gecko/b2g/components/SignInToWebsite.jsm

445 lines
16 KiB
JavaScript

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* SignInToWebsite.jsm - UX Controller and means for accessing identity
* cookies on behalf of relying parties.
*
* Currently, the b2g security architecture isolates web applications
* so that each window has access only to a local cookie jar:
*
* To prevent Web apps from interfering with one another, each one is
* hosted on a separate domain, and therefore may only access the
* resources associated with its domain. These resources include
* things such as IndexedDB databases, cookies, offline storage,
* and so forth.
*
* -- https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/Security_model
*
* As a result, an authentication system like Persona cannot share its
* cookie jar with multiple relying parties, and so would require a
* fresh login request in every window. This would not be a good
* experience.
*
*
* In order for navigator.id.request() to maintain state in a single
* cookie jar, we cause all Persona interactions to take place in a
* content context that is launched by the system application, with the
* result that Persona has a single cookie jar that all Relying
* Parties can use. Since of course those Relying Parties cannot
* reach into the system cookie jar, the Controller in this module
* provides a way to get messages and data to and fro between the
* Relying Party in its window context, and the Persona internal api
* in its context.
*
* On the Relying Party's side, say a web page invokes
* navigator.id.watch(), to register callbacks, and then
* navigator.id.request() to request an assertion. The navigator.id
* calls are provided by nsDOMIdentity. nsDOMIdentity messages down
* to the privileged DOMIdentity code (using cpmm and ppmm message
* managers). DOMIdentity stores the state of Relying Party flows
* using an Identity service (MinimalIdentity.jsm), and emits messages
* requesting Persona functions (doWatch, doReady, doLogout).
*
* The Identity service sends these observer messages to the
* Controller in this module, which in turn triggers content to open a
* window to host the Persona js. If user interaction is required,
* content will open the trusty UI. If user interaction is not required,
* and we only need to get to Persona functions, content will open a
* hidden iframe. In either case, a window is opened into which the
* controller causes the script identity.js to be injected. This
* script provides the glue between the in-page javascript and the
* pipe back down to the Controller, translating navigator.internal
* function callbacks into messages sent back to the Controller.
*
* As a result, a navigator.internal function in the hosted popup or
* iframe can call back to the injected identity.js (doReady, doLogin,
* or doLogout). identity.js callbacks send messages back through the
* pipe to the Controller. The controller invokes the corresponding
* function on the Identity Service (doReady, doLogin, or doLogout).
* The IdentityService calls the corresponding callback for the
* correct Relying Party, which causes DOMIdentity to send a message
* up to the Relying Party through nsDOMIdentity
* (Identity:RP:Watch:OnLogin etc.), and finally, nsDOMIdentity
* receives these messages and calls the original callback that the
* Relying Party registered (navigator.id.watch(),
* navigator.id.request(), or navigator.id.logout()).
*/
"use strict";
this.EXPORTED_SYMBOLS = ["SignInToWebsiteController"];
const Ci = Components.interfaces;
const Cu = Components.utils;
Cu.import("resource://gre/modules/Services.jsm");
Cu.import("resource://gre/modules/XPCOMUtils.jsm");
XPCOMUtils.defineLazyModuleGetter(this, "getRandomId",
"resource://gre/modules/identity/IdentityUtils.jsm");
XPCOMUtils.defineLazyModuleGetter(this, "IdentityService",
"resource://gre/modules/identity/MinimalIdentity.jsm");
XPCOMUtils.defineLazyModuleGetter(this, "Logger",
"resource://gre/modules/identity/LogUtils.jsm");
XPCOMUtils.defineLazyModuleGetter(this, "SystemAppProxy",
"resource://gre/modules/SystemAppProxy.jsm");
// The default persona uri; can be overwritten with toolkit.identity.uri pref.
// Do this if you want to repoint to a different service for testing.
// There's no point in setting up an observer to monitor the pref, as b2g prefs
// can only be overwritten when the profie is recreated. So just get the value
// on start-up.
var kPersonaUri = "https://firefoxos.persona.org";
try {
kPersonaUri = Services.prefs.getCharPref("toolkit.identity.uri");
} catch(noSuchPref) {
// stick with the default value
}
// JS shim that contains the callback functions that
// live within the identity UI provisioning frame.
const kIdentityShimFile = "chrome://b2g/content/identity.js";
// Type of MozChromeEvents to handle id dialogs.
const kOpenIdentityDialog = "id-dialog-open";
const kDoneIdentityDialog = "id-dialog-done";
const kCloseIdentityDialog = "id-dialog-close-iframe";
// Observer messages to communicate to shim
const kIdentityDelegateWatch = "identity-delegate-watch";
const kIdentityDelegateRequest = "identity-delegate-request";
const kIdentityDelegateLogout = "identity-delegate-logout";
const kIdentityDelegateFinished = "identity-delegate-finished";
const kIdentityDelegateReady = "identity-delegate-ready";
const kIdentityControllerDoMethod = "identity-controller-doMethod";
function log(...aMessageArgs) {
Logger.log.apply(Logger, ["SignInToWebsiteController"].concat(aMessageArgs));
}
log("persona uri =", kPersonaUri);
function sendChromeEvent(details) {
details.uri = kPersonaUri;
SystemAppProxy.dispatchEvent(details);
}
function Pipe() {
this._watchers = [];
}
Pipe.prototype = {
init: function pipe_init() {
Services.obs.addObserver(this, "identity-child-process-shutdown", false);
Services.obs.addObserver(this, "identity-controller-unwatch", false);
},
uninit: function pipe_uninit() {
Services.obs.removeObserver(this, "identity-child-process-shutdown");
Services.obs.removeObserver(this, "identity-controller-unwatch");
},
observe: function Pipe_observe(aSubject, aTopic, aData) {
let options = {};
if (aSubject) {
options = aSubject.wrappedJSObject;
}
switch (aTopic) {
case "identity-child-process-shutdown":
log("pipe removing watchers by message manager");
this._removeWatchers(null, options.messageManager);
break;
case "identity-controller-unwatch":
log("unwatching", options.id);
this._removeWatchers(options.id, options.messageManager);
break;
}
},
_addWatcher: function Pipe__addWatcher(aId, aMm) {
log("Adding watcher with id", aId);
for (let i = 0; i < this._watchers.length; ++i) {
let watcher = this._watchers[i];
if (this._watcher.id === aId) {
watcher.count++;
return;
}
}
this._watchers.push({id: aId, count: 1, mm: aMm});
},
_removeWatchers: function Pipe__removeWatcher(aId, aMm) {
let checkId = aId !== null;
let index = -1;
for (let i = 0; i < this._watchers.length; ++i) {
let watcher = this._watchers[i];
if (watcher.mm === aMm &&
(!checkId || (checkId && watcher.id === aId))) {
index = i;
break;
}
}
if (index !== -1) {
if (checkId) {
if (--(this._watchers[index].count) === 0) {
this._watchers.splice(index, 1);
}
} else {
this._watchers.splice(index, 1);
}
}
if (this._watchers.length === 0) {
log("No more watchers; clean up persona host iframe");
let detail = {
type: kCloseIdentityDialog
};
log('telling content to close the dialog');
// tell content to close the dialog
sendChromeEvent(detail);
}
},
communicate: function(aRpOptions, aContentOptions, aMessageCallback) {
let rpID = aRpOptions.id;
let rpMM = aRpOptions.mm;
if (rpMM) {
this._addWatcher(rpID, rpMM);
}
log("RP options:", aRpOptions, "\n content options:", aContentOptions);
// This content variable is injected into the scope of
// kIdentityShimFile, where it is used to access the BrowserID object
// and its internal API.
let mm = null;
let uuid = getRandomId();
let self = this;
function removeMessageListeners() {
if (mm) {
mm.removeMessageListener(kIdentityDelegateFinished, identityDelegateFinished);
mm.removeMessageListener(kIdentityControllerDoMethod, aMessageCallback);
}
}
function identityDelegateFinished() {
removeMessageListeners();
let detail = {
type: kDoneIdentityDialog,
showUI: aContentOptions.showUI || false,
id: kDoneIdentityDialog + "-" + uuid,
requestId: aRpOptions.id
};
log('received delegate finished; telling content to close the dialog');
sendChromeEvent(detail);
self._removeWatchers(rpID, rpMM);
}
SystemAppProxy.addEventListener("mozContentEvent", function getAssertion(evt) {
let msg = evt.detail;
if (!msg.id.match(uuid)) {
return;
}
switch (msg.id) {
case kOpenIdentityDialog + '-' + uuid:
if (msg.type === 'cancel') {
// The user closed the dialog. Clean up and call cancel.
SystemAppProxy.removeEventListener("mozContentEvent", getAssertion);
removeMessageListeners();
aMessageCallback({json: {method: "cancel"}});
} else {
// The window has opened. Inject the identity shim file containing
// the callbacks in the content script. This could be either the
// visible popup that the user interacts with, or it could be an
// invisible frame.
let frame = evt.detail.frame;
let frameLoader = frame.QueryInterface(Ci.nsIFrameLoaderOwner).frameLoader;
mm = frameLoader.messageManager;
try {
mm.loadFrameScript(kIdentityShimFile, true, true);
log("Loaded shim", kIdentityShimFile);
} catch (e) {
log("Error loading", kIdentityShimFile, "as a frame script:", e);
}
// There are two messages that the delegate can send back: a "do
// method" event, and a "finished" event. We pass the do-method
// events straight to the caller for interpretation and handling.
// If we receive a "finished" event, then the delegate is done, so
// we shut down the pipe and clean up.
mm.addMessageListener(kIdentityControllerDoMethod, aMessageCallback);
mm.addMessageListener(kIdentityDelegateFinished, identityDelegateFinished);
mm.sendAsyncMessage(aContentOptions.message, aRpOptions);
}
break;
case kDoneIdentityDialog + '-' + uuid:
// Received our assertion. The message manager callbacks will handle
// communicating back to the IDService. All we have to do is remove
// this listener.
SystemAppProxy.removeEventListener("mozContentEvent", getAssertion);
break;
default:
log("ERROR - Unexpected message: id=" + msg.id + ", type=" + msg.type + ", errorMsg=" + msg.errorMsg);
break;
}
});
// Tell content to open the identity iframe or trusty popup. The parameter
// showUI signals whether user interaction is needed. If it is, content will
// open a dialog; if not, a hidden iframe. In each case, BrowserID is
// available in the context.
let detail = {
type: kOpenIdentityDialog,
showUI: aContentOptions.showUI || false,
id: kOpenIdentityDialog + "-" + uuid,
requestId: aRpOptions.id
};
sendChromeEvent(detail);
}
};
/*
* The controller sits between the IdentityService used by DOMIdentity
* and a content process launches an (invisible) iframe or (visible)
* trusty UI. Using an injected js script (identity.js), the
* controller enables the content window to access the persona identity
* storage in the system cookie jar and send events back via the
* controller into IdentityService and DOM, and ultimately up to the
* Relying Party, which is open in a different window context.
*/
this.SignInToWebsiteController = {
/*
* Initialize the controller. To use a different content communication pipe,
* such as when mocking it in tests, pass aOptions.pipe.
*/
init: function SignInToWebsiteController_init(aOptions) {
aOptions = aOptions || {};
this.pipe = aOptions.pipe || new Pipe();
Services.obs.addObserver(this, "identity-controller-watch", false);
Services.obs.addObserver(this, "identity-controller-request", false);
Services.obs.addObserver(this, "identity-controller-logout", false);
},
uninit: function SignInToWebsiteController_uninit() {
Services.obs.removeObserver(this, "identity-controller-watch");
Services.obs.removeObserver(this, "identity-controller-request");
Services.obs.removeObserver(this, "identity-controller-logout");
},
observe: function SignInToWebsiteController_observe(aSubject, aTopic, aData) {
log("observe: received", aTopic, "with", aData, "for", aSubject);
let options = null;
if (aSubject) {
options = aSubject.wrappedJSObject;
}
switch (aTopic) {
case "identity-controller-watch":
this.doWatch(options);
break;
case "identity-controller-request":
this.doRequest(options);
break;
case "identity-controller-logout":
this.doLogout(options);
break;
default:
Logger.reportError("SignInToWebsiteController", "Unknown observer notification:", aTopic);
break;
}
},
/*
* options: method required - name of method to invoke
* assertion optional
*/
_makeDoMethodCallback: function SignInToWebsiteController__makeDoMethodCallback(aRpId) {
return function SignInToWebsiteController_methodCallback(aOptions) {
let message = aOptions.json;
if (typeof message === 'string') {
message = JSON.parse(message);
}
switch (message.method) {
case "ready":
IdentityService.doReady(aRpId);
break;
case "login":
if (message._internalParams) {
IdentityService.doLogin(aRpId, message.assertion, message._internalParams);
} else {
IdentityService.doLogin(aRpId, message.assertion);
}
break;
case "logout":
IdentityService.doLogout(aRpId);
break;
case "cancel":
IdentityService.doCancel(aRpId);
break;
default:
log("WARNING: wonky method call:", message.method);
break;
}
};
},
doWatch: function SignInToWebsiteController_doWatch(aRpOptions) {
// dom prevents watch from being called twice
let contentOptions = {
message: kIdentityDelegateWatch,
showUI: false
};
this.pipe.communicate(aRpOptions, contentOptions,
this._makeDoMethodCallback(aRpOptions.id));
},
/**
* The website is requesting login so the user must choose an identity to use.
*/
doRequest: function SignInToWebsiteController_doRequest(aRpOptions) {
log("doRequest", aRpOptions);
let contentOptions = {
message: kIdentityDelegateRequest,
showUI: true
};
this.pipe.communicate(aRpOptions, contentOptions,
this._makeDoMethodCallback(aRpOptions.id));
},
/*
*
*/
doLogout: function SignInToWebsiteController_doLogout(aRpOptions) {
log("doLogout", aRpOptions);
let contentOptions = {
message: kIdentityDelegateLogout,
showUI: false
};
this.pipe.communicate(aRpOptions, contentOptions,
this._makeDoMethodCallback(aRpOptions.id));
}
};