Bug 1486954 - Part IV, Recover from decryption errors in some places. r=MattN

In case of loss of OS key store key, we should still allow users to go into the manage credit cards dialog and fill the numbers back in.

This is not the migration strategy, see Part III.

Differential Revision: https://phabricator.services.mozilla.com/D5083

--HG--
extra : rebase_source : dc710a2512b0d9b20e0fa74e641867525098eba2
extra : histedit_source : 4983a480565380ce4da6a0f099a5e4ae0e65797d

browser/components/payments/content/paymentDialogWrapper.js

@@ -155,7 +155,7 @@ var paymentDialogWrapper = {
   /**
    * @param {string} guid The GUID of the basic card record from storage.
    * @param {string} cardSecurityCode The associated card security code (CVV/CCV/etc.)
-   * @throws if the user cancels entering their master password or an error decrypting
+   * @throws If there is an error decrypting
    * @returns {nsIBasicCardResponseData?} returns response data or null (if the
    *                                      master password dialog was cancelled);
    */
@@ -507,8 +507,16 @@ var paymentDialogWrapper = {
     selectedPaymentCardSecurityCode: cardSecurityCode,
     selectedShippingAddressGUID: shippingGUID,
   }) {
-    let methodData = await this._convertProfileBasicCardToPaymentMethodData(paymentCardGUID,
-                                                                            cardSecurityCode);
+    let methodData;
+    try {
+      methodData = await this._convertProfileBasicCardToPaymentMethodData(paymentCardGUID,
+                                                                          cardSecurityCode);
+    } catch (ex) {
+      // TODO (Bug 1498403): Some kind of "credit card storage error" here, perhaps asking user
+      // to re-enter credit card # from management UI.
+      Cu.reportError(ex);
+      return;
+    }
 
     if (!methodData) {
       // TODO (Bug 1429265/Bug 1429205): Handle when a user hits cancel on the

browser/extensions/formautofill/FormAutofillStorage.jsm

@@ -1701,7 +1701,16 @@ class CreditCards extends AutofillRecords {
 
   async _stripComputedFields(creditCard) {
     if (creditCard["cc-number-encrypted"]) {
-      creditCard["cc-number"] = await OSKeyStore.decrypt(creditCard["cc-number-encrypted"]);
+      try {
+        creditCard["cc-number"] = await OSKeyStore.decrypt(creditCard["cc-number-encrypted"]);
+      } catch (ex) {
+        if (ex.result == Cr.NS_ERROR_ABORT) {
+          throw ex;
+        }
+        // Quietly recover from encryption error,
+        // so existing credit card entry with undecryptable number
+        // can be updated.
+      }
     }
     await super._stripComputedFields(creditCard);
   }

browser/extensions/formautofill/content/manageDialog.js

@@ -330,7 +330,20 @@ class ManageCreditCards extends ManageRecords {
     if (!creditCard || await OSKeyStore.ensureLoggedIn(true)) {
       let decryptedCCNumObj = {};
       if (creditCard) {
-        decryptedCCNumObj["cc-number"] = await OSKeyStore.decrypt(creditCard["cc-number-encrypted"]);
+        try {
+          decryptedCCNumObj["cc-number"] = await OSKeyStore.decrypt(creditCard["cc-number-encrypted"]);
+        } catch (ex) {
+          if (ex.result == Cr.NS_ERROR_ABORT) {
+            // User shouldn't be ask to reauth here, but it could happen.
+            // Return here and skip opening the dialog.
+            return;
+          }
+          // We've got ourselves a real error.
+          // Recover from encryption error so the user gets a chance to re-enter
+          // unencrypted credit card number.
+          decryptedCCNumObj["cc-number"] = "";
+          Cu.reportError(ex);
+        }
       }
       let decryptedCreditCard = Object.assign({}, creditCard, decryptedCCNumObj);
       this.prefWin.gSubDialog.open(EDIT_CREDIT_CARD_URL, "resizable=no", {

browser/extensions/formautofill/test/unit/test_creditCardRecords.js

@@ -422,6 +422,14 @@ add_task(async function test_update() {
   Assert.equal(creditCard["cc-number"],
     CreditCard.getLongMaskedNumber(TEST_CREDIT_CARD_WITH_EMPTY_COMPUTED_FIELD["cc-number"]));
 
+  // Decryption failure of existing record should not prevent it from being updated.
+  creditCard = profileStorage.creditCards._data[0];
+  creditCard["cc-number-encrypted"] = "INVALID";
+  await profileStorage.creditCards.update(profileStorage.creditCards._data[0].guid, TEST_CREDIT_CARD_WITH_EMPTY_COMPUTED_FIELD, false);
+  creditCard = profileStorage.creditCards._data[0];
+  Assert.equal(creditCard["cc-number"],
+    CreditCard.getLongMaskedNumber(TEST_CREDIT_CARD_WITH_EMPTY_COMPUTED_FIELD["cc-number"]));
+
   await Assert.rejects(profileStorage.creditCards.update("INVALID_GUID", TEST_CREDIT_CARD_3),
     /No matching record\./
   );

toolkit/modules/CreditCard.jsm

@@ -208,7 +208,13 @@ class CreditCard {
 
     if (showNumbers) {
       if (this._encryptedNumber) {
-        label = await OSKeyStore.decrypt(this._encryptedNumber);
+        try {
+          label = await OSKeyStore.decrypt(this._encryptedNumber);
+        } catch (ex) {
+          // Quietly recover from decryption error.
+          label = this._number;
+          Cu.reportError(ex);
+        }
       } else {
         label = this._number;
       }