The Tor Browser: b2g/components/SignInToWebsite.jsm@b8a032363ba2 (annotated)

b2g/components/SignInToWebsite.jsm@b8a032363ba2 (annotated)

b2g/components/SignInToWebsite.jsm

Thu, 22 Jan 2015 13:21:57 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Thu, 22 Jan 2015 13:21:57 +0100
branch: TOR_BUG_9701
changeset 15: b8a032363ba2
permissions: -rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * SignInToWebsite.jsm - UX Controller and means for accessing identity
  * cookies on behalf of relying parties.
  *
  * Currently, the b2g security architecture isolates web applications
  * so that each window has access only to a local cookie jar:
  *
  *     To prevent Web apps from interfering with one another, each one is
  *     hosted on a separate domain, and therefore may only access the
  *     resources associated with its domain. These resources include
  *     things such as IndexedDB databases, cookies, offline storage,
  *     and so forth.
  *
  *     -- https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/Security_model
  *
  * As a result, an authentication system like Persona cannot share its
  * cookie jar with multiple relying parties, and so would require a
  * fresh login request in every window.  This would not be a good
  * experience.
  *
  *
  * In order for navigator.id.request() to maintain state in a single
  * cookie jar, we cause all Persona interactions to take place in a
  * content context that is launched by the system application, with the
  * result that Persona has a single cookie jar that all Relying
  * Parties can use.  Since of course those Relying Parties cannot
  * reach into the system cookie jar, the Controller in this module
  * provides a way to get messages and data to and fro between the
  * Relying Party in its window context, and the Persona internal api
  * in its context.
  *
  * On the Relying Party's side, say a web page invokes
  * navigator.id.watch(), to register callbacks, and then
  * navigator.id.request() to request an assertion.  The navigator.id
  * calls are provided by nsDOMIdentity.  nsDOMIdentity messages down
  * to the privileged DOMIdentity code (using cpmm and ppmm message
  * managers).  DOMIdentity stores the state of Relying Party flows
  * using an Identity service (MinimalIdentity.jsm), and emits messages
  * requesting Persona functions (doWatch, doReady, doLogout).
  *
  * The Identity service sends these observer messages to the
  * Controller in this module, which in turn triggers content to open a
  * window to host the Persona js.  If user interaction is required,
  * content will open the trusty UI.  If user interaction is not required,
  * and we only need to get to Persona functions, content will open a
  * hidden iframe.  In either case, a window is opened into which the
  * controller causes the script identity.js to be injected.  This
  * script provides the glue between the in-page javascript and the
  * pipe back down to the Controller, translating navigator.internal
  * function callbacks into messages sent back to the Controller.
  *
  * As a result, a navigator.internal function in the hosted popup or
  * iframe can call back to the injected identity.js (doReady, doLogin,
  * or doLogout).  identity.js callbacks send messages back through the
  * pipe to the Controller.  The controller invokes the corresponding
  * function on the Identity Service (doReady, doLogin, or doLogout).
  * The IdentityService calls the corresponding callback for the
  * correct Relying Party, which causes DOMIdentity to send a message
  * up to the Relying Party through nsDOMIdentity
  * (Identity:RP:Watch:OnLogin etc.), and finally, nsDOMIdentity
  * receives these messages and calls the original callback that the
  * Relying Party registered (navigator.id.watch(),
  * navigator.id.request(), or navigator.id.logout()).
  */
 "use strict";
 this.EXPORTED_SYMBOLS = ["SignInToWebsiteController"];
 const Ci = Components.interfaces;
 const Cu = Components.utils;
 Cu.import("resource://gre/modules/Services.jsm");
 Cu.import("resource://gre/modules/XPCOMUtils.jsm");
 XPCOMUtils.defineLazyModuleGetter(this, "getRandomId",
                                   "resource://gre/modules/identity/IdentityUtils.jsm");
 XPCOMUtils.defineLazyModuleGetter(this, "IdentityService",
                                   "resource://gre/modules/identity/MinimalIdentity.jsm");
 XPCOMUtils.defineLazyModuleGetter(this, "Logger",
                                   "resource://gre/modules/identity/LogUtils.jsm");
 XPCOMUtils.defineLazyModuleGetter(this, "SystemAppProxy",
                                   "resource://gre/modules/SystemAppProxy.jsm");
 // The default persona uri; can be overwritten with toolkit.identity.uri pref.
 // Do this if you want to repoint to a different service for testing.
 // There's no point in setting up an observer to monitor the pref, as b2g prefs
 // can only be overwritten when the profie is recreated.  So just get the value
 // on start-up.
 let kPersonaUri = "https://firefoxos.persona.org";
 try {
   kPersonaUri = Services.prefs.getCharPref("toolkit.identity.uri");
 } catch(noSuchPref) {
   // stick with the default value
 }
 // JS shim that contains the callback functions that
 // live within the identity UI provisioning frame.
 const kIdentityShimFile = "chrome://b2g/content/identity.js";
 // Type of MozChromeEvents to handle id dialogs.
 const kOpenIdentityDialog = "id-dialog-open";
 const kDoneIdentityDialog = "id-dialog-done";
 const kCloseIdentityDialog = "id-dialog-close-iframe";
 // Observer messages to communicate to shim
 const kIdentityDelegateWatch = "identity-delegate-watch";
 const kIdentityDelegateRequest = "identity-delegate-request";
 const kIdentityDelegateLogout = "identity-delegate-logout";
 const kIdentityDelegateFinished = "identity-delegate-finished";
 const kIdentityDelegateReady = "identity-delegate-ready";
 const kIdentityControllerDoMethod = "identity-controller-doMethod";
 function log(...aMessageArgs) {
   Logger.log.apply(Logger, ["SignInToWebsiteController"].concat(aMessageArgs));
 }
 log("persona uri =", kPersonaUri);
 function sendChromeEvent(details) {
   details.uri = kPersonaUri;
   SystemAppProxy.dispatchEvent(details);
 }
 function Pipe() {
   this._watchers = [];
 }
 Pipe.prototype = {
   init: function pipe_init() {
     Services.obs.addObserver(this, "identity-child-process-shutdown", false);
     Services.obs.addObserver(this, "identity-controller-unwatch", false);
   },
   uninit: function pipe_uninit() {
     Services.obs.removeObserver(this, "identity-child-process-shutdown");
     Services.obs.removeObserver(this, "identity-controller-unwatch");
   },
   observe: function Pipe_observe(aSubject, aTopic, aData) {
     let options = {};
     if (aSubject) {
       options = aSubject.wrappedJSObject;
     }
     switch (aTopic) {
       case "identity-child-process-shutdown":
         log("pipe removing watchers by message manager");
         this._removeWatchers(null, options.messageManager);
         break;
       case "identity-controller-unwatch":
         log("unwatching", options.id);
         this._removeWatchers(options.id, options.messageManager);
         break;
     }
   },
   _addWatcher: function Pipe__addWatcher(aId, aMm) {
     log("Adding watcher with id", aId);
     for (let i = 0; i < this._watchers.length; ++i) {
       let watcher = this._watchers[i];
       if (this._watcher.id === aId) {
         watcher.count++;
         return;
       }
     }
     this._watchers.push({id: aId, count: 1, mm: aMm});
   },
   _removeWatchers: function Pipe__removeWatcher(aId, aMm) {
     let checkId = aId !== null;
     let index = -1;
     for (let i = 0; i < this._watchers.length; ++i) {
       let watcher = this._watchers[i];
       if (watcher.mm === aMm &&
           (!checkId || (checkId && watcher.id === aId))) {
         index = i;
         break;
       }
     }
     if (index !== -1) {
       if (checkId) {
         if (--(this._watchers[index].count) === 0) {
           this._watchers.splice(index, 1);
         }
       } else {
         this._watchers.splice(index, 1);
       }
     }
     if (this._watchers.length === 0) {
       log("No more watchers; clean up persona host iframe");
       let detail = {
         type: kCloseIdentityDialog
       };
       log('telling content to close the dialog');
       // tell content to close the dialog
       sendChromeEvent(detail);
     }
   },
   communicate: function(aRpOptions, aContentOptions, aMessageCallback) {
     let rpID = aRpOptions.id;
     let rpMM = aRpOptions.mm;
     if (rpMM) {
       this._addWatcher(rpID, rpMM);
     }
     log("RP options:", aRpOptions, "\n  content options:", aContentOptions);
     // This content variable is injected into the scope of
     // kIdentityShimFile, where it is used to access the BrowserID object
     // and its internal API.
     let mm = null;
     let uuid = getRandomId();
     let self = this;
     function removeMessageListeners() {
       if (mm) {
         mm.removeMessageListener(kIdentityDelegateFinished, identityDelegateFinished);
         mm.removeMessageListener(kIdentityControllerDoMethod, aMessageCallback);
       }
     }
     function identityDelegateFinished() {
       removeMessageListeners();
       let detail = {
         type: kDoneIdentityDialog,
         showUI: aContentOptions.showUI || false,
         id: kDoneIdentityDialog + "-" + uuid,
         requestId: aRpOptions.id
       };
       log('received delegate finished; telling content to close the dialog');
       sendChromeEvent(detail);
       self._removeWatchers(rpID, rpMM);
     }
     SystemAppProxy.addEventListener("mozContentEvent", function getAssertion(evt) {
       let msg = evt.detail;
       if (!msg.id.match(uuid)) {
         return;
       }
       switch (msg.id) {
         case kOpenIdentityDialog + '-' + uuid:
           if (msg.type === 'cancel') {
             // The user closed the dialog.  Clean up and call cancel.
             SystemAppProxy.removeEventListener("mozContentEvent", getAssertion);
             removeMessageListeners();
             aMessageCallback({json: {method: "cancel"}});
           } else {
             // The window has opened.  Inject the identity shim file containing
             // the callbacks in the content script.  This could be either the
             // visible popup that the user interacts with, or it could be an
             // invisible frame.
             let frame = evt.detail.frame;
             let frameLoader = frame.QueryInterface(Ci.nsIFrameLoaderOwner).frameLoader;
             mm = frameLoader.messageManager;
             try {
               mm.loadFrameScript(kIdentityShimFile, true, true);
               log("Loaded shim", kIdentityShimFile);
             } catch (e) {
               log("Error loading", kIdentityShimFile, "as a frame script:", e);
             }
             // There are two messages that the delegate can send back: a "do
             // method" event, and a "finished" event.  We pass the do-method
             // events straight to the caller for interpretation and handling.
             // If we receive a "finished" event, then the delegate is done, so
             // we shut down the pipe and clean up.
             mm.addMessageListener(kIdentityControllerDoMethod, aMessageCallback);
             mm.addMessageListener(kIdentityDelegateFinished, identityDelegateFinished);
             mm.sendAsyncMessage(aContentOptions.message, aRpOptions);
           }
           break;
         case kDoneIdentityDialog + '-' + uuid:
           // Received our assertion.  The message manager callbacks will handle
           // communicating back to the IDService.  All we have to do is remove
           // this listener.
           SystemAppProxy.removeEventListener("mozContentEvent", getAssertion);
           break;
         default:
           log("ERROR - Unexpected message: id=" + msg.id + ", type=" + msg.type + ", errorMsg=" + msg.errorMsg);
           break;
       }
     });
     // Tell content to open the identity iframe or trusty popup. The parameter
     // showUI signals whether user interaction is needed.  If it is, content will
     // open a dialog; if not, a hidden iframe.  In each case, BrowserID is
     // available in the context.
     let detail = {
       type: kOpenIdentityDialog,
       showUI: aContentOptions.showUI || false,
       id: kOpenIdentityDialog + "-" + uuid,
       requestId: aRpOptions.id
     };
     sendChromeEvent(detail);
   }
 };
 /*
  * The controller sits between the IdentityService used by DOMIdentity
  * and a content process launches an (invisible) iframe or (visible)
  * trusty UI.  Using an injected js script (identity.js), the
  * controller enables the content window to access the persona identity
  * storage in the system cookie jar and send events back via the
  * controller into IdentityService and DOM, and ultimately up to the
  * Relying Party, which is open in a different window context.
  */
 this.SignInToWebsiteController = {
   /*
    * Initialize the controller.  To use a different content communication pipe,
    * such as when mocking it in tests, pass aOptions.pipe.
    */
   init: function SignInToWebsiteController_init(aOptions) {
     aOptions = aOptions || {};
     this.pipe = aOptions.pipe || new Pipe();
     Services.obs.addObserver(this, "identity-controller-watch", false);
     Services.obs.addObserver(this, "identity-controller-request", false);
     Services.obs.addObserver(this, "identity-controller-logout", false);
   },
   uninit: function SignInToWebsiteController_uninit() {
     Services.obs.removeObserver(this, "identity-controller-watch");
     Services.obs.removeObserver(this, "identity-controller-request");
     Services.obs.removeObserver(this, "identity-controller-logout");
   },
   observe: function SignInToWebsiteController_observe(aSubject, aTopic, aData) {
     log("observe: received", aTopic, "with", aData, "for", aSubject);
     let options = null;
     if (aSubject) {
       options = aSubject.wrappedJSObject;
     }
     switch (aTopic) {
       case "identity-controller-watch":
         this.doWatch(options);
         break;
       case "identity-controller-request":
         this.doRequest(options);
         break;
       case "identity-controller-logout":
         this.doLogout(options);
         break;
       default:
         Logger.reportError("SignInToWebsiteController", "Unknown observer notification:", aTopic);
         break;
     }
   },
   /*
    * options:    method          required - name of method to invoke
    *             assertion       optional
    */
   _makeDoMethodCallback: function SignInToWebsiteController__makeDoMethodCallback(aRpId) {
     return function SignInToWebsiteController_methodCallback(aOptions) {
       let message = aOptions.json;
       if (typeof message === 'string') {
         message = JSON.parse(message);
       }
       switch (message.method) {
         case "ready":
           IdentityService.doReady(aRpId);
           break;
         case "login":
            if (message._internalParams) {
              IdentityService.doLogin(aRpId, message.assertion, message._internalParams);
            } else {
              IdentityService.doLogin(aRpId, message.assertion);
            }
           break;
         case "logout":
           IdentityService.doLogout(aRpId);
           break;
         case "cancel":
           IdentityService.doCancel(aRpId);
           break;
         default:
           log("WARNING: wonky method call:", message.method);
           break;
       }
     };
   },
   doWatch: function SignInToWebsiteController_doWatch(aRpOptions) {
     // dom prevents watch from  being called twice
     let contentOptions = {
       message: kIdentityDelegateWatch,
       showUI: false
     };
     this.pipe.communicate(aRpOptions, contentOptions,
         this._makeDoMethodCallback(aRpOptions.id));
   },
   /**
    * The website is requesting login so the user must choose an identity to use.
    */
   doRequest: function SignInToWebsiteController_doRequest(aRpOptions) {
     log("doRequest", aRpOptions);
     let contentOptions = {
       message: kIdentityDelegateRequest,
       showUI: true
     };
     this.pipe.communicate(aRpOptions, contentOptions,
         this._makeDoMethodCallback(aRpOptions.id));
   },
   /*
    *
    */
   doLogout: function SignInToWebsiteController_doLogout(aRpOptions) {
     log("doLogout", aRpOptions);
     let contentOptions = {
       message: kIdentityDelegateLogout,
       showUI: false
     };
     this.pipe.communicate(aRpOptions, contentOptions,
         this._makeDoMethodCallback(aRpOptions.id));
   }
 };

The Tor Browser / annotate

b2g/components/SignInToWebsite.jsm@b8a032363ba2 (annotated)

b2g/components/SignInToWebsite.jsm