * Run a function synchronously in the parent process and destroy it in the test cleanup function.
+ * @param {Function|String} aFunctionOrURL - either a function that will be stringified and run
+ *                                           or the URL to a JS file.
+ * @return {Object} - the return value of loadChromeScript providing message-related methods.
+ *                    @see loadChromeScript in specialpowersAPI.js
+ */
+function runInParent(aFunctionOrURL) {
+  let chromeScript = SpecialPowers.loadChromeScript(aFunctionOrURL);
+  SimpleTest.registerCleanupFunction(() => {
+    chromeScript.destroy();
+  });
+  return chromeScript;
+}
+
+/**
+ * Run commonInit synchronously in the parent then run the test function after the runTests event.
+ *
+ * @param {Function} aFunction The test function to run
+ */
+function runChecksAfterCommonInit(aFunction = null) {
+  SimpleTest.waitForExplicitFinish();
+  let pwmgrCommonScript = runInParent(SimpleTest.getTestFileURL("pwmgr_common.js"));
+  if (aFunction) {
+    window.addEventListener("runTests", aFunction);
+    pwmgrCommonScript.addMessageListener("registerRunTests", () => registerRunTests());
+  }
+  pwmgrCommonScript.sendSyncMessage("setupParent");
+  return pwmgrCommonScript;
+}
+
+// Code to run when loaded as a chrome script in tests via loadChromeScript
+if (this.addMessageListener) {
+  const { classes: Cc, interfaces: Ci, results: Cr, utils: Cu } = Components;
+  var SpecialPowers = { Cc, Ci, Cr, Cu, };
+  var ok, is;
+  // Ignore ok/is in commonInit since they aren't defined in a chrome script.
+  ok = is = () => {}; // eslint-disable-line no-native-reassign
+
+  Cu.import("resource://gre/modules/LoginHelper.jsm");
+  Cu.import("resource://gre/modules/LoginManagerParent.jsm");
+  Cu.import("resource://gre/modules/Services.jsm");
+  Cu.import("resource://gre/modules/Task.jsm");
+
+  function onStorageChanged(subject, topic, data) {
+    sendAsyncMessage("storageChanged", {
+      topic,
+      data,
+    });
+  }
+  Services.obs.addObserver(onStorageChanged, "passwordmgr-storage-changed", false);
+
+  function onPrompt(subject, topic, data) {
+    sendAsyncMessage("promptShown", {
+      topic,
+      data,
+    });
+  }
+  Services.obs.addObserver(onPrompt, "passwordmgr-prompt-change", false);
+  Services.obs.addObserver(onPrompt, "passwordmgr-prompt-save", false);
+
+  addMessageListener("setupParent", ({selfFilling = false} = {selfFilling: false}) => {
+    // Force LoginManagerParent to init for the tests since it's normally delayed
+    // by apps such as on Android.
+    LoginManagerParent.init();
+
+    commonInit(selfFilling);
+    sendAsyncMessage("doneSetup");
+  });
+
+  addMessageListener("loadRecipes", Task.async(function*(recipes) {
+    var recipeParent = yield LoginManagerParent.recipeParentPromise;
+    yield recipeParent.load(recipes);
+    sendAsyncMessage("loadedRecipes", recipes);
+  }));
+
+  addMessageListener("resetRecipes", Task.async(function*() {
+    let recipeParent = yield LoginManagerParent.recipeParentPromise;
+    yield recipeParent.reset();
+    sendAsyncMessage("recipesReset");
+  }));
+
+  addMessageListener("proxyLoginManager", msg => {
+    // Recreate nsILoginInfo objects from vanilla JS objects.
+    let recreatedArgs = msg.args.map((arg, index) => {
+      if (msg.loginInfoIndices.includes(index)) {
+        return LoginHelper.vanillaObjectToLogin(arg);
+      }
+
+      return arg;
+    });
+
+    let rv = Services.logins[msg.methodName](...recreatedArgs);
+    if (rv instanceof Ci.nsILoginInfo) {
+      rv = LoginHelper.loginToVanillaObject(rv);
+    }
+    return rv;
+  });
+
+  var globalMM = Cc["@mozilla.org/globalmessagemanager;1"].getService(Ci.nsIMessageListenerManager);
+  globalMM.addMessageListener("RemoteLogins:onFormSubmit", function onFormSubmit(message) {
+    sendAsyncMessage("formSubmissionProcessed", message.data, message.objects);
+  });
+} else {
+  // Code to only run in the mochitest pages (not in the chrome script).
+  SpecialPowers.pushPrefEnv({"set": [["signon.autofillForms.http", true],
+                                     ["security.insecure_field_warning.contextual.enabled", false]]
+                            });
+
+  SimpleTest.registerCleanupFunction(() => {
+    SpecialPowers.popPrefEnv();
+    runInParent(function cleanupParent() {
+      const { classes: Cc, interfaces: Ci, results: Cr, utils: Cu } = Components;
+      Cu.import("resource://gre/modules/Services.jsm");
+      Cu.import("resource://gre/modules/LoginManagerParent.jsm");
+
+      // Remove all logins and disabled hosts
+      Services.logins.removeAllLogins();
+
+      let disabledHosts = Services.logins.getAllDisabledHosts();
+      disabledHosts.forEach(host => Services.logins.setLoginSavingEnabled(host, true));
+
+      let authMgr = Cc["@mozilla.org/network/http-auth-manager;1"].
+                    getService(Ci.nsIHttpAuthManager);
+      authMgr.clearAll();
+
+      if (LoginManagerParent._recipeManager) {
+        LoginManagerParent._recipeManager.reset();
+      }
+
+      // Cleanup PopupNotifications (if on a relevant platform)
+      let chromeWin = Services.wm.getMostRecentWindow("navigator:browser");
+      if (chromeWin && chromeWin.PopupNotifications) {
+        let notes = chromeWin.PopupNotifications._currentNotifications;
+        if (notes.length > 0) {
+          dump("Removing " + notes.length + " popup notifications.\n");
+        }
+        for (let note of notes) {
+	  note.remove();
+        }
+      }
+    });
+  });
+
+
+  let { LoginHelper } = SpecialPowers.Cu.import("resource://gre/modules/LoginHelper.jsm", {});
+  /**
+   * Proxy for Services.logins (nsILoginManager).
+   * Only supports arguments which support structured clone plus {nsILoginInfo}
+   * Assumes properties are methods.
+   */
+  this.LoginManager = new Proxy({}, {
+    get(target, prop, receiver) {
+      return (...args) => {
+        let loginInfoIndices = [];
+        let cloneableArgs = args.map((val, index) => {
+          if (SpecialPowers.call_Instanceof(val, SpecialPowers.Ci.nsILoginInfo)) {
+            loginInfoIndices.push(index);
+            return LoginHelper.loginToVanillaObject(val);
+          }
+
+          return val;
+        });
+
+        return chromeScript.sendSyncMessage("proxyLoginManager", {
+          args: cloneableArgs,
+          loginInfoIndices,
+          methodName: prop,
+        })[0][0];
+      };
+    },
+  });
+}
diff --git a/toolkit/components/passwordmgr/test/subtst_master_pass.html b/toolkit/components/passwordmgr/test/subtst_master_pass.html
new file mode 100644
index 000000000..20211866a
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/subtst_master_pass.html
@@ -0,0 +1,12 @@
+
MP subtest

+This form triggers a MP and gets filled in.

+
+Username: 

+Password: 

+
+

diff --git a/toolkit/components/passwordmgr/test/subtst_prompt_async.html b/toolkit/components/passwordmgr/test/subtst_prompt_async.html
new file mode 100644
index 000000000..f60f63814
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/subtst_prompt_async.html
@@ -0,0 +1,12 @@
+
+
+
+  
+  Multiple auth request
+
+
+  
+  
+  
+
+
diff --git a/toolkit/components/passwordmgr/test/test_master_password.html b/toolkit/components/passwordmgr/test/test_master_password.html
new file mode 100644
index 000000000..c8884811f
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/test_master_password.html
@@ -0,0 +1,308 @@
+
+
+
+  
+  Test for master password
+  
+  
+  
+  
+
+
+Login Manager test: master password.
+
+
+

+
+
+
+
+
+

+
+
+
diff --git a/toolkit/components/passwordmgr/test/test_prompt_async.html b/toolkit/components/passwordmgr/test/test_prompt_async.html
new file mode 100644
index 000000000..38b34679a
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/test_prompt_async.html
@@ -0,0 +1,540 @@
+
+
+
+    
+    Test for Async Auth Prompt
+    
+    
+    
+    
+
+    
+
+
+    
+    
+    
+
+
diff --git a/toolkit/components/passwordmgr/test/test_xhr.html b/toolkit/components/passwordmgr/test/test_xhr.html
new file mode 100644
index 000000000..296371685
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/test_xhr.html
@@ -0,0 +1,201 @@
+
+
+
+  
+  Test for XHR prompts
+  
+  
+  
+  
+
+
+Login Manager test: XHR prompt
+

+
+
+
+
+
+

+
+
diff --git a/toolkit/components/passwordmgr/test/test_xml_load.html b/toolkit/components/passwordmgr/test/test_xml_load.html
new file mode 100644
index 000000000..5672c7117
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/test_xml_load.html
@@ -0,0 +1,191 @@
+
+
+
+  
+  Test XML document prompts
+  
+  
+  
+  
+
+
+Login Manager test: XML prompt
+

+
+
+
+
+
+

+
+
diff --git a/toolkit/components/passwordmgr/test/unit/.eslintrc.js b/toolkit/components/passwordmgr/test/unit/.eslintrc.js
new file mode 100644
index 000000000..d35787cd2
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/.eslintrc.js
@@ -0,0 +1,7 @@
+"use strict";
+
+module.exports = {
+  "extends": [
+    "../../../../../testing/xpcshell/xpcshell.eslintrc.js"
+  ]
+};
diff --git a/toolkit/components/passwordmgr/test/unit/data/corruptDB.sqlite b/toolkit/components/passwordmgr/test/unit/data/corruptDB.sqlite
new file mode 100644
index 000000000..b234246ca
Binary files /dev/null and b/toolkit/components/passwordmgr/test/unit/data/corruptDB.sqlite differ
diff --git a/toolkit/components/passwordmgr/test/unit/data/key3.db b/toolkit/components/passwordmgr/test/unit/data/key3.db
new file mode 100644
index 000000000..a83a0a577
Binary files /dev/null and b/toolkit/components/passwordmgr/test/unit/data/key3.db differ
diff --git a/toolkit/components/passwordmgr/test/unit/data/signons-v1.sqlite b/toolkit/components/passwordmgr/test/unit/data/signons-v1.sqlite
new file mode 100644
index 000000000..fe030b61f
Binary files /dev/null and b/toolkit/components/passwordmgr/test/unit/data/signons-v1.sqlite differ
diff --git a/toolkit/components/passwordmgr/test/unit/data/signons-v1v2.sqlite b/toolkit/components/passwordmgr/test/unit/data/signons-v1v2.sqlite
new file mode 100644
index 000000000..729512a12
Binary files /dev/null and b/toolkit/components/passwordmgr/test/unit/data/signons-v1v2.sqlite differ
diff --git a/toolkit/components/passwordmgr/test/unit/data/signons-v2.sqlite b/toolkit/components/passwordmgr/test/unit/data/signons-v2.sqlite
new file mode 100644
index 000000000..a6c72b31e
Binary files /dev/null and b/toolkit/components/passwordmgr/test/unit/data/signons-v2.sqlite differ
diff --git a/toolkit/components/passwordmgr/test/unit/data/signons-v2v3.sqlite b/toolkit/components/passwordmgr/test/unit/data/signons-v2v3.sqlite
new file mode 100644
index 000000000..359df5d31
Binary files /dev/null and b/toolkit/components/passwordmgr/test/unit/data/signons-v2v3.sqlite differ
diff --git a/toolkit/components/passwordmgr/test/unit/data/signons-v3.sqlite b/toolkit/components/passwordmgr/test/unit/data/signons-v3.sqlite
new file mode 100644
index 000000000..918f4142f
Binary files /dev/null and b/toolkit/components/passwordmgr/test/unit/data/signons-v3.sqlite differ
diff --git a/toolkit/components/passwordmgr/test/unit/data/signons-v3v4.sqlite b/toolkit/components/passwordmgr/test/unit/data/signons-v3v4.sqlite
new file mode 100644
index 000000000..e06c33aae
Binary files /dev/null and b/toolkit/components/passwordmgr/test/unit/data/signons-v3v4.sqlite differ
diff --git a/toolkit/components/passwordmgr/test/unit/data/signons-v4.sqlite b/toolkit/components/passwordmgr/test/unit/data/signons-v4.sqlite
new file mode 100644
index 000000000..227c09c81
Binary files /dev/null and b/toolkit/components/passwordmgr/test/unit/data/signons-v4.sqlite differ
diff --git a/toolkit/components/passwordmgr/test/unit/data/signons-v4v5.sqlite b/toolkit/components/passwordmgr/test/unit/data/signons-v4v5.sqlite
new file mode 100644
index 000000000..4534cf255
Binary files /dev/null and b/toolkit/components/passwordmgr/test/unit/data/signons-v4v5.sqlite differ
diff --git a/toolkit/components/passwordmgr/test/unit/data/signons-v5v6.sqlite b/toolkit/components/passwordmgr/test/unit/data/signons-v5v6.sqlite
new file mode 100644
index 000000000..eb4ee6d01
Binary files /dev/null and b/toolkit/components/passwordmgr/test/unit/data/signons-v5v6.sqlite differ
diff --git a/toolkit/components/passwordmgr/test/unit/data/signons-v999-2.sqlite b/toolkit/components/passwordmgr/test/unit/data/signons-v999-2.sqlite
new file mode 100644
index 000000000..e09c4f710
Binary files /dev/null and b/toolkit/components/passwordmgr/test/unit/data/signons-v999-2.sqlite differ
diff --git a/toolkit/components/passwordmgr/test/unit/data/signons-v999.sqlite b/toolkit/components/passwordmgr/test/unit/data/signons-v999.sqlite
new file mode 100644
index 000000000..0328a1a02
Binary files /dev/null and b/toolkit/components/passwordmgr/test/unit/data/signons-v999.sqlite differ
diff --git a/toolkit/components/passwordmgr/test/unit/head.js b/toolkit/components/passwordmgr/test/unit/head.js
new file mode 100644
index 000000000..baf958ab4
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/head.js
@@ -0,0 +1,135 @@
+/**
+ * Provides infrastructure for automated login components tests.
+ */
+
+"use strict";
+
+// Globals
+
+let { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
+
+Cu.import("resource://gre/modules/XPCOMUtils.jsm");
+Cu.import("resource://gre/modules/Services.jsm");
+Cu.import("resource://gre/modules/LoginRecipes.jsm");
+Cu.import("resource://gre/modules/LoginHelper.jsm");
+Cu.import("resource://testing-common/MockDocument.jsm");
+
+XPCOMUtils.defineLazyModuleGetter(this, "DownloadPaths",
+                                  "resource://gre/modules/DownloadPaths.jsm");
+XPCOMUtils.defineLazyModuleGetter(this, "FileUtils",
+                                  "resource://gre/modules/FileUtils.jsm");
+XPCOMUtils.defineLazyModuleGetter(this, "OS",
+                                  "resource://gre/modules/osfile.jsm");
+XPCOMUtils.defineLazyModuleGetter(this, "Promise",
+                                  "resource://gre/modules/Promise.jsm");
+
+const LoginInfo =
+      Components.Constructor("@mozilla.org/login-manager/loginInfo;1",
+                             "nsILoginInfo", "init");
+
+// Import LoginTestUtils.jsm as LoginTestUtils.
+XPCOMUtils.defineLazyModuleGetter(this, "LoginTestUtils",
+                                  "resource://testing-common/LoginTestUtils.jsm");
+LoginTestUtils.Assert = Assert;
+const TestData = LoginTestUtils.testData;
+const newPropertyBag = LoginHelper.newPropertyBag;
+
+/**
+ * All the tests are implemented with add_task, this starts them automatically.
+ */
+function run_test()
+{
+  do_get_profile();
+  run_next_test();
+}
+
+// Global helpers
+
+// Some of these functions are already implemented in other parts of the source
+// tree, see bug 946708 about sharing more code.
+
+// While the previous test file should have deleted all the temporary files it
+// used, on Windows these might still be pending deletion on the physical file
+// system.  Thus, start from a new base number every time, to make a collision
+// with a file that is still pending deletion highly unlikely.
+let gFileCounter = Math.floor(Math.random() * 1000000);
+
+/**
+ * Returns a reference to a temporary file, that is guaranteed not to exist, and
+ * to have never been created before.
+ *
+ * @param aLeafName
+ *        Suggested leaf name for the file to be created.
+ *
+ * @return nsIFile pointing to a non-existent file in a temporary directory.
+ *
+ * @note It is not enough to delete the file if it exists, or to delete the file
+ *       after calling nsIFile.createUnique, because on Windows the delete
+ *       operation in the file system may still be pending, preventing a new
+ *       file with the same name to be created.
+ */
+function getTempFile(aLeafName)
+{
+  // Prepend a serial number to the extension in the suggested leaf name.
+  let [base, ext] = DownloadPaths.splitBaseNameAndExtension(aLeafName);
+  let leafName = base + "-" + gFileCounter + ext;
+  gFileCounter++;
+
+  // Get a file reference under the temporary directory for this test file.
+  let file = FileUtils.getFile("TmpD", [leafName]);
+  do_check_false(file.exists());
+
+  do_register_cleanup(function () {
+    if (file.exists()) {
+      file.remove(false);
+    }
+  });
+
+  return file;
+}
+
+const RecipeHelpers = {
+  initNewParent() {
+    return (new LoginRecipesParent({ defaults: null })).initializationPromise;
+  },
+};
+
+// Initialization functions common to all tests
+
+add_task(function* test_common_initialize()
+{
+  // Before initializing the service for the first time, we should copy the key
+  // file required to decrypt the logins contained in the SQLite databases used
+  // by migration tests.  This file is not required for the other tests.
+  yield OS.File.copy(do_get_file("data/key3.db").path,
+                     OS.Path.join(OS.Constants.Path.profileDir, "key3.db"));
+
+  // Ensure that the service and the storage module are initialized.
+  yield Services.logins.initializationPromise;
+
+  // Ensure that every test file starts with an empty database.
+  LoginTestUtils.clearData();
+
+  // Clean up after every test.
+  do_register_cleanup(() => LoginTestUtils.clearData());
+});
+
+/**
+ * Compare two FormLike to see if they represent the same information. Elements
+ * are compared using their @id attribute.
+ */
+function formLikeEqual(a, b) {
+  Assert.strictEqual(Object.keys(a).length, Object.keys(b).length,
+                     "Check the formLikes have the same number of properties");
+
+  for (let propName of Object.keys(a)) {
+    if (propName == "elements") {
+      Assert.strictEqual(a.elements.length, b.elements.length, "Check element count");
+      for (let i = 0; i < a.elements.length; i++) {
+        Assert.strictEqual(a.elements[i].id, b.elements[i].id, "Check element " + i + " id");
+      }
+      continue;
+    }
+    Assert.strictEqual(a[propName], b[propName], "Compare formLike " + propName + " property");
+  }
+}
diff --git a/toolkit/components/passwordmgr/test/unit/test_OSCrypto_win.js b/toolkit/components/passwordmgr/test/unit/test_OSCrypto_win.js
new file mode 100644
index 000000000..94d2e50c0
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_OSCrypto_win.js
@@ -0,0 +1,75 @@
+/**
+ * Tests the OSCrypto object.
+ */
+
+"use strict";
+
+// Globals
+
+XPCOMUtils.defineLazyModuleGetter(this,  "OSCrypto",
+                                  "resource://gre/modules/OSCrypto.jsm");
+
+var crypto = new OSCrypto();
+
+// Tests
+
+add_task(function test_getIELoginHash()
+{
+  do_check_eq(crypto.getIELoginHash("https://bugzilla.mozilla.org/page.cgi"),
+                                    "4A66FE96607885790F8E67B56EEE52AB539BAFB47D");
+
+  do_check_eq(crypto.getIELoginHash("https://github.com/login"),
+                                    "0112F7DCE67B8579EA01367678AA44AB9868B5A143");
+
+  do_check_eq(crypto.getIELoginHash("https://login.live.com/login.srf"),
+                                    "FBF92E5D804C82717A57856533B779676D92903688");
+
+  do_check_eq(crypto.getIELoginHash("https://preview.c9.io/riadh/w1/pass.1.html"),
+                                    "6935CF27628830605927F86AB53831016FC8973D1A");
+
+
+  do_check_eq(crypto.getIELoginHash("https://reviewboard.mozilla.org/account/login/"),
+                                    "09141FD287E2E59A8B1D3BB5671537FD3D6B61337A");
+
+  do_check_eq(crypto.getIELoginHash("https://www.facebook.com/"),
+                                    "EF44D3E034009CB0FD1B1D81A1FF3F3335213BD796");
+
+});
+
+add_task(function test_decryptData_encryptData()
+{
+  function decryptEncryptTest(key) {
+    do_check_eq(crypto.decryptData(crypto.encryptData("", key), key),
+                "");
+
+    do_check_eq(crypto.decryptData(crypto.encryptData("secret", key), key),
+                "secret");
+
+    do_check_eq(crypto.decryptData(crypto.encryptData("https://www.mozilla.org", key),
+                                   key),
+                "https://www.mozilla.org");
+
+    do_check_eq(crypto.decryptData(crypto.encryptData("https://reviewboard.mozilla.org", key),
+                                   key),
+                "https://reviewboard.mozilla.org");
+
+    do_check_eq(crypto.decryptData(crypto.encryptData("https://bugzilla.mozilla.org/page.cgi",
+                                                      key),
+                                   key),
+                "https://bugzilla.mozilla.org/page.cgi");
+  }
+
+  let keys = [null, "a", "keys", "abcdedf", "pass", "https://bugzilla.mozilla.org/page.cgi",
+              "https://login.live.com/login.srf"];
+  for (let key of keys) {
+    decryptEncryptTest(key);
+  }
+  let url = "https://twitter.com/";
+  let value = [1, 0, 0, 0, 208, 140, 157, 223, 1, 21, 209, 17, 140, 122, 0, 192, 79, 194, 151, 235, 1, 0, 0, 0, 254, 58, 230, 75, 132, 228, 181, 79, 184, 160, 37, 106, 201, 29, 42, 152, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 16, 102, 0, 0, 0, 1, 0, 0, 32, 0, 0, 0, 90, 136, 17, 124, 122, 57, 178, 24, 34, 86, 209, 198, 184, 107, 58, 58, 32, 98, 61, 239, 129, 101, 56, 239, 114, 159, 139, 165, 183, 40, 183, 85, 0, 0, 0, 0, 14, 128, 0, 0, 0, 2, 0, 0, 32, 0, 0, 0, 147, 170, 34, 21, 53, 227, 191, 6, 201, 84, 106, 31, 57, 227, 46, 127, 219, 199, 80, 142, 37, 104, 112, 223, 26, 165, 223, 55, 176, 89, 55, 37, 112, 0, 0, 0, 98, 70, 221, 109, 5, 152, 46, 11, 190, 213, 226, 58, 244, 20, 180, 217, 63, 155, 227, 132, 7, 151, 235, 6, 37, 232, 176, 182, 141, 191, 251, 50, 20, 123, 53, 11, 247, 233, 112, 121, 130, 27, 168, 68, 92, 144, 192, 7, 12, 239, 53, 217, 253, 155, 54, 109, 236, 216, 225, 245, 79, 234, 165, 225, 104, 36, 77, 13, 195, 237, 143, 165, 100, 107, 230, 70, 54, 19, 179, 35, 8, 101, 93, 202, 121, 210, 222, 28, 93, 122, 36, 84, 185, 249, 238, 3, 102, 149, 248, 94, 137, 16, 192, 22, 251, 220, 22, 223, 16, 58, 104, 187, 64, 0, 0, 0, 70, 72, 15, 119, 144, 66, 117, 203, 190, 82, 131, 46, 111, 130, 238, 191, 170, 63, 186, 117, 46, 88, 171, 3, 94, 146, 75, 86, 243, 159, 63, 195, 149, 25, 105, 141, 42, 217, 108, 18, 63, 62, 98, 182, 241, 195, 12, 216, 152, 230, 176, 253, 202, 129, 41, 185, 135, 111, 226, 92, 27, 78, 27, 198];
+
+  let arr1 = crypto.arrayToString(value);
+  let arr2 = crypto.stringToArray(crypto.decryptData(crypto.encryptData(arr1, url), url));
+  for (let i = 0; i < arr1.length; i++) {
+    do_check_eq(arr2[i], value[i]);
+  }
+});
diff --git a/toolkit/components/passwordmgr/test/unit/test_context_menu.js b/toolkit/components/passwordmgr/test/unit/test_context_menu.js
new file mode 100644
index 000000000..722c13e15
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_context_menu.js
@@ -0,0 +1,165 @@
+/*
+ * Test the password manager context menu.
+ */
+
+"use strict";
+
+Cu.import("resource://gre/modules/Services.jsm");
+Cu.import("resource://gre/modules/LoginManagerContextMenu.jsm");
+
+XPCOMUtils.defineLazyGetter(this, "_stringBundle", function() {
+  return Services.strings.
+         createBundle("chrome://passwordmgr/locale/passwordmgr.properties");
+});
+
+/**
+ * Prepare data for the following tests.
+ */
+add_task(function* test_initialize() {
+  for (let login of loginList()) {
+    Services.logins.addLogin(login);
+  }
+});
+
+/**
+ * Tests if the LoginManagerContextMenu returns the correct login items.
+ */
+add_task(function* test_contextMenuAddAndRemoveLogins() {
+  const DOCUMENT_CONTENT = "
";
+  const INPUT_QUERY = "input[type='password']";
+
+  let testHostnames = [
+    "http://www.example.com",
+    "http://www2.example.com",
+    "http://www3.example.com",
+    "http://empty.example.com",
+  ];
+
+  for (let hostname of testHostnames) {
+    do_print("test for hostname: " + hostname);
+    // Get expected logins for this test.
+    let logins = getExpectedLogins(hostname);
+
+    // Create the logins menuitems fragment.
+    let {fragment, document} = createLoginsFragment(hostname, DOCUMENT_CONTENT, INPUT_QUERY);
+
+    if (!logins.length) {
+      Assert.ok(fragment === null, "Null returned. No logins where found.");
+      continue;
+    }
+    let items = [...fragment.querySelectorAll("menuitem")];
+
+    // Check if the items are those expected to be listed.
+    Assert.ok(checkLoginItems(logins, items), "All expected logins found.");
+    document.body.appendChild(fragment);
+
+    // Try to clear the fragment.
+    LoginManagerContextMenu.clearLoginsFromMenu(document);
+    Assert.equal(fragment.querySelectorAll("menuitem").length, 0, "All items correctly cleared.");
+  }
+
+  Services.logins.removeAllLogins();
+});
+
+/**
+ * Create a fragment with a menuitem for each login.
+ */
+function createLoginsFragment(url, content, elementQuery) {
+  const CHROME_URL = "chrome://mock-chrome";
+
+  // Create a mock document.
+  let document = MockDocument.createTestDocument(CHROME_URL, content);
+  let inputElement = document.querySelector(elementQuery);
+  MockDocument.mockOwnerDocumentProperty(inputElement, document, url);
+
+  // We also need a simple mock Browser object for this test.
+  let browser = {
+    ownerDocument: document
+  };
+
+  let URI = Services.io.newURI(url, null, null);
+  return {
+    document,
+    fragment: LoginManagerContextMenu.addLoginsToMenu(inputElement, browser, URI),
+  };
+}
+
+/**
+ * Check if every login have it's corresponding menuitem.
+ * Duplicates and empty usernames have a date appended.
+ */
+function checkLoginItems(logins, items) {
+  function findDuplicates(unfilteredLoginList) {
+    var seen = new Set();
+    var duplicates = new Set();
+    for (let login of unfilteredLoginList) {
+      if (seen.has(login.username)) {
+        duplicates.add(login.username);
+      }
+      seen.add(login.username);
+    }
+    return duplicates;
+  }
+  let duplicates = findDuplicates(logins);
+
+  let dateAndTimeFormatter = new Intl.DateTimeFormat(undefined,
+                             { day: "numeric", month: "short", year: "numeric" });
+  for (let login of logins) {
+    if (login.username && !duplicates.has(login.username)) {
+      // If login is not duplicate and we can't find an item for it, fail.
+      if (!items.find(item => item.label == login.username)) {
+        return false;
+      }
+      continue;
+    }
+
+    let meta = login.QueryInterface(Ci.nsILoginMetaInfo);
+    let time = dateAndTimeFormatter.format(new Date(meta.timePasswordChanged));
+    // If login is duplicate, check if we have a login item with appended date.
+    if (login.username && !items.find(item => item.label == login.username + " (" + time + ")")) {
+      return false;
+    }
+    // If login is empty, check if we have a login item with appended date.
+    if (!login.username &&
+        !items.find(item => item.label == _stringBundle.GetStringFromName("noUsername") + " (" + time + ")")) {
+      return false;
+    }
+  }
+  return true;
+}
+
+/**
+ * Gets the list of expected logins for a hostname.
+ */
+function getExpectedLogins(hostname) {
+  return Services.logins.getAllLogins().filter(entry => entry["hostname"] === hostname);
+}
+
+function loginList() {
+  return [
+      new LoginInfo("http://www.example.com", "http://www.example.com", null,
+                    "username1", "password",
+                    "form_field_username", "form_field_password"),
+
+      new LoginInfo("http://www.example.com", "http://www.example.com", null,
+                    "username2", "password",
+                    "form_field_username", "form_field_password"),
+
+      new LoginInfo("http://www2.example.com", "http://www.example.com", null,
+                    "username", "password",
+                    "form_field_username", "form_field_password"),
+      new LoginInfo("http://www2.example.com", "http://www2.example.com", null,
+                    "username", "password2",
+                    "form_field_username", "form_field_password"),
+      new LoginInfo("http://www2.example.com", "http://www2.example.com", null,
+                    "username2", "password2",
+                    "form_field_username", "form_field_password"),
+
+      new LoginInfo("http://www3.example.com", "http://www.example.com", null,
+                    "", "password",
+                    "form_field_username", "form_field_password"),
+      new LoginInfo("http://www3.example.com", "http://www3.example.com", null,
+                    "", "password2",
+                    "form_field_username", "form_field_password"),
+  ];
+}
diff --git a/toolkit/components/passwordmgr/test/unit/test_dedupeLogins.js b/toolkit/components/passwordmgr/test/unit/test_dedupeLogins.js
new file mode 100644
index 000000000..d688a6dbf
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_dedupeLogins.js
@@ -0,0 +1,284 @@
+/*
+ * Test LoginHelper.dedupeLogins
+ */
+
+"use strict";
+
+Cu.import("resource://gre/modules/LoginHelper.jsm");
+
+const DOMAIN1_HTTP_TO_HTTP_U1_P1 = TestData.formLogin({
+  timePasswordChanged: 3000,
+  timeLastUsed: 2000,
+});
+const DOMAIN1_HTTP_TO_HTTP_U1_P2 = TestData.formLogin({
+  password: "password two",
+});
+const DOMAIN1_HTTP_TO_HTTP_U2_P2 = TestData.formLogin({
+  password: "password two",
+  username: "username two",
+});
+const DOMAIN1_HTTPS_TO_HTTPS_U1_P1 = TestData.formLogin({
+  formSubmitURL: "http://www.example.com",
+  hostname: "https://www3.example.com",
+  timePasswordChanged: 4000,
+  timeLastUsed: 1000,
+});
+const DOMAIN1_HTTPS_TO_EMPTY_U1_P1 = TestData.formLogin({
+  formSubmitURL: "",
+  hostname: "https://www3.example.com",
+});
+const DOMAIN1_HTTPS_TO_EMPTYU_P1 = TestData.formLogin({
+  hostname: "https://www3.example.com",
+  username: "",
+});
+const DOMAIN1_HTTP_AUTH = TestData.authLogin({
+  hostname: "http://www3.example.com",
+});
+const DOMAIN1_HTTPS_AUTH = TestData.authLogin({
+  hostname: "https://www3.example.com",
+});
+
+
+add_task(function test_dedupeLogins() {
+  // [description, expectedOutput, dedupe arg. 0, dedupe arg 1, ...]
+  let testcases = [
+    [
+      "exact dupes",
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1, DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      undefined,
+      [], // force no resolveBy logic to test behavior of preferring the first..
+    ],
+    [
+      "default uniqueKeys is un + pw",
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1, DOMAIN1_HTTP_TO_HTTP_U1_P2],
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1, DOMAIN1_HTTP_TO_HTTP_U1_P2],
+      undefined,
+      [],
+    ],
+    [
+      "same usernames, different passwords, dedupe username only",
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1, DOMAIN1_HTTP_TO_HTTP_U1_P2],
+      ["username"],
+      [],
+    ],
+    [
+      "same un+pw, different scheme",
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1, DOMAIN1_HTTPS_TO_HTTPS_U1_P1],
+      undefined,
+      [],
+    ],
+    [
+      "same un+pw, different scheme, reverse order",
+      [DOMAIN1_HTTPS_TO_HTTPS_U1_P1],
+      [DOMAIN1_HTTPS_TO_HTTPS_U1_P1, DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      undefined,
+      [],
+    ],
+    [
+      "same un+pw, different scheme, include hostname",
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1, DOMAIN1_HTTPS_TO_HTTPS_U1_P1],
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1, DOMAIN1_HTTPS_TO_HTTPS_U1_P1],
+      ["hostname", "username", "password"],
+      [],
+    ],
+    [
+      "empty username is not deduped with non-empty",
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1, DOMAIN1_HTTPS_TO_EMPTYU_P1],
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1, DOMAIN1_HTTPS_TO_EMPTYU_P1],
+      undefined,
+      [],
+    ],
+    [
+      "empty username is deduped with same passwords",
+      [DOMAIN1_HTTPS_TO_EMPTYU_P1],
+      [DOMAIN1_HTTPS_TO_EMPTYU_P1, DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      ["password"],
+      [],
+    ],
+    [
+      "mix of form and HTTP auth",
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1, DOMAIN1_HTTP_AUTH],
+      undefined,
+      [],
+    ],
+  ];
+
+  for (let tc of testcases) {
+    let description = tc.shift();
+    let expected = tc.shift();
+    let actual = LoginHelper.dedupeLogins(...tc);
+    Assert.strictEqual(actual.length, expected.length, `Check: ${description}`);
+    for (let [i, login] of expected.entries()) {
+      Assert.strictEqual(actual[i], login, `Check index ${i}`);
+    }
+  }
+});
+
+
+add_task(function* test_dedupeLogins_resolveBy() {
+  Assert.ok(DOMAIN1_HTTP_TO_HTTP_U1_P1.timeLastUsed > DOMAIN1_HTTPS_TO_HTTPS_U1_P1.timeLastUsed,
+            "Sanity check timeLastUsed difference");
+  Assert.ok(DOMAIN1_HTTP_TO_HTTP_U1_P1.timePasswordChanged < DOMAIN1_HTTPS_TO_HTTPS_U1_P1.timePasswordChanged,
+            "Sanity check timePasswordChanged difference");
+
+  let testcases = [
+    [
+      "default resolveBy is timeLastUsed",
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      [DOMAIN1_HTTPS_TO_HTTPS_U1_P1, DOMAIN1_HTTP_TO_HTTP_U1_P1],
+    ],
+    [
+      "default resolveBy is timeLastUsed, reversed input",
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1, DOMAIN1_HTTPS_TO_HTTPS_U1_P1],
+    ],
+    [
+      "resolveBy timeLastUsed + timePasswordChanged",
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      [DOMAIN1_HTTPS_TO_HTTPS_U1_P1, DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      undefined,
+      ["timeLastUsed", "timePasswordChanged"],
+    ],
+    [
+      "resolveBy timeLastUsed + timePasswordChanged, reversed input",
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1, DOMAIN1_HTTPS_TO_HTTPS_U1_P1],
+      undefined,
+      ["timeLastUsed", "timePasswordChanged"],
+    ],
+    [
+      "resolveBy timePasswordChanged",
+      [DOMAIN1_HTTPS_TO_HTTPS_U1_P1],
+      [DOMAIN1_HTTPS_TO_HTTPS_U1_P1, DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      undefined,
+      ["timePasswordChanged"],
+    ],
+    [
+      "resolveBy timePasswordChanged, reversed",
+      [DOMAIN1_HTTPS_TO_HTTPS_U1_P1],
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1, DOMAIN1_HTTPS_TO_HTTPS_U1_P1],
+      undefined,
+      ["timePasswordChanged"],
+    ],
+    [
+      "resolveBy timePasswordChanged + timeLastUsed",
+      [DOMAIN1_HTTPS_TO_HTTPS_U1_P1],
+      [DOMAIN1_HTTPS_TO_HTTPS_U1_P1, DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      undefined,
+      ["timePasswordChanged", "timeLastUsed"],
+    ],
+    [
+      "resolveBy timePasswordChanged + timeLastUsed, reversed",
+      [DOMAIN1_HTTPS_TO_HTTPS_U1_P1],
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1, DOMAIN1_HTTPS_TO_HTTPS_U1_P1],
+      undefined,
+      ["timePasswordChanged", "timeLastUsed"],
+    ],
+    [
+      "resolveBy scheme + timePasswordChanged, prefer HTTP",
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      [DOMAIN1_HTTPS_TO_HTTPS_U1_P1, DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      undefined,
+      ["scheme", "timePasswordChanged"],
+      DOMAIN1_HTTP_TO_HTTP_U1_P1.hostname,
+    ],
+    [
+      "resolveBy scheme + timePasswordChanged, prefer HTTP, reversed input",
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1, DOMAIN1_HTTPS_TO_HTTPS_U1_P1],
+      undefined,
+      ["scheme", "timePasswordChanged"],
+      DOMAIN1_HTTP_TO_HTTP_U1_P1.hostname,
+    ],
+    [
+      "resolveBy scheme + timePasswordChanged, prefer HTTPS",
+      [DOMAIN1_HTTPS_TO_HTTPS_U1_P1],
+      [DOMAIN1_HTTPS_TO_HTTPS_U1_P1, DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      undefined,
+      ["scheme", "timePasswordChanged"],
+      DOMAIN1_HTTPS_TO_HTTPS_U1_P1.hostname,
+    ],
+    [
+      "resolveBy scheme + timePasswordChanged, prefer HTTPS, reversed input",
+      [DOMAIN1_HTTPS_TO_HTTPS_U1_P1],
+      [DOMAIN1_HTTP_TO_HTTP_U1_P1, DOMAIN1_HTTPS_TO_HTTPS_U1_P1],
+      undefined,
+      ["scheme", "timePasswordChanged"],
+      DOMAIN1_HTTPS_TO_HTTPS_U1_P1.hostname,
+    ],
+    [
+      "resolveBy scheme HTTP auth",
+      [DOMAIN1_HTTPS_AUTH],
+      [DOMAIN1_HTTP_AUTH, DOMAIN1_HTTPS_AUTH],
+      undefined,
+      ["scheme"],
+      DOMAIN1_HTTPS_AUTH.hostname,
+    ],
+    [
+      "resolveBy scheme HTTP auth, reversed input",
+      [DOMAIN1_HTTPS_AUTH],
+      [DOMAIN1_HTTPS_AUTH, DOMAIN1_HTTP_AUTH],
+      undefined,
+      ["scheme"],
+      DOMAIN1_HTTPS_AUTH.hostname,
+    ],
+    [
+      "resolveBy scheme, empty form submit URL",
+      [DOMAIN1_HTTPS_TO_HTTPS_U1_P1],
+      [DOMAIN1_HTTPS_TO_HTTPS_U1_P1, DOMAIN1_HTTPS_TO_EMPTY_U1_P1],
+      undefined,
+      ["scheme"],
+      DOMAIN1_HTTPS_TO_HTTPS_U1_P1.hostname,
+    ],
+  ];
+
+  for (let tc of testcases) {
+    let description = tc.shift();
+    let expected = tc.shift();
+    let actual = LoginHelper.dedupeLogins(...tc);
+    Assert.strictEqual(actual.length, expected.length, `Check: ${description}`);
+    for (let [i, login] of expected.entries()) {
+      Assert.strictEqual(actual[i], login, `Check index ${i}`);
+    }
+  }
+
+});
+
+add_task(function* test_dedupeLogins_preferredOriginMissing() {
+  let testcases = [
+    [
+      "resolveBy scheme + timePasswordChanged, missing preferredOrigin",
+      /preferredOrigin/,
+      [DOMAIN1_HTTPS_TO_HTTPS_U1_P1, DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      undefined,
+      ["scheme", "timePasswordChanged"],
+    ],
+    [
+      "resolveBy timePasswordChanged + scheme, missing preferredOrigin",
+      /preferredOrigin/,
+      [DOMAIN1_HTTPS_TO_HTTPS_U1_P1, DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      undefined,
+      ["timePasswordChanged", "scheme"],
+    ],
+    [
+      "resolveBy scheme + timePasswordChanged, empty preferredOrigin",
+      /preferredOrigin/,
+      [DOMAIN1_HTTPS_TO_HTTPS_U1_P1, DOMAIN1_HTTP_TO_HTTP_U1_P1],
+      undefined,
+      ["scheme", "timePasswordChanged"],
+      "",
+    ],
+  ];
+
+  for (let tc of testcases) {
+    let description = tc.shift();
+    let expectedException = tc.shift();
+    Assert.throws(() => {
+      LoginHelper.dedupeLogins(...tc);
+    }, expectedException, `Check: ${description}`);
+  }
+});
diff --git a/toolkit/components/passwordmgr/test/unit/test_disabled_hosts.js b/toolkit/components/passwordmgr/test/unit/test_disabled_hosts.js
new file mode 100644
index 000000000..ff3b7e868
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_disabled_hosts.js
@@ -0,0 +1,196 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+/**
+ * Tests getLoginSavingEnabled, setLoginSavingEnabled, and getAllDisabledHosts.
+ */
+
+"use strict";
+
+// Tests
+
+/**
+ * Tests setLoginSavingEnabled and getAllDisabledHosts.
+ */
+add_task(function test_setLoginSavingEnabled_getAllDisabledHosts()
+{
+  // Add some disabled hosts, and verify that different schemes for the same
+  // domain are considered different hosts.
+  let hostname1 = "http://disabled1.example.com";
+  let hostname2 = "http://disabled2.example.com";
+  let hostname3 = "https://disabled2.example.com";
+  Services.logins.setLoginSavingEnabled(hostname1, false);
+  Services.logins.setLoginSavingEnabled(hostname2, false);
+  Services.logins.setLoginSavingEnabled(hostname3, false);
+
+  LoginTestUtils.assertDisabledHostsEqual(Services.logins.getAllDisabledHosts(),
+                                          [hostname1, hostname2, hostname3]);
+
+  // Adding the same host twice should not result in an error.
+  Services.logins.setLoginSavingEnabled(hostname2, false);
+  LoginTestUtils.assertDisabledHostsEqual(Services.logins.getAllDisabledHosts(),
+                                          [hostname1, hostname2, hostname3]);
+
+  // Removing a disabled host should work.
+  Services.logins.setLoginSavingEnabled(hostname2, true);
+  LoginTestUtils.assertDisabledHostsEqual(Services.logins.getAllDisabledHosts(),
+                                          [hostname1, hostname3]);
+
+  // Removing the last disabled host should work.
+  Services.logins.setLoginSavingEnabled(hostname1, true);
+  Services.logins.setLoginSavingEnabled(hostname3, true);
+  LoginTestUtils.assertDisabledHostsEqual(Services.logins.getAllDisabledHosts(),
+                                          []);
+});
+
+/**
+ * Tests setLoginSavingEnabled and getLoginSavingEnabled.
+ */
+add_task(function test_setLoginSavingEnabled_getLoginSavingEnabled()
+{
+  let hostname1 = "http://disabled.example.com";
+  let hostname2 = "https://disabled.example.com";
+
+  // Hosts should not be disabled by default.
+  do_check_true(Services.logins.getLoginSavingEnabled(hostname1));
+  do_check_true(Services.logins.getLoginSavingEnabled(hostname2));
+
+  // Test setting initial values.
+  Services.logins.setLoginSavingEnabled(hostname1, false);
+  Services.logins.setLoginSavingEnabled(hostname2, true);
+  do_check_false(Services.logins.getLoginSavingEnabled(hostname1));
+  do_check_true(Services.logins.getLoginSavingEnabled(hostname2));
+
+  // Test changing values.
+  Services.logins.setLoginSavingEnabled(hostname1, true);
+  Services.logins.setLoginSavingEnabled(hostname2, false);
+  do_check_true(Services.logins.getLoginSavingEnabled(hostname1));
+  do_check_false(Services.logins.getLoginSavingEnabled(hostname2));
+
+  // Clean up.
+  Services.logins.setLoginSavingEnabled(hostname2, true);
+});
+
+/**
+ * Tests setLoginSavingEnabled with invalid NUL characters in the hostname.
+ */
+add_task(function test_setLoginSavingEnabled_invalid_characters()
+{
+  let hostname = "http://null\0X.example.com";
+  Assert.throws(() => Services.logins.setLoginSavingEnabled(hostname, false),
+                /Invalid hostname/);
+
+  // Verify that no data was stored by the previous call.
+  LoginTestUtils.assertDisabledHostsEqual(Services.logins.getAllDisabledHosts(),
+                                          []);
+});
+
+/**
+ * Tests different values of the "signon.rememberSignons" property.
+ */
+add_task(function test_rememberSignons()
+{
+  let hostname1 = "http://example.com";
+  let hostname2 = "http://localhost";
+
+  // The default value for the preference should be true.
+  do_check_true(Services.prefs.getBoolPref("signon.rememberSignons"));
+
+  // Hosts should not be disabled by default.
+  Services.logins.setLoginSavingEnabled(hostname1, false);
+  do_check_false(Services.logins.getLoginSavingEnabled(hostname1));
+  do_check_true(Services.logins.getLoginSavingEnabled(hostname2));
+
+  // Disable storage of saved passwords globally.
+  Services.prefs.setBoolPref("signon.rememberSignons", false);
+  do_register_cleanup(
+    () => Services.prefs.clearUserPref("signon.rememberSignons"));
+
+  // All hosts should now appear disabled.
+  do_check_false(Services.logins.getLoginSavingEnabled(hostname1));
+  do_check_false(Services.logins.getLoginSavingEnabled(hostname2));
+
+  // The list of disabled hosts should be unaltered.
+  LoginTestUtils.assertDisabledHostsEqual(Services.logins.getAllDisabledHosts(),
+                                          [hostname1]);
+
+  // Changing values with the preference set should work.
+  Services.logins.setLoginSavingEnabled(hostname1, true);
+  Services.logins.setLoginSavingEnabled(hostname2, false);
+
+  // All hosts should still appear disabled.
+  do_check_false(Services.logins.getLoginSavingEnabled(hostname1));
+  do_check_false(Services.logins.getLoginSavingEnabled(hostname2));
+
+  // The list of disabled hosts should have been changed.
+  LoginTestUtils.assertDisabledHostsEqual(Services.logins.getAllDisabledHosts(),
+                                          [hostname2]);
+
+  // Enable storage of saved passwords again.
+  Services.prefs.setBoolPref("signon.rememberSignons", true);
+
+  // Hosts should now appear enabled as requested.
+  do_check_true(Services.logins.getLoginSavingEnabled(hostname1));
+  do_check_false(Services.logins.getLoginSavingEnabled(hostname2));
+
+  // Clean up.
+  Services.logins.setLoginSavingEnabled(hostname2, true);
+  LoginTestUtils.assertDisabledHostsEqual(Services.logins.getAllDisabledHosts(),
+                                          []);
+});
+
+/**
+ * Tests storing disabled hosts with non-ASCII characters where IDN is supported.
+ */
+add_task(function* test_storage_setLoginSavingEnabled_nonascii_IDN_is_supported()
+{
+  let hostname = "http://大.net";
+  let encoding = "http://xn--pss.net";
+
+  // Test adding disabled host with nonascii URL (http://大.net).
+  Services.logins.setLoginSavingEnabled(hostname, false);
+  yield* LoginTestUtils.reloadData();
+  Assert.equal(Services.logins.getLoginSavingEnabled(hostname), false);
+  Assert.equal(Services.logins.getLoginSavingEnabled(encoding), false);
+  LoginTestUtils.assertDisabledHostsEqual(Services.logins.getAllDisabledHosts(), [hostname]);
+
+  LoginTestUtils.clearData();
+
+  // Test adding disabled host with IDN ("http://xn--pss.net").
+  Services.logins.setLoginSavingEnabled(encoding, false);
+  yield* LoginTestUtils.reloadData();
+  Assert.equal(Services.logins.getLoginSavingEnabled(hostname), false);
+  Assert.equal(Services.logins.getLoginSavingEnabled(encoding), false);
+  LoginTestUtils.assertDisabledHostsEqual(Services.logins.getAllDisabledHosts(), [hostname]);
+
+  LoginTestUtils.clearData();
+});
+
+/**
+ * Tests storing disabled hosts with non-ASCII characters where IDN is not supported.
+ */
+add_task(function* test_storage_setLoginSavingEnabled_nonascii_IDN_not_supported()
+{
+  let hostname = "http://√.com";
+  let encoding = "http://xn--19g.com";
+
+  // Test adding disabled host with nonascii URL (http://√.com).
+  Services.logins.setLoginSavingEnabled(hostname, false);
+  yield* LoginTestUtils.reloadData();
+  Assert.equal(Services.logins.getLoginSavingEnabled(hostname), false);
+  Assert.equal(Services.logins.getLoginSavingEnabled(encoding), false);
+  LoginTestUtils.assertDisabledHostsEqual(Services.logins.getAllDisabledHosts(), [encoding]);
+
+  LoginTestUtils.clearData();
+
+  // Test adding disabled host with IDN ("http://xn--19g.com").
+  Services.logins.setLoginSavingEnabled(encoding, false);
+  yield* LoginTestUtils.reloadData();
+  Assert.equal(Services.logins.getLoginSavingEnabled(hostname), false);
+  Assert.equal(Services.logins.getLoginSavingEnabled(encoding), false);
+  LoginTestUtils.assertDisabledHostsEqual(Services.logins.getAllDisabledHosts(), [encoding]);
+
+  LoginTestUtils.clearData();
+});
diff --git a/toolkit/components/passwordmgr/test/unit/test_getFormFields.js b/toolkit/components/passwordmgr/test/unit/test_getFormFields.js
new file mode 100644
index 000000000..46912ab8f
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_getFormFields.js
@@ -0,0 +1,147 @@
+/*
+ * Test for LoginManagerContent._getFormFields.
+ */
+
+"use strict";
+
+// Services.prefs.setBoolPref("signon.debug", true);
+
+Cu.importGlobalProperties(["URL"]);
+
+const LMCBackstagePass = Cu.import("resource://gre/modules/LoginManagerContent.jsm");
+const { LoginManagerContent, LoginFormFactory } = LMCBackstagePass;
+const TESTCASES = [
+  {
+    description: "1 password field outside of a 
",
+    document: ``,
+    returnedFieldIDs: [null, "pw1", null],
+    skipEmptyFields: undefined,
+  },
+  {
+    description: "1 text field outside of a  without a password field",
+    document: ``,
+    returnedFieldIDs: [null, null, null],
+    skipEmptyFields: undefined,
+  },
+  {
+    description: "1 username & password field outside of a ",
+    document: `
+      `,
+    returnedFieldIDs: ["un1", "pw1", null],
+    skipEmptyFields: undefined,
+  },
+  {
+    description: "1 username & password field in a ",
+    document: `
+      
+      
+      
`,
+    returnedFieldIDs: ["un1", "pw1", null],
+    skipEmptyFields: undefined,
+  },
+  {
+    description: "4 empty password fields outside of a 
",
+    document: `
+      
+      
+      `,
+    returnedFieldIDs: [null, null, null],
+    skipEmptyFields: undefined,
+  },
+  {
+    description: "4 password fields outside of a  (1 empty, 3 full) with skipEmpty",
+    document: `
+      
+      
+      `,
+    returnedFieldIDs: [null, null, null],
+    skipEmptyFields: true,
+  },
+  {
+    description: "Form with 1 password field",
+    document: `
`,
+    returnedFieldIDs: [null, "pw1", null],
+    skipEmptyFields: undefined,
+  },
+  {
+    description: "Form with 2 password fields",
+    document: `
`,
+    returnedFieldIDs: [null, "pw1", null],
+    skipEmptyFields: undefined,
+  },
+  {
+    description: "1 password field in a form, 1 outside (not processed)",
+    document: `
`,
+    returnedFieldIDs: [null, "pw1", null],
+    skipEmptyFields: undefined,
+  },
+  {
+    description: "1 password field in a form, 1 text field outside (not processed)",
+    document: `
`,
+    returnedFieldIDs: [null, "pw1", null],
+    skipEmptyFields: undefined,
+  },
+  {
+    description: "1 text field in a form, 1 password field outside (not processed)",
+    document: `
`,
+    returnedFieldIDs: [null, null, null],
+    skipEmptyFields: undefined,
+  },
+  {
+    description: "2 password fields outside of a 
 with 1 linked via @form",
+    document: `
+      
`,
+    returnedFieldIDs: [null, "pw1", null],
+    skipEmptyFields: undefined,
+  },
+  {
+    description: "2 password fields outside of a 
 with 1 linked via @form + skipEmpty",
+    document: `
+      
`,
+    returnedFieldIDs: [null, null, null],
+    skipEmptyFields: true,
+  },
+  {
+    description: "2 password fields outside of a 
 with 1 linked via @form + skipEmpty with 1 empty",
+    document: `
+      
`,
+    returnedFieldIDs: [null, "pw1", null],
+    skipEmptyFields: true,
+  },
+];
+
+for (let tc of TESTCASES) {
+  do_print("Sanity checking the testcase: " + tc.description);
+
+  (function() {
+    let testcase = tc;
+    add_task(function*() {
+      do_print("Starting testcase: " + testcase.description);
+      let document = MockDocument.createTestDocument("http://localhost:8080/test/",
+                                                      testcase.document);
+
+      let input = document.querySelector("input");
+      MockDocument.mockOwnerDocumentProperty(input, document, "http://localhost:8080/test/");
+
+      let formLike = LoginFormFactory.createFromField(input);
+
+      let actual = LoginManagerContent._getFormFields(formLike,
+                                                      testcase.skipEmptyFields,
+                                                      new Set());
+
+      Assert.strictEqual(testcase.returnedFieldIDs.length, 3,
+                         "_getFormFields returns 3 elements");
+
+      for (let i = 0; i < testcase.returnedFieldIDs.length; i++) {
+        let expectedID = testcase.returnedFieldIDs[i];
+        if (expectedID === null) {
+          Assert.strictEqual(actual[i], expectedID,
+                             "Check returned field " + i + " is null");
+        } else {
+          Assert.strictEqual(actual[i].id, expectedID,
+                             "Check returned field " + i + " ID");
+        }
+      }
+    });
+  })();
+}
diff --git a/toolkit/components/passwordmgr/test/unit/test_getPasswordFields.js b/toolkit/components/passwordmgr/test/unit/test_getPasswordFields.js
new file mode 100644
index 000000000..08fa422ab
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_getPasswordFields.js
@@ -0,0 +1,156 @@
+/*
+ * Test for LoginManagerContent._getPasswordFields using LoginFormFactory.
+ */
+
+"use strict";
+
+const LMCBackstagePass = Cu.import("resource://gre/modules/LoginManagerContent.jsm");
+const { LoginManagerContent, LoginFormFactory } = LMCBackstagePass;
+const TESTCASES = [
+  {
+    description: "Empty document",
+    document: ``,
+    returnedFieldIDsByFormLike: [],
+    skipEmptyFields: undefined,
+  },
+  {
+    description: "Non-password input with no 
 present",
+    document: ``,
+    // Only the IDs of password fields should be in this array
+    returnedFieldIDsByFormLike: [[]],
+    skipEmptyFields: undefined,
+  },
+  {
+    description: "1 password field outside of a ",
+    document: ``,
+    returnedFieldIDsByFormLike: [["pw1"]],
+    skipEmptyFields: undefined,
+  },
+  {
+    description: "4 empty password fields outside of a ",
+    document: `
+      
+      
+      `,
+    returnedFieldIDsByFormLike: [[]],
+    skipEmptyFields: undefined,
+  },
+  {
+    description: "4 password fields outside of a  (1 empty, 3 full) with skipEmpty",
+    document: `
+      
+      
+      `,
+    returnedFieldIDsByFormLike: [["pw2", "pw3", "pw4"]],
+    skipEmptyFields: true,
+  },
+  {
+    description: "Form with 1 password field",
+    document: `
`,
+    returnedFieldIDsByFormLike: [["pw1"]],
+    skipEmptyFields: undefined,
+  },
+  {
+    description: "Form with 2 password fields",
+    document: `
`,
+    returnedFieldIDsByFormLike: [["pw1", "pw2"]],
+    skipEmptyFields: undefined,
+  },
+  {
+    description: "1 password field in a form, 1 outside",
+    document: `
`,
+    returnedFieldIDsByFormLike: [["pw1"], ["pw2"]],
+    skipEmptyFields: undefined,
+  },
+  {
+    description: "2 password fields outside of a 
 with 1 linked via @form",
+    document: `
+      
`,
+    returnedFieldIDsByFormLike: [["pw1"], ["pw2"]],
+    skipEmptyFields: undefined,
+  },
+  {
+    description: "2 password fields outside of a 
 with 1 linked via @form + skipEmpty",
+    document: `
+      
`,
+    returnedFieldIDsByFormLike: [[], []],
+    skipEmptyFields: true,
+  },
+  {
+    description: "skipEmptyFields should also skip white-space only fields",
+    document: `
+               
+               
+      
`,
+    returnedFieldIDsByFormLike: [[], []],
+    skipEmptyFields: true,
+  },
+  {
+    description: "2 password fields outside of a 
 with 1 linked via @form + skipEmpty with 1 empty",
+    document: `
+      
`,
+    returnedFieldIDsByFormLike: [["pw1"], []],
+    skipEmptyFields: true,
+  },
+];
+
+for (let tc of TESTCASES) {
+  do_print("Sanity checking the testcase: " + tc.description);
+
+  (function() {
+    let testcase = tc;
+    add_task(function*() {
+      do_print("Starting testcase: " + testcase.description);
+      let document = MockDocument.createTestDocument("http://localhost:8080/test/",
+                                                     testcase.document);
+
+      let mapRootElementToFormLike = new Map();
+      for (let input of document.querySelectorAll("input")) {
+        let formLike = LoginFormFactory.createFromField(input);
+        let existingFormLike = mapRootElementToFormLike.get(formLike.rootElement);
+        if (!existingFormLike) {
+          mapRootElementToFormLike.set(formLike.rootElement, formLike);
+          continue;
+        }
+
+        // If the formLike is already present, ensure that the properties are the same.
+        do_print("Checking if the new FormLike for the same root has the same properties");
+        formLikeEqual(formLike, existingFormLike);
+      }
+
+      Assert.strictEqual(mapRootElementToFormLike.size, testcase.returnedFieldIDsByFormLike.length,
+                         "Check the correct number of different formLikes were returned");
+
+      let formLikeIndex = -1;
+      for (let formLikeFromInput of mapRootElementToFormLike.values()) {
+        formLikeIndex++;
+        let pwFields = LoginManagerContent._getPasswordFields(formLikeFromInput,
+                                                              testcase.skipEmptyFields);
+
+        if (formLikeFromInput.rootElement instanceof Ci.nsIDOMHTMLFormElement) {
+          let formLikeFromForm = LoginFormFactory.createFromForm(formLikeFromInput.rootElement);
+          do_print("Checking that the FormLike created for the 
 matches" +
+                   " the one from a password field");
+          formLikeEqual(formLikeFromInput, formLikeFromForm);
+        }
+
+
+        if (testcase.returnedFieldIDsByFormLike[formLikeIndex].length === 0) {
+          Assert.strictEqual(pwFields, null,
+                             "If no password fields were found null should be returned");
+        } else {
+          Assert.strictEqual(pwFields.length,
+                             testcase.returnedFieldIDsByFormLike[formLikeIndex].length,
+                             "Check the # of password fields for formLike #" + formLikeIndex);
+        }
+
+        for (let i = 0; i < testcase.returnedFieldIDsByFormLike[formLikeIndex].length; i++) {
+          let expectedID = testcase.returnedFieldIDsByFormLike[formLikeIndex][i];
+          Assert.strictEqual(pwFields[i].element.id, expectedID,
+                             "Check password field " + i + " ID");
+        }
+      }
+    });
+  })();
+}
diff --git a/toolkit/components/passwordmgr/test/unit/test_getPasswordOrigin.js b/toolkit/components/passwordmgr/test/unit/test_getPasswordOrigin.js
new file mode 100644
index 000000000..f2773ec62
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_getPasswordOrigin.js
@@ -0,0 +1,28 @@
+/*
+ * Test for LoginUtils._getPasswordOrigin
+ */
+
+"use strict";
+
+const LMCBackstagePass = Cu.import("resource://gre/modules/LoginManagerContent.jsm");
+const TESTCASES = [
+  ["javascript:void(0);", null],
+  ["javascript:void(0);", "javascript:", true],
+  ["chrome://MyAccount", null],
+  ["data:text/html,example", null],
+  ["http://username:password@example.com:80/foo?bar=baz#fragment", "http://example.com", true],
+  ["http://127.0.0.1:80/foo", "http://127.0.0.1"],
+  ["http://[::1]:80/foo", "http://[::1]"],
+  ["http://example.com:8080/foo", "http://example.com:8080"],
+  ["http://127.0.0.1:8080/foo", "http://127.0.0.1:8080", true],
+  ["http://[::1]:8080/foo", "http://[::1]:8080"],
+  ["https://example.com:443/foo", "https://example.com"],
+  ["https://[::1]:443/foo", "https://[::1]"],
+  ["https://[::1]:8443/foo", "https://[::1]:8443"],
+  ["ftp://username:password@[::1]:2121/foo", "ftp://[::1]:2121"],
+];
+
+for (let [input, expected, allowJS] of TESTCASES) {
+  let actual = LMCBackstagePass.LoginUtils._getPasswordOrigin(input, allowJS);
+  Assert.strictEqual(actual, expected, "Checking: " + input);
+}
diff --git a/toolkit/components/passwordmgr/test/unit/test_isOriginMatching.js b/toolkit/components/passwordmgr/test/unit/test_isOriginMatching.js
new file mode 100644
index 000000000..660910dff
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_isOriginMatching.js
@@ -0,0 +1,40 @@
+/*
+ * Test LoginHelper.isOriginMatching
+ */
+
+"use strict";
+
+Cu.import("resource://gre/modules/LoginHelper.jsm");
+
+add_task(function test_isOriginMatching() {
+  let testcases = [
+    // Index 0 holds the expected return value followed by arguments to isOriginMatching.
+    [true, "http://example.com", "http://example.com"],
+    [true, "http://example.com:8080", "http://example.com:8080"],
+    [true, "https://example.com", "https://example.com"],
+    [true, "https://example.com:8443", "https://example.com:8443"],
+    [false, "http://example.com", "http://mozilla.org"],
+    [false, "http://example.com", "http://example.com:8080"],
+    [false, "https://example.com", "http://example.com"],
+    [false, "https://example.com", "https://mozilla.org"],
+    [false, "http://example.com", "http://sub.example.com"],
+    [false, "https://example.com", "https://sub.example.com"],
+    [false, "http://example.com", "https://example.com:8443"],
+    [false, "http://example.com:8080", "http://example.com:8081"],
+    [false, "http://example.com", ""],
+    [false, "", "http://example.com"],
+    [true, "http://example.com", "https://example.com", { schemeUpgrades: true }],
+    [true, "https://example.com", "https://example.com", { schemeUpgrades: true }],
+    [true, "http://example.com:8080", "http://example.com:8080", { schemeUpgrades: true }],
+    [true, "https://example.com:8443", "https://example.com:8443", { schemeUpgrades: true }],
+    [false, "https://example.com", "http://example.com", { schemeUpgrades: true }], // downgrade
+    [false, "http://example.com:8080", "https://example.com", { schemeUpgrades: true }], // port mismatch
+    [false, "http://example.com", "https://example.com:8443", { schemeUpgrades: true }], // port mismatch
+    [false, "http://sub.example.com", "http://example.com", { schemeUpgrades: true }],
+  ];
+  for (let tc of testcases) {
+    let expected = tc.shift();
+    Assert.strictEqual(LoginHelper.isOriginMatching(...tc), expected,
+                       "Check " + JSON.stringify(tc));
+  }
+});
diff --git a/toolkit/components/passwordmgr/test/unit/test_legacy_empty_formSubmitURL.js b/toolkit/components/passwordmgr/test/unit/test_legacy_empty_formSubmitURL.js
new file mode 100644
index 000000000..4e16aa267
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_legacy_empty_formSubmitURL.js
@@ -0,0 +1,107 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+/**
+ * Tests the legacy case of a login store containing entries that have an empty
+ * string in the formSubmitURL field.
+ *
+ * In normal conditions, for the purpose of login autocomplete, HTML forms are
+ * identified using both the prePath of the URI on which they are located, and
+ * the prePath of the URI where the data will be submitted.  This is represented
+ * by the hostname and formSubmitURL properties of the stored nsILoginInfo.
+ *
+ * When a new login for use in forms is saved (after the user replies to the
+ * password prompt), it is always stored with both the hostname and the
+ * formSubmitURL (that will be equal to the hostname when the form has no
+ * "action" attribute).
+ *
+ * When the same form is displayed again, the password is autocompleted.  If
+ * there is another form on the same site that submits to a different site, it
+ * is considered a different form, so the password is not autocompleted, but a
+ * new password can be stored for the other form.
+ *
+ * However, the login database might contain data for an nsILoginInfo that has a
+ * valid hostname, but an empty formSubmitURL.  This means that the login
+ * applies to all forms on the site, regardless of where they submit data to.
+ *
+ * A site can have at most one such login, and in case it is present, then it is
+ * not possible to store separate logins for forms on the same site that submit
+ * data to different sites.
+ *
+ * The only way to have such condition is to be using logins that were initially
+ * saved by a very old version of the browser, or because of data manually added
+ * by an extension in an old version.
+ */
+
+"use strict";
+
+// Tests
+
+/**
+ * Adds a login with an empty formSubmitURL, then it verifies that no other
+ * form logins can be added for the same host.
+ */
+add_task(function test_addLogin_wildcard()
+{
+  let loginInfo = TestData.formLogin({ hostname: "http://any.example.com",
+                                       formSubmitURL: "" });
+  Services.logins.addLogin(loginInfo);
+
+  // Normal form logins cannot be added anymore.
+  loginInfo = TestData.formLogin({ hostname: "http://any.example.com" });
+  Assert.throws(() => Services.logins.addLogin(loginInfo), /already exists/);
+
+  // Authentication logins can still be added.
+  loginInfo = TestData.authLogin({ hostname: "http://any.example.com" });
+  Services.logins.addLogin(loginInfo);
+
+  // Form logins can be added for other hosts.
+  loginInfo = TestData.formLogin({ hostname: "http://other.example.com" });
+  Services.logins.addLogin(loginInfo);
+});
+
+/**
+ * Verifies that findLogins, searchLogins, and countLogins include all logins
+ * that have an empty formSubmitURL in the store, even when a formSubmitURL is
+ * specified.
+ */
+add_task(function test_search_all_wildcard()
+{
+  // Search a given formSubmitURL on any host.
+  let matchData = newPropertyBag({ formSubmitURL: "http://www.example.com" });
+  do_check_eq(Services.logins.searchLogins({}, matchData).length, 2);
+
+  do_check_eq(Services.logins.findLogins({}, "", "http://www.example.com",
+                                         null).length, 2);
+
+  do_check_eq(Services.logins.countLogins("", "http://www.example.com",
+                                          null), 2);
+
+  // Restrict the search to one host.
+  matchData.setProperty("hostname", "http://any.example.com");
+  do_check_eq(Services.logins.searchLogins({}, matchData).length, 1);
+
+  do_check_eq(Services.logins.findLogins({}, "http://any.example.com",
+                                             "http://www.example.com",
+                                             null).length, 1);
+
+  do_check_eq(Services.logins.countLogins("http://any.example.com",
+                                          "http://www.example.com",
+                                          null), 1);
+});
+
+/**
+ * Verifies that specifying an empty string for formSubmitURL in searchLogins
+ * includes only logins that have an empty formSubmitURL in the store.
+ */
+add_task(function test_searchLogins_wildcard()
+{
+  let logins = Services.logins.searchLogins({},
+                               newPropertyBag({ formSubmitURL: "" }));
+
+  let loginInfo = TestData.formLogin({ hostname: "http://any.example.com",
+                                       formSubmitURL: "" });
+  LoginTestUtils.assertLoginListsEqual(logins, [loginInfo]);
+});
diff --git a/toolkit/components/passwordmgr/test/unit/test_legacy_validation.js b/toolkit/components/passwordmgr/test/unit/test_legacy_validation.js
new file mode 100644
index 000000000..709bc9818
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_legacy_validation.js
@@ -0,0 +1,76 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+/**
+ * Tests the legacy validation made when storing nsILoginInfo or disabled hosts.
+ *
+ * These rules exist because of limitations of the "signons.txt" storage file,
+ * that is not used anymore.  They are still enforced by the Login Manager
+ * service, despite these values can now be safely stored in the back-end.
+ */
+
+"use strict";
+
+// Tests
+
+/**
+ * Tests legacy validation with addLogin.
+ */
+add_task(function test_addLogin_invalid_characters_legacy()
+{
+  // Test newlines and carriage returns in properties that contain URLs.
+  for (let testValue of ["http://newline\n.example.com",
+                         "http://carriagereturn.example.com\r"]) {
+    let loginInfo = TestData.formLogin({ hostname: testValue });
+    Assert.throws(() => Services.logins.addLogin(loginInfo),
+                  /login values can't contain newlines/);
+
+    loginInfo = TestData.formLogin({ formSubmitURL: testValue });
+    Assert.throws(() => Services.logins.addLogin(loginInfo),
+                  /login values can't contain newlines/);
+
+    loginInfo = TestData.authLogin({ httpRealm: testValue });
+    Assert.throws(() => Services.logins.addLogin(loginInfo),
+                  /login values can't contain newlines/);
+  }
+
+  // Test newlines and carriage returns in form field names.
+  for (let testValue of ["newline_field\n", "carriagereturn\r_field"]) {
+    let loginInfo = TestData.formLogin({ usernameField: testValue });
+    Assert.throws(() => Services.logins.addLogin(loginInfo),
+                  /login values can't contain newlines/);
+
+    loginInfo = TestData.formLogin({ passwordField: testValue });
+    Assert.throws(() => Services.logins.addLogin(loginInfo),
+                  /login values can't contain newlines/);
+  }
+
+  // Test a single dot as the value of usernameField and formSubmitURL.
+  let loginInfo = TestData.formLogin({ usernameField: "." });
+  Assert.throws(() => Services.logins.addLogin(loginInfo),
+                /login values can't be periods/);
+
+  loginInfo = TestData.formLogin({ formSubmitURL: "." });
+  Assert.throws(() => Services.logins.addLogin(loginInfo),
+                /login values can't be periods/);
+
+  // Test the sequence " (" inside the value of the "hostname" property.
+  loginInfo = TestData.formLogin({ hostname: "http://parens (.example.com" });
+  Assert.throws(() => Services.logins.addLogin(loginInfo),
+                /bad parens in hostname/);
+});
+
+/**
+ * Tests legacy validation with setLoginSavingEnabled.
+ */
+add_task(function test_setLoginSavingEnabled_invalid_characters_legacy()
+{
+  for (let hostname of ["http://newline\n.example.com",
+                        "http://carriagereturn.example.com\r",
+                        "."]) {
+    Assert.throws(() => Services.logins.setLoginSavingEnabled(hostname, false),
+                  /Invalid hostname/);
+  }
+});
diff --git a/toolkit/components/passwordmgr/test/unit/test_logins_change.js b/toolkit/components/passwordmgr/test/unit/test_logins_change.js
new file mode 100644
index 000000000..79c6d2f54
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_logins_change.js
@@ -0,0 +1,384 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+/**
+ * Tests methods that add, remove, and modify logins.
+ */
+
+"use strict";
+
+// Globals
+
+/**
+ * Verifies that the specified login is considered invalid by addLogin and by
+ * modifyLogin with both nsILoginInfo and nsIPropertyBag arguments.
+ *
+ * This test requires that the login store is empty.
+ *
+ * @param aLoginInfo
+ *        nsILoginInfo corresponding to an invalid login.
+ * @param aExpectedError
+ *        This argument is passed to the "Assert.throws" test to determine which
+ *        error is expected from the modification functions.
+ */
+function checkLoginInvalid(aLoginInfo, aExpectedError)
+{
+  // Try to add the new login, and verify that no data is stored.
+  Assert.throws(() => Services.logins.addLogin(aLoginInfo), aExpectedError);
+  LoginTestUtils.checkLogins([]);
+
+  // Add a login for the modification tests.
+  let testLogin = TestData.formLogin({ hostname: "http://modify.example.com" });
+  Services.logins.addLogin(testLogin);
+
+  // Try to modify the existing login using nsILoginInfo and nsIPropertyBag.
+  Assert.throws(() => Services.logins.modifyLogin(testLogin, aLoginInfo),
+                aExpectedError);
+  Assert.throws(() => Services.logins.modifyLogin(testLogin, newPropertyBag({
+    hostname: aLoginInfo.hostname,
+    formSubmitURL: aLoginInfo.formSubmitURL,
+    httpRealm: aLoginInfo.httpRealm,
+    username: aLoginInfo.username,
+    password: aLoginInfo.password,
+    usernameField: aLoginInfo.usernameField,
+    passwordField: aLoginInfo.passwordField,
+  })), aExpectedError);
+
+  // Verify that no data was stored by the previous calls.
+  LoginTestUtils.checkLogins([testLogin]);
+  Services.logins.removeLogin(testLogin);
+}
+
+/**
+ * Verifies that two objects are not the same instance
+ * but have equal attributes.
+ *
+ * @param {Object} objectA
+ *        An object to compare.
+ *
+ * @param {Object} objectB
+ *        Another object to compare.
+ *
+ * @param {string[]} attributes
+ *        Attributes to compare.
+ *
+ * @return true if all passed attributes are equal for both objects, false otherwise.
+ */
+function compareAttributes(objectA, objectB, attributes) {
+  // If it's the same object, we want to return false.
+  if (objectA == objectB) {
+    return false;
+  }
+  return attributes.every(attr => objectA[attr] == objectB[attr]);
+}
+
+// Tests
+
+/**
+ * Tests that adding logins to the database works.
+ */
+add_task(function test_addLogin_removeLogin()
+{
+  // Each login from the test data should be valid and added to the list.
+  for (let loginInfo of TestData.loginList()) {
+    Services.logins.addLogin(loginInfo);
+  }
+  LoginTestUtils.checkLogins(TestData.loginList());
+
+  // Trying to add each login again should result in an error.
+  for (let loginInfo of TestData.loginList()) {
+    Assert.throws(() => Services.logins.addLogin(loginInfo), /already exists/);
+  }
+
+  // Removing each login should succeed.
+  for (let loginInfo of TestData.loginList()) {
+    Services.logins.removeLogin(loginInfo);
+  }
+
+  LoginTestUtils.checkLogins([]);
+});
+
+/**
+ * Tests invalid combinations of httpRealm and formSubmitURL.
+ *
+ * For an nsILoginInfo to be valid for storage, one of the two properties should
+ * be strictly equal to null, and the other must not be null or an empty string.
+ *
+ * The legacy case of an empty string in formSubmitURL and a null value in
+ * httpRealm is also supported for storage at the moment.
+ */
+add_task(function test_invalid_httpRealm_formSubmitURL()
+{
+  // httpRealm === null, formSubmitURL === null
+  checkLoginInvalid(TestData.formLogin({ formSubmitURL: null }),
+                    /without a httpRealm or formSubmitURL/);
+
+  // httpRealm === "", formSubmitURL === null
+  checkLoginInvalid(TestData.authLogin({ httpRealm: "" }),
+                    /without a httpRealm or formSubmitURL/);
+
+  // httpRealm === null, formSubmitURL === ""
+  // This is not enforced for now.
+  // checkLoginInvalid(TestData.formLogin({ formSubmitURL: "" }),
+  //                   /without a httpRealm or formSubmitURL/);
+
+  // httpRealm === "", formSubmitURL === ""
+  checkLoginInvalid(TestData.formLogin({ formSubmitURL: "", httpRealm: "" }),
+                    /both a httpRealm and formSubmitURL/);
+
+  // !!httpRealm, !!formSubmitURL
+  checkLoginInvalid(TestData.formLogin({ httpRealm: "The HTTP Realm" }),
+                    /both a httpRealm and formSubmitURL/);
+
+  // httpRealm === "", !!formSubmitURL
+  checkLoginInvalid(TestData.formLogin({ httpRealm: "" }),
+                    /both a httpRealm and formSubmitURL/);
+
+  // !!httpRealm, formSubmitURL === ""
+  checkLoginInvalid(TestData.authLogin({ formSubmitURL: "" }),
+                    /both a httpRealm and formSubmitURL/);
+});
+
+/**
+ * Tests null or empty values in required login properties.
+ */
+add_task(function test_missing_properties()
+{
+  checkLoginInvalid(TestData.formLogin({ hostname: null }),
+                    /null or empty hostname/);
+
+  checkLoginInvalid(TestData.formLogin({ hostname: "" }),
+                    /null or empty hostname/);
+
+  checkLoginInvalid(TestData.formLogin({ username: null }),
+                    /null username/);
+
+  checkLoginInvalid(TestData.formLogin({ password: null }),
+                    /null or empty password/);
+
+  checkLoginInvalid(TestData.formLogin({ password: "" }),
+                    /null or empty password/);
+});
+
+/**
+ * Tests invalid NUL characters in nsILoginInfo properties.
+ */
+add_task(function test_invalid_characters()
+{
+  let loginList = [
+    TestData.authLogin({ hostname: "http://null\0X.example.com" }),
+    TestData.authLogin({ httpRealm: "realm\0" }),
+    TestData.formLogin({ formSubmitURL: "http://null\0X.example.com" }),
+    TestData.formLogin({ usernameField: "field\0_null" }),
+    TestData.formLogin({ usernameField: ".\0" }), // Special single dot case
+    TestData.formLogin({ passwordField: "field\0_null" }),
+    TestData.formLogin({ username: "user\0name" }),
+    TestData.formLogin({ password: "pass\0word" }),
+  ];
+  for (let loginInfo of loginList) {
+    checkLoginInvalid(loginInfo, /login values can't contain nulls/);
+  }
+});
+
+/**
+ * Tests removing a login that does not exists.
+ */
+add_task(function test_removeLogin_nonexisting()
+{
+  Assert.throws(() => Services.logins.removeLogin(TestData.formLogin()),
+                /No matching logins/);
+});
+
+/**
+ * Tests removing all logins at once.
+ */
+add_task(function test_removeAllLogins()
+{
+  for (let loginInfo of TestData.loginList()) {
+    Services.logins.addLogin(loginInfo);
+  }
+  Services.logins.removeAllLogins();
+  LoginTestUtils.checkLogins([]);
+
+  // The function should also work when there are no logins to delete.
+  Services.logins.removeAllLogins();
+});
+
+/**
+ * Tests the modifyLogin function with an nsILoginInfo argument.
+ */
+add_task(function test_modifyLogin_nsILoginInfo()
+{
+  let loginInfo = TestData.formLogin();
+  let updatedLoginInfo = TestData.formLogin({
+    username: "new username",
+    password: "new password",
+    usernameField: "new_form_field_username",
+    passwordField: "new_form_field_password",
+  });
+  let differentLoginInfo = TestData.authLogin();
+
+  // Trying to modify a login that does not exist should throw.
+  Assert.throws(() => Services.logins.modifyLogin(loginInfo, updatedLoginInfo),
+                /No matching logins/);
+
+  // Add the first form login, then modify it to match the second.
+  Services.logins.addLogin(loginInfo);
+  Services.logins.modifyLogin(loginInfo, updatedLoginInfo);
+
+  // The data should now match the second login.
+  LoginTestUtils.checkLogins([updatedLoginInfo]);
+  Assert.throws(() => Services.logins.modifyLogin(loginInfo, updatedLoginInfo),
+                /No matching logins/);
+
+  // The login can be changed to have a different type and hostname.
+  Services.logins.modifyLogin(updatedLoginInfo, differentLoginInfo);
+  LoginTestUtils.checkLogins([differentLoginInfo]);
+
+  // It is now possible to add a login with the old type and hostname.
+  Services.logins.addLogin(loginInfo);
+  LoginTestUtils.checkLogins([loginInfo, differentLoginInfo]);
+
+  // Modifying a login to match an existing one should not be possible.
+  Assert.throws(
+         () => Services.logins.modifyLogin(loginInfo, differentLoginInfo),
+         /already exists/);
+  LoginTestUtils.checkLogins([loginInfo, differentLoginInfo]);
+
+  LoginTestUtils.clearData();
+});
+
+/**
+ * Tests the modifyLogin function with an nsIPropertyBag argument.
+ */
+add_task(function test_modifyLogin_nsIProperyBag()
+{
+  let loginInfo = TestData.formLogin();
+  let updatedLoginInfo = TestData.formLogin({
+    username: "new username",
+    password: "new password",
+    usernameField: "",
+    passwordField: "new_form_field_password",
+  });
+  let differentLoginInfo = TestData.authLogin();
+  let differentLoginProperties = newPropertyBag({
+    hostname: differentLoginInfo.hostname,
+    formSubmitURL: differentLoginInfo.formSubmitURL,
+    httpRealm: differentLoginInfo.httpRealm,
+    username: differentLoginInfo.username,
+    password: differentLoginInfo.password,
+    usernameField: differentLoginInfo.usernameField,
+    passwordField: differentLoginInfo.passwordField,
+  });
+
+  // Trying to modify a login that does not exist should throw.
+  Assert.throws(() => Services.logins.modifyLogin(loginInfo, newPropertyBag()),
+                /No matching logins/);
+
+  // Add the first form login, then modify it to match the second, changing
+  // only some of its properties and checking the behavior with an empty string.
+  Services.logins.addLogin(loginInfo);
+  Services.logins.modifyLogin(loginInfo, newPropertyBag({
+    username: "new username",
+    password: "new password",
+    usernameField: "",
+    passwordField: "new_form_field_password",
+  }));
+
+  // The data should now match the second login.
+  LoginTestUtils.checkLogins([updatedLoginInfo]);
+  Assert.throws(() => Services.logins.modifyLogin(loginInfo, newPropertyBag()),
+                /No matching logins/);
+
+  // It is also possible to provide no properties to be modified.
+  Services.logins.modifyLogin(updatedLoginInfo, newPropertyBag());
+
+  // Specifying a null property for a required value should throw.
+  Assert.throws(() => Services.logins.modifyLogin(loginInfo, newPropertyBag({
+    usernameField: null,
+  })));
+
+  // The login can be changed to have a different type and hostname.
+  Services.logins.modifyLogin(updatedLoginInfo, differentLoginProperties);
+  LoginTestUtils.checkLogins([differentLoginInfo]);
+
+  // It is now possible to add a login with the old type and hostname.
+  Services.logins.addLogin(loginInfo);
+  LoginTestUtils.checkLogins([loginInfo, differentLoginInfo]);
+
+  // Modifying a login to match an existing one should not be possible.
+  Assert.throws(
+         () => Services.logins.modifyLogin(loginInfo, differentLoginProperties),
+         /already exists/);
+  LoginTestUtils.checkLogins([loginInfo, differentLoginInfo]);
+
+  LoginTestUtils.clearData();
+});
+
+/**
+ * Tests the login deduplication function.
+ */
+add_task(function test_deduplicate_logins() {
+  // Different key attributes combinations and the amount of unique
+  // results expected for the TestData login list.
+  let keyCombinations = [
+    {
+      keyset: ["username", "password"],
+      results: 13,
+    },
+    {
+      keyset: ["hostname", "username"],
+      results: 17,
+    },
+    {
+      keyset: ["hostname", "username", "password"],
+      results: 18,
+    },
+    {
+      keyset: ["hostname", "username", "password", "formSubmitURL"],
+      results: 23,
+    },
+  ];
+
+  let logins = TestData.loginList();
+
+  for (let testCase of keyCombinations) {
+    // Deduplicate the logins using the current testcase keyset.
+    let deduped = LoginHelper.dedupeLogins(logins, testCase.keyset);
+    Assert.equal(deduped.length, testCase.results, "Correct amount of results.");
+
+    // Checks that every login after deduping is unique.
+    Assert.ok(deduped.every(loginA =>
+      deduped.every(loginB => !compareAttributes(loginA, loginB, testCase.keyset))
+    ), "Every login is unique.");
+  }
+});
+
+/**
+ * Ensure that the login deduplication function keeps the most recent login.
+ */
+add_task(function test_deduplicate_keeps_most_recent() {
+  // Logins to deduplicate.
+  let logins = [
+    TestData.formLogin({timeLastUsed: Date.UTC(2004, 11, 4, 0, 0, 0)}),
+    TestData.formLogin({formSubmitURL: "http://example.com", timeLastUsed: Date.UTC(2015, 11, 4, 0, 0, 0)}),
+  ];
+
+  // Deduplicate the logins.
+  let deduped = LoginHelper.dedupeLogins(logins);
+  Assert.equal(deduped.length, 1, "Deduplicated the logins array.");
+
+  // Verify that the remaining login have the most recent date.
+  let loginTimeLastUsed = deduped[0].QueryInterface(Ci.nsILoginMetaInfo).timeLastUsed;
+  Assert.equal(loginTimeLastUsed, Date.UTC(2015, 11, 4, 0, 0, 0), "Most recent login was kept.");
+
+  // Deduplicate the reverse logins array.
+  deduped = LoginHelper.dedupeLogins(logins.reverse());
+  Assert.equal(deduped.length, 1, "Deduplicated the reversed logins array.");
+
+  // Verify that the remaining login have the most recent date.
+  loginTimeLastUsed = deduped[0].QueryInterface(Ci.nsILoginMetaInfo).timeLastUsed;
+  Assert.equal(loginTimeLastUsed, Date.UTC(2015, 11, 4, 0, 0, 0), "Most recent login was kept.");
+});
diff --git a/toolkit/components/passwordmgr/test/unit/test_logins_decrypt_failure.js b/toolkit/components/passwordmgr/test/unit/test_logins_decrypt_failure.js
new file mode 100644
index 000000000..ffbedb4de
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_logins_decrypt_failure.js
@@ -0,0 +1,77 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+/**
+ * Tests the case where there are logins that cannot be decrypted.
+ */
+
+"use strict";
+
+// Globals
+
+/**
+ * Resets the token used to decrypt logins.  This is equivalent to resetting the
+ * master password when it is not known.
+ */
+function resetMasterPassword()
+{
+  let token = Cc["@mozilla.org/security/pk11tokendb;1"]
+                .getService(Ci.nsIPK11TokenDB).getInternalKeyToken();
+  token.reset();
+  token.changePassword("", "");
+}
+
+// Tests
+
+/**
+ * Resets the master password after some logins were added to the database.
+ */
+add_task(function test_logins_decrypt_failure()
+{
+  let logins = TestData.loginList();
+  for (let loginInfo of logins) {
+    Services.logins.addLogin(loginInfo);
+  }
+
+  // This makes the existing logins non-decryptable.
+  resetMasterPassword();
+
+  // These functions don't see the non-decryptable entries anymore.
+  do_check_eq(Services.logins.getAllLogins().length, 0);
+  do_check_eq(Services.logins.findLogins({}, "", "", "").length, 0);
+  do_check_eq(Services.logins.searchLogins({}, newPropertyBag()).length, 0);
+  Assert.throws(() => Services.logins.modifyLogin(logins[0], newPropertyBag()),
+                      /No matching logins/);
+  Assert.throws(() => Services.logins.removeLogin(logins[0]),
+                      /No matching logins/);
+
+  // The function that counts logins sees the non-decryptable entries also.
+  do_check_eq(Services.logins.countLogins("", "", ""), logins.length);
+
+  // Equivalent logins can be added.
+  for (let loginInfo of logins) {
+    Services.logins.addLogin(loginInfo);
+  }
+  LoginTestUtils.checkLogins(logins);
+  do_check_eq(Services.logins.countLogins("", "", ""), logins.length * 2);
+
+  // Finding logins doesn't return the non-decryptable duplicates.
+  do_check_eq(Services.logins.findLogins({}, "http://www.example.com",
+                                         "", "").length, 1);
+  let matchData = newPropertyBag({ hostname: "http://www.example.com" });
+  do_check_eq(Services.logins.searchLogins({}, matchData).length, 1);
+
+  // Removing single logins does not remove non-decryptable logins.
+  for (let loginInfo of TestData.loginList()) {
+    Services.logins.removeLogin(loginInfo);
+  }
+  do_check_eq(Services.logins.getAllLogins().length, 0);
+  do_check_eq(Services.logins.countLogins("", "", ""), logins.length);
+
+  // Removing all logins removes the non-decryptable entries also.
+  Services.logins.removeAllLogins();
+  do_check_eq(Services.logins.getAllLogins().length, 0);
+  do_check_eq(Services.logins.countLogins("", "", ""), 0);
+});
diff --git a/toolkit/components/passwordmgr/test/unit/test_logins_metainfo.js b/toolkit/components/passwordmgr/test/unit/test_logins_metainfo.js
new file mode 100644
index 000000000..38344aa7d
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_logins_metainfo.js
@@ -0,0 +1,284 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+/**
+ * Tests the handling of nsILoginMetaInfo by methods that add, remove, modify,
+ * and find logins.
+ */
+
+"use strict";
+
+// Globals
+
+XPCOMUtils.defineLazyServiceGetter(this, "gUUIDGenerator",
+                                   "@mozilla.org/uuid-generator;1",
+                                   "nsIUUIDGenerator");
+
+var gLooksLikeUUIDRegex = /^\{\w{8}-\w{4}-\w{4}-\w{4}-\w{12}\}$/;
+
+/**
+ * Retrieves the only login among the current data that matches the hostname of
+ * the given nsILoginInfo.  In case there is more than one login for the
+ * hostname, the test fails.
+ */
+function retrieveLoginMatching(aLoginInfo)
+{
+  let logins = Services.logins.findLogins({}, aLoginInfo.hostname, "", "");
+  do_check_eq(logins.length, 1);
+  return logins[0].QueryInterface(Ci.nsILoginMetaInfo);
+}
+
+/**
+ * Checks that the nsILoginInfo and nsILoginMetaInfo properties of two different
+ * login instances are equal.
+ */
+function assertMetaInfoEqual(aActual, aExpected)
+{
+  do_check_neq(aActual, aExpected);
+
+  // Check the nsILoginInfo properties.
+  do_check_true(aActual.equals(aExpected));
+
+  // Check the nsILoginMetaInfo properties.
+  do_check_eq(aActual.guid, aExpected.guid);
+  do_check_eq(aActual.timeCreated, aExpected.timeCreated);
+  do_check_eq(aActual.timeLastUsed, aExpected.timeLastUsed);
+  do_check_eq(aActual.timePasswordChanged, aExpected.timePasswordChanged);
+  do_check_eq(aActual.timesUsed, aExpected.timesUsed);
+}
+
+/**
+ * nsILoginInfo instances with or without nsILoginMetaInfo properties.
+ */
+var gLoginInfo1;
+var gLoginInfo2;
+var gLoginInfo3;
+
+/**
+ * nsILoginInfo instances reloaded with all the nsILoginMetaInfo properties.
+ * These are often used to provide the reference values to test against.
+ */
+var gLoginMetaInfo1;
+var gLoginMetaInfo2;
+var gLoginMetaInfo3;
+
+// Tests
+
+/**
+ * Prepare the test objects that will be used by the following tests.
+ */
+add_task(function test_initialize()
+{
+  // Use a reference time from ten minutes ago to initialize one instance of
+  // nsILoginMetaInfo, to test that reference times are updated when needed.
+  let baseTimeMs = Date.now() - 600000;
+
+  gLoginInfo1 = TestData.formLogin();
+  gLoginInfo2 = TestData.formLogin({
+    hostname: "http://other.example.com",
+    guid: gUUIDGenerator.generateUUID().toString(),
+    timeCreated: baseTimeMs,
+    timeLastUsed: baseTimeMs + 2,
+    timePasswordChanged: baseTimeMs + 1,
+    timesUsed: 2,
+  });
+  gLoginInfo3 = TestData.authLogin();
+});
+
+/**
+ * Tests the behavior of addLogin with regard to metadata.  The logins added
+ * here are also used by the following tests.
+ */
+add_task(function test_addLogin_metainfo()
+{
+  // Add a login without metadata to the database.
+  Services.logins.addLogin(gLoginInfo1);
+
+  // The object provided to addLogin should not have been modified.
+  do_check_eq(gLoginInfo1.guid, null);
+  do_check_eq(gLoginInfo1.timeCreated, 0);
+  do_check_eq(gLoginInfo1.timeLastUsed, 0);
+  do_check_eq(gLoginInfo1.timePasswordChanged, 0);
+  do_check_eq(gLoginInfo1.timesUsed, 0);
+
+  // A login with valid metadata should have been stored.
+  gLoginMetaInfo1 = retrieveLoginMatching(gLoginInfo1);
+  do_check_true(gLooksLikeUUIDRegex.test(gLoginMetaInfo1.guid));
+  let creationTime = gLoginMetaInfo1.timeCreated;
+  LoginTestUtils.assertTimeIsAboutNow(creationTime);
+  do_check_eq(gLoginMetaInfo1.timeLastUsed, creationTime);
+  do_check_eq(gLoginMetaInfo1.timePasswordChanged, creationTime);
+  do_check_eq(gLoginMetaInfo1.timesUsed, 1);
+
+  // Add a login without metadata to the database.
+  let originalLogin = gLoginInfo2.clone().QueryInterface(Ci.nsILoginMetaInfo);
+  Services.logins.addLogin(gLoginInfo2);
+
+  // The object provided to addLogin should not have been modified.
+  assertMetaInfoEqual(gLoginInfo2, originalLogin);
+
+  // A login with the provided metadata should have been stored.
+  gLoginMetaInfo2 = retrieveLoginMatching(gLoginInfo2);
+  assertMetaInfoEqual(gLoginMetaInfo2, gLoginInfo2);
+
+  // Add an authentication login to the database before continuing.
+  Services.logins.addLogin(gLoginInfo3);
+  gLoginMetaInfo3 = retrieveLoginMatching(gLoginInfo3);
+  LoginTestUtils.checkLogins([gLoginInfo1, gLoginInfo2, gLoginInfo3]);
+});
+
+/**
+ * Tests that adding a login with a duplicate GUID throws an exception.
+ */
+add_task(function test_addLogin_metainfo_duplicate()
+{
+  let loginInfo = TestData.formLogin({
+    hostname: "http://duplicate.example.com",
+    guid: gLoginMetaInfo2.guid,
+  });
+  Assert.throws(() => Services.logins.addLogin(loginInfo),
+                /specified GUID already exists/);
+
+  // Verify that no data was stored by the previous call.
+  LoginTestUtils.checkLogins([gLoginInfo1, gLoginInfo2, gLoginInfo3]);
+});
+
+/**
+ * Tests that the existing metadata is not changed when modifyLogin is called
+ * with an nsILoginInfo argument.
+ */
+add_task(function test_modifyLogin_nsILoginInfo_metainfo_ignored()
+{
+  let newLoginInfo = gLoginInfo1.clone().QueryInterface(Ci.nsILoginMetaInfo);
+  newLoginInfo.guid = gUUIDGenerator.generateUUID().toString();
+  newLoginInfo.timeCreated = Date.now();
+  newLoginInfo.timeLastUsed = Date.now();
+  newLoginInfo.timePasswordChanged = Date.now();
+  newLoginInfo.timesUsed = 12;
+  Services.logins.modifyLogin(gLoginInfo1, newLoginInfo);
+
+  newLoginInfo = retrieveLoginMatching(gLoginInfo1);
+  assertMetaInfoEqual(newLoginInfo, gLoginMetaInfo1);
+});
+
+/**
+ * Tests the modifyLogin function with an nsIProperyBag argument.
+ */
+add_task(function test_modifyLogin_nsIProperyBag_metainfo()
+{
+  // Use a new reference time that is two minutes from now.
+  let newTimeMs = Date.now() + 120000;
+  let newUUIDValue = gUUIDGenerator.generateUUID().toString();
+
+  // Check that properties are changed as requested.
+  Services.logins.modifyLogin(gLoginInfo1, newPropertyBag({
+    guid: newUUIDValue,
+    timeCreated: newTimeMs,
+    timeLastUsed: newTimeMs + 2,
+    timePasswordChanged: newTimeMs + 1,
+    timesUsed: 2,
+  }));
+
+  gLoginMetaInfo1 = retrieveLoginMatching(gLoginInfo1);
+  do_check_eq(gLoginMetaInfo1.guid, newUUIDValue);
+  do_check_eq(gLoginMetaInfo1.timeCreated, newTimeMs);
+  do_check_eq(gLoginMetaInfo1.timeLastUsed, newTimeMs + 2);
+  do_check_eq(gLoginMetaInfo1.timePasswordChanged, newTimeMs + 1);
+  do_check_eq(gLoginMetaInfo1.timesUsed, 2);
+
+  // Check that timePasswordChanged is updated when changing the password.
+  let originalLogin = gLoginInfo2.clone().QueryInterface(Ci.nsILoginMetaInfo);
+  Services.logins.modifyLogin(gLoginInfo2, newPropertyBag({
+    password: "new password",
+  }));
+  gLoginInfo2.password = "new password";
+
+  gLoginMetaInfo2 = retrieveLoginMatching(gLoginInfo2);
+  do_check_eq(gLoginMetaInfo2.password, gLoginInfo2.password);
+  do_check_eq(gLoginMetaInfo2.timeCreated, originalLogin.timeCreated);
+  do_check_eq(gLoginMetaInfo2.timeLastUsed, originalLogin.timeLastUsed);
+  LoginTestUtils.assertTimeIsAboutNow(gLoginMetaInfo2.timePasswordChanged);
+
+  // Check that timePasswordChanged is not set to the current time when changing
+  // the password and specifying a new value for the property at the same time.
+  Services.logins.modifyLogin(gLoginInfo2, newPropertyBag({
+    password: "other password",
+    timePasswordChanged: newTimeMs,
+  }));
+  gLoginInfo2.password = "other password";
+
+  gLoginMetaInfo2 = retrieveLoginMatching(gLoginInfo2);
+  do_check_eq(gLoginMetaInfo2.password, gLoginInfo2.password);
+  do_check_eq(gLoginMetaInfo2.timeCreated, originalLogin.timeCreated);
+  do_check_eq(gLoginMetaInfo2.timeLastUsed, originalLogin.timeLastUsed);
+  do_check_eq(gLoginMetaInfo2.timePasswordChanged, newTimeMs);
+
+  // Check the special timesUsedIncrement property.
+  Services.logins.modifyLogin(gLoginInfo2, newPropertyBag({
+    timesUsedIncrement: 2,
+  }));
+
+  gLoginMetaInfo2 = retrieveLoginMatching(gLoginInfo2);
+  do_check_eq(gLoginMetaInfo2.timeCreated, originalLogin.timeCreated);
+  do_check_eq(gLoginMetaInfo2.timeLastUsed, originalLogin.timeLastUsed);
+  do_check_eq(gLoginMetaInfo2.timePasswordChanged, newTimeMs);
+  do_check_eq(gLoginMetaInfo2.timesUsed, 4);
+});
+
+/**
+ * Tests that modifying a login to a duplicate GUID throws an exception.
+ */
+add_task(function test_modifyLogin_nsIProperyBag_metainfo_duplicate()
+{
+  Assert.throws(() => Services.logins.modifyLogin(gLoginInfo1, newPropertyBag({
+    guid: gLoginInfo2.guid,
+  })), /specified GUID already exists/);
+  LoginTestUtils.checkLogins([gLoginInfo1, gLoginInfo2, gLoginInfo3]);
+});
+
+/**
+ * Tests searching logins using nsILoginMetaInfo properties.
+ */
+add_task(function test_searchLogins_metainfo()
+{
+  // Find by GUID.
+  let logins = Services.logins.searchLogins({}, newPropertyBag({
+    guid: gLoginMetaInfo1.guid,
+  }));
+  do_check_eq(logins.length, 1);
+  let foundLogin = logins[0].QueryInterface(Ci.nsILoginMetaInfo);
+  assertMetaInfoEqual(foundLogin, gLoginMetaInfo1);
+
+  // Find by timestamp.
+  logins = Services.logins.searchLogins({}, newPropertyBag({
+    timePasswordChanged: gLoginMetaInfo2.timePasswordChanged,
+  }));
+  do_check_eq(logins.length, 1);
+  foundLogin = logins[0].QueryInterface(Ci.nsILoginMetaInfo);
+  assertMetaInfoEqual(foundLogin, gLoginMetaInfo2);
+
+  // Find using two properties at the same time.
+  logins = Services.logins.searchLogins({}, newPropertyBag({
+    guid: gLoginMetaInfo3.guid,
+    timePasswordChanged: gLoginMetaInfo3.timePasswordChanged,
+  }));
+  do_check_eq(logins.length, 1);
+  foundLogin = logins[0].QueryInterface(Ci.nsILoginMetaInfo);
+  assertMetaInfoEqual(foundLogin, gLoginMetaInfo3);
+});
+
+/**
+ * Tests that the default nsILoginManagerStorage module attached to the Login
+ * Manager service is able to save and reload nsILoginMetaInfo properties.
+ */
+add_task(function* test_storage_metainfo()
+{
+  yield* LoginTestUtils.reloadData();
+  LoginTestUtils.checkLogins([gLoginInfo1, gLoginInfo2, gLoginInfo3]);
+
+  assertMetaInfoEqual(retrieveLoginMatching(gLoginInfo1), gLoginMetaInfo1);
+  assertMetaInfoEqual(retrieveLoginMatching(gLoginInfo2), gLoginMetaInfo2);
+  assertMetaInfoEqual(retrieveLoginMatching(gLoginInfo3), gLoginMetaInfo3);
+});
diff --git a/toolkit/components/passwordmgr/test/unit/test_logins_search.js b/toolkit/components/passwordmgr/test/unit/test_logins_search.js
new file mode 100644
index 000000000..188c75039
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_logins_search.js
@@ -0,0 +1,221 @@
+/*
+ * Tests methods that find specific logins in the store (findLogins,
+ * searchLogins, and countLogins).
+ *
+ * The getAllLogins method is not tested explicitly here, because it is used by
+ * all tests to verify additions, removals and modifications to the login store.
+ */
+
+"use strict";
+
+// Globals
+
+/**
+ * Returns a list of new nsILoginInfo objects that are a subset of the test
+ * data, built to match the specified query.
+ *
+ * @param aQuery
+ *        Each property and value of this object restricts the search to those
+ *        entries from the test data that match the property exactly.
+ */
+function buildExpectedLogins(aQuery)
+{
+  return TestData.loginList().filter(
+    entry => Object.keys(aQuery).every(name => entry[name] === aQuery[name]));
+}
+
+/**
+ * Tests the searchLogins function.
+ *
+ * @param aQuery
+ *        Each property and value of this object is translated to an entry in
+ *        the nsIPropertyBag parameter of searchLogins.
+ * @param aExpectedCount
+ *        Number of logins from the test data that should be found.  The actual
+ *        list of logins is obtained using the buildExpectedLogins helper, and
+ *        this value is just used to verify that modifications to the test data
+ *        don't make the current test meaningless.
+ */
+function checkSearchLogins(aQuery, aExpectedCount)
+{
+  do_print("Testing searchLogins for " + JSON.stringify(aQuery));
+
+  let expectedLogins = buildExpectedLogins(aQuery);
+  do_check_eq(expectedLogins.length, aExpectedCount);
+
+  let outCount = {};
+  let logins = Services.logins.searchLogins(outCount, newPropertyBag(aQuery));
+  do_check_eq(outCount.value, expectedLogins.length);
+  LoginTestUtils.assertLoginListsEqual(logins, expectedLogins);
+}
+
+/**
+ * Tests findLogins, searchLogins, and countLogins with the same query.
+ *
+ * @param aQuery
+ *        The "hostname", "formSubmitURL", and "httpRealm" properties of this
+ *        object are passed as parameters to findLogins and countLogins.  The
+ *        same object is then passed to the checkSearchLogins function.
+ * @param aExpectedCount
+ *        Number of logins from the test data that should be found.  The actual
+ *        list of logins is obtained using the buildExpectedLogins helper, and
+ *        this value is just used to verify that modifications to the test data
+ *        don't make the current test meaningless.
+ */
+function checkAllSearches(aQuery, aExpectedCount)
+{
+  do_print("Testing all search functions for " + JSON.stringify(aQuery));
+
+  let expectedLogins = buildExpectedLogins(aQuery);
+  do_check_eq(expectedLogins.length, aExpectedCount);
+
+  // The findLogins and countLogins functions support wildcard matches by
+  // specifying empty strings as parameters, while searchLogins requires
+  // omitting the property entirely.
+  let hostname = ("hostname" in aQuery) ? aQuery.hostname : "";
+  let formSubmitURL = ("formSubmitURL" in aQuery) ? aQuery.formSubmitURL : "";
+  let httpRealm = ("httpRealm" in aQuery) ? aQuery.httpRealm : "";
+
+  // Test findLogins.
+  let outCount = {};
+  let logins = Services.logins.findLogins(outCount, hostname, formSubmitURL,
+                                          httpRealm);
+  do_check_eq(outCount.value, expectedLogins.length);
+  LoginTestUtils.assertLoginListsEqual(logins, expectedLogins);
+
+  // Test countLogins.
+  let count = Services.logins.countLogins(hostname, formSubmitURL, httpRealm);
+  do_check_eq(count, expectedLogins.length);
+
+  // Test searchLogins.
+  checkSearchLogins(aQuery, aExpectedCount);
+}
+
+// Tests
+
+/**
+ * Prepare data for the following tests.
+ */
+add_task(function test_initialize()
+{
+  for (let login of TestData.loginList()) {
+    Services.logins.addLogin(login);
+  }
+});
+
+/**
+ * Tests findLogins, searchLogins, and countLogins with basic queries.
+ */
+add_task(function test_search_all_basic()
+{
+  // Find all logins, using no filters in the search functions.
+  checkAllSearches({}, 23);
+
+  // Find all form logins, then all authentication logins.
+  checkAllSearches({ httpRealm: null }, 14);
+  checkAllSearches({ formSubmitURL: null }, 9);
+
+  // Find all form logins on one host, then all authentication logins.
+  checkAllSearches({ hostname: "http://www4.example.com",
+                     httpRealm: null }, 3);
+  checkAllSearches({ hostname: "http://www2.example.org",
+                     formSubmitURL: null }, 2);
+
+  // Verify that scheme and subdomain are distinct in the hostname.
+  checkAllSearches({ hostname: "http://www.example.com" }, 1);
+  checkAllSearches({ hostname: "https://www.example.com" }, 1);
+  checkAllSearches({ hostname: "https://example.com" }, 1);
+  checkAllSearches({ hostname: "http://www3.example.com" }, 3);
+
+  // Verify that scheme and subdomain are distinct in formSubmitURL.
+  checkAllSearches({ formSubmitURL: "http://www.example.com" }, 2);
+  checkAllSearches({ formSubmitURL: "https://www.example.com" }, 2);
+  checkAllSearches({ formSubmitURL: "http://example.com" }, 1);
+
+  // Find by formSubmitURL on a single host.
+  checkAllSearches({ hostname: "http://www3.example.com",
+                     formSubmitURL: "http://www.example.com" }, 1);
+  checkAllSearches({ hostname: "http://www3.example.com",
+                     formSubmitURL: "https://www.example.com" }, 1);
+  checkAllSearches({ hostname: "http://www3.example.com",
+                     formSubmitURL: "http://example.com" }, 1);
+
+  // Find by httpRealm on all hosts.
+  checkAllSearches({ httpRealm: "The HTTP Realm" }, 3);
+  checkAllSearches({ httpRealm: "ftp://ftp.example.org" }, 1);
+  checkAllSearches({ httpRealm: "The HTTP Realm Other" }, 2);
+
+  // Find by httpRealm on a single host.
+  checkAllSearches({ hostname: "http://example.net",
+                     httpRealm: "The HTTP Realm" }, 1);
+  checkAllSearches({ hostname: "http://example.net",
+                     httpRealm: "The HTTP Realm Other" }, 1);
+  checkAllSearches({ hostname: "ftp://example.net",
+                     httpRealm: "ftp://example.net" }, 1);
+});
+
+/**
+ * Tests searchLogins with advanced queries.
+ */
+add_task(function test_searchLogins()
+{
+  checkSearchLogins({ usernameField: "form_field_username" }, 12);
+  checkSearchLogins({ passwordField: "form_field_password" }, 13);
+
+  // Find all logins with an empty usernameField, including for authentication.
+  checkSearchLogins({ usernameField: "" }, 11);
+
+  // Find form logins with an empty usernameField.
+  checkSearchLogins({ httpRealm: null,
+                      usernameField: "" }, 2);
+
+  // Find logins with an empty usernameField on one host.
+  checkSearchLogins({ hostname: "http://www6.example.com",
+                      usernameField: "" }, 1);
+});
+
+/**
+ * Tests searchLogins with invalid arguments.
+ */
+add_task(function test_searchLogins_invalid()
+{
+  Assert.throws(() => Services.logins.searchLogins({},
+                                      newPropertyBag({ username: "value" })),
+                /Unexpected field/);
+});
+
+/**
+ * Tests that matches are case-sensitive, compare the full field value, and are
+ * strict when interpreting the prePath of URIs.
+ */
+add_task(function test_search_all_full_case_sensitive()
+{
+  checkAllSearches({ hostname: "http://www.example.com" }, 1);
+  checkAllSearches({ hostname: "http://www.example.com/" }, 0);
+  checkAllSearches({ hostname: "http://" }, 0);
+  checkAllSearches({ hostname: "example.com" }, 0);
+
+  checkAllSearches({ formSubmitURL: "http://www.example.com" }, 2);
+  checkAllSearches({ formSubmitURL: "http://www.example.com/" }, 0);
+  checkAllSearches({ formSubmitURL: "http://" }, 0);
+  checkAllSearches({ formSubmitURL: "example.com" }, 0);
+
+  checkAllSearches({ httpRealm: "The HTTP Realm" }, 3);
+  checkAllSearches({ httpRealm: "The http Realm" }, 0);
+  checkAllSearches({ httpRealm: "The HTTP" }, 0);
+  checkAllSearches({ httpRealm: "Realm" }, 0);
+});
+
+/**
+ * Tests findLogins, searchLogins, and countLogins with queries that should
+ * return no values.
+ */
+add_task(function test_search_all_empty()
+{
+  checkAllSearches({ hostname: "http://nonexistent.example.com" }, 0);
+  checkAllSearches({ formSubmitURL: "http://www.example.com",
+                     httpRealm: "The HTTP Realm" }, 0);
+
+  checkSearchLogins({ hostname: "" }, 0);
+  checkSearchLogins({ id: "1000" }, 0);
+});
diff --git a/toolkit/components/passwordmgr/test/unit/test_maybeImportLogin.js b/toolkit/components/passwordmgr/test/unit/test_maybeImportLogin.js
new file mode 100644
index 000000000..19175df59
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_maybeImportLogin.js
@@ -0,0 +1,169 @@
+"use strict";
+
+Cu.import("resource://gre/modules/Services.jsm");
+Cu.import("resource://gre/modules/LoginHelper.jsm");
+
+const HOST1 = "https://www.example.com/";
+const HOST2 = "https://www.mozilla.org/";
+
+const USER1 = "myuser";
+const USER2 = "anotheruser";
+
+const PASS1 = "mypass";
+const PASS2 = "anotherpass";
+const PASS3 = "yetanotherpass";
+
+add_task(function test_new_logins() {
+  let importedLogin = LoginHelper.maybeImportLogin({
+    username: USER1,
+    password: PASS1,
+    hostname: HOST1,
+    formSubmitURL: HOST1,
+  });
+  Assert.ok(importedLogin, "Return value should indicate imported login.");
+  let matchingLogins = LoginHelper.searchLoginsWithObject({hostname: HOST1});
+  Assert.equal(matchingLogins.length, 1, `There should be 1 login for ${HOST1}`);
+
+  importedLogin = LoginHelper.maybeImportLogin({
+    username: USER1,
+    password: PASS1,
+    hostname: HOST2,
+    formSubmitURL: HOST2,
+  });
+
+  Assert.ok(importedLogin, "Return value should indicate another imported login.");
+  matchingLogins = LoginHelper.searchLoginsWithObject({hostname: HOST1});
+  Assert.equal(matchingLogins.length, 1, `There should still be 1 login for ${HOST1}`);
+
+  matchingLogins = LoginHelper.searchLoginsWithObject({hostname: HOST2});
+  Assert.equal(matchingLogins.length, 1, `There should also be 1 login for ${HOST2}`);
+  Assert.equal(Services.logins.getAllLogins().length, 2, "There should be 2 logins in total");
+  Services.logins.removeAllLogins();
+});
+
+add_task(function test_duplicate_logins() {
+  let importedLogin = LoginHelper.maybeImportLogin({
+    username: USER1,
+    password: PASS1,
+    hostname: HOST1,
+    formSubmitURL: HOST1,
+  });
+  Assert.ok(importedLogin, "Return value should indicate imported login.");
+  let matchingLogins = LoginHelper.searchLoginsWithObject({hostname: HOST1});
+  Assert.equal(matchingLogins.length, 1, `There should be 1 login for ${HOST1}`);
+
+  importedLogin = LoginHelper.maybeImportLogin({
+    username: USER1,
+    password: PASS1,
+    hostname: HOST1,
+    formSubmitURL: HOST1,
+  });
+  Assert.ok(!importedLogin, "Return value should indicate no new login was imported.");
+  matchingLogins = LoginHelper.searchLoginsWithObject({hostname: HOST1});
+  Assert.equal(matchingLogins.length, 1, `There should still be 1 login for ${HOST1}`);
+  Services.logins.removeAllLogins();
+});
+
+add_task(function test_different_passwords() {
+  let importedLogin = LoginHelper.maybeImportLogin({
+    username: USER1,
+    password: PASS1,
+    hostname: HOST1,
+    formSubmitURL: HOST1,
+    timeCreated: new Date(Date.now() - 1000),
+  });
+  Assert.ok(importedLogin, "Return value should indicate imported login.");
+  let matchingLogins = LoginHelper.searchLoginsWithObject({hostname: HOST1});
+  Assert.equal(matchingLogins.length, 1, `There should be 1 login for ${HOST1}`);
+
+  // This item will be newer, so its password should take precedence.
+  importedLogin = LoginHelper.maybeImportLogin({
+    username: USER1,
+    password: PASS2,
+    hostname: HOST1,
+    formSubmitURL: HOST1,
+    timeCreated: new Date(),
+  });
+  Assert.ok(!importedLogin, "Return value should not indicate imported login (as we updated an existing one).");
+  matchingLogins = LoginHelper.searchLoginsWithObject({hostname: HOST1});
+  Assert.equal(matchingLogins.length, 1, `There should still be 1 login for ${HOST1}`);
+  Assert.equal(matchingLogins[0].password, PASS2, "We should have updated the password for this login.");
+
+  // Now try to update with an older password:
+  importedLogin = LoginHelper.maybeImportLogin({
+    username: USER1,
+    password: PASS3,
+    hostname: HOST1,
+    formSubmitURL: HOST1,
+    timeCreated: new Date(Date.now() - 1000000),
+  });
+  Assert.ok(!importedLogin, "Return value should not indicate imported login (as we didn't update anything).");
+  matchingLogins = LoginHelper.searchLoginsWithObject({hostname: HOST1});
+  Assert.equal(matchingLogins.length, 1, `There should still be 1 login for ${HOST1}`);
+  Assert.equal(matchingLogins[0].password, PASS2, "We should NOT have updated the password for this login.");
+
+  Services.logins.removeAllLogins();
+});
+
+add_task(function test_different_usernames() {
+  let importedLogin = LoginHelper.maybeImportLogin({
+    username: USER1,
+    password: PASS1,
+    hostname: HOST1,
+    formSubmitURL: HOST1,
+  });
+  Assert.ok(importedLogin, "Return value should indicate imported login.");
+  let matchingLogins = LoginHelper.searchLoginsWithObject({hostname: HOST1});
+  Assert.equal(matchingLogins.length, 1, `There should be 1 login for ${HOST1}`);
+
+  importedLogin = LoginHelper.maybeImportLogin({
+    username: USER2,
+    password: PASS1,
+    hostname: HOST1,
+    formSubmitURL: HOST1,
+  });
+  Assert.ok(importedLogin, "Return value should indicate another imported login.");
+  matchingLogins = LoginHelper.searchLoginsWithObject({hostname: HOST1});
+  Assert.equal(matchingLogins.length, 2, `There should now be 2 logins for ${HOST1}`);
+
+  Services.logins.removeAllLogins();
+});
+
+add_task(function test_different_targets() {
+  let importedLogin = LoginHelper.maybeImportLogin({
+    username: USER1,
+    password: PASS1,
+    hostname: HOST1,
+    formSubmitURL: HOST1,
+  });
+  Assert.ok(importedLogin, "Return value should indicate imported login.");
+  let matchingLogins = LoginHelper.searchLoginsWithObject({hostname: HOST1});
+  Assert.equal(matchingLogins.length, 1, `There should be 1 login for ${HOST1}`);
+
+  // Not passing either a formSubmitURL or a httpRealm should be treated as
+  // the same as the previous login
+  importedLogin = LoginHelper.maybeImportLogin({
+    username: USER1,
+    password: PASS1,
+    hostname: HOST1,
+  });
+  Assert.ok(!importedLogin, "Return value should NOT indicate imported login " +
+    "(because a missing formSubmitURL and httpRealm should be duped to the existing login).");
+  matchingLogins = LoginHelper.searchLoginsWithObject({hostname: HOST1});
+  Assert.equal(matchingLogins.length, 1, `There should still be 1 login for ${HOST1}`);
+  Assert.equal(matchingLogins[0].formSubmitURL, HOST1, "The form submission URL should have been kept.");
+
+  importedLogin = LoginHelper.maybeImportLogin({
+    username: USER1,
+    password: PASS1,
+    hostname: HOST1,
+    httpRealm: HOST1,
+  });
+  Assert.ok(importedLogin, "Return value should indicate another imported login " +
+    "as an httpRealm login shouldn't be duped.");
+  matchingLogins = LoginHelper.searchLoginsWithObject({hostname: HOST1});
+  Assert.equal(matchingLogins.length, 2, `There should now be 2 logins for ${HOST1}`);
+
+  Services.logins.removeAllLogins();
+});
+
diff --git a/toolkit/components/passwordmgr/test/unit/test_module_LoginImport.js b/toolkit/components/passwordmgr/test/unit/test_module_LoginImport.js
new file mode 100644
index 000000000..b8793e1bd
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_module_LoginImport.js
@@ -0,0 +1,243 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+/**
+ * Tests the LoginImport object.
+ */
+
+"use strict";
+
+// Globals
+
+Cu.import("resource://gre/modules/Task.jsm");
+
+XPCOMUtils.defineLazyModuleGetter(this, "LoginHelper",
+                                  "resource://gre/modules/LoginHelper.jsm");
+XPCOMUtils.defineLazyModuleGetter(this, "LoginImport",
+                                  "resource://gre/modules/LoginImport.jsm");
+XPCOMUtils.defineLazyModuleGetter(this, "LoginStore",
+                                  "resource://gre/modules/LoginStore.jsm");
+XPCOMUtils.defineLazyModuleGetter(this, "Sqlite",
+                                  "resource://gre/modules/Sqlite.jsm");
+
+XPCOMUtils.defineLazyServiceGetter(this, "gLoginManagerCrypto",
+                                   "@mozilla.org/login-manager/crypto/SDR;1",
+                                   "nsILoginManagerCrypto");
+XPCOMUtils.defineLazyServiceGetter(this, "gUUIDGenerator",
+                                   "@mozilla.org/uuid-generator;1",
+                                   "nsIUUIDGenerator");
+
+/**
+ * Creates empty login data tables in the given SQLite connection, resembling
+ * the most recent schema version (excluding indices).
+ */
+function promiseCreateDatabaseSchema(aConnection)
+{
+  return Task.spawn(function* () {
+    yield aConnection.setSchemaVersion(5);
+    yield aConnection.execute("CREATE TABLE moz_logins (" +
+                              "id                  INTEGER PRIMARY KEY," +
+                              "hostname            TEXT NOT NULL,"       +
+                              "httpRealm           TEXT,"                +
+                              "formSubmitURL       TEXT,"                +
+                              "usernameField       TEXT NOT NULL,"       +
+                              "passwordField       TEXT NOT NULL,"       +
+                              "encryptedUsername   TEXT NOT NULL,"       +
+                              "encryptedPassword   TEXT NOT NULL,"       +
+                              "guid                TEXT,"                +
+                              "encType             INTEGER,"             +
+                              "timeCreated         INTEGER,"             +
+                              "timeLastUsed        INTEGER,"             +
+                              "timePasswordChanged INTEGER,"             +
+                              "timesUsed           INTEGER)");
+    yield aConnection.execute("CREATE TABLE moz_disabledHosts ("         +
+                              "id                  INTEGER PRIMARY KEY," +
+                              "hostname            TEXT UNIQUE)");
+    yield aConnection.execute("CREATE TABLE moz_deleted_logins ("        +
+                              "id                  INTEGER PRIMARY KEY," +
+                              "guid                TEXT,"                +
+                              "timeDeleted         INTEGER)");
+  });
+}
+
+/**
+ * Inserts a new entry in the database resembling the given nsILoginInfo object.
+ */
+function promiseInsertLoginInfo(aConnection, aLoginInfo)
+{
+  aLoginInfo.QueryInterface(Ci.nsILoginMetaInfo);
+
+  // We can't use the aLoginInfo object directly in the execute statement
+  // because the bind code in Sqlite.jsm doesn't allow objects with extra
+  // properties beyond those being binded. So we might as well use an array as
+  // it is simpler.
+  let values = [
+    aLoginInfo.hostname,
+    aLoginInfo.httpRealm,
+    aLoginInfo.formSubmitURL,
+    aLoginInfo.usernameField,
+    aLoginInfo.passwordField,
+    gLoginManagerCrypto.encrypt(aLoginInfo.username),
+    gLoginManagerCrypto.encrypt(aLoginInfo.password),
+    aLoginInfo.guid,
+    aLoginInfo.encType,
+    aLoginInfo.timeCreated,
+    aLoginInfo.timeLastUsed,
+    aLoginInfo.timePasswordChanged,
+    aLoginInfo.timesUsed,
+  ];
+
+  return aConnection.execute("INSERT INTO moz_logins (hostname, " +
+                             "httpRealm, formSubmitURL, usernameField, " +
+                             "passwordField, encryptedUsername, " +
+                             "encryptedPassword, guid, encType, timeCreated, " +
+                             "timeLastUsed, timePasswordChanged, timesUsed) " +
+                             "VALUES (?" + ",?".repeat(12) + ")", values);
+}
+
+/**
+ * Inserts a new disabled host entry in the database.
+ */
+function promiseInsertDisabledHost(aConnection, aHostname)
+{
+  return aConnection.execute("INSERT INTO moz_disabledHosts (hostname) " +
+                             "VALUES (?)", [aHostname]);
+}
+
+// Tests
+
+/**
+ * Imports login data from a SQLite file constructed using the test data.
+ */
+add_task(function* test_import()
+{
+  let store = new LoginStore(getTempFile("test-import.json").path);
+  let loginsSqlite = getTempFile("test-logins.sqlite").path;
+
+  // Prepare the logins to be imported, including the nsILoginMetaInfo data.
+  let loginList = TestData.loginList();
+  for (let loginInfo of loginList) {
+    loginInfo.QueryInterface(Ci.nsILoginMetaInfo);
+    loginInfo.guid = gUUIDGenerator.generateUUID().toString();
+    loginInfo.timeCreated = Date.now();
+    loginInfo.timeLastUsed = Date.now();
+    loginInfo.timePasswordChanged = Date.now();
+    loginInfo.timesUsed = 1;
+  }
+
+  // Create and populate the SQLite database first.
+  let connection = yield Sqlite.openConnection({ path: loginsSqlite });
+  try {
+    yield promiseCreateDatabaseSchema(connection);
+    for (let loginInfo of loginList) {
+      yield promiseInsertLoginInfo(connection, loginInfo);
+    }
+    yield promiseInsertDisabledHost(connection, "http://www.example.com");
+    yield promiseInsertDisabledHost(connection, "https://www.example.org");
+  } finally {
+    yield connection.close();
+  }
+
+  // The "load" method must be called before importing data.
+  yield store.load();
+  yield new LoginImport(store, loginsSqlite).import();
+
+  // Verify that every login in the test data has a matching imported row.
+  do_check_eq(loginList.length, store.data.logins.length);
+  do_check_true(loginList.every(function (loginInfo) {
+    return store.data.logins.some(function (loginDataItem) {
+      let username = gLoginManagerCrypto.decrypt(loginDataItem.encryptedUsername);
+      let password = gLoginManagerCrypto.decrypt(loginDataItem.encryptedPassword);
+      return loginDataItem.hostname == loginInfo.hostname &&
+             loginDataItem.httpRealm == loginInfo.httpRealm &&
+             loginDataItem.formSubmitURL == loginInfo.formSubmitURL &&
+             loginDataItem.usernameField == loginInfo.usernameField &&
+             loginDataItem.passwordField == loginInfo.passwordField &&
+             username == loginInfo.username &&
+             password == loginInfo.password &&
+             loginDataItem.guid == loginInfo.guid &&
+             loginDataItem.encType == loginInfo.encType &&
+             loginDataItem.timeCreated == loginInfo.timeCreated &&
+             loginDataItem.timeLastUsed == loginInfo.timeLastUsed &&
+             loginDataItem.timePasswordChanged == loginInfo.timePasswordChanged &&
+             loginDataItem.timesUsed == loginInfo.timesUsed;
+    });
+  }));
+
+  // Verify that disabled hosts have been imported.
+  do_check_eq(store.data.disabledHosts.length, 2);
+  do_check_true(store.data.disabledHosts.indexOf("http://www.example.com") != -1);
+  do_check_true(store.data.disabledHosts.indexOf("https://www.example.org") != -1);
+});
+
+/**
+ * Tests imports of NULL values due to a downgraded database.
+ */
+add_task(function* test_import_downgraded()
+{
+  let store = new LoginStore(getTempFile("test-import-downgraded.json").path);
+  let loginsSqlite = getTempFile("test-logins-downgraded.sqlite").path;
+
+  // Create and populate the SQLite database first.
+  let connection = yield Sqlite.openConnection({ path: loginsSqlite });
+  try {
+    yield promiseCreateDatabaseSchema(connection);
+    yield connection.setSchemaVersion(3);
+    yield promiseInsertLoginInfo(connection, TestData.formLogin({
+      guid: gUUIDGenerator.generateUUID().toString(),
+      timeCreated: null,
+      timeLastUsed: null,
+      timePasswordChanged: null,
+      timesUsed: 0,
+    }));
+  } finally {
+    yield connection.close();
+  }
+
+  // The "load" method must be called before importing data.
+  yield store.load();
+  yield new LoginImport(store, loginsSqlite).import();
+
+  // Verify that the missing metadata was generated correctly.
+  let loginItem = store.data.logins[0];
+  let creationTime = loginItem.timeCreated;
+  LoginTestUtils.assertTimeIsAboutNow(creationTime);
+  do_check_eq(loginItem.timeLastUsed, creationTime);
+  do_check_eq(loginItem.timePasswordChanged, creationTime);
+  do_check_eq(loginItem.timesUsed, 1);
+});
+
+/**
+ * Verifies that importing from a SQLite file with database version 2 fails.
+ */
+add_task(function* test_import_v2()
+{
+  let store = new LoginStore(getTempFile("test-import-v2.json").path);
+  let loginsSqlite = do_get_file("data/signons-v2.sqlite").path;
+
+  // The "load" method must be called before importing data.
+  yield store.load();
+  try {
+    yield new LoginImport(store, loginsSqlite).import();
+    do_throw("The operation should have failed.");
+  } catch (ex) { }
+});
+
+/**
+ * Imports login data from a SQLite file, with database version 3.
+ */
+add_task(function* test_import_v3()
+{
+  let store = new LoginStore(getTempFile("test-import-v3.json").path);
+  let loginsSqlite = do_get_file("data/signons-v3.sqlite").path;
+
+  // The "load" method must be called before importing data.
+  yield store.load();
+  yield new LoginImport(store, loginsSqlite).import();
+
+  // We only execute basic integrity checks.
+  do_check_eq(store.data.logins[0].usernameField, "u1");
+  do_check_eq(store.data.disabledHosts.length, 0);
+});
diff --git a/toolkit/components/passwordmgr/test/unit/test_module_LoginStore.js b/toolkit/components/passwordmgr/test/unit/test_module_LoginStore.js
new file mode 100644
index 000000000..335eb601b
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_module_LoginStore.js
@@ -0,0 +1,206 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+/**
+ * Tests the LoginStore object.
+ */
+
+"use strict";
+
+// Globals
+
+XPCOMUtils.defineLazyModuleGetter(this, "LoginStore",
+                                  "resource://gre/modules/LoginStore.jsm");
+
+const TEST_STORE_FILE_NAME = "test-logins.json";
+
+// Tests
+
+/**
+ * Saves login data to a file, then reloads it.
+ */
+add_task(function* test_save_reload()
+{
+  let storeForSave = new LoginStore(getTempFile(TEST_STORE_FILE_NAME).path);
+
+  // The "load" method must be called before preparing the data to be saved.
+  yield storeForSave.load();
+
+  let rawLoginData = {
+    id:                  storeForSave.data.nextId++,
+    hostname:            "http://www.example.com",
+    httpRealm:           null,
+    formSubmitURL:       "http://www.example.com/submit-url",
+    usernameField:       "field_" + String.fromCharCode(533, 537, 7570, 345),
+    passwordField:       "field_" + String.fromCharCode(421, 259, 349, 537),
+    encryptedUsername:   "(test)",
+    encryptedPassword:   "(test)",
+    guid:                "(test)",
+    encType:             Ci.nsILoginManagerCrypto.ENCTYPE_SDR,
+    timeCreated:         Date.now(),
+    timeLastUsed:        Date.now(),
+    timePasswordChanged: Date.now(),
+    timesUsed:           1,
+  };
+  storeForSave.data.logins.push(rawLoginData);
+
+  storeForSave.data.disabledHosts.push("http://www.example.org");
+
+  yield storeForSave._save();
+
+  // Test the asynchronous initialization path.
+  let storeForLoad = new LoginStore(storeForSave.path);
+  yield storeForLoad.load();
+
+  do_check_eq(storeForLoad.data.logins.length, 1);
+  do_check_matches(storeForLoad.data.logins[0], rawLoginData);
+  do_check_eq(storeForLoad.data.disabledHosts.length, 1);
+  do_check_eq(storeForLoad.data.disabledHosts[0], "http://www.example.org");
+
+  // Test the synchronous initialization path.
+  storeForLoad = new LoginStore(storeForSave.path);
+  storeForLoad.ensureDataReady();
+
+  do_check_eq(storeForLoad.data.logins.length, 1);
+  do_check_matches(storeForLoad.data.logins[0], rawLoginData);
+  do_check_eq(storeForLoad.data.disabledHosts.length, 1);
+  do_check_eq(storeForLoad.data.disabledHosts[0], "http://www.example.org");
+});
+
+/**
+ * Checks that loading from a missing file results in empty arrays.
+ */
+add_task(function* test_load_empty()
+{
+  let store = new LoginStore(getTempFile(TEST_STORE_FILE_NAME).path);
+
+  do_check_false(yield OS.File.exists(store.path));
+
+  yield store.load();
+
+  do_check_false(yield OS.File.exists(store.path));
+
+  do_check_eq(store.data.logins.length, 0);
+  do_check_eq(store.data.disabledHosts.length, 0);
+});
+
+/**
+ * Checks that saving empty data still overwrites any existing file.
+ */
+add_task(function* test_save_empty()
+{
+  let store = new LoginStore(getTempFile(TEST_STORE_FILE_NAME).path);
+
+  yield store.load();
+
+  let createdFile = yield OS.File.open(store.path, { create: true });
+  yield createdFile.close();
+
+  yield store._save();
+
+  do_check_true(yield OS.File.exists(store.path));
+});
+
+/**
+ * Loads data from a string in a predefined format.  The purpose of this test is
+ * to verify that the JSON format used in previous versions can be loaded.
+ */
+add_task(function* test_load_string_predefined()
+{
+  let store = new LoginStore(getTempFile(TEST_STORE_FILE_NAME).path);
+
+  let string = "{\"logins\":[{" +
+                "\"id\":1," +
+                "\"hostname\":\"http://www.example.com\"," +
+                "\"httpRealm\":null," +
+                "\"formSubmitURL\":\"http://www.example.com/submit-url\"," +
+                "\"usernameField\":\"usernameField\"," +
+                "\"passwordField\":\"passwordField\"," +
+                "\"encryptedUsername\":\"(test)\"," +
+                "\"encryptedPassword\":\"(test)\"," +
+                "\"guid\":\"(test)\"," +
+                "\"encType\":1," +
+                "\"timeCreated\":1262304000000," +
+                "\"timeLastUsed\":1262390400000," +
+                "\"timePasswordChanged\":1262476800000," +
+                "\"timesUsed\":1}],\"disabledHosts\":[" +
+                "\"http://www.example.org\"]}";
+
+  yield OS.File.writeAtomic(store.path,
+                            new TextEncoder().encode(string),
+                            { tmpPath: store.path + ".tmp" });
+
+  yield store.load();
+
+  do_check_eq(store.data.logins.length, 1);
+  do_check_matches(store.data.logins[0], {
+    id:                  1,
+    hostname:            "http://www.example.com",
+    httpRealm:           null,
+    formSubmitURL:       "http://www.example.com/submit-url",
+    usernameField:       "usernameField",
+    passwordField:       "passwordField",
+    encryptedUsername:   "(test)",
+    encryptedPassword:   "(test)",
+    guid:                "(test)",
+    encType:             Ci.nsILoginManagerCrypto.ENCTYPE_SDR,
+    timeCreated:         1262304000000,
+    timeLastUsed:        1262390400000,
+    timePasswordChanged: 1262476800000,
+    timesUsed:           1,
+  });
+
+  do_check_eq(store.data.disabledHosts.length, 1);
+  do_check_eq(store.data.disabledHosts[0], "http://www.example.org");
+});
+
+/**
+ * Loads login data from a malformed JSON string.
+ */
+add_task(function* test_load_string_malformed()
+{
+  let store = new LoginStore(getTempFile(TEST_STORE_FILE_NAME).path);
+
+  let string = "{\"logins\":[{\"hostname\":\"http://www.example.com\"," +
+                "\"id\":1,";
+
+  yield OS.File.writeAtomic(store.path, new TextEncoder().encode(string),
+                            { tmpPath: store.path + ".tmp" });
+
+  yield store.load();
+
+  // A backup file should have been created.
+  do_check_true(yield OS.File.exists(store.path + ".corrupt"));
+  yield OS.File.remove(store.path + ".corrupt");
+
+  // The store should be ready to accept new data.
+  do_check_eq(store.data.logins.length, 0);
+  do_check_eq(store.data.disabledHosts.length, 0);
+});
+
+/**
+ * Loads login data from a malformed JSON string, using the synchronous
+ * initialization path.
+ */
+add_task(function* test_load_string_malformed_sync()
+{
+  let store = new LoginStore(getTempFile(TEST_STORE_FILE_NAME).path);
+
+  let string = "{\"logins\":[{\"hostname\":\"http://www.example.com\"," +
+                "\"id\":1,";
+
+  yield OS.File.writeAtomic(store.path, new TextEncoder().encode(string),
+                            { tmpPath: store.path + ".tmp" });
+
+  store.ensureDataReady();
+
+  // A backup file should have been created.
+  do_check_true(yield OS.File.exists(store.path + ".corrupt"));
+  yield OS.File.remove(store.path + ".corrupt");
+
+  // The store should be ready to accept new data.
+  do_check_eq(store.data.logins.length, 0);
+  do_check_eq(store.data.disabledHosts.length, 0);
+});
diff --git a/toolkit/components/passwordmgr/test/unit/test_notifications.js b/toolkit/components/passwordmgr/test/unit/test_notifications.js
new file mode 100644
index 000000000..41caa2c1b
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_notifications.js
@@ -0,0 +1,172 @@
+/*
+ * Tests notifications dispatched when modifying stored logins.
+ */
+
+var expectedNotification;
+var expectedData;
+
+var TestObserver = {
+  QueryInterface : XPCOMUtils.generateQI([Ci.nsIObserver, Ci.nsISupportsWeakReference]),
+
+  observe : function (subject, topic, data) {
+    do_check_eq(topic, "passwordmgr-storage-changed");
+    do_check_eq(data, expectedNotification);
+
+    switch (data) {
+        case "addLogin":
+            do_check_true(subject instanceof Ci.nsILoginInfo);
+            do_check_true(subject instanceof Ci.nsILoginMetaInfo);
+            do_check_true(expectedData.equals(subject)); // nsILoginInfo.equals()
+            break;
+        case "modifyLogin":
+            do_check_true(subject instanceof Ci.nsIArray);
+            do_check_eq(subject.length, 2);
+            var oldLogin = subject.queryElementAt(0, Ci.nsILoginInfo);
+            var newLogin = subject.queryElementAt(1, Ci.nsILoginInfo);
+            do_check_true(expectedData[0].equals(oldLogin)); // nsILoginInfo.equals()
+            do_check_true(expectedData[1].equals(newLogin));
+            break;
+        case "removeLogin":
+            do_check_true(subject instanceof Ci.nsILoginInfo);
+            do_check_true(subject instanceof Ci.nsILoginMetaInfo);
+            do_check_true(expectedData.equals(subject)); // nsILoginInfo.equals()
+            break;
+        case "removeAllLogins":
+            do_check_eq(subject, null);
+            break;
+        case "hostSavingEnabled":
+        case "hostSavingDisabled":
+            do_check_true(subject instanceof Ci.nsISupportsString);
+            do_check_eq(subject.data, expectedData);
+            break;
+        default:
+            do_throw("Unhandled notification: " + data + " / " + topic);
+    }
+
+    expectedNotification = null; // ensure a duplicate is flagged as unexpected.
+    expectedData = null;
+  }
+};
+
+add_task(function test_notifications()
+{
+
+try {
+
+var testnum = 0;
+var testdesc = "Setup of nsLoginInfo test-users";
+
+var testuser1 = new LoginInfo("http://testhost1", "", null,
+    "dummydude", "itsasecret", "put_user_here", "put_pw_here");
+
+var testuser2 = new LoginInfo("http://testhost2", "", null,
+    "dummydude2", "itsasecret2", "put_user2_here", "put_pw2_here");
+
+Services.obs.addObserver(TestObserver, "passwordmgr-storage-changed", false);
+
+
+/* ========== 1 ========== */
+testnum = 1;
+testdesc = "Initial connection to storage module";
+
+/* ========== 2 ========== */
+testnum++;
+testdesc = "addLogin";
+
+expectedNotification = "addLogin";
+expectedData = testuser1;
+Services.logins.addLogin(testuser1);
+LoginTestUtils.checkLogins([testuser1]);
+do_check_eq(expectedNotification, null); // check that observer got a notification
+
+/* ========== 3 ========== */
+testnum++;
+testdesc = "modifyLogin";
+
+expectedNotification = "modifyLogin";
+expectedData = [testuser1, testuser2];
+Services.logins.modifyLogin(testuser1, testuser2);
+do_check_eq(expectedNotification, null);
+LoginTestUtils.checkLogins([testuser2]);
+
+/* ========== 4 ========== */
+testnum++;
+testdesc = "removeLogin";
+
+expectedNotification = "removeLogin";
+expectedData = testuser2;
+Services.logins.removeLogin(testuser2);
+do_check_eq(expectedNotification, null);
+LoginTestUtils.checkLogins([]);
+
+/* ========== 5 ========== */
+testnum++;
+testdesc = "removeAllLogins";
+
+expectedNotification = "removeAllLogins";
+expectedData = null;
+Services.logins.removeAllLogins();
+do_check_eq(expectedNotification, null);
+LoginTestUtils.checkLogins([]);
+
+/* ========== 6 ========== */
+testnum++;
+testdesc = "removeAllLogins (again)";
+
+expectedNotification = "removeAllLogins";
+expectedData = null;
+Services.logins.removeAllLogins();
+do_check_eq(expectedNotification, null);
+LoginTestUtils.checkLogins([]);
+
+/* ========== 7 ========== */
+testnum++;
+testdesc = "setLoginSavingEnabled / false";
+
+expectedNotification = "hostSavingDisabled";
+expectedData = "http://site.com";
+Services.logins.setLoginSavingEnabled("http://site.com", false);
+do_check_eq(expectedNotification, null);
+LoginTestUtils.assertDisabledHostsEqual(Services.logins.getAllDisabledHosts(),
+                                        ["http://site.com"]);
+
+/* ========== 8 ========== */
+testnum++;
+testdesc = "setLoginSavingEnabled / false (again)";
+
+expectedNotification = "hostSavingDisabled";
+expectedData = "http://site.com";
+Services.logins.setLoginSavingEnabled("http://site.com", false);
+do_check_eq(expectedNotification, null);
+LoginTestUtils.assertDisabledHostsEqual(Services.logins.getAllDisabledHosts(),
+                                        ["http://site.com"]);
+
+/* ========== 9 ========== */
+testnum++;
+testdesc = "setLoginSavingEnabled / true";
+
+expectedNotification = "hostSavingEnabled";
+expectedData = "http://site.com";
+Services.logins.setLoginSavingEnabled("http://site.com", true);
+do_check_eq(expectedNotification, null);
+LoginTestUtils.checkLogins([]);
+
+/* ========== 10 ========== */
+testnum++;
+testdesc = "setLoginSavingEnabled / true (again)";
+
+expectedNotification = "hostSavingEnabled";
+expectedData = "http://site.com";
+Services.logins.setLoginSavingEnabled("http://site.com", true);
+do_check_eq(expectedNotification, null);
+LoginTestUtils.checkLogins([]);
+
+Services.obs.removeObserver(TestObserver, "passwordmgr-storage-changed");
+
+LoginTestUtils.clearData();
+
+} catch (e) {
+    throw new Error("FAILED in test #" + testnum + " -- " + testdesc + ": " + e);
+}
+
+});
diff --git a/toolkit/components/passwordmgr/test/unit/test_recipes_add.js b/toolkit/components/passwordmgr/test/unit/test_recipes_add.js
new file mode 100644
index 000000000..ef5086c3b
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_recipes_add.js
@@ -0,0 +1,177 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+/**
+ * Tests adding and retrieving LoginRecipes in the parent process.
+ */
+
+"use strict";
+
+add_task(function* test_init() {
+  let parent = new LoginRecipesParent({ defaults: null });
+  let initPromise1 = parent.initializationPromise;
+  let initPromise2 = parent.initializationPromise;
+  Assert.strictEqual(initPromise1, initPromise2, "Check that the same promise is returned");
+
+  let recipesParent = yield initPromise1;
+  Assert.ok(recipesParent instanceof LoginRecipesParent, "Check init return value");
+  Assert.strictEqual(recipesParent._recipesByHost.size, 0, "Initially 0 recipes");
+});
+
+add_task(function* test_get_missing_host() {
+  let recipesParent = yield RecipeHelpers.initNewParent();
+  let exampleRecipes = recipesParent.getRecipesForHost("example.invalid");
+  Assert.strictEqual(exampleRecipes.size, 0, "Check recipe count for example.invalid");
+
+});
+
+add_task(function* test_add_get_simple_host() {
+  let recipesParent = yield RecipeHelpers.initNewParent();
+  Assert.strictEqual(recipesParent._recipesByHost.size, 0, "Initially 0 recipes");
+  recipesParent.add({
+    hosts: ["example.com"],
+  });
+  Assert.strictEqual(recipesParent._recipesByHost.size, 1,
+                     "Check number of hosts after the addition");
+
+  let exampleRecipes = recipesParent.getRecipesForHost("example.com");
+  Assert.strictEqual(exampleRecipes.size, 1, "Check recipe count for example.com");
+  let recipe = [...exampleRecipes][0];
+  Assert.strictEqual(typeof(recipe), "object", "Check recipe type");
+  Assert.strictEqual(recipe.hosts.length, 1, "Check that one host is present");
+  Assert.strictEqual(recipe.hosts[0], "example.com", "Check the one host");
+});
+
+add_task(function* test_add_get_non_standard_port_host() {
+  let recipesParent = yield RecipeHelpers.initNewParent();
+  recipesParent.add({
+    hosts: ["example.com:8080"],
+  });
+  Assert.strictEqual(recipesParent._recipesByHost.size, 1,
+                     "Check number of hosts after the addition");
+
+  let exampleRecipes = recipesParent.getRecipesForHost("example.com:8080");
+  Assert.strictEqual(exampleRecipes.size, 1, "Check recipe count for example.com:8080");
+  let recipe = [...exampleRecipes][0];
+  Assert.strictEqual(typeof(recipe), "object", "Check recipe type");
+  Assert.strictEqual(recipe.hosts.length, 1, "Check that one host is present");
+  Assert.strictEqual(recipe.hosts[0], "example.com:8080", "Check the one host");
+});
+
+add_task(function* test_add_multiple_hosts() {
+  let recipesParent = yield RecipeHelpers.initNewParent();
+  recipesParent.add({
+    hosts: ["example.com", "foo.invalid"],
+  });
+  Assert.strictEqual(recipesParent._recipesByHost.size, 2,
+                     "Check number of hosts after the addition");
+
+  let exampleRecipes = recipesParent.getRecipesForHost("example.com");
+  Assert.strictEqual(exampleRecipes.size, 1, "Check recipe count for example.com");
+  let recipe = [...exampleRecipes][0];
+  Assert.strictEqual(typeof(recipe), "object", "Check recipe type");
+  Assert.strictEqual(recipe.hosts.length, 2, "Check that two hosts are present");
+  Assert.strictEqual(recipe.hosts[0], "example.com", "Check the first host");
+  Assert.strictEqual(recipe.hosts[1], "foo.invalid", "Check the second host");
+
+  let fooRecipes = recipesParent.getRecipesForHost("foo.invalid");
+  Assert.strictEqual(fooRecipes.size, 1, "Check recipe count for foo.invalid");
+  let fooRecipe = [...fooRecipes][0];
+  Assert.strictEqual(fooRecipe, recipe, "Check that the recipe is shared");
+  Assert.strictEqual(typeof(fooRecipe), "object", "Check recipe type");
+  Assert.strictEqual(fooRecipe.hosts.length, 2, "Check that two hosts are present");
+  Assert.strictEqual(fooRecipe.hosts[0], "example.com", "Check the first host");
+  Assert.strictEqual(fooRecipe.hosts[1], "foo.invalid", "Check the second host");
+});
+
+add_task(function* test_add_pathRegex() {
+  let recipesParent = yield RecipeHelpers.initNewParent();
+  recipesParent.add({
+    hosts: ["example.com"],
+    pathRegex: /^\/mypath\//,
+  });
+  Assert.strictEqual(recipesParent._recipesByHost.size, 1,
+                     "Check number of hosts after the addition");
+
+  let exampleRecipes = recipesParent.getRecipesForHost("example.com");
+  Assert.strictEqual(exampleRecipes.size, 1, "Check recipe count for example.com");
+  let recipe = [...exampleRecipes][0];
+  Assert.strictEqual(typeof(recipe), "object", "Check recipe type");
+  Assert.strictEqual(recipe.hosts.length, 1, "Check that one host is present");
+  Assert.strictEqual(recipe.hosts[0], "example.com", "Check the one host");
+  Assert.strictEqual(recipe.pathRegex.toString(), "/^\\/mypath\\//", "Check the pathRegex");
+});
+
+add_task(function* test_add_selectors() {
+  let recipesParent = yield RecipeHelpers.initNewParent();
+  recipesParent.add({
+    hosts: ["example.com"],
+    usernameSelector: "#my-username",
+    passwordSelector: "#my-form > input.password",
+  });
+  Assert.strictEqual(recipesParent._recipesByHost.size, 1,
+                     "Check number of hosts after the addition");
+
+  let exampleRecipes = recipesParent.getRecipesForHost("example.com");
+  Assert.strictEqual(exampleRecipes.size, 1, "Check recipe count for example.com");
+  let recipe = [...exampleRecipes][0];
+  Assert.strictEqual(typeof(recipe), "object", "Check recipe type");
+  Assert.strictEqual(recipe.hosts.length, 1, "Check that one host is present");
+  Assert.strictEqual(recipe.hosts[0], "example.com", "Check the one host");
+  Assert.strictEqual(recipe.usernameSelector, "#my-username", "Check the usernameSelector");
+  Assert.strictEqual(recipe.passwordSelector, "#my-form > input.password", "Check the passwordSelector");
+});
+
+/* Begin checking errors with add */
+
+add_task(function* test_add_missing_prop() {
+  let recipesParent = yield RecipeHelpers.initNewParent();
+  Assert.throws(() => recipesParent.add({}), /required/, "Some properties are required");
+});
+
+add_task(function* test_add_unknown_prop() {
+  let recipesParent = yield RecipeHelpers.initNewParent();
+  Assert.throws(() => recipesParent.add({
+    unknownProp: true,
+  }), /supported/, "Unknown properties should cause an error to help with typos");
+});
+
+add_task(function* test_add_invalid_hosts() {
+  let recipesParent = yield RecipeHelpers.initNewParent();
+  Assert.throws(() => recipesParent.add({
+    hosts: 404,
+  }), /array/, "hosts should be an array");
+});
+
+add_task(function* test_add_empty_host_array() {
+  let recipesParent = yield RecipeHelpers.initNewParent();
+  Assert.throws(() => recipesParent.add({
+    hosts: [],
+  }), /array/, "hosts should be a non-empty array");
+});
+
+add_task(function* test_add_pathRegex_non_regexp() {
+  let recipesParent = yield RecipeHelpers.initNewParent();
+  Assert.throws(() => recipesParent.add({
+    hosts: ["example.com"],
+    pathRegex: "foo",
+  }), /regular expression/, "pathRegex should be a RegExp");
+});
+
+add_task(function* test_add_usernameSelector_non_string() {
+  let recipesParent = yield RecipeHelpers.initNewParent();
+  Assert.throws(() => recipesParent.add({
+    hosts: ["example.com"],
+    usernameSelector: 404,
+  }), /string/, "usernameSelector should be a string");
+});
+
+add_task(function* test_add_passwordSelector_non_string() {
+  let recipesParent = yield RecipeHelpers.initNewParent();
+  Assert.throws(() => recipesParent.add({
+    hosts: ["example.com"],
+    passwordSelector: 404,
+  }), /string/, "passwordSelector should be a string");
+});
+
+/* End checking errors with add */
diff --git a/toolkit/components/passwordmgr/test/unit/test_recipes_content.js b/toolkit/components/passwordmgr/test/unit/test_recipes_content.js
new file mode 100644
index 000000000..3d3751452
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_recipes_content.js
@@ -0,0 +1,39 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+/**
+ * Test filtering recipes in LoginRecipesContent.
+ */
+
+"use strict";
+
+Cu.importGlobalProperties(["URL"]);
+
+add_task(function* test_getFieldOverrides() {
+  let recipes = new Set([
+    { // path doesn't match but otherwise good
+      hosts: ["example.com:8080"],
+      passwordSelector: "#password",
+      pathRegex: /^\/$/,
+      usernameSelector: ".username",
+    },
+    { // match with no field overrides
+      hosts: ["example.com:8080"],
+    },
+    { // best match (field selectors + path match)
+      description: "best match",
+      hosts: ["a.invalid", "example.com:8080", "other.invalid"],
+      passwordSelector: "#password",
+      pathRegex: /^\/first\/second\/$/,
+      usernameSelector: ".username",
+    },
+  ]);
+
+  let form = MockDocument.createTestDocument("http://localhost:8080/first/second/", "").
+             forms[0];
+  let override = LoginRecipesContent.getFieldOverrides(recipes, form);
+  Assert.strictEqual(override.description, "best match",
+                     "Check the best field override recipe was returned");
+  Assert.strictEqual(override.usernameSelector, ".username", "Check usernameSelector");
+  Assert.strictEqual(override.passwordSelector, "#password", "Check passwordSelector");
+});
diff --git a/toolkit/components/passwordmgr/test/unit/test_removeLegacySignonFiles.js b/toolkit/components/passwordmgr/test/unit/test_removeLegacySignonFiles.js
new file mode 100644
index 000000000..51a107170
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_removeLegacySignonFiles.js
@@ -0,0 +1,69 @@
+/**
+ * Tests the LoginHelper object.
+ */
+
+"use strict";
+
+
+Cu.import("resource://gre/modules/Task.jsm");
+
+XPCOMUtils.defineLazyModuleGetter(this, "LoginHelper",
+                                  "resource://gre/modules/LoginHelper.jsm");
+
+
+function* createSignonFile(singon) {
+  let {file, pref}  = singon;
+
+  if (pref) {
+    Services.prefs.setCharPref(pref, file);
+  }
+
+  yield OS.File.writeAtomic(
+    OS.Path.join(OS.Constants.Path.profileDir, file), new Uint8Array(1));
+}
+
+function* isSignonClear(singon) {
+  const {file, pref} = singon;
+  const fileExists = yield OS.File.exists(
+    OS.Path.join(OS.Constants.Path.profileDir, file));
+
+  if (pref) {
+    try {
+      Services.prefs.getCharPref(pref);
+      return false;
+    } catch (e) {}
+  }
+
+  return !fileExists;
+}
+
+add_task(function* test_remove_lagecy_signonfile() {
+  // In the last test case, signons3.txt being deleted even when
+  // it doesn't exist.
+  const signonsSettings = [[
+    { file: "signons.txt" },
+    { file: "signons2.txt" },
+    { file: "signons3.txt" }
+  ], [
+    { file: "signons.txt", pref: "signon.SignonFileName" },
+    { file: "signons2.txt", pref: "signon.SignonFileName2" },
+    { file: "signons3.txt", pref: "signon.SignonFileName3" }
+  ], [
+    { file: "signons2.txt" },
+    { file: "singons.txt", pref: "signon.SignonFileName" },
+    { file: "customized2.txt", pref: "signon.SignonFileName2" },
+    { file: "customized3.txt", pref: "signon.SignonFileName3" }
+  ]];
+
+  for (let setting of signonsSettings) {
+    for (let singon of setting) {
+      yield createSignonFile(singon);
+    }
+
+    LoginHelper.removeLegacySignonFiles();
+
+    for (let singon of setting) {
+      equal(yield isSignonClear(singon), true);
+    }
+  }
+});
diff --git a/toolkit/components/passwordmgr/test/unit/test_search_schemeUpgrades.js b/toolkit/components/passwordmgr/test/unit/test_search_schemeUpgrades.js
new file mode 100644
index 000000000..3406becff
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_search_schemeUpgrades.js
@@ -0,0 +1,184 @@
+/*
+ * Test Services.logins.searchLogins with the `schemeUpgrades` property.
+ */
+
+const HTTP3_ORIGIN = "http://www3.example.com";
+const HTTPS_ORIGIN = "https://www.example.com";
+const HTTP_ORIGIN = "http://www.example.com";
+
+/**
+ * Returns a list of new nsILoginInfo objects that are a subset of the test
+ * data, built to match the specified query.
+ *
+ * @param {Object} aQuery
+ *        Each property and value of this object restricts the search to those
+ *        entries from the test data that match the property exactly.
+ */
+function buildExpectedLogins(aQuery) {
+  return TestData.loginList().filter(
+    entry => Object.keys(aQuery).every(name => {
+      if (name == "schemeUpgrades") {
+        return true;
+      }
+      if (["hostname", "formSubmitURL"].includes(name)) {
+        return LoginHelper.isOriginMatching(entry[name], aQuery[name], {
+          schemeUpgrades: aQuery.schemeUpgrades,
+        });
+      }
+      return entry[name] === aQuery[name];
+    }));
+}
+
+/**
+ * Tests the searchLogins function.
+ *
+ * @param {Object} aQuery
+ *        Each property and value of this object is translated to an entry in
+ *        the nsIPropertyBag parameter of searchLogins.
+ * @param {Number} aExpectedCount
+ *        Number of logins from the test data that should be found.  The actual
+ *        list of logins is obtained using the buildExpectedLogins helper, and
+ *        this value is just used to verify that modifications to the test data
+ *        don't make the current test meaningless.
+ */
+function checkSearch(aQuery, aExpectedCount) {
+  do_print("Testing searchLogins for " + JSON.stringify(aQuery));
+
+  let expectedLogins = buildExpectedLogins(aQuery);
+  do_check_eq(expectedLogins.length, aExpectedCount);
+
+  let outCount = {};
+  let logins = Services.logins.searchLogins(outCount, newPropertyBag(aQuery));
+  do_check_eq(outCount.value, expectedLogins.length);
+  LoginTestUtils.assertLoginListsEqual(logins, expectedLogins);
+}
+
+/**
+ * Prepare data for the following tests.
+ */
+add_task(function test_initialize() {
+  for (let login of TestData.loginList()) {
+    Services.logins.addLogin(login);
+  }
+});
+
+/**
+ * Tests searchLogins with the `schemeUpgrades` property
+ */
+add_task(function test_search_schemeUpgrades_hostname() {
+  // Hostname-only
+  checkSearch({
+    hostname: HTTPS_ORIGIN,
+  }, 1);
+  checkSearch({
+    hostname: HTTPS_ORIGIN,
+    schemeUpgrades: false,
+  }, 1);
+  checkSearch({
+    hostname: HTTPS_ORIGIN,
+    schemeUpgrades: undefined,
+  }, 1);
+  checkSearch({
+    hostname: HTTPS_ORIGIN,
+    schemeUpgrades: true,
+  }, 2);
+});
+
+/**
+ * Same as above but replacing hostname with formSubmitURL.
+ */
+add_task(function test_search_schemeUpgrades_formSubmitURL() {
+  checkSearch({
+    formSubmitURL: HTTPS_ORIGIN,
+  }, 2);
+  checkSearch({
+    formSubmitURL: HTTPS_ORIGIN,
+    schemeUpgrades: false,
+  }, 2);
+  checkSearch({
+    formSubmitURL: HTTPS_ORIGIN,
+    schemeUpgrades: undefined,
+  }, 2);
+  checkSearch({
+    formSubmitURL: HTTPS_ORIGIN,
+    schemeUpgrades: true,
+  }, 4);
+});
+
+
+add_task(function test_search_schemeUpgrades_hostname_formSubmitURL() {
+  checkSearch({
+    formSubmitURL: HTTPS_ORIGIN,
+    hostname: HTTPS_ORIGIN,
+  }, 1);
+  checkSearch({
+    formSubmitURL: HTTPS_ORIGIN,
+    hostname: HTTPS_ORIGIN,
+    schemeUpgrades: false,
+  }, 1);
+  checkSearch({
+    formSubmitURL: HTTPS_ORIGIN,
+    hostname: HTTPS_ORIGIN,
+    schemeUpgrades: undefined,
+  }, 1);
+  checkSearch({
+    formSubmitURL: HTTPS_ORIGIN,
+    hostname: HTTPS_ORIGIN,
+    schemeUpgrades: true,
+  }, 2);
+  checkSearch({
+    formSubmitURL: HTTPS_ORIGIN,
+    hostname: HTTPS_ORIGIN,
+    schemeUpgrades: true,
+    usernameField: "form_field_username",
+  }, 2);
+  checkSearch({
+    formSubmitURL: HTTPS_ORIGIN,
+    hostname: HTTPS_ORIGIN,
+    passwordField: "form_field_password",
+    schemeUpgrades: true,
+    usernameField: "form_field_username",
+  }, 2);
+  checkSearch({
+    formSubmitURL: HTTPS_ORIGIN,
+    hostname: HTTPS_ORIGIN,
+    httpRealm: null,
+    passwordField: "form_field_password",
+    schemeUpgrades: true,
+    usernameField: "form_field_username",
+  }, 2);
+});
+
+/**
+ * HTTP submitting to HTTPS
+ */
+add_task(function test_http_to_https() {
+  checkSearch({
+    formSubmitURL: HTTPS_ORIGIN,
+    hostname: HTTP3_ORIGIN,
+    httpRealm: null,
+    schemeUpgrades: false,
+  }, 1);
+  checkSearch({
+    formSubmitURL: HTTPS_ORIGIN,
+    hostname: HTTP3_ORIGIN,
+    httpRealm: null,
+    schemeUpgrades: true,
+  }, 2);
+});
+
+/**
+ * schemeUpgrades shouldn't cause downgrades
+ */
+add_task(function test_search_schemeUpgrades_downgrade() {
+  checkSearch({
+    formSubmitURL: HTTP_ORIGIN,
+    hostname: HTTP_ORIGIN,
+  }, 1);
+  do_print("The same number should be found with schemeUpgrades since we're searching for HTTP");
+  checkSearch({
+    formSubmitURL: HTTP_ORIGIN,
+    hostname: HTTP_ORIGIN,
+    schemeUpgrades: true,
+  }, 1);
+});
diff --git a/toolkit/components/passwordmgr/test/unit/test_storage.js b/toolkit/components/passwordmgr/test/unit/test_storage.js
new file mode 100644
index 000000000..d65516d9b
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_storage.js
@@ -0,0 +1,102 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+/**
+ * Tests that the default nsILoginManagerStorage module attached to the Login
+ * Manager service is able to save and reload nsILoginInfo properties correctly,
+ * even when they include special characters.
+ */
+
+"use strict";
+
+// Globals
+
+function* reloadAndCheckLoginsGen(aExpectedLogins)
+{
+  yield LoginTestUtils.reloadData();
+  LoginTestUtils.checkLogins(aExpectedLogins);
+  LoginTestUtils.clearData();
+}
+
+// Tests
+
+/**
+ * Tests addLogin with valid non-ASCII characters.
+ */
+add_task(function* test_storage_addLogin_nonascii()
+{
+  let hostname = "http://" + String.fromCharCode(355) + ".example.com";
+
+  // Store the strings "user" and "pass" using similarly looking glyphs.
+  let loginInfo = TestData.formLogin({
+    hostname: hostname,
+    formSubmitURL: hostname,
+    username: String.fromCharCode(533, 537, 7570, 345),
+    password: String.fromCharCode(421, 259, 349, 537),
+    usernameField: "field_" + String.fromCharCode(533, 537, 7570, 345),
+    passwordField: "field_" + String.fromCharCode(421, 259, 349, 537),
+  });
+  Services.logins.addLogin(loginInfo);
+  yield* reloadAndCheckLoginsGen([loginInfo]);
+
+  // Store the string "test" using similarly looking glyphs.
+  loginInfo = TestData.authLogin({
+    httpRealm: String.fromCharCode(355, 277, 349, 357),
+  });
+  Services.logins.addLogin(loginInfo);
+  yield* reloadAndCheckLoginsGen([loginInfo]);
+});
+
+/**
+ * Tests addLogin with newline characters in the username and password.
+ */
+add_task(function* test_storage_addLogin_newlines()
+{
+  let loginInfo = TestData.formLogin({
+    username: "user\r\nname",
+    password: "password\r\n",
+  });
+  Services.logins.addLogin(loginInfo);
+  yield* reloadAndCheckLoginsGen([loginInfo]);
+});
+
+/**
+ * Tests addLogin with a single dot in fields where it is allowed.
+ *
+ * These tests exist to verify the legacy "signons.txt" storage format.
+ */
+add_task(function* test_storage_addLogin_dot()
+{
+  let loginInfo = TestData.formLogin({ hostname: ".", passwordField: "." });
+  Services.logins.addLogin(loginInfo);
+  yield* reloadAndCheckLoginsGen([loginInfo]);
+
+  loginInfo = TestData.authLogin({ httpRealm: "." });
+  Services.logins.addLogin(loginInfo);
+  yield* reloadAndCheckLoginsGen([loginInfo]);
+});
+
+/**
+ * Tests addLogin with parentheses in hostnames.
+ *
+ * These tests exist to verify the legacy "signons.txt" storage format.
+ */
+add_task(function* test_storage_addLogin_parentheses()
+{
+  let loginList = [
+    TestData.authLogin({ httpRealm: "(realm" }),
+    TestData.authLogin({ httpRealm: "realm)" }),
+    TestData.authLogin({ httpRealm: "(realm)" }),
+    TestData.authLogin({ httpRealm: ")realm(" }),
+    TestData.authLogin({ hostname: "http://parens(.example.com" }),
+    TestData.authLogin({ hostname: "http://parens).example.com" }),
+    TestData.authLogin({ hostname: "http://parens(example).example.com" }),
+    TestData.authLogin({ hostname: "http://parens)example(.example.com" }),
+  ];
+  for (let loginInfo of loginList) {
+    Services.logins.addLogin(loginInfo);
+  }
+  yield* reloadAndCheckLoginsGen(loginList);
+});
diff --git a/toolkit/components/passwordmgr/test/unit/test_storage_mozStorage.js b/toolkit/components/passwordmgr/test/unit/test_storage_mozStorage.js
new file mode 100644
index 000000000..8eab6efe5
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_storage_mozStorage.js
@@ -0,0 +1,507 @@
+/*
+ * This test interfaces directly with the mozStorage password storage module,
+ * bypassing the normal password manager usage.
+ */
+
+
+const ENCTYPE_BASE64 = 0;
+const ENCTYPE_SDR = 1;
+const PERMISSION_SAVE_LOGINS = "login-saving";
+
+// Current schema version used by storage-mozStorage.js. This will need to be
+// kept in sync with the version there (or else the tests fail).
+const CURRENT_SCHEMA = 6;
+
+function* copyFile(aLeafName)
+{
+  yield OS.File.copy(OS.Path.join(do_get_file("data").path, aLeafName),
+                     OS.Path.join(OS.Constants.Path.profileDir, aLeafName));
+}
+
+function openDB(aLeafName)
+{
+  var dbFile = new FileUtils.File(OS.Constants.Path.profileDir);
+  dbFile.append(aLeafName);
+
+  return Services.storage.openDatabase(dbFile);
+}
+
+function deleteFile(pathname, filename)
+{
+  var file = new FileUtils.File(pathname);
+  file.append(filename);
+
+  // Suppress failures, this happens in the mozstorage tests on Windows
+  // because the module may still be holding onto the DB. (We don't
+  // have a way to explicitly shutdown/GC the module).
+  try {
+    if (file.exists())
+      file.remove(false);
+  } catch (e) {}
+}
+
+function reloadStorage(aInputPathName, aInputFileName)
+{
+  var inputFile = null;
+  if (aInputFileName) {
+      inputFile  = Cc["@mozilla.org/file/local;1"].
+                       createInstance(Ci.nsILocalFile);
+      inputFile.initWithPath(aInputPathName);
+      inputFile.append(aInputFileName);
+  }
+
+  let storage = Cc["@mozilla.org/login-manager/storage/mozStorage;1"]
+                  .createInstance(Ci.nsILoginManagerStorage);
+  storage.QueryInterface(Ci.nsIInterfaceRequestor)
+         .getInterface(Ci.nsIVariant)
+         .initWithFile(inputFile);
+
+  return storage;
+}
+
+function checkStorageData(storage, ref_disabledHosts, ref_logins)
+{
+  LoginTestUtils.assertLoginListsEqual(storage.getAllLogins(), ref_logins);
+  LoginTestUtils.assertDisabledHostsEqual(getAllDisabledHostsFromPermissionManager(),
+                                          ref_disabledHosts);
+}
+
+function getAllDisabledHostsFromPermissionManager() {
+  let disabledHosts = [];
+  let enumerator = Services.perms.enumerator;
+
+  while (enumerator.hasMoreElements()) {
+    let perm = enumerator.getNext();
+    if (perm.type == PERMISSION_SAVE_LOGINS && perm.capability == Services.perms.DENY_ACTION) {
+      disabledHosts.push(perm.principal.URI.prePath);
+    }
+  }
+
+  return disabledHosts;
+}
+
+function setLoginSavingEnabled(origin, enabled) {
+  let uri = Services.io.newURI(origin, null, null);
+
+  if (enabled) {
+    Services.perms.remove(uri, PERMISSION_SAVE_LOGINS);
+  } else {
+    Services.perms.add(uri, PERMISSION_SAVE_LOGINS, Services.perms.DENY_ACTION);
+  }
+}
+
+add_task(function* test_execute()
+{
+
+const OUTDIR = OS.Constants.Path.profileDir;
+
+try {
+
+var isGUID = /^\{[0-9a-f\d]{8}-[0-9a-f\d]{4}-[0-9a-f\d]{4}-[0-9a-f\d]{4}-[0-9a-f\d]{12}\}$/;
+function getGUIDforID(conn, id) {
+    var stmt = conn.createStatement("SELECT guid from moz_logins WHERE id = " + id);
+    stmt.executeStep();
+    var guid = stmt.getString(0);
+    stmt.finalize();
+    return guid;
+}
+
+function getEncTypeForID(conn, id) {
+    var stmt = conn.createStatement("SELECT encType from moz_logins WHERE id = " + id);
+    stmt.executeStep();
+    var encType = stmt.row.encType;
+    stmt.finalize();
+    return encType;
+}
+
+function getAllDisabledHostsFromMozStorage(conn) {
+    let disabledHosts = [];
+    let stmt = conn.createStatement("SELECT hostname from moz_disabledHosts");
+
+    while (stmt.executeStep()) {
+      disabledHosts.push(stmt.row.hostname);
+    }
+
+    return disabledHosts;
+}
+
+var storage;
+var dbConnection;
+var testnum = 0;
+var testdesc = "Setup of nsLoginInfo test-users";
+var nsLoginInfo = new Components.Constructor(
+                    "@mozilla.org/login-manager/loginInfo;1",
+                    Components.interfaces.nsILoginInfo);
+do_check_true(nsLoginInfo != null);
+
+var testuser1 = new nsLoginInfo;
+testuser1.init("http://test.com", "http://test.com", null,
+               "testuser1", "testpass1", "u1", "p1");
+var testuser1B = new nsLoginInfo;
+testuser1B.init("http://test.com", "http://test.com", null,
+                "testuser1B", "testpass1B", "u1", "p1");
+var testuser2 = new nsLoginInfo;
+testuser2.init("http://test.org", "http://test.org", null,
+               "testuser2", "testpass2", "u2", "p2");
+var testuser3 = new nsLoginInfo;
+testuser3.init("http://test.gov", "http://test.gov", null,
+               "testuser3", "testpass3", "u3", "p3");
+var testuser4 = new nsLoginInfo;
+testuser4.init("http://test.gov", "http://test.gov", null,
+               "testuser1", "testpass2", "u4", "p4");
+var testuser5 = new nsLoginInfo;
+testuser5.init("http://test.gov", "http://test.gov", null,
+               "testuser2", "testpass1", "u5", "p5");
+
+
+/* ========== 1 ========== */
+testnum++;
+testdesc = "Test downgrade from v999 storage";
+
+yield* copyFile("signons-v999.sqlite");
+// Verify the schema version in the test file.
+dbConnection = openDB("signons-v999.sqlite");
+do_check_eq(999, dbConnection.schemaVersion);
+dbConnection.close();
+
+storage = reloadStorage(OUTDIR, "signons-v999.sqlite");
+setLoginSavingEnabled("https://disabled.net", false);
+checkStorageData(storage, ["https://disabled.net"], [testuser1]);
+
+// Check to make sure we downgraded the schema version.
+dbConnection = openDB("signons-v999.sqlite");
+do_check_eq(CURRENT_SCHEMA, dbConnection.schemaVersion);
+dbConnection.close();
+
+deleteFile(OUTDIR, "signons-v999.sqlite");
+
+/* ========== 2 ========== */
+testnum++;
+testdesc = "Test downgrade from incompat v999 storage";
+// This file has a testuser999/testpass999, but is missing an expected column
+
+var origFile = OS.Path.join(OUTDIR, "signons-v999-2.sqlite");
+var failFile = OS.Path.join(OUTDIR, "signons-v999-2.sqlite.corrupt");
+
+// Make sure we always start clean in a clean state.
+yield* copyFile("signons-v999-2.sqlite");
+yield OS.File.remove(failFile);
+
+Assert.throws(() => reloadStorage(OUTDIR, "signons-v999-2.sqlite"),
+              /Initialization failed/);
+
+// Check to ensure the DB file was renamed to .corrupt.
+do_check_false(yield OS.File.exists(origFile));
+do_check_true(yield OS.File.exists(failFile));
+
+yield OS.File.remove(failFile);
+
+/* ========== 3 ========== */
+testnum++;
+testdesc = "Test upgrade from v1->v2 storage";
+
+yield* copyFile("signons-v1.sqlite");
+// Sanity check the test file.
+dbConnection = openDB("signons-v1.sqlite");
+do_check_eq(1, dbConnection.schemaVersion);
+dbConnection.close();
+
+storage = reloadStorage(OUTDIR, "signons-v1.sqlite");
+checkStorageData(storage, ["https://disabled.net"], [testuser1, testuser2]);
+
+// Check to see that we added a GUIDs to the logins.
+dbConnection = openDB("signons-v1.sqlite");
+do_check_eq(CURRENT_SCHEMA, dbConnection.schemaVersion);
+var guid = getGUIDforID(dbConnection, 1);
+do_check_true(isGUID.test(guid));
+guid = getGUIDforID(dbConnection, 2);
+do_check_true(isGUID.test(guid));
+dbConnection.close();
+
+deleteFile(OUTDIR, "signons-v1.sqlite");
+
+/* ========== 4 ========== */
+testnum++;
+testdesc = "Test upgrade v2->v1 storage";
+// This is the case where a v2 DB has been accessed with v1 code, and now we
+// are upgrading it again. Any logins added by the v1 code must be properly
+// upgraded.
+
+yield* copyFile("signons-v1v2.sqlite");
+// Sanity check the test file.
+dbConnection = openDB("signons-v1v2.sqlite");
+do_check_eq(1, dbConnection.schemaVersion);
+dbConnection.close();
+
+storage = reloadStorage(OUTDIR, "signons-v1v2.sqlite");
+checkStorageData(storage, ["https://disabled.net"], [testuser1, testuser2, testuser3]);
+
+// While we're here, try modifying a login, to ensure that doing so doesn't
+// change the existing GUID.
+storage.modifyLogin(testuser1, testuser1B);
+checkStorageData(storage, ["https://disabled.net"], [testuser1B, testuser2, testuser3]);
+
+// Check the GUIDs. Logins 1 and 2 should retain their original GUID, login 3
+// should have one created (because it didn't have one previously).
+dbConnection = openDB("signons-v1v2.sqlite");
+do_check_eq(CURRENT_SCHEMA, dbConnection.schemaVersion);
+guid = getGUIDforID(dbConnection, 1);
+do_check_eq("{655c7358-f1d6-6446-adab-53f98ac5d80f}", guid);
+guid = getGUIDforID(dbConnection, 2);
+do_check_eq("{13d9bfdc-572a-4d4e-9436-68e9803e84c1}", guid);
+guid = getGUIDforID(dbConnection, 3);
+do_check_true(isGUID.test(guid));
+dbConnection.close();
+
+deleteFile(OUTDIR, "signons-v1v2.sqlite");
+
+/* ========== 5 ========== */
+testnum++;
+testdesc = "Test upgrade from v2->v3 storage";
+
+yield* copyFile("signons-v2.sqlite");
+// Sanity check the test file.
+dbConnection = openDB("signons-v2.sqlite");
+do_check_eq(2, dbConnection.schemaVersion);
+
+storage = reloadStorage(OUTDIR, "signons-v2.sqlite");
+
+// Check to see that we added the correct encType to the logins.
+do_check_eq(CURRENT_SCHEMA, dbConnection.schemaVersion);
+var encTypes = [ENCTYPE_BASE64, ENCTYPE_SDR, ENCTYPE_BASE64, ENCTYPE_BASE64];
+for (let i = 0; i < encTypes.length; i++)
+    do_check_eq(encTypes[i], getEncTypeForID(dbConnection, i + 1));
+dbConnection.close();
+
+// There are 4 logins, but 3 will be invalid because we can no longer decrypt
+// base64-encoded items. (testuser1/4/5)
+checkStorageData(storage, ["https://disabled.net"],
+    [testuser2]);
+
+deleteFile(OUTDIR, "signons-v2.sqlite");
+
+/* ========== 6 ========== */
+testnum++;
+testdesc = "Test upgrade v3->v2 storage";
+// This is the case where a v3 DB has been accessed with v2 code, and now we
+// are upgrading it again. Any logins added by the v2 code must be properly
+// upgraded.
+
+yield* copyFile("signons-v2v3.sqlite");
+// Sanity check the test file.
+dbConnection = openDB("signons-v2v3.sqlite");
+do_check_eq(2, dbConnection.schemaVersion);
+encTypes = [ENCTYPE_BASE64, ENCTYPE_SDR, ENCTYPE_BASE64, ENCTYPE_BASE64, null];
+for (let i = 0; i < encTypes.length; i++)
+    do_check_eq(encTypes[i], getEncTypeForID(dbConnection, i + 1));
+
+// Reload storage, check that the new login now has encType=1, others untouched
+storage = reloadStorage(OUTDIR, "signons-v2v3.sqlite");
+do_check_eq(CURRENT_SCHEMA, dbConnection.schemaVersion);
+
+encTypes = [ENCTYPE_BASE64, ENCTYPE_SDR, ENCTYPE_BASE64, ENCTYPE_BASE64, ENCTYPE_SDR];
+for (let i = 0; i < encTypes.length; i++)
+    do_check_eq(encTypes[i], getEncTypeForID(dbConnection, i + 1));
+
+// Sanity check that the data gets migrated
+// There are 5 logins, but 3 will be invalid because we can no longer decrypt
+// base64-encoded items. (testuser1/4/5). We no longer reencrypt with SDR.
+checkStorageData(storage, ["https://disabled.net"], [testuser2, testuser3]);
+encTypes = [ENCTYPE_BASE64, ENCTYPE_SDR, ENCTYPE_BASE64, ENCTYPE_BASE64, ENCTYPE_SDR];
+for (let i = 0; i < encTypes.length; i++)
+    do_check_eq(encTypes[i], getEncTypeForID(dbConnection, i + 1));
+dbConnection.close();
+
+deleteFile(OUTDIR, "signons-v2v3.sqlite");
+
+
+/* ========== 7 ========== */
+testnum++;
+testdesc = "Test upgrade from v3->v4 storage";
+
+yield* copyFile("signons-v3.sqlite");
+// Sanity check the test file.
+dbConnection = openDB("signons-v3.sqlite");
+do_check_eq(3, dbConnection.schemaVersion);
+
+storage = reloadStorage(OUTDIR, "signons-v3.sqlite");
+do_check_eq(CURRENT_SCHEMA, dbConnection.schemaVersion);
+
+// Remove old entry from permission manager.
+setLoginSavingEnabled("https://disabled.net", true);
+
+// Check that timestamps and counts were initialized correctly
+checkStorageData(storage, [], [testuser1, testuser2]);
+
+var logins = storage.getAllLogins();
+for (var i = 0; i < 2; i++) {
+    do_check_true(logins[i] instanceof Ci.nsILoginMetaInfo);
+    do_check_eq(1, logins[i].timesUsed);
+    LoginTestUtils.assertTimeIsAboutNow(logins[i].timeCreated);
+    LoginTestUtils.assertTimeIsAboutNow(logins[i].timeLastUsed);
+    LoginTestUtils.assertTimeIsAboutNow(logins[i].timePasswordChanged);
+}
+
+/* ========== 8 ========== */
+testnum++;
+testdesc = "Test upgrade from v3->v4->v3 storage";
+
+yield* copyFile("signons-v3v4.sqlite");
+// Sanity check the test file.
+dbConnection = openDB("signons-v3v4.sqlite");
+do_check_eq(3, dbConnection.schemaVersion);
+
+storage = reloadStorage(OUTDIR, "signons-v3v4.sqlite");
+do_check_eq(CURRENT_SCHEMA, dbConnection.schemaVersion);
+
+// testuser1 already has timestamps, testuser2 does not.
+checkStorageData(storage, [], [testuser1, testuser2]);
+
+logins = storage.getAllLogins();
+
+var t1, t2;
+if (logins[0].username == "testuser1") {
+    t1 = logins[0];
+    t2 = logins[1];
+} else {
+    t1 = logins[1];
+    t2 = logins[0];
+}
+
+do_check_true(t1 instanceof Ci.nsILoginMetaInfo);
+do_check_true(t2 instanceof Ci.nsILoginMetaInfo);
+
+do_check_eq(9, t1.timesUsed);
+do_check_eq(1262049951275, t1.timeCreated);
+do_check_eq(1262049951275, t1.timeLastUsed);
+do_check_eq(1262049951275, t1.timePasswordChanged);
+
+do_check_eq(1, t2.timesUsed);
+LoginTestUtils.assertTimeIsAboutNow(t2.timeCreated);
+LoginTestUtils.assertTimeIsAboutNow(t2.timeLastUsed);
+LoginTestUtils.assertTimeIsAboutNow(t2.timePasswordChanged);
+
+
+/* ========== 9 ========== */
+testnum++;
+testdesc = "Test upgrade from v4 storage";
+
+yield* copyFile("signons-v4.sqlite");
+// Sanity check the test file.
+dbConnection = openDB("signons-v4.sqlite");
+do_check_eq(4, dbConnection.schemaVersion);
+do_check_false(dbConnection.tableExists("moz_deleted_logins"));
+
+storage = reloadStorage(OUTDIR, "signons-v4.sqlite");
+do_check_eq(CURRENT_SCHEMA, dbConnection.schemaVersion);
+do_check_true(dbConnection.tableExists("moz_deleted_logins"));
+
+
+/* ========== 10 ========== */
+testnum++;
+testdesc = "Test upgrade from v4->v5->v4 storage";
+
+yield copyFile("signons-v4v5.sqlite");
+// Sanity check the test file.
+dbConnection = openDB("signons-v4v5.sqlite");
+do_check_eq(4, dbConnection.schemaVersion);
+do_check_true(dbConnection.tableExists("moz_deleted_logins"));
+
+storage = reloadStorage(OUTDIR, "signons-v4v5.sqlite");
+do_check_eq(CURRENT_SCHEMA, dbConnection.schemaVersion);
+do_check_true(dbConnection.tableExists("moz_deleted_logins"));
+
+/* ========== 11 ========== */
+testnum++;
+testdesc = "Test upgrade from v5->v6 storage";
+
+yield* copyFile("signons-v5v6.sqlite");
+
+// Sanity check the test file.
+dbConnection = openDB("signons-v5v6.sqlite");
+do_check_eq(5, dbConnection.schemaVersion);
+do_check_true(dbConnection.tableExists("moz_disabledHosts"));
+
+// Initial disabled hosts inside signons-v5v6.sqlite
+var disabledHosts = [
+  "http://disabled1.example.com",
+  "http://大.net",
+  "http://xn--19g.com"
+];
+
+LoginTestUtils.assertDisabledHostsEqual(disabledHosts, getAllDisabledHostsFromMozStorage(dbConnection));
+
+// Reload storage
+storage = reloadStorage(OUTDIR, "signons-v5v6.sqlite");
+do_check_eq(CURRENT_SCHEMA, dbConnection.schemaVersion);
+
+// moz_disabledHosts should now be empty after migration.
+LoginTestUtils.assertDisabledHostsEqual([], getAllDisabledHostsFromMozStorage(dbConnection));
+
+// Get all the other hosts currently saved in the permission manager.
+let hostsInPermissionManager = getAllDisabledHostsFromPermissionManager();
+
+// All disabledHosts should have migrated to the permission manager
+LoginTestUtils.assertDisabledHostsEqual(disabledHosts, hostsInPermissionManager);
+
+// Remove all disabled hosts from the permission manager before test ends
+for (let host of disabledHosts) {
+  setLoginSavingEnabled(host, true);
+}
+
+/* ========== 12 ========== */
+testnum++;
+testdesc = "Create nsILoginInfo instances for testing with";
+
+testuser1 = new nsLoginInfo;
+testuser1.init("http://dummyhost.mozilla.org", "", null,
+    "dummydude", "itsasecret", "put_user_here", "put_pw_here");
+
+
+/*
+ * ---------------------- DB Corruption ----------------------
+ * Try to initialize with a corrupt database file. This should create a backup
+ * file, then upon next use create a new database file.
+ */
+
+/* ========== 13 ========== */
+testnum++;
+testdesc = "Corrupt database and backup";
+
+const filename = "signons-c.sqlite";
+const filepath = OS.Path.join(OS.Constants.Path.profileDir, filename);
+
+yield OS.File.copy(do_get_file("data/corruptDB.sqlite").path, filepath);
+
+// will init mozStorage module with corrupt database, init should fail
+Assert.throws(
+  () => reloadStorage(OS.Constants.Path.profileDir, filename),
+  /Initialization failed/);
+
+// check that the backup file exists
+do_check_true(yield OS.File.exists(filepath + ".corrupt"));
+
+// check that the original corrupt file has been deleted
+do_check_false(yield OS.File.exists(filepath));
+
+// initialize the storage module again
+storage = reloadStorage(OS.Constants.Path.profileDir, filename);
+
+// use the storage module again, should work now
+storage.addLogin(testuser1);
+checkStorageData(storage, [], [testuser1]);
+
+// check the file exists
+var file = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsILocalFile);
+file.initWithPath(OS.Constants.Path.profileDir);
+file.append(filename);
+do_check_true(file.exists());
+
+deleteFile(OS.Constants.Path.profileDir, filename + ".corrupt");
+deleteFile(OS.Constants.Path.profileDir, filename);
+
+} catch (e) {
+    throw new Error("FAILED in test #" + testnum + " -- " + testdesc + ": " + e);
+}
+
+});
diff --git a/toolkit/components/passwordmgr/test/unit/test_telemetry.js b/toolkit/components/passwordmgr/test/unit/test_telemetry.js
new file mode 100644
index 000000000..1d8f80226
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_telemetry.js
@@ -0,0 +1,187 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+/**
+ * Tests the statistics and other counters reported through telemetry.
+ */
+
+"use strict";
+
+// Globals
+
+const MS_PER_DAY = 24 * 60 * 60 * 1000;
+
+// To prevent intermittent failures when the test is executed at a time that is
+// very close to a day boundary, we make it deterministic by using a static
+// reference date for all the time-based statistics.
+const gReferenceTimeMs = new Date("2000-01-01T00:00:00").getTime();
+
+// Returns a milliseconds value to use with nsILoginMetaInfo properties, falling
+// approximately in the middle of the specified number of days before the
+// reference time, where zero days indicates a time within the past 24 hours.
+var daysBeforeMs = days => gReferenceTimeMs - (days + 0.5) * MS_PER_DAY;
+
+/**
+ * Contains metadata that will be attached to test logins in order to verify
+ * that the statistics collection is working properly. Most properties of the
+ * logins are initialized to the default test values already.
+ *
+ * If you update this data or any of the telemetry histograms it checks, you'll
+ * probably need to update the expected statistics in the test below.
+ */
+const StatisticsTestData = [
+  {
+    timeLastUsed: daysBeforeMs(0),
+  },
+  {
+    timeLastUsed: daysBeforeMs(1),
+  },
+  {
+    timeLastUsed: daysBeforeMs(7),
+    formSubmitURL: null,
+    httpRealm: "The HTTP Realm",
+  },
+  {
+    username: "",
+    timeLastUsed: daysBeforeMs(7),
+  },
+  {
+    username: "",
+    timeLastUsed: daysBeforeMs(30),
+  },
+  {
+    username: "",
+    timeLastUsed: daysBeforeMs(31),
+  },
+  {
+    timeLastUsed: daysBeforeMs(365),
+  },
+  {
+    username: "",
+    timeLastUsed: daysBeforeMs(366),
+  },
+  {
+    // If the login was saved in the future, it is ignored for statistiscs.
+    timeLastUsed: daysBeforeMs(-1),
+  },
+  {
+    timeLastUsed: daysBeforeMs(1000),
+  },
+];
+
+/**
+ * Triggers the collection of those statistics that are not accumulated each
+ * time an action is taken, but are a static snapshot of the current state.
+ */
+function triggerStatisticsCollection() {
+  Services.obs.notifyObservers(null, "gather-telemetry", "" + gReferenceTimeMs);
+}
+
+/**
+ * Tests the telemetry histogram with the given ID contains only the specified
+ * non-zero ranges, expressed in the format { range1: value1, range2: value2 }.
+ */
+function testHistogram(histogramId, expectedNonZeroRanges) {
+  let snapshot = Services.telemetry.getHistogramById(histogramId).snapshot();
+
+  // Compute the actual ranges in the format { range1: value1, range2: value2 }.
+  let actualNonZeroRanges = {};
+  for (let [index, range] of snapshot.ranges.entries()) {
+    let value = snapshot.counts[index];
+    if (value > 0) {
+      actualNonZeroRanges[range] = value;
+    }
+  }
+
+  // These are stringified to visualize the differences between the values.
+  do_print("Testing histogram: " + histogramId);
+  do_check_eq(JSON.stringify(actualNonZeroRanges),
+              JSON.stringify(expectedNonZeroRanges));
+}
+
+// Tests
+
+/**
+ * Enable local telemetry recording for the duration of the tests, and prepare
+ * the test data that will be used by the following tests.
+ */
+add_task(function test_initialize() {
+  let oldCanRecord = Services.telemetry.canRecordExtended;
+  Services.telemetry.canRecordExtended = true;
+  do_register_cleanup(function () {
+    Services.telemetry.canRecordExtended = oldCanRecord;
+  });
+
+  let uniqueNumber = 1;
+  for (let loginModifications of StatisticsTestData) {
+    loginModifications.hostname = `http://${uniqueNumber++}.example.com`;
+    Services.logins.addLogin(TestData.formLogin(loginModifications));
+  }
+});
+
+/**
+ * Tests the collection of statistics related to login metadata.
+ */
+add_task(function test_logins_statistics() {
+  // Repeat the operation twice to test that histograms are not accumulated.
+  for (let repeating of [false, true]) {
+    triggerStatisticsCollection();
+
+    // Should record 1 in the bucket corresponding to the number of passwords.
+    testHistogram("PWMGR_NUM_SAVED_PASSWORDS",
+                  { 10: 1 });
+
+    // Should record 1 in the bucket corresponding to the number of passwords.
+    testHistogram("PWMGR_NUM_HTTPAUTH_PASSWORDS",
+                  { 1: 1 });
+
+    // For each saved login, should record 1 in the bucket corresponding to the
+    // age in days since the login was last used.
+    testHistogram("PWMGR_LOGIN_LAST_USED_DAYS",
+                  { 0: 1, 1: 1, 7: 2, 29: 2, 356: 2, 750: 1 });
+
+    // Should record the number of logins without a username in bucket 0, and
+    // the number of logins with a username in bucket 1.
+    testHistogram("PWMGR_USERNAME_PRESENT",
+                  { 0: 4, 1: 6 });
+  }
+});
+
+/**
+ * Tests the collection of statistics related to hosts for which passowrd saving
+ * has been explicitly disabled.
+ */
+add_task(function test_disabledHosts_statistics() {
+  // Should record 1 in the bucket corresponding to the number of sites for
+  // which password saving is disabled.
+  Services.logins.setLoginSavingEnabled("http://www.example.com", false);
+  triggerStatisticsCollection();
+  testHistogram("PWMGR_BLOCKLIST_NUM_SITES", { 1: 1 });
+
+  Services.logins.setLoginSavingEnabled("http://www.example.com", true);
+  triggerStatisticsCollection();
+  testHistogram("PWMGR_BLOCKLIST_NUM_SITES", { 0: 1 });
+});
+
+/**
+ * Tests the collection of statistics related to general settings.
+ */
+add_task(function test_settings_statistics() {
+  let oldRememberSignons = Services.prefs.getBoolPref("signon.rememberSignons");
+  do_register_cleanup(function () {
+    Services.prefs.setBoolPref("signon.rememberSignons", oldRememberSignons);
+  });
+
+  // Repeat the operation twice per value to test that histograms are reset.
+  for (let remember of [false, true, false, true]) {
+    // This change should be observed immediately by the login service.
+    Services.prefs.setBoolPref("signon.rememberSignons", remember);
+
+    triggerStatisticsCollection();
+
+    // Should record 1 in either bucket 0 or bucket 1 based on the preference.
+    testHistogram("PWMGR_SAVING_ENABLED", remember ? { 1: 1 } : { 0: 1 });
+  }
+});
diff --git a/toolkit/components/passwordmgr/test/unit/test_user_autocomplete_result.js b/toolkit/components/passwordmgr/test/unit/test_user_autocomplete_result.js
new file mode 100644
index 000000000..e1d250a76
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/test_user_autocomplete_result.js
@@ -0,0 +1,488 @@
+XPCOMUtils.defineLazyModuleGetter(this, "LoginHelper",
+                                  "resource://gre/modules/LoginHelper.jsm");
+Cu.import("resource://gre/modules/LoginManagerContent.jsm");
+var nsLoginInfo = Components.Constructor("@mozilla.org/login-manager/loginInfo;1",
+                                         Ci.nsILoginInfo, "init");
+
+const PREF_INSECURE_FIELD_WARNING_ENABLED = "security.insecure_field_warning.contextual.enabled";
+const PREF_INSECURE_AUTOFILLFORMS_ENABLED = "signon.autofillForms.http";
+
+let matchingLogins = [];
+matchingLogins.push(new nsLoginInfo("http://mochi.test:8888", "http://autocomplete:8888", null,
+                                    "", "emptypass1", "uname", "pword"));
+
+matchingLogins.push(new nsLoginInfo("http://mochi.test:8888", "http://autocomplete:8888", null,
+                                    "tempuser1", "temppass1", "uname", "pword"));
+
+matchingLogins.push(new nsLoginInfo("http://mochi.test:8888", "http://autocomplete:8888", null,
+                                    "testuser2", "testpass2", "uname", "pword"));
+
+matchingLogins.push(new nsLoginInfo("http://mochi.test:8888", "http://autocomplete:8888", null,
+                                    "testuser3", "testpass3", "uname", "pword"));
+
+matchingLogins.push(new nsLoginInfo("http://mochi.test:8888", "http://autocomplete:8888", null,
+                                    "zzzuser4", "zzzpass4", "uname", "pword"));
+
+let meta = matchingLogins[0].QueryInterface(Ci.nsILoginMetaInfo);
+let dateAndTimeFormatter = new Intl.DateTimeFormat(undefined,
+                            { day: "numeric", month: "short", year: "numeric" });
+let time = dateAndTimeFormatter.format(new Date(meta.timePasswordChanged));
+const LABEL_NO_USERNAME = "No username (" + time + ")";
+
+let expectedResults = [
+  {
+    insecureFieldWarningEnabled: true,
+    insecureAutoFillFormsEnabled: true,
+    isSecure: true,
+    isPasswordField: false,
+    matchingLogins: matchingLogins,
+    items: [{
+      value: "",
+      label: LABEL_NO_USERNAME,
+      style: "login",
+    }, {
+      value: "tempuser1",
+      label: "tempuser1",
+      style: "login",
+    }, {
+      value: "testuser2",
+      label: "testuser2",
+      style: "login",
+    }, {
+      value: "testuser3",
+      label: "testuser3",
+      style: "login",
+    }, {
+      value: "zzzuser4",
+      label: "zzzuser4",
+      style: "login",
+    }]
+  },
+  {
+    insecureFieldWarningEnabled: true,
+    insecureAutoFillFormsEnabled: true,
+    isSecure: false,
+    isPasswordField: false,
+    matchingLogins: matchingLogins,
+    items: [{
+      value: "",
+      label: "This connection is not secure. Logins entered here could be compromised. Learn More",
+      style: "insecureWarning"
+    }, {
+      value: "",
+      label: LABEL_NO_USERNAME,
+      style: "login",
+    }, {
+      value: "tempuser1",
+      label: "tempuser1",
+      style: "login",
+    }, {
+      value: "testuser2",
+      label: "testuser2",
+      style: "login",
+    }, {
+      value: "testuser3",
+      label: "testuser3",
+      style: "login",
+    }, {
+      value: "zzzuser4",
+      label: "zzzuser4",
+      style: "login",
+    }]
+  },
+  {
+    insecureFieldWarningEnabled: true,
+    insecureAutoFillFormsEnabled: true,
+    isSecure: true,
+    isPasswordField: true,
+    matchingLogins: matchingLogins,
+    items: [{
+      value: "emptypass1",
+      label: LABEL_NO_USERNAME,
+      style: "login",
+    }, {
+      value: "temppass1",
+      label: "tempuser1",
+      style: "login",
+    }, {
+      value: "testpass2",
+      label: "testuser2",
+      style: "login",
+    }, {
+      value: "testpass3",
+      label: "testuser3",
+      style: "login",
+    }, {
+      value: "zzzpass4",
+      label: "zzzuser4",
+      style: "login",
+    }]
+  },
+  {
+    insecureFieldWarningEnabled: true,
+    insecureAutoFillFormsEnabled: true,
+    isSecure: false,
+    isPasswordField: true,
+    matchingLogins: matchingLogins,
+    items: [{
+      value: "",
+      label: "This connection is not secure. Logins entered here could be compromised. Learn More",
+      style: "insecureWarning"
+    }, {
+      value: "emptypass1",
+      label: LABEL_NO_USERNAME,
+      style: "login",
+    }, {
+      value: "temppass1",
+      label: "tempuser1",
+      style: "login",
+    }, {
+      value: "testpass2",
+      label: "testuser2",
+      style: "login",
+    }, {
+      value: "testpass3",
+      label: "testuser3",
+      style: "login",
+    }, {
+      value: "zzzpass4",
+      label: "zzzuser4",
+      style: "login",
+    }]
+  },
+  {
+    insecureFieldWarningEnabled: false,
+    insecureAutoFillFormsEnabled: true,
+    isSecure: true,
+    isPasswordField: false,
+    matchingLogins: matchingLogins,
+    items: [{
+      value: "",
+      label: LABEL_NO_USERNAME,
+      style: "login",
+    }, {
+      value: "tempuser1",
+      label: "tempuser1",
+      style: "login",
+    }, {
+      value: "testuser2",
+      label: "testuser2",
+      style: "login",
+    }, {
+      value: "testuser3",
+      label: "testuser3",
+      style: "login",
+    }, {
+      value: "zzzuser4",
+      label: "zzzuser4",
+      style: "login",
+    }]
+  },
+  {
+    insecureFieldWarningEnabled: false,
+    insecureAutoFillFormsEnabled: true,
+    isSecure: false,
+    isPasswordField: false,
+    matchingLogins: matchingLogins,
+    items: [{
+      value: "",
+      label: LABEL_NO_USERNAME,
+      style: "login",
+    }, {
+      value: "tempuser1",
+      label: "tempuser1",
+      style: "login",
+    }, {
+      value: "testuser2",
+      label: "testuser2",
+      style: "login",
+    }, {
+      value: "testuser3",
+      label: "testuser3",
+      style: "login",
+    }, {
+      value: "zzzuser4",
+      label: "zzzuser4",
+      style: "login",
+    }]
+  },
+  {
+    insecureFieldWarningEnabled: false,
+    insecureAutoFillFormsEnabled: true,
+    isSecure: true,
+    isPasswordField: true,
+    matchingLogins: matchingLogins,
+    items: [{
+      value: "emptypass1",
+      label: LABEL_NO_USERNAME,
+      style: "login",
+    }, {
+      value: "temppass1",
+      label: "tempuser1",
+      style: "login",
+    }, {
+      value: "testpass2",
+      label: "testuser2",
+      style: "login",
+    }, {
+      value: "testpass3",
+      label: "testuser3",
+      style: "login",
+    }, {
+      value: "zzzpass4",
+      label: "zzzuser4",
+      style: "login",
+    }]
+  },
+  {
+    insecureFieldWarningEnabled: false,
+    insecureAutoFillFormsEnabled: true,
+    isSecure: false,
+    isPasswordField: true,
+    matchingLogins: matchingLogins,
+    items: [{
+      value: "emptypass1",
+      label: LABEL_NO_USERNAME,
+      style: "login",
+    }, {
+      value: "temppass1",
+      label: "tempuser1",
+      style: "login",
+    }, {
+      value: "testpass2",
+      label: "testuser2",
+      style: "login",
+    }, {
+      value: "testpass3",
+      label: "testuser3",
+      style: "login",
+    }, {
+      value: "zzzpass4",
+      label: "zzzuser4",
+      style: "login",
+    }]
+  },
+  {
+    insecureFieldWarningEnabled: true,
+    insecureAutoFillFormsEnabled: false,
+    isSecure: true,
+    isPasswordField: false,
+    matchingLogins: matchingLogins,
+    items: [{
+      value: "",
+      label: LABEL_NO_USERNAME,
+      style: "login",
+    }, {
+      value: "tempuser1",
+      label: "tempuser1",
+      style: "login",
+    }, {
+      value: "testuser2",
+      label: "testuser2",
+      style: "login",
+    }, {
+      value: "testuser3",
+      label: "testuser3",
+      style: "login",
+    }, {
+      value: "zzzuser4",
+      label: "zzzuser4",
+      style: "login",
+    }]
+  },
+  {
+    insecureFieldWarningEnabled: true,
+    insecureAutoFillFormsEnabled: false,
+    isSecure: false,
+    isPasswordField: false,
+    matchingLogins: matchingLogins,
+    items: [{
+      value: "",
+      label: "This connection is not secure. Logins entered here could be compromised. Learn More",
+      style: "insecureWarning"
+    }, {
+      value: "",
+      label: LABEL_NO_USERNAME,
+      style: "login",
+    }, {
+      value: "tempuser1",
+      label: "tempuser1",
+      style: "login",
+    }, {
+      value: "testuser2",
+      label: "testuser2",
+      style: "login",
+    }, {
+      value: "testuser3",
+      label: "testuser3",
+      style: "login",
+    }, {
+      value: "zzzuser4",
+      label: "zzzuser4",
+      style: "login",
+    }]
+  },
+  {
+    insecureFieldWarningEnabled: true,
+    insecureAutoFillFormsEnabled: false,
+    isSecure: true,
+    isPasswordField: true,
+    matchingLogins: matchingLogins,
+    items: [{
+      value: "emptypass1",
+      label: LABEL_NO_USERNAME,
+      style: "login",
+    }, {
+      value: "temppass1",
+      label: "tempuser1",
+      style: "login",
+    }, {
+      value: "testpass2",
+      label: "testuser2",
+      style: "login",
+    }, {
+      value: "testpass3",
+      label: "testuser3",
+      style: "login",
+    }, {
+      value: "zzzpass4",
+      label: "zzzuser4",
+      style: "login",
+    }]
+  },
+  {
+    insecureFieldWarningEnabled: true,
+    insecureAutoFillFormsEnabled: false,
+    isSecure: false,
+    isPasswordField: true,
+    matchingLogins: matchingLogins,
+    items: [{
+      value: "",
+      label: "This connection is not secure. Logins entered here could be compromised. Learn More",
+      style: "insecureWarning"
+    }, {
+      value: "emptypass1",
+      label: LABEL_NO_USERNAME,
+      style: "login",
+    }, {
+      value: "temppass1",
+      label: "tempuser1",
+      style: "login",
+    }, {
+      value: "testpass2",
+      label: "testuser2",
+      style: "login",
+    }, {
+      value: "testpass3",
+      label: "testuser3",
+      style: "login",
+    }, {
+      value: "zzzpass4",
+      label: "zzzuser4",
+      style: "login",
+    }]
+  },
+  {
+    insecureFieldWarningEnabled: false,
+    insecureAutoFillFormsEnabled: false,
+    isSecure: true,
+    isPasswordField: false,
+    matchingLogins: matchingLogins,
+    items: [{
+      value: "",
+      label: LABEL_NO_USERNAME,
+      style: "login",
+    }, {
+      value: "tempuser1",
+      label: "tempuser1",
+      style: "login",
+    }, {
+      value: "testuser2",
+      label: "testuser2",
+      style: "login",
+    }, {
+      value: "testuser3",
+      label: "testuser3",
+      style: "login",
+    }, {
+      value: "zzzuser4",
+      label: "zzzuser4",
+      style: "login",
+    }]
+  },
+  {
+    insecureFieldWarningEnabled: false,
+    insecureAutoFillFormsEnabled: false,
+    isSecure: false,
+    isPasswordField: false,
+    matchingLogins: matchingLogins,
+    items: []
+  },
+  {
+    insecureFieldWarningEnabled: false,
+    insecureAutoFillFormsEnabled: false,
+    isSecure: true,
+    isPasswordField: true,
+    matchingLogins: matchingLogins,
+    items: [{
+      value: "emptypass1",
+      label: LABEL_NO_USERNAME,
+      style: "login",
+    }, {
+      value: "temppass1",
+      label: "tempuser1",
+      style: "login",
+    }, {
+      value: "testpass2",
+      label: "testuser2",
+      style: "login",
+    }, {
+      value: "testpass3",
+      label: "testuser3",
+      style: "login",
+    }, {
+      value: "zzzpass4",
+      label: "zzzuser4",
+      style: "login",
+    }]
+  },
+  {
+    insecureFieldWarningEnabled: false,
+    insecureAutoFillFormsEnabled: false,
+    isSecure: false,
+    isPasswordField: true,
+    matchingLogins: matchingLogins,
+    items: []
+  },
+];
+
+add_task(function* test_all_patterns() {
+  LoginHelper.createLogger("UserAutoCompleteResult");
+  expectedResults.forEach(pattern => {
+    Services.prefs.setBoolPref(PREF_INSECURE_FIELD_WARNING_ENABLED,
+                               pattern.insecureFieldWarningEnabled);
+    Services.prefs.setBoolPref(PREF_INSECURE_AUTOFILLFORMS_ENABLED,
+                               pattern.insecureAutoFillFormsEnabled);
+    let actual = new UserAutoCompleteResult("", pattern.matchingLogins,
+                                            {
+                                              isSecure: pattern.isSecure,
+                                              isPasswordField: pattern.isPasswordField
+                                            });
+    pattern.items.forEach((item, index) => {
+      equal(actual.getValueAt(index), item.value);
+      equal(actual.getLabelAt(index), item.label);
+      equal(actual.getStyleAt(index), item.style);
+    });
+
+    if (pattern.items.length != 0) {
+      Assert.throws(() => actual.getValueAt(pattern.items.length),
+        /Index out of range\./);
+
+      Assert.throws(() => actual.getLabelAt(pattern.items.length),
+        /Index out of range\./);
+
+      Assert.throws(() => actual.removeValueAt(pattern.items.length, true),
+        /Index out of range\./);
+    }
+  });
+});
diff --git a/toolkit/components/passwordmgr/test/unit/xpcshell.ini b/toolkit/components/passwordmgr/test/unit/xpcshell.ini
new file mode 100644
index 000000000..8f8c92a28
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/unit/xpcshell.ini
@@ -0,0 +1,46 @@
+[DEFAULT]
+head = head.js
+tail =
+support-files = data/**
+
+# Test JSON file access and import from SQLite, not applicable to Android.
+[test_module_LoginImport.js]
+skip-if = os == "android"
+[test_module_LoginStore.js]
+skip-if = os == "android"
+[test_removeLegacySignonFiles.js]
+skip-if = os == "android"
+
+# Test SQLite database backup and migration, applicable to Android only.
+[test_storage_mozStorage.js]
+skip-if = true || os != "android" # Bug 1171687: Needs fixing on Android
+
+# The following tests apply to any storage back-end.
+[test_context_menu.js]
+skip-if = os == "android" # The context menu isn't used on Android.
+# LoginManagerContextMenu is only included for MOZ_BUILD_APP == 'browser'.
+run-if = buildapp == "browser"
+[test_dedupeLogins.js]
+[test_disabled_hosts.js]
+[test_getFormFields.js]
+[test_getPasswordFields.js]
+[test_getPasswordOrigin.js]
+[test_isOriginMatching.js]
+[test_legacy_empty_formSubmitURL.js]
+[test_legacy_validation.js]
+[test_logins_change.js]
+[test_logins_decrypt_failure.js]
+skip-if = os == "android" # Bug 1171687: Needs fixing on Android
+[test_user_autocomplete_result.js]
+skip-if = os == "android"
+[test_logins_metainfo.js]
+[test_logins_search.js]
+[test_maybeImportLogin.js]
+[test_notifications.js]
+[test_OSCrypto_win.js]
+skip-if = os != "win"
+[test_recipes_add.js]
+[test_recipes_content.js]
+[test_search_schemeUpgrades.js]
+[test_storage.js]
+[test_telemetry.js]
-- 
cgit v1.2.3