mozilla
Your Search Results

    Using nsIPasswordManager

    This article is in need of a technical review.

    I just had to use the Password Manager for a project I was working on, so I thought I'd braindump my notes to the wiki while I was at it. This code is tested, but barely, and I am by no means an expert on this area. Review and cleanup would be appreciated. Zachlipton 22:52, 18 July 2006 (PDT)

    The code on this page will work with applications using Toolkit 1.8 and below such as Firefox 2.0.0.x and Thunderbird 2.0.0.x. For similar functionality in Toolkit 1.9, see Using nsILoginManager.

    Working with Password Manager

    Extensions often need to securely store passwords to external sites, web applications, and so on. To do so securely, they can use nsIPasswordManager, which provides for secure storage of sensitive password information.

    Getting nsIPasswordManager

    To get a component implementing nsIPasswordManager, use the following:

    var passwordManager = Components.classes["@mozilla.org/passwordmanager;1"]
                                    .getService(Components.interfaces.nsIPasswordManager);
    

    Storing a password

    To store a password in the password manager, you need three things: a hostname/URL (you'll need this to retrieve the password again later), a username, and a password. Of this information, the password is the only data that will be stored securely. Adding a password to the password manager is easy:

    passwordManager.addUser('host', 'username', 'password');
    

    Since there's no provision to include names of HTML input fields, no password stored by this interface will be used to fill in passwords on web pages. nsILoginManager, available in Toolkit 1.9, does let you include input field names.

    Retrieving a password

    Retrieving a password from the password manager is more difficult. The example below should serve as a starting point:

    // the host name of the password we are looking for
    var queryString = 'http://www.example.com';
    // ask the password manager for an enumerator:
    var e = passwordManager.enumerator;
    // step through each password in the password manager until we find the one we want:
    while (e.hasMoreElements()) {
        try {
            // get an nsIPassword object out of the password manager.
            // This contains the actual password...
            var pass = e.getNext().QueryInterface(Components.interfaces.nsIPassword);
            if (pass.host == queryString) {
                 // found it!
                 alert(pass.user); // the username
                 alert(pass.password); // the password
                 break;
            }
        } catch (ex) {
            // do something if decrypting the password failed--probably a continue
        }
    }
    

    Note that the user will be prompted for their master password if they have chosen to set one to secure their passwords.

    Removing a password

    passwordManager.removeUser('host','username');
    

    Document Tags and Contributors

    Contributors to this page: Zachlipton, Np, Nickolay, kscarfone, ericpp
    Last updated by: kscarfone,