login form user/passwd not detected by logins

Users and developers helping users with generic and technical Pale Moon issues on all operating systems.

Moderator: trava90

Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
User avatar
Kris_88
Keeps coming back
Keeps coming back
Posts: 983
Joined: 2021-01-26, 11:18

Re: login form user/passwd not detected by logins

Unread post by Kris_88 » 2023-12-27, 22:28

suzyne wrote:
2023-12-27, 21:19
Currently I have around 490 passwords associated with websites
It's amazing.
Of course, I visit many sites, but registering on each one is incomprehensible to me. Just to login on each one for a month, you need to login on more than 10 different sites a day. And the next day - another 10 sites, etc. I can't imagine any activity or hobby that would require this. Perhaps it’s a hobby of “registering on sites.” :D

User avatar
cannonmc
Moon lover
Moon lover
Posts: 86
Joined: 2018-08-22, 22:46

Re: login form user/passwd not detected by logins

Unread post by cannonmc » 2023-12-28, 12:12

I've only just seen this thread and noticed no-one seemed to mention 'private browsing'.

In private browsing PM won't remember new passwords (old stored ones are fine).

So when I sign-in to a new site I come out of private browsing, sign-in to site, get 'Remember' box, click OK. Set back to private browsing. after a restart everything is fine.

Hope I'm not teaching granny to suck eggs.

dapgo
Fanatic
Fanatic
Posts: 212
Joined: 2016-10-11, 11:36

Re: login form user/passwd not detected by logins

Unread post by dapgo » 2024-03-01, 14:05

suzyne wrote:
2023-12-27, 21:19
I don't have Firefox installed so can't compare the effectiveness of Pale Moon verses it, but registering on a new site around once a year sounds unusual to me.

Maybe not every few days, but easily once a week I will store a new site and password pair. Currently I have around 490 passwords associated with websites, and certainly with my online purchasing for the holiday season that number was boosted quite a bit recently. I think it is probably difficult to assume what is typical only based on one's own behaviour?
exactly, people managing part of their lives online are on a continuous need of creating accounts.
From the government, to shopping, to service contracts, and so on...

Today i have a problem with PM logins again, i go to login on a service where i have account and password saved, and PM offers a dropdown list with 9 emails/username for for the field "Username or Email".

As i don't know which can be the good one, I check login on PM and I realize that:
  • PM login has URL https://accounts.domain.com
  • whereas service url is https://login.domain.com
  • and field names on PM login and field name on the page are the same id; "username" and "password"

The i select the good email from the list BUT nothing is populated on "password" field :wtf:

Then
I modify the pM logins to fit the URL to https://login.domain.com
Reload the page
The dropdownlist offers email/usernames
I pick the good one
The password field is populated and the login in successful


Why the dropdown is offereing these 9 usernames? ( I have much more than 9 usernames in my logins)
Shouldn't they be ordered by match with the domain?

dapgo
Fanatic
Fanatic
Posts: 212
Joined: 2016-10-11, 11:36

Re: login form user/passwd not detected by logins

Unread post by dapgo » 2024-03-13, 18:08

feedback from other users, please

Have you ever seen a dropdown list containing usernames/emails that don't belong to the logins stored for an specific page?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 36071
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: login form user/passwd not detected by logins

Unread post by Moonchild » 2024-03-13, 18:23

Yes that can happen when you have nothing stored as it will fall back to standard form history in that case, which is not site-bound, to help you fill in data.
"Just because you are offended doesn't mean you are right." -- unknown
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

dapgo
Fanatic
Fanatic
Posts: 212
Joined: 2016-10-11, 11:36

Re: login form user/passwd not detected by logins

Unread post by dapgo » 2024-03-20, 11:32

Moonchild wrote:
2024-03-13, 18:23
Yes that can happen when you have nothing stored as it will fall back to standard form history in that case, which is not site-bound, to help you fill in data.
What about when you HAVE a login stored?
Because it happens in some page logins, then you go to stored logins and there is an entry for this domain.

I can start creating a list of site logins where it happens.
But i am really surprised if other users are not suffering the same case.

Because I saw the same lack of feedback before; regarding not recognized input fields; no other user confirmed the "behaviour/problem". But when i did complete with a new install/profile then behavior was then same and the "problem" global.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 36071
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: login form user/passwd not detected by logins

Unread post by Moonchild » 2024-03-20, 13:07

Are you sure the actual host/URL is the same stored in the password manager? because they are not stored "by domain" as that would not be granular enough. http/https matters, exact host name matters.
"Just because you are offended doesn't mean you are right." -- unknown
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

dapgo
Fanatic
Fanatic
Posts: 212
Joined: 2016-10-11, 11:36

Re: login form user/passwd not detected by logins

Unread post by dapgo » 2024-06-17, 08:33

real example Booking.com
URL: https://account.booking.com/sign-in?
PM and Firefox have several accounts stores in login and passwords,


In Firefox 115esr
login field (with cookies): shows a login name
login field (clean cookies/private): empty, type 1st char and a dropdown shows loginnames (different accounts)

In Palemoon 33.1
login field (with cookies): empty and not option
login field (clean cookies/private): empty and not options

from preferences, stored passwords, edit password, "Guess from" -> Not suitable login form...
pm_login.png

form:
login :id="loginname
form:<form class="nw-signin" novalidate="">
<input id="hidden-password" name="password" autocomplete="current-password" aria-hidden="true" focusable="false" tabindex="-1" type="password">
<input name="loginname" autocomplete="username" autocapitalize="off" autocorrect="off" spellcheck="false" data-focus="true" data-ga-action="start typing" data-ga-label="username" id="loginname" value="" type="text">

User avatar
Kris_88
Keeps coming back
Keeps coming back
Posts: 983
Joined: 2021-01-26, 11:18

Re: login form user/passwd not detected by logins

Unread post by Kris_88 » 2024-06-17, 11:47

dapgo wrote:
2024-06-17, 08:33
real example Booking.com
If you add field descriptions to the "recipes.json" file, PM will prompt you to save the password and autofill will work.

I checked 2 options, both work.
1)

Code: Select all

    {
      "description": "https://account.booking.com/sign-in",
      "hosts": ["account.booking.com"],
      "usernameSelector": "#username",
      "passwordSelector": "#hidden-password"
    }
2)

Code: Select all

    {
      "description": "https://account.booking.com/sign-in",
      "hosts": ["account.booking.com"],
      "usernameSelector": "input[name=username]",
      "passwordSelector": "input[name=password]"
    }

User avatar
Kris_88
Keeps coming back
Keeps coming back
Posts: 983
Joined: 2021-01-26, 11:18

Re: login form user/passwd not detected by logins

Unread post by Kris_88 » 2024-06-19, 13:44

Moonchild wrote:
2024-03-20, 13:07
Regarding the problem on this link:
https://account.booking.com/sign-in

1) First, the user name (email) is entered and at the time of submitting the form, the password field is empty. Therefore the entire form is ignored.
_getFormFields:
https://repo.palemoon.org/MoonchildProd ... t.jsm#L755
_getPasswordFields:
https://repo.palemoon.org/MoonchildProd ... t.jsm#L682
https://repo.palemoon.org/MoonchildProd ... t.jsm#L694

I suggest replacing line

Code: Select all

pwFields = this._getPasswordFields(form, isSubmission);
with

Code: Select all

pwFields = this._getPasswordFields(form, false);
2) The username field is looked for before the password field, while on a form the username field is located after the password field. Therefore the username field will not be found.
_getFormFields:
https://repo.palemoon.org/MoonchildProd ... t.jsm#L767

I suggest replacing line

Code: Select all

for (var i = pwFields[0].index - 1; i >= 0; i--) {
with

Code: Select all

for (var i = 0; i < form.elements.length; i++) {
Both of these issues are not problems if the username and password fields are defined in the recipes.json file.
https://repo.palemoon.org/MoonchildProd ... t.jsm#L729

dapgo
Fanatic
Fanatic
Posts: 212
Joined: 2016-10-11, 11:36

Re: login form user/passwd not detected by logins

Unread post by dapgo » 2024-06-23, 09:20

thanks, good research
I suppose other browser have included in their code functions to process this "non standard" forms

It would be great to have an addon to simplify the process to add ids to recipes.json

User avatar
Kris_88
Keeps coming back
Keeps coming back
Posts: 983
Joined: 2021-01-26, 11:18

Re: login form user/passwd not detected by logins

Unread post by Kris_88 » 2024-06-23, 22:43

dapgo wrote:
2024-06-23, 09:20
I suppose other browser have included in their code functions to process this "non standard" forms
I looked at the source code of FF 127 and it seems to me that they did not invent anything fundamentally new.
In general, I have several ideas, but I need free time and the mood to implement them...

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 36071
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: login form user/passwd not detected by logins

Unread post by Moonchild » 2024-06-24, 10:32

The second change makes sense but I'm not sure about the first. It's poorly documented what "isSubmission" actually indicates or what the resulting behaviour is when it's just set to "false"

EDIT: tracking in Issue #2537 (UXP)

User avatar
Kris_88
Keeps coming back
Keeps coming back
Posts: 983
Joined: 2021-01-26, 11:18

Re: login form user/passwd not detected by logins

Unread post by Kris_88 » 2024-06-24, 19:14

Moonchild wrote:
2024-06-24, 10:32
The second change makes sense but I'm not sure about the first. It's poorly documented what "isSubmission" actually indicates or what the resulting behaviour is when it's just set to "false"
As far as I understand, the _getFormFields() function is used in two cases:
- when submitting a form, to prompt the user to save the entered credentials.
- when loading the page, to prompt the user to fill out the form automatically (using previously saved data).

In the first case (when submitting a form), isSubmission = true and _getPasswordFields(form , isSubmission) will skip the password field if it is not filled.
However, in the case of a specific site (https://account.booking.com/sign-in), logging in is performed in two stages. At the first stage, the user must enter only the name, the password field is hidden and left blank. After entering the name, the form is submitted and is ignored by the password manager for the reason stated above. If we make the specified correction, then the password manager does not ignore the form, a window opens asking you to remember the username and an empty password, but the password can be edited directly in this window. This allows the user to save credentials.
I understand that this is a very special case; most sites do not make the login procedure using two separate forms for username and password (although I did not collect statistics and maybe it is now fashionable to do so?). Therefore, I do not presume to say that this correction is necessary.
Moonchild wrote:
2024-06-24, 10:32
EDIT: tracking in Issue #2537 (UXP)
Thanks.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 36071
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: login form user/passwd not detected by logins

Unread post by Moonchild » 2024-06-24, 21:41

Kris_88 wrote:
2024-06-24, 19:14
If we make the specified correction, then the password manager does not ignore the form, a window opens asking you to remember the username and an empty password, but the password can be edited directly in this window. This allows the user to save credentials.
That's nice in that particular situation, of course, but I'm afraid that might start to pop up the password manager for forms that don't actually store/use credentials?
Split login forms are... well not super rare for there's a good handful of sites I know of at least that use them, but not common either, in my experience.

I'm fine with taking the other change too as long as it doesn't actually cause annoyance for forms that have password type fields (hidden or not) but aren't actually logins.

User avatar
Kris_88
Keeps coming back
Keeps coming back
Posts: 983
Joined: 2021-01-26, 11:18

Re: login form user/passwd not detected by logins

Unread post by Kris_88 » 2024-06-25, 02:39

Moonchild wrote:
2024-06-24, 21:41
but I'm afraid that might start to pop up the password manager for forms that don't actually store/use credentials?
Yes, this is possible. However, our password manager currently does not work on some sites, so we need to expand the list of conditions under which it will work (I mean universal conditions, since registering each site in recipes.json is a very bad option). Accordingly, the likelihood of false positives increases.
Okay, let's put this aside and don't rush into this.
Moonchild wrote:
2024-06-24, 21:41
I'm fine with taking the other change too as long as it doesn't actually cause annoyance for forms that have password type fields (hidden or not) but aren't actually logins.
There is another idea...
Currently, the _getFormFields() function first tries to find input fields based on recipes.json, then, if the fields are not found, it tries to look for them based on general considerations. We can add a third step: if the fields are not found, look for them based on a pair of selectors from the preferences. There is an assumption that "input[name=username]" and "input[name=password]" are quite common. Given that the querySelector() function allows a group of selectors, the user will be able to list additional options.

Post Reply