Bug 1429148 - Policy: Don't let a Master Password to be set. r=keeler

    }

  },

  "CreateMasterPassword": {

    onBeforeUIStartup(manager, param) {

      if (!param) {

        manager.disallowFeature("createMasterPassword");

      }

    }

  },

  "DisableFirefoxScreenshots": {

    onBeforeAddons(manager, param) {

      if (param) {

      ]

    },

    "block_about_profiles": true

    "block_about_profiles": true,

    "CreateMasterPassword": false

  }

}

      "enum": [true]

    },

    "CreateMasterPassword": {

      "description": "If false, removes access to create a master password.",

      "first_available": "60.0",

      "type": "boolean",

      "enum": [false]

    },

    "DisableFirefoxScreenshots": {

      "description": "Prevents usage of the Firefox Screenshots feature.",

      "first_available": "60.0",

[browser_policy_block_set_desktop_background.js]

[browser_policy_default_browser_check.js]

[browser_policy_disable_fxscreenshots.js]

[browser_policy_disable_masterpassword.js]

[browser_policy_display_bookmarks.js]

[browser_policy_disable_formhistory.js]

[browser_policy_display_menu.js]

/* Any copyright is dedicated to the Public Domain.

 * http://creativecommons.org/publicdomain/zero/1.0/ */

"use strict";

const MASTER_PASSWORD = "omgsecret!";

const mpToken = Cc["@mozilla.org/security/pk11tokendb;1"]

                  .getService(Ci.nsIPK11TokenDB)

                  .getInternalKeyToken();

async function checkDeviceManager({buttonIsDisabled}) {

  let deviceManagerWindow = window.openDialog("chrome://pippki/content/device_manager.xul", "", "");

  await new Promise(resolve => {

    deviceManagerWindow.addEventListener("load", resolve, {once: true});

  });

  let tree = deviceManagerWindow.document.getElementById("device_tree");

  ok(tree, "The device tree exists");

  // Find and select the item related to the internal key token

  for (let i = 0; i < tree.view.rowCount; i++) {

    tree.view.selection.select(i);

    try {

      let selected_token = deviceManagerWindow.selected_slot.getToken();

      if (selected_token.isInternalKeyToken) {

        break;

      }

    } catch (e) {}

  }

  // Check to see if the button was updated correctly

  let changePwButton = deviceManagerWindow.document.getElementById("change_pw_button");

  is(changePwButton.getAttribute("disabled") == "true", buttonIsDisabled,

     "Change Password button is in the correct state: " + buttonIsDisabled);

  await BrowserTestUtils.closeWindow(deviceManagerWindow);

}

async function checkAboutPreferences({checkboxIsDisabled}) {

  await BrowserTestUtils.withNewTab("about:preferences#privacy", async browser => {

  // eslint-disable-next-line mozilla/no-cpows-in-tests

  is(browser.contentDocument.getElementById("useMasterPassword").disabled, checkboxIsDisabled,

    "Master Password checkbox is in the correct state: " + checkboxIsDisabled);

});

}

add_task(async function test_policy_disable_masterpassword() {

  ok(!mpToken.hasPassword, "Starting the test with no password");

  // No password and no policy: access to setting a master password

  // should be enabled.

  await checkDeviceManager({buttonIsDisabled: false});

  await checkAboutPreferences({checkboxIsDisabled: false});

  await setupPolicyEngineWithJson({

    "policies": {

      "CreateMasterPassword": false

    }

  });

  // With the `CreateMasterPassword: false` policy active, the

  // UI entry points for creating a Master Password should be disabled.

  await checkDeviceManager({buttonIsDisabled: true});

  await checkAboutPreferences({checkboxIsDisabled: true});

  mpToken.changePassword("", MASTER_PASSWORD);

  ok(mpToken.hasPassword, "Master password was set");

  // If a Master Password is already set, there's no point in disabling

  // the

  await checkDeviceManager({buttonIsDisabled: false});

  await checkAboutPreferences({checkboxIsDisabled: false});

  // Clean up

  mpToken.changePassword(MASTER_PASSWORD, "");

  ok(!mpToken.hasPassword, "Master password was cleaned up");

});