-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make store() modify existing entries #3
Comments
@aswan the api isn't clear but would it store allow for multiple accounts with different usernames? The API suggests: |
Good question. Just making username part of the key would address the immediate issue here (having credentials for multiple accounts on the same site) but then you couldn't use modify to update an existing username. Since there isn't a universal concept of which fields are keys and which are not, I think probably the best thing here is the simplest: provide an API method that looks more or less like @mixedpuppy any comments? |
Yeah, username would be a necessary part to handle multiple accounts. I might need to do a dump of my password database and see what I have in there. I'm not sure if other fields may also differentiate. e.g. same hostname/username but different formurl or realm, but I'm sure that would be less common. Now that I'm thinking about this more... Thinking about how I would use the api...
vs.
Which requires the api to do all the heavy lifting, but is much less likely to have bugs from the extension side. It would also require a second search inside store to fetch the original nsILoginInfo since I've modified it (unless we keep the originals somehow). If I wanted to change a domain, say journal.me.com to blog.me.com, it becomes much more difficult to keep this simple. remove/modify require matching original fields. This is where a separate modify api might be better.
|
I'm taking on landing this API in Firefox and want to address all outstanding issues and I'm wondering where we stand on this. Do we want to add a modify method to the API for cases in which the extension knows it wants to modify a record? There will be plenty of cases in which an extension doesn't know if a new record is being added, or an existing one is being modified, so I think keeping |
@aswan @mixedpuppy I'm looking for feedback on my comment above, when you have a moment. |
I think I made a mistake in making this look like the sdk api. It works fine for |
I'm in favor of using the guid as a strong indicator that a modification should happen instead of an add (please don't expose
so if you get an "add" where all 4 of the above match an existing record you need to either throw an error or treat it as a modification to the matching record or else you will cause all sorts of problems for password manager.
Yes, you can, and that's what sync does and another place in pwmgr IIRC so it should work fine. |
From this discussion it sounds like we can keep the API as it is, with just providing a One issue with that, though, is that @mnoorenberghe said "please don't expose @mnoorenberghe @aswan Other than my last question, does the above all make sense, or am I missing something here? |
I would vote for adding a separate |
Minor nit, let's try and keep our APIs consistent with |
I'm fine with you calling the
Well, I care about how you handle the following which you didn't make a decision on:
I also think separate APIs for adding and modifying is more clear and I also think you should align method names with your other APIs. You will still have to handle that your create/add method may fail if a duplicate exists so that should be documented in the API docs and a test should be added for that case. |
I'm not sure how we could create a problem here. I wrote a test that calls |
Well it would be a problem for consumers if you didn't propagate the exception e.g. by catching it. If the plan is to propagate the error (or propagate a custom Error) then that's fine with me. I confirmed that addLogin is doing checks for duplicates[1] (along with some other checks you may want to document) and also ensuring that the GUID is unique add creation time. |
Thanks @mnoorenberghe. We do catch and propagate the error, so I think we're okay. |
This has been addressed in the patch for [1]. I will mark this as fixed when that patch lands. |
This is documented in api.md but not yet implemented, should be a straightforward change.
The text was updated successfully, but these errors were encountered: