Bug 982591 - Update TPS to retrieve keys from server instead of hard-coding them. r=warner

--HG-- extra : rebase_source : 2a9449aeca2f28a2bce648971619635b19a4d670
2024-09-13 09:24:08 -07:00 · 2014-03-21 10:23:15 +01:00 · 2014-03-21 10:23:15 +01:00 · 32625620a9
commit 32625620a9
parent 9468864ecc
4 changed files with 28 additions and 21 deletions
--- a/services/fxaccounts/FxAccounts.jsm
+++ b/services/fxaccounts/FxAccounts.jsm
@ -360,13 +360,15 @@ FxAccountsInternal.prototype = {
   *        The credentials object obtained by logging in or creating
   *        an account on the FxA server:
   *        {
-   *          email: The users email address
-   *          uid: The user's unique id
-   *          sessionToken: Session for the FxA server
-   *          keyFetchToken: an unused keyFetchToken
-   *          verified: true/false
   *          authAt: The time (seconds since epoch) that this record was
   *                  authenticated
+   *          email: The users email address
+   *          keyFetchToken: a keyFetchToken which has not yet been used
+   *          sessionToken: Session for the FxA server
+   *          uid: The user's unique id
+   *          unwrapBKey: used to unwrap kB, derived locally from the
+   *                      password (not revealed to the FxA server)
+   *          verified: true/false
   *        }
   * @return Promise
   *         The promise resolves to null when the data is saved
--- a/services/fxaccounts/FxAccountsClient.jsm
+++ b/services/fxaccounts/FxAccountsClient.jsm
@ -94,19 +94,21 @@ this.FxAccountsClient.prototype = {
   * @return Promise
   *        Returns a promise that resolves to an object:
   *        {
-   *          uid: the user's unique ID (hex)
-   *          sessionToken: a session token (hex)
-   *          keyFetchToken: a key fetch token (hex)
-   *          verified: flag indicating verification status of the email
   *          authAt: authentication time for the session (seconds since epoch)
   *          email: the primary email for this account
+   *          keyFetchToken: a key fetch token (hex)
+   *          sessionToken: a session token (hex)
+   *          uid: the user's unique ID (hex)
+   *          unwrapBKey: used to unwrap kB, derived locally from the
+   *                      password (not revealed to the FxA server)
+   *          verified: flag indicating verification status of the email
   *        }
   */
  signIn: function signIn(email, password, getKeys=false, retryOK=true) {
    return Credentials.setup(email, password).then((creds) => {
      let data = {
-        email: creds.emailUTF8,
        authPW: CommonUtils.bytesAsHex(creds.authPW),
+        email: creds.emailUTF8,
      };
      let keys = getKeys ? "?keys=true" : "";

@ -115,6 +117,8 @@ this.FxAccountsClient.prototype = {
        // the caller can set its signed-in user state accordingly.
        result => {
          result.email = data.email;
+          result.unwrapBKey = CommonUtils.bytesAsHex(creds.unwrapBKey);
+
          return result;
        },
        error => {
--- a/services/fxaccounts/tests/xpcshell/test_client.js
+++ b/services/fxaccounts/tests/xpcshell/test_client.js
@ -283,16 +283,22 @@ add_task(function test_signIn() {
  let client = new FxAccountsClient(server.baseURI);
  let result = yield client.signIn('mé@example.com', 'bigsecret');
  do_check_eq(FAKE_SESSION_TOKEN, result.sessionToken);
+  do_check_eq(result.unwrapBKey,
+              "c076ec3f4af123a615157154c6e1d0d6293e514fd7b0221e32d50517ecf002b8");
  do_check_eq(undefined, result.keyFetchToken);

  // Login with retrieving optional keys
  let result = yield client.signIn('you@example.com', 'bigsecret', true);
  do_check_eq(FAKE_SESSION_TOKEN, result.sessionToken);
+  do_check_eq(result.unwrapBKey,
+              "65970516211062112e955d6420bebe020269d6b6a91ebd288319fc8d0cb49624");
  do_check_eq("keyFetchToken", result.keyFetchToken);

  // Retry due to wrong email capitalization
  let result = yield client.signIn('You@example.com', 'bigsecret', true);
  do_check_eq(FAKE_SESSION_TOKEN, result.sessionToken);
+  do_check_eq(result.unwrapBKey,
+              "65970516211062112e955d6420bebe020269d6b6a91ebd288319fc8d0cb49624");
  do_check_eq("keyFetchToken", result.keyFetchToken);

  // Don't retry due to wrong email capitalization
--- a/services/sync/tps/extensions/tps/resource/fxaccounts.jsm
+++ b/services/sync/tps/extensions/tps/resource/fxaccounts.jsm
@ -10,6 +10,7 @@ this.EXPORTED_SYMBOLS = [

 const {classes: Cc, interfaces: Ci, utils: Cu} = Components;

+Cu.import("resource://gre/modules/FxAccounts.jsm");
 Cu.import("resource://gre/modules/FxAccountsClient.jsm");
 Cu.import("resource://services-common/async.js");
 Cu.import("resource://services-sync/main.js");
@ -33,17 +34,11 @@ var FxAccountsHelper = {
    let cb = Async.makeSpinningCallback();

    var client = new FxAccountsClient();
-    client.signIn(email, password).then(credentials => {
-      // Add keys because without those setSignedInUser() will fail
-      credentials.kA = 'foo';
-      credentials.kB = 'bar';
-
-      Weave.Service.identity._fxaService.setSignedInUser(credentials).then(() => {
-        cb(null);
-      }, err => {
-        cb(err);
-      });
-    }, (err) => {
+    client.signIn(email, password, true).then(credentials => {
+      return fxAccounts.setSignedInUser(credentials);
+    }).then(() => {
+      cb(null);
+    }, err => {
      cb(err);
    });