[tbb-bugs] #30237 [Applications/Tor Browser]: Tor Browser: Improve TBB UI of hidden service client authorization

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Apr 29 18:00:21 UTC 2019


#30237: Tor Browser: Improve TBB UI of hidden service client authorization
--------------------------------------+--------------------------------
 Reporter:  asn                       |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  TorBrowserTeam201904      |  Actual Points:
Parent ID:  #30000                    |         Points:
 Reviewer:                            |        Sponsor:  Sponsor27-must
--------------------------------------+--------------------------------

Comment (by antonela):

 Hi, I working back on this ticket. I listed some user stories to make sure
 that we are handling these various user flows with the implementation:

 **As a user, I want to access to an authenticated .onion. I type the
 .onion address at the URL bar, and I get a user/password prompt. I fill
 the user/password field to access the onion website. I succeed.**

 This UI will looks like

 [[Image(https://trac.torproject.org/projects/tor/raw-
 attachment/ticket/30237/30237-1.png, 700px)]]

 **As a user, I want to access to an authenticated .onion. I type the
 .onion address at the URL bar, and I get a user/password prompt. I fill
 the user/password field to access the onion website. I fail.**

 For users who cancel the prompt or fail with the credentials,
 [https://superuser.com/questions/770897/firefox-does-not-prompt-for-
 password-for-http-authenticated-sites-how-to-make-i, the default ux is
 very sad]. Could we think together about how we can allow users to recover
 from those situations? Is a password error message like "Enter a valid
 password" doable? What happens if users enter a non-existent user name in
 the user field? Are these situation able to validate? Is that part of this
 scope?

 [[Image(https://trac.torproject.org/projects/tor/raw-
 attachment/ticket/30237/30237-2.png, 700px)]]

 **
 As a recurrent user, I want to save the authenticated .onion credentials.
 I type the .onion address at the URL bar, and a get a password prompt. I
 succeed. I want to save these credentials in the browser password
 manager.**

 As suggested in
 #[https://trac.torproject.org/projects/tor/ticket/14389#comment:25,
 14389], we could explore how to use default Firefox save password flow to
 allow users to save these credentials. After the user succeed on accessing
 the .onion, the password saving will prompt.

 [[Image(https://trac.torproject.org/projects/tor/raw-
 attachment/ticket/30237/30237-3.png, 700px)]]

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30237#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list