Try to avoid prompting for master password unless necessary

[GoogleCodeExporter]

Thunderbird should use the same method as firefox to store passwords for
mail accounts. At least the UI resembles that of firefox very closely. It
should be rather simple to allow this extension to be installed on
thunderbird, too. 

Original issue reported on code.google.com by peter.je...@gmail.com on 30 Oct 2009 at 12:11

[GoogleCodeExporter]

This isn't a defect, but an enhancement, but I found no way to set the defect 
type,
sorry. 

Original comment by peter.je...@gmail.com on 30 Oct 2009 at 12:12

[GoogleCodeExporter]

Agreed - it's probably fairly straightforward. Would you care to test it at 
some point?

Original comment by jfitz...@gmail.com on 30 Oct 2009 at 9:47

• Changed state: Accepted
• Added labels: Type-Enhancement
• Removed labels: Type-Defect

[GoogleCodeExporter]

Sure, I'm running Thunderbird 3 Beta 4 on Mac OS. 

Original comment by peter.je...@gmail.com on 30 Oct 2009 at 9:59

[GoogleCodeExporter]

Peter,

Can you try this and see if it works at all? I didn't change anything in the
extension at all - just updated the install manifest to indicate it works in any
Gecko 1.9.* application.

Original comment by jfitz...@gmail.com on 13 Nov 2009 at 7:07

• Changed state: Started

Attachments:

• macos-keychain-1.0b1-gecko19.xpi

[GoogleCodeExporter]

Hrm... I don't actually know how you install extensions from a file in 
Thunderbird.
In firefox you just File->Open... but not sure if it's the same.

Original comment by jfitz...@gmail.com on 13 Nov 2009 at 7:10

[GoogleCodeExporter]

I installed the add-on (you can install extension in thunderbird with
extras/add-ons/install...), and it installs just fine. Unfortunately, I'm still 
asked
for my master-password everytime I open thunderbird, although mozilla-keychain 
asked
my if I want to import my passwords into the keychain on first start after 
installing. 

So, something seems to work there, but not enough :-)

The error log is empty, by the way. 

Original comment by peter.je...@gmail.com on 14 Nov 2009 at 11:51

[GoogleCodeExporter]

If you open apple's Keychain Access, can you see an entry for imap:// or pop:// 
URLs that have been added?

I'm trying to think at what level the master password is engaged - you might 
have to disable that, but not 
sure. There is the possibility of storing the master password in the keychain 
instead of each individual 
site/account password, but this is not the approach the extension currently 
takes (might add it as an option 
sometime).

If you want to see logged errors, you need to set signon.debug to true in 
about:config and then restart.

I should probably install Thunderbird and try it myself, really... eh? :)

Original comment by jfitz...@gmail.com on 14 Nov 2009 at 7:00

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

I do see entries for imap://... URLs. You're right, I could disable the master
password, but it just doesn't feel right. The error console says something like
"LoginManager found alternate implementation", and then shows some messages from
MacOSKeyChainIntegration..." Should I look for something specific. I'll attach a
screenshot of the error console. 

Original comment by peter.je...@gmail.com on 16 Nov 2009 at 7:34

Attachments:

• tb-error-console.jpg

[GoogleCodeExporter]

Everything I can see in the output there looks ok - it does seem to have found 
the entry.

There is not really a need to have a master password enabled when using this
extension because the master password simply encrypts mozilla's password store. 
The
keychain has its own password which is handled by the OS. (Of course, a copy of 
your
password is still contained in mozilla's store now since you already put it 
there).

It would be nice if you weren't prompted for a master password unless 
Thunderbird was
actually trying to access its own store. I'll take a look and see if that can be
achieved, but it is likely behaviour I have no control over...

Original comment by jfitz...@gmail.com on 16 Nov 2009 at 8:12

[GoogleCodeExporter]

changing the summary title...

It occurs to me that the master password is probably being requested because we 
are
falling through to check the original password store. That may be unavoidable 
but
perhaps we can avoid doing this in some cases.

Also, if the master password were itself stored in the keychain, this could 
avoid the
prompt.

Original comment by jfitz...@gmail.com on 5 Feb 2010 at 4:00

• Changed title: Try to avoid prompting for master password unless necessary
• Changed state: Accepted

[GoogleCodeExporter]

Are you planning to release an updated plugin version that works well with 
Thunderbird 3 on OS X?

Thanks.

Original comment by ma...@difolco.com on 27 May 2010 at 6:23

[GoogleCodeExporter]

What's the issue? The master password? Just disable it... the master password 
has no
significance when you are storing your passwords in Apple's Keychain because it 
is
encrypted with your keychain password. If you want to be extra cautious, you 
could
first temporarily disable the keychain extension and remove all stored 
passwords from
Mozilla's database.

As for an updated release, last time I tried, I couldn't get the bloody thing to
compile since I upgraded to Snow Leopard. I should try again but the next month 
at
least is going to be completely crazy for me, so it will be a while before I 
have a
chance to get back to it again.

Original comment by jfitz...@gmail.com on 27 May 2010 at 8:53

[GoogleCodeExporter]

I think I've found a bug.

If you already have Apple Mail configured for an IMAP account (and its login 
info is already stored into the OS 
X keychain), Thunderbird with your extension will fail to authenticate to the 
same IMAP account without any 
errors presented to the user and you won't be able to get any new email.

Looking at the TB error console, there are a bunch of the following errors:

Error: [Exception... "'Invalid URI' when calling method: 
[nsILoginManagerStorage::findLogins]"  nsresult: 
"0x8057001e (NS_ERROR_XPC_JS_THREW_STRING)"  location: "JS frame :: 
file:///Applications/Thunderbird.app/Contents/MacOS/components/nsLoginManager.js
 :: anonymous :: line 
535"  data: no]
Source File: 
file:///Applications/Thunderbird.app/Contents/MacOS/components/nsLoginManager.js
Line: 535

The issue appears to affect only the IMAP account to download email and it's 
probably due to some 
differences in how Apple Mail and your extension store the IMAP login info in 
OS X keychain.

Having Apple Mail also configured with the SMTP account to send email, TB is 
able to correctly reuse its 
keychain info (I got prompted by OS X if to permanently/temporarily allow TB to 
use the existing keychain 
login info when sending an email).

I'm on Snow Leopard 10.6.3 and TB 3.0.4 and I think you should be able to 
easily reproduce the above issue 
by removing your IMAP login info from your keychain, configuring the account in 
Apple Mail and then trying to 
access it with TB, but please let me know if you need more info.

Thanks for your work.

Original comment by ma...@difolco.com on 27 May 2010 at 9:55

[GoogleCodeExporter]

I've created Issue 21 - please add yourself to that issue if you want to follow 
it
(and I have a followup question there).

Original comment by jfitz...@gmail.com on 27 May 2010 at 1:24

[GoogleCodeExporter]

I think this issue is solved with Thunderbird 3.1. After installing the new 
version I set the master password again. But now I am no more asked for the 
master password.

Original comment by google.m...@spamgourmet.com on 26 Jun 2010 at 9:57