mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 1056523 - Ensure sync credentials are reset during reauth flow. r=markh
This patch addresses a bug in the following scenario: User has browser 1 connected to sync and open, and resets her password on browser 2. Eventually the browser detects the need to reauthenticate the user, and prompts the user. When the user entered her new password, the browserid_identity module failed to re-derive a new syncKeyBundle from the new password and happily used the old one. Chaos ensued. This patch mitigate the problem by calling resetCredentials at the start of initializeWithCurrentIdentity(), which will clear the syncKeyBundle, along with other credentials. Previously this function was only resetting this._shouldHaveSyncKeyBundle. I also removed a misleading comment about the syncKeyBundle being cleared when it wasn't.
This commit is contained in:
parent
43f304ad43
commit
34ef3af90d
@ -188,7 +188,11 @@ this.BrowserIDManager.prototype = {
|
||||
this._log.error("Could not authenticate: " + err);
|
||||
});
|
||||
|
||||
this._shouldHaveSyncKeyBundle = false;
|
||||
// initializeWithCurrentIdentity() can be called after the
|
||||
// identity module was first initialized, e.g., after the
|
||||
// user completes a force authentication, so we should make
|
||||
// sure all credentials are reset before proceeding.
|
||||
this.resetCredentials();
|
||||
this._authFailureReason = null;
|
||||
|
||||
return this._fxaService.getSignedInUser().then(accountData => {
|
||||
@ -579,9 +583,10 @@ this.BrowserIDManager.prototype = {
|
||||
// for now assume it is just a transient network related problem.
|
||||
this._authFailureReason = LOGIN_FAILED_NETWORK_ERROR;
|
||||
}
|
||||
// Drop the sync key bundle, but still expect to have one.
|
||||
// This will arrange for us to be in the right 'currentAuthState'
|
||||
// such that UI will show the right error.
|
||||
// this._authFailureReason being set to be non-null in the above if clause
|
||||
// ensures we are in the correct currentAuthState, and
|
||||
// this._shouldHaveSyncKeyBundle being true ensures everything that cares knows
|
||||
// that there is no authentication dance still under way.
|
||||
this._shouldHaveSyncKeyBundle = true;
|
||||
Weave.Status.login = this._authFailureReason;
|
||||
Services.obs.notifyObservers(null, "weave:service:login:error", null);
|
||||
|
Loading…
Reference in New Issue
Block a user