diff -r 000000000000 -r 6474c204b198 toolkit/components/passwordmgr/nsLoginManagerPrompter.js --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/toolkit/components/passwordmgr/nsLoginManagerPrompter.js Wed Dec 31 06:09:35 2014 +0100 @@ -0,0 +1,1488 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + + +const Cc = Components.classes; +const Ci = Components.interfaces; +const Cr = Components.results; + +Components.utils.import("resource://gre/modules/XPCOMUtils.jsm"); +Components.utils.import("resource://gre/modules/Services.jsm"); +Components.utils.import("resource://gre/modules/PrivateBrowsingUtils.jsm"); + +/* + * LoginManagerPromptFactory + * + * Implements nsIPromptFactory + * + * Invoked by [toolkit/components/prompts/src/nsPrompter.js] + */ +function LoginManagerPromptFactory() { + Services.obs.addObserver(this, "quit-application-granted", true); + Services.obs.addObserver(this, "passwordmgr-crypto-login", true); + Services.obs.addObserver(this, "passwordmgr-crypto-loginCanceled", true); +} + +LoginManagerPromptFactory.prototype = { + + classID : Components.ID("{749e62f4-60ae-4569-a8a2-de78b649660e}"), + QueryInterface : XPCOMUtils.generateQI([Ci.nsIPromptFactory, Ci.nsIObserver, Ci.nsISupportsWeakReference]), + + _debug : false, + _asyncPrompts : {}, + _asyncPromptInProgress : false, + + observe : function (subject, topic, data) { + this.log("Observed: " + topic); + if (topic == "quit-application-granted") { + this._cancelPendingPrompts(); + } else if (topic == "passwordmgr-crypto-login") { + // Start processing the deferred prompters. + this._doAsyncPrompt(); + } else if (topic == "passwordmgr-crypto-loginCanceled") { + // User canceled a Master Password prompt, so go ahead and cancel + // all pending auth prompts to avoid nagging over and over. + this._cancelPendingPrompts(); + } + }, + + getPrompt : function (aWindow, aIID) { + var prefBranch = Services.prefs.getBranch("signon."); + this._debug = prefBranch.getBoolPref("debug"); + + var prompt = new LoginManagerPrompter().QueryInterface(aIID); + prompt.init(aWindow, this); + return prompt; + }, + + _doAsyncPrompt : function() { + if (this._asyncPromptInProgress) { + this.log("_doAsyncPrompt bypassed, already in progress"); + return; + } + + // Find the first prompt key we have in the queue + var hashKey = null; + for (hashKey in this._asyncPrompts) + break; + + if (!hashKey) { + this.log("_doAsyncPrompt:run bypassed, no prompts in the queue"); + return; + } + + // If login manger has logins for this host, defer prompting if we're + // already waiting on a master password entry. + var prompt = this._asyncPrompts[hashKey]; + var prompter = prompt.prompter; + var [hostname, httpRealm] = prompter._getAuthTarget(prompt.channel, prompt.authInfo); + var hasLogins = (prompter._pwmgr.countLogins(hostname, null, httpRealm) > 0); + if (hasLogins && prompter._pwmgr.uiBusy) { + this.log("_doAsyncPrompt:run bypassed, master password UI busy"); + return; + } + + this._asyncPromptInProgress = true; + prompt.inProgress = true; + + var self = this; + + var runnable = { + run : function() { + var ok = false; + try { + self.log("_doAsyncPrompt:run - performing the prompt for '" + hashKey + "'"); + ok = prompter.promptAuth(prompt.channel, + prompt.level, + prompt.authInfo); + } catch (e if (e instanceof Components.Exception) && + e.result == Cr.NS_ERROR_NOT_AVAILABLE) { + self.log("_doAsyncPrompt:run bypassed, UI is not available in this context"); + } catch (e) { + Components.utils.reportError("LoginManagerPrompter: " + + "_doAsyncPrompt:run: " + e + "\n"); + } + + delete self._asyncPrompts[hashKey]; + prompt.inProgress = false; + self._asyncPromptInProgress = false; + + for each (var consumer in prompt.consumers) { + if (!consumer.callback) + // Not having a callback means that consumer didn't provide it + // or canceled the notification + continue; + + self.log("Calling back to " + consumer.callback + " ok=" + ok); + try { + if (ok) + consumer.callback.onAuthAvailable(consumer.context, prompt.authInfo); + else + consumer.callback.onAuthCancelled(consumer.context, true); + } catch (e) { /* Throw away exceptions caused by callback */ } + } + self._doAsyncPrompt(); + } + } + + Services.tm.mainThread.dispatch(runnable, Ci.nsIThread.DISPATCH_NORMAL); + this.log("_doAsyncPrompt:run dispatched"); + }, + + + _cancelPendingPrompts : function() { + this.log("Canceling all pending prompts..."); + var asyncPrompts = this._asyncPrompts; + this.__proto__._asyncPrompts = {}; + + for each (var prompt in asyncPrompts) { + // Watch out! If this prompt is currently prompting, let it handle + // notifying the callbacks of success/failure, since it's already + // asking the user for input. Reusing a callback can be crashy. + if (prompt.inProgress) { + this.log("skipping a prompt in progress"); + continue; + } + + for each (var consumer in prompt.consumers) { + if (!consumer.callback) + continue; + + this.log("Canceling async auth prompt callback " + consumer.callback); + try { + consumer.callback.onAuthCancelled(consumer.context, true); + } catch (e) { /* Just ignore exceptions from the callback */ } + } + } + }, + + + log : function (message) { + if (!this._debug) + return; + + dump("Pwmgr PromptFactory: " + message + "\n"); + Services.console.logStringMessage("Pwmgr PrompFactory: " + message); + } +}; // end of LoginManagerPromptFactory implementation + + + + +/* ==================== LoginManagerPrompter ==================== */ + + + + +/* + * LoginManagerPrompter + * + * Implements interfaces for prompting the user to enter/save/change auth info. + * + * nsIAuthPrompt: Used by SeaMonkey, Thunderbird, but not Firefox. + * + * nsIAuthPrompt2: Is invoked by a channel for protocol-based authentication + * (eg HTTP Authenticate, FTP login). + * + * nsILoginManagerPrompter: Used by Login Manager for saving/changing logins + * found in HTML forms. + */ +function LoginManagerPrompter() {} + +LoginManagerPrompter.prototype = { + + classID : Components.ID("{8aa66d77-1bbb-45a6-991e-b8f47751c291}"), + QueryInterface : XPCOMUtils.generateQI([Ci.nsIAuthPrompt, + Ci.nsIAuthPrompt2, + Ci.nsILoginManagerPrompter]), + + _factory : null, + _window : null, + _debug : false, // mirrors signon.debug + + __pwmgr : null, // Password Manager service + get _pwmgr() { + if (!this.__pwmgr) + this.__pwmgr = Cc["@mozilla.org/login-manager;1"]. + getService(Ci.nsILoginManager); + return this.__pwmgr; + }, + + __promptService : null, // Prompt service for user interaction + get _promptService() { + if (!this.__promptService) + this.__promptService = + Cc["@mozilla.org/embedcomp/prompt-service;1"]. + getService(Ci.nsIPromptService2); + return this.__promptService; + }, + + + __strBundle : null, // String bundle for L10N + get _strBundle() { + if (!this.__strBundle) { + var bunService = Cc["@mozilla.org/intl/stringbundle;1"]. + getService(Ci.nsIStringBundleService); + this.__strBundle = bunService.createBundle( + "chrome://passwordmgr/locale/passwordmgr.properties"); + if (!this.__strBundle) + throw "String bundle for Login Manager not present!"; + } + + return this.__strBundle; + }, + + + __ellipsis : null, + get _ellipsis() { + if (!this.__ellipsis) { + this.__ellipsis = "\u2026"; + try { + this.__ellipsis = Services.prefs.getComplexValue( + "intl.ellipsis", Ci.nsIPrefLocalizedString).data; + } catch (e) { } + } + return this.__ellipsis; + }, + + + // Whether we are in private browsing mode + get _inPrivateBrowsing() { + if (this._window) { + return PrivateBrowsingUtils.isWindowPrivate(this._window); + } else { + // If we don't that we're in private browsing mode if the caller did + // not provide a window. The callers which really care about this + // will indeed pass down a window to us, and for those who don't, + // we can just assume that we don't want to save the entered login + // information. + return true; + } + }, + + + /* + * log + * + * Internal function for logging debug messages to the Error Console window. + */ + log : function (message) { + if (!this._debug) + return; + + dump("Pwmgr Prompter: " + message + "\n"); + Services.console.logStringMessage("Pwmgr Prompter: " + message); + }, + + + + + /* ---------- nsIAuthPrompt prompts ---------- */ + + + /* + * prompt + * + * Wrapper around the prompt service prompt. Saving random fields here + * doesn't really make sense and therefore isn't implemented. + */ + prompt : function (aDialogTitle, aText, aPasswordRealm, + aSavePassword, aDefaultText, aResult) { + if (aSavePassword != Ci.nsIAuthPrompt.SAVE_PASSWORD_NEVER) + throw Components.results.NS_ERROR_NOT_IMPLEMENTED; + + this.log("===== prompt() called ====="); + + if (aDefaultText) { + aResult.value = aDefaultText; + } + + return this._promptService.prompt(this._window, + aDialogTitle, aText, aResult, null, {}); + }, + + + /* + * promptUsernameAndPassword + * + * Looks up a username and password in the database. Will prompt the user + * with a dialog, even if a username and password are found. + */ + promptUsernameAndPassword : function (aDialogTitle, aText, aPasswordRealm, + aSavePassword, aUsername, aPassword) { + this.log("===== promptUsernameAndPassword() called ====="); + + if (aSavePassword == Ci.nsIAuthPrompt.SAVE_PASSWORD_FOR_SESSION) + throw Components.results.NS_ERROR_NOT_IMPLEMENTED; + + var selectedLogin = null; + var checkBox = { value : false }; + var checkBoxLabel = null; + var [hostname, realm, unused] = this._getRealmInfo(aPasswordRealm); + + // If hostname is null, we can't save this login. + if (hostname) { + var canRememberLogin; + if (this._inPrivateBrowsing) + canRememberLogin = false; + else + canRememberLogin = (aSavePassword == + Ci.nsIAuthPrompt.SAVE_PASSWORD_PERMANENTLY) && + this._pwmgr.getLoginSavingEnabled(hostname); + + // if checkBoxLabel is null, the checkbox won't be shown at all. + if (canRememberLogin) + checkBoxLabel = this._getLocalizedString("rememberPassword"); + + // Look for existing logins. + var foundLogins = this._pwmgr.findLogins({}, hostname, null, + realm); + + // XXX Like the original code, we can't deal with multiple + // account selection. (bug 227632) + if (foundLogins.length > 0) { + selectedLogin = foundLogins[0]; + + // If the caller provided a username, try to use it. If they + // provided only a password, this will try to find a password-only + // login (or return null if none exists). + if (aUsername.value) + selectedLogin = this._repickSelectedLogin(foundLogins, + aUsername.value); + + if (selectedLogin) { + checkBox.value = true; + aUsername.value = selectedLogin.username; + // If the caller provided a password, prefer it. + if (!aPassword.value) + aPassword.value = selectedLogin.password; + } + } + } + + var ok = this._promptService.promptUsernameAndPassword(this._window, + aDialogTitle, aText, aUsername, aPassword, + checkBoxLabel, checkBox); + + if (!ok || !checkBox.value || !hostname) + return ok; + + if (!aPassword.value) { + this.log("No password entered, so won't offer to save."); + return ok; + } + + // XXX We can't prompt with multiple logins yet (bug 227632), so + // the entered login might correspond to an existing login + // other than the one we originally selected. + selectedLogin = this._repickSelectedLogin(foundLogins, aUsername.value); + + // If we didn't find an existing login, or if the username + // changed, save as a new login. + if (!selectedLogin) { + // add as new + this.log("New login seen for " + realm); + var newLogin = Cc["@mozilla.org/login-manager/loginInfo;1"]. + createInstance(Ci.nsILoginInfo); + newLogin.init(hostname, null, realm, + aUsername.value, aPassword.value, "", ""); + this._pwmgr.addLogin(newLogin); + } else if (aPassword.value != selectedLogin.password) { + // update password + this.log("Updating password for " + realm); + this._updateLogin(selectedLogin, aPassword.value); + } else { + this.log("Login unchanged, no further action needed."); + this._updateLogin(selectedLogin); + } + + return ok; + }, + + + /* + * promptPassword + * + * If a password is found in the database for the password realm, it is + * returned straight away without displaying a dialog. + * + * If a password is not found in the database, the user will be prompted + * with a dialog with a text field and ok/cancel buttons. If the user + * allows it, then the password will be saved in the database. + */ + promptPassword : function (aDialogTitle, aText, aPasswordRealm, + aSavePassword, aPassword) { + this.log("===== promptPassword called() ====="); + + if (aSavePassword == Ci.nsIAuthPrompt.SAVE_PASSWORD_FOR_SESSION) + throw Components.results.NS_ERROR_NOT_IMPLEMENTED; + + var checkBox = { value : false }; + var checkBoxLabel = null; + var [hostname, realm, username] = this._getRealmInfo(aPasswordRealm); + + username = decodeURIComponent(username); + + // If hostname is null, we can't save this login. + if (hostname && !this._inPrivateBrowsing) { + var canRememberLogin = (aSavePassword == + Ci.nsIAuthPrompt.SAVE_PASSWORD_PERMANENTLY) && + this._pwmgr.getLoginSavingEnabled(hostname); + + // if checkBoxLabel is null, the checkbox won't be shown at all. + if (canRememberLogin) + checkBoxLabel = this._getLocalizedString("rememberPassword"); + + if (!aPassword.value) { + // Look for existing logins. + var foundLogins = this._pwmgr.findLogins({}, hostname, null, + realm); + + // XXX Like the original code, we can't deal with multiple + // account selection (bug 227632). We can deal with finding the + // account based on the supplied username - but in this case we'll + // just return the first match. + for (var i = 0; i < foundLogins.length; ++i) { + if (foundLogins[i].username == username) { + aPassword.value = foundLogins[i].password; + // wallet returned straight away, so this mimics that code + return true; + } + } + } + } + + var ok = this._promptService.promptPassword(this._window, aDialogTitle, + aText, aPassword, + checkBoxLabel, checkBox); + + if (ok && checkBox.value && hostname && aPassword.value) { + var newLogin = Cc["@mozilla.org/login-manager/loginInfo;1"]. + createInstance(Ci.nsILoginInfo); + newLogin.init(hostname, null, realm, username, + aPassword.value, "", ""); + + this.log("New login seen for " + realm); + + this._pwmgr.addLogin(newLogin); + } + + return ok; + }, + + /* ---------- nsIAuthPrompt helpers ---------- */ + + + /** + * Given aRealmString, such as "http://user@example.com/foo", returns an + * array of: + * - the formatted hostname + * - the realm (hostname + path) + * - the username, if present + * + * If aRealmString is in the format produced by NS_GetAuthKey for HTTP[S] + * channels, e.g. "example.com:80 (httprealm)", null is returned for all + * arguments to let callers know the login can't be saved because we don't + * know whether it's http or https. + */ + _getRealmInfo : function (aRealmString) { + var httpRealm = /^.+ \(.+\)$/; + if (httpRealm.test(aRealmString)) + return [null, null, null]; + + var uri = Services.io.newURI(aRealmString, null, null); + var pathname = ""; + + if (uri.path != "/") + pathname = uri.path; + + var formattedHostname = this._getFormattedHostname(uri); + + return [formattedHostname, formattedHostname + pathname, uri.username]; + }, + + /* ---------- nsIAuthPrompt2 prompts ---------- */ + + + + + /* + * promptAuth + * + * Implementation of nsIAuthPrompt2. + * + * nsIChannel aChannel + * int aLevel + * nsIAuthInformation aAuthInfo + */ + promptAuth : function (aChannel, aLevel, aAuthInfo) { + var selectedLogin = null; + var checkbox = { value : false }; + var checkboxLabel = null; + var epicfail = false; + var canAutologin = false; + + try { + + this.log("===== promptAuth called ====="); + + // If the user submits a login but it fails, we need to remove the + // notification bar that was displayed. Conveniently, the user will + // be prompted for authentication again, which brings us here. + this._removeLoginNotifications(); + + var [hostname, httpRealm] = this._getAuthTarget(aChannel, aAuthInfo); + + + // Looks for existing logins to prefill the prompt with. + var foundLogins = this._pwmgr.findLogins({}, + hostname, null, httpRealm); + this.log("found " + foundLogins.length + " matching logins."); + + // XXX Can't select from multiple accounts yet. (bug 227632) + if (foundLogins.length > 0) { + selectedLogin = foundLogins[0]; + this._SetAuthInfo(aAuthInfo, selectedLogin.username, + selectedLogin.password); + + // Allow automatic proxy login + if (aAuthInfo.flags & Ci.nsIAuthInformation.AUTH_PROXY && + !(aAuthInfo.flags & Ci.nsIAuthInformation.PREVIOUS_FAILED) && + Services.prefs.getBoolPref("signon.autologin.proxy") && + !this._inPrivateBrowsing) { + + this.log("Autologin enabled, skipping auth prompt."); + canAutologin = true; + } + + checkbox.value = true; + } + + var canRememberLogin = this._pwmgr.getLoginSavingEnabled(hostname); + if (this._inPrivateBrowsing) + canRememberLogin = false; + + // if checkboxLabel is null, the checkbox won't be shown at all. + var notifyBox = this._getNotifyBox(); + if (canRememberLogin && !notifyBox) + checkboxLabel = this._getLocalizedString("rememberPassword"); + } catch (e) { + // Ignore any errors and display the prompt anyway. + epicfail = true; + Components.utils.reportError("LoginManagerPrompter: " + + "Epic fail in promptAuth: " + e + "\n"); + } + + var ok = canAutologin || + this._promptService.promptAuth(this._window, + aChannel, aLevel, aAuthInfo, + checkboxLabel, checkbox); + + // If there's a notification box, use it to allow the user to + // determine if the login should be saved. If there isn't a + // notification box, only save the login if the user set the + // checkbox to do so. + var rememberLogin = notifyBox ? canRememberLogin : checkbox.value; + if (!ok || !rememberLogin || epicfail) + return ok; + + try { + var [username, password] = this._GetAuthInfo(aAuthInfo); + + if (!password) { + this.log("No password entered, so won't offer to save."); + return ok; + } + + // XXX We can't prompt with multiple logins yet (bug 227632), so + // the entered login might correspond to an existing login + // other than the one we originally selected. + selectedLogin = this._repickSelectedLogin(foundLogins, username); + + // If we didn't find an existing login, or if the username + // changed, save as a new login. + if (!selectedLogin) { + this.log("New login seen for " + username + + " @ " + hostname + " (" + httpRealm + ")"); + + var newLogin = Cc["@mozilla.org/login-manager/loginInfo;1"]. + createInstance(Ci.nsILoginInfo); + newLogin.init(hostname, null, httpRealm, + username, password, "", ""); + var notifyObj = this._getPopupNote() || notifyBox; + if (notifyObj) + this._showSaveLoginNotification(notifyObj, newLogin); + else + this._pwmgr.addLogin(newLogin); + + } else if (password != selectedLogin.password) { + + this.log("Updating password for " + username + + " @ " + hostname + " (" + httpRealm + ")"); + var notifyObj = this._getPopupNote() || notifyBox; + if (notifyObj) + this._showChangeLoginNotification(notifyObj, + selectedLogin, password); + else + this._updateLogin(selectedLogin, password); + + } else { + this.log("Login unchanged, no further action needed."); + this._updateLogin(selectedLogin); + } + } catch (e) { + Components.utils.reportError("LoginManagerPrompter: " + + "Fail2 in promptAuth: " + e + "\n"); + } + + return ok; + }, + + asyncPromptAuth : function (aChannel, aCallback, aContext, aLevel, aAuthInfo) { + var cancelable = null; + + try { + this.log("===== asyncPromptAuth called ====="); + + // If the user submits a login but it fails, we need to remove the + // notification bar that was displayed. Conveniently, the user will + // be prompted for authentication again, which brings us here. + this._removeLoginNotifications(); + + cancelable = this._newAsyncPromptConsumer(aCallback, aContext); + + var [hostname, httpRealm] = this._getAuthTarget(aChannel, aAuthInfo); + + var hashKey = aLevel + "|" + hostname + "|" + httpRealm; + this.log("Async prompt key = " + hashKey); + var asyncPrompt = this._factory._asyncPrompts[hashKey]; + if (asyncPrompt) { + this.log("Prompt bound to an existing one in the queue, callback = " + aCallback); + asyncPrompt.consumers.push(cancelable); + return cancelable; + } + + this.log("Adding new prompt to the queue, callback = " + aCallback); + asyncPrompt = { + consumers: [cancelable], + channel: aChannel, + authInfo: aAuthInfo, + level: aLevel, + inProgress : false, + prompter: this + } + + this._factory._asyncPrompts[hashKey] = asyncPrompt; + this._factory._doAsyncPrompt(); + } + catch (e) { + Components.utils.reportError("LoginManagerPrompter: " + + "asyncPromptAuth: " + e + "\nFalling back to promptAuth\n"); + // Fail the prompt operation to let the consumer fall back + // to synchronous promptAuth method + throw e; + } + + return cancelable; + }, + + + + + /* ---------- nsILoginManagerPrompter prompts ---------- */ + + + + + /* + * init + * + */ + init : function (aWindow, aFactory) { + this._window = aWindow; + this._factory = aFactory || null; + + var prefBranch = Services.prefs.getBranch("signon."); + this._debug = prefBranch.getBoolPref("debug"); + this.log("===== initialized ====="); + }, + + + /* + * promptToSavePassword + * + */ + promptToSavePassword : function (aLogin) { + var notifyObj = this._getPopupNote() || this._getNotifyBox(); + + if (notifyObj) + this._showSaveLoginNotification(notifyObj, aLogin); + else + this._showSaveLoginDialog(aLogin); + }, + + + /* + * _showLoginNotification + * + * Displays a notification bar. + * + */ + _showLoginNotification : function (aNotifyBox, aName, aText, aButtons) { + var oldBar = aNotifyBox.getNotificationWithValue(aName); + const priority = aNotifyBox.PRIORITY_INFO_MEDIUM; + + this.log("Adding new " + aName + " notification bar"); + var newBar = aNotifyBox.appendNotification( + aText, aName, + "chrome://mozapps/skin/passwordmgr/key.png", + priority, aButtons); + + // The page we're going to hasn't loaded yet, so we want to persist + // across the first location change. + newBar.persistence++; + + // Sites like Gmail perform a funky redirect dance before you end up + // at the post-authentication page. I don't see a good way to + // heuristically determine when to ignore such location changes, so + // we'll try ignoring location changes based on a time interval. + newBar.timeout = Date.now() + 20000; // 20 seconds + + if (oldBar) { + this.log("(...and removing old " + aName + " notification bar)"); + aNotifyBox.removeNotification(oldBar); + } + }, + + + /* + * _showSaveLoginNotification + * + * Displays a notification bar or a popup notification, to allow the user + * to save the specified login. This allows the user to see the results of + * their login, and only save a login which they know worked. + * + * @param aNotifyObj + * A notification box or a popup notification. + */ + _showSaveLoginNotification : function (aNotifyObj, aLogin) { + + // Ugh. We can't use the strings from the popup window, because they + // have the access key marked in the string (eg "Mo&zilla"), along + // with some weird rules for handling access keys that do not occur + // in the string, for L10N. See commonDialog.js's setLabelForNode(). + var neverButtonText = + this._getLocalizedString("notifyBarNeverRememberButtonText"); + var neverButtonAccessKey = + this._getLocalizedString("notifyBarNeverRememberButtonAccessKey"); + var rememberButtonText = + this._getLocalizedString("notifyBarRememberPasswordButtonText"); + var rememberButtonAccessKey = + this._getLocalizedString("notifyBarRememberPasswordButtonAccessKey"); + + var displayHost = this._getShortDisplayHost(aLogin.hostname); + var notificationText; + if (aLogin.username) { + var displayUser = this._sanitizeUsername(aLogin.username); + notificationText = this._getLocalizedString( + "rememberPasswordMsg", + [displayUser, displayHost]); + } else { + notificationText = this._getLocalizedString( + "rememberPasswordMsgNoUsername", + [displayHost]); + } + + // The callbacks in |buttons| have a closure to access the variables + // in scope here; set one to |this._pwmgr| so we can get back to pwmgr + // without a getService() call. + var pwmgr = this._pwmgr; + + // Notification is a PopupNotification + if (aNotifyObj == this._getPopupNote()) { + // "Remember" button + var mainAction = { + label: rememberButtonText, + accessKey: rememberButtonAccessKey, + callback: function(aNotifyObj, aButton) { + pwmgr.addLogin(aLogin); + browser.focus(); + } + }; + + var secondaryActions = [ + // "Never for this site" button + { + label: neverButtonText, + accessKey: neverButtonAccessKey, + callback: function(aNotifyObj, aButton) { + pwmgr.setLoginSavingEnabled(aLogin.hostname, false); + browser.focus(); + } + } + ]; + + var notifyWin = this._getNotifyWindow(); + var chromeWin = this._getChromeWindow(notifyWin).wrappedJSObject; + var browser = chromeWin.gBrowser. + getBrowserForDocument(notifyWin.top.document); + + aNotifyObj.show(browser, "password-save", notificationText, + "password-notification-icon", mainAction, + secondaryActions, { timeout: Date.now() + 10000, + persistWhileVisible: true }); + } else { + var notNowButtonText = + this._getLocalizedString("notifyBarNotNowButtonText"); + var notNowButtonAccessKey = + this._getLocalizedString("notifyBarNotNowButtonAccessKey"); + var buttons = [ + // "Remember" button + { + label: rememberButtonText, + accessKey: rememberButtonAccessKey, + popup: null, + callback: function(aNotifyObj, aButton) { + pwmgr.addLogin(aLogin); + } + }, + + // "Never for this site" button + { + label: neverButtonText, + accessKey: neverButtonAccessKey, + popup: null, + callback: function(aNotifyObj, aButton) { + pwmgr.setLoginSavingEnabled(aLogin.hostname, false); + } + }, + + // "Not now" button + { + label: notNowButtonText, + accessKey: notNowButtonAccessKey, + popup: null, + callback: function() { /* NOP */ } + } + ]; + + this._showLoginNotification(aNotifyObj, "password-save", + notificationText, buttons); + } + }, + + + /* + * _removeLoginNotifications + * + */ + _removeLoginNotifications : function () { + var popupNote = this._getPopupNote(); + if (popupNote) + popupNote = popupNote.getNotification("password-save"); + if (popupNote) + popupNote.remove(); + + var notifyBox = this._getNotifyBox(); + if (notifyBox) { + var oldBar = notifyBox.getNotificationWithValue("password-save"); + if (oldBar) { + this.log("Removing save-password notification bar."); + notifyBox.removeNotification(oldBar); + } + + oldBar = notifyBox.getNotificationWithValue("password-change"); + if (oldBar) { + this.log("Removing change-password notification bar."); + notifyBox.removeNotification(oldBar); + } + } + }, + + + /* + * _showSaveLoginDialog + * + * Called when we detect a new login in a form submission, + * asks the user what to do. + * + */ + _showSaveLoginDialog : function (aLogin) { + const buttonFlags = Ci.nsIPrompt.BUTTON_POS_1_DEFAULT + + (Ci.nsIPrompt.BUTTON_TITLE_IS_STRING * Ci.nsIPrompt.BUTTON_POS_0) + + (Ci.nsIPrompt.BUTTON_TITLE_IS_STRING * Ci.nsIPrompt.BUTTON_POS_1) + + (Ci.nsIPrompt.BUTTON_TITLE_IS_STRING * Ci.nsIPrompt.BUTTON_POS_2); + + var displayHost = this._getShortDisplayHost(aLogin.hostname); + + var dialogText; + if (aLogin.username) { + var displayUser = this._sanitizeUsername(aLogin.username); + dialogText = this._getLocalizedString( + "rememberPasswordMsg", + [displayUser, displayHost]); + } else { + dialogText = this._getLocalizedString( + "rememberPasswordMsgNoUsername", + [displayHost]); + + } + var dialogTitle = this._getLocalizedString( + "savePasswordTitle"); + var neverButtonText = this._getLocalizedString( + "neverForSiteButtonText"); + var rememberButtonText = this._getLocalizedString( + "rememberButtonText"); + var notNowButtonText = this._getLocalizedString( + "notNowButtonText"); + + this.log("Prompting user to save/ignore login"); + var userChoice = this._promptService.confirmEx(this._window, + dialogTitle, dialogText, + buttonFlags, rememberButtonText, + notNowButtonText, neverButtonText, + null, {}); + // Returns: + // 0 - Save the login + // 1 - Ignore the login this time + // 2 - Never save logins for this site + if (userChoice == 2) { + this.log("Disabling " + aLogin.hostname + " logins by request."); + this._pwmgr.setLoginSavingEnabled(aLogin.hostname, false); + } else if (userChoice == 0) { + this.log("Saving login for " + aLogin.hostname); + this._pwmgr.addLogin(aLogin); + } else { + // userChoice == 1 --> just ignore the login. + this.log("Ignoring login."); + } + }, + + + /* + * promptToChangePassword + * + * Called when we think we detect a password change for an existing + * login, when the form being submitted contains multiple password + * fields. + * + */ + promptToChangePassword : function (aOldLogin, aNewLogin) { + var notifyObj = this._getPopupNote() || this._getNotifyBox(); + + if (notifyObj) + this._showChangeLoginNotification(notifyObj, aOldLogin, + aNewLogin.password); + else + this._showChangeLoginDialog(aOldLogin, aNewLogin.password); + }, + + + /* + * _showChangeLoginNotification + * + * Shows the Change Password notification bar or popup notification. + * + * @param aNotifyObj + * A notification box or a popup notification. + */ + _showChangeLoginNotification : function (aNotifyObj, aOldLogin, aNewPassword) { + var notificationText; + if (aOldLogin.username) { + var displayUser = this._sanitizeUsername(aOldLogin.username); + notificationText = this._getLocalizedString( + "updatePasswordMsg", + [displayUser]); + } else { + notificationText = this._getLocalizedString( + "updatePasswordMsgNoUser"); + } + + var changeButtonText = + this._getLocalizedString("notifyBarUpdateButtonText"); + var changeButtonAccessKey = + this._getLocalizedString("notifyBarUpdateButtonAccessKey"); + + // The callbacks in |buttons| have a closure to access the variables + // in scope here; set one to |this._pwmgr| so we can get back to pwmgr + // without a getService() call. + var self = this; + + // Notification is a PopupNotification + if (aNotifyObj == this._getPopupNote()) { + // "Yes" button + var mainAction = { + label: changeButtonText, + accessKey: changeButtonAccessKey, + popup: null, + callback: function(aNotifyObj, aButton) { + self._updateLogin(aOldLogin, aNewPassword); + } + }; + + var notifyWin = this._getNotifyWindow(); + var chromeWin = this._getChromeWindow(notifyWin).wrappedJSObject; + var browser = chromeWin.gBrowser. + getBrowserForDocument(notifyWin.top.document); + + aNotifyObj.show(browser, "password-change", notificationText, + "password-notification-icon", mainAction, + null, { timeout: Date.now() + 10000, + persistWhileVisible: true }); + } else { + var dontChangeButtonText = + this._getLocalizedString("notifyBarDontChangeButtonText"); + var dontChangeButtonAccessKey = + this._getLocalizedString("notifyBarDontChangeButtonAccessKey"); + var buttons = [ + // "Yes" button + { + label: changeButtonText, + accessKey: changeButtonAccessKey, + popup: null, + callback: function(aNotifyObj, aButton) { + self._updateLogin(aOldLogin, aNewPassword); + } + }, + + // "No" button + { + label: dontChangeButtonText, + accessKey: dontChangeButtonAccessKey, + popup: null, + callback: function(aNotifyObj, aButton) { + // do nothing + } + } + ]; + + this._showLoginNotification(aNotifyObj, "password-change", + notificationText, buttons); + } + }, + + + /* + * _showChangeLoginDialog + * + * Shows the Change Password dialog. + * + */ + _showChangeLoginDialog : function (aOldLogin, aNewPassword) { + const buttonFlags = Ci.nsIPrompt.STD_YES_NO_BUTTONS; + + var dialogText; + if (aOldLogin.username) + dialogText = this._getLocalizedString( + "updatePasswordMsg", + [aOldLogin.username]); + else + dialogText = this._getLocalizedString( + "updatePasswordMsgNoUser"); + + var dialogTitle = this._getLocalizedString( + "passwordChangeTitle"); + + // returns 0 for yes, 1 for no. + var ok = !this._promptService.confirmEx(this._window, + dialogTitle, dialogText, buttonFlags, + null, null, null, + null, {}); + if (ok) { + this.log("Updating password for user " + aOldLogin.username); + this._updateLogin(aOldLogin, aNewPassword); + } + }, + + + /* + * promptToChangePasswordWithUsernames + * + * Called when we detect a password change in a form submission, but we + * don't know which existing login (username) it's for. Asks the user + * to select a username and confirm the password change. + * + * Note: The caller doesn't know the username for aNewLogin, so this + * function fills in .username and .usernameField with the values + * from the login selected by the user. + * + * Note; XPCOM stupidity: |count| is just |logins.length|. + */ + promptToChangePasswordWithUsernames : function (logins, count, aNewLogin) { + const buttonFlags = Ci.nsIPrompt.STD_YES_NO_BUTTONS; + + var usernames = logins.map(function (l) l.username); + var dialogText = this._getLocalizedString("userSelectText"); + var dialogTitle = this._getLocalizedString("passwordChangeTitle"); + var selectedIndex = { value: null }; + + // If user selects ok, outparam.value is set to the index + // of the selected username. + var ok = this._promptService.select(this._window, + dialogTitle, dialogText, + usernames.length, usernames, + selectedIndex); + if (ok) { + // Now that we know which login to use, modify its password. + var selectedLogin = logins[selectedIndex.value]; + this.log("Updating password for user " + selectedLogin.username); + this._updateLogin(selectedLogin, aNewLogin.password); + } + }, + + + + + /* ---------- Internal Methods ---------- */ + + + + + /* + * _updateLogin + */ + _updateLogin : function (login, newPassword) { + var now = Date.now(); + var propBag = Cc["@mozilla.org/hash-property-bag;1"]. + createInstance(Ci.nsIWritablePropertyBag); + if (newPassword) { + propBag.setProperty("password", newPassword); + // Explicitly set the password change time here (even though it would + // be changed automatically), to ensure that it's exactly the same + // value as timeLastUsed. + propBag.setProperty("timePasswordChanged", now); + } + propBag.setProperty("timeLastUsed", now); + propBag.setProperty("timesUsedIncrement", 1); + this._pwmgr.modifyLogin(login, propBag); + }, + + + /* + * _getChromeWindow + * + * Given a content DOM window, returns the chrome window it's in. + */ + _getChromeWindow: function (aWindow) { + var chromeWin = aWindow.QueryInterface(Ci.nsIInterfaceRequestor) + .getInterface(Ci.nsIWebNavigation) + .QueryInterface(Ci.nsIDocShell) + .chromeEventHandler.ownerDocument.defaultView; + return chromeWin; + }, + + + /* + * _getNotifyWindow + */ + _getNotifyWindow: function () { + + try { + // Get topmost window, in case we're in a frame. + var notifyWin = this._window.top; + + // Some sites pop up a temporary login window, when disappears + // upon submission of credentials. We want to put the notification + // bar in the opener window if this seems to be happening. + if (notifyWin.opener) { + var chromeDoc = this._getChromeWindow(notifyWin). + document.documentElement; + var webnav = notifyWin. + QueryInterface(Ci.nsIInterfaceRequestor). + getInterface(Ci.nsIWebNavigation); + + // Check to see if the current window was opened with chrome + // disabled, and if so use the opener window. But if the window + // has been used to visit other pages (ie, has a history), + // assume it'll stick around and *don't* use the opener. + if (chromeDoc.getAttribute("chromehidden") && + webnav.sessionHistory.count == 1) { + this.log("Using opener window for notification bar."); + notifyWin = notifyWin.opener; + } + } + + return notifyWin; + + } catch (e) { + // If any errors happen, just assume no notification box. + this.log("Unable to get notify window"); + return null; + } + }, + + + /* + * _getPopupNote + * + * Returns the popup notification to this prompter, + * or null if there isn't one available. + */ + _getPopupNote : function () { + let popupNote = null; + + try { + let notifyWin = this._getNotifyWindow(); + + // Get the chrome window for the content window we're using. + // .wrappedJSObject needed here -- see bug 422974 comment 5. + let chromeWin = this._getChromeWindow(notifyWin).wrappedJSObject; + + popupNote = chromeWin.PopupNotifications; + } catch (e) { + this.log("Popup notifications not available on window"); + } + + return popupNote; + }, + + + /* + * _getNotifyBox + * + * Returns the notification box to this prompter, or null if there isn't + * a notification box available. + */ + _getNotifyBox : function () { + let notifyBox = null; + + try { + let notifyWin = this._getNotifyWindow(); + + // Get the chrome window for the content window we're using. + // .wrappedJSObject needed here -- see bug 422974 comment 5. + let chromeWin = this._getChromeWindow(notifyWin).wrappedJSObject; + + notifyBox = chromeWin.getNotificationBox(notifyWin); + } catch (e) { + this.log("Notification bars not available on window"); + } + + return notifyBox; + }, + + + /* + * _repickSelectedLogin + * + * The user might enter a login that isn't the one we prefilled, but + * is the same as some other existing login. So, pick a login with a + * matching username, or return null. + */ + _repickSelectedLogin : function (foundLogins, username) { + for (var i = 0; i < foundLogins.length; i++) + if (foundLogins[i].username == username) + return foundLogins[i]; + return null; + }, + + + /* + * _getLocalizedString + * + * Can be called as: + * _getLocalizedString("key1"); + * _getLocalizedString("key2", ["arg1"]); + * _getLocalizedString("key3", ["arg1", "arg2"]); + * (etc) + * + * Returns the localized string for the specified key, + * formatted if required. + * + */ + _getLocalizedString : function (key, formatArgs) { + if (formatArgs) + return this._strBundle.formatStringFromName( + key, formatArgs, formatArgs.length); + else + return this._strBundle.GetStringFromName(key); + }, + + + /* + * _sanitizeUsername + * + * Sanitizes the specified username, by stripping quotes and truncating if + * it's too long. This helps prevent an evil site from messing with the + * "save password?" prompt too much. + */ + _sanitizeUsername : function (username) { + if (username.length > 30) { + username = username.substring(0, 30); + username += this._ellipsis; + } + return username.replace(/['"]/g, ""); + }, + + + /* + * _getFormattedHostname + * + * The aURI parameter may either be a string uri, or an nsIURI instance. + * + * Returns the hostname to use in a nsILoginInfo object (for example, + * "http://example.com"). + */ + _getFormattedHostname : function (aURI) { + var uri; + if (aURI instanceof Ci.nsIURI) { + uri = aURI; + } else { + uri = Services.io.newURI(aURI, null, null); + } + var scheme = uri.scheme; + + var hostname = scheme + "://" + uri.host; + + // If the URI explicitly specified a port, only include it when + // it's not the default. (We never want "http://foo.com:80") + port = uri.port; + if (port != -1) { + var handler = Services.io.getProtocolHandler(scheme); + if (port != handler.defaultPort) + hostname += ":" + port; + } + + return hostname; + }, + + + /* + * _getShortDisplayHost + * + * Converts a login's hostname field (a URL) to a short string for + * prompting purposes. Eg, "http://foo.com" --> "foo.com", or + * "ftp://www.site.co.uk" --> "site.co.uk". + */ + _getShortDisplayHost: function (aURIString) { + var displayHost; + + var eTLDService = Cc["@mozilla.org/network/effective-tld-service;1"]. + getService(Ci.nsIEffectiveTLDService); + var idnService = Cc["@mozilla.org/network/idn-service;1"]. + getService(Ci.nsIIDNService); + try { + var uri = Services.io.newURI(aURIString, null, null); + var baseDomain = eTLDService.getBaseDomain(uri); + displayHost = idnService.convertToDisplayIDN(baseDomain, {}); + } catch (e) { + this.log("_getShortDisplayHost couldn't process " + aURIString); + } + + if (!displayHost) + displayHost = aURIString; + + return displayHost; + }, + + + /* + * _getAuthTarget + * + * Returns the hostname and realm for which authentication is being + * requested, in the format expected to be used with nsILoginInfo. + */ + _getAuthTarget : function (aChannel, aAuthInfo) { + var hostname, realm; + + // If our proxy is demanding authentication, don't use the + // channel's actual destination. + if (aAuthInfo.flags & Ci.nsIAuthInformation.AUTH_PROXY) { + this.log("getAuthTarget is for proxy auth"); + if (!(aChannel instanceof Ci.nsIProxiedChannel)) + throw "proxy auth needs nsIProxiedChannel"; + + var info = aChannel.proxyInfo; + if (!info) + throw "proxy auth needs nsIProxyInfo"; + + // Proxies don't have a scheme, but we'll use "moz-proxy://" + // so that it's more obvious what the login is for. + var idnService = Cc["@mozilla.org/network/idn-service;1"]. + getService(Ci.nsIIDNService); + hostname = "moz-proxy://" + + idnService.convertUTF8toACE(info.host) + + ":" + info.port; + realm = aAuthInfo.realm; + if (!realm) + realm = hostname; + + return [hostname, realm]; + } + + hostname = this._getFormattedHostname(aChannel.URI); + + // If a HTTP WWW-Authenticate header specified a realm, that value + // will be available here. If it wasn't set or wasn't HTTP, we'll use + // the formatted hostname instead. + realm = aAuthInfo.realm; + if (!realm) + realm = hostname; + + return [hostname, realm]; + }, + + + /** + * Returns [username, password] as extracted from aAuthInfo (which + * holds this info after having prompted the user). + * + * If the authentication was for a Windows domain, we'll prepend the + * return username with the domain. (eg, "domain\user") + */ + _GetAuthInfo : function (aAuthInfo) { + var username, password; + + var flags = aAuthInfo.flags; + if (flags & Ci.nsIAuthInformation.NEED_DOMAIN && aAuthInfo.domain) + username = aAuthInfo.domain + "\\" + aAuthInfo.username; + else + username = aAuthInfo.username; + + password = aAuthInfo.password; + + return [username, password]; + }, + + + /** + * Given a username (possibly in DOMAIN\user form) and password, parses the + * domain out of the username if necessary and sets domain, username and + * password on the auth information object. + */ + _SetAuthInfo : function (aAuthInfo, username, password) { + var flags = aAuthInfo.flags; + if (flags & Ci.nsIAuthInformation.NEED_DOMAIN) { + // Domain is separated from username by a backslash + var idx = username.indexOf("\\"); + if (idx == -1) { + aAuthInfo.username = username; + } else { + aAuthInfo.domain = username.substring(0, idx); + aAuthInfo.username = username.substring(idx+1); + } + } else { + aAuthInfo.username = username; + } + aAuthInfo.password = password; + }, + + _newAsyncPromptConsumer : function(aCallback, aContext) { + return { + QueryInterface: XPCOMUtils.generateQI([Ci.nsICancelable]), + callback: aCallback, + context: aContext, + cancel: function() { + this.callback.onAuthCancelled(this.context, false); + this.callback = null; + this.context = null; + } + } + } + +}; // end of LoginManagerPrompter implementation + + +var component = [LoginManagerPromptFactory, LoginManagerPrompter]; +this.NSGetFactory = XPCOMUtils.generateNSGetFactory(component);