MozillaZine

[Ext] Opera Wand for Firefox - SecureLogin

Announce and Discuss the Latest Theme and Extension Releases.
efox99
 
Posts: 137
Joined: March 24th, 2011, 7:55 pm

Post Posted November 20th, 2012, 5:20 pm

WildcatRay wrote:Here is the modified version of Secure Login.

It is version 0.9.9 with the modified code to handle Gmail (and I believe Amazon). I relabeled it 1.0.2pre so that users won't be prompted to update until a newer version is released by Abine.


Thanks for doing this but it's not allowing to log in with mouse click/or using the setting "Activate Javascript Protection on login".

WildcatRay

User avatar
 
Posts: 7480
Joined: October 18th, 2007, 7:03 pm
Location: Columbus, OH

Post Posted November 20th, 2012, 5:37 pm

Sorry, but I am not a coder. I merely edited the file that needed to be updated because of Google changing Gmail login and then posted it for you and others.
Ray

OS'es: 4 computers with Win10 Pro 64-bit; Current Firefox, Beta, Nightly, Chrome, Vivaldi

efox99
 
Posts: 137
Joined: March 24th, 2011, 7:55 pm

Post Posted November 20th, 2012, 6:16 pm

I understand Ray and I want to thank you again. I disabled javascript protection on login in the meantime.

SantaFe

User avatar
 
Posts: 196
Joined: May 25th, 2003, 10:48 pm
Location: Shunting Box Cars.

Post Posted November 20th, 2012, 6:26 pm

Hmmm... just got Firefox 17: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17.0 Firefox/17.0 - Build ID: 20121120170634

Now for some reason Secure Login will not log me in when I click on the gold key anymore. It does in Firefox 16.0.2, but not in 17. Durned updates. ;)

WildcatRay

User avatar
 
Posts: 7480
Joined: October 18th, 2007, 7:03 pm
Location: Columbus, OH

Post Posted November 20th, 2012, 6:54 pm

Works fine for me on 17 as well as Nightly (20.0a1), but I do not use "Activate Javascript protection on login" either.
Ray

OS'es: 4 computers with Win10 Pro 64-bit; Current Firefox, Beta, Nightly, Chrome, Vivaldi

efox99
 
Posts: 137
Joined: March 24th, 2011, 7:55 pm

Post Posted November 20th, 2012, 8:48 pm

Benjamin Markson wrote:Meanwhile, Abine, Inc. "The online privacy company" only seem to be interested in advertising their other products having failed to even address the gmail problem.


Their mission was to take over the secure login addon, then spam the hell out of it's users with the advertising page. That was their only objective.

LoudNoise
New Member

User avatar
 
Posts: 40048
Joined: October 18th, 2007, 1:45 pm
Location: Next door to the west

Post Posted November 20th, 2012, 9:14 pm

As far as I can tell they only take you the page when you upgrade. This is hardly a sin.
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."

mantra
 
Posts: 330
Joined: September 29th, 2010, 7:21 am

Post Posted November 21st, 2012, 12:27 am

with firefox 17 ,secure login java protection stopped to work :(
http://www.pcmech.com/article/clearing- ... he-how-to/
windows firefox 49.0.2 ,thunderbird 45.4 and under linux , firefox and thunderbird are always updated

Benjamin Markson

User avatar
 
Posts: 392
Joined: November 19th, 2011, 3:57 am
Location: en-GB

Post Posted November 21st, 2012, 6:08 am

Having debugged secureLogin v1.0.1 the new failure is occurring in secureLogin.js here:
Code: Select all
1604: this.urlSecurityCheck(url, doc.location.href);

This line is throwing the exception: "Loading of [the url of the login page] denied."

Note: this check only occurs if the 'Activate Javascript protection at login' option is enabled.

I'm not clear what the function urlSecurityCheck() is designed to achieve - I can't find any documentation for this function - however, if we comment out this line of code everything works again.

I don't know if secureLogion poorly implements urlSecurityCheck(), or whether FF17 has broken something more fundamental. urlSecurityCheck() certainly doesn't seem to do anything important to the actual login process, it's simply running some kind of check, possibly checking that the page's form url matches the page's own url, maybe some kind of phishing protection, maybe something more clever. I have no idea. :?

Ben.
XUL is dead. Long live the Google Chrome Clones.

leepa
 
Posts: 32
Joined: April 12th, 2006, 9:45 am
Location: Poland

Post Posted November 21st, 2012, 2:51 pm

I have found the urlSecurityCheck function in omni.ja -> chrome\toolkit\content\global\contentAreaUtils.js (starts in line 20)

The only difference between version Firefox version 16 and higher (actually checked on 19a1) is in defining (and referencing) secMan object(?):
16.0.2
Code: Select all
  var secMan = Services.scriptSecurityManager;
  if (aFlags === undefined) {
    aFlags = secMan.STANDARD;
  }

19a1
Code: Select all
  const nsIScriptSecurityManager =
    Components.interfaces.nsIScriptSecurityManager;
  var secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"]
                         .getService(nsIScriptSecurityManager);
  if (aFlags === undefined)
    aFlags = nsIScriptSecurityManager.STANDARD;

Obviously there is a change in getting to the scriptSecurityManager service but I have absolutely no idea why this impacted the secureLogin functionality (nor what it means)...
Leepa

SantaFe

User avatar
 
Posts: 196
Joined: May 25th, 2003, 10:48 pm
Location: Shunting Box Cars.

Post Posted November 21st, 2012, 5:07 pm

WildcatRay wrote:Works fine for me on 17 as well as Nightly (20.0a1), but I do not use "Activate Javascript protection on login" either.

Thanks, that worked un checking Activate Javascript protection on login. Weird though it worked when checked in 16.0.2 [Edit: always wait to reply after reading entire post. :D ]. Oh well. =D>

Milayne
 
Posts: 12
Joined: November 21st, 2012, 5:54 pm

Post Posted November 21st, 2012, 6:46 pm

leepa, I think you mixed something up.

16.0.2 (previous "mozilla-release") and 17.0 (current "mozilla-release") and 18.0 ("mozilla-beta"):
Code: Select all
  const nsIScriptSecurityManager = Components.interfaces.nsIScriptSecurityManager;
  var secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"].getService(nsIScriptSecurityManager);
  if (aFlags === undefined)
    aFlags = nsIScriptSecurityManager.STANDARD; 
(no parentheses around the statement [-X)

19.0 ("mozilla-aurora") and 20.0 ("mozilla-central"):
Code: Select all
  var secMan = Services.scriptSecurityManager;
  if (aFlags === undefined) {
    aFlags = secMan.STANDARD;
  } 

So there is actually no change between 16.0.2 and 17.0 - in fact the whole "contentAreaUtils.js" is the same. (Unless I mixed things up. :-k)
Last edited by Milayne on November 21st, 2012, 8:21 pm, edited 1 time in total.

efox99
 
Posts: 137
Joined: March 24th, 2011, 7:55 pm

Post Posted November 21st, 2012, 6:56 pm

LoudNoise wrote:As far as I can tell they only take you the page when you upgrade. This is hardly a sin.


Yeah I agree. Was upset when I wrote that.

Such a cool addon such a shame it's abandoned.

Milayne
 
Posts: 12
Joined: November 21st, 2012, 5:54 pm

Post Posted November 21st, 2012, 10:05 pm

TL;DR: Download my patched "Secure Login 1.0.1" and you're good to go.

After some hours I've got/found a fix. I was digging around in the source, "diff"ing the changes Abine made and trying to understand javascript again, when I suddenly stumpled upon something. Some Japanese-guy fixed the issue already on September 8th. #-o
So download Secure Login 1.0.1 and apply the following changes to "secureLogin.js" inside "/chrome/content". (The line numbers may be off by -3/+3.)

  1. First the fix for the issue with the "Activate Javascript Protection on login"-setting. [The "checkLoadURIStr()" method has been removed with Firefox 17.]

    • On line 1603 replace
      Code: Select all
      this.urlSecurityCheck(url, doc.location.href);
      with
      Code: Select all
      this.urlSecurityCheck(url, doc.nodePrincipal);

    • On line 2039 replace
      Code: Select all
      urlSecurityCheck: function(url, sourceURL) {
      with
      Code: Select all
      urlSecurityCheck: function(url, principal) {

    • On line 2041 replace
      Code: Select all
      this.getSecManager().checkLoadURIStr(sourceURL, url, Components.interfaces.nsIScriptSecurityManager.STANDARD);
      with
      Code: Select all
      this.getSecManager().checkLoadURIStrWithPrincipal(principal, url, Components.interfaces.nsIScriptSecurityManager.STANDARD);

  2. Now the fix for the Google login-issue.

    • On line 839 replace
      Code: Select all
      if(elements[i].type == 'text') {
      with
      Code: Select all
      if(elements[i].type == 'text' || elements[i].type == 'email') {

    • After line 1542
      Code: Select all
      case 'text':
      add
      Code: Select all
      case 'email':
      so it looks like
      Code: Select all
      case 'text':
      case 'email':

  3. Aaaand a fix for another bug our sweet Japanese-guy found. [Removes many errors from the error console since the second parameter of "addProgressListener()" is not in use since Firefox 4.]

    • Replace lines 303-306
      Code: Select all
      this.getBrowser().addProgressListener(
         this.progressListener,
         Components.interfaces.nsIWebProgress.NOTIFY_LOCATION | Components.interfaces.nsIWebProgress.NOTIFY_STATE_DOCUMENT
      );
      with
      Code: Select all
      this.getBrowser().addProgressListener(this.progressListener);

That's it. All applaud the Japanese. =D>
He actually also removed all the changes from Abine (0.9.9 --> 1.0.1) but since those are only about the post-install message (which should only appear once every update) I left them. If you still want to remove them, check this out.

So I changed the version to "1.0.2", packaged it back to ".xpi" and done. Download nao! :) (Yes Abine, you too. Review it and release it on "addons.mozilla.org".)

(Source)

LoudNoise
New Member

User avatar
 
Posts: 40048
Joined: October 18th, 2007, 1:45 pm
Location: Next door to the west

Post Posted November 21st, 2012, 10:44 pm

Preceded with care folks. At the first suggestion that this causes any trouble both the link and Milayne will be nuked.
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."

Return to Extension/Theme Releases


Who is online

Users browsing this forum: No registered users and 7 guests