65 lines
2.5 KiB
Markdown
65 lines
2.5 KiB
Markdown
|
# Capability: Password Manager
|
||
|
|
|
||
|
|
## Purpose
|
||
|
|
Define password-manager behavior across the extension and web UI.
|
||
|
|
|
||
|
|
## Requirements
|
||
|
|
|
||
|
|
### Requirement: Extension save prompt
|
||
|
|
The extension SHALL prompt the user to save credentials when a login form is detected and submitted.
|
||
|
|
|
||
|
|
#### Scenario: Save confirmed
|
||
|
|
- **WHEN** the user confirms “保存/记住密码” in the prompt
|
||
|
|
- **THEN** the extension sends the credential to the server for storage
|
||
|
|
|
||
|
|
#### Scenario: Save canceled
|
||
|
|
- **WHEN** the user cancels or dismisses the prompt
|
||
|
|
- **THEN** the extension MUST NOT store the credential
|
||
|
|
|
||
|
|
#### Scenario: Save prompt suppressed for matching credential
|
||
|
|
- **GIVEN** a previously saved credential for the same `siteOrigin` and `username`
|
||
|
|
- **WHEN** the user submits the same password
|
||
|
|
- **THEN** the save prompt is not shown
|
||
|
|
|
||
|
|
#### Scenario: Save prompt update for password change
|
||
|
|
- **GIVEN** a previously saved credential for the same `siteOrigin` and `username`
|
||
|
|
- **WHEN** the user submits a different password
|
||
|
|
- **THEN** the prompt message indicates a password update
|
||
|
|
|
||
|
|
#### Scenario: Save prompt for new username
|
||
|
|
- **GIVEN** a site with saved credentials
|
||
|
|
- **WHEN** the user submits a username that does not exist
|
||
|
|
- **THEN** the prompt message indicates a new account
|
||
|
|
|
||
|
|
### Requirement: Extension autofill selector
|
||
|
|
The extension SHALL show a credential selector near login fields for sites with saved accounts.
|
||
|
|
|
||
|
|
#### Scenario: Select credential
|
||
|
|
- **GIVEN** a site with multiple saved credentials
|
||
|
|
- **WHEN** the user opens the selector and chooses one
|
||
|
|
- **THEN** the username and password fields are filled with that credential
|
||
|
|
|
||
|
|
### Requirement: Web password manager (desktop only)
|
||
|
|
The web app SHALL provide a desktop-only password manager view.
|
||
|
|
|
||
|
|
#### Scenario: Desktop view
|
||
|
|
- **WHEN** the user visits the password manager page on desktop
|
||
|
|
- **THEN** the page is visible and provides list/edit/delete
|
||
|
|
|
||
|
|
#### Scenario: Mobile view hidden
|
||
|
|
- **WHEN** the user visits the password manager page on mobile
|
||
|
|
- **THEN** the page is hidden or redirects to a notice page
|
||
|
|
|
||
|
|
### Requirement: Plaintext visibility control
|
||
|
|
The system SHALL allow a user to reveal plaintext passwords for their own credentials during the current browser session.
|
||
|
|
|
||
|
|
#### Scenario: User reveals plaintext
|
||
|
|
- **GIVEN** a non-admin user
|
||
|
|
- **WHEN** the user chooses to reveal plaintext
|
||
|
|
- **THEN** the UI shows plaintext passwords during the current browser session
|
||
|
|
|
||
|
|
#### Scenario: Admin view
|
||
|
|
- **GIVEN** an admin user
|
||
|
|
- **WHEN** the admin views credentials
|
||
|
|
- **THEN** plaintext is visible
|