Open bkimmett opened 7 years ago
OK, it looks like the Firefox team is working on adding a nsiLoginManager equivalent to Firefox:
https://github.com/web-ext-experiments/logins
Still looking into getting WebExtensions equivalent of nsiLoginManagerStorage API.
Thanks for kicking this off. I'm skeptical they'll add it, but let's see what happens!
(I've added a comment to https://bugzilla.mozilla.org/show_bug.cgi?id=1344788)
Any progress on this issue? Firefox 57 release is just around the corner, Firefox 57 betas (with which this extension doesn't function any longer) are just into the public. What next? Alternatives?
We're still waiting on the loginStorage API. Which is waiting on the logins API, which is waiting on a security review. It looks like on Bugzilla they've said it won't be in 57 but it might be in 58?
(This isn't the only addon that's just going to be broken with no alternative for a version. I'm working on Cookie Monster...)
See from today these comments and tracking changes and backchanges:
Bugzilla Bug 106400: [RFE] Pwmgr should support OS X Keychain https://bugzilla.mozilla.org/show_bug.cgi?id=106400#c100 (me) -> https://bugzilla.mozilla.org/show_bug.cgi?id=106400#c101
Bugzilla Bug 1362981: Request WebExtensions API equivalent to nsiLoginManager https://bugzilla.mozilla.org/show_bug.cgi?id=1362981#c5 (me) -> https://bugzilla.mozilla.org/show_bug.cgi?id=1362981#a12192834_580382
Bugzilla Bug 1324919: Land logins API https://bugzilla.mozilla.org/show_bug.cgi?id=1324919#c16 (me) -> https://bugzilla.mozilla.org/show_bug.cgi?id=1324919#a24164072_580382
Bugzilla Bug 1344788: Implement login storage API https://bugzilla.mozilla.org/show_bug.cgi?id=1344788#c12** (me) -> https://bugzilla.mozilla.org/show_bug.cgi?id=1344788#a17613514_580382
How to accelerate, how to revive the issue, which now is very pestering and urgent, having the release date of FF57 just around the corner?
Yeah, I just checked the bugs you linked to and they've been updated with "wontfix" on the Firefox 57 status. I think our best bet is to make a big noise to try and get it into Firefox 58.
Yes. This (to make a big noise to try and get it in as soon as any possible, at least into Firefox 58, if 57 is lost and too late) had to be made much much earlier. But better late than never tried and given up without a struggle.
Wouldn't be possible and more beneficial porting the functionality based on the original code directly into Firefox? I believe there are open bugs to support macOS keychain in Firefox.
EDIT: It's bug 106400. @mnoorenberghe is listed as triage owner, so he could probably give you some help or direction to someone who can.
Wouldn't be possible and more beneficial porting the functionality based on the original code directly into Firefox? I believe there are open bugs to support macOS keychain in Firefox.
Possibly. You'll see that bug has been open for 16 years with nothing having been done. Over the years I've maintained the extension, I've had no support when it came to things like application signing that were necessary to get the extension working. So if you could make a simple patch that just worked, maybe you'd have success, but I'm not sure you'll find the support needed given that I'm pretty sure:
I struggle to find time to even maintain the current extension at the moment, so even if I was confident it would be accepted, there's just no way I have time at the moment to rewrite it and take it through the process of getting it approved and integrated. :( I'm happy to offer what advice I can to anyone else who wants to try, though...
Looking at that bug in Mozilla, it's pretty clear it won't be fixed in this decade. They've recently restricted comments to contributors. I agree it would be the cleanest solution, but it doesn't look realistic, for now.
I'll add my explicit (useless) +1 here; this plugin was a great "DIY" alternative to password managers like 1password.
Considering the current bugs, it'd be really good to get this working for people, or is there an alternative?
And I would be more than happy to put money into a patreon or kofi for this
Two thoughts.
Is complete control over the login manager required? If Firefox provided an API to allow third parties to merely provide passwords, that would at least allow the use of Keychain passwords in FF. What I mean is, it's not necessary to read/write the passwords stored in FF, merely to read/write the password entry fields. That difference would decrease the security implications for FF.
Or maybe I'm covering already-covered ground. Would the logins API provide that much functionality?
Perhaps it would be a good idea to coordinate with the other affected parties. For example, see:
Gnome:
KDE:
I'm backing to Mozilla Firefox (After some months) and I was searching this extension cuz I really love it and see still are problems 😢 I don't know too much about mozilla core but if is needed support or put money I can try to help with a donation.
Hi, There are updates?
Finally finished breaking w/ Thunderbird 60. Is there any hope?
Just had a quick skim of the Firefox bugs and don't see any progress, so no hope really, no. I'm thinking of going to LastPass (for my not super sensitive passwords)
[sigh] Yeah. If you want to keep going despite that, your best bet is getting involved in the Firefox development process, specifically WebExtensions committees, and making noise (advocating) for login manager (nsiLoginManager/nsiLoginManagerStorage) support in Firefox. As it is new, the bureaucratic process is stalled with several parts waiting on others. It needs someone to ask questions...
I'm too old to start this particular slog again for something that is only "nice", not "necessary". Sigh. I have been using LastPass for my normal-sensitive passwords for a decade or so. Does jack squat for Thunderbird, though. Also a little klunky for some web pages, though it just works in various browsers well over 95% of the time... and the price is right.
With all said above in mind do I understand correctly the add-on development is stopped? I'm one of those "million users" and signed up to GitHub only to ask here since KSI was necessary because I run an old OS X and, unfortunately, can't rely on Safari. I need integration with Waterfox that is based on Firefox 56.2.5 ESR. I checked the add-on's FF page, it's been removed. Does that mean it won't be updated any more?
Afraid so – there's currently no way I know of to implement it as an extension. It looks like Mozilla have taken down the add-on page and I can't immediately see any way to make it visible again.
If you're using an old version that still supports native extensions, you can still download the last release from here and install it manually.
Thanks for kicking this off. I'm skeptical they'll add it, but let's see what happens!
(I've added a comment to https://bugzilla.mozilla.org/show_bug.cgi?id=1344788)
Jesus, using Firefox on all of my macOSes, need it so badly. I'm using Keychain Access on a routine basis, manually adding passwords, so that when I clear everything in the browser, my logins are still intact. I read the thread (and, in fact, discovered posting myself here almost 1,5 years ago), but still dare to ask, has smth changed since then? Has Mozilla reinstated some of the necessary APIs in the new form? Any chances this valuable extension will get a new life? I'm now using FF Legacy and FF 75 on all of the macOSes I run, also I'm using an old Tor browser on Lion, that's the only place where KSI can be installed in.
Not that I know of, no. :(
On Thu, 23 Apr 2020, 6:21 pm scrutinizer11, notifications@github.com wrote:
Thanks for kicking this off. I'm skeptical they'll add it, but let's see what happens!
(I've added a comment to https://bugzilla.mozilla.org/show_bug.cgi?id=1344788)
Jesus, using Firefox on all of my macOSes, need it so badly. I'm using Keychain Access on a routine basis, manually adding passwords, so that when I clear everything in the browser, my logins are still intact. I read the thread (and, in fact, discovered posting myself here almost 1,5 years ago), but still dare to ask, has smth changed since then? Has Mozilla reinstated some of the necessary APIs in the new form? Any chances this valuable extension will get a new life? I'm now using FF Legacy and FF 75 on all of the macOSes I run, also I'm using an old Tor browser on Lion, that's the only place where KSI can be installed in.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/jfitzell/mozilla-keychain/issues/88#issuecomment-618530852, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAVPHVQNCXU2PTV65Y23XI3ROB2KFANCNFSM4DKPL3TA .
As things currently stand, Firefox has changed its password storage system so that passwords are encrypted in some way that ties in to the associated user account's password. The passwords don't show up in the keychain, but I have to type in my account password to see them.
Mozilla calls this 'Firefox Lockwise' - relevant repositories are here: https://github.com/mozilla-lockwise
In most recent versions of Firefox, the browser interface for the password store can be accessed from about:logins.
OK so, as of Firefox 57, released at the end of 2017, XUL and Addon SDK extensions (including this one) won't work - Keychain Services Integration will need to be ported to WebExtensions, if this is possible. (See https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Porting_a_legacy_Firefox_add-on for more info about the change.)
I've started the ball rolling by filing a bug in Bugzilla (https://bugzilla.mozilla.org/show_bug.cgi?id=1362981) requesting that a WebExtensions version of the login manager API be added.