diff options
Diffstat (limited to 'services')
47 files changed, 4 insertions, 12780 deletions
diff --git a/services/fxaccounts/Credentials.jsm b/services/fxaccounts/Credentials.jsm deleted file mode 100644 index 56e8b3db7..000000000 --- a/services/fxaccounts/Credentials.jsm +++ /dev/null @@ -1,136 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ - -/** - * This module implements client-side key stretching for use in Firefox - * Accounts account creation and login. - * - * See https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol - */ - -"use strict"; - -this.EXPORTED_SYMBOLS = ["Credentials"]; - -const {utils: Cu, interfaces: Ci} = Components; - -Cu.import("resource://gre/modules/Log.jsm"); -Cu.import("resource://gre/modules/Services.jsm"); -Cu.import("resource://gre/modules/Promise.jsm"); -Cu.import("resource://services-crypto/utils.js"); -Cu.import("resource://services-common/utils.js"); - -const PROTOCOL_VERSION = "identity.mozilla.com/picl/v1/"; -const PBKDF2_ROUNDS = 1000; -const STRETCHED_PW_LENGTH_BYTES = 32; -const HKDF_SALT = CommonUtils.hexToBytes("00"); -const HKDF_LENGTH = 32; -const HMAC_ALGORITHM = Ci.nsICryptoHMAC.SHA256; -const HMAC_LENGTH = 32; - -// loglevel preference should be one of: "FATAL", "ERROR", "WARN", "INFO", -// "CONFIG", "DEBUG", "TRACE" or "ALL". We will be logging error messages by -// default. -const PREF_LOG_LEVEL = "identity.fxaccounts.loglevel"; -try { - this.LOG_LEVEL = - Services.prefs.getPrefType(PREF_LOG_LEVEL) == Ci.nsIPrefBranch.PREF_STRING - && Services.prefs.getCharPref(PREF_LOG_LEVEL); -} catch (e) { - this.LOG_LEVEL = Log.Level.Error; -} - -var log = Log.repository.getLogger("Identity.FxAccounts"); -log.level = LOG_LEVEL; -log.addAppender(new Log.ConsoleAppender(new Log.BasicFormatter())); - -this.Credentials = Object.freeze({ - /** - * Make constants accessible to tests - */ - constants: { - PROTOCOL_VERSION: PROTOCOL_VERSION, - PBKDF2_ROUNDS: PBKDF2_ROUNDS, - STRETCHED_PW_LENGTH_BYTES: STRETCHED_PW_LENGTH_BYTES, - HKDF_SALT: HKDF_SALT, - HKDF_LENGTH: HKDF_LENGTH, - HMAC_ALGORITHM: HMAC_ALGORITHM, - HMAC_LENGTH: HMAC_LENGTH, - }, - - /** - * KW function from https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol - * - * keyWord derivation for use as a salt. - * - * - * @param {String} context String for use in generating salt - * - * @return {bitArray} the salt - * - * Note that PROTOCOL_VERSION does not refer in any way to the version of the - * Firefox Accounts API. - */ - keyWord: function(context) { - return CommonUtils.stringToBytes(PROTOCOL_VERSION + context); - }, - - /** - * KWE function from https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol - * - * keyWord extended with a name and an email. - * - * @param {String} name The name of the salt - * @param {String} email The email of the user. - * - * @return {bitArray} the salt combination with the namespace - * - * Note that PROTOCOL_VERSION does not refer in any way to the version of the - * Firefox Accounts API. - */ - keyWordExtended: function(name, email) { - return CommonUtils.stringToBytes(PROTOCOL_VERSION + name + ':' + email); - }, - - setup: function(emailInput, passwordInput, options={}) { - let deferred = Promise.defer(); - log.debug("setup credentials for " + emailInput); - - let hkdfSalt = options.hkdfSalt || HKDF_SALT; - let hkdfLength = options.hkdfLength || HKDF_LENGTH; - let hmacLength = options.hmacLength || HMAC_LENGTH; - let hmacAlgorithm = options.hmacAlgorithm || HMAC_ALGORITHM; - let stretchedPWLength = options.stretchedPassLength || STRETCHED_PW_LENGTH_BYTES; - let pbkdf2Rounds = options.pbkdf2Rounds || PBKDF2_ROUNDS; - - let result = {}; - - let password = CommonUtils.encodeUTF8(passwordInput); - let salt = this.keyWordExtended("quickStretch", emailInput); - - let runnable = () => { - let start = Date.now(); - let quickStretchedPW = CryptoUtils.pbkdf2Generate( - password, salt, pbkdf2Rounds, stretchedPWLength, hmacAlgorithm, hmacLength); - - result.quickStretchedPW = quickStretchedPW; - - result.authPW = - CryptoUtils.hkdf(quickStretchedPW, hkdfSalt, this.keyWord("authPW"), hkdfLength); - - result.unwrapBKey = - CryptoUtils.hkdf(quickStretchedPW, hkdfSalt, this.keyWord("unwrapBkey"), hkdfLength); - - log.debug("Credentials set up after " + (Date.now() - start) + " ms"); - deferred.resolve(result); - } - - Services.tm.currentThread.dispatch(runnable, - Ci.nsIThread.DISPATCH_NORMAL); - log.debug("Dispatched thread for credentials setup crypto work"); - - return deferred.promise; - } -}); - diff --git a/services/fxaccounts/FxAccounts.jsm b/services/fxaccounts/FxAccounts.jsm deleted file mode 100644 index 5bed881ea..000000000 --- a/services/fxaccounts/FxAccounts.jsm +++ /dev/null @@ -1,1735 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -"use strict"; - -this.EXPORTED_SYMBOLS = ["fxAccounts", "FxAccounts"]; - -const {classes: Cc, interfaces: Ci, utils: Cu} = Components; - -Cu.import("resource://gre/modules/Log.jsm"); -Cu.import("resource://gre/modules/Promise.jsm"); -Cu.import("resource://services-common/utils.js"); -Cu.import("resource://services-common/rest.js"); -Cu.import("resource://services-crypto/utils.js"); -Cu.import("resource://gre/modules/Services.jsm"); -Cu.import("resource://gre/modules/XPCOMUtils.jsm"); -Cu.import("resource://gre/modules/Timer.jsm"); -Cu.import("resource://gre/modules/Task.jsm"); -Cu.import("resource://gre/modules/FxAccountsStorage.jsm"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); - -XPCOMUtils.defineLazyModuleGetter(this, "FxAccountsClient", - "resource://gre/modules/FxAccountsClient.jsm"); - -XPCOMUtils.defineLazyModuleGetter(this, "FxAccountsConfig", - "resource://gre/modules/FxAccountsConfig.jsm"); - -XPCOMUtils.defineLazyModuleGetter(this, "jwcrypto", - "resource://gre/modules/identity/jwcrypto.jsm"); - -XPCOMUtils.defineLazyModuleGetter(this, "FxAccountsOAuthGrantClient", - "resource://gre/modules/FxAccountsOAuthGrantClient.jsm"); - -XPCOMUtils.defineLazyModuleGetter(this, "FxAccountsProfile", - "resource://gre/modules/FxAccountsProfile.jsm"); - -XPCOMUtils.defineLazyModuleGetter(this, "Utils", - "resource://services-sync/util.js"); - -// All properties exposed by the public FxAccounts API. -var publicProperties = [ - "accountStatus", - "checkVerificationStatus", - "getAccountsClient", - "getAssertion", - "getDeviceId", - "getKeys", - "getOAuthToken", - "getSignedInUser", - "getSignedInUserProfile", - "handleDeviceDisconnection", - "invalidateCertificate", - "loadAndPoll", - "localtimeOffsetMsec", - "notifyDevices", - "now", - "promiseAccountsChangeProfileURI", - "promiseAccountsForceSigninURI", - "promiseAccountsManageURI", - "promiseAccountsSignUpURI", - "promiseAccountsSignInURI", - "removeCachedOAuthToken", - "requiresHttps", - "resendVerificationEmail", - "resetCredentials", - "sessionStatus", - "setSignedInUser", - "signOut", - "updateDeviceRegistration", - "updateUserAccountData", - "whenVerified", -]; - -// An AccountState object holds all state related to one specific account. -// Only one AccountState is ever "current" in the FxAccountsInternal object - -// whenever a user logs out or logs in, the current AccountState is discarded, -// making it impossible for the wrong state or state data to be accidentally -// used. -// In addition, it has some promise-related helpers to ensure that if an -// attempt is made to resolve a promise on a "stale" state (eg, if an -// operation starts, but a different user logs in before the operation -// completes), the promise will be rejected. -// It is intended to be used thusly: -// somePromiseBasedFunction: function() { -// let currentState = this.currentAccountState; -// return someOtherPromiseFunction().then( -// data => currentState.resolve(data) -// ); -// } -// If the state has changed between the function being called and the promise -// being resolved, the .resolve() call will actually be rejected. -var AccountState = this.AccountState = function(storageManager) { - this.storageManager = storageManager; - this.promiseInitialized = this.storageManager.getAccountData().then(data => { - this.oauthTokens = data && data.oauthTokens ? data.oauthTokens : {}; - }).catch(err => { - log.error("Failed to initialize the storage manager", err); - // Things are going to fall apart, but not much we can do about it here. - }); -}; - -AccountState.prototype = { - oauthTokens: null, - whenVerifiedDeferred: null, - whenKeysReadyDeferred: null, - - // If the storage manager has been nuked then we are no longer current. - get isCurrent() { - return this.storageManager != null; - }, - - abort() { - if (this.whenVerifiedDeferred) { - this.whenVerifiedDeferred.reject( - new Error("Verification aborted; Another user signing in")); - this.whenVerifiedDeferred = null; - } - - if (this.whenKeysReadyDeferred) { - this.whenKeysReadyDeferred.reject( - new Error("Verification aborted; Another user signing in")); - this.whenKeysReadyDeferred = null; - } - - this.cert = null; - this.keyPair = null; - this.oauthTokens = null; - // Avoid finalizing the storageManager multiple times (ie, .signOut() - // followed by .abort()) - if (!this.storageManager) { - return Promise.resolve(); - } - let storageManager = this.storageManager; - this.storageManager = null; - return storageManager.finalize(); - }, - - // Clobber all cached data and write that empty data to storage. - signOut() { - this.cert = null; - this.keyPair = null; - this.oauthTokens = null; - let storageManager = this.storageManager; - this.storageManager = null; - return storageManager.deleteAccountData().then(() => { - return storageManager.finalize(); - }); - }, - - // Get user account data. Optionally specify explicit field names to fetch - // (and note that if you require an in-memory field you *must* specify the - // field name(s).) - getUserAccountData(fieldNames = null) { - if (!this.isCurrent) { - return Promise.reject(new Error("Another user has signed in")); - } - return this.storageManager.getAccountData(fieldNames).then(result => { - return this.resolve(result); - }); - }, - - updateUserAccountData(updatedFields) { - if (!this.isCurrent) { - return Promise.reject(new Error("Another user has signed in")); - } - return this.storageManager.updateAccountData(updatedFields); - }, - - resolve: function(result) { - if (!this.isCurrent) { - log.info("An accountState promise was resolved, but was actually rejected" + - " due to a different user being signed in. Originally resolved" + - " with", result); - return Promise.reject(new Error("A different user signed in")); - } - return Promise.resolve(result); - }, - - reject: function(error) { - // It could be argued that we should just let it reject with the original - // error - but this runs the risk of the error being (eg) a 401, which - // might cause the consumer to attempt some remediation and cause other - // problems. - if (!this.isCurrent) { - log.info("An accountState promise was rejected, but we are ignoring that" + - "reason and rejecting it due to a different user being signed in." + - "Originally rejected with", error); - return Promise.reject(new Error("A different user signed in")); - } - return Promise.reject(error); - }, - - // Abstractions for storage of cached tokens - these are all sync, and don't - // handle revocation etc - it's just storage (and the storage itself is async, - // but we don't return the storage promises, so it *looks* sync) - // These functions are sync simply so we can handle "token races" - when there - // are multiple in-flight requests for the same scope, we can detect this - // and revoke the redundant token. - - // A preamble for the cache helpers... - _cachePreamble() { - if (!this.isCurrent) { - throw new Error("Another user has signed in"); - } - }, - - // Set a cached token. |tokenData| must have a 'token' element, but may also - // have additional fields (eg, it probably specifies the server to revoke - // from). The 'get' functions below return the entire |tokenData| value. - setCachedToken(scopeArray, tokenData) { - this._cachePreamble(); - if (!tokenData.token) { - throw new Error("No token"); - } - let key = getScopeKey(scopeArray); - this.oauthTokens[key] = tokenData; - // And a background save... - this._persistCachedTokens(); - }, - - // Return data for a cached token or null (or throws on bad state etc) - getCachedToken(scopeArray) { - this._cachePreamble(); - let key = getScopeKey(scopeArray); - let result = this.oauthTokens[key]; - if (result) { - // later we might want to check an expiry date - but we currently - // have no such concept, so just return it. - log.trace("getCachedToken returning cached token"); - return result; - } - return null; - }, - - // Remove a cached token from the cache. Does *not* revoke it from anywhere. - // Returns the entire token entry if found, null otherwise. - removeCachedToken(token) { - this._cachePreamble(); - let data = this.oauthTokens; - for (let [key, tokenValue] of Object.entries(data)) { - if (tokenValue.token == token) { - delete data[key]; - // And a background save... - this._persistCachedTokens(); - return tokenValue; - } - } - return null; - }, - - // A hook-point for tests. Returns a promise that's ignored in most cases - // (notable exceptions are tests and when we explicitly are saving the entire - // set of user data.) - _persistCachedTokens() { - this._cachePreamble(); - return this.updateUserAccountData({ oauthTokens: this.oauthTokens }).catch(err => { - log.error("Failed to update cached tokens", err); - }); - }, -} - -/* Given an array of scopes, make a string key by normalizing. */ -function getScopeKey(scopeArray) { - let normalizedScopes = scopeArray.map(item => item.toLowerCase()); - return normalizedScopes.sort().join("|"); -} - -/** - * Copies properties from a given object to another object. - * - * @param from (object) - * The object we read property descriptors from. - * @param to (object) - * The object that we set property descriptors on. - * @param options (object) (optional) - * {keys: [...]} - * Lets the caller pass the names of all properties they want to be - * copied. Will copy all properties of the given source object by - * default. - * {bind: object} - * Lets the caller specify the object that will be used to .bind() - * all function properties we find to. Will bind to the given target - * object by default. - */ -function copyObjectProperties(from, to, opts = {}) { - let keys = (opts && opts.keys) || Object.keys(from); - let thisArg = (opts && opts.bind) || to; - - for (let prop of keys) { - let desc = Object.getOwnPropertyDescriptor(from, prop); - - if (typeof(desc.value) == "function") { - desc.value = desc.value.bind(thisArg); - } - - if (desc.get) { - desc.get = desc.get.bind(thisArg); - } - - if (desc.set) { - desc.set = desc.set.bind(thisArg); - } - - Object.defineProperty(to, prop, desc); - } -} - -function urlsafeBase64Encode(key) { - return ChromeUtils.base64URLEncode(new Uint8Array(key), { pad: false }); -} - -/** - * The public API's constructor. - */ -this.FxAccounts = function (mockInternal) { - let internal = new FxAccountsInternal(); - let external = {}; - - // Copy all public properties to the 'external' object. - let prototype = FxAccountsInternal.prototype; - let options = {keys: publicProperties, bind: internal}; - copyObjectProperties(prototype, external, options); - - // Copy all of the mock's properties to the internal object. - if (mockInternal && !mockInternal.onlySetInternal) { - copyObjectProperties(mockInternal, internal); - } - - if (mockInternal) { - // Exposes the internal object for testing only. - external.internal = internal; - } - - if (!internal.fxaPushService) { - // internal.fxaPushService option is used in testing. - // Otherwise we load the service lazily. - XPCOMUtils.defineLazyGetter(internal, "fxaPushService", function () { - return Components.classes["@mozilla.org/fxaccounts/push;1"] - .getService(Components.interfaces.nsISupports) - .wrappedJSObject; - }); - } - - // wait until after the mocks are setup before initializing. - internal.initialize(); - - return Object.freeze(external); -} - -/** - * The internal API's constructor. - */ -function FxAccountsInternal() { - // Make a local copy of this constant so we can mock it in testing - this.POLL_SESSION = POLL_SESSION; - - // All significant initialization should be done in the initialize() method - // below as it helps with testing. -} - -/** - * The internal API's prototype. - */ -FxAccountsInternal.prototype = { - // The timeout (in ms) we use to poll for a verified mail for the first 2 mins. - VERIFICATION_POLL_TIMEOUT_INITIAL: 15000, // 15 seconds - // And how often we poll after the first 2 mins. - VERIFICATION_POLL_TIMEOUT_SUBSEQUENT: 30000, // 30 seconds. - // The current version of the device registration, we use this to re-register - // devices after we update what we send on device registration. - DEVICE_REGISTRATION_VERSION: 2, - - _fxAccountsClient: null, - - // All significant initialization should be done in this initialize() method, - // as it's called after this object has been mocked for tests. - initialize() { - this.currentTimer = null; - this.currentAccountState = this.newAccountState(); - }, - - get fxAccountsClient() { - if (!this._fxAccountsClient) { - this._fxAccountsClient = new FxAccountsClient(); - } - return this._fxAccountsClient; - }, - - // The profile object used to fetch the actual user profile. - _profile: null, - get profile() { - if (!this._profile) { - let profileServerUrl = Services.urlFormatter.formatURLPref("identity.fxaccounts.remote.profile.uri"); - this._profile = new FxAccountsProfile({ - fxa: this, - profileServerUrl: profileServerUrl, - }); - } - return this._profile; - }, - - // A hook-point for tests who may want a mocked AccountState or mocked storage. - newAccountState(credentials) { - let storage = new FxAccountsStorageManager(); - storage.initialize(credentials); - return new AccountState(storage); - }, - - /** - * Send a message to a set of devices in the same account - * - * @return Promise - */ - notifyDevices: function(deviceIds, payload, TTL) { - if (!Array.isArray(deviceIds)) { - deviceIds = [deviceIds]; - } - return this.currentAccountState.getUserAccountData() - .then(data => { - if (!data) { - throw this._error(ERROR_NO_ACCOUNT); - } - if (!data.sessionToken) { - throw this._error(ERROR_AUTH_ERROR, - "notifyDevices called without a session token"); - } - return this.fxAccountsClient.notifyDevices(data.sessionToken, deviceIds, - payload, TTL); - }); - }, - - /** - * Return the current time in milliseconds as an integer. Allows tests to - * manipulate the date to simulate certificate expiration. - */ - now: function() { - return this.fxAccountsClient.now(); - }, - - getAccountsClient: function() { - return this.fxAccountsClient; - }, - - /** - * Return clock offset in milliseconds, as reported by the fxAccountsClient. - * This can be overridden for testing. - * - * The offset is the number of milliseconds that must be added to the client - * clock to make it equal to the server clock. For example, if the client is - * five minutes ahead of the server, the localtimeOffsetMsec will be -300000. - */ - get localtimeOffsetMsec() { - return this.fxAccountsClient.localtimeOffsetMsec; - }, - - /** - * Ask the server whether the user's email has been verified - */ - checkEmailStatus: function checkEmailStatus(sessionToken, options = {}) { - if (!sessionToken) { - return Promise.reject(new Error( - "checkEmailStatus called without a session token")); - } - return this.fxAccountsClient.recoveryEmailStatus(sessionToken, - options).catch(error => this._handleTokenError(error)); - }, - - /** - * Once the user's email is verified, we can request the keys - */ - fetchKeys: function fetchKeys(keyFetchToken) { - log.debug("fetchKeys: " + !!keyFetchToken); - if (logPII) { - log.debug("fetchKeys - the token is " + keyFetchToken); - } - return this.fxAccountsClient.accountKeys(keyFetchToken); - }, - - // set() makes sure that polling is happening, if necessary. - // get() does not wait for verification, and returns an object even if - // unverified. The caller of get() must check .verified . - // The "fxaccounts:onverified" event will fire only when the verified - // state goes from false to true, so callers must register their observer - // and then call get(). In particular, it will not fire when the account - // was found to be verified in a previous boot: if our stored state says - // the account is verified, the event will never fire. So callers must do: - // register notification observer (go) - // userdata = get() - // if (userdata.verified()) {go()} - - /** - * Get the user currently signed in to Firefox Accounts. - * - * @return Promise - * The promise resolves to the credentials object of the signed-in user: - * { - * email: The user's email address - * uid: The user's unique id - * sessionToken: Session for the FxA server - * kA: An encryption key from the FxA server - * kB: An encryption key derived from the user's FxA password - * verified: email verification status - * authAt: The time (seconds since epoch) that this record was - * authenticated - * } - * or null if no user is signed in. - */ - getSignedInUser: function getSignedInUser() { - let currentState = this.currentAccountState; - return currentState.getUserAccountData().then(data => { - if (!data) { - return null; - } - if (!this.isUserEmailVerified(data)) { - // If the email is not verified, start polling for verification, - // but return null right away. We don't want to return a promise - // that might not be fulfilled for a long time. - this.startVerifiedCheck(data); - } - return data; - }).then(result => currentState.resolve(result)); - }, - - /** - * Set the current user signed in to Firefox Accounts. - * - * @param credentials - * The credentials object obtained by logging in or creating - * an account on the FxA server: - * { - * authAt: The time (seconds since epoch) that this record was - * authenticated - * email: The users email address - * keyFetchToken: a keyFetchToken which has not yet been used - * sessionToken: Session for the FxA server - * uid: The user's unique id - * unwrapBKey: used to unwrap kB, derived locally from the - * password (not revealed to the FxA server) - * verified: true/false - * } - * @return Promise - * The promise resolves to null when the data is saved - * successfully and is rejected on error. - */ - setSignedInUser: function setSignedInUser(credentials) { - log.debug("setSignedInUser - aborting any existing flows"); - return this.abortExistingFlow().then(() => { - let currentAccountState = this.currentAccountState = this.newAccountState( - Cu.cloneInto(credentials, {}) // Pass a clone of the credentials object. - ); - // This promise waits for storage, but not for verification. - // We're telling the caller that this is durable now (although is that - // really something we should commit to? Why not let the write happen in - // the background? Already does for updateAccountData ;) - return currentAccountState.promiseInitialized.then(() => { - // Starting point for polling if new user - if (!this.isUserEmailVerified(credentials)) { - this.startVerifiedCheck(credentials); - } - - return this.updateDeviceRegistration(); - }).then(() => { - Services.telemetry.getHistogramById("FXA_CONFIGURED").add(1); - this.notifyObservers(ONLOGIN_NOTIFICATION); - }).then(() => { - return currentAccountState.resolve(); - }); - }) - }, - - /** - * Update account data for the currently signed in user. - * - * @param credentials - * The credentials object containing the fields to be updated. - * This object must contain |email| and |uid| fields and they must - * match the currently signed in user. - */ - updateUserAccountData(credentials) { - log.debug("updateUserAccountData called with fields", Object.keys(credentials)); - if (logPII) { - log.debug("updateUserAccountData called with data", credentials); - } - let currentAccountState = this.currentAccountState; - return currentAccountState.promiseInitialized.then(() => { - return currentAccountState.getUserAccountData(["email", "uid"]); - }).then(existing => { - if (existing.email != credentials.email || existing.uid != credentials.uid) { - throw new Error("The specified credentials aren't for the current user"); - } - // We need to nuke email and uid as storage will complain if we try and - // update them (even when the value is the same) - credentials = Cu.cloneInto(credentials, {}); // clone it first - delete credentials.email; - delete credentials.uid; - return currentAccountState.updateUserAccountData(credentials); - }); - }, - - /** - * returns a promise that fires with the assertion. If there is no verified - * signed-in user, fires with null. - */ - getAssertion: function getAssertion(audience) { - return this._getAssertion(audience); - }, - - // getAssertion() is "public" so screws with our mock story. This - // implementation method *can* be (and is) mocked by tests. - _getAssertion: function _getAssertion(audience) { - log.debug("enter getAssertion()"); - let currentState = this.currentAccountState; - return currentState.getUserAccountData().then(data => { - if (!data) { - // No signed-in user - return null; - } - if (!this.isUserEmailVerified(data)) { - // Signed-in user has not verified email - return null; - } - if (!data.sessionToken) { - // can't get a signed certificate without a session token. This - // can happen if we request an assertion after clearing an invalid - // session token from storage. - throw this._error(ERROR_AUTH_ERROR, "getAssertion called without a session token"); - } - return this.getKeypairAndCertificate(currentState).then( - ({keyPair, certificate}) => { - return this.getAssertionFromCert(data, keyPair, certificate, audience); - } - ); - }).catch(err => - this._handleTokenError(err) - ).then(result => currentState.resolve(result)); - }, - - /** - * Invalidate the FxA certificate, so that it will be refreshed from the server - * the next time it is needed. - */ - invalidateCertificate() { - return this.currentAccountState.updateUserAccountData({ cert: null }); - }, - - getDeviceId() { - return this.currentAccountState.getUserAccountData() - .then(data => { - if (data) { - if (!data.deviceId || !data.deviceRegistrationVersion || - data.deviceRegistrationVersion < this.DEVICE_REGISTRATION_VERSION) { - // There is no device id or the device registration is outdated. - // Either way, we should register the device with FxA - // before returning the id to the caller. - return this._registerOrUpdateDevice(data); - } - - // Return the device id that we already registered with the server. - return data.deviceId; - } - - // Without a signed-in user, there can be no device id. - return null; - }); - }, - - /** - * Resend the verification email fot the currently signed-in user. - * - */ - resendVerificationEmail: function resendVerificationEmail() { - let currentState = this.currentAccountState; - return this.getSignedInUser().then(data => { - // If the caller is asking for verification to be re-sent, and there is - // no signed-in user to begin with, this is probably best regarded as an - // error. - if (data) { - if (!data.sessionToken) { - return Promise.reject(new Error( - "resendVerificationEmail called without a session token")); - } - this.pollEmailStatus(currentState, data.sessionToken, "start"); - return this.fxAccountsClient.resendVerificationEmail( - data.sessionToken).catch(err => this._handleTokenError(err)); - } - throw new Error("Cannot resend verification email; no signed-in user"); - }); - }, - - /* - * Reset state such that any previous flow is canceled. - */ - abortExistingFlow: function abortExistingFlow() { - if (this.currentTimer) { - log.debug("Polling aborted; Another user signing in"); - clearTimeout(this.currentTimer); - this.currentTimer = 0; - } - if (this._profile) { - this._profile.tearDown(); - this._profile = null; - } - // We "abort" the accountState and assume our caller is about to throw it - // away and replace it with a new one. - return this.currentAccountState.abort(); - }, - - accountStatus: function accountStatus() { - return this.currentAccountState.getUserAccountData().then(data => { - if (!data) { - return false; - } - return this.fxAccountsClient.accountStatus(data.uid); - }); - }, - - checkVerificationStatus: function() { - log.trace('checkVerificationStatus'); - let currentState = this.currentAccountState; - return currentState.getUserAccountData().then(data => { - if (!data) { - log.trace("checkVerificationStatus - no user data"); - return null; - } - - // Always check the verification status, even if the local state indicates - // we're already verified. If the user changed their password, the check - // will fail, and we'll enter the reauth state. - log.trace("checkVerificationStatus - forcing verification status check"); - return this.pollEmailStatus(currentState, data.sessionToken, "push"); - }); - }, - - _destroyOAuthToken: function(tokenData) { - let client = new FxAccountsOAuthGrantClient({ - serverURL: tokenData.server, - client_id: FX_OAUTH_CLIENT_ID - }); - return client.destroyToken(tokenData.token) - }, - - _destroyAllOAuthTokens: function(tokenInfos) { - // let's just destroy them all in parallel... - let promises = []; - for (let [key, tokenInfo] of Object.entries(tokenInfos || {})) { - promises.push(this._destroyOAuthToken(tokenInfo)); - } - return Promise.all(promises); - }, - - signOut: function signOut(localOnly) { - let currentState = this.currentAccountState; - let sessionToken; - let tokensToRevoke; - let deviceId; - return currentState.getUserAccountData().then(data => { - // Save the session token, tokens to revoke and the - // device id for use in the call to signOut below. - if (data) { - sessionToken = data.sessionToken; - tokensToRevoke = data.oauthTokens; - deviceId = data.deviceId; - } - return this._signOutLocal(); - }).then(() => { - // FxAccountsManager calls here, then does its own call - // to FxAccountsClient.signOut(). - if (!localOnly) { - // Wrap this in a promise so *any* errors in signOut won't - // block the local sign out. This is *not* returned. - Promise.resolve().then(() => { - // This can happen in the background and shouldn't block - // the user from signing out. The server must tolerate - // clients just disappearing, so this call should be best effort. - if (sessionToken) { - return this._signOutServer(sessionToken, deviceId); - } - log.warn("Missing session token; skipping remote sign out"); - }).catch(err => { - log.error("Error during remote sign out of Firefox Accounts", err); - }).then(() => { - return this._destroyAllOAuthTokens(tokensToRevoke); - }).catch(err => { - log.error("Error during destruction of oauth tokens during signout", err); - }).then(() => { - FxAccountsConfig.resetConfigURLs(); - // just for testing - notifications are cheap when no observers. - this.notifyObservers("testhelper-fxa-signout-complete"); - }) - } else { - // We want to do this either way -- but if we're signing out remotely we - // need to wait until we destroy the oauth tokens if we want that to succeed. - FxAccountsConfig.resetConfigURLs(); - } - }).then(() => { - this.notifyObservers(ONLOGOUT_NOTIFICATION); - }); - }, - - /** - * This function should be called in conjunction with a server-side - * signOut via FxAccountsClient. - */ - _signOutLocal: function signOutLocal() { - let currentAccountState = this.currentAccountState; - return currentAccountState.signOut().then(() => { - // this "aborts" this.currentAccountState but doesn't make a new one. - return this.abortExistingFlow(); - }).then(() => { - this.currentAccountState = this.newAccountState(); - return this.currentAccountState.promiseInitialized; - }); - }, - - _signOutServer(sessionToken, deviceId) { - // For now we assume the service being logged out from is Sync, so - // we must tell the server to either destroy the device or sign out - // (if no device exists). We might need to revisit this when this - // FxA code is used in a context that isn't Sync. - - const options = { service: "sync" }; - - if (deviceId) { - log.debug("destroying device and session"); - return this.fxAccountsClient.signOutAndDestroyDevice(sessionToken, deviceId, options); - } - - log.debug("destroying session"); - return this.fxAccountsClient.signOut(sessionToken, options); - }, - - /** - * Check the status of the current session using cached credentials. - * - * @return Promise - * Resolves with a boolean indicating if the session is still valid - */ - sessionStatus() { - return this.getSignedInUser().then(data => { - if (!data.sessionToken) { - return Promise.reject(new Error( - "sessionStatus called without a session token")); - } - return this.fxAccountsClient.sessionStatus(data.sessionToken); - }); - }, - - /** - * Fetch encryption keys for the signed-in-user from the FxA API server. - * - * Not for user consumption. Exists to cause the keys to be fetch. - * - * Returns user data so that it can be chained with other methods. - * - * @return Promise - * The promise resolves to the credentials object of the signed-in user: - * { - * email: The user's email address - * uid: The user's unique id - * sessionToken: Session for the FxA server - * kA: An encryption key from the FxA server - * kB: An encryption key derived from the user's FxA password - * verified: email verification status - * } - * or null if no user is signed in - */ - getKeys: function() { - let currentState = this.currentAccountState; - return currentState.getUserAccountData().then((userData) => { - if (!userData) { - throw new Error("Can't get keys; User is not signed in"); - } - if (userData.kA && userData.kB) { - return userData; - } - if (!currentState.whenKeysReadyDeferred) { - currentState.whenKeysReadyDeferred = Promise.defer(); - if (userData.keyFetchToken) { - this.fetchAndUnwrapKeys(userData.keyFetchToken).then( - (dataWithKeys) => { - if (!dataWithKeys.kA || !dataWithKeys.kB) { - currentState.whenKeysReadyDeferred.reject( - new Error("user data missing kA or kB") - ); - return; - } - currentState.whenKeysReadyDeferred.resolve(dataWithKeys); - }, - (err) => { - currentState.whenKeysReadyDeferred.reject(err); - } - ); - } else { - currentState.whenKeysReadyDeferred.reject('No keyFetchToken'); - } - } - return currentState.whenKeysReadyDeferred.promise; - }).catch(err => - this._handleTokenError(err) - ).then(result => currentState.resolve(result)); - }, - - fetchAndUnwrapKeys: function(keyFetchToken) { - if (logPII) { - log.debug("fetchAndUnwrapKeys: token: " + keyFetchToken); - } - let currentState = this.currentAccountState; - return Task.spawn(function* task() { - // Sign out if we don't have a key fetch token. - if (!keyFetchToken) { - log.warn("improper fetchAndUnwrapKeys() call: token missing"); - yield this.signOut(); - return null; - } - - let {kA, wrapKB} = yield this.fetchKeys(keyFetchToken); - - let data = yield currentState.getUserAccountData(); - - // Sanity check that the user hasn't changed out from under us - if (data.keyFetchToken !== keyFetchToken) { - throw new Error("Signed in user changed while fetching keys!"); - } - - // Next statements must be synchronous until we setUserAccountData - // so that we don't risk getting into a weird state. - let kB_hex = CryptoUtils.xor(CommonUtils.hexToBytes(data.unwrapBKey), - wrapKB); - - if (logPII) { - log.debug("kB_hex: " + kB_hex); - } - let updateData = { - kA: CommonUtils.bytesAsHex(kA), - kB: CommonUtils.bytesAsHex(kB_hex), - keyFetchToken: null, // null values cause the item to be removed. - unwrapBKey: null, - } - - log.debug("Keys Obtained: kA=" + !!updateData.kA + ", kB=" + !!updateData.kB); - if (logPII) { - log.debug("Keys Obtained: kA=" + updateData.kA + ", kB=" + updateData.kB); - } - - yield currentState.updateUserAccountData(updateData); - // We are now ready for business. This should only be invoked once - // per setSignedInUser(), regardless of whether we've rebooted since - // setSignedInUser() was called. - this.notifyObservers(ONVERIFIED_NOTIFICATION); - return currentState.getUserAccountData(); - }.bind(this)).then(result => currentState.resolve(result)); - }, - - getAssertionFromCert: function(data, keyPair, cert, audience) { - log.debug("getAssertionFromCert"); - let payload = {}; - let d = Promise.defer(); - let options = { - duration: ASSERTION_LIFETIME, - localtimeOffsetMsec: this.localtimeOffsetMsec, - now: this.now() - }; - let currentState = this.currentAccountState; - // "audience" should look like "http://123done.org". - // The generated assertion will expire in two minutes. - jwcrypto.generateAssertion(cert, keyPair, audience, options, (err, signed) => { - if (err) { - log.error("getAssertionFromCert: " + err); - d.reject(err); - } else { - log.debug("getAssertionFromCert returning signed: " + !!signed); - if (logPII) { - log.debug("getAssertionFromCert returning signed: " + signed); - } - d.resolve(signed); - } - }); - return d.promise.then(result => currentState.resolve(result)); - }, - - getCertificateSigned: function(sessionToken, serializedPublicKey, lifetime) { - log.debug("getCertificateSigned: " + !!sessionToken + " " + !!serializedPublicKey); - if (logPII) { - log.debug("getCertificateSigned: " + sessionToken + " " + serializedPublicKey); - } - return this.fxAccountsClient.signCertificate( - sessionToken, - JSON.parse(serializedPublicKey), - lifetime - ); - }, - - /** - * returns a promise that fires with {keyPair, certificate}. - */ - getKeypairAndCertificate: Task.async(function* (currentState) { - // If the debugging pref to ignore cached authentication credentials is set for Sync, - // then don't use any cached key pair/certificate, i.e., generate a new - // one and get it signed. - // The purpose of this pref is to expedite any auth errors as the result of a - // expired or revoked FxA session token, e.g., from resetting or changing the FxA - // password. - let ignoreCachedAuthCredentials = false; - try { - ignoreCachedAuthCredentials = Services.prefs.getBoolPref("services.sync.debug.ignoreCachedAuthCredentials"); - } catch(e) { - // Pref doesn't exist - } - let mustBeValidUntil = this.now() + ASSERTION_USE_PERIOD; - let accountData = yield currentState.getUserAccountData(["cert", "keyPair", "sessionToken"]); - - let keyPairValid = !ignoreCachedAuthCredentials && - accountData.keyPair && - (accountData.keyPair.validUntil > mustBeValidUntil); - let certValid = !ignoreCachedAuthCredentials && - accountData.cert && - (accountData.cert.validUntil > mustBeValidUntil); - // TODO: get the lifetime from the cert's .exp field - if (keyPairValid && certValid) { - log.debug("getKeypairAndCertificate: already have keyPair and certificate"); - return { - keyPair: accountData.keyPair.rawKeyPair, - certificate: accountData.cert.rawCert - } - } - // We are definately going to generate a new cert, either because it has - // already expired, or the keyPair has - and a new keyPair means we must - // generate a new cert. - - // A keyPair has a longer lifetime than a cert, so it's possible we will - // have a valid keypair but an expired cert, which means we can skip - // keypair generation. - // Either way, the cert will require hitting the network, so bail now if - // we know that's going to fail. - if (Services.io.offline) { - throw new Error(ERROR_OFFLINE); - } - - let keyPair; - if (keyPairValid) { - keyPair = accountData.keyPair; - } else { - let keyWillBeValidUntil = this.now() + KEY_LIFETIME; - keyPair = yield new Promise((resolve, reject) => { - jwcrypto.generateKeyPair("DS160", (err, kp) => { - if (err) { - return reject(err); - } - log.debug("got keyPair"); - resolve({ - rawKeyPair: kp, - validUntil: keyWillBeValidUntil, - }); - }); - }); - } - - // and generate the cert. - let certWillBeValidUntil = this.now() + CERT_LIFETIME; - let certificate = yield this.getCertificateSigned(accountData.sessionToken, - keyPair.rawKeyPair.serializedPublicKey, - CERT_LIFETIME); - log.debug("getCertificate got a new one: " + !!certificate); - if (certificate) { - // Cache both keypair and cert. - let toUpdate = { - keyPair, - cert: { - rawCert: certificate, - validUntil: certWillBeValidUntil, - }, - }; - yield currentState.updateUserAccountData(toUpdate); - } - return { - keyPair: keyPair.rawKeyPair, - certificate: certificate, - } - }), - - getUserAccountData: function() { - return this.currentAccountState.getUserAccountData(); - }, - - isUserEmailVerified: function isUserEmailVerified(data) { - return !!(data && data.verified); - }, - - /** - * Setup for and if necessary do email verification polling. - */ - loadAndPoll: function() { - let currentState = this.currentAccountState; - return currentState.getUserAccountData() - .then(data => { - if (data) { - Services.telemetry.getHistogramById("FXA_CONFIGURED").add(1); - if (!this.isUserEmailVerified(data)) { - this.pollEmailStatus(currentState, data.sessionToken, "start"); - } - } - return data; - }); - }, - - startVerifiedCheck: function(data) { - log.debug("startVerifiedCheck", data && data.verified); - if (logPII) { - log.debug("startVerifiedCheck with user data", data); - } - - // Get us to the verified state, then get the keys. This returns a promise - // that will fire when we are completely ready. - // - // Login is truly complete once keys have been fetched, so once getKeys() - // obtains and stores kA and kB, it will fire the onverified observer - // notification. - - // The callers of startVerifiedCheck never consume a returned promise (ie, - // this is simply kicking off a background fetch) so we must add a rejection - // handler to avoid runtime warnings about the rejection not being handled. - this.whenVerified(data).then( - () => this.getKeys(), - err => log.info("startVerifiedCheck promise was rejected: " + err) - ); - }, - - whenVerified: function(data) { - let currentState = this.currentAccountState; - if (data.verified) { - log.debug("already verified"); - return currentState.resolve(data); - } - if (!currentState.whenVerifiedDeferred) { - log.debug("whenVerified promise starts polling for verified email"); - this.pollEmailStatus(currentState, data.sessionToken, "start"); - } - return currentState.whenVerifiedDeferred.promise.then( - result => currentState.resolve(result) - ); - }, - - notifyObservers: function(topic, data) { - log.debug("Notifying observers of " + topic); - Services.obs.notifyObservers(null, topic, data); - }, - - // XXX - pollEmailStatus should maybe be on the AccountState object? - pollEmailStatus: function pollEmailStatus(currentState, sessionToken, why) { - log.debug("entering pollEmailStatus: " + why); - if (why == "start" || why == "push") { - if (this.currentTimer) { - log.debug("pollEmailStatus starting while existing timer is running"); - clearTimeout(this.currentTimer); - this.currentTimer = null; - } - - // If we were already polling, stop and start again. This could happen - // if the user requested the verification email to be resent while we - // were already polling for receipt of an earlier email. - this.pollStartDate = Date.now(); - if (!currentState.whenVerifiedDeferred) { - currentState.whenVerifiedDeferred = Promise.defer(); - // This deferred might not end up with any handlers (eg, if sync - // is yet to start up.) This might cause "A promise chain failed to - // handle a rejection" messages, so add an error handler directly - // on the promise to log the error. - currentState.whenVerifiedDeferred.promise.then(null, err => { - log.info("the wait for user verification was stopped: " + err); - }); - } - } - - // We return a promise for testing only. Other callers can ignore this, - // since verification polling continues in the background. - return this.checkEmailStatus(sessionToken, { reason: why }) - .then((response) => { - log.debug("checkEmailStatus -> " + JSON.stringify(response)); - if (response && response.verified) { - currentState.updateUserAccountData({ verified: true }) - .then(() => { - return currentState.getUserAccountData(); - }) - .then(data => { - // Now that the user is verified, we can proceed to fetch keys - if (currentState.whenVerifiedDeferred) { - currentState.whenVerifiedDeferred.resolve(data); - delete currentState.whenVerifiedDeferred; - } - // Tell FxAccountsManager to clear its cache - this.notifyObservers(ON_FXA_UPDATE_NOTIFICATION, ONVERIFIED_NOTIFICATION); - }); - } else { - // Poll email status again after a short delay. - this.pollEmailStatusAgain(currentState, sessionToken); - } - }, error => { - let timeoutMs = undefined; - if (error && error.retryAfter) { - // If the server told us to back off, back off the requested amount. - timeoutMs = (error.retryAfter + 3) * 1000; - } - // The server will return 401 if a request parameter is erroneous or - // if the session token expired. Let's continue polling otherwise. - if (!error || !error.code || error.code != 401) { - this.pollEmailStatusAgain(currentState, sessionToken, timeoutMs); - } else { - let error = new Error("Verification status check failed"); - this._rejectWhenVerified(currentState, error); - } - }); - }, - - _rejectWhenVerified(currentState, error) { - currentState.whenVerifiedDeferred.reject(error); - delete currentState.whenVerifiedDeferred; - }, - - // Poll email status using truncated exponential back-off. - pollEmailStatusAgain: function (currentState, sessionToken, timeoutMs) { - let ageMs = Date.now() - this.pollStartDate; - if (ageMs >= this.POLL_SESSION) { - if (currentState.whenVerifiedDeferred) { - let error = new Error("User email verification timed out."); - this._rejectWhenVerified(currentState, error); - } - log.debug("polling session exceeded, giving up"); - return; - } - if (timeoutMs === undefined) { - let currentMinute = Math.ceil(ageMs / 60000); - timeoutMs = currentMinute <= 2 ? this.VERIFICATION_POLL_TIMEOUT_INITIAL - : this.VERIFICATION_POLL_TIMEOUT_SUBSEQUENT; - } - log.debug("polling with timeout = " + timeoutMs); - this.currentTimer = setTimeout(() => { - this.pollEmailStatus(currentState, sessionToken, "timer"); - }, timeoutMs); - }, - - requiresHttps: function() { - let allowHttp = false; - try { - allowHttp = Services.prefs.getBoolPref("identity.fxaccounts.allowHttp"); - } catch(e) { - // Pref doesn't exist - } - return allowHttp !== true; - }, - - promiseAccountsSignUpURI() { - return FxAccountsConfig.promiseAccountsSignUpURI(); - }, - - promiseAccountsSignInURI() { - return FxAccountsConfig.promiseAccountsSignInURI(); - }, - - // Returns a promise that resolves with the URL to use to force a re-signin - // of the current account. - promiseAccountsForceSigninURI: Task.async(function *() { - yield FxAccountsConfig.ensureConfigured(); - let url = Services.urlFormatter.formatURLPref("identity.fxaccounts.remote.force_auth.uri"); - if (this.requiresHttps() && !/^https:/.test(url)) { // Comment to un-break emacs js-mode highlighting - throw new Error("Firefox Accounts server must use HTTPS"); - } - let currentState = this.currentAccountState; - // but we need to append the email address onto a query string. - return this.getSignedInUser().then(accountData => { - if (!accountData) { - return null; - } - let newQueryPortion = url.indexOf("?") == -1 ? "?" : "&"; - newQueryPortion += "email=" + encodeURIComponent(accountData.email); - return url + newQueryPortion; - }).then(result => currentState.resolve(result)); - }), - - // Returns a promise that resolves with the URL to use to change - // the current account's profile image. - // if settingToEdit is set, the profile page should hightlight that setting - // for the user to edit. - promiseAccountsChangeProfileURI: function(entrypoint, settingToEdit = null) { - let url = Services.urlFormatter.formatURLPref("identity.fxaccounts.settings.uri"); - - if (settingToEdit) { - url += (url.indexOf("?") == -1 ? "?" : "&") + - "setting=" + encodeURIComponent(settingToEdit); - } - - if (this.requiresHttps() && !/^https:/.test(url)) { // Comment to un-break emacs js-mode highlighting - throw new Error("Firefox Accounts server must use HTTPS"); - } - let currentState = this.currentAccountState; - // but we need to append the email address onto a query string. - return this.getSignedInUser().then(accountData => { - if (!accountData) { - return null; - } - let newQueryPortion = url.indexOf("?") == -1 ? "?" : "&"; - newQueryPortion += "email=" + encodeURIComponent(accountData.email); - newQueryPortion += "&uid=" + encodeURIComponent(accountData.uid); - if (entrypoint) { - newQueryPortion += "&entrypoint=" + encodeURIComponent(entrypoint); - } - return url + newQueryPortion; - }).then(result => currentState.resolve(result)); - }, - - // Returns a promise that resolves with the URL to use to manage the current - // user's FxA acct. - promiseAccountsManageURI: function(entrypoint) { - let url = Services.urlFormatter.formatURLPref("identity.fxaccounts.settings.uri"); - if (this.requiresHttps() && !/^https:/.test(url)) { // Comment to un-break emacs js-mode highlighting - throw new Error("Firefox Accounts server must use HTTPS"); - } - let currentState = this.currentAccountState; - // but we need to append the uid and email address onto a query string - // (if the server has no matching uid it will offer to sign in with the - // email address) - return this.getSignedInUser().then(accountData => { - if (!accountData) { - return null; - } - let newQueryPortion = url.indexOf("?") == -1 ? "?" : "&"; - newQueryPortion += "uid=" + encodeURIComponent(accountData.uid) + - "&email=" + encodeURIComponent(accountData.email); - if (entrypoint) { - newQueryPortion += "&entrypoint=" + encodeURIComponent(entrypoint); - } - return url + newQueryPortion; - }).then(result => currentState.resolve(result)); - }, - - /** - * Get an OAuth token for the user - * - * @param options - * { - * scope: (string/array) the oauth scope(s) being requested. As a - * convenience, you may pass a string if only one scope is - * required, or an array of strings if multiple are needed. - * } - * - * @return Promise.<string | Error> - * The promise resolves the oauth token as a string or rejects with - * an error object ({error: ERROR, details: {}}) of the following: - * INVALID_PARAMETER - * NO_ACCOUNT - * UNVERIFIED_ACCOUNT - * NETWORK_ERROR - * AUTH_ERROR - * UNKNOWN_ERROR - */ - getOAuthToken: Task.async(function* (options = {}) { - log.debug("getOAuthToken enter"); - let scope = options.scope; - if (typeof scope === "string") { - scope = [scope]; - } - - if (!scope || !scope.length) { - throw this._error(ERROR_INVALID_PARAMETER, "Missing or invalid 'scope' option"); - } - - yield this._getVerifiedAccountOrReject(); - - // Early exit for a cached token. - let currentState = this.currentAccountState; - let cached = currentState.getCachedToken(scope); - if (cached) { - log.debug("getOAuthToken returning a cached token"); - return cached.token; - } - - // We are going to hit the server - this is the string we pass to it. - let scopeString = scope.join(" "); - let client = options.client; - - if (!client) { - try { - let defaultURL = Services.urlFormatter.formatURLPref("identity.fxaccounts.remote.oauth.uri"); - client = new FxAccountsOAuthGrantClient({ - serverURL: defaultURL, - client_id: FX_OAUTH_CLIENT_ID - }); - } catch (e) { - throw this._error(ERROR_INVALID_PARAMETER, e); - } - } - let oAuthURL = client.serverURL.href; - - try { - log.debug("getOAuthToken fetching new token from", oAuthURL); - let assertion = yield this.getAssertion(oAuthURL); - let result = yield client.getTokenFromAssertion(assertion, scopeString); - let token = result.access_token; - // If we got one, cache it. - if (token) { - let entry = {token: token, server: oAuthURL}; - // But before we do, check the cache again - if we find one now, it - // means someone else concurrently requested the same scope and beat - // us to the cache write. To be nice to the server, we revoke the one - // we just got and return the newly cached value. - let cached = currentState.getCachedToken(scope); - if (cached) { - log.debug("Detected a race for this token - revoking the new one."); - this._destroyOAuthToken(entry); - return cached.token; - } - currentState.setCachedToken(scope, entry); - } - return token; - } catch (err) { - throw this._errorToErrorClass(err); - } - }), - - /** - * Remove an OAuth token from the token cache. Callers should call this - * after they determine a token is invalid, so a new token will be fetched - * on the next call to getOAuthToken(). - * - * @param options - * { - * token: (string) A previously fetched token. - * } - * @return Promise.<undefined> This function will always resolve, even if - * an unknown token is passed. - */ - removeCachedOAuthToken: Task.async(function* (options) { - if (!options.token || typeof options.token !== "string") { - throw this._error(ERROR_INVALID_PARAMETER, "Missing or invalid 'token' option"); - } - let currentState = this.currentAccountState; - let existing = currentState.removeCachedToken(options.token); - if (existing) { - // background destroy. - this._destroyOAuthToken(existing).catch(err => { - log.warn("FxA failed to revoke a cached token", err); - }); - } - }), - - _getVerifiedAccountOrReject: Task.async(function* () { - let data = yield this.currentAccountState.getUserAccountData(); - if (!data) { - // No signed-in user - throw this._error(ERROR_NO_ACCOUNT); - } - if (!this.isUserEmailVerified(data)) { - // Signed-in user has not verified email - throw this._error(ERROR_UNVERIFIED_ACCOUNT); - } - }), - - /* - * Coerce an error into one of the general error cases: - * NETWORK_ERROR - * AUTH_ERROR - * UNKNOWN_ERROR - * - * These errors will pass through: - * INVALID_PARAMETER - * NO_ACCOUNT - * UNVERIFIED_ACCOUNT - */ - _errorToErrorClass: function (aError) { - if (aError.errno) { - let error = SERVER_ERRNO_TO_ERROR[aError.errno]; - return this._error(ERROR_TO_GENERAL_ERROR_CLASS[error] || ERROR_UNKNOWN, aError); - } else if (aError.message && - (aError.message === "INVALID_PARAMETER" || - aError.message === "NO_ACCOUNT" || - aError.message === "UNVERIFIED_ACCOUNT" || - aError.message === "AUTH_ERROR")) { - return aError; - } - return this._error(ERROR_UNKNOWN, aError); - }, - - _error: function(aError, aDetails) { - log.error("FxA rejecting with error ${aError}, details: ${aDetails}", {aError, aDetails}); - let reason = new Error(aError); - if (aDetails) { - reason.details = aDetails; - } - return reason; - }, - - /** - * Get the user's account and profile data - * - * @param options - * { - * contentUrl: (string) Used by the FxAccountsWebChannel. - * Defaults to pref identity.fxaccounts.settings.uri - * profileServerUrl: (string) Used by the FxAccountsWebChannel. - * Defaults to pref identity.fxaccounts.remote.profile.uri - * } - * - * @return Promise.<object | Error> - * The promise resolves to an accountData object with extra profile - * information such as profileImageUrl, or rejects with - * an error object ({error: ERROR, details: {}}) of the following: - * INVALID_PARAMETER - * NO_ACCOUNT - * UNVERIFIED_ACCOUNT - * NETWORK_ERROR - * AUTH_ERROR - * UNKNOWN_ERROR - */ - getSignedInUserProfile: function () { - let currentState = this.currentAccountState; - return this.profile.getProfile().then( - profileData => { - let profile = Cu.cloneInto(profileData, {}); - return currentState.resolve(profile); - }, - error => { - log.error("Could not retrieve profile data", error); - return currentState.reject(error); - } - ).catch(err => Promise.reject(this._errorToErrorClass(err))); - }, - - // Attempt to update the auth server with whatever device details are stored - // in the account data. Returns a promise that always resolves, never rejects. - // If the promise resolves to a value, that value is the device id. - updateDeviceRegistration() { - return this.getSignedInUser().then(signedInUser => { - if (signedInUser) { - return this._registerOrUpdateDevice(signedInUser); - } - }).catch(error => this._logErrorAndResetDeviceRegistrationVersion(error)); - }, - - handleDeviceDisconnection(deviceId) { - return this.currentAccountState.getUserAccountData() - .then(data => data ? data.deviceId : null) - .then(localDeviceId => { - if (deviceId == localDeviceId) { - this.notifyObservers(ON_DEVICE_DISCONNECTED_NOTIFICATION, deviceId); - return this.signOut(true); - } - log.error( - "The device ID to disconnect doesn't match with the local device ID.\n" - + "Local: " + localDeviceId + ", ID to disconnect: " + deviceId); - }); - }, - - /** - * Delete all the cached persisted credentials we store for FxA. - * - * @return Promise resolves when the user data has been persisted - */ - resetCredentials() { - // Delete all fields except those required for the user to - // reauthenticate. - let updateData = {}; - let clearField = field => { - if (!FXA_PWDMGR_REAUTH_WHITELIST.has(field)) { - updateData[field] = null; - } - } - FXA_PWDMGR_PLAINTEXT_FIELDS.forEach(clearField); - FXA_PWDMGR_SECURE_FIELDS.forEach(clearField); - FXA_PWDMGR_MEMORY_FIELDS.forEach(clearField); - - let currentState = this.currentAccountState; - return currentState.updateUserAccountData(updateData); - }, - - // If you change what we send to the FxA servers during device registration, - // you'll have to bump the DEVICE_REGISTRATION_VERSION number to force older - // devices to re-register when Firefox updates - _registerOrUpdateDevice(signedInUser) { - try { - // Allow tests to skip device registration because: - // 1. It makes remote requests to the auth server. - // 2. _getDeviceName does not work from xpcshell. - // 3. The B2G tests fail when attempting to import services-sync/util.js. - if (Services.prefs.getBoolPref("identity.fxaccounts.skipDeviceRegistration")) { - return Promise.resolve(); - } - } catch(ignore) {} - - if (!signedInUser.sessionToken) { - return Promise.reject(new Error( - "_registerOrUpdateDevice called without a session token")); - } - - return this.fxaPushService.registerPushEndpoint().then(subscription => { - const deviceName = this._getDeviceName(); - let deviceOptions = {}; - - // if we were able to obtain a subscription - if (subscription && subscription.endpoint) { - deviceOptions.pushCallback = subscription.endpoint; - let publicKey = subscription.getKey('p256dh'); - let authKey = subscription.getKey('auth'); - if (publicKey && authKey) { - deviceOptions.pushPublicKey = urlsafeBase64Encode(publicKey); - deviceOptions.pushAuthKey = urlsafeBase64Encode(authKey); - } - } - - if (signedInUser.deviceId) { - log.debug("updating existing device details"); - return this.fxAccountsClient.updateDevice( - signedInUser.sessionToken, signedInUser.deviceId, deviceName, deviceOptions); - } - - log.debug("registering new device details"); - return this.fxAccountsClient.registerDevice( - signedInUser.sessionToken, deviceName, this._getDeviceType(), deviceOptions); - }).then(device => - this.currentAccountState.updateUserAccountData({ - deviceId: device.id, - deviceRegistrationVersion: this.DEVICE_REGISTRATION_VERSION - }).then(() => device.id) - ).catch(error => this._handleDeviceError(error, signedInUser.sessionToken)); - }, - - _getDeviceName() { - return Utils.getDeviceName(); - }, - - _getDeviceType() { - return Utils.getDeviceType(); - }, - - _handleDeviceError(error, sessionToken) { - return Promise.resolve().then(() => { - if (error.code === 400) { - if (error.errno === ERRNO_UNKNOWN_DEVICE) { - return this._recoverFromUnknownDevice(); - } - - if (error.errno === ERRNO_DEVICE_SESSION_CONFLICT) { - return this._recoverFromDeviceSessionConflict(error, sessionToken); - } - } - - // `_handleTokenError` re-throws the error. - return this._handleTokenError(error); - }).catch(error => - this._logErrorAndResetDeviceRegistrationVersion(error) - ).catch(() => {}); - }, - - _recoverFromUnknownDevice() { - // FxA did not recognise the device id. Handle it by clearing the device - // id on the account data. At next sync or next sign-in, registration is - // retried and should succeed. - log.warn("unknown device id, clearing the local device data"); - return this.currentAccountState.updateUserAccountData({ deviceId: null }) - .catch(error => this._logErrorAndResetDeviceRegistrationVersion(error)); - }, - - _recoverFromDeviceSessionConflict(error, sessionToken) { - // FxA has already associated this session with a different device id. - // Perhaps we were beaten in a race to register. Handle the conflict: - // 1. Fetch the list of devices for the current user from FxA. - // 2. Look for ourselves in the list. - // 3. If we find a match, set the correct device id and device registration - // version on the account data and return the correct device id. At next - // sync or next sign-in, registration is retried and should succeed. - // 4. If we don't find a match, log the original error. - log.warn("device session conflict, attempting to ascertain the correct device id"); - return this.fxAccountsClient.getDeviceList(sessionToken) - .then(devices => { - const matchingDevices = devices.filter(device => device.isCurrentDevice); - const length = matchingDevices.length; - if (length === 1) { - const deviceId = matchingDevices[0].id; - return this.currentAccountState.updateUserAccountData({ - deviceId, - deviceRegistrationVersion: null - }).then(() => deviceId); - } - if (length > 1) { - log.error("insane server state, " + length + " devices for this session"); - } - return this._logErrorAndResetDeviceRegistrationVersion(error); - }).catch(secondError => { - log.error("failed to recover from device-session conflict", secondError); - this._logErrorAndResetDeviceRegistrationVersion(error) - }); - }, - - _logErrorAndResetDeviceRegistrationVersion(error) { - // Device registration should never cause other operations to fail. - // If we've reached this point, just log the error and reset the device - // registration version on the account data. At next sync or next sign-in, - // registration will be retried. - log.error("device registration failed", error); - return this.currentAccountState.updateUserAccountData({ - deviceRegistrationVersion: null - }).catch(secondError => { - log.error( - "failed to reset the device registration version, device registration won't be retried", - secondError); - }).then(() => {}); - }, - - _handleTokenError(err) { - if (!err || err.code != 401 || err.errno != ERRNO_INVALID_AUTH_TOKEN) { - throw err; - } - log.warn("recovering from invalid token error", err); - return this.accountStatus().then(exists => { - if (!exists) { - // Delete all local account data. Since the account no longer - // exists, we can skip the remote calls. - log.info("token invalidated because the account no longer exists"); - return this.signOut(true); - } - log.info("clearing credentials to handle invalid token error"); - return this.resetCredentials(); - }).then(() => Promise.reject(err)); - }, -}; - - -// A getter for the instance to export -XPCOMUtils.defineLazyGetter(this, "fxAccounts", function() { - let a = new FxAccounts(); - - // XXX Bug 947061 - We need a strategy for resuming email verification after - // browser restart - a.loadAndPoll(); - - return a; -}); diff --git a/services/fxaccounts/FxAccountsClient.jsm b/services/fxaccounts/FxAccountsClient.jsm deleted file mode 100644 index fbe8da2fe..000000000 --- a/services/fxaccounts/FxAccountsClient.jsm +++ /dev/null @@ -1,623 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -this.EXPORTED_SYMBOLS = ["FxAccountsClient"]; - -const {classes: Cc, interfaces: Ci, utils: Cu} = Components; - -Cu.import("resource://gre/modules/Log.jsm"); -Cu.import("resource://gre/modules/Promise.jsm"); -Cu.import("resource://gre/modules/Services.jsm"); -Cu.import("resource://services-common/utils.js"); -Cu.import("resource://services-common/hawkclient.js"); -Cu.import("resource://services-common/hawkrequest.js"); -Cu.import("resource://services-crypto/utils.js"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -Cu.import("resource://gre/modules/Credentials.jsm"); - -const HOST_PREF = "identity.fxaccounts.auth.uri"; - -const SIGNIN = "/account/login"; -const SIGNUP = "/account/create"; - -this.FxAccountsClient = function(host = Services.prefs.getCharPref(HOST_PREF)) { - this.host = host; - - // The FxA auth server expects requests to certain endpoints to be authorized - // using Hawk. - this.hawk = new HawkClient(host); - this.hawk.observerPrefix = "FxA:hawk"; - - // Manage server backoff state. C.f. - // https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#backoff-protocol - this.backoffError = null; -}; - -this.FxAccountsClient.prototype = { - - /** - * Return client clock offset, in milliseconds, as determined by hawk client. - * Provided because callers should not have to know about hawk - * implementation. - * - * The offset is the number of milliseconds that must be added to the client - * clock to make it equal to the server clock. For example, if the client is - * five minutes ahead of the server, the localtimeOffsetMsec will be -300000. - */ - get localtimeOffsetMsec() { - return this.hawk.localtimeOffsetMsec; - }, - - /* - * Return current time in milliseconds - * - * Not used by this module, but made available to the FxAccounts.jsm - * that uses this client. - */ - now: function() { - return this.hawk.now(); - }, - - /** - * Common code from signIn and signUp. - * - * @param path - * Request URL path. Can be /account/create or /account/login - * @param email - * The email address for the account (utf8) - * @param password - * The user's password - * @param [getKeys=false] - * If set to true the keyFetchToken will be retrieved - * @param [retryOK=true] - * If capitalization of the email is wrong and retryOK is set to true, - * we will retry with the suggested capitalization from the server - * @return Promise - * Returns a promise that resolves to an object: - * { - * authAt: authentication time for the session (seconds since epoch) - * email: the primary email for this account - * keyFetchToken: a key fetch token (hex) - * sessionToken: a session token (hex) - * uid: the user's unique ID (hex) - * unwrapBKey: used to unwrap kB, derived locally from the - * password (not revealed to the FxA server) - * verified (optional): flag indicating verification status of the - * email - * } - */ - _createSession: function(path, email, password, getKeys=false, - retryOK=true) { - return Credentials.setup(email, password).then((creds) => { - let data = { - authPW: CommonUtils.bytesAsHex(creds.authPW), - email: email, - }; - let keys = getKeys ? "?keys=true" : ""; - - return this._request(path + keys, "POST", null, data).then( - // Include the canonical capitalization of the email in the response so - // the caller can set its signed-in user state accordingly. - result => { - result.email = data.email; - result.unwrapBKey = CommonUtils.bytesAsHex(creds.unwrapBKey); - - return result; - }, - error => { - log.debug("Session creation failed", error); - // If the user entered an email with different capitalization from - // what's stored in the database (e.g., Greta.Garbo@gmail.COM as - // opposed to greta.garbo@gmail.com), the server will respond with a - // errno 120 (code 400) and the expected capitalization of the email. - // We retry with this email exactly once. If successful, we use the - // server's version of the email as the signed-in-user's email. This - // is necessary because the email also serves as salt; so we must be - // in agreement with the server on capitalization. - // - // API reference: - // https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md - if (ERRNO_INCORRECT_EMAIL_CASE === error.errno && retryOK) { - if (!error.email) { - log.error("Server returned errno 120 but did not provide email"); - throw error; - } - return this._createSession(path, error.email, password, getKeys, - false); - } - throw error; - } - ); - }); - }, - - /** - * Create a new Firefox Account and authenticate - * - * @param email - * The email address for the account (utf8) - * @param password - * The user's password - * @param [getKeys=false] - * If set to true the keyFetchToken will be retrieved - * @return Promise - * Returns a promise that resolves to an object: - * { - * uid: the user's unique ID (hex) - * sessionToken: a session token (hex) - * keyFetchToken: a key fetch token (hex), - * unwrapBKey: used to unwrap kB, derived locally from the - * password (not revealed to the FxA server) - * } - */ - signUp: function(email, password, getKeys=false) { - return this._createSession(SIGNUP, email, password, getKeys, - false /* no retry */); - }, - - /** - * Authenticate and create a new session with the Firefox Account API server - * - * @param email - * The email address for the account (utf8) - * @param password - * The user's password - * @param [getKeys=false] - * If set to true the keyFetchToken will be retrieved - * @return Promise - * Returns a promise that resolves to an object: - * { - * authAt: authentication time for the session (seconds since epoch) - * email: the primary email for this account - * keyFetchToken: a key fetch token (hex) - * sessionToken: a session token (hex) - * uid: the user's unique ID (hex) - * unwrapBKey: used to unwrap kB, derived locally from the - * password (not revealed to the FxA server) - * verified: flag indicating verification status of the email - * } - */ - signIn: function signIn(email, password, getKeys=false) { - return this._createSession(SIGNIN, email, password, getKeys, - true /* retry */); - }, - - /** - * Check the status of a session given a session token - * - * @param sessionTokenHex - * The session token encoded in hex - * @return Promise - * Resolves with a boolean indicating if the session is still valid - */ - sessionStatus: function (sessionTokenHex) { - return this._request("/session/status", "GET", - deriveHawkCredentials(sessionTokenHex, "sessionToken")).then( - () => Promise.resolve(true), - error => { - if (isInvalidTokenError(error)) { - return Promise.resolve(false); - } - throw error; - } - ); - }, - - /** - * Destroy the current session with the Firefox Account API server - * - * @param sessionTokenHex - * The session token encoded in hex - * @return Promise - */ - signOut: function (sessionTokenHex, options = {}) { - let path = "/session/destroy"; - if (options.service) { - path += "?service=" + encodeURIComponent(options.service); - } - return this._request(path, "POST", - deriveHawkCredentials(sessionTokenHex, "sessionToken")); - }, - - /** - * Check the verification status of the user's FxA email address - * - * @param sessionTokenHex - * The current session token encoded in hex - * @return Promise - */ - recoveryEmailStatus: function (sessionTokenHex, options = {}) { - let path = "/recovery_email/status"; - if (options.reason) { - path += "?reason=" + encodeURIComponent(options.reason); - } - - return this._request(path, "GET", - deriveHawkCredentials(sessionTokenHex, "sessionToken")); - }, - - /** - * Resend the verification email for the user - * - * @param sessionTokenHex - * The current token encoded in hex - * @return Promise - */ - resendVerificationEmail: function(sessionTokenHex) { - return this._request("/recovery_email/resend_code", "POST", - deriveHawkCredentials(sessionTokenHex, "sessionToken")); - }, - - /** - * Retrieve encryption keys - * - * @param keyFetchTokenHex - * A one-time use key fetch token encoded in hex - * @return Promise - * Returns a promise that resolves to an object: - * { - * kA: an encryption key for recevorable data (bytes) - * wrapKB: an encryption key that requires knowledge of the - * user's password (bytes) - * } - */ - accountKeys: function (keyFetchTokenHex) { - let creds = deriveHawkCredentials(keyFetchTokenHex, "keyFetchToken"); - let keyRequestKey = creds.extra.slice(0, 32); - let morecreds = CryptoUtils.hkdf(keyRequestKey, undefined, - Credentials.keyWord("account/keys"), 3 * 32); - let respHMACKey = morecreds.slice(0, 32); - let respXORKey = morecreds.slice(32, 96); - - return this._request("/account/keys", "GET", creds).then(resp => { - if (!resp.bundle) { - throw new Error("failed to retrieve keys"); - } - - let bundle = CommonUtils.hexToBytes(resp.bundle); - let mac = bundle.slice(-32); - - let hasher = CryptoUtils.makeHMACHasher(Ci.nsICryptoHMAC.SHA256, - CryptoUtils.makeHMACKey(respHMACKey)); - - let bundleMAC = CryptoUtils.digestBytes(bundle.slice(0, -32), hasher); - if (mac !== bundleMAC) { - throw new Error("error unbundling encryption keys"); - } - - let keyAWrapB = CryptoUtils.xor(respXORKey, bundle.slice(0, 64)); - - return { - kA: keyAWrapB.slice(0, 32), - wrapKB: keyAWrapB.slice(32) - }; - }); - }, - - /** - * Sends a public key to the FxA API server and returns a signed certificate - * - * @param sessionTokenHex - * The current session token encoded in hex - * @param serializedPublicKey - * A public key (usually generated by jwcrypto) - * @param lifetime - * The lifetime of the certificate - * @return Promise - * Returns a promise that resolves to the signed certificate. - * The certificate can be used to generate a Persona assertion. - * @throws a new Error - * wrapping any of these HTTP code/errno pairs: - * https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#response-12 - */ - signCertificate: function (sessionTokenHex, serializedPublicKey, lifetime) { - let creds = deriveHawkCredentials(sessionTokenHex, "sessionToken"); - - let body = { publicKey: serializedPublicKey, - duration: lifetime }; - return Promise.resolve() - .then(_ => this._request("/certificate/sign", "POST", creds, body)) - .then(resp => resp.cert, - err => { - log.error("HAWK.signCertificate error: " + JSON.stringify(err)); - throw err; - }); - }, - - /** - * Determine if an account exists - * - * @param email - * The email address to check - * @return Promise - * The promise resolves to true if the account exists, or false - * if it doesn't. The promise is rejected on other errors. - */ - accountExists: function (email) { - return this.signIn(email, "").then( - (cantHappen) => { - throw new Error("How did I sign in with an empty password?"); - }, - (expectedError) => { - switch (expectedError.errno) { - case ERRNO_ACCOUNT_DOES_NOT_EXIST: - return false; - break; - case ERRNO_INCORRECT_PASSWORD: - return true; - break; - default: - // not so expected, any more ... - throw expectedError; - break; - } - } - ); - }, - - /** - * Given the uid of an existing account (not an arbitrary email), ask - * the server if it still exists via /account/status. - * - * Used for differentiating between password change and account deletion. - */ - accountStatus: function(uid) { - return this._request("/account/status?uid="+uid, "GET").then( - (result) => { - return result.exists; - }, - (error) => { - log.error("accountStatus failed with: " + error); - return Promise.reject(error); - } - ); - }, - - /** - * Register a new device - * - * @method registerDevice - * @param sessionTokenHex - * Session token obtained from signIn - * @param name - * Device name - * @param type - * Device type (mobile|desktop) - * @param [options] - * Extra device options - * @param [options.pushCallback] - * `pushCallback` push endpoint callback - * @param [options.pushPublicKey] - * `pushPublicKey` push public key (URLSafe Base64 string) - * @param [options.pushAuthKey] - * `pushAuthKey` push auth secret (URLSafe Base64 string) - * @return Promise - * Resolves to an object: - * { - * id: Device identifier - * createdAt: Creation time (milliseconds since epoch) - * name: Name of device - * type: Type of device (mobile|desktop) - * } - */ - registerDevice(sessionTokenHex, name, type, options = {}) { - let path = "/account/device"; - - let creds = deriveHawkCredentials(sessionTokenHex, "sessionToken"); - let body = { name, type }; - - if (options.pushCallback) { - body.pushCallback = options.pushCallback; - } - if (options.pushPublicKey && options.pushAuthKey) { - body.pushPublicKey = options.pushPublicKey; - body.pushAuthKey = options.pushAuthKey; - } - - return this._request(path, "POST", creds, body); - }, - - /** - * Sends a message to other devices. Must conform with the push payload schema: - * https://github.com/mozilla/fxa-auth-server/blob/master/docs/pushpayloads.schema.json - * - * @method notifyDevice - * @param sessionTokenHex - * Session token obtained from signIn - * @param deviceIds - * Devices to send the message to - * @param payload - * Data to send with the message - * @return Promise - * Resolves to an empty object: - * {} - */ - notifyDevices(sessionTokenHex, deviceIds, payload, TTL = 0) { - const body = { - to: deviceIds, - payload, - TTL - }; - return this._request("/account/devices/notify", "POST", - deriveHawkCredentials(sessionTokenHex, "sessionToken"), body); - }, - - /** - * Update the session or name for an existing device - * - * @method updateDevice - * @param sessionTokenHex - * Session token obtained from signIn - * @param id - * Device identifier - * @param name - * Device name - * @param [options] - * Extra device options - * @param [options.pushCallback] - * `pushCallback` push endpoint callback - * @param [options.pushPublicKey] - * `pushPublicKey` push public key (URLSafe Base64 string) - * @param [options.pushAuthKey] - * `pushAuthKey` push auth secret (URLSafe Base64 string) - * @return Promise - * Resolves to an object: - * { - * id: Device identifier - * name: Device name - * } - */ - updateDevice(sessionTokenHex, id, name, options = {}) { - let path = "/account/device"; - - let creds = deriveHawkCredentials(sessionTokenHex, "sessionToken"); - let body = { id, name }; - if (options.pushCallback) { - body.pushCallback = options.pushCallback; - } - if (options.pushPublicKey && options.pushAuthKey) { - body.pushPublicKey = options.pushPublicKey; - body.pushAuthKey = options.pushAuthKey; - } - - return this._request(path, "POST", creds, body); - }, - - /** - * Delete a device and its associated session token, signing the user - * out of the server. - * - * @method signOutAndDestroyDevice - * @param sessionTokenHex - * Session token obtained from signIn - * @param id - * Device identifier - * @param [options] - * Options object - * @param [options.service] - * `service` query parameter - * @return Promise - * Resolves to an empty object: - * {} - */ - signOutAndDestroyDevice(sessionTokenHex, id, options = {}) { - let path = "/account/device/destroy"; - - if (options.service) { - path += "?service=" + encodeURIComponent(options.service); - } - - let creds = deriveHawkCredentials(sessionTokenHex, "sessionToken"); - let body = { id }; - - return this._request(path, "POST", creds, body); - }, - - /** - * Get a list of currently registered devices - * - * @method getDeviceList - * @param sessionTokenHex - * Session token obtained from signIn - * @return Promise - * Resolves to an array of objects: - * [ - * { - * id: Device id - * isCurrentDevice: Boolean indicating whether the item - * represents the current device - * name: Device name - * type: Device type (mobile|desktop) - * }, - * ... - * ] - */ - getDeviceList(sessionTokenHex) { - let path = "/account/devices"; - let creds = deriveHawkCredentials(sessionTokenHex, "sessionToken"); - - return this._request(path, "GET", creds, {}); - }, - - _clearBackoff: function() { - this.backoffError = null; - }, - - /** - * A general method for sending raw API calls to the FxA auth server. - * All request bodies and responses are JSON. - * - * @param path - * API endpoint path - * @param method - * The HTTP request method - * @param credentials - * Hawk credentials - * @param jsonPayload - * A JSON payload - * @return Promise - * Returns a promise that resolves to the JSON response of the API call, - * or is rejected with an error. Error responses have the following properties: - * { - * "code": 400, // matches the HTTP status code - * "errno": 107, // stable application-level error number - * "error": "Bad Request", // string description of the error type - * "message": "the value of salt is not allowed to be undefined", - * "info": "https://docs.dev.lcip.og/errors/1234" // link to more info on the error - * } - */ - _request: function hawkRequest(path, method, credentials, jsonPayload) { - let deferred = Promise.defer(); - - // We were asked to back off. - if (this.backoffError) { - log.debug("Received new request during backoff, re-rejecting."); - deferred.reject(this.backoffError); - return deferred.promise; - } - - this.hawk.request(path, method, credentials, jsonPayload).then( - (response) => { - try { - let responseObj = JSON.parse(response.body); - deferred.resolve(responseObj); - } catch (err) { - log.error("json parse error on response: " + response.body); - deferred.reject({error: err}); - } - }, - - (error) => { - log.error("error " + method + "ing " + path + ": " + JSON.stringify(error)); - if (error.retryAfter) { - log.debug("Received backoff response; caching error as flag."); - this.backoffError = error; - // Schedule clearing of cached-error-as-flag. - CommonUtils.namedTimer( - this._clearBackoff, - error.retryAfter * 1000, - this, - "fxaBackoffTimer" - ); - } - deferred.reject(error); - } - ); - - return deferred.promise; - }, -}; - -function isInvalidTokenError(error) { - if (error.code != 401) { - return false; - } - switch (error.errno) { - case ERRNO_INVALID_AUTH_TOKEN: - case ERRNO_INVALID_AUTH_TIMESTAMP: - case ERRNO_INVALID_AUTH_NONCE: - return true; - } - return false; -} diff --git a/services/fxaccounts/FxAccountsCommon.js b/services/fxaccounts/FxAccountsCommon.js deleted file mode 100644 index 71fe78a50..000000000 --- a/services/fxaccounts/FxAccountsCommon.js +++ /dev/null @@ -1,368 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -var { interfaces: Ci, utils: Cu } = Components; - -Cu.import("resource://gre/modules/XPCOMUtils.jsm"); -Cu.import("resource://gre/modules/Services.jsm"); -Cu.import("resource://gre/modules/Log.jsm"); - -// loglevel should be one of "Fatal", "Error", "Warn", "Info", "Config", -// "Debug", "Trace" or "All". If none is specified, "Debug" will be used by -// default. Note "Debug" is usually appropriate so that when this log is -// included in the Sync file logs we get verbose output. -const PREF_LOG_LEVEL = "identity.fxaccounts.loglevel"; -// The level of messages that will be dumped to the console. If not specified, -// "Error" will be used. -const PREF_LOG_LEVEL_DUMP = "identity.fxaccounts.log.appender.dump"; - -// A pref that can be set so "sensitive" information (eg, personally -// identifiable info, credentials, etc) will be logged. -const PREF_LOG_SENSITIVE_DETAILS = "identity.fxaccounts.log.sensitive"; - -var exports = Object.create(null); - -XPCOMUtils.defineLazyGetter(exports, 'log', function() { - let log = Log.repository.getLogger("FirefoxAccounts"); - // We set the log level to debug, but the default dump appender is set to - // the level reflected in the pref. Other code that consumes FxA may then - // choose to add another appender at a different level. - log.level = Log.Level.Debug; - let appender = new Log.DumpAppender(); - appender.level = Log.Level.Error; - - log.addAppender(appender); - try { - // The log itself. - let level = - Services.prefs.getPrefType(PREF_LOG_LEVEL) == Ci.nsIPrefBranch.PREF_STRING - && Services.prefs.getCharPref(PREF_LOG_LEVEL); - log.level = Log.Level[level] || Log.Level.Debug; - - // The appender. - level = - Services.prefs.getPrefType(PREF_LOG_LEVEL_DUMP) == Ci.nsIPrefBranch.PREF_STRING - && Services.prefs.getCharPref(PREF_LOG_LEVEL_DUMP); - appender.level = Log.Level[level] || Log.Level.Error; - } catch (e) { - log.error(e); - } - - return log; -}); - -// A boolean to indicate if personally identifiable information (or anything -// else sensitive, such as credentials) should be logged. -XPCOMUtils.defineLazyGetter(exports, 'logPII', function() { - try { - return Services.prefs.getBoolPref(PREF_LOG_SENSITIVE_DETAILS); - } catch (_) { - return false; - } -}); - -exports.FXACCOUNTS_PERMISSION = "firefox-accounts"; - -exports.DATA_FORMAT_VERSION = 1; -exports.DEFAULT_STORAGE_FILENAME = "signedInUser.json"; - -// Token life times. -// Having this parameter be short has limited security value and can cause -// spurious authentication values if the client's clock is skewed and -// we fail to adjust. See Bug 983256. -exports.ASSERTION_LIFETIME = 1000 * 3600 * 24 * 365 * 25; // 25 years -// This is a time period we want to guarantee that the assertion will be -// valid after we generate it (e.g., the signed cert won't expire in this -// period). -exports.ASSERTION_USE_PERIOD = 1000 * 60 * 5; // 5 minutes -exports.CERT_LIFETIME = 1000 * 3600 * 6; // 6 hours -exports.KEY_LIFETIME = 1000 * 3600 * 12; // 12 hours - -// After we start polling for account verification, we stop polling when this -// many milliseconds have elapsed. -exports.POLL_SESSION = 1000 * 60 * 20; // 20 minutes - -// Observer notifications. -exports.ONLOGIN_NOTIFICATION = "fxaccounts:onlogin"; -exports.ONVERIFIED_NOTIFICATION = "fxaccounts:onverified"; -exports.ONLOGOUT_NOTIFICATION = "fxaccounts:onlogout"; -// Internal to services/fxaccounts only -exports.ON_FXA_UPDATE_NOTIFICATION = "fxaccounts:update"; -exports.ON_DEVICE_DISCONNECTED_NOTIFICATION = "fxaccounts:device_disconnected"; -exports.ON_PASSWORD_CHANGED_NOTIFICATION = "fxaccounts:password_changed"; -exports.ON_PASSWORD_RESET_NOTIFICATION = "fxaccounts:password_reset"; -exports.ON_COLLECTION_CHANGED_NOTIFICATION = "sync:collection_changed"; - -exports.FXA_PUSH_SCOPE_ACCOUNT_UPDATE = "chrome://fxa-device-update"; - -exports.ON_PROFILE_CHANGE_NOTIFICATION = "fxaccounts:profilechange"; -exports.ON_ACCOUNT_STATE_CHANGE_NOTIFICATION = "fxaccounts:statechange"; - -// UI Requests. -exports.UI_REQUEST_SIGN_IN_FLOW = "signInFlow"; -exports.UI_REQUEST_REFRESH_AUTH = "refreshAuthentication"; - -// The OAuth client ID for Firefox Desktop -exports.FX_OAUTH_CLIENT_ID = "5882386c6d801776"; - -// Firefox Accounts WebChannel ID -exports.WEBCHANNEL_ID = "account_updates"; - -// Server errno. -// From https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#response-format -exports.ERRNO_ACCOUNT_ALREADY_EXISTS = 101; -exports.ERRNO_ACCOUNT_DOES_NOT_EXIST = 102; -exports.ERRNO_INCORRECT_PASSWORD = 103; -exports.ERRNO_UNVERIFIED_ACCOUNT = 104; -exports.ERRNO_INVALID_VERIFICATION_CODE = 105; -exports.ERRNO_NOT_VALID_JSON_BODY = 106; -exports.ERRNO_INVALID_BODY_PARAMETERS = 107; -exports.ERRNO_MISSING_BODY_PARAMETERS = 108; -exports.ERRNO_INVALID_REQUEST_SIGNATURE = 109; -exports.ERRNO_INVALID_AUTH_TOKEN = 110; -exports.ERRNO_INVALID_AUTH_TIMESTAMP = 111; -exports.ERRNO_MISSING_CONTENT_LENGTH = 112; -exports.ERRNO_REQUEST_BODY_TOO_LARGE = 113; -exports.ERRNO_TOO_MANY_CLIENT_REQUESTS = 114; -exports.ERRNO_INVALID_AUTH_NONCE = 115; -exports.ERRNO_ENDPOINT_NO_LONGER_SUPPORTED = 116; -exports.ERRNO_INCORRECT_LOGIN_METHOD = 117; -exports.ERRNO_INCORRECT_KEY_RETRIEVAL_METHOD = 118; -exports.ERRNO_INCORRECT_API_VERSION = 119; -exports.ERRNO_INCORRECT_EMAIL_CASE = 120; -exports.ERRNO_ACCOUNT_LOCKED = 121; -exports.ERRNO_ACCOUNT_UNLOCKED = 122; -exports.ERRNO_UNKNOWN_DEVICE = 123; -exports.ERRNO_DEVICE_SESSION_CONFLICT = 124; -exports.ERRNO_SERVICE_TEMP_UNAVAILABLE = 201; -exports.ERRNO_PARSE = 997; -exports.ERRNO_NETWORK = 998; -exports.ERRNO_UNKNOWN_ERROR = 999; - -// Offset oauth server errnos so they don't conflict with auth server errnos -exports.OAUTH_SERVER_ERRNO_OFFSET = 1000; - -// OAuth Server errno. -exports.ERRNO_UNKNOWN_CLIENT_ID = 101 + exports.OAUTH_SERVER_ERRNO_OFFSET; -exports.ERRNO_INCORRECT_CLIENT_SECRET = 102 + exports.OAUTH_SERVER_ERRNO_OFFSET; -exports.ERRNO_INCORRECT_REDIRECT_URI = 103 + exports.OAUTH_SERVER_ERRNO_OFFSET; -exports.ERRNO_INVALID_FXA_ASSERTION = 104 + exports.OAUTH_SERVER_ERRNO_OFFSET; -exports.ERRNO_UNKNOWN_CODE = 105 + exports.OAUTH_SERVER_ERRNO_OFFSET; -exports.ERRNO_INCORRECT_CODE = 106 + exports.OAUTH_SERVER_ERRNO_OFFSET; -exports.ERRNO_EXPIRED_CODE = 107 + exports.OAUTH_SERVER_ERRNO_OFFSET; -exports.ERRNO_OAUTH_INVALID_TOKEN = 108 + exports.OAUTH_SERVER_ERRNO_OFFSET; -exports.ERRNO_INVALID_REQUEST_PARAM = 109 + exports.OAUTH_SERVER_ERRNO_OFFSET; -exports.ERRNO_INVALID_RESPONSE_TYPE = 110 + exports.OAUTH_SERVER_ERRNO_OFFSET; -exports.ERRNO_UNAUTHORIZED = 111 + exports.OAUTH_SERVER_ERRNO_OFFSET; -exports.ERRNO_FORBIDDEN = 112 + exports.OAUTH_SERVER_ERRNO_OFFSET; -exports.ERRNO_INVALID_CONTENT_TYPE = 113 + exports.OAUTH_SERVER_ERRNO_OFFSET; - -// Errors. -exports.ERROR_ACCOUNT_ALREADY_EXISTS = "ACCOUNT_ALREADY_EXISTS"; -exports.ERROR_ACCOUNT_DOES_NOT_EXIST = "ACCOUNT_DOES_NOT_EXIST "; -exports.ERROR_ACCOUNT_LOCKED = "ACCOUNT_LOCKED"; -exports.ERROR_ACCOUNT_UNLOCKED = "ACCOUNT_UNLOCKED"; -exports.ERROR_ALREADY_SIGNED_IN_USER = "ALREADY_SIGNED_IN_USER"; -exports.ERROR_DEVICE_SESSION_CONFLICT = "DEVICE_SESSION_CONFLICT"; -exports.ERROR_ENDPOINT_NO_LONGER_SUPPORTED = "ENDPOINT_NO_LONGER_SUPPORTED"; -exports.ERROR_INCORRECT_API_VERSION = "INCORRECT_API_VERSION"; -exports.ERROR_INCORRECT_EMAIL_CASE = "INCORRECT_EMAIL_CASE"; -exports.ERROR_INCORRECT_KEY_RETRIEVAL_METHOD = "INCORRECT_KEY_RETRIEVAL_METHOD"; -exports.ERROR_INCORRECT_LOGIN_METHOD = "INCORRECT_LOGIN_METHOD"; -exports.ERROR_INVALID_EMAIL = "INVALID_EMAIL"; -exports.ERROR_INVALID_AUDIENCE = "INVALID_AUDIENCE"; -exports.ERROR_INVALID_AUTH_TOKEN = "INVALID_AUTH_TOKEN"; -exports.ERROR_INVALID_AUTH_TIMESTAMP = "INVALID_AUTH_TIMESTAMP"; -exports.ERROR_INVALID_AUTH_NONCE = "INVALID_AUTH_NONCE"; -exports.ERROR_INVALID_BODY_PARAMETERS = "INVALID_BODY_PARAMETERS"; -exports.ERROR_INVALID_PASSWORD = "INVALID_PASSWORD"; -exports.ERROR_INVALID_VERIFICATION_CODE = "INVALID_VERIFICATION_CODE"; -exports.ERROR_INVALID_REFRESH_AUTH_VALUE = "INVALID_REFRESH_AUTH_VALUE"; -exports.ERROR_INVALID_REQUEST_SIGNATURE = "INVALID_REQUEST_SIGNATURE"; -exports.ERROR_INTERNAL_INVALID_USER = "INTERNAL_ERROR_INVALID_USER"; -exports.ERROR_MISSING_BODY_PARAMETERS = "MISSING_BODY_PARAMETERS"; -exports.ERROR_MISSING_CONTENT_LENGTH = "MISSING_CONTENT_LENGTH"; -exports.ERROR_NO_TOKEN_SESSION = "NO_TOKEN_SESSION"; -exports.ERROR_NO_SILENT_REFRESH_AUTH = "NO_SILENT_REFRESH_AUTH"; -exports.ERROR_NOT_VALID_JSON_BODY = "NOT_VALID_JSON_BODY"; -exports.ERROR_OFFLINE = "OFFLINE"; -exports.ERROR_PERMISSION_DENIED = "PERMISSION_DENIED"; -exports.ERROR_REQUEST_BODY_TOO_LARGE = "REQUEST_BODY_TOO_LARGE"; -exports.ERROR_SERVER_ERROR = "SERVER_ERROR"; -exports.ERROR_SYNC_DISABLED = "SYNC_DISABLED"; -exports.ERROR_TOO_MANY_CLIENT_REQUESTS = "TOO_MANY_CLIENT_REQUESTS"; -exports.ERROR_SERVICE_TEMP_UNAVAILABLE = "SERVICE_TEMPORARY_UNAVAILABLE"; -exports.ERROR_UI_ERROR = "UI_ERROR"; -exports.ERROR_UI_REQUEST = "UI_REQUEST"; -exports.ERROR_PARSE = "PARSE_ERROR"; -exports.ERROR_NETWORK = "NETWORK_ERROR"; -exports.ERROR_UNKNOWN = "UNKNOWN_ERROR"; -exports.ERROR_UNKNOWN_DEVICE = "UNKNOWN_DEVICE"; -exports.ERROR_UNVERIFIED_ACCOUNT = "UNVERIFIED_ACCOUNT"; - -// OAuth errors. -exports.ERROR_UNKNOWN_CLIENT_ID = "UNKNOWN_CLIENT_ID"; -exports.ERROR_INCORRECT_CLIENT_SECRET = "INCORRECT_CLIENT_SECRET"; -exports.ERROR_INCORRECT_REDIRECT_URI = "INCORRECT_REDIRECT_URI"; -exports.ERROR_INVALID_FXA_ASSERTION = "INVALID_FXA_ASSERTION"; -exports.ERROR_UNKNOWN_CODE = "UNKNOWN_CODE"; -exports.ERROR_INCORRECT_CODE = "INCORRECT_CODE"; -exports.ERROR_EXPIRED_CODE = "EXPIRED_CODE"; -exports.ERROR_OAUTH_INVALID_TOKEN = "OAUTH_INVALID_TOKEN"; -exports.ERROR_INVALID_REQUEST_PARAM = "INVALID_REQUEST_PARAM"; -exports.ERROR_INVALID_RESPONSE_TYPE = "INVALID_RESPONSE_TYPE"; -exports.ERROR_UNAUTHORIZED = "UNAUTHORIZED"; -exports.ERROR_FORBIDDEN = "FORBIDDEN"; -exports.ERROR_INVALID_CONTENT_TYPE = "INVALID_CONTENT_TYPE"; - -// Additional generic error classes for external consumers -exports.ERROR_NO_ACCOUNT = "NO_ACCOUNT"; -exports.ERROR_AUTH_ERROR = "AUTH_ERROR"; -exports.ERROR_INVALID_PARAMETER = "INVALID_PARAMETER"; - -// Status code errors -exports.ERROR_CODE_METHOD_NOT_ALLOWED = 405; -exports.ERROR_MSG_METHOD_NOT_ALLOWED = "METHOD_NOT_ALLOWED"; - -// FxAccounts has the ability to "split" the credentials between a plain-text -// JSON file in the profile dir and in the login manager. -// In order to prevent new fields accidentally ending up in the "wrong" place, -// all fields stored are listed here. - -// The fields we save in the plaintext JSON. -// See bug 1013064 comments 23-25 for why the sessionToken is "safe" -exports.FXA_PWDMGR_PLAINTEXT_FIELDS = new Set( - ["email", "verified", "authAt", "sessionToken", "uid", "oauthTokens", "profile", - "deviceId", "deviceRegistrationVersion"]); - -// Fields we store in secure storage if it exists. -exports.FXA_PWDMGR_SECURE_FIELDS = new Set( - ["kA", "kB", "keyFetchToken", "unwrapBKey", "assertion"]); - -// Fields we keep in memory and don't persist anywhere. -exports.FXA_PWDMGR_MEMORY_FIELDS = new Set( - ["cert", "keyPair"]); - -// A whitelist of fields that remain in storage when the user needs to -// reauthenticate. All other fields will be removed. -exports.FXA_PWDMGR_REAUTH_WHITELIST = new Set( - ["email", "uid", "profile", "deviceId", "deviceRegistrationVersion", "verified"]); - -// The pseudo-host we use in the login manager -exports.FXA_PWDMGR_HOST = "chrome://FirefoxAccounts"; -// The realm we use in the login manager. -exports.FXA_PWDMGR_REALM = "Firefox Accounts credentials"; - -// Error matching. -exports.SERVER_ERRNO_TO_ERROR = {}; - -// Error mapping -exports.ERROR_TO_GENERAL_ERROR_CLASS = {}; - -for (let id in exports) { - this[id] = exports[id]; -} - -// Allow this file to be imported via Components.utils.import(). -this.EXPORTED_SYMBOLS = Object.keys(exports); - -// Set these up now that everything has been loaded into |this|. -SERVER_ERRNO_TO_ERROR[ERRNO_ACCOUNT_ALREADY_EXISTS] = ERROR_ACCOUNT_ALREADY_EXISTS; -SERVER_ERRNO_TO_ERROR[ERRNO_ACCOUNT_DOES_NOT_EXIST] = ERROR_ACCOUNT_DOES_NOT_EXIST; -SERVER_ERRNO_TO_ERROR[ERRNO_INCORRECT_PASSWORD] = ERROR_INVALID_PASSWORD; -SERVER_ERRNO_TO_ERROR[ERRNO_UNVERIFIED_ACCOUNT] = ERROR_UNVERIFIED_ACCOUNT; -SERVER_ERRNO_TO_ERROR[ERRNO_INVALID_VERIFICATION_CODE] = ERROR_INVALID_VERIFICATION_CODE; -SERVER_ERRNO_TO_ERROR[ERRNO_NOT_VALID_JSON_BODY] = ERROR_NOT_VALID_JSON_BODY; -SERVER_ERRNO_TO_ERROR[ERRNO_INVALID_BODY_PARAMETERS] = ERROR_INVALID_BODY_PARAMETERS; -SERVER_ERRNO_TO_ERROR[ERRNO_MISSING_BODY_PARAMETERS] = ERROR_MISSING_BODY_PARAMETERS; -SERVER_ERRNO_TO_ERROR[ERRNO_INVALID_REQUEST_SIGNATURE] = ERROR_INVALID_REQUEST_SIGNATURE; -SERVER_ERRNO_TO_ERROR[ERRNO_INVALID_AUTH_TOKEN] = ERROR_INVALID_AUTH_TOKEN; -SERVER_ERRNO_TO_ERROR[ERRNO_INVALID_AUTH_TIMESTAMP] = ERROR_INVALID_AUTH_TIMESTAMP; -SERVER_ERRNO_TO_ERROR[ERRNO_MISSING_CONTENT_LENGTH] = ERROR_MISSING_CONTENT_LENGTH; -SERVER_ERRNO_TO_ERROR[ERRNO_REQUEST_BODY_TOO_LARGE] = ERROR_REQUEST_BODY_TOO_LARGE; -SERVER_ERRNO_TO_ERROR[ERRNO_TOO_MANY_CLIENT_REQUESTS] = ERROR_TOO_MANY_CLIENT_REQUESTS; -SERVER_ERRNO_TO_ERROR[ERRNO_INVALID_AUTH_NONCE] = ERROR_INVALID_AUTH_NONCE; -SERVER_ERRNO_TO_ERROR[ERRNO_ENDPOINT_NO_LONGER_SUPPORTED] = ERROR_ENDPOINT_NO_LONGER_SUPPORTED; -SERVER_ERRNO_TO_ERROR[ERRNO_INCORRECT_LOGIN_METHOD] = ERROR_INCORRECT_LOGIN_METHOD; -SERVER_ERRNO_TO_ERROR[ERRNO_INCORRECT_KEY_RETRIEVAL_METHOD] = ERROR_INCORRECT_KEY_RETRIEVAL_METHOD; -SERVER_ERRNO_TO_ERROR[ERRNO_INCORRECT_API_VERSION] = ERROR_INCORRECT_API_VERSION; -SERVER_ERRNO_TO_ERROR[ERRNO_INCORRECT_EMAIL_CASE] = ERROR_INCORRECT_EMAIL_CASE; -SERVER_ERRNO_TO_ERROR[ERRNO_ACCOUNT_LOCKED] = ERROR_ACCOUNT_LOCKED; -SERVER_ERRNO_TO_ERROR[ERRNO_ACCOUNT_UNLOCKED] = ERROR_ACCOUNT_UNLOCKED; -SERVER_ERRNO_TO_ERROR[ERRNO_UNKNOWN_DEVICE] = ERROR_UNKNOWN_DEVICE; -SERVER_ERRNO_TO_ERROR[ERRNO_DEVICE_SESSION_CONFLICT] = ERROR_DEVICE_SESSION_CONFLICT; -SERVER_ERRNO_TO_ERROR[ERRNO_SERVICE_TEMP_UNAVAILABLE] = ERROR_SERVICE_TEMP_UNAVAILABLE; -SERVER_ERRNO_TO_ERROR[ERRNO_UNKNOWN_ERROR] = ERROR_UNKNOWN; -SERVER_ERRNO_TO_ERROR[ERRNO_NETWORK] = ERROR_NETWORK; - -// oauth -SERVER_ERRNO_TO_ERROR[ERRNO_UNKNOWN_CLIENT_ID] = ERROR_UNKNOWN_CLIENT_ID; -SERVER_ERRNO_TO_ERROR[ERRNO_INCORRECT_CLIENT_SECRET] = ERROR_INCORRECT_CLIENT_SECRET; -SERVER_ERRNO_TO_ERROR[ERRNO_INCORRECT_REDIRECT_URI] = ERROR_INCORRECT_REDIRECT_URI; -SERVER_ERRNO_TO_ERROR[ERRNO_INVALID_FXA_ASSERTION] = ERROR_INVALID_FXA_ASSERTION; -SERVER_ERRNO_TO_ERROR[ERRNO_UNKNOWN_CODE] = ERROR_UNKNOWN_CODE; -SERVER_ERRNO_TO_ERROR[ERRNO_INCORRECT_CODE] = ERROR_INCORRECT_CODE; -SERVER_ERRNO_TO_ERROR[ERRNO_EXPIRED_CODE] = ERROR_EXPIRED_CODE; -SERVER_ERRNO_TO_ERROR[ERRNO_OAUTH_INVALID_TOKEN] = ERROR_OAUTH_INVALID_TOKEN; -SERVER_ERRNO_TO_ERROR[ERRNO_INVALID_REQUEST_PARAM] = ERROR_INVALID_REQUEST_PARAM; -SERVER_ERRNO_TO_ERROR[ERRNO_INVALID_RESPONSE_TYPE] = ERROR_INVALID_RESPONSE_TYPE; -SERVER_ERRNO_TO_ERROR[ERRNO_UNAUTHORIZED] = ERROR_UNAUTHORIZED; -SERVER_ERRNO_TO_ERROR[ERRNO_FORBIDDEN] = ERROR_FORBIDDEN; -SERVER_ERRNO_TO_ERROR[ERRNO_INVALID_CONTENT_TYPE] = ERROR_INVALID_CONTENT_TYPE; - - -// Map internal errors to more generic error classes for consumers -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_ACCOUNT_ALREADY_EXISTS] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_ACCOUNT_DOES_NOT_EXIST] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_ACCOUNT_LOCKED] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_ACCOUNT_UNLOCKED] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_ALREADY_SIGNED_IN_USER] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_DEVICE_SESSION_CONFLICT] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_ENDPOINT_NO_LONGER_SUPPORTED] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INCORRECT_API_VERSION] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INCORRECT_EMAIL_CASE] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INCORRECT_KEY_RETRIEVAL_METHOD] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INCORRECT_LOGIN_METHOD] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INVALID_EMAIL] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INVALID_AUDIENCE] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INVALID_AUTH_TOKEN] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INVALID_AUTH_TIMESTAMP] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INVALID_AUTH_NONCE] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INVALID_BODY_PARAMETERS] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INVALID_PASSWORD] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INVALID_VERIFICATION_CODE] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INVALID_REFRESH_AUTH_VALUE] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INVALID_REQUEST_SIGNATURE] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INTERNAL_INVALID_USER] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_MISSING_BODY_PARAMETERS] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_MISSING_CONTENT_LENGTH] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_NO_TOKEN_SESSION] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_NO_SILENT_REFRESH_AUTH] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_NOT_VALID_JSON_BODY] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_PERMISSION_DENIED] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_REQUEST_BODY_TOO_LARGE] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_UNKNOWN_DEVICE] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_UNVERIFIED_ACCOUNT] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_UI_ERROR] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_UI_REQUEST] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_OFFLINE] = ERROR_NETWORK; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_SERVER_ERROR] = ERROR_NETWORK; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_TOO_MANY_CLIENT_REQUESTS] = ERROR_NETWORK; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_SERVICE_TEMP_UNAVAILABLE] = ERROR_NETWORK; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_PARSE] = ERROR_NETWORK; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_NETWORK] = ERROR_NETWORK; - -// oauth -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INCORRECT_CLIENT_SECRET] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INCORRECT_REDIRECT_URI] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INVALID_FXA_ASSERTION] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_UNKNOWN_CODE] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INCORRECT_CODE] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_EXPIRED_CODE] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_OAUTH_INVALID_TOKEN] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INVALID_REQUEST_PARAM] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INVALID_RESPONSE_TYPE] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_UNAUTHORIZED] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_FORBIDDEN] = ERROR_AUTH_ERROR; -ERROR_TO_GENERAL_ERROR_CLASS[ERROR_INVALID_CONTENT_TYPE] = ERROR_AUTH_ERROR; diff --git a/services/fxaccounts/FxAccountsComponents.manifest b/services/fxaccounts/FxAccountsComponents.manifest deleted file mode 100644 index 5069755bc..000000000 --- a/services/fxaccounts/FxAccountsComponents.manifest +++ /dev/null @@ -1,4 +0,0 @@ -# FxAccountsPush.js -component {1b7db999-2ecd-4abf-bb95-a726896798ca} FxAccountsPush.js process=main -contract @mozilla.org/fxaccounts/push;1 {1b7db999-2ecd-4abf-bb95-a726896798ca} -category push chrome://fxa-device-update @mozilla.org/fxaccounts/push;1 diff --git a/services/fxaccounts/FxAccountsConfig.jsm b/services/fxaccounts/FxAccountsConfig.jsm deleted file mode 100644 index 9dcf532ab..000000000 --- a/services/fxaccounts/FxAccountsConfig.jsm +++ /dev/null @@ -1,179 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -"use strict"; -this.EXPORTED_SYMBOLS = ["FxAccountsConfig"]; - -const {classes: Cc, interfaces: Ci, utils: Cu} = Components; - -Cu.import("resource://services-common/rest.js"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -Cu.import("resource://gre/modules/Services.jsm"); -Cu.import("resource://gre/modules/XPCOMUtils.jsm"); -Cu.import("resource://gre/modules/Task.jsm"); - -XPCOMUtils.defineLazyModuleGetter(this, "fxAccounts", - "resource://gre/modules/FxAccounts.jsm"); - -XPCOMUtils.defineLazyModuleGetter(this, "EnsureFxAccountsWebChannel", - "resource://gre/modules/FxAccountsWebChannel.jsm"); - -const CONFIG_PREFS = [ - "identity.fxaccounts.auth.uri", - "identity.fxaccounts.remote.oauth.uri", - "identity.fxaccounts.remote.profile.uri", - "identity.sync.tokenserver.uri", - "identity.fxaccounts.remote.webchannel.uri", - "identity.fxaccounts.settings.uri", - "identity.fxaccounts.remote.signup.uri", - "identity.fxaccounts.remote.signin.uri", - "identity.fxaccounts.remote.force_auth.uri", -]; - -this.FxAccountsConfig = { - - // Returns a promise that resolves with the URI of the remote UI flows. - promiseAccountsSignUpURI: Task.async(function*() { - yield this.ensureConfigured(); - let url = Services.urlFormatter.formatURLPref("identity.fxaccounts.remote.signup.uri"); - if (fxAccounts.requiresHttps() && !/^https:/.test(url)) { // Comment to un-break emacs js-mode highlighting - throw new Error("Firefox Accounts server must use HTTPS"); - } - return url; - }), - - // Returns a promise that resolves with the URI of the remote UI flows. - promiseAccountsSignInURI: Task.async(function*() { - yield this.ensureConfigured(); - let url = Services.urlFormatter.formatURLPref("identity.fxaccounts.remote.signin.uri"); - if (fxAccounts.requiresHttps() && !/^https:/.test(url)) { // Comment to un-break emacs js-mode highlighting - throw new Error("Firefox Accounts server must use HTTPS"); - } - return url; - }), - - resetConfigURLs() { - let autoconfigURL = this.getAutoConfigURL(); - if (!autoconfigURL) { - return; - } - // They have the autoconfig uri pref set, so we clear all the prefs that we - // will have initialized, which will leave them pointing at production. - for (let pref of CONFIG_PREFS) { - Services.prefs.clearUserPref(pref); - } - // Reset the webchannel. - EnsureFxAccountsWebChannel(); - if (!Services.prefs.prefHasUserValue("webchannel.allowObject.urlWhitelist")) { - return; - } - let whitelistValue = Services.prefs.getCharPref("webchannel.allowObject.urlWhitelist"); - if (whitelistValue.startsWith(autoconfigURL + " ")) { - whitelistValue = whitelistValue.slice(autoconfigURL.length + 1); - // Check and see if the value will be the default, and just clear the pref if it would - // to avoid it showing up as changed in about:config. - let defaultWhitelist; - try { - defaultWhitelist = Services.prefs.getDefaultBranch("webchannel.allowObject.").getCharPref("urlWhitelist"); - } catch (e) { - // No default value ... - } - - if (defaultWhitelist === whitelistValue) { - Services.prefs.clearUserPref("webchannel.allowObject.urlWhitelist"); - } else { - Services.prefs.setCharPref("webchannel.allowObject.urlWhitelist", whitelistValue); - } - } - }, - - getAutoConfigURL() { - let pref; - try { - pref = Services.prefs.getCharPref("identity.fxaccounts.autoconfig.uri"); - } catch (e) { /* no pref */ } - if (!pref) { - // no pref / empty pref means we don't bother here. - return ""; - } - let rootURL = Services.urlFormatter.formatURL(pref); - if (rootURL.endsWith("/")) { - rootURL.slice(0, -1); - } - return rootURL; - }, - - ensureConfigured: Task.async(function*() { - let isSignedIn = !!(yield fxAccounts.getSignedInUser()); - if (!isSignedIn) { - yield this.fetchConfigURLs(); - } - }), - - // Read expected client configuration from the fxa auth server - // (from `identity.fxaccounts.autoconfig.uri`/.well-known/fxa-client-configuration) - // and replace all the relevant our prefs with the information found there. - // This is only done before sign-in and sign-up, and even then only if the - // `identity.fxaccounts.autoconfig.uri` preference is set. - fetchConfigURLs: Task.async(function*() { - let rootURL = this.getAutoConfigURL(); - if (!rootURL) { - return; - } - let configURL = rootURL + "/.well-known/fxa-client-configuration"; - let jsonStr = yield new Promise((resolve, reject) => { - let request = new RESTRequest(configURL); - request.setHeader("Accept", "application/json"); - request.get(error => { - if (error) { - log.error(`Failed to get configuration object from "${configURL}"`, error); - return reject(error); - } - if (!request.response.success) { - log.error(`Received HTTP response code ${request.response.status} from configuration object request`); - if (request.response && request.response.body) { - log.debug("Got error response", request.response.body); - } - return reject(request.response.status); - } - resolve(request.response.body); - }); - }); - - log.debug("Got successful configuration response", jsonStr); - try { - // Update the prefs directly specified by the config. - let config = JSON.parse(jsonStr) - let authServerBase = config.auth_server_base_url; - if (!authServerBase.endsWith("/v1")) { - authServerBase += "/v1"; - } - Services.prefs.setCharPref("identity.fxaccounts.auth.uri", authServerBase); - Services.prefs.setCharPref("identity.fxaccounts.remote.oauth.uri", config.oauth_server_base_url + "/v1"); - Services.prefs.setCharPref("identity.fxaccounts.remote.profile.uri", config.profile_server_base_url + "/v1"); - Services.prefs.setCharPref("identity.sync.tokenserver.uri", config.sync_tokenserver_base_url + "/1.0/sync/1.5"); - // Update the prefs that are based off of the autoconfig url - - let contextParam = encodeURIComponent( - Services.prefs.getCharPref("identity.fxaccounts.contextParam")); - - Services.prefs.setCharPref("identity.fxaccounts.remote.webchannel.uri", rootURL); - Services.prefs.setCharPref("identity.fxaccounts.settings.uri", rootURL + "/settings?service=sync&context=" + contextParam); - Services.prefs.setCharPref("identity.fxaccounts.remote.signup.uri", rootURL + "/signup?service=sync&context=" + contextParam); - Services.prefs.setCharPref("identity.fxaccounts.remote.signin.uri", rootURL + "/signin?service=sync&context=" + contextParam); - Services.prefs.setCharPref("identity.fxaccounts.remote.force_auth.uri", rootURL + "/force_auth?service=sync&context=" + contextParam); - - let whitelistValue = Services.prefs.getCharPref("webchannel.allowObject.urlWhitelist"); - if (!whitelistValue.includes(rootURL)) { - whitelistValue = `${rootURL} ${whitelistValue}`; - Services.prefs.setCharPref("webchannel.allowObject.urlWhitelist", whitelistValue); - } - // Ensure the webchannel is pointed at the correct uri - EnsureFxAccountsWebChannel(); - } catch (e) { - log.error("Failed to initialize configuration preferences from autoconfig object", e); - throw e; - } - }), - -}; diff --git a/services/fxaccounts/FxAccountsOAuthClient.jsm b/services/fxaccounts/FxAccountsOAuthClient.jsm deleted file mode 100644 index c59f1a869..000000000 --- a/services/fxaccounts/FxAccountsOAuthClient.jsm +++ /dev/null @@ -1,269 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -/** - * Firefox Accounts OAuth browser login helper. - * Uses the WebChannel component to receive OAuth messages and complete login flows. - */ - -this.EXPORTED_SYMBOLS = ["FxAccountsOAuthClient"]; - -const {classes: Cc, interfaces: Ci, utils: Cu, results: Cr} = Components; - -Cu.import("resource://gre/modules/XPCOMUtils.jsm"); -Cu.import("resource://gre/modules/Log.jsm"); -Cu.import("resource://gre/modules/Services.jsm"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -XPCOMUtils.defineLazyModuleGetter(this, "WebChannel", - "resource://gre/modules/WebChannel.jsm"); -Cu.importGlobalProperties(["URL"]); - -/** - * Create a new FxAccountsOAuthClient for browser some service. - * - * @param {Object} options Options - * @param {Object} options.parameters - * Opaque alphanumeric token to be included in verification links - * @param {String} options.parameters.client_id - * OAuth id returned from client registration - * @param {String} options.parameters.state - * A value that will be returned to the client as-is upon redirection - * @param {String} options.parameters.oauth_uri - * The FxA OAuth server uri - * @param {String} options.parameters.content_uri - * The FxA Content server uri - * @param {String} [options.parameters.scope] - * Optional. A colon-separated list of scopes that the user has authorized - * @param {String} [options.parameters.action] - * Optional. If provided, should be either signup, signin or force_auth. - * @param {String} [options.parameters.email] - * Optional. Required if options.paramters.action is 'force_auth'. - * @param {Boolean} [options.parameters.keys] - * Optional. If true then relier-specific encryption keys will be - * available in the second argument to onComplete. - * @param [authorizationEndpoint] {String} - * Optional authorization endpoint for the OAuth server - * @constructor - */ -this.FxAccountsOAuthClient = function(options) { - this._validateOptions(options); - this.parameters = options.parameters; - this._configureChannel(); - - let authorizationEndpoint = options.authorizationEndpoint || "/authorization"; - - try { - this._fxaOAuthStartUrl = new URL(this.parameters.oauth_uri + authorizationEndpoint + "?"); - } catch (e) { - throw new Error("Invalid OAuth Url"); - } - - let params = this._fxaOAuthStartUrl.searchParams; - params.append("client_id", this.parameters.client_id); - params.append("state", this.parameters.state); - params.append("scope", this.parameters.scope || ""); - params.append("action", this.parameters.action || "signin"); - params.append("webChannelId", this._webChannelId); - if (this.parameters.keys) { - params.append("keys", "true"); - } - // Only append if we actually have a value. - if (this.parameters.email) { - params.append("email", this.parameters.email); - } -}; - -this.FxAccountsOAuthClient.prototype = { - /** - * Function that gets called once the OAuth flow is complete. - * The callback will receive an object with code and state properties. - * If the keys parameter was specified and true, the callback will receive - * a second argument with kAr and kBr properties. - */ - onComplete: null, - /** - * Function that gets called if there is an error during the OAuth flow, - * for example due to a state mismatch. - * The callback will receive an Error object as its argument. - */ - onError: null, - /** - * Configuration object that stores all OAuth parameters. - */ - parameters: null, - /** - * WebChannel that is used to communicate with content page. - */ - _channel: null, - /** - * Boolean to indicate if this client has completed an OAuth flow. - */ - _complete: false, - /** - * The url that opens the Firefox Accounts OAuth flow. - */ - _fxaOAuthStartUrl: null, - /** - * WebChannel id. - */ - _webChannelId: null, - /** - * WebChannel origin, used to validate origin of messages. - */ - _webChannelOrigin: null, - /** - * Opens a tab at "this._fxaOAuthStartUrl". - * Registers a WebChannel listener and sets up a callback if needed. - */ - launchWebFlow: function () { - if (!this._channelCallback) { - this._registerChannel(); - } - - if (this._complete) { - throw new Error("This client already completed the OAuth flow"); - } else { - let opener = Services.wm.getMostRecentWindow("navigator:browser").gBrowser; - opener.selectedTab = opener.addTab(this._fxaOAuthStartUrl.href); - } - }, - - /** - * Release all resources that are in use. - */ - tearDown: function() { - this.onComplete = null; - this.onError = null; - this._complete = true; - this._channel.stopListening(); - this._channel = null; - }, - - /** - * Configures WebChannel id and origin - * - * @private - */ - _configureChannel: function() { - this._webChannelId = "oauth_" + this.parameters.client_id; - - // if this.parameters.content_uri is present but not a valid URI, then this will throw an error. - try { - this._webChannelOrigin = Services.io.newURI(this.parameters.content_uri, null, null); - } catch (e) { - throw e; - } - }, - - /** - * Create a new channel with the WebChannelBroker, setup a callback listener - * @private - */ - _registerChannel: function() { - /** - * Processes messages that are called back from the FxAccountsChannel - * - * @param webChannelId {String} - * Command webChannelId - * @param message {Object} - * Command message - * @param sendingContext {Object} - * Channel message event sendingContext - * @private - */ - let listener = function (webChannelId, message, sendingContext) { - if (message) { - let command = message.command; - let data = message.data; - let target = sendingContext && sendingContext.browser; - - switch (command) { - case "oauth_complete": - // validate the returned state and call onComplete or onError - let result = null; - let err = null; - - if (this.parameters.state !== data.state) { - err = new Error("OAuth flow failed. State doesn't match"); - } else if (this.parameters.keys && !data.keys) { - err = new Error("OAuth flow failed. Keys were not returned"); - } else { - result = { - code: data.code, - state: data.state - }; - } - - // if the message asked to close the tab - if (data.closeWindow && target) { - // for e10s reasons the best way is to use the TabBrowser to close the tab. - let tabbrowser = target.getTabBrowser(); - - if (tabbrowser) { - let tab = tabbrowser.getTabForBrowser(target); - - if (tab) { - tabbrowser.removeTab(tab); - log.debug("OAuth flow closed the tab."); - } else { - log.debug("OAuth flow failed to close the tab. Tab not found in TabBrowser."); - } - } else { - log.debug("OAuth flow failed to close the tab. TabBrowser not found."); - } - } - - if (err) { - log.debug(err.message); - if (this.onError) { - this.onError(err); - } - } else { - log.debug("OAuth flow completed."); - if (this.onComplete) { - if (this.parameters.keys) { - this.onComplete(result, data.keys); - } else { - this.onComplete(result); - } - } - } - - // onComplete will be called for this client only once - // calling onComplete again will result in a failure of the OAuth flow - this.tearDown(); - break; - } - } - }; - - this._channelCallback = listener.bind(this); - this._channel = new WebChannel(this._webChannelId, this._webChannelOrigin); - this._channel.listen(this._channelCallback); - log.debug("Channel registered: " + this._webChannelId + " with origin " + this._webChannelOrigin.prePath); - }, - - /** - * Validates the required FxA OAuth parameters - * - * @param options {Object} - * OAuth client options - * @private - */ - _validateOptions: function (options) { - if (!options || !options.parameters) { - throw new Error("Missing 'parameters' configuration option"); - } - - ["oauth_uri", "client_id", "content_uri", "state"].forEach(option => { - if (!options.parameters[option]) { - throw new Error("Missing 'parameters." + option + "' parameter"); - } - }); - - if (options.parameters.action == "force_auth" && !options.parameters.email) { - throw new Error("parameters.email is required for action 'force_auth'"); - } - }, -}; diff --git a/services/fxaccounts/FxAccountsOAuthGrantClient.jsm b/services/fxaccounts/FxAccountsOAuthGrantClient.jsm deleted file mode 100644 index 4319a07ab..000000000 --- a/services/fxaccounts/FxAccountsOAuthGrantClient.jsm +++ /dev/null @@ -1,241 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -/** - * Firefox Accounts OAuth Grant Client allows clients to obtain - * an OAuth token from a BrowserID assertion. Only certain client - * IDs support this privilage. - */ - -this.EXPORTED_SYMBOLS = ["FxAccountsOAuthGrantClient", "FxAccountsOAuthGrantClientError"]; - -const {classes: Cc, interfaces: Ci, utils: Cu, results: Cr} = Components; - -Cu.import("resource://gre/modules/Promise.jsm"); -Cu.import("resource://gre/modules/Log.jsm"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -Cu.import("resource://services-common/rest.js"); - -Cu.importGlobalProperties(["URL"]); - -const AUTH_ENDPOINT = "/authorization"; -const DESTROY_ENDPOINT = "/destroy"; - -/** - * Create a new FxAccountsOAuthClient for browser some service. - * - * @param {Object} options Options - * @param {Object} options.parameters - * @param {String} options.parameters.client_id - * OAuth id returned from client registration - * @param {String} options.parameters.serverURL - * The FxA OAuth server URL - * @param [authorizationEndpoint] {String} - * Optional authorization endpoint for the OAuth server - * @constructor - */ -this.FxAccountsOAuthGrantClient = function(options) { - - this._validateOptions(options); - this.parameters = options; - - try { - this.serverURL = new URL(this.parameters.serverURL); - } catch (e) { - throw new Error("Invalid 'serverURL'"); - } - - log.debug("FxAccountsOAuthGrantClient Initialized"); -}; - -this.FxAccountsOAuthGrantClient.prototype = { - - /** - * Retrieves an OAuth access token for the signed in user - * - * @param {Object} assertion BrowserID assertion - * @param {String} scope OAuth scope - * @return Promise - * Resolves: {Object} Object with access_token property - */ - getTokenFromAssertion: function (assertion, scope) { - if (!assertion) { - throw new Error("Missing 'assertion' parameter"); - } - if (!scope) { - throw new Error("Missing 'scope' parameter"); - } - let params = { - scope: scope, - client_id: this.parameters.client_id, - assertion: assertion, - response_type: "token" - }; - - return this._createRequest(AUTH_ENDPOINT, "POST", params); - }, - - /** - * Destroys a previously fetched OAuth access token. - * - * @param {String} token The previously fetched token - * @return Promise - * Resolves: {Object} with the server response, which is typically - * ignored. - */ - destroyToken: function (token) { - if (!token) { - throw new Error("Missing 'token' parameter"); - } - let params = { - token: token, - }; - - return this._createRequest(DESTROY_ENDPOINT, "POST", params); - }, - - /** - * Validates the required FxA OAuth parameters - * - * @param options {Object} - * OAuth client options - * @private - */ - _validateOptions: function (options) { - if (!options) { - throw new Error("Missing configuration options"); - } - - ["serverURL", "client_id"].forEach(option => { - if (!options[option]) { - throw new Error("Missing '" + option + "' parameter"); - } - }); - }, - - /** - * Interface for making remote requests. - */ - _Request: RESTRequest, - - /** - * Remote request helper - * - * @param {String} path - * Profile server path, i.e "/profile". - * @param {String} [method] - * Type of request, i.e "GET". - * @return Promise - * Resolves: {Object} Successful response from the Profile server. - * Rejects: {FxAccountsOAuthGrantClientError} Profile client error. - * @private - */ - _createRequest: function(path, method = "POST", params) { - return new Promise((resolve, reject) => { - let profileDataUrl = this.serverURL + path; - let request = new this._Request(profileDataUrl); - method = method.toUpperCase(); - - request.setHeader("Accept", "application/json"); - request.setHeader("Content-Type", "application/json"); - - request.onComplete = function (error) { - if (error) { - return reject(new FxAccountsOAuthGrantClientError({ - error: ERROR_NETWORK, - errno: ERRNO_NETWORK, - message: error.toString(), - })); - } - - let body = null; - try { - body = JSON.parse(request.response.body); - } catch (e) { - return reject(new FxAccountsOAuthGrantClientError({ - error: ERROR_PARSE, - errno: ERRNO_PARSE, - code: request.response.status, - message: request.response.body, - })); - } - - // "response.success" means status code is 200 - if (request.response.success) { - return resolve(body); - } - - if (typeof body.errno === 'number') { - // Offset oauth server errnos to avoid conflict with other FxA server errnos - body.errno += OAUTH_SERVER_ERRNO_OFFSET; - } else if (body.errno) { - body.errno = ERRNO_UNKNOWN_ERROR; - } - return reject(new FxAccountsOAuthGrantClientError(body)); - }; - - if (method === "POST") { - request.post(params); - } else { - // method not supported - return reject(new FxAccountsOAuthGrantClientError({ - error: ERROR_NETWORK, - errno: ERRNO_NETWORK, - code: ERROR_CODE_METHOD_NOT_ALLOWED, - message: ERROR_MSG_METHOD_NOT_ALLOWED, - })); - } - }); - }, - -}; - -/** - * Normalized profile client errors - * @param {Object} [details] - * Error details object - * @param {number} [details.code] - * Error code - * @param {number} [details.errno] - * Error number - * @param {String} [details.error] - * Error description - * @param {String|null} [details.message] - * Error message - * @constructor - */ -this.FxAccountsOAuthGrantClientError = function(details) { - details = details || {}; - - this.name = "FxAccountsOAuthGrantClientError"; - this.code = details.code || null; - this.errno = details.errno || ERRNO_UNKNOWN_ERROR; - this.error = details.error || ERROR_UNKNOWN; - this.message = details.message || null; -}; - -/** - * Returns error object properties - * - * @returns {{name: *, code: *, errno: *, error: *, message: *}} - * @private - */ -FxAccountsOAuthGrantClientError.prototype._toStringFields = function() { - return { - name: this.name, - code: this.code, - errno: this.errno, - error: this.error, - message: this.message, - }; -}; - -/** - * String representation of a oauth grant client error - * - * @returns {String} - */ -FxAccountsOAuthGrantClientError.prototype.toString = function() { - return this.name + "(" + JSON.stringify(this._toStringFields()) + ")"; -}; diff --git a/services/fxaccounts/FxAccountsProfile.jsm b/services/fxaccounts/FxAccountsProfile.jsm deleted file mode 100644 index b63cd64c1..000000000 --- a/services/fxaccounts/FxAccountsProfile.jsm +++ /dev/null @@ -1,191 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -"use strict"; - -/** - * Firefox Accounts Profile helper. - * - * This class abstracts interaction with the profile server for an account. - * It will handle things like fetching profile data, listening for updates to - * the user's profile in open browser tabs, and cacheing/invalidating profile data. - */ - -this.EXPORTED_SYMBOLS = ["FxAccountsProfile"]; - -const {classes: Cc, interfaces: Ci, utils: Cu, results: Cr} = Components; - -Cu.import("resource://gre/modules/XPCOMUtils.jsm"); -Cu.import("resource://gre/modules/Services.jsm"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -Cu.import("resource://gre/modules/FxAccounts.jsm"); - -XPCOMUtils.defineLazyModuleGetter(this, "FxAccountsProfileClient", - "resource://gre/modules/FxAccountsProfileClient.jsm"); - -// Based off of deepEqual from Assert.jsm -function deepEqual(actual, expected) { - if (actual === expected) { - return true; - } else if (typeof actual != "object" && typeof expected != "object") { - return actual == expected; - } else { - return objEquiv(actual, expected); - } -} - -function isUndefinedOrNull(value) { - return value === null || value === undefined; -} - -function objEquiv(a, b) { - if (isUndefinedOrNull(a) || isUndefinedOrNull(b)) { - return false; - } - if (a.prototype !== b.prototype) { - return false; - } - let ka, kb, key, i; - try { - ka = Object.keys(a); - kb = Object.keys(b); - } catch (e) { - return false; - } - if (ka.length != kb.length) { - return false; - } - ka.sort(); - kb.sort(); - for (i = ka.length - 1; i >= 0; i--) { - key = ka[i]; - if (!deepEqual(a[key], b[key])) { - return false; - } - } - return true; -} - -function hasChanged(oldData, newData) { - return !deepEqual(oldData, newData); -} - -this.FxAccountsProfile = function (options = {}) { - this._cachedProfile = null; - this._cachedAt = 0; // when we saved the cached version. - this._currentFetchPromise = null; - this._isNotifying = false; // are we sending a notification? - this.fxa = options.fxa || fxAccounts; - this.client = options.profileClient || new FxAccountsProfileClient({ - fxa: this.fxa, - serverURL: options.profileServerUrl, - }); - - // An observer to invalidate our _cachedAt optimization. We use a weak-ref - // just incase this.tearDown isn't called in some cases. - Services.obs.addObserver(this, ON_PROFILE_CHANGE_NOTIFICATION, true); - // for testing - if (options.channel) { - this.channel = options.channel; - } -} - -this.FxAccountsProfile.prototype = { - // If we get subsequent requests for a profile within this period, don't bother - // making another request to determine if it is fresh or not. - PROFILE_FRESHNESS_THRESHOLD: 120000, // 2 minutes - - observe(subject, topic, data) { - // If we get a profile change notification from our webchannel it means - // the user has just changed their profile via the web, so we want to - // ignore our "freshness threshold" - if (topic == ON_PROFILE_CHANGE_NOTIFICATION && !this._isNotifying) { - log.debug("FxAccountsProfile observed profile change"); - this._cachedAt = 0; - } - }, - - tearDown: function () { - this.fxa = null; - this.client = null; - this._cachedProfile = null; - Services.obs.removeObserver(this, ON_PROFILE_CHANGE_NOTIFICATION); - }, - - _getCachedProfile: function () { - // The cached profile will end up back in the generic accountData - // once bug 1157529 is fixed. - return Promise.resolve(this._cachedProfile); - }, - - _notifyProfileChange: function (uid) { - this._isNotifying = true; - Services.obs.notifyObservers(null, ON_PROFILE_CHANGE_NOTIFICATION, uid); - this._isNotifying = false; - }, - - // Cache fetched data if it is different from what's in the cache. - // Send out a notification if it has changed so that UI can update. - _cacheProfile: function (profileData) { - if (!hasChanged(this._cachedProfile, profileData)) { - log.debug("fetched profile matches cached copy"); - return Promise.resolve(null); // indicates no change (but only tests care) - } - this._cachedProfile = profileData; - this._cachedAt = Date.now(); - return this.fxa.getSignedInUser() - .then(userData => { - log.debug("notifying profile changed for user ${uid}", userData); - this._notifyProfileChange(userData.uid); - return profileData; - }); - }, - - _fetchAndCacheProfile: function () { - if (!this._currentFetchPromise) { - this._currentFetchPromise = this.client.fetchProfile().then(profile => { - return this._cacheProfile(profile).then(() => { - return profile; - }); - }).then(profile => { - this._currentFetchPromise = null; - return profile; - }, err => { - this._currentFetchPromise = null; - throw err; - }); - } - return this._currentFetchPromise - }, - - // Returns cached data right away if available, then fetches the latest profile - // data in the background. After data is fetched a notification will be sent - // out if the profile has changed. - getProfile: function () { - return this._getCachedProfile() - .then(cachedProfile => { - if (cachedProfile) { - if (Date.now() > this._cachedAt + this.PROFILE_FRESHNESS_THRESHOLD) { - // Note that _fetchAndCacheProfile isn't returned, so continues - // in the background. - this._fetchAndCacheProfile().catch(err => { - log.error("Background refresh of profile failed", err); - }); - } else { - log.trace("not checking freshness of profile as it remains recent"); - } - return cachedProfile; - } - return this._fetchAndCacheProfile(); - }) - .then(profile => { - return profile; - }); - }, - - QueryInterface: XPCOMUtils.generateQI([ - Ci.nsIObserver, - Ci.nsISupportsWeakReference, - ]), -}; diff --git a/services/fxaccounts/FxAccountsProfileClient.jsm b/services/fxaccounts/FxAccountsProfileClient.jsm deleted file mode 100644 index 1e5edc634..000000000 --- a/services/fxaccounts/FxAccountsProfileClient.jsm +++ /dev/null @@ -1,260 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -/** - * A client to fetch profile information for a Firefox Account. - */ - "use strict;" - -this.EXPORTED_SYMBOLS = ["FxAccountsProfileClient", "FxAccountsProfileClientError"]; - -const {classes: Cc, interfaces: Ci, utils: Cu, results: Cr} = Components; - -Cu.import("resource://gre/modules/Promise.jsm"); -Cu.import("resource://gre/modules/Log.jsm"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -Cu.import("resource://gre/modules/FxAccounts.jsm"); -Cu.import("resource://gre/modules/Task.jsm"); -Cu.import("resource://services-common/rest.js"); - -Cu.importGlobalProperties(["URL"]); - -/** - * Create a new FxAccountsProfileClient to be able to fetch Firefox Account profile information. - * - * @param {Object} options Options - * @param {String} options.serverURL - * The URL of the profile server to query. - * Example: https://profile.accounts.firefox.com/v1 - * @param {String} options.token - * The bearer token to access the profile server - * @constructor - */ -this.FxAccountsProfileClient = function(options) { - if (!options || !options.serverURL) { - throw new Error("Missing 'serverURL' configuration option"); - } - - this.fxa = options.fxa || fxAccounts; - // This is a work-around for loop that manages its own oauth tokens. - // * If |token| is in options we use it and don't attempt any token refresh - // on 401. This is for loop. - // * If |token| doesn't exist we will fetch our own token. This is for the - // normal FxAccounts methods for obtaining the profile. - // We should nuke all |this.token| support once loop moves closer to FxAccounts. - this.token = options.token; - - try { - this.serverURL = new URL(options.serverURL); - } catch (e) { - throw new Error("Invalid 'serverURL'"); - } - this.oauthOptions = { - scope: "profile", - }; - log.debug("FxAccountsProfileClient: Initialized"); -}; - -this.FxAccountsProfileClient.prototype = { - /** - * {nsIURI} - * The server to fetch profile information from. - */ - serverURL: null, - - /** - * Interface for making remote requests. - */ - _Request: RESTRequest, - - /** - * Remote request helper which abstracts authentication away. - * - * @param {String} path - * Profile server path, i.e "/profile". - * @param {String} [method] - * Type of request, i.e "GET". - * @return Promise - * Resolves: {Object} Successful response from the Profile server. - * Rejects: {FxAccountsProfileClientError} Profile client error. - * @private - */ - _createRequest: Task.async(function* (path, method = "GET") { - let token = this.token; - if (!token) { - // tokens are cached, so getting them each request is cheap. - token = yield this.fxa.getOAuthToken(this.oauthOptions); - } - try { - return (yield this._rawRequest(path, method, token)); - } catch (ex) { - if (!(ex instanceof FxAccountsProfileClientError) || ex.code != 401) { - throw ex; - } - // If this object was instantiated with a token then we don't refresh it. - if (this.token) { - throw ex; - } - // it's an auth error - assume our token expired and retry. - log.info("Fetching the profile returned a 401 - revoking our token and retrying"); - yield this.fxa.removeCachedOAuthToken({token}); - token = yield this.fxa.getOAuthToken(this.oauthOptions); - // and try with the new token - if that also fails then we fail after - // revoking the token. - try { - return (yield this._rawRequest(path, method, token)); - } catch (ex) { - if (!(ex instanceof FxAccountsProfileClientError) || ex.code != 401) { - throw ex; - } - log.info("Retry fetching the profile still returned a 401 - revoking our token and failing"); - yield this.fxa.removeCachedOAuthToken({token}); - throw ex; - } - } - }), - - /** - * Remote "raw" request helper - doesn't handle auth errors and tokens. - * - * @param {String} path - * Profile server path, i.e "/profile". - * @param {String} method - * Type of request, i.e "GET". - * @param {String} token - * @return Promise - * Resolves: {Object} Successful response from the Profile server. - * Rejects: {FxAccountsProfileClientError} Profile client error. - * @private - */ - _rawRequest: function(path, method, token) { - return new Promise((resolve, reject) => { - let profileDataUrl = this.serverURL + path; - let request = new this._Request(profileDataUrl); - method = method.toUpperCase(); - - request.setHeader("Authorization", "Bearer " + token); - request.setHeader("Accept", "application/json"); - - request.onComplete = function (error) { - if (error) { - return reject(new FxAccountsProfileClientError({ - error: ERROR_NETWORK, - errno: ERRNO_NETWORK, - message: error.toString(), - })); - } - - let body = null; - try { - body = JSON.parse(request.response.body); - } catch (e) { - return reject(new FxAccountsProfileClientError({ - error: ERROR_PARSE, - errno: ERRNO_PARSE, - code: request.response.status, - message: request.response.body, - })); - } - - // "response.success" means status code is 200 - if (request.response.success) { - return resolve(body); - } else { - return reject(new FxAccountsProfileClientError({ - error: body.error || ERROR_UNKNOWN, - errno: body.errno || ERRNO_UNKNOWN_ERROR, - code: request.response.status, - message: body.message || body, - })); - } - }; - - if (method === "GET") { - request.get(); - } else { - // method not supported - return reject(new FxAccountsProfileClientError({ - error: ERROR_NETWORK, - errno: ERRNO_NETWORK, - code: ERROR_CODE_METHOD_NOT_ALLOWED, - message: ERROR_MSG_METHOD_NOT_ALLOWED, - })); - } - }); - }, - - /** - * Retrieve user's profile from the server - * - * @return Promise - * Resolves: {Object} Successful response from the '/profile' endpoint. - * Rejects: {FxAccountsProfileClientError} profile client error. - */ - fetchProfile: function () { - log.debug("FxAccountsProfileClient: Requested profile"); - return this._createRequest("/profile", "GET"); - }, - - /** - * Retrieve user's profile from the server - * - * @return Promise - * Resolves: {Object} Successful response from the '/avatar' endpoint. - * Rejects: {FxAccountsProfileClientError} profile client error. - */ - fetchProfileImage: function () { - log.debug("FxAccountsProfileClient: Requested avatar"); - return this._createRequest("/avatar", "GET"); - } -}; - -/** - * Normalized profile client errors - * @param {Object} [details] - * Error details object - * @param {number} [details.code] - * Error code - * @param {number} [details.errno] - * Error number - * @param {String} [details.error] - * Error description - * @param {String|null} [details.message] - * Error message - * @constructor - */ -this.FxAccountsProfileClientError = function(details) { - details = details || {}; - - this.name = "FxAccountsProfileClientError"; - this.code = details.code || null; - this.errno = details.errno || ERRNO_UNKNOWN_ERROR; - this.error = details.error || ERROR_UNKNOWN; - this.message = details.message || null; -}; - -/** - * Returns error object properties - * - * @returns {{name: *, code: *, errno: *, error: *, message: *}} - * @private - */ -FxAccountsProfileClientError.prototype._toStringFields = function() { - return { - name: this.name, - code: this.code, - errno: this.errno, - error: this.error, - message: this.message, - }; -}; - -/** - * String representation of a profile client error - * - * @returns {String} - */ -FxAccountsProfileClientError.prototype.toString = function() { - return this.name + "(" + JSON.stringify(this._toStringFields()) + ")"; -}; diff --git a/services/fxaccounts/FxAccountsPush.js b/services/fxaccounts/FxAccountsPush.js deleted file mode 100644 index 358be06ee..000000000 --- a/services/fxaccounts/FxAccountsPush.js +++ /dev/null @@ -1,240 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -const Cc = Components.classes; -const Ci = Components.interfaces; -const Cu = Components.utils; - -Cu.import("resource://gre/modules/XPCOMUtils.jsm"); -Cu.import("resource://gre/modules/Services.jsm"); -Cu.import("resource://services-sync/util.js"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -Cu.import("resource://gre/modules/Task.jsm"); - -/** - * FxAccountsPushService manages Push notifications for Firefox Accounts in the browser - * - * @param [options] - * Object, custom options that used for testing - * @constructor - */ -function FxAccountsPushService(options = {}) { - this.log = log; - - if (options.log) { - // allow custom log for testing purposes - this.log = options.log; - } - - this.log.debug("FxAccountsPush loading service"); - this.wrappedJSObject = this; - this.initialize(options); -} - -FxAccountsPushService.prototype = { - /** - * Helps only initialize observers once. - */ - _initialized: false, - /** - * Instance of the nsIPushService or a mocked object. - */ - pushService: null, - /** - * Instance of FxAccounts or a mocked object. - */ - fxAccounts: null, - /** - * Component ID of this service, helps register this component. - */ - classID: Components.ID("{1b7db999-2ecd-4abf-bb95-a726896798ca}"), - /** - * Register used interfaces in this service - */ - QueryInterface: XPCOMUtils.generateQI([Ci.nsIObserver]), - /** - * Initialize the service and register all the required observers. - * - * @param [options] - */ - initialize(options) { - if (this._initialized) { - return false; - } - - this._initialized = true; - - if (options.pushService) { - this.pushService = options.pushService; - } else { - this.pushService = Cc["@mozilla.org/push/Service;1"].getService(Ci.nsIPushService); - } - - if (options.fxAccounts) { - this.fxAccounts = options.fxAccounts; - } else { - XPCOMUtils.defineLazyModuleGetter(this, "fxAccounts", - "resource://gre/modules/FxAccounts.jsm"); - } - - // listen to new push messages, push changes and logout events - Services.obs.addObserver(this, this.pushService.pushTopic, false); - Services.obs.addObserver(this, this.pushService.subscriptionChangeTopic, false); - Services.obs.addObserver(this, ONLOGOUT_NOTIFICATION, false); - - this.log.debug("FxAccountsPush initialized"); - }, - /** - * Registers a new endpoint with the Push Server - * - * @returns {Promise} - * Promise always resolves with a subscription or a null if failed to subscribe. - */ - registerPushEndpoint() { - this.log.trace("FxAccountsPush registerPushEndpoint"); - - return new Promise((resolve) => { - this.pushService.subscribe(FXA_PUSH_SCOPE_ACCOUNT_UPDATE, - Services.scriptSecurityManager.getSystemPrincipal(), - (result, subscription) => { - if (Components.isSuccessCode(result)) { - this.log.debug("FxAccountsPush got subscription"); - resolve(subscription); - } else { - this.log.warn("FxAccountsPush failed to subscribe", result); - resolve(null); - } - }); - }); - }, - /** - * Standard observer interface to listen to push messages, changes and logout. - * - * @param subject - * @param topic - * @param data - * @returns {Promise} - */ - _observe(subject, topic, data) { - this.log.trace(`observed topic=${topic}, data=${data}, subject=${subject}`); - switch (topic) { - case this.pushService.pushTopic: - if (data === FXA_PUSH_SCOPE_ACCOUNT_UPDATE) { - let message = subject.QueryInterface(Ci.nsIPushMessage); - return this._onPushMessage(message); - } - break; - case this.pushService.subscriptionChangeTopic: - if (data === FXA_PUSH_SCOPE_ACCOUNT_UPDATE) { - return this._onPushSubscriptionChange(); - } - break; - case ONLOGOUT_NOTIFICATION: - // user signed out, we need to stop polling the Push Server - return this.unsubscribe().catch(err => { - this.log.error("Error during unsubscribe", err); - }); - break; - default: - break; - } - }, - /** - * Wrapper around _observe that catches errors - */ - observe(subject, topic, data) { - Promise.resolve() - .then(() => this._observe(subject, topic, data)) - .catch(err => this.log.error(err)); - }, - /** - * Fired when the Push server sends a notification. - * - * @private - * @returns {Promise} - */ - _onPushMessage(message) { - this.log.trace("FxAccountsPushService _onPushMessage"); - if (!message.data) { - // Use the empty signal to check the verification state of the account right away - this.log.debug("empty push message - checking account status"); - return this.fxAccounts.checkVerificationStatus(); - } - let payload = message.data.json(); - this.log.debug(`push command: ${payload.command}`); - switch (payload.command) { - case ON_DEVICE_DISCONNECTED_NOTIFICATION: - return this.fxAccounts.handleDeviceDisconnection(payload.data.id); - break; - case ON_PASSWORD_CHANGED_NOTIFICATION: - case ON_PASSWORD_RESET_NOTIFICATION: - return this._onPasswordChanged(); - break; - case ON_COLLECTION_CHANGED_NOTIFICATION: - Services.obs.notifyObservers(null, ON_COLLECTION_CHANGED_NOTIFICATION, payload.data.collections); - default: - this.log.warn("FxA Push command unrecognized: " + payload.command); - } - }, - /** - * Check the FxA session status after a password change/reset event. - * If the session is invalid, reset credentials and notify listeners of - * ON_ACCOUNT_STATE_CHANGE_NOTIFICATION that the account may have changed - * - * @returns {Promise} - * @private - */ - _onPasswordChanged: Task.async(function* () { - if (!(yield this.fxAccounts.sessionStatus())) { - yield this.fxAccounts.resetCredentials(); - Services.obs.notifyObservers(null, ON_ACCOUNT_STATE_CHANGE_NOTIFICATION, null); - } - }), - /** - * Fired when the Push server drops a subscription, or the subscription identifier changes. - * - * https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIPushService#Receiving_Push_Messages - * - * @returns {Promise} - * @private - */ - _onPushSubscriptionChange() { - this.log.trace("FxAccountsPushService _onPushSubscriptionChange"); - return this.fxAccounts.updateDeviceRegistration(); - }, - /** - * Unsubscribe from the Push server - * - * Ref: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIPushService#unsubscribe() - * - * @returns {Promise} - * @private - */ - unsubscribe() { - this.log.trace("FxAccountsPushService unsubscribe"); - return new Promise((resolve) => { - this.pushService.unsubscribe(FXA_PUSH_SCOPE_ACCOUNT_UPDATE, - Services.scriptSecurityManager.getSystemPrincipal(), - (result, ok) => { - if (Components.isSuccessCode(result)) { - if (ok === true) { - this.log.debug("FxAccountsPushService unsubscribed"); - } else { - this.log.debug("FxAccountsPushService had no subscription to unsubscribe"); - } - } else { - this.log.warn("FxAccountsPushService failed to unsubscribe", result); - } - return resolve(ok); - }); - }); - }, -}; - -// Service registration below registers with FxAccountsComponents.manifest -const components = [FxAccountsPushService]; -this.NSGetFactory = XPCOMUtils.generateNSGetFactory(components); - -// The following registration below helps with testing this service. -this.EXPORTED_SYMBOLS=["FxAccountsPushService"]; diff --git a/services/fxaccounts/FxAccountsStorage.jsm b/services/fxaccounts/FxAccountsStorage.jsm deleted file mode 100644 index 4362cdf5b..000000000 --- a/services/fxaccounts/FxAccountsStorage.jsm +++ /dev/null @@ -1,606 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -"use strict"; - -this.EXPORTED_SYMBOLS = [ - "FxAccountsStorageManagerCanStoreField", - "FxAccountsStorageManager", -]; - -const {classes: Cc, interfaces: Ci, utils: Cu} = Components; - -Cu.import("resource://gre/modules/AppConstants.jsm"); -Cu.import("resource://gre/modules/Services.jsm"); -Cu.import("resource://gre/modules/Task.jsm"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -Cu.import("resource://gre/modules/osfile.jsm"); -Cu.import("resource://services-common/utils.js"); - -var haveLoginManager = true; - -// A helper function so code can check what fields are able to be stored by -// the storage manager without having a reference to a manager instance. -function FxAccountsStorageManagerCanStoreField(fieldName) { - return FXA_PWDMGR_MEMORY_FIELDS.has(fieldName) || - FXA_PWDMGR_PLAINTEXT_FIELDS.has(fieldName) || - FXA_PWDMGR_SECURE_FIELDS.has(fieldName); -} - -// The storage manager object. -this.FxAccountsStorageManager = function(options = {}) { - this.options = { - filename: options.filename || DEFAULT_STORAGE_FILENAME, - baseDir: options.baseDir || OS.Constants.Path.profileDir, - } - this.plainStorage = new JSONStorage(this.options); - // On b2g we have no loginManager for secure storage, and tests may want - // to pretend secure storage isn't available. - let useSecure = 'useSecure' in options ? options.useSecure : haveLoginManager; - if (useSecure) { - this.secureStorage = new LoginManagerStorage(); - } else { - this.secureStorage = null; - } - this._clearCachedData(); - // See .initialize() below - this protects against it not being called. - this._promiseInitialized = Promise.reject("initialize not called"); - // A promise to avoid storage races - see _queueStorageOperation - this._promiseStorageComplete = Promise.resolve(); -} - -this.FxAccountsStorageManager.prototype = { - _initialized: false, - _needToReadSecure: true, - - // An initialization routine that *looks* synchronous to the callers, but - // is actually async as everything else waits for it to complete. - initialize(accountData) { - if (this._initialized) { - throw new Error("already initialized"); - } - this._initialized = true; - // If we just throw away our pre-rejected promise it is reported as an - // unhandled exception when it is GCd - so add an empty .catch handler here - // to prevent this. - this._promiseInitialized.catch(() => {}); - this._promiseInitialized = this._initialize(accountData); - }, - - _initialize: Task.async(function* (accountData) { - log.trace("initializing new storage manager"); - try { - if (accountData) { - // If accountData is passed we don't need to read any storage. - this._needToReadSecure = false; - // split it into the 2 parts, write it and we are done. - for (let [name, val] of Object.entries(accountData)) { - if (FXA_PWDMGR_PLAINTEXT_FIELDS.has(name)) { - this.cachedPlain[name] = val; - } else if (FXA_PWDMGR_SECURE_FIELDS.has(name)) { - this.cachedSecure[name] = val; - } else { - // Hopefully it's an "in memory" field. If it's not we log a warning - // but still treat it as such (so it will still be available in this - // session but isn't persisted anywhere.) - if (!FXA_PWDMGR_MEMORY_FIELDS.has(name)) { - log.warn("Unknown FxA field name in user data, treating as in-memory", name); - } - this.cachedMemory[name] = val; - } - } - // write it out and we are done. - yield this._write(); - return; - } - // So we were initialized without account data - that means we need to - // read the state from storage. We try and read plain storage first and - // only attempt to read secure storage if the plain storage had a user. - this._needToReadSecure = yield this._readPlainStorage(); - if (this._needToReadSecure && this.secureStorage) { - yield this._doReadAndUpdateSecure(); - } - } finally { - log.trace("initializing of new storage manager done"); - } - }), - - finalize() { - // We can't throw this instance away while it is still writing or we may - // end up racing with the newly created one. - log.trace("StorageManager finalizing"); - return this._promiseInitialized.then(() => { - return this._promiseStorageComplete; - }).then(() => { - this._promiseStorageComplete = null; - this._promiseInitialized = null; - this._clearCachedData(); - log.trace("StorageManager finalized"); - }) - }, - - // We want to make sure we don't end up doing multiple storage requests - // concurrently - which has a small window for reads if the master-password - // is locked at initialization time and becomes unlocked later, and always - // has an opportunity for updates. - // We also want to make sure we finished writing when finalizing, so we - // can't accidentally end up with the previous user's write finishing after - // a signOut attempts to clear it. - // So all such operations "queue" themselves via this. - _queueStorageOperation(func) { - // |result| is the promise we return - it has no .catch handler, so callers - // of the storage operation still see failure as a normal rejection. - let result = this._promiseStorageComplete.then(func); - // But the promise we assign to _promiseStorageComplete *does* have a catch - // handler so that rejections in one storage operation does not prevent - // future operations from starting (ie, _promiseStorageComplete must never - // be in a rejected state) - this._promiseStorageComplete = result.catch(err => { - log.error("${func} failed: ${err}", {func, err}); - }); - return result; - }, - - // Get the account data by combining the plain and secure storage. - // If fieldNames is specified, it may be a string or an array of strings, - // and only those fields are returned. If not specified the entire account - // data is returned except for "in memory" fields. Note that not specifying - // field names will soon be deprecated/removed - we want all callers to - // specify the fields they care about. - getAccountData: Task.async(function* (fieldNames = null) { - yield this._promiseInitialized; - // We know we are initialized - this means our .cachedPlain is accurate - // and doesn't need to be read (it was read if necessary by initialize). - // So if there's no uid, there's no user signed in. - if (!('uid' in this.cachedPlain)) { - return null; - } - let result = {}; - if (fieldNames === null) { - // The "old" deprecated way of fetching a logged in user. - for (let [name, value] of Object.entries(this.cachedPlain)) { - result[name] = value; - } - // But the secure data may not have been read, so try that now. - yield this._maybeReadAndUpdateSecure(); - // .cachedSecure now has as much as it possibly can (which is possibly - // nothing if (a) secure storage remains locked and (b) we've never updated - // a field to be stored in secure storage.) - for (let [name, value] of Object.entries(this.cachedSecure)) { - result[name] = value; - } - // Note we don't return cachedMemory fields here - they must be explicitly - // requested. - return result; - } - // The new explicit way of getting attributes. - if (!Array.isArray(fieldNames)) { - fieldNames = [fieldNames]; - } - let checkedSecure = false; - for (let fieldName of fieldNames) { - if (FXA_PWDMGR_MEMORY_FIELDS.has(fieldName)) { - if (this.cachedMemory[fieldName] !== undefined) { - result[fieldName] = this.cachedMemory[fieldName]; - } - } else if (FXA_PWDMGR_PLAINTEXT_FIELDS.has(fieldName)) { - if (this.cachedPlain[fieldName] !== undefined) { - result[fieldName] = this.cachedPlain[fieldName]; - } - } else if (FXA_PWDMGR_SECURE_FIELDS.has(fieldName)) { - // We may not have read secure storage yet. - if (!checkedSecure) { - yield this._maybeReadAndUpdateSecure(); - checkedSecure = true; - } - if (this.cachedSecure[fieldName] !== undefined) { - result[fieldName] = this.cachedSecure[fieldName]; - } - } else { - throw new Error("unexpected field '" + name + "'"); - } - } - return result; - }), - - // Update just the specified fields. This DOES NOT allow you to change to - // a different user, nor to set the user as signed-out. - updateAccountData: Task.async(function* (newFields) { - yield this._promiseInitialized; - if (!('uid' in this.cachedPlain)) { - // If this storage instance shows no logged in user, then you can't - // update fields. - throw new Error("No user is logged in"); - } - if (!newFields || 'uid' in newFields || 'email' in newFields) { - // Once we support - // user changing email address this may need to change, but it's not - // clear how we would be told of such a change anyway... - throw new Error("Can't change uid or email address"); - } - log.debug("_updateAccountData with items", Object.keys(newFields)); - // work out what bucket. - for (let [name, value] of Object.entries(newFields)) { - if (FXA_PWDMGR_MEMORY_FIELDS.has(name)) { - if (value == null) { - delete this.cachedMemory[name]; - } else { - this.cachedMemory[name] = value; - } - } else if (FXA_PWDMGR_PLAINTEXT_FIELDS.has(name)) { - if (value == null) { - delete this.cachedPlain[name]; - } else { - this.cachedPlain[name] = value; - } - } else if (FXA_PWDMGR_SECURE_FIELDS.has(name)) { - // don't do the "delete on null" thing here - we need to keep it until - // we have managed to read so we can nuke it on write. - this.cachedSecure[name] = value; - } else { - // Throwing seems reasonable here as some client code has explicitly - // specified the field name, so it's either confused or needs to update - // how this field is to be treated. - throw new Error("unexpected field '" + name + "'"); - } - } - // If we haven't yet read the secure data, do so now, else we may write - // out partial data. - yield this._maybeReadAndUpdateSecure(); - // Now save it - but don't wait on the _write promise - it's queued up as - // a storage operation, so .finalize() will wait for completion, but no need - // for us to. - this._write(); - }), - - _clearCachedData() { - this.cachedMemory = {}; - this.cachedPlain = {}; - // If we don't have secure storage available we have cachedPlain and - // cachedSecure be the same object. - this.cachedSecure = this.secureStorage == null ? this.cachedPlain : {}; - }, - - /* Reads the plain storage and caches the read values in this.cachedPlain. - Only ever called once and unlike the "secure" storage, is expected to never - fail (ie, plain storage is considered always available, whereas secure - storage may be unavailable if it is locked). - - Returns a promise that resolves with true if valid account data was found, - false otherwise. - - Note: _readPlainStorage is only called during initialize, so isn't - protected via _queueStorageOperation() nor _promiseInitialized. - */ - _readPlainStorage: Task.async(function* () { - let got; - try { - got = yield this.plainStorage.get(); - } catch(err) { - // File hasn't been created yet. That will be done - // when write is called. - if (!(err instanceof OS.File.Error) || !err.becauseNoSuchFile) { - log.error("Failed to read plain storage", err); - } - // either way, we return null. - got = null; - } - if (!got || !got.accountData || !got.accountData.uid || - got.version != DATA_FORMAT_VERSION) { - return false; - } - // We need to update our .cachedPlain, but can't just assign to it as - // it may need to be the exact same object as .cachedSecure - // As a sanity check, .cachedPlain must be empty (as we are called by init) - // XXX - this would be a good use-case for a RuntimeAssert or similar, as - // being added in bug 1080457. - if (Object.keys(this.cachedPlain).length != 0) { - throw new Error("should be impossible to have cached data already.") - } - for (let [name, value] of Object.entries(got.accountData)) { - this.cachedPlain[name] = value; - } - return true; - }), - - /* If we haven't managed to read the secure storage, try now, so - we can merge our cached data with the data that's already been set. - */ - _maybeReadAndUpdateSecure: Task.async(function* () { - if (this.secureStorage == null || !this._needToReadSecure) { - return; - } - return this._queueStorageOperation(() => { - if (this._needToReadSecure) { // we might have read it by now! - return this._doReadAndUpdateSecure(); - } - }); - }), - - /* Unconditionally read the secure storage and merge our cached data (ie, data - which has already been set while the secure storage was locked) with - the read data - */ - _doReadAndUpdateSecure: Task.async(function* () { - let { uid, email } = this.cachedPlain; - try { - log.debug("reading secure storage with existing", Object.keys(this.cachedSecure)); - // If we already have anything in .cachedSecure it means something has - // updated cachedSecure before we've read it. That means that after we do - // manage to read we must write back the merged data. - let needWrite = Object.keys(this.cachedSecure).length != 0; - let readSecure = yield this.secureStorage.get(uid, email); - // and update our cached data with it - anything already in .cachedSecure - // wins (including the fact it may be null or undefined, the latter - // which means it will be removed from storage. - if (readSecure && readSecure.version != DATA_FORMAT_VERSION) { - log.warn("got secure data but the data format version doesn't match"); - readSecure = null; - } - if (readSecure && readSecure.accountData) { - log.debug("secure read fetched items", Object.keys(readSecure.accountData)); - for (let [name, value] of Object.entries(readSecure.accountData)) { - if (!(name in this.cachedSecure)) { - this.cachedSecure[name] = value; - } - } - if (needWrite) { - log.debug("successfully read secure data; writing updated data back") - yield this._doWriteSecure(); - } - } - this._needToReadSecure = false; - } catch (ex) { - if (ex instanceof this.secureStorage.STORAGE_LOCKED) { - log.debug("setAccountData: secure storage is locked trying to read"); - } else { - log.error("failed to read secure storage", ex); - throw ex; - } - } - }), - - _write() { - // We don't want multiple writes happening concurrently, and we also need to - // know when an "old" storage manager is done (this.finalize() waits for this) - return this._queueStorageOperation(() => this.__write()); - }, - - __write: Task.async(function* () { - // Write everything back - later we could track what's actually dirty, - // but for now we write it all. - log.debug("writing plain storage", Object.keys(this.cachedPlain)); - let toWritePlain = { - version: DATA_FORMAT_VERSION, - accountData: this.cachedPlain, - } - yield this.plainStorage.set(toWritePlain); - - // If we have no secure storage manager we are done. - if (this.secureStorage == null) { - return; - } - // and only attempt to write to secure storage if we've managed to read it, - // otherwise we might clobber data that's already there. - if (!this._needToReadSecure) { - yield this._doWriteSecure(); - } - }), - - /* Do the actual write of secure data. Caller is expected to check if we actually - need to write and to ensure we are in a queued storage operation. - */ - _doWriteSecure: Task.async(function* () { - // We need to remove null items here. - for (let [name, value] of Object.entries(this.cachedSecure)) { - if (value == null) { - delete this.cachedSecure[name]; - } - } - log.debug("writing secure storage", Object.keys(this.cachedSecure)); - let toWriteSecure = { - version: DATA_FORMAT_VERSION, - accountData: this.cachedSecure, - } - try { - yield this.secureStorage.set(this.cachedPlain.uid, toWriteSecure); - } catch (ex) { - if (!(ex instanceof this.secureStorage.STORAGE_LOCKED)) { - throw ex; - } - // This shouldn't be possible as once it is unlocked it can't be - // re-locked, and we can only be here if we've previously managed to - // read. - log.error("setAccountData: secure storage is locked trying to write"); - } - }), - - // Delete the data for an account - ie, called on "sign out". - deleteAccountData() { - return this._queueStorageOperation(() => this._deleteAccountData()); - }, - - _deleteAccountData: Task.async(function* () { - log.debug("removing account data"); - yield this._promiseInitialized; - yield this.plainStorage.set(null); - if (this.secureStorage) { - yield this.secureStorage.set(null); - } - this._clearCachedData(); - log.debug("account data reset"); - }), -} - -/** - * JSONStorage constructor that creates instances that may set/get - * to a specified file, in a directory that will be created if it - * doesn't exist. - * - * @param options { - * filename: of the file to write to - * baseDir: directory where the file resides - * } - * @return instance - */ -function JSONStorage(options) { - this.baseDir = options.baseDir; - this.path = OS.Path.join(options.baseDir, options.filename); -}; - -JSONStorage.prototype = { - set: function(contents) { - log.trace("starting write of json user data", contents ? Object.keys(contents.accountData) : "null"); - let start = Date.now(); - return OS.File.makeDir(this.baseDir, {ignoreExisting: true}) - .then(CommonUtils.writeJSON.bind(null, contents, this.path)) - .then(result => { - log.trace("finished write of json user data - took", Date.now()-start); - return result; - }); - }, - - get: function() { - log.trace("starting fetch of json user data"); - let start = Date.now(); - return CommonUtils.readJSON(this.path).then(result => { - log.trace("finished fetch of json user data - took", Date.now()-start); - return result; - }); - }, -}; - -function StorageLockedError() { -} -/** - * LoginManagerStorage constructor that creates instances that set/get - * data stored securely in the nsILoginManager. - * - * @return instance - */ - -function LoginManagerStorage() { -} - -LoginManagerStorage.prototype = { - STORAGE_LOCKED: StorageLockedError, - // The fields in the credentials JSON object that are stored in plain-text - // in the profile directory. All other fields are stored in the login manager, - // and thus are only available when the master-password is unlocked. - - // a hook point for testing. - get _isLoggedIn() { - return Services.logins.isLoggedIn; - }, - - // Clear any data from the login manager. Returns true if the login manager - // was unlocked (even if no existing logins existed) or false if it was - // locked (meaning we don't even know if it existed or not.) - _clearLoginMgrData: Task.async(function* () { - try { // Services.logins might be third-party and broken... - yield Services.logins.initializationPromise; - if (!this._isLoggedIn) { - return false; - } - let logins = Services.logins.findLogins({}, FXA_PWDMGR_HOST, null, FXA_PWDMGR_REALM); - for (let login of logins) { - Services.logins.removeLogin(login); - } - return true; - } catch (ex) { - log.error("Failed to clear login data: ${}", ex); - return false; - } - }), - - set: Task.async(function* (uid, contents) { - if (!contents) { - // Nuke it from the login manager. - let cleared = yield this._clearLoginMgrData(); - if (!cleared) { - // just log a message - we verify that the uid matches when - // we reload it, so having a stale entry doesn't really hurt. - log.info("not removing credentials from login manager - not logged in"); - } - log.trace("storage set finished clearing account data"); - return; - } - - // We are saving actual data. - log.trace("starting write of user data to the login manager"); - try { // Services.logins might be third-party and broken... - // and the stuff into the login manager. - yield Services.logins.initializationPromise; - // If MP is locked we silently fail - the user may need to re-auth - // next startup. - if (!this._isLoggedIn) { - log.info("not saving credentials to login manager - not logged in"); - throw new this.STORAGE_LOCKED(); - } - // write the data to the login manager. - let loginInfo = new Components.Constructor( - "@mozilla.org/login-manager/loginInfo;1", Ci.nsILoginInfo, "init"); - let login = new loginInfo(FXA_PWDMGR_HOST, - null, // aFormSubmitURL, - FXA_PWDMGR_REALM, // aHttpRealm, - uid, // aUsername - JSON.stringify(contents), // aPassword - "", // aUsernameField - "");// aPasswordField - - let existingLogins = Services.logins.findLogins({}, FXA_PWDMGR_HOST, null, - FXA_PWDMGR_REALM); - if (existingLogins.length) { - Services.logins.modifyLogin(existingLogins[0], login); - } else { - Services.logins.addLogin(login); - } - log.trace("finished write of user data to the login manager"); - } catch (ex) { - if (ex instanceof this.STORAGE_LOCKED) { - throw ex; - } - // just log and consume the error here - it may be a 3rd party login - // manager replacement that's simply broken. - log.error("Failed to save data to the login manager", ex); - } - }), - - get: Task.async(function* (uid, email) { - log.trace("starting fetch of user data from the login manager"); - - try { // Services.logins might be third-party and broken... - // read the data from the login manager and merge it for return. - yield Services.logins.initializationPromise; - - if (!this._isLoggedIn) { - log.info("returning partial account data as the login manager is locked."); - throw new this.STORAGE_LOCKED(); - } - - let logins = Services.logins.findLogins({}, FXA_PWDMGR_HOST, null, FXA_PWDMGR_REALM); - if (logins.length == 0) { - // This could happen if the MP was locked when we wrote the data. - log.info("Can't find any credentials in the login manager"); - return null; - } - let login = logins[0]; - // Support either the uid or the email as the username - as of bug 1183951 - // we store the uid, but we support having either for b/w compat. - if (login.username == uid || login.username == email) { - return JSON.parse(login.password); - } - log.info("username in the login manager doesn't match - ignoring it"); - yield this._clearLoginMgrData(); - } catch (ex) { - if (ex instanceof this.STORAGE_LOCKED) { - throw ex; - } - // just log and consume the error here - it may be a 3rd party login - // manager replacement that's simply broken. - log.error("Failed to get data from the login manager", ex); - } - return null; - }), -} - diff --git a/services/fxaccounts/FxAccountsWebChannel.jsm b/services/fxaccounts/FxAccountsWebChannel.jsm deleted file mode 100644 index 810d93c65..000000000 --- a/services/fxaccounts/FxAccountsWebChannel.jsm +++ /dev/null @@ -1,474 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -/** - * Firefox Accounts Web Channel. - * - * Uses the WebChannel component to receive messages - * about account state changes. - */ - -this.EXPORTED_SYMBOLS = ["EnsureFxAccountsWebChannel"]; - -const {classes: Cc, interfaces: Ci, utils: Cu, results: Cr} = Components; - -Cu.import("resource://gre/modules/XPCOMUtils.jsm"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); - -XPCOMUtils.defineLazyModuleGetter(this, "Services", - "resource://gre/modules/Services.jsm"); -XPCOMUtils.defineLazyModuleGetter(this, "WebChannel", - "resource://gre/modules/WebChannel.jsm"); -XPCOMUtils.defineLazyModuleGetter(this, "fxAccounts", - "resource://gre/modules/FxAccounts.jsm"); -XPCOMUtils.defineLazyModuleGetter(this, "FxAccountsStorageManagerCanStoreField", - "resource://gre/modules/FxAccountsStorage.jsm"); -XPCOMUtils.defineLazyModuleGetter(this, "Weave", - "resource://services-sync/main.js"); - -const COMMAND_PROFILE_CHANGE = "profile:change"; -const COMMAND_CAN_LINK_ACCOUNT = "fxaccounts:can_link_account"; -const COMMAND_LOGIN = "fxaccounts:login"; -const COMMAND_LOGOUT = "fxaccounts:logout"; -const COMMAND_DELETE = "fxaccounts:delete"; -const COMMAND_SYNC_PREFERENCES = "fxaccounts:sync_preferences"; -const COMMAND_CHANGE_PASSWORD = "fxaccounts:change_password"; - -const PREF_LAST_FXA_USER = "identity.fxaccounts.lastSignedInUserHash"; -const PREF_SYNC_SHOW_CUSTOMIZATION = "services.sync-setup.ui.showCustomizationDialog"; - -/** - * A helper function that extracts the message and stack from an error object. - * Returns a `{ message, stack }` tuple. `stack` will be null if the error - * doesn't have a stack trace. - */ -function getErrorDetails(error) { - let details = { message: String(error), stack: null }; - - // Adapted from Console.jsm. - if (error.stack) { - let frames = []; - for (let frame = error.stack; frame; frame = frame.caller) { - frames.push(String(frame).padStart(4)); - } - details.stack = frames.join("\n"); - } - - return details; -} - -/** - * Create a new FxAccountsWebChannel to listen for account updates - * - * @param {Object} options Options - * @param {Object} options - * @param {String} options.content_uri - * The FxA Content server uri - * @param {String} options.channel_id - * The ID of the WebChannel - * @param {String} options.helpers - * Helpers functions. Should only be passed in for testing. - * @constructor - */ -this.FxAccountsWebChannel = function(options) { - if (!options) { - throw new Error("Missing configuration options"); - } - if (!options["content_uri"]) { - throw new Error("Missing 'content_uri' option"); - } - this._contentUri = options.content_uri; - - if (!options["channel_id"]) { - throw new Error("Missing 'channel_id' option"); - } - this._webChannelId = options.channel_id; - - // options.helpers is only specified by tests. - this._helpers = options.helpers || new FxAccountsWebChannelHelpers(options); - - this._setupChannel(); -}; - -this.FxAccountsWebChannel.prototype = { - /** - * WebChannel that is used to communicate with content page - */ - _channel: null, - - /** - * Helpers interface that does the heavy lifting. - */ - _helpers: null, - - /** - * WebChannel ID. - */ - _webChannelId: null, - /** - * WebChannel origin, used to validate origin of messages - */ - _webChannelOrigin: null, - - /** - * Release all resources that are in use. - */ - tearDown() { - this._channel.stopListening(); - this._channel = null; - this._channelCallback = null; - }, - - /** - * Configures and registers a new WebChannel - * - * @private - */ - _setupChannel() { - // if this.contentUri is present but not a valid URI, then this will throw an error. - try { - this._webChannelOrigin = Services.io.newURI(this._contentUri, null, null); - this._registerChannel(); - } catch (e) { - log.error(e); - throw e; - } - }, - - _receiveMessage(message, sendingContext) { - let command = message.command; - let data = message.data; - - switch (command) { - case COMMAND_PROFILE_CHANGE: - Services.obs.notifyObservers(null, ON_PROFILE_CHANGE_NOTIFICATION, data.uid); - break; - case COMMAND_LOGIN: - this._helpers.login(data).catch(error => - this._sendError(error, message, sendingContext)); - break; - case COMMAND_LOGOUT: - case COMMAND_DELETE: - this._helpers.logout(data.uid).catch(error => - this._sendError(error, message, sendingContext)); - break; - case COMMAND_CAN_LINK_ACCOUNT: - let canLinkAccount = this._helpers.shouldAllowRelink(data.email); - - let response = { - command: command, - messageId: message.messageId, - data: { ok: canLinkAccount } - }; - - log.debug("FxAccountsWebChannel response", response); - this._channel.send(response, sendingContext); - break; - case COMMAND_SYNC_PREFERENCES: - this._helpers.openSyncPreferences(sendingContext.browser, data.entryPoint); - break; - case COMMAND_CHANGE_PASSWORD: - this._helpers.changePassword(data).catch(error => - this._sendError(error, message, sendingContext)); - break; - default: - log.warn("Unrecognized FxAccountsWebChannel command", command); - break; - } - }, - - _sendError(error, incomingMessage, sendingContext) { - log.error("Failed to handle FxAccountsWebChannel message", error); - this._channel.send({ - command: incomingMessage.command, - messageId: incomingMessage.messageId, - data: { - error: getErrorDetails(error), - }, - }, sendingContext); - }, - - /** - * Create a new channel with the WebChannelBroker, setup a callback listener - * @private - */ - _registerChannel() { - /** - * Processes messages that are called back from the FxAccountsChannel - * - * @param webChannelId {String} - * Command webChannelId - * @param message {Object} - * Command message - * @param sendingContext {Object} - * Message sending context. - * @param sendingContext.browser {browser} - * The <browser> object that captured the - * WebChannelMessageToChrome. - * @param sendingContext.eventTarget {EventTarget} - * The <EventTarget> where the message was sent. - * @param sendingContext.principal {Principal} - * The <Principal> of the EventTarget where the message was sent. - * @private - * - */ - let listener = (webChannelId, message, sendingContext) => { - if (message) { - log.debug("FxAccountsWebChannel message received", message.command); - if (logPII) { - log.debug("FxAccountsWebChannel message details", message); - } - try { - this._receiveMessage(message, sendingContext); - } catch (error) { - this._sendError(error, message, sendingContext); - } - } - }; - - this._channelCallback = listener; - this._channel = new WebChannel(this._webChannelId, this._webChannelOrigin); - this._channel.listen(listener); - log.debug("FxAccountsWebChannel registered: " + this._webChannelId + " with origin " + this._webChannelOrigin.prePath); - } -}; - -this.FxAccountsWebChannelHelpers = function(options) { - options = options || {}; - - this._fxAccounts = options.fxAccounts || fxAccounts; -}; - -this.FxAccountsWebChannelHelpers.prototype = { - // If the last fxa account used for sync isn't this account, we display - // a modal dialog checking they really really want to do this... - // (This is sync-specific, so ideally would be in sync's identity module, - // but it's a little more seamless to do here, and sync is currently the - // only fxa consumer, so... - shouldAllowRelink(acctName) { - return !this._needRelinkWarning(acctName) || - this._promptForRelink(acctName); - }, - - /** - * New users are asked in the content server whether they want to - * customize which data should be synced. The user is only shown - * the dialog listing the possible data types upon verification. - * - * Save a bit into prefs that is read on verification to see whether - * to show the list of data types that can be saved. - */ - setShowCustomizeSyncPref(showCustomizeSyncPref) { - Services.prefs.setBoolPref(PREF_SYNC_SHOW_CUSTOMIZATION, showCustomizeSyncPref); - }, - - getShowCustomizeSyncPref() { - return Services.prefs.getBoolPref(PREF_SYNC_SHOW_CUSTOMIZATION); - }, - - /** - * stores sync login info it in the fxaccounts service - * - * @param accountData the user's account data and credentials - */ - login(accountData) { - if (accountData.customizeSync) { - this.setShowCustomizeSyncPref(true); - delete accountData.customizeSync; - } - - if (accountData.declinedSyncEngines) { - let declinedSyncEngines = accountData.declinedSyncEngines; - log.debug("Received declined engines", declinedSyncEngines); - Weave.Service.engineManager.setDeclined(declinedSyncEngines); - declinedSyncEngines.forEach(engine => { - Services.prefs.setBoolPref("services.sync.engine." + engine, false); - }); - - // if we got declinedSyncEngines that means we do not need to show the customize screen. - this.setShowCustomizeSyncPref(false); - delete accountData.declinedSyncEngines; - } - - // the user has already been shown the "can link account" - // screen. No need to keep this data around. - delete accountData.verifiedCanLinkAccount; - - // Remember who it was so we can log out next time. - this.setPreviousAccountNameHashPref(accountData.email); - - // A sync-specific hack - we want to ensure sync has been initialized - // before we set the signed-in user. - let xps = Cc["@mozilla.org/weave/service;1"] - .getService(Ci.nsISupports) - .wrappedJSObject; - return xps.whenLoaded().then(() => { - return this._fxAccounts.setSignedInUser(accountData); - }); - }, - - /** - * logout the fxaccounts service - * - * @param the uid of the account which have been logged out - */ - logout(uid) { - return fxAccounts.getSignedInUser().then(userData => { - if (userData.uid === uid) { - // true argument is `localOnly`, because server-side stuff - // has already been taken care of by the content server - return fxAccounts.signOut(true); - } - }); - }, - - changePassword(credentials) { - // If |credentials| has fields that aren't handled by accounts storage, - // updateUserAccountData will throw - mainly to prevent errors in code - // that hard-codes field names. - // However, in this case the field names aren't really in our control. - // We *could* still insist the server know what fields names are valid, - // but that makes life difficult for the server when Firefox adds new - // features (ie, new fields) - forcing the server to track a map of - // versions to supported field names doesn't buy us much. - // So we just remove field names we know aren't handled. - let newCredentials = { - deviceId: null - }; - for (let name of Object.keys(credentials)) { - if (name == "email" || name == "uid" || FxAccountsStorageManagerCanStoreField(name)) { - newCredentials[name] = credentials[name]; - } else { - log.info("changePassword ignoring unsupported field", name); - } - } - return this._fxAccounts.updateUserAccountData(newCredentials) - .then(() => this._fxAccounts.updateDeviceRegistration()); - }, - - /** - * Get the hash of account name of the previously signed in account - */ - getPreviousAccountNameHashPref() { - try { - return Services.prefs.getComplexValue(PREF_LAST_FXA_USER, Ci.nsISupportsString).data; - } catch (_) { - return ""; - } - }, - - /** - * Given an account name, set the hash of the previously signed in account - * - * @param acctName the account name of the user's account. - */ - setPreviousAccountNameHashPref(acctName) { - let string = Cc["@mozilla.org/supports-string;1"] - .createInstance(Ci.nsISupportsString); - string.data = this.sha256(acctName); - Services.prefs.setComplexValue(PREF_LAST_FXA_USER, Ci.nsISupportsString, string); - }, - - /** - * Given a string, returns the SHA265 hash in base64 - */ - sha256(str) { - let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"] - .createInstance(Ci.nsIScriptableUnicodeConverter); - converter.charset = "UTF-8"; - // Data is an array of bytes. - let data = converter.convertToByteArray(str, {}); - let hasher = Cc["@mozilla.org/security/hash;1"] - .createInstance(Ci.nsICryptoHash); - hasher.init(hasher.SHA256); - hasher.update(data, data.length); - - return hasher.finish(true); - }, - - /** - * Open Sync Preferences in the current tab of the browser - * - * @param {Object} browser the browser in which to open preferences - * @param {String} [entryPoint] entryPoint to use for logging - */ - openSyncPreferences(browser, entryPoint) { - let uri = "about:preferences"; - if (entryPoint) { - uri += "?entrypoint=" + encodeURIComponent(entryPoint); - } - uri += "#sync"; - - browser.loadURI(uri); - }, - - /** - * If a user signs in using a different account, the data from the - * previous account and the new account will be merged. Ask the user - * if they want to continue. - * - * @private - */ - _needRelinkWarning(acctName) { - let prevAcctHash = this.getPreviousAccountNameHashPref(); - return prevAcctHash && prevAcctHash != this.sha256(acctName); - }, - - /** - * Show the user a warning dialog that the data from the previous account - * and the new account will be merged. - * - * @private - */ - _promptForRelink(acctName) { - let sb = Services.strings.createBundle("chrome://browser/locale/syncSetup.properties"); - let continueLabel = sb.GetStringFromName("continue.label"); - let title = sb.GetStringFromName("relinkVerify.title"); - let description = sb.formatStringFromName("relinkVerify.description", - [acctName], 1); - let body = sb.GetStringFromName("relinkVerify.heading") + - "\n\n" + description; - let ps = Services.prompt; - let buttonFlags = (ps.BUTTON_POS_0 * ps.BUTTON_TITLE_IS_STRING) + - (ps.BUTTON_POS_1 * ps.BUTTON_TITLE_CANCEL) + - ps.BUTTON_POS_1_DEFAULT; - - // If running in context of the browser chrome, window does not exist. - var targetWindow = typeof window === 'undefined' ? null : window; - let pressed = Services.prompt.confirmEx(targetWindow, title, body, buttonFlags, - continueLabel, null, null, null, - {}); - return pressed === 0; // 0 is the "continue" button - } -}; - -var singleton; -// The entry-point for this module, which ensures only one of our channels is -// ever created - we require this because the WebChannel is global in scope -// (eg, it uses the observer service to tell interested parties of interesting -// things) and allowing multiple channels would cause such notifications to be -// sent multiple times. -this.EnsureFxAccountsWebChannel = function() { - let contentUri = Services.urlFormatter.formatURLPref("identity.fxaccounts.remote.webchannel.uri"); - if (singleton && singleton._contentUri !== contentUri) { - singleton.tearDown(); - singleton = null; - } - if (!singleton) { - try { - if (contentUri) { - // The FxAccountsWebChannel listens for events and updates - // the state machine accordingly. - singleton = new this.FxAccountsWebChannel({ - content_uri: contentUri, - channel_id: WEBCHANNEL_ID, - }); - } else { - log.warn("FxA WebChannel functionaly is disabled due to no URI pref."); - } - } catch (ex) { - log.error("Failed to create FxA WebChannel", ex); - } - } -} diff --git a/services/fxaccounts/interfaces/moz.build b/services/fxaccounts/interfaces/moz.build deleted file mode 100644 index ac80b3e93..000000000 --- a/services/fxaccounts/interfaces/moz.build +++ /dev/null @@ -1,11 +0,0 @@ -# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- -# vim: set filetype=python: -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -XPIDL_SOURCES += [ - 'nsIFxAccountsUIGlue.idl' -] - -XPIDL_MODULE = 'services_fxaccounts' diff --git a/services/fxaccounts/interfaces/nsIFxAccountsUIGlue.idl b/services/fxaccounts/interfaces/nsIFxAccountsUIGlue.idl deleted file mode 100644 index 950fdbc25..000000000 --- a/services/fxaccounts/interfaces/nsIFxAccountsUIGlue.idl +++ /dev/null @@ -1,15 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#include "nsISupports.idl" - -[scriptable, uuid(ab8d0700-9577-11e3-a5e2-0800200c9a66)] -interface nsIFxAccountsUIGlue : nsISupports -{ - // Returns a Promise. - jsval signInFlow(); - - // Returns a Promise. - jsval refreshAuthentication(in DOMString email); -}; diff --git a/services/fxaccounts/moz.build b/services/fxaccounts/moz.build deleted file mode 100644 index b1cd3b59c..000000000 --- a/services/fxaccounts/moz.build +++ /dev/null @@ -1,32 +0,0 @@ -# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- -# vim: set filetype=python: -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -DIRS += ['interfaces'] - -MOCHITEST_CHROME_MANIFESTS += ['tests/mochitest/chrome.ini'] - -XPCSHELL_TESTS_MANIFESTS += ['tests/xpcshell/xpcshell.ini'] - -EXTRA_COMPONENTS += [ - 'FxAccountsComponents.manifest', - 'FxAccountsPush.js', -] - -EXTRA_JS_MODULES += [ - 'Credentials.jsm', - 'FxAccounts.jsm', - 'FxAccountsClient.jsm', - 'FxAccountsCommon.js', - 'FxAccountsConfig.jsm', - 'FxAccountsOAuthClient.jsm', - 'FxAccountsOAuthGrantClient.jsm', - 'FxAccountsProfile.jsm', - 'FxAccountsProfileClient.jsm', - 'FxAccountsPush.js', - 'FxAccountsStorage.jsm', - 'FxAccountsWebChannel.jsm', -] - diff --git a/services/fxaccounts/tests/mochitest/chrome.ini b/services/fxaccounts/tests/mochitest/chrome.ini deleted file mode 100644 index ab2e77053..000000000 --- a/services/fxaccounts/tests/mochitest/chrome.ini +++ /dev/null @@ -1,7 +0,0 @@ -[DEFAULT] -skip-if = os == 'android' -support-files= - file_invalidEmailCase.sjs - -[test_invalidEmailCase.html] - diff --git a/services/fxaccounts/tests/mochitest/file_invalidEmailCase.sjs b/services/fxaccounts/tests/mochitest/file_invalidEmailCase.sjs deleted file mode 100644 index 9d97ac70c..000000000 --- a/services/fxaccounts/tests/mochitest/file_invalidEmailCase.sjs +++ /dev/null @@ -1,80 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - http://creativecommons.org/publicdomain/zero/1.0/ */ - -/** - * This server simulates the behavior of /account/login on the Firefox Accounts - * auth server in the case where the user is trying to sign in with an email - * with the wrong capitalization. - * - * https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1accountlogin - * - * The expected behavior is that on the first attempt, with the wrong email, - * the server will respond with a 400 and the canonical email capitalization - * that the client should use. The client then has one chance to sign in with - * this different capitalization. - * - * In this test, the user with the account id "Greta.Garbo@gmail.COM" initially - * tries to sign in as "greta.garbo@gmail.com". - * - * On success, the client is responsible for updating its sign-in user state - * and recording the proper email capitalization. - */ - -const CC = Components.Constructor; -const BinaryInputStream = CC("@mozilla.org/binaryinputstream;1", - "nsIBinaryInputStream", - "setInputStream"); - -const goodEmail = "Greta.Garbo@gmail.COM"; -const badEmail = "greta.garbo@gmail.com"; - -function handleRequest(request, response) { - let body = new BinaryInputStream(request.bodyInputStream); - let bytes = []; - let available; - while ((available = body.available()) > 0) { - Array.prototype.push.apply(bytes, body.readByteArray(available)); - } - - let data = JSON.parse(String.fromCharCode.apply(null, bytes)); - let message; - - switch (data.email) { - case badEmail: - // Almost - try again with fixed email case - message = { - code: 400, - errno: 120, - error: "Incorrect email case", - email: goodEmail, - }; - response.setStatusLine(request.httpVersion, 400, "Almost"); - break; - - case goodEmail: - // Successful login. - message = { - uid: "your-uid", - sessionToken: "your-sessionToken", - keyFetchToken: "your-keyFetchToken", - verified: true, - authAt: 1392144866, - }; - response.setStatusLine(request.httpVersion, 200, "Yay"); - break; - - default: - // Anything else happening in this test is a failure. - message = { - code: 400, - errno: 999, - error: "What happened!?", - }; - response.setStatusLine(request.httpVersion, 400, "Ouch"); - break; - } - - messageStr = JSON.stringify(message); - response.bodyOutputStream.write(messageStr, messageStr.length); -} - diff --git a/services/fxaccounts/tests/mochitest/test_invalidEmailCase.html b/services/fxaccounts/tests/mochitest/test_invalidEmailCase.html deleted file mode 100644 index 52866cc4b..000000000 --- a/services/fxaccounts/tests/mochitest/test_invalidEmailCase.html +++ /dev/null @@ -1,131 +0,0 @@ -<!-- - Any copyright is dedicated to the Public Domain. - http://creativecommons.org/publicdomain/zero/1.0/ ---> -<!DOCTYPE HTML> -<html> -<!-- -Tests for Firefox Accounts signin with invalid email case -https://bugzilla.mozilla.org/show_bug.cgi?id=963835 ---> -<head> - <title>Test for Firefox Accounts (Bug 963835)</title> - <script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script> - <link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css" /> -</head> -<body> - -<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=963835">Mozilla Bug 963835</a> -<p id="display"></p> -<div id="content" style="display: none"> - Test for correction of invalid email case in Fx Accounts signIn -</div> -<pre id="test"> -<script class="testbody" type="text/javascript;version=1.8"> - -SimpleTest.waitForExplicitFinish(); - -Components.utils.import("resource://gre/modules/Promise.jsm"); -Components.utils.import("resource://gre/modules/Services.jsm"); -Components.utils.import("resource://gre/modules/FxAccounts.jsm"); -Components.utils.import("resource://gre/modules/FxAccountsClient.jsm"); -Components.utils.import("resource://services-common/hawkclient.js"); - -const TEST_SERVER = - "http://mochi.test:8888/chrome/services/fxaccounts/tests/mochitest/file_invalidEmailCase.sjs?path="; - -let MockStorage = function() { - this.data = null; -}; -MockStorage.prototype = Object.freeze({ - set: function (contents) { - this.data = contents; - return Promise.resolve(null); - }, - get: function () { - return Promise.resolve(this.data); - }, - getOAuthTokens() { - return Promise.resolve(null); - }, - setOAuthTokens(contents) { - return Promise.resolve(); - }, -}); - -function MockFxAccounts() { - return new FxAccounts({ - _now_is: new Date(), - - now: function() { - return this._now_is; - }, - - signedInUserStorage: new MockStorage(), - - fxAccountsClient: new FxAccountsClient(TEST_SERVER), - }); -} - -let wrongEmail = "greta.garbo@gmail.com"; -let rightEmail = "Greta.Garbo@gmail.COM"; -let password = "123456"; - -function runTest() { - is(Services.prefs.getCharPref("identity.fxaccounts.auth.uri"), TEST_SERVER, - "Pref for auth.uri should be set to test server"); - - let fxa = new MockFxAccounts(); - let client = fxa.internal.fxAccountsClient; - - ok(true, !!fxa, "Couldn't mock fxa"); - ok(true, !!client, "Couldn't mock fxa client"); - is(client.host, TEST_SERVER, "Should be using the test auth server uri"); - - // First try to sign in using the email with the wrong capitalization. The - // FxAccountsClient will receive a 400 from the server with the corrected email. - // It will automatically try to sign in again. We expect this to succeed. - client.signIn(wrongEmail, password).then( - user => { - - // Now store the signed-in user state. This will include the correct - // email capitalization. - fxa.setSignedInUser(user).then( - () => { - - // Confirm that the correct email got stored. - fxa.getSignedInUser().then( - data => { - is(data.email, rightEmail); - SimpleTest.finish(); - }, - getUserError => { - ok(false, JSON.stringify(getUserError)); - } - ); - }, - setSignedInUserError => { - ok(false, JSON.stringify(setSignedInUserError)); - } - ); - }, - signInError => { - ok(false, JSON.stringify(signInError)); - } - ); -}; - -SpecialPowers.pushPrefEnv({"set": [ - ["identity.fxaccounts.enabled", true], // fx accounts - ["identity.fxaccounts.auth.uri", TEST_SERVER], // our sjs server - ["toolkit.identity.debug", true], // verbose identity logging - ["browser.dom.window.dump.enabled", true], - ]}, - function () { runTest(); } -); - -</script> -</pre> -</body> -</html> - diff --git a/services/fxaccounts/tests/xpcshell/head.js b/services/fxaccounts/tests/xpcshell/head.js deleted file mode 100644 index ed70fdac5..000000000 --- a/services/fxaccounts/tests/xpcshell/head.js +++ /dev/null @@ -1,18 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - * http://creativecommons.org/publicdomain/zero/1.0/ */ - -var {classes: Cc, interfaces: Ci, results: Cr, utils: Cu} = Components; - -"use strict"; - -Cu.import("resource://gre/modules/XPCOMUtils.jsm"); - -(function initFxAccountsTestingInfrastructure() { - do_get_profile(); - - let ns = {}; - Cu.import("resource://testing-common/services/common/logging.js", ns); - - ns.initTestLogging("Trace"); -}).call(this); - diff --git a/services/fxaccounts/tests/xpcshell/test_accounts.js b/services/fxaccounts/tests/xpcshell/test_accounts.js deleted file mode 100644 index d6139a076..000000000 --- a/services/fxaccounts/tests/xpcshell/test_accounts.js +++ /dev/null @@ -1,1531 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - * http://creativecommons.org/publicdomain/zero/1.0/ */ - -"use strict"; - -Cu.import("resource://services-common/utils.js"); -Cu.import("resource://gre/modules/Services.jsm"); -Cu.import("resource://gre/modules/FxAccounts.jsm"); -Cu.import("resource://gre/modules/FxAccountsClient.jsm"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -Cu.import("resource://gre/modules/FxAccountsOAuthGrantClient.jsm"); -Cu.import("resource://gre/modules/Promise.jsm"); -Cu.import("resource://gre/modules/Log.jsm"); - -// We grab some additional stuff via backstage passes. -var {AccountState} = Cu.import("resource://gre/modules/FxAccounts.jsm", {}); - -const ONE_HOUR_MS = 1000 * 60 * 60; -const ONE_DAY_MS = ONE_HOUR_MS * 24; -const TWO_MINUTES_MS = 1000 * 60 * 2; - -initTestLogging("Trace"); - -// XXX until bug 937114 is fixed -Cu.importGlobalProperties(['atob']); - -var log = Log.repository.getLogger("Services.FxAccounts.test"); -log.level = Log.Level.Debug; - -// See verbose logging from FxAccounts.jsm -Services.prefs.setCharPref("identity.fxaccounts.loglevel", "Trace"); -Log.repository.getLogger("FirefoxAccounts").level = Log.Level.Trace; - -// The oauth server is mocked, but set these prefs to pass param checks -Services.prefs.setCharPref("identity.fxaccounts.remote.oauth.uri", "https://example.com/v1"); -Services.prefs.setCharPref("identity.fxaccounts.oauth.client_id", "abc123"); - - -const PROFILE_SERVER_URL = "http://example.com/v1"; -const CONTENT_URL = "http://accounts.example.com/"; - -Services.prefs.setCharPref("identity.fxaccounts.remote.profile.uri", PROFILE_SERVER_URL); -Services.prefs.setCharPref("identity.fxaccounts.settings.uri", CONTENT_URL); - -/* - * The FxAccountsClient communicates with the remote Firefox - * Accounts auth server. Mock the server calls, with a little - * lag time to simulate some latency. - * - * We add the _verified attribute to mock the change in verification - * state on the FXA server. - */ - -function MockStorageManager() { -} - -MockStorageManager.prototype = { - promiseInitialized: Promise.resolve(), - - initialize(accountData) { - this.accountData = accountData; - }, - - finalize() { - return Promise.resolve(); - }, - - getAccountData() { - return Promise.resolve(this.accountData); - }, - - updateAccountData(updatedFields) { - for (let [name, value] of Object.entries(updatedFields)) { - if (value == null) { - delete this.accountData[name]; - } else { - this.accountData[name] = value; - } - } - return Promise.resolve(); - }, - - deleteAccountData() { - this.accountData = null; - return Promise.resolve(); - } -} - -function MockFxAccountsClient() { - this._email = "nobody@example.com"; - this._verified = false; - this._deletedOnServer = false; // for testing accountStatus - - // mock calls up to the auth server to determine whether the - // user account has been verified - this.recoveryEmailStatus = function (sessionToken) { - // simulate a call to /recovery_email/status - return Promise.resolve({ - email: this._email, - verified: this._verified - }); - }; - - this.accountStatus = function(uid) { - let deferred = Promise.defer(); - deferred.resolve(!!uid && (!this._deletedOnServer)); - return deferred.promise; - }; - - this.accountKeys = function (keyFetchToken) { - let deferred = Promise.defer(); - - do_timeout(50, () => { - let response = { - kA: expandBytes("11"), - wrapKB: expandBytes("22") - }; - deferred.resolve(response); - }); - return deferred.promise; - }; - - this.resendVerificationEmail = function(sessionToken) { - // Return the session token to show that we received it in the first place - return Promise.resolve(sessionToken); - }; - - this.signCertificate = function() { throw "no" }; - - this.signOut = () => Promise.resolve(); - this.signOutAndDestroyDevice = () => Promise.resolve({}); - - FxAccountsClient.apply(this); -} -MockFxAccountsClient.prototype = { - __proto__: FxAccountsClient.prototype -} - -/* - * We need to mock the FxAccounts module's interfaces to external - * services, such as storage and the FxAccounts client. We also - * mock the now() method, so that we can simulate the passing of - * time and verify that signatures expire correctly. - */ -function MockFxAccounts() { - return new FxAccounts({ - VERIFICATION_POLL_TIMEOUT_INITIAL: 100, // 100ms - - _getCertificateSigned_calls: [], - _d_signCertificate: Promise.defer(), - _now_is: new Date(), - now: function () { - return this._now_is; - }, - newAccountState(credentials) { - // we use a real accountState but mocked storage. - let storage = new MockStorageManager(); - storage.initialize(credentials); - return new AccountState(storage); - }, - getCertificateSigned: function (sessionToken, serializedPublicKey) { - _("mock getCertificateSigned\n"); - this._getCertificateSigned_calls.push([sessionToken, serializedPublicKey]); - return this._d_signCertificate.promise; - }, - _registerOrUpdateDevice() { - return Promise.resolve(); - }, - fxAccountsClient: new MockFxAccountsClient() - }); -} - -/* - * Some tests want a "real" fxa instance - however, we still mock the storage - * to keep the tests fast on b2g. - */ -function MakeFxAccounts(internal = {}) { - if (!internal.newAccountState) { - // we use a real accountState but mocked storage. - internal.newAccountState = function(credentials) { - let storage = new MockStorageManager(); - storage.initialize(credentials); - return new AccountState(storage); - }; - } - if (!internal._signOutServer) { - internal._signOutServer = () => Promise.resolve(); - } - if (!internal._registerOrUpdateDevice) { - internal._registerOrUpdateDevice = () => Promise.resolve(); - } - return new FxAccounts(internal); -} - -add_task(function* test_non_https_remote_server_uri_with_requireHttps_false() { - Services.prefs.setBoolPref( - "identity.fxaccounts.allowHttp", - true); - Services.prefs.setCharPref( - "identity.fxaccounts.remote.signup.uri", - "http://example.com/browser/browser/base/content/test/general/accounts_testRemoteCommands.html"); - do_check_eq(yield fxAccounts.promiseAccountsSignUpURI(), - "http://example.com/browser/browser/base/content/test/general/accounts_testRemoteCommands.html"); - - Services.prefs.clearUserPref("identity.fxaccounts.remote.signup.uri"); - Services.prefs.clearUserPref("identity.fxaccounts.allowHttp"); -}); - -add_task(function* test_non_https_remote_server_uri() { - Services.prefs.setCharPref( - "identity.fxaccounts.remote.signup.uri", - "http://example.com/browser/browser/base/content/test/general/accounts_testRemoteCommands.html"); - rejects(fxAccounts.promiseAccountsSignUpURI(), null, "Firefox Accounts server must use HTTPS"); - Services.prefs.clearUserPref("identity.fxaccounts.remote.signup.uri"); -}); - -add_task(function* test_get_signed_in_user_initially_unset() { - _("Check getSignedInUser initially and after signout reports no user"); - let account = MakeFxAccounts(); - let credentials = { - email: "foo@example.com", - uid: "1234@lcip.org", - assertion: "foobar", - sessionToken: "dead", - kA: "beef", - kB: "cafe", - verified: true - }; - let result = yield account.getSignedInUser(); - do_check_eq(result, null); - - yield account.setSignedInUser(credentials); - let histogram = Services.telemetry.getHistogramById("FXA_CONFIGURED"); - do_check_eq(histogram.snapshot().sum, 1); - histogram.clear(); - - result = yield account.getSignedInUser(); - do_check_eq(result.email, credentials.email); - do_check_eq(result.assertion, credentials.assertion); - do_check_eq(result.kB, credentials.kB); - - // Delete the memory cache and force the user - // to be read and parsed from storage (e.g. disk via JSONStorage). - delete account.internal.signedInUser; - result = yield account.getSignedInUser(); - do_check_eq(result.email, credentials.email); - do_check_eq(result.assertion, credentials.assertion); - do_check_eq(result.kB, credentials.kB); - - // sign out - let localOnly = true; - yield account.signOut(localOnly); - - // user should be undefined after sign out - result = yield account.getSignedInUser(); - do_check_eq(result, null); -}); - -add_task(function* test_update_account_data() { - _("Check updateUserAccountData does the right thing."); - let account = MakeFxAccounts(); - let credentials = { - email: "foo@example.com", - uid: "1234@lcip.org", - assertion: "foobar", - sessionToken: "dead", - kA: "beef", - kB: "cafe", - verified: true - }; - yield account.setSignedInUser(credentials); - - let newCreds = { - email: credentials.email, - uid: credentials.uid, - assertion: "new_assertion", - } - yield account.updateUserAccountData(newCreds); - do_check_eq((yield account.getSignedInUser()).assertion, "new_assertion", - "new field value was saved"); - - // but we should fail attempting to change email or uid. - newCreds = { - email: "someoneelse@example.com", - uid: credentials.uid, - assertion: "new_assertion", - } - yield Assert.rejects(account.updateUserAccountData(newCreds)); - newCreds = { - email: credentials.email, - uid: "another_uid", - assertion: "new_assertion", - } - yield Assert.rejects(account.updateUserAccountData(newCreds)); - - // should fail without email or uid. - newCreds = { - assertion: "new_assertion", - } - yield Assert.rejects(account.updateUserAccountData(newCreds)); - - // and should fail with a field name that's not known by storage. - newCreds = { - email: credentials.email, - uid: "another_uid", - foo: "bar", - } - yield Assert.rejects(account.updateUserAccountData(newCreds)); -}); - -add_task(function* test_getCertificateOffline() { - _("getCertificateOffline()"); - let fxa = MakeFxAccounts(); - let credentials = { - email: "foo@example.com", - uid: "1234@lcip.org", - sessionToken: "dead", - verified: true, - }; - - yield fxa.setSignedInUser(credentials); - - // Test that an expired cert throws if we're offline. - let offline = Services.io.offline; - Services.io.offline = true; - yield fxa.internal.getKeypairAndCertificate(fxa.internal.currentAccountState).then( - result => { - Services.io.offline = offline; - do_throw("Unexpected success"); - }, - err => { - Services.io.offline = offline; - // ... so we have to check the error string. - do_check_eq(err, "Error: OFFLINE"); - } - ); - yield fxa.signOut(/*localOnly = */true); -}); - -add_task(function* test_getCertificateCached() { - _("getCertificateCached()"); - let fxa = MakeFxAccounts(); - let credentials = { - email: "foo@example.com", - uid: "1234@lcip.org", - sessionToken: "dead", - verified: true, - // A cached keypair and cert that remain valid. - keyPair: { - validUntil: Date.now() + KEY_LIFETIME + 10000, - rawKeyPair: "good-keypair", - }, - cert: { - validUntil: Date.now() + CERT_LIFETIME + 10000, - rawCert: "good-cert", - }, - }; - - yield fxa.setSignedInUser(credentials); - let {keyPair, certificate} = yield fxa.internal.getKeypairAndCertificate(fxa.internal.currentAccountState); - // should have the same keypair and cert. - do_check_eq(keyPair, credentials.keyPair.rawKeyPair); - do_check_eq(certificate, credentials.cert.rawCert); - yield fxa.signOut(/*localOnly = */true); -}); - -add_task(function* test_getCertificateExpiredCert() { - _("getCertificateExpiredCert()"); - let fxa = MakeFxAccounts({ - getCertificateSigned() { - return "new cert"; - } - }); - let credentials = { - email: "foo@example.com", - uid: "1234@lcip.org", - sessionToken: "dead", - verified: true, - // A cached keypair that remains valid. - keyPair: { - validUntil: Date.now() + KEY_LIFETIME + 10000, - rawKeyPair: "good-keypair", - }, - // A cached certificate which has expired. - cert: { - validUntil: Date.parse("Mon, 13 Jan 2000 21:45:06 GMT"), - rawCert: "expired-cert", - }, - }; - yield fxa.setSignedInUser(credentials); - let {keyPair, certificate} = yield fxa.internal.getKeypairAndCertificate(fxa.internal.currentAccountState); - // should have the same keypair but a new cert. - do_check_eq(keyPair, credentials.keyPair.rawKeyPair); - do_check_neq(certificate, credentials.cert.rawCert); - yield fxa.signOut(/*localOnly = */true); -}); - -add_task(function* test_getCertificateExpiredKeypair() { - _("getCertificateExpiredKeypair()"); - let fxa = MakeFxAccounts({ - getCertificateSigned() { - return "new cert"; - }, - }); - let credentials = { - email: "foo@example.com", - uid: "1234@lcip.org", - sessionToken: "dead", - verified: true, - // A cached keypair that has expired. - keyPair: { - validUntil: Date.now() - 1000, - rawKeyPair: "expired-keypair", - }, - // A cached certificate which remains valid. - cert: { - validUntil: Date.now() + CERT_LIFETIME + 10000, - rawCert: "expired-cert", - }, - }; - - yield fxa.setSignedInUser(credentials); - let {keyPair, certificate} = yield fxa.internal.getKeypairAndCertificate(fxa.internal.currentAccountState); - // even though the cert was valid, the fact the keypair was not means we - // should have fetched both. - do_check_neq(keyPair, credentials.keyPair.rawKeyPair); - do_check_neq(certificate, credentials.cert.rawCert); - yield fxa.signOut(/*localOnly = */true); -}); - -// Sanity-check that our mocked client is working correctly -add_test(function test_client_mock() { - let fxa = new MockFxAccounts(); - let client = fxa.internal.fxAccountsClient; - do_check_eq(client._verified, false); - do_check_eq(typeof client.signIn, "function"); - - // The recoveryEmailStatus function eventually fulfills its promise - client.recoveryEmailStatus() - .then(response => { - do_check_eq(response.verified, false); - run_next_test(); - }); -}); - -// Sign in a user, and after a little while, verify the user's email. -// Right after signing in the user, we should get the 'onlogin' notification. -// Polling should detect that the email is verified, and eventually -// 'onverified' should be observed -add_test(function test_verification_poll() { - let fxa = new MockFxAccounts(); - let test_user = getTestUser("francine"); - let login_notification_received = false; - - makeObserver(ONVERIFIED_NOTIFICATION, function() { - log.debug("test_verification_poll observed onverified"); - // Once email verification is complete, we will observe onverified - fxa.internal.getUserAccountData().then(user => { - // And confirm that the user's state has changed - do_check_eq(user.verified, true); - do_check_eq(user.email, test_user.email); - do_check_true(login_notification_received); - run_next_test(); - }); - }); - - makeObserver(ONLOGIN_NOTIFICATION, function() { - log.debug("test_verification_poll observer onlogin"); - login_notification_received = true; - }); - - fxa.setSignedInUser(test_user).then(() => { - fxa.internal.getUserAccountData().then(user => { - // The user is signing in, but email has not been verified yet - do_check_eq(user.verified, false); - do_timeout(200, function() { - log.debug("Mocking verification of francine's email"); - fxa.internal.fxAccountsClient._email = test_user.email; - fxa.internal.fxAccountsClient._verified = true; - }); - }); - }); -}); - -// Sign in the user, but never verify the email. The check-email -// poll should time out. No verifiedlogin event should be observed, and the -// internal whenVerified promise should be rejected -add_test(function test_polling_timeout() { - // This test could be better - the onverified observer might fire on - // somebody else's stack, and we're not making sure that we're not receiving - // such a message. In other words, this tests either failure, or success, but - // not both. - - let fxa = new MockFxAccounts(); - let test_user = getTestUser("carol"); - - let removeObserver = makeObserver(ONVERIFIED_NOTIFICATION, function() { - do_throw("We should not be getting a login event!"); - }); - - fxa.internal.POLL_SESSION = 1; - - let p = fxa.internal.whenVerified({}); - - fxa.setSignedInUser(test_user).then(() => { - p.then( - (success) => { - do_throw("this should not succeed"); - }, - (fail) => { - removeObserver(); - fxa.signOut().then(run_next_test); - } - ); - }); -}); - -add_test(function test_getKeys() { - let fxa = new MockFxAccounts(); - let user = getTestUser("eusebius"); - - // Once email has been verified, we will be able to get keys - user.verified = true; - - fxa.setSignedInUser(user).then(() => { - fxa.getSignedInUser().then((user) => { - // Before getKeys, we have no keys - do_check_eq(!!user.kA, false); - do_check_eq(!!user.kB, false); - // And we still have a key-fetch token and unwrapBKey to use - do_check_eq(!!user.keyFetchToken, true); - do_check_eq(!!user.unwrapBKey, true); - - fxa.internal.getKeys().then(() => { - fxa.getSignedInUser().then((user) => { - // Now we should have keys - do_check_eq(fxa.internal.isUserEmailVerified(user), true); - do_check_eq(!!user.verified, true); - do_check_eq(user.kA, expandHex("11")); - do_check_eq(user.kB, expandHex("66")); - do_check_eq(user.keyFetchToken, undefined); - do_check_eq(user.unwrapBKey, undefined); - run_next_test(); - }); - }); - }); - }); -}); - -add_task(function* test_getKeys_nonexistent_account() { - let fxa = new MockFxAccounts(); - let bismarck = getTestUser("bismarck"); - - let client = fxa.internal.fxAccountsClient; - client.accountStatus = () => Promise.resolve(false); - client.accountKeys = () => { - return Promise.reject({ - code: 401, - errno: ERRNO_INVALID_AUTH_TOKEN, - }); - }; - - yield fxa.setSignedInUser(bismarck); - - let promiseLogout = new Promise(resolve => { - makeObserver(ONLOGOUT_NOTIFICATION, function() { - log.debug("test_getKeys_nonexistent_account observed logout"); - resolve(); - }); - }); - - try { - yield fxa.internal.getKeys(); - do_check_true(false); - } catch (err) { - do_check_eq(err.code, 401); - do_check_eq(err.errno, ERRNO_INVALID_AUTH_TOKEN); - } - - yield promiseLogout; - - let user = yield fxa.internal.getUserAccountData(); - do_check_eq(user, null); -}); - -// getKeys with invalid keyFetchToken should delete keyFetchToken from storage -add_task(function* test_getKeys_invalid_token() { - let fxa = new MockFxAccounts(); - let yusuf = getTestUser("yusuf"); - - let client = fxa.internal.fxAccountsClient; - client.accountStatus = () => Promise.resolve(true); - client.accountKeys = () => { - return Promise.reject({ - code: 401, - errno: ERRNO_INVALID_AUTH_TOKEN, - }); - }; - - yield fxa.setSignedInUser(yusuf); - - try { - yield fxa.internal.getKeys(); - do_check_true(false); - } catch (err) { - do_check_eq(err.code, 401); - do_check_eq(err.errno, ERRNO_INVALID_AUTH_TOKEN); - } - - let user = yield fxa.internal.getUserAccountData(); - do_check_eq(user.email, yusuf.email); - do_check_eq(user.keyFetchToken, null); -}); - -// fetchAndUnwrapKeys with no keyFetchToken should trigger signOut -add_test(function test_fetchAndUnwrapKeys_no_token() { - let fxa = new MockFxAccounts(); - let user = getTestUser("lettuce.protheroe"); - delete user.keyFetchToken - - makeObserver(ONLOGOUT_NOTIFICATION, function() { - log.debug("test_fetchAndUnwrapKeys_no_token observed logout"); - fxa.internal.getUserAccountData().then(user => { - run_next_test(); - }); - }); - - fxa.setSignedInUser(user).then( - user => { - return fxa.internal.fetchAndUnwrapKeys(); - } - ).then( - null, - error => { - log.info("setSignedInUser correctly rejected"); - } - ) -}); - -// Alice (User A) signs up but never verifies her email. Then Bob (User B) -// signs in with a verified email. Ensure that no sign-in events are triggered -// on Alice's behalf. In the end, Bob should be the signed-in user. -add_test(function test_overlapping_signins() { - let fxa = new MockFxAccounts(); - let alice = getTestUser("alice"); - let bob = getTestUser("bob"); - - makeObserver(ONVERIFIED_NOTIFICATION, function() { - log.debug("test_overlapping_signins observed onverified"); - // Once email verification is complete, we will observe onverified - fxa.internal.getUserAccountData().then(user => { - do_check_eq(user.email, bob.email); - do_check_eq(user.verified, true); - run_next_test(); - }); - }); - - // Alice is the user signing in; her email is unverified. - fxa.setSignedInUser(alice).then(() => { - log.debug("Alice signing in ..."); - fxa.internal.getUserAccountData().then(user => { - do_check_eq(user.email, alice.email); - do_check_eq(user.verified, false); - log.debug("Alice has not verified her email ..."); - - // Now Bob signs in instead and actually verifies his email - log.debug("Bob signing in ..."); - fxa.setSignedInUser(bob).then(() => { - do_timeout(200, function() { - // Mock email verification ... - log.debug("Bob verifying his email ..."); - fxa.internal.fxAccountsClient._verified = true; - }); - }); - }); - }); -}); - -add_task(function* test_getAssertion_invalid_token() { - let fxa = new MockFxAccounts(); - - let client = fxa.internal.fxAccountsClient; - client.accountStatus = () => Promise.resolve(true); - - let creds = { - sessionToken: "sessionToken", - kA: expandHex("11"), - kB: expandHex("66"), - verified: true, - email: "sonia@example.com", - }; - yield fxa.setSignedInUser(creds); - - try { - let promiseAssertion = fxa.getAssertion("audience.example.com"); - fxa.internal._d_signCertificate.reject({ - code: 401, - errno: ERRNO_INVALID_AUTH_TOKEN, - }); - yield promiseAssertion; - do_check_true(false, "getAssertion should reject invalid session token"); - } catch (err) { - do_check_eq(err.code, 401); - do_check_eq(err.errno, ERRNO_INVALID_AUTH_TOKEN); - } - - let user = yield fxa.internal.getUserAccountData(); - do_check_eq(user.email, creds.email); - do_check_eq(user.sessionToken, null); -}); - -add_task(function* test_getAssertion() { - let fxa = new MockFxAccounts(); - - do_check_throws(function* () { - yield fxa.getAssertion("nonaudience"); - }); - - let creds = { - sessionToken: "sessionToken", - kA: expandHex("11"), - kB: expandHex("66"), - verified: true - }; - // By putting kA/kB/verified in "creds", we skip ahead - // to the "we're ready" stage. - yield fxa.setSignedInUser(creds); - - _("== ready to go\n"); - // Start with a nice arbitrary but realistic date. Here we use a nice RFC - // 1123 date string like we would get from an HTTP header. Over the course of - // the test, we will update 'now', but leave 'start' where it is. - let now = Date.parse("Mon, 13 Jan 2014 21:45:06 GMT"); - let start = now; - fxa.internal._now_is = now; - - let d = fxa.getAssertion("audience.example.com"); - // At this point, a thread has been spawned to generate the keys. - _("-- back from fxa.getAssertion\n"); - fxa.internal._d_signCertificate.resolve("cert1"); - let assertion = yield d; - do_check_eq(fxa.internal._getCertificateSigned_calls.length, 1); - do_check_eq(fxa.internal._getCertificateSigned_calls[0][0], "sessionToken"); - do_check_neq(assertion, null); - _("ASSERTION: " + assertion + "\n"); - let pieces = assertion.split("~"); - do_check_eq(pieces[0], "cert1"); - let userData = yield fxa.getSignedInUser(); - let keyPair = userData.keyPair; - let cert = userData.cert; - do_check_neq(keyPair, undefined); - _(keyPair.validUntil + "\n"); - let p2 = pieces[1].split("."); - let header = JSON.parse(atob(p2[0])); - _("HEADER: " + JSON.stringify(header) + "\n"); - do_check_eq(header.alg, "DS128"); - let payload = JSON.parse(atob(p2[1])); - _("PAYLOAD: " + JSON.stringify(payload) + "\n"); - do_check_eq(payload.aud, "audience.example.com"); - do_check_eq(keyPair.validUntil, start + KEY_LIFETIME); - do_check_eq(cert.validUntil, start + CERT_LIFETIME); - _("delta: " + Date.parse(payload.exp - start) + "\n"); - let exp = Number(payload.exp); - - do_check_eq(exp, now + ASSERTION_LIFETIME); - - // Reset for next call. - fxa.internal._d_signCertificate = Promise.defer(); - - // Getting a new assertion "soon" (i.e., w/o incrementing "now"), even for - // a new audience, should not provoke key generation or a signing request. - assertion = yield fxa.getAssertion("other.example.com"); - - // There were no additional calls - same number of getcert calls as before - do_check_eq(fxa.internal._getCertificateSigned_calls.length, 1); - - // Wait an hour; assertion use period expires, but not the certificate - now += ONE_HOUR_MS; - fxa.internal._now_is = now; - - // This won't block on anything - will make an assertion, but not get a - // new certificate. - assertion = yield fxa.getAssertion("third.example.com"); - - // Test will time out if that failed (i.e., if that had to go get a new cert) - pieces = assertion.split("~"); - do_check_eq(pieces[0], "cert1"); - p2 = pieces[1].split("."); - header = JSON.parse(atob(p2[0])); - payload = JSON.parse(atob(p2[1])); - do_check_eq(payload.aud, "third.example.com"); - - // The keypair and cert should have the same validity as before, but the - // expiration time of the assertion should be different. We compare this to - // the initial start time, to which they are relative, not the current value - // of "now". - userData = yield fxa.getSignedInUser(); - - keyPair = userData.keyPair; - cert = userData.cert; - do_check_eq(keyPair.validUntil, start + KEY_LIFETIME); - do_check_eq(cert.validUntil, start + CERT_LIFETIME); - exp = Number(payload.exp); - do_check_eq(exp, now + ASSERTION_LIFETIME); - - // Now we wait even longer, and expect both assertion and cert to expire. So - // we will have to get a new keypair and cert. - now += ONE_DAY_MS; - fxa.internal._now_is = now; - d = fxa.getAssertion("fourth.example.com"); - fxa.internal._d_signCertificate.resolve("cert2"); - assertion = yield d; - do_check_eq(fxa.internal._getCertificateSigned_calls.length, 2); - do_check_eq(fxa.internal._getCertificateSigned_calls[1][0], "sessionToken"); - pieces = assertion.split("~"); - do_check_eq(pieces[0], "cert2"); - p2 = pieces[1].split("."); - header = JSON.parse(atob(p2[0])); - payload = JSON.parse(atob(p2[1])); - do_check_eq(payload.aud, "fourth.example.com"); - userData = yield fxa.getSignedInUser(); - keyPair = userData.keyPair; - cert = userData.cert; - do_check_eq(keyPair.validUntil, now + KEY_LIFETIME); - do_check_eq(cert.validUntil, now + CERT_LIFETIME); - exp = Number(payload.exp); - - do_check_eq(exp, now + ASSERTION_LIFETIME); - _("----- DONE ----\n"); -}); - -add_task(function* test_resend_email_not_signed_in() { - let fxa = new MockFxAccounts(); - - try { - yield fxa.resendVerificationEmail(); - } catch(err) { - do_check_eq(err.message, - "Cannot resend verification email; no signed-in user"); - return; - } - do_throw("Should not be able to resend email when nobody is signed in"); -}); - -add_test(function test_accountStatus() { - let fxa = new MockFxAccounts(); - let alice = getTestUser("alice"); - - // If we have no user, we have no account server-side - fxa.accountStatus().then( - (result) => { - do_check_false(result); - } - ).then( - () => { - fxa.setSignedInUser(alice).then( - () => { - fxa.accountStatus().then( - (result) => { - // FxAccounts.accountStatus() should match Client.accountStatus() - do_check_true(result); - fxa.internal.fxAccountsClient._deletedOnServer = true; - fxa.accountStatus().then( - (result) => { - do_check_false(result); - fxa.internal.fxAccountsClient._deletedOnServer = false; - fxa.signOut().then(run_next_test); - } - ); - } - ) - } - ); - } - ); -}); - -add_task(function* test_resend_email_invalid_token() { - let fxa = new MockFxAccounts(); - let sophia = getTestUser("sophia"); - do_check_neq(sophia.sessionToken, null); - - let client = fxa.internal.fxAccountsClient; - client.resendVerificationEmail = () => { - return Promise.reject({ - code: 401, - errno: ERRNO_INVALID_AUTH_TOKEN, - }); - }; - client.accountStatus = () => Promise.resolve(true); - - yield fxa.setSignedInUser(sophia); - let user = yield fxa.internal.getUserAccountData(); - do_check_eq(user.email, sophia.email); - do_check_eq(user.verified, false); - log.debug("Sophia wants verification email resent"); - - try { - yield fxa.resendVerificationEmail(); - do_check_true(false, "resendVerificationEmail should reject invalid session token"); - } catch (err) { - do_check_eq(err.code, 401); - do_check_eq(err.errno, ERRNO_INVALID_AUTH_TOKEN); - } - - user = yield fxa.internal.getUserAccountData(); - do_check_eq(user.email, sophia.email); - do_check_eq(user.sessionToken, null); -}); - -add_test(function test_resend_email() { - let fxa = new MockFxAccounts(); - let alice = getTestUser("alice"); - - let initialState = fxa.internal.currentAccountState; - - // Alice is the user signing in; her email is unverified. - fxa.setSignedInUser(alice).then(() => { - log.debug("Alice signing in"); - - // We're polling for the first email - do_check_true(fxa.internal.currentAccountState !== initialState); - let aliceState = fxa.internal.currentAccountState; - - // The polling timer is ticking - do_check_true(fxa.internal.currentTimer > 0); - - fxa.internal.getUserAccountData().then(user => { - do_check_eq(user.email, alice.email); - do_check_eq(user.verified, false); - log.debug("Alice wants verification email resent"); - - fxa.resendVerificationEmail().then((result) => { - // Mock server response; ensures that the session token actually was - // passed to the client to make the hawk call - do_check_eq(result, "alice's session token"); - - // Timer was not restarted - do_check_true(fxa.internal.currentAccountState === aliceState); - - // Timer is still ticking - do_check_true(fxa.internal.currentTimer > 0); - - // Ok abort polling before we go on to the next test - fxa.internal.abortExistingFlow(); - run_next_test(); - }); - }); - }); -}); - -add_task(function* test_sign_out_with_device() { - const fxa = new MockFxAccounts(); - - const credentials = getTestUser("alice"); - yield fxa.internal.setSignedInUser(credentials); - - const user = yield fxa.internal.getUserAccountData(); - do_check_true(user); - Object.keys(credentials).forEach(key => do_check_eq(credentials[key], user[key])); - - const spy = { - signOut: { count: 0 }, - signOutAndDeviceDestroy: { count: 0, args: [] } - }; - const client = fxa.internal.fxAccountsClient; - client.signOut = function () { - spy.signOut.count += 1; - return Promise.resolve(); - }; - client.signOutAndDestroyDevice = function () { - spy.signOutAndDeviceDestroy.count += 1; - spy.signOutAndDeviceDestroy.args.push(arguments); - return Promise.resolve(); - }; - - const promise = new Promise(resolve => { - makeObserver(ONLOGOUT_NOTIFICATION, () => { - log.debug("test_sign_out_with_device observed onlogout"); - // user should be undefined after sign out - fxa.internal.getUserAccountData().then(user2 => { - do_check_eq(user2, null); - do_check_eq(spy.signOut.count, 0); - do_check_eq(spy.signOutAndDeviceDestroy.count, 1); - do_check_eq(spy.signOutAndDeviceDestroy.args[0].length, 3); - do_check_eq(spy.signOutAndDeviceDestroy.args[0][0], credentials.sessionToken); - do_check_eq(spy.signOutAndDeviceDestroy.args[0][1], credentials.deviceId); - do_check_true(spy.signOutAndDeviceDestroy.args[0][2]); - do_check_eq(spy.signOutAndDeviceDestroy.args[0][2].service, "sync"); - resolve(); - }); - }); - }); - - yield fxa.signOut(); - - yield promise; -}); - -add_task(function* test_sign_out_without_device() { - const fxa = new MockFxAccounts(); - - const credentials = getTestUser("alice"); - delete credentials.deviceId; - yield fxa.internal.setSignedInUser(credentials); - - const user = yield fxa.internal.getUserAccountData(); - - const spy = { - signOut: { count: 0, args: [] }, - signOutAndDeviceDestroy: { count: 0 } - }; - const client = fxa.internal.fxAccountsClient; - client.signOut = function () { - spy.signOut.count += 1; - spy.signOut.args.push(arguments); - return Promise.resolve(); - }; - client.signOutAndDestroyDevice = function () { - spy.signOutAndDeviceDestroy.count += 1; - return Promise.resolve(); - }; - - const promise = new Promise(resolve => { - makeObserver(ONLOGOUT_NOTIFICATION, () => { - log.debug("test_sign_out_without_device observed onlogout"); - // user should be undefined after sign out - fxa.internal.getUserAccountData().then(user2 => { - do_check_eq(user2, null); - do_check_eq(spy.signOut.count, 1); - do_check_eq(spy.signOut.args[0].length, 2); - do_check_eq(spy.signOut.args[0][0], credentials.sessionToken); - do_check_true(spy.signOut.args[0][1]); - do_check_eq(spy.signOut.args[0][1].service, "sync"); - do_check_eq(spy.signOutAndDeviceDestroy.count, 0); - resolve(); - }); - }); - }); - - yield fxa.signOut(); - - yield promise; -}); - -add_task(function* test_sign_out_with_remote_error() { - let fxa = new MockFxAccounts(); - let client = fxa.internal.fxAccountsClient; - let remoteSignOutCalled = false; - // Force remote sign out to trigger an error - client.signOutAndDestroyDevice = function() { remoteSignOutCalled = true; throw "Remote sign out error"; }; - let promiseLogout = new Promise(resolve => { - makeObserver(ONLOGOUT_NOTIFICATION, function() { - log.debug("test_sign_out_with_remote_error observed onlogout"); - resolve(); - }); - }); - - let jane = getTestUser("jane"); - yield fxa.setSignedInUser(jane); - yield fxa.signOut(); - yield promiseLogout; - - let user = yield fxa.internal.getUserAccountData(); - do_check_eq(user, null); - do_check_true(remoteSignOutCalled); -}); - -add_test(function test_getOAuthToken() { - let fxa = new MockFxAccounts(); - let alice = getTestUser("alice"); - alice.verified = true; - let getTokenFromAssertionCalled = false; - - fxa.internal._d_signCertificate.resolve("cert1"); - - // create a mock oauth client - let client = new FxAccountsOAuthGrantClient({ - serverURL: "http://example.com/v1", - client_id: "abc123" - }); - client.getTokenFromAssertion = function () { - getTokenFromAssertionCalled = true; - return Promise.resolve({ access_token: "token" }); - }; - - fxa.setSignedInUser(alice).then( - () => { - fxa.getOAuthToken({ scope: "profile", client: client }).then( - (result) => { - do_check_true(getTokenFromAssertionCalled); - do_check_eq(result, "token"); - run_next_test(); - } - ) - } - ); - -}); - -add_test(function test_getOAuthTokenScoped() { - let fxa = new MockFxAccounts(); - let alice = getTestUser("alice"); - alice.verified = true; - let getTokenFromAssertionCalled = false; - - fxa.internal._d_signCertificate.resolve("cert1"); - - // create a mock oauth client - let client = new FxAccountsOAuthGrantClient({ - serverURL: "http://example.com/v1", - client_id: "abc123" - }); - client.getTokenFromAssertion = function (assertion, scopeString) { - equal(scopeString, "foo bar"); - getTokenFromAssertionCalled = true; - return Promise.resolve({ access_token: "token" }); - }; - - fxa.setSignedInUser(alice).then( - () => { - fxa.getOAuthToken({ scope: ["foo", "bar"], client: client }).then( - (result) => { - do_check_true(getTokenFromAssertionCalled); - do_check_eq(result, "token"); - run_next_test(); - } - ) - } - ); - -}); - -add_task(function* test_getOAuthTokenCached() { - let fxa = new MockFxAccounts(); - let alice = getTestUser("alice"); - alice.verified = true; - let numTokenFromAssertionCalls = 0; - - fxa.internal._d_signCertificate.resolve("cert1"); - - // create a mock oauth client - let client = new FxAccountsOAuthGrantClient({ - serverURL: "http://example.com/v1", - client_id: "abc123" - }); - client.getTokenFromAssertion = function () { - numTokenFromAssertionCalls += 1; - return Promise.resolve({ access_token: "token" }); - }; - - yield fxa.setSignedInUser(alice); - let result = yield fxa.getOAuthToken({ scope: "profile", client: client, service: "test-service" }); - do_check_eq(numTokenFromAssertionCalls, 1); - do_check_eq(result, "token"); - - // requesting it again should not re-fetch the token. - result = yield fxa.getOAuthToken({ scope: "profile", client: client, service: "test-service" }); - do_check_eq(numTokenFromAssertionCalls, 1); - do_check_eq(result, "token"); - // But requesting the same service and a different scope *will* get a new one. - result = yield fxa.getOAuthToken({ scope: "something-else", client: client, service: "test-service" }); - do_check_eq(numTokenFromAssertionCalls, 2); - do_check_eq(result, "token"); -}); - -add_task(function* test_getOAuthTokenCachedScopeNormalization() { - let fxa = new MockFxAccounts(); - let alice = getTestUser("alice"); - alice.verified = true; - let numTokenFromAssertionCalls = 0; - - fxa.internal._d_signCertificate.resolve("cert1"); - - // create a mock oauth client - let client = new FxAccountsOAuthGrantClient({ - serverURL: "http://example.com/v1", - client_id: "abc123" - }); - client.getTokenFromAssertion = function () { - numTokenFromAssertionCalls += 1; - return Promise.resolve({ access_token: "token" }); - }; - - yield fxa.setSignedInUser(alice); - let result = yield fxa.getOAuthToken({ scope: ["foo", "bar"], client: client, service: "test-service" }); - do_check_eq(numTokenFromAssertionCalls, 1); - do_check_eq(result, "token"); - - // requesting it again with the scope array in a different order not re-fetch the token. - result = yield fxa.getOAuthToken({ scope: ["bar", "foo"], client: client, service: "test-service" }); - do_check_eq(numTokenFromAssertionCalls, 1); - do_check_eq(result, "token"); - // requesting it again with the scope array in different case not re-fetch the token. - result = yield fxa.getOAuthToken({ scope: ["Bar", "Foo"], client: client, service: "test-service" }); - do_check_eq(numTokenFromAssertionCalls, 1); - do_check_eq(result, "token"); - // But requesting with a new entry in the array does fetch one. - result = yield fxa.getOAuthToken({ scope: ["foo", "bar", "etc"], client: client, service: "test-service" }); - do_check_eq(numTokenFromAssertionCalls, 2); - do_check_eq(result, "token"); -}); - -Services.prefs.setCharPref("identity.fxaccounts.remote.oauth.uri", "https://example.com/v1"); -add_test(function test_getOAuthToken_invalid_param() { - let fxa = new MockFxAccounts(); - - fxa.getOAuthToken() - .then(null, err => { - do_check_eq(err.message, "INVALID_PARAMETER"); - fxa.signOut().then(run_next_test); - }); -}); - -add_test(function test_getOAuthToken_invalid_scope_array() { - let fxa = new MockFxAccounts(); - - fxa.getOAuthToken({scope: []}) - .then(null, err => { - do_check_eq(err.message, "INVALID_PARAMETER"); - fxa.signOut().then(run_next_test); - }); -}); - -add_test(function test_getOAuthToken_misconfigure_oauth_uri() { - let fxa = new MockFxAccounts(); - - Services.prefs.deleteBranch("identity.fxaccounts.remote.oauth.uri"); - - fxa.getOAuthToken() - .then(null, err => { - do_check_eq(err.message, "INVALID_PARAMETER"); - // revert the pref - Services.prefs.setCharPref("identity.fxaccounts.remote.oauth.uri", "https://example.com/v1"); - fxa.signOut().then(run_next_test); - }); -}); - -add_test(function test_getOAuthToken_no_account() { - let fxa = new MockFxAccounts(); - - fxa.internal.currentAccountState.getUserAccountData = function () { - return Promise.resolve(null); - }; - - fxa.getOAuthToken({ scope: "profile" }) - .then(null, err => { - do_check_eq(err.message, "NO_ACCOUNT"); - fxa.signOut().then(run_next_test); - }); -}); - -add_test(function test_getOAuthToken_unverified() { - let fxa = new MockFxAccounts(); - let alice = getTestUser("alice"); - - fxa.setSignedInUser(alice).then(() => { - fxa.getOAuthToken({ scope: "profile" }) - .then(null, err => { - do_check_eq(err.message, "UNVERIFIED_ACCOUNT"); - fxa.signOut().then(run_next_test); - }); - }); -}); - -add_test(function test_getOAuthToken_network_error() { - let fxa = new MockFxAccounts(); - let alice = getTestUser("alice"); - alice.verified = true; - - fxa.internal._d_signCertificate.resolve("cert1"); - - // create a mock oauth client - let client = new FxAccountsOAuthGrantClient({ - serverURL: "http://example.com/v1", - client_id: "abc123" - }); - client.getTokenFromAssertion = function () { - return Promise.reject(new FxAccountsOAuthGrantClientError({ - error: ERROR_NETWORK, - errno: ERRNO_NETWORK - })); - }; - - fxa.setSignedInUser(alice).then(() => { - fxa.getOAuthToken({ scope: "profile", client: client }) - .then(null, err => { - do_check_eq(err.message, "NETWORK_ERROR"); - do_check_eq(err.details.errno, ERRNO_NETWORK); - run_next_test(); - }); - }); -}); - -add_test(function test_getOAuthToken_auth_error() { - let fxa = new MockFxAccounts(); - let alice = getTestUser("alice"); - alice.verified = true; - - fxa.internal._d_signCertificate.resolve("cert1"); - - // create a mock oauth client - let client = new FxAccountsOAuthGrantClient({ - serverURL: "http://example.com/v1", - client_id: "abc123" - }); - client.getTokenFromAssertion = function () { - return Promise.reject(new FxAccountsOAuthGrantClientError({ - error: ERROR_INVALID_FXA_ASSERTION, - errno: ERRNO_INVALID_FXA_ASSERTION - })); - }; - - fxa.setSignedInUser(alice).then(() => { - fxa.getOAuthToken({ scope: "profile", client: client }) - .then(null, err => { - do_check_eq(err.message, "AUTH_ERROR"); - do_check_eq(err.details.errno, ERRNO_INVALID_FXA_ASSERTION); - run_next_test(); - }); - }); -}); - -add_test(function test_getOAuthToken_unknown_error() { - let fxa = new MockFxAccounts(); - let alice = getTestUser("alice"); - alice.verified = true; - - fxa.internal._d_signCertificate.resolve("cert1"); - - // create a mock oauth client - let client = new FxAccountsOAuthGrantClient({ - serverURL: "http://example.com/v1", - client_id: "abc123" - }); - client.getTokenFromAssertion = function () { - return Promise.reject("boom"); - }; - - fxa.setSignedInUser(alice).then(() => { - fxa.getOAuthToken({ scope: "profile", client: client }) - .then(null, err => { - do_check_eq(err.message, "UNKNOWN_ERROR"); - run_next_test(); - }); - }); -}); - -add_test(function test_getSignedInUserProfile() { - let alice = getTestUser("alice"); - alice.verified = true; - - let mockProfile = { - getProfile: function () { - return Promise.resolve({ avatar: "image" }); - }, - tearDown: function() {}, - }; - let fxa = new FxAccounts({ - _signOutServer() { return Promise.resolve(); }, - _registerOrUpdateDevice() { return Promise.resolve(); } - }); - - fxa.setSignedInUser(alice).then(() => { - fxa.internal._profile = mockProfile; - fxa.getSignedInUserProfile() - .then(result => { - do_check_true(!!result); - do_check_eq(result.avatar, "image"); - run_next_test(); - }); - }); -}); - -add_test(function test_getSignedInUserProfile_error_uses_account_data() { - let fxa = new MockFxAccounts(); - let alice = getTestUser("alice"); - alice.verified = true; - - fxa.internal.getSignedInUser = function () { - return Promise.resolve({ email: "foo@bar.com" }); - }; - - let teardownCalled = false; - fxa.setSignedInUser(alice).then(() => { - fxa.internal._profile = { - getProfile: function () { - return Promise.reject("boom"); - }, - tearDown: function() { - teardownCalled = true; - } - }; - - fxa.getSignedInUserProfile() - .catch(error => { - do_check_eq(error.message, "UNKNOWN_ERROR"); - fxa.signOut().then(() => { - do_check_true(teardownCalled); - run_next_test(); - }); - }); - }); -}); - -add_test(function test_getSignedInUserProfile_unverified_account() { - let fxa = new MockFxAccounts(); - let alice = getTestUser("alice"); - - fxa.setSignedInUser(alice).then(() => { - fxa.getSignedInUserProfile() - .catch(error => { - do_check_eq(error.message, "UNVERIFIED_ACCOUNT"); - fxa.signOut().then(run_next_test); - }); - }); - -}); - -add_test(function test_getSignedInUserProfile_no_account_data() { - let fxa = new MockFxAccounts(); - - fxa.internal.getSignedInUser = function () { - return Promise.resolve(null); - }; - - fxa.getSignedInUserProfile() - .catch(error => { - do_check_eq(error.message, "NO_ACCOUNT"); - fxa.signOut().then(run_next_test); - }); - -}); - -add_task(function* test_checkVerificationStatusFailed() { - let fxa = new MockFxAccounts(); - let alice = getTestUser("alice"); - alice.verified = true; - - let client = fxa.internal.fxAccountsClient; - client.recoveryEmailStatus = () => { - return Promise.reject({ - code: 401, - errno: ERRNO_INVALID_AUTH_TOKEN, - }); - }; - client.accountStatus = () => Promise.resolve(true); - - yield fxa.setSignedInUser(alice); - let user = yield fxa.internal.getUserAccountData(); - do_check_neq(alice.sessionToken, null); - do_check_eq(user.email, alice.email); - do_check_eq(user.verified, true); - - yield fxa.checkVerificationStatus(); - - user = yield fxa.internal.getUserAccountData(); - do_check_eq(user.email, alice.email); - do_check_eq(user.sessionToken, null); -}); - -/* - * End of tests. - * Utility functions follow. - */ - -function expandHex(two_hex) { - // Return a 64-character hex string, encoding 32 identical bytes. - let eight_hex = two_hex + two_hex + two_hex + two_hex; - let thirtytwo_hex = eight_hex + eight_hex + eight_hex + eight_hex; - return thirtytwo_hex + thirtytwo_hex; -}; - -function expandBytes(two_hex) { - return CommonUtils.hexToBytes(expandHex(two_hex)); -}; - -function getTestUser(name) { - return { - email: name + "@example.com", - uid: "1ad7f502-4cc7-4ec1-a209-071fd2fae348", - deviceId: name + "'s device id", - sessionToken: name + "'s session token", - keyFetchToken: name + "'s keyfetch token", - unwrapBKey: expandHex("44"), - verified: false - }; -} - -function makeObserver(aObserveTopic, aObserveFunc) { - let observer = { - // nsISupports provides type management in C++ - // nsIObserver is to be an observer - QueryInterface: XPCOMUtils.generateQI([Ci.nsISupports, Ci.nsIObserver]), - - observe: function (aSubject, aTopic, aData) { - log.debug("observed " + aTopic + " " + aData); - if (aTopic == aObserveTopic) { - removeMe(); - aObserveFunc(aSubject, aTopic, aData); - } - } - }; - - function removeMe() { - log.debug("removing observer for " + aObserveTopic); - Services.obs.removeObserver(observer, aObserveTopic); - } - - Services.obs.addObserver(observer, aObserveTopic, false); - return removeMe; -} - -function do_check_throws(func, result, stack) -{ - if (!stack) - stack = Components.stack.caller; - - try { - func(); - } catch (ex) { - if (ex.name == result) { - return; - } - do_throw("Expected result " + result + ", caught " + ex.name, stack); - } - - if (result) { - do_throw("Expected result " + result + ", none thrown", stack); - } -} diff --git a/services/fxaccounts/tests/xpcshell/test_accounts_device_registration.js b/services/fxaccounts/tests/xpcshell/test_accounts_device_registration.js deleted file mode 100644 index 9a2d2c127..000000000 --- a/services/fxaccounts/tests/xpcshell/test_accounts_device_registration.js +++ /dev/null @@ -1,526 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - * http://creativecommons.org/publicdomain/zero/1.0/ */ - -"use strict"; - -Cu.import("resource://services-common/utils.js"); -Cu.import("resource://gre/modules/Services.jsm"); -Cu.import("resource://gre/modules/FxAccounts.jsm"); -Cu.import("resource://gre/modules/FxAccountsClient.jsm"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -Cu.import("resource://gre/modules/Promise.jsm"); -Cu.import("resource://gre/modules/Log.jsm"); - -initTestLogging("Trace"); - -var log = Log.repository.getLogger("Services.FxAccounts.test"); -log.level = Log.Level.Debug; - -const BOGUS_PUBLICKEY = "BBXOKjUb84pzws1wionFpfCBjDuCh4-s_1b52WA46K5wYL2gCWEOmFKWn_NkS5nmJwTBuO8qxxdjAIDtNeklvQc"; -const BOGUS_AUTHKEY = "GSsIiaD2Mr83iPqwFNK4rw"; - -Services.prefs.setCharPref("identity.fxaccounts.loglevel", "Trace"); -Log.repository.getLogger("FirefoxAccounts").level = Log.Level.Trace; - -Services.prefs.setCharPref("identity.fxaccounts.remote.oauth.uri", "https://example.com/v1"); -Services.prefs.setCharPref("identity.fxaccounts.oauth.client_id", "abc123"); -Services.prefs.setCharPref("identity.fxaccounts.remote.profile.uri", "http://example.com/v1"); -Services.prefs.setCharPref("identity.fxaccounts.settings.uri", "http://accounts.example.com/"); - -const DEVICE_REGISTRATION_VERSION = 42; - -function MockStorageManager() { -} - -MockStorageManager.prototype = { - initialize(accountData) { - this.accountData = accountData; - }, - - finalize() { - return Promise.resolve(); - }, - - getAccountData() { - return Promise.resolve(this.accountData); - }, - - updateAccountData(updatedFields) { - for (let [name, value] of Object.entries(updatedFields)) { - if (value == null) { - delete this.accountData[name]; - } else { - this.accountData[name] = value; - } - } - return Promise.resolve(); - }, - - deleteAccountData() { - this.accountData = null; - return Promise.resolve(); - } -} - -function MockFxAccountsClient(device) { - this._email = "nobody@example.com"; - this._verified = false; - this._deletedOnServer = false; // for testing accountStatus - - // mock calls up to the auth server to determine whether the - // user account has been verified - this.recoveryEmailStatus = function (sessionToken) { - // simulate a call to /recovery_email/status - return Promise.resolve({ - email: this._email, - verified: this._verified - }); - }; - - this.accountStatus = function(uid) { - let deferred = Promise.defer(); - deferred.resolve(!!uid && (!this._deletedOnServer)); - return deferred.promise; - }; - - const { id: deviceId, name: deviceName, type: deviceType, sessionToken } = device; - - this.registerDevice = (st, name, type) => Promise.resolve({ id: deviceId, name }); - this.updateDevice = (st, id, name) => Promise.resolve({ id, name }); - this.signOutAndDestroyDevice = () => Promise.resolve({}); - this.getDeviceList = (st) => - Promise.resolve([ - { id: deviceId, name: deviceName, type: deviceType, isCurrentDevice: st === sessionToken } - ]); - - FxAccountsClient.apply(this); -} -MockFxAccountsClient.prototype = { - __proto__: FxAccountsClient.prototype -} - -function MockFxAccounts(device = {}) { - return new FxAccounts({ - _getDeviceName() { - return device.name || "mock device name"; - }, - fxAccountsClient: new MockFxAccountsClient(device), - fxaPushService: { - registerPushEndpoint() { - return new Promise((resolve) => { - resolve({ - endpoint: "http://mochi.test:8888", - getKey: function(type) { - return ChromeUtils.base64URLDecode( - type === "auth" ? BOGUS_AUTHKEY : BOGUS_PUBLICKEY, - { padding: "ignore" }); - } - }); - }); - }, - }, - DEVICE_REGISTRATION_VERSION - }); -} - -add_task(function* test_updateDeviceRegistration_with_new_device() { - const deviceName = "foo"; - const deviceType = "bar"; - - const credentials = getTestUser("baz"); - delete credentials.deviceId; - const fxa = new MockFxAccounts({ name: deviceName }); - yield fxa.internal.setSignedInUser(credentials); - - const spy = { - registerDevice: { count: 0, args: [] }, - updateDevice: { count: 0, args: [] }, - getDeviceList: { count: 0, args: [] } - }; - const client = fxa.internal.fxAccountsClient; - client.registerDevice = function () { - spy.registerDevice.count += 1; - spy.registerDevice.args.push(arguments); - return Promise.resolve({ - id: "newly-generated device id", - createdAt: Date.now(), - name: deviceName, - type: deviceType - }); - }; - client.updateDevice = function () { - spy.updateDevice.count += 1; - spy.updateDevice.args.push(arguments); - return Promise.resolve({}); - }; - client.getDeviceList = function () { - spy.getDeviceList.count += 1; - spy.getDeviceList.args.push(arguments); - return Promise.resolve([]); - }; - - const result = yield fxa.updateDeviceRegistration(); - - do_check_eq(result, "newly-generated device id"); - do_check_eq(spy.updateDevice.count, 0); - do_check_eq(spy.getDeviceList.count, 0); - do_check_eq(spy.registerDevice.count, 1); - do_check_eq(spy.registerDevice.args[0].length, 4); - do_check_eq(spy.registerDevice.args[0][0], credentials.sessionToken); - do_check_eq(spy.registerDevice.args[0][1], deviceName); - do_check_eq(spy.registerDevice.args[0][2], "desktop"); - do_check_eq(spy.registerDevice.args[0][3].pushCallback, "http://mochi.test:8888"); - do_check_eq(spy.registerDevice.args[0][3].pushPublicKey, BOGUS_PUBLICKEY); - do_check_eq(spy.registerDevice.args[0][3].pushAuthKey, BOGUS_AUTHKEY); - - const state = fxa.internal.currentAccountState; - const data = yield state.getUserAccountData(); - - do_check_eq(data.deviceId, "newly-generated device id"); - do_check_eq(data.deviceRegistrationVersion, DEVICE_REGISTRATION_VERSION); -}); - -add_task(function* test_updateDeviceRegistration_with_existing_device() { - const deviceName = "phil's device"; - const deviceType = "desktop"; - - const credentials = getTestUser("pb"); - const fxa = new MockFxAccounts({ name: deviceName }); - yield fxa.internal.setSignedInUser(credentials); - - const spy = { - registerDevice: { count: 0, args: [] }, - updateDevice: { count: 0, args: [] }, - getDeviceList: { count: 0, args: [] } - }; - const client = fxa.internal.fxAccountsClient; - client.registerDevice = function () { - spy.registerDevice.count += 1; - spy.registerDevice.args.push(arguments); - return Promise.resolve({}); - }; - client.updateDevice = function () { - spy.updateDevice.count += 1; - spy.updateDevice.args.push(arguments); - return Promise.resolve({ - id: credentials.deviceId, - name: deviceName - }); - }; - client.getDeviceList = function () { - spy.getDeviceList.count += 1; - spy.getDeviceList.args.push(arguments); - return Promise.resolve([]); - }; - const result = yield fxa.updateDeviceRegistration(); - - do_check_eq(result, credentials.deviceId); - do_check_eq(spy.registerDevice.count, 0); - do_check_eq(spy.getDeviceList.count, 0); - do_check_eq(spy.updateDevice.count, 1); - do_check_eq(spy.updateDevice.args[0].length, 4); - do_check_eq(spy.updateDevice.args[0][0], credentials.sessionToken); - do_check_eq(spy.updateDevice.args[0][1], credentials.deviceId); - do_check_eq(spy.updateDevice.args[0][2], deviceName); - do_check_eq(spy.updateDevice.args[0][3].pushCallback, "http://mochi.test:8888"); - do_check_eq(spy.updateDevice.args[0][3].pushPublicKey, BOGUS_PUBLICKEY); - do_check_eq(spy.updateDevice.args[0][3].pushAuthKey, BOGUS_AUTHKEY); - - const state = fxa.internal.currentAccountState; - const data = yield state.getUserAccountData(); - - do_check_eq(data.deviceId, credentials.deviceId); - do_check_eq(data.deviceRegistrationVersion, DEVICE_REGISTRATION_VERSION); -}); - -add_task(function* test_updateDeviceRegistration_with_unknown_device_error() { - const deviceName = "foo"; - const deviceType = "bar"; - - const credentials = getTestUser("baz"); - const fxa = new MockFxAccounts({ name: deviceName }); - yield fxa.internal.setSignedInUser(credentials); - - const spy = { - registerDevice: { count: 0, args: [] }, - updateDevice: { count: 0, args: [] }, - getDeviceList: { count: 0, args: [] } - }; - const client = fxa.internal.fxAccountsClient; - client.registerDevice = function () { - spy.registerDevice.count += 1; - spy.registerDevice.args.push(arguments); - return Promise.resolve({ - id: "a different newly-generated device id", - createdAt: Date.now(), - name: deviceName, - type: deviceType - }); - }; - client.updateDevice = function () { - spy.updateDevice.count += 1; - spy.updateDevice.args.push(arguments); - return Promise.reject({ - code: 400, - errno: ERRNO_UNKNOWN_DEVICE - }); - }; - client.getDeviceList = function () { - spy.getDeviceList.count += 1; - spy.getDeviceList.args.push(arguments); - return Promise.resolve([]); - }; - - const result = yield fxa.updateDeviceRegistration(); - - do_check_null(result); - do_check_eq(spy.getDeviceList.count, 0); - do_check_eq(spy.registerDevice.count, 0); - do_check_eq(spy.updateDevice.count, 1); - do_check_eq(spy.updateDevice.args[0].length, 4); - do_check_eq(spy.updateDevice.args[0][0], credentials.sessionToken); - do_check_eq(spy.updateDevice.args[0][1], credentials.deviceId); - do_check_eq(spy.updateDevice.args[0][2], deviceName); - do_check_eq(spy.updateDevice.args[0][3].pushCallback, "http://mochi.test:8888"); - do_check_eq(spy.updateDevice.args[0][3].pushPublicKey, BOGUS_PUBLICKEY); - do_check_eq(spy.updateDevice.args[0][3].pushAuthKey, BOGUS_AUTHKEY); - - - const state = fxa.internal.currentAccountState; - const data = yield state.getUserAccountData(); - - do_check_null(data.deviceId); - do_check_eq(data.deviceRegistrationVersion, DEVICE_REGISTRATION_VERSION); -}); - -add_task(function* test_updateDeviceRegistration_with_device_session_conflict_error() { - const deviceName = "foo"; - const deviceType = "bar"; - - const credentials = getTestUser("baz"); - const fxa = new MockFxAccounts({ name: deviceName }); - yield fxa.internal.setSignedInUser(credentials); - - const spy = { - registerDevice: { count: 0, args: [] }, - updateDevice: { count: 0, args: [], times: [] }, - getDeviceList: { count: 0, args: [] } - }; - const client = fxa.internal.fxAccountsClient; - client.registerDevice = function () { - spy.registerDevice.count += 1; - spy.registerDevice.args.push(arguments); - return Promise.resolve({}); - }; - client.updateDevice = function () { - spy.updateDevice.count += 1; - spy.updateDevice.args.push(arguments); - spy.updateDevice.time = Date.now(); - if (spy.updateDevice.count === 1) { - return Promise.reject({ - code: 400, - errno: ERRNO_DEVICE_SESSION_CONFLICT - }); - } - return Promise.resolve({ - id: credentials.deviceId, - name: deviceName - }); - }; - client.getDeviceList = function () { - spy.getDeviceList.count += 1; - spy.getDeviceList.args.push(arguments); - spy.getDeviceList.time = Date.now(); - return Promise.resolve([ - { id: "ignore", name: "ignore", type: "ignore", isCurrentDevice: false }, - { id: credentials.deviceId, name: deviceName, type: deviceType, isCurrentDevice: true } - ]); - }; - - const result = yield fxa.updateDeviceRegistration(); - - do_check_eq(result, credentials.deviceId); - do_check_eq(spy.registerDevice.count, 0); - do_check_eq(spy.updateDevice.count, 1); - do_check_eq(spy.updateDevice.args[0].length, 4); - do_check_eq(spy.updateDevice.args[0][0], credentials.sessionToken); - do_check_eq(spy.updateDevice.args[0][1], credentials.deviceId); - do_check_eq(spy.updateDevice.args[0][2], deviceName); - do_check_eq(spy.updateDevice.args[0][3].pushCallback, "http://mochi.test:8888"); - do_check_eq(spy.updateDevice.args[0][3].pushPublicKey, BOGUS_PUBLICKEY); - do_check_eq(spy.updateDevice.args[0][3].pushAuthKey, BOGUS_AUTHKEY); - do_check_eq(spy.getDeviceList.count, 1); - do_check_eq(spy.getDeviceList.args[0].length, 1); - do_check_eq(spy.getDeviceList.args[0][0], credentials.sessionToken); - do_check_true(spy.getDeviceList.time >= spy.updateDevice.time); - - const state = fxa.internal.currentAccountState; - const data = yield state.getUserAccountData(); - - do_check_eq(data.deviceId, credentials.deviceId); - do_check_eq(data.deviceRegistrationVersion, null); -}); - -add_task(function* test_updateDeviceRegistration_with_unrecoverable_error() { - const deviceName = "foo"; - const deviceType = "bar"; - - const credentials = getTestUser("baz"); - delete credentials.deviceId; - const fxa = new MockFxAccounts({ name: deviceName }); - yield fxa.internal.setSignedInUser(credentials); - - const spy = { - registerDevice: { count: 0, args: [] }, - updateDevice: { count: 0, args: [] }, - getDeviceList: { count: 0, args: [] } - }; - const client = fxa.internal.fxAccountsClient; - client.registerDevice = function () { - spy.registerDevice.count += 1; - spy.registerDevice.args.push(arguments); - return Promise.reject({ - code: 400, - errno: ERRNO_TOO_MANY_CLIENT_REQUESTS - }); - }; - client.updateDevice = function () { - spy.updateDevice.count += 1; - spy.updateDevice.args.push(arguments); - return Promise.resolve({}); - }; - client.getDeviceList = function () { - spy.getDeviceList.count += 1; - spy.getDeviceList.args.push(arguments); - return Promise.resolve([]); - }; - - const result = yield fxa.updateDeviceRegistration(); - - do_check_null(result); - do_check_eq(spy.getDeviceList.count, 0); - do_check_eq(spy.updateDevice.count, 0); - do_check_eq(spy.registerDevice.count, 1); - do_check_eq(spy.registerDevice.args[0].length, 4); - - const state = fxa.internal.currentAccountState; - const data = yield state.getUserAccountData(); - - do_check_null(data.deviceId); -}); - -add_task(function* test_getDeviceId_with_no_device_id_invokes_device_registration() { - const credentials = getTestUser("foo"); - credentials.verified = true; - delete credentials.deviceId; - const fxa = new MockFxAccounts(); - yield fxa.internal.setSignedInUser(credentials); - - const spy = { count: 0, args: [] }; - fxa.internal.currentAccountState.getUserAccountData = - () => Promise.resolve({ email: credentials.email, - deviceRegistrationVersion: DEVICE_REGISTRATION_VERSION }); - fxa.internal._registerOrUpdateDevice = function () { - spy.count += 1; - spy.args.push(arguments); - return Promise.resolve("bar"); - }; - - const result = yield fxa.internal.getDeviceId(); - - do_check_eq(spy.count, 1); - do_check_eq(spy.args[0].length, 1); - do_check_eq(spy.args[0][0].email, credentials.email); - do_check_null(spy.args[0][0].deviceId); - do_check_eq(result, "bar"); -}); - -add_task(function* test_getDeviceId_with_registration_version_outdated_invokes_device_registration() { - const credentials = getTestUser("foo"); - credentials.verified = true; - const fxa = new MockFxAccounts(); - yield fxa.internal.setSignedInUser(credentials); - - const spy = { count: 0, args: [] }; - fxa.internal.currentAccountState.getUserAccountData = - () => Promise.resolve({ deviceId: credentials.deviceId, deviceRegistrationVersion: 0 }); - fxa.internal._registerOrUpdateDevice = function () { - spy.count += 1; - spy.args.push(arguments); - return Promise.resolve("wibble"); - }; - - const result = yield fxa.internal.getDeviceId(); - - do_check_eq(spy.count, 1); - do_check_eq(spy.args[0].length, 1); - do_check_eq(spy.args[0][0].deviceId, credentials.deviceId); - do_check_eq(result, "wibble"); -}); - -add_task(function* test_getDeviceId_with_device_id_and_uptodate_registration_version_doesnt_invoke_device_registration() { - const credentials = getTestUser("foo"); - credentials.verified = true; - const fxa = new MockFxAccounts(); - yield fxa.internal.setSignedInUser(credentials); - - const spy = { count: 0 }; - fxa.internal.currentAccountState.getUserAccountData = - () => Promise.resolve({ deviceId: credentials.deviceId, deviceRegistrationVersion: DEVICE_REGISTRATION_VERSION }); - fxa.internal._registerOrUpdateDevice = function () { - spy.count += 1; - return Promise.resolve("bar"); - }; - - const result = yield fxa.internal.getDeviceId(); - - do_check_eq(spy.count, 0); - do_check_eq(result, "foo's device id"); -}); - -add_task(function* test_getDeviceId_with_device_id_and_with_no_registration_version_invokes_device_registration() { - const credentials = getTestUser("foo"); - credentials.verified = true; - const fxa = new MockFxAccounts(); - yield fxa.internal.setSignedInUser(credentials); - - const spy = { count: 0, args: [] }; - fxa.internal.currentAccountState.getUserAccountData = - () => Promise.resolve({ deviceId: credentials.deviceId }); - fxa.internal._registerOrUpdateDevice = function () { - spy.count += 1; - spy.args.push(arguments); - return Promise.resolve("wibble"); - }; - - const result = yield fxa.internal.getDeviceId(); - - do_check_eq(spy.count, 1); - do_check_eq(spy.args[0].length, 1); - do_check_eq(spy.args[0][0].deviceId, credentials.deviceId); - do_check_eq(result, "wibble"); -}); - -function expandHex(two_hex) { - // Return a 64-character hex string, encoding 32 identical bytes. - let eight_hex = two_hex + two_hex + two_hex + two_hex; - let thirtytwo_hex = eight_hex + eight_hex + eight_hex + eight_hex; - return thirtytwo_hex + thirtytwo_hex; -}; - -function expandBytes(two_hex) { - return CommonUtils.hexToBytes(expandHex(two_hex)); -}; - -function getTestUser(name) { - return { - email: name + "@example.com", - uid: "1ad7f502-4cc7-4ec1-a209-071fd2fae348", - deviceId: name + "'s device id", - sessionToken: name + "'s session token", - keyFetchToken: name + "'s keyfetch token", - unwrapBKey: expandHex("44"), - verified: false - }; -} - diff --git a/services/fxaccounts/tests/xpcshell/test_client.js b/services/fxaccounts/tests/xpcshell/test_client.js deleted file mode 100644 index 83f42bdf5..000000000 --- a/services/fxaccounts/tests/xpcshell/test_client.js +++ /dev/null @@ -1,917 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - * http://creativecommons.org/publicdomain/zero/1.0/ */ - -"use strict"; - -Cu.import("resource://gre/modules/FxAccountsClient.jsm"); -Cu.import("resource://gre/modules/Promise.jsm"); -Cu.import("resource://services-common/utils.js"); -Cu.import("resource://services-common/hawkrequest.js"); -Cu.import("resource://services-crypto/utils.js"); - -const FAKE_SESSION_TOKEN = "a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebf"; - -function run_test() { - run_next_test(); -} - -// https://wiki.mozilla.org/Identity/AttachedServices/KeyServerProtocol#.2Faccount.2Fkeys -var ACCOUNT_KEYS = { - keyFetch: h("8081828384858687 88898a8b8c8d8e8f"+ - "9091929394959697 98999a9b9c9d9e9f"), - - response: h("ee5c58845c7c9412 b11bbd20920c2fdd"+ - "d83c33c9cd2c2de2 d66b222613364636"+ - "c2c0f8cfbb7c6304 72c0bd88451342c6"+ - "c05b14ce342c5ad4 6ad89e84464c993c"+ - "3927d30230157d08 17a077eef4b20d97"+ - "6f7a97363faf3f06 4c003ada7d01aa70"), - - kA: h("2021222324252627 28292a2b2c2d2e2f"+ - "3031323334353637 38393a3b3c3d3e3f"), - - wrapKB: h("4041424344454647 48494a4b4c4d4e4f"+ - "5051525354555657 58595a5b5c5d5e5f"), -}; - -function deferredStop(server) { - let deferred = Promise.defer(); - server.stop(deferred.resolve); - return deferred.promise; -} - -add_task(function* test_authenticated_get_request() { - let message = "{\"msg\": \"Great Success!\"}"; - let credentials = { - id: "eyJleHBpcmVzIjogMTM2NTAxMDg5OC4x", - key: "qTZf4ZFpAMpMoeSsX3zVRjiqmNs=", - algorithm: "sha256" - }; - let method = "GET"; - - let server = httpd_setup({"/foo": function(request, response) { - do_check_true(request.hasHeader("Authorization")); - - response.setStatusLine(request.httpVersion, 200, "OK"); - response.bodyOutputStream.write(message, message.length); - } - }); - - let client = new FxAccountsClient(server.baseURI); - - let result = yield client._request("/foo", method, credentials); - do_check_eq("Great Success!", result.msg); - - yield deferredStop(server); -}); - -add_task(function* test_authenticated_post_request() { - let credentials = { - id: "eyJleHBpcmVzIjogMTM2NTAxMDg5OC4x", - key: "qTZf4ZFpAMpMoeSsX3zVRjiqmNs=", - algorithm: "sha256" - }; - let method = "POST"; - - let server = httpd_setup({"/foo": function(request, response) { - do_check_true(request.hasHeader("Authorization")); - - response.setStatusLine(request.httpVersion, 200, "OK"); - response.setHeader("Content-Type", "application/json"); - response.bodyOutputStream.writeFrom(request.bodyInputStream, request.bodyInputStream.available()); - } - }); - - let client = new FxAccountsClient(server.baseURI); - - let result = yield client._request("/foo", method, credentials, {foo: "bar"}); - do_check_eq("bar", result.foo); - - yield deferredStop(server); -}); - -add_task(function* test_500_error() { - let message = "<h1>Ooops!</h1>"; - let method = "GET"; - - let server = httpd_setup({"/foo": function(request, response) { - response.setStatusLine(request.httpVersion, 500, "Internal Server Error"); - response.bodyOutputStream.write(message, message.length); - } - }); - - let client = new FxAccountsClient(server.baseURI); - - try { - yield client._request("/foo", method); - do_throw("Expected to catch an exception"); - } catch (e) { - do_check_eq(500, e.code); - do_check_eq("Internal Server Error", e.message); - } - - yield deferredStop(server); -}); - -add_task(function* test_backoffError() { - let method = "GET"; - let server = httpd_setup({ - "/retryDelay": function(request, response) { - response.setHeader("Retry-After", "30"); - response.setStatusLine(request.httpVersion, 429, "Client has sent too many requests"); - let message = "<h1>Ooops!</h1>"; - response.bodyOutputStream.write(message, message.length); - }, - "/duringDelayIShouldNotBeCalled": function(request, response) { - response.setStatusLine(request.httpVersion, 200, "OK"); - let jsonMessage = "{\"working\": \"yes\"}"; - response.bodyOutputStream.write(jsonMessage, jsonMessage.length); - }, - }); - - let client = new FxAccountsClient(server.baseURI); - - // Retry-After header sets client.backoffError - do_check_eq(client.backoffError, null); - try { - yield client._request("/retryDelay", method); - } catch (e) { - do_check_eq(429, e.code); - do_check_eq(30, e.retryAfter); - do_check_neq(typeof(client.fxaBackoffTimer), "undefined"); - do_check_neq(client.backoffError, null); - } - // While delay is in effect, client short-circuits any requests - // and re-rejects with previous error. - try { - yield client._request("/duringDelayIShouldNotBeCalled", method); - throw new Error("I should not be reached"); - } catch (e) { - do_check_eq(e.retryAfter, 30); - do_check_eq(e.message, "Client has sent too many requests"); - do_check_neq(client.backoffError, null); - } - // Once timer fires, client nulls error out and HTTP calls work again. - client._clearBackoff(); - let result = yield client._request("/duringDelayIShouldNotBeCalled", method); - do_check_eq(client.backoffError, null); - do_check_eq(result.working, "yes"); - - yield deferredStop(server); -}); - -add_task(function* test_signUp() { - let creationMessage_noKey = JSON.stringify({ - uid: "uid", - sessionToken: "sessionToken" - }); - let creationMessage_withKey = JSON.stringify({ - uid: "uid", - sessionToken: "sessionToken", - keyFetchToken: "keyFetchToken" - }); - let errorMessage = JSON.stringify({code: 400, errno: 101, error: "account exists"}); - let created = false; - - // Note these strings must be unicode and not already utf-8 encoded. - let unicodeUsername = "andr\xe9@example.org"; // 'andré@example.org' - let unicodePassword = "p\xe4ssw\xf6rd"; // 'pässwörd' - let server = httpd_setup({ - "/account/create": function(request, response) { - let body = CommonUtils.readBytesFromInputStream(request.bodyInputStream); - body = CommonUtils.decodeUTF8(body); - let jsonBody = JSON.parse(body); - - // https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol#wiki-test-vectors - - if (created) { - // Error trying to create same account a second time - response.setStatusLine(request.httpVersion, 400, "Bad request"); - response.bodyOutputStream.write(errorMessage, errorMessage.length); - return; - } - - if (jsonBody.email == unicodeUsername) { - do_check_eq("", request._queryString); - do_check_eq(jsonBody.authPW, "247b675ffb4c46310bc87e26d712153abe5e1c90ef00a4784594f97ef54f2375"); - - response.setStatusLine(request.httpVersion, 200, "OK"); - response.bodyOutputStream.write(creationMessage_noKey, - creationMessage_noKey.length); - return; - } - - if (jsonBody.email == "you@example.org") { - do_check_eq("keys=true", request._queryString); - do_check_eq(jsonBody.authPW, "e5c1cdfdaa5fcee06142db865b212cc8ba8abee2a27d639d42c139f006cdb930"); - created = true; - - response.setStatusLine(request.httpVersion, 200, "OK"); - response.bodyOutputStream.write(creationMessage_withKey, - creationMessage_withKey.length); - return; - } - // just throwing here doesn't make any log noise, so have an assertion - // fail instead. - do_check_true(false, "unexpected email: " + jsonBody.email); - }, - }); - - // Try to create an account without retrieving optional keys. - let client = new FxAccountsClient(server.baseURI); - let result = yield client.signUp(unicodeUsername, unicodePassword); - do_check_eq("uid", result.uid); - do_check_eq("sessionToken", result.sessionToken); - do_check_eq(undefined, result.keyFetchToken); - do_check_eq(result.unwrapBKey, - "de6a2648b78284fcb9ffa81ba95803309cfba7af583c01a8a1a63e567234dd28"); - - // Try to create an account retrieving optional keys. - result = yield client.signUp('you@example.org', 'pässwörd', true); - do_check_eq("uid", result.uid); - do_check_eq("sessionToken", result.sessionToken); - do_check_eq("keyFetchToken", result.keyFetchToken); - do_check_eq(result.unwrapBKey, - "f589225b609e56075d76eb74f771ff9ab18a4dc0e901e131ba8f984c7fb0ca8c"); - - // Try to create an existing account. Triggers error path. - try { - result = yield client.signUp(unicodeUsername, unicodePassword); - do_throw("Expected to catch an exception"); - } catch(expectedError) { - do_check_eq(101, expectedError.errno); - } - - yield deferredStop(server); -}); - -add_task(function* test_signIn() { - let sessionMessage_noKey = JSON.stringify({ - sessionToken: FAKE_SESSION_TOKEN - }); - let sessionMessage_withKey = JSON.stringify({ - sessionToken: FAKE_SESSION_TOKEN, - keyFetchToken: "keyFetchToken" - }); - let errorMessage_notExistent = JSON.stringify({ - code: 400, - errno: 102, - error: "doesn't exist" - }); - let errorMessage_wrongCap = JSON.stringify({ - code: 400, - errno: 120, - error: "Incorrect email case", - email: "you@example.com" - }); - - // Note this strings must be unicode and not already utf-8 encoded. - let unicodeUsername = "m\xe9@example.com" // 'mé@example.com' - let server = httpd_setup({ - "/account/login": function(request, response) { - let body = CommonUtils.readBytesFromInputStream(request.bodyInputStream); - body = CommonUtils.decodeUTF8(body); - let jsonBody = JSON.parse(body); - - if (jsonBody.email == unicodeUsername) { - do_check_eq("", request._queryString); - do_check_eq(jsonBody.authPW, "08b9d111196b8408e8ed92439da49206c8ecfbf343df0ae1ecefcd1e0174a8b6"); - response.setStatusLine(request.httpVersion, 200, "OK"); - response.bodyOutputStream.write(sessionMessage_noKey, - sessionMessage_noKey.length); - return; - } - else if (jsonBody.email == "you@example.com") { - do_check_eq("keys=true", request._queryString); - do_check_eq(jsonBody.authPW, "93d20ec50304d496d0707ec20d7e8c89459b6396ec5dd5b9e92809c5e42856c7"); - response.setStatusLine(request.httpVersion, 200, "OK"); - response.bodyOutputStream.write(sessionMessage_withKey, - sessionMessage_withKey.length); - return; - } - else if (jsonBody.email == "You@example.com") { - // Error trying to sign in with a wrong capitalization - response.setStatusLine(request.httpVersion, 400, "Bad request"); - response.bodyOutputStream.write(errorMessage_wrongCap, - errorMessage_wrongCap.length); - return; - } - else { - // Error trying to sign in to nonexistent account - response.setStatusLine(request.httpVersion, 400, "Bad request"); - response.bodyOutputStream.write(errorMessage_notExistent, - errorMessage_notExistent.length); - return; - } - }, - }); - - // Login without retrieving optional keys - let client = new FxAccountsClient(server.baseURI); - let result = yield client.signIn(unicodeUsername, 'bigsecret'); - do_check_eq(FAKE_SESSION_TOKEN, result.sessionToken); - do_check_eq(result.unwrapBKey, - "c076ec3f4af123a615157154c6e1d0d6293e514fd7b0221e32d50517ecf002b8"); - do_check_eq(undefined, result.keyFetchToken); - - // Login with retrieving optional keys - result = yield client.signIn('you@example.com', 'bigsecret', true); - do_check_eq(FAKE_SESSION_TOKEN, result.sessionToken); - do_check_eq(result.unwrapBKey, - "65970516211062112e955d6420bebe020269d6b6a91ebd288319fc8d0cb49624"); - do_check_eq("keyFetchToken", result.keyFetchToken); - - // Retry due to wrong email capitalization - result = yield client.signIn('You@example.com', 'bigsecret', true); - do_check_eq(FAKE_SESSION_TOKEN, result.sessionToken); - do_check_eq(result.unwrapBKey, - "65970516211062112e955d6420bebe020269d6b6a91ebd288319fc8d0cb49624"); - do_check_eq("keyFetchToken", result.keyFetchToken); - - // Trigger error path - try { - result = yield client.signIn("yøü@bad.example.org", "nofear"); - do_throw("Expected to catch an exception"); - } catch (expectedError) { - do_check_eq(102, expectedError.errno); - } - - yield deferredStop(server); -}); - -add_task(function* test_signOut() { - let signoutMessage = JSON.stringify({}); - let errorMessage = JSON.stringify({code: 400, errno: 102, error: "doesn't exist"}); - let signedOut = false; - - let server = httpd_setup({ - "/session/destroy": function(request, response) { - if (!signedOut) { - signedOut = true; - do_check_true(request.hasHeader("Authorization")); - response.setStatusLine(request.httpVersion, 200, "OK"); - response.bodyOutputStream.write(signoutMessage, signoutMessage.length); - return; - } - - // Error trying to sign out of nonexistent account - response.setStatusLine(request.httpVersion, 400, "Bad request"); - response.bodyOutputStream.write(errorMessage, errorMessage.length); - return; - }, - }); - - let client = new FxAccountsClient(server.baseURI); - let result = yield client.signOut("FakeSession"); - do_check_eq(typeof result, "object"); - - // Trigger error path - try { - result = yield client.signOut("FakeSession"); - do_throw("Expected to catch an exception"); - } catch(expectedError) { - do_check_eq(102, expectedError.errno); - } - - yield deferredStop(server); -}); - -add_task(function* test_recoveryEmailStatus() { - let emailStatus = JSON.stringify({verified: true}); - let errorMessage = JSON.stringify({code: 400, errno: 102, error: "doesn't exist"}); - let tries = 0; - - let server = httpd_setup({ - "/recovery_email/status": function(request, response) { - do_check_true(request.hasHeader("Authorization")); - do_check_eq("", request._queryString); - - if (tries === 0) { - tries += 1; - response.setStatusLine(request.httpVersion, 200, "OK"); - response.bodyOutputStream.write(emailStatus, emailStatus.length); - return; - } - - // Second call gets an error trying to query a nonexistent account - response.setStatusLine(request.httpVersion, 400, "Bad request"); - response.bodyOutputStream.write(errorMessage, errorMessage.length); - return; - }, - }); - - let client = new FxAccountsClient(server.baseURI); - let result = yield client.recoveryEmailStatus(FAKE_SESSION_TOKEN); - do_check_eq(result.verified, true); - - // Trigger error path - try { - result = yield client.recoveryEmailStatus("some bogus session"); - do_throw("Expected to catch an exception"); - } catch(expectedError) { - do_check_eq(102, expectedError.errno); - } - - yield deferredStop(server); -}); - -add_task(function* test_recoveryEmailStatusWithReason() { - let emailStatus = JSON.stringify({verified: true}); - let server = httpd_setup({ - "/recovery_email/status": function(request, response) { - do_check_true(request.hasHeader("Authorization")); - // if there is a query string then it will have a reason - do_check_eq("reason=push", request._queryString); - - response.setStatusLine(request.httpVersion, 200, "OK"); - response.bodyOutputStream.write(emailStatus, emailStatus.length); - return; - }, - }); - - let client = new FxAccountsClient(server.baseURI); - let result = yield client.recoveryEmailStatus(FAKE_SESSION_TOKEN, { - reason: "push", - }); - do_check_eq(result.verified, true); - yield deferredStop(server); -}); - -add_task(function* test_resendVerificationEmail() { - let emptyMessage = "{}"; - let errorMessage = JSON.stringify({code: 400, errno: 102, error: "doesn't exist"}); - let tries = 0; - - let server = httpd_setup({ - "/recovery_email/resend_code": function(request, response) { - do_check_true(request.hasHeader("Authorization")); - if (tries === 0) { - tries += 1; - response.setStatusLine(request.httpVersion, 200, "OK"); - response.bodyOutputStream.write(emptyMessage, emptyMessage.length); - return; - } - - // Second call gets an error trying to query a nonexistent account - response.setStatusLine(request.httpVersion, 400, "Bad request"); - response.bodyOutputStream.write(errorMessage, errorMessage.length); - return; - }, - }); - - let client = new FxAccountsClient(server.baseURI); - let result = yield client.resendVerificationEmail(FAKE_SESSION_TOKEN); - do_check_eq(JSON.stringify(result), emptyMessage); - - // Trigger error path - try { - result = yield client.resendVerificationEmail("some bogus session"); - do_throw("Expected to catch an exception"); - } catch(expectedError) { - do_check_eq(102, expectedError.errno); - } - - yield deferredStop(server); -}); - -add_task(function* test_accountKeys() { - // Four calls to accountKeys(). The first one should work correctly, and we - // should get a valid bundle back, in exchange for our keyFetch token, from - // which we correctly derive kA and wrapKB. The subsequent three calls - // should all trigger separate error paths. - let responseMessage = JSON.stringify({bundle: ACCOUNT_KEYS.response}); - let errorMessage = JSON.stringify({code: 400, errno: 102, error: "doesn't exist"}); - let emptyMessage = "{}"; - let attempt = 0; - - let server = httpd_setup({ - "/account/keys": function(request, response) { - do_check_true(request.hasHeader("Authorization")); - attempt += 1; - - switch(attempt) { - case 1: - // First time succeeds - response.setStatusLine(request.httpVersion, 200, "OK"); - response.bodyOutputStream.write(responseMessage, responseMessage.length); - break; - - case 2: - // Second time, return no bundle to trigger client error - response.setStatusLine(request.httpVersion, 200, "OK"); - response.bodyOutputStream.write(emptyMessage, emptyMessage.length); - break; - - case 3: - // Return gibberish to trigger client MAC error - // Tweak a byte - let garbageResponse = JSON.stringify({ - bundle: ACCOUNT_KEYS.response.slice(0, -1) + "1" - }); - response.setStatusLine(request.httpVersion, 200, "OK"); - response.bodyOutputStream.write(garbageResponse, garbageResponse.length); - break; - - case 4: - // Trigger error for nonexistent account - response.setStatusLine(request.httpVersion, 400, "Bad request"); - response.bodyOutputStream.write(errorMessage, errorMessage.length); - break; - } - }, - }); - - let client = new FxAccountsClient(server.baseURI); - - // First try, all should be good - let result = yield client.accountKeys(ACCOUNT_KEYS.keyFetch); - do_check_eq(CommonUtils.hexToBytes(ACCOUNT_KEYS.kA), result.kA); - do_check_eq(CommonUtils.hexToBytes(ACCOUNT_KEYS.wrapKB), result.wrapKB); - - // Second try, empty bundle should trigger error - try { - result = yield client.accountKeys(ACCOUNT_KEYS.keyFetch); - do_throw("Expected to catch an exception"); - } catch(expectedError) { - do_check_eq(expectedError.message, "failed to retrieve keys"); - } - - // Third try, bad bundle results in MAC error - try { - result = yield client.accountKeys(ACCOUNT_KEYS.keyFetch); - do_throw("Expected to catch an exception"); - } catch(expectedError) { - do_check_eq(expectedError.message, "error unbundling encryption keys"); - } - - // Fourth try, pretend account doesn't exist - try { - result = yield client.accountKeys(ACCOUNT_KEYS.keyFetch); - do_throw("Expected to catch an exception"); - } catch(expectedError) { - do_check_eq(102, expectedError.errno); - } - - yield deferredStop(server); -}); - -add_task(function* test_signCertificate() { - let certSignMessage = JSON.stringify({cert: {bar: "baz"}}); - let errorMessage = JSON.stringify({code: 400, errno: 102, error: "doesn't exist"}); - let tries = 0; - - let server = httpd_setup({ - "/certificate/sign": function(request, response) { - do_check_true(request.hasHeader("Authorization")); - - if (tries === 0) { - tries += 1; - let body = CommonUtils.readBytesFromInputStream(request.bodyInputStream); - let jsonBody = JSON.parse(body); - do_check_eq(JSON.parse(jsonBody.publicKey).foo, "bar"); - do_check_eq(jsonBody.duration, 600); - response.setStatusLine(request.httpVersion, 200, "OK"); - response.bodyOutputStream.write(certSignMessage, certSignMessage.length); - return; - } - - // Second attempt, trigger error - response.setStatusLine(request.httpVersion, 400, "Bad request"); - response.bodyOutputStream.write(errorMessage, errorMessage.length); - return; - }, - }); - - let client = new FxAccountsClient(server.baseURI); - let result = yield client.signCertificate(FAKE_SESSION_TOKEN, JSON.stringify({foo: "bar"}), 600); - do_check_eq("baz", result.bar); - - // Account doesn't exist - try { - result = yield client.signCertificate("bogus", JSON.stringify({foo: "bar"}), 600); - do_throw("Expected to catch an exception"); - } catch(expectedError) { - do_check_eq(102, expectedError.errno); - } - - yield deferredStop(server); -}); - -add_task(function* test_accountExists() { - let sessionMessage = JSON.stringify({sessionToken: FAKE_SESSION_TOKEN}); - let existsMessage = JSON.stringify({error: "wrong password", code: 400, errno: 103}); - let doesntExistMessage = JSON.stringify({error: "no such account", code: 400, errno: 102}); - let emptyMessage = "{}"; - - let server = httpd_setup({ - "/account/login": function(request, response) { - let body = CommonUtils.readBytesFromInputStream(request.bodyInputStream); - let jsonBody = JSON.parse(body); - - switch (jsonBody.email) { - // We'll test that these users' accounts exist - case "i.exist@example.com": - case "i.also.exist@example.com": - response.setStatusLine(request.httpVersion, 400, "Bad request"); - response.bodyOutputStream.write(existsMessage, existsMessage.length); - break; - - // This user's account doesn't exist - case "i.dont.exist@example.com": - response.setStatusLine(request.httpVersion, 400, "Bad request"); - response.bodyOutputStream.write(doesntExistMessage, doesntExistMessage.length); - break; - - // This user throws an unexpected response - // This will reject the client signIn promise - case "i.break.things@example.com": - response.setStatusLine(request.httpVersion, 500, "Alas"); - response.bodyOutputStream.write(emptyMessage, emptyMessage.length); - break; - - default: - throw new Error("Unexpected login from " + jsonBody.email); - break; - } - }, - }); - - let client = new FxAccountsClient(server.baseURI); - let result; - - result = yield client.accountExists("i.exist@example.com"); - do_check_true(result); - - result = yield client.accountExists("i.also.exist@example.com"); - do_check_true(result); - - result = yield client.accountExists("i.dont.exist@example.com"); - do_check_false(result); - - try { - result = yield client.accountExists("i.break.things@example.com"); - do_throw("Expected to catch an exception"); - } catch(unexpectedError) { - do_check_eq(unexpectedError.code, 500); - } - - yield deferredStop(server); -}); - -add_task(function* test_registerDevice() { - const DEVICE_ID = "device id"; - const DEVICE_NAME = "device name"; - const DEVICE_TYPE = "device type"; - const ERROR_NAME = "test that the client promise rejects"; - - const server = httpd_setup({ - "/account/device": function(request, response) { - const body = JSON.parse(CommonUtils.readBytesFromInputStream(request.bodyInputStream)); - - if (body.id || !body.name || !body.type || Object.keys(body).length !== 2) { - response.setStatusLine(request.httpVersion, 400, "Invalid request"); - return response.bodyOutputStream.write("{}", 2); - } - - if (body.name === ERROR_NAME) { - response.setStatusLine(request.httpVersion, 500, "Alas"); - return response.bodyOutputStream.write("{}", 2); - } - - body.id = DEVICE_ID; - body.createdAt = Date.now(); - - const responseMessage = JSON.stringify(body); - - response.setStatusLine(request.httpVersion, 200, "OK"); - response.bodyOutputStream.write(responseMessage, responseMessage.length); - }, - }); - - const client = new FxAccountsClient(server.baseURI); - const result = yield client.registerDevice(FAKE_SESSION_TOKEN, DEVICE_NAME, DEVICE_TYPE); - - do_check_true(result); - do_check_eq(Object.keys(result).length, 4); - do_check_eq(result.id, DEVICE_ID); - do_check_eq(typeof result.createdAt, 'number'); - do_check_true(result.createdAt > 0); - do_check_eq(result.name, DEVICE_NAME); - do_check_eq(result.type, DEVICE_TYPE); - - try { - yield client.registerDevice(FAKE_SESSION_TOKEN, ERROR_NAME, DEVICE_TYPE); - do_throw("Expected to catch an exception"); - } catch(unexpectedError) { - do_check_eq(unexpectedError.code, 500); - } - - yield deferredStop(server); -}); - -add_task(function* test_updateDevice() { - const DEVICE_ID = "some other id"; - const DEVICE_NAME = "some other name"; - const ERROR_ID = "test that the client promise rejects"; - - const server = httpd_setup({ - "/account/device": function(request, response) { - const body = JSON.parse(CommonUtils.readBytesFromInputStream(request.bodyInputStream)); - - if (!body.id || !body.name || body.type || Object.keys(body).length !== 2) { - response.setStatusLine(request.httpVersion, 400, "Invalid request"); - return response.bodyOutputStream.write("{}", 2); - } - - if (body.id === ERROR_ID) { - response.setStatusLine(request.httpVersion, 500, "Alas"); - return response.bodyOutputStream.write("{}", 2); - } - - const responseMessage = JSON.stringify(body); - - response.setStatusLine(request.httpVersion, 200, "OK"); - response.bodyOutputStream.write(responseMessage, responseMessage.length); - }, - }); - - const client = new FxAccountsClient(server.baseURI); - const result = yield client.updateDevice(FAKE_SESSION_TOKEN, DEVICE_ID, DEVICE_NAME); - - do_check_true(result); - do_check_eq(Object.keys(result).length, 2); - do_check_eq(result.id, DEVICE_ID); - do_check_eq(result.name, DEVICE_NAME); - - try { - yield client.updateDevice(FAKE_SESSION_TOKEN, ERROR_ID, DEVICE_NAME); - do_throw("Expected to catch an exception"); - } catch(unexpectedError) { - do_check_eq(unexpectedError.code, 500); - } - - yield deferredStop(server); -}); - -add_task(function* test_signOutAndDestroyDevice() { - const DEVICE_ID = "device id"; - const ERROR_ID = "test that the client promise rejects"; - - const server = httpd_setup({ - "/account/device/destroy": function(request, response) { - const body = JSON.parse(CommonUtils.readBytesFromInputStream(request.bodyInputStream)); - - if (!body.id) { - response.setStatusLine(request.httpVersion, 400, "Invalid request"); - return response.bodyOutputStream.write(emptyMessage, emptyMessage.length); - } - - if (body.id === ERROR_ID) { - response.setStatusLine(request.httpVersion, 500, "Alas"); - return response.bodyOutputStream.write("{}", 2); - } - - response.setStatusLine(request.httpVersion, 200, "OK"); - response.bodyOutputStream.write("{}", 2); - }, - }); - - const client = new FxAccountsClient(server.baseURI); - const result = yield client.signOutAndDestroyDevice(FAKE_SESSION_TOKEN, DEVICE_ID); - - do_check_true(result); - do_check_eq(Object.keys(result).length, 0); - - try { - yield client.signOutAndDestroyDevice(FAKE_SESSION_TOKEN, ERROR_ID); - do_throw("Expected to catch an exception"); - } catch(unexpectedError) { - do_check_eq(unexpectedError.code, 500); - } - - yield deferredStop(server); -}); - -add_task(function* test_getDeviceList() { - let canReturnDevices; - - const server = httpd_setup({ - "/account/devices": function(request, response) { - if (canReturnDevices) { - response.setStatusLine(request.httpVersion, 200, "OK"); - response.bodyOutputStream.write("[]", 2); - } else { - response.setStatusLine(request.httpVersion, 500, "Alas"); - response.bodyOutputStream.write("{}", 2); - } - }, - }); - - const client = new FxAccountsClient(server.baseURI); - - canReturnDevices = true; - const result = yield client.getDeviceList(FAKE_SESSION_TOKEN); - do_check_true(Array.isArray(result)); - do_check_eq(result.length, 0); - - try { - canReturnDevices = false; - yield client.getDeviceList(FAKE_SESSION_TOKEN); - do_throw("Expected to catch an exception"); - } catch(unexpectedError) { - do_check_eq(unexpectedError.code, 500); - } - - yield deferredStop(server); -}); - -add_task(function* test_client_metrics() { - function writeResp(response, msg) { - if (typeof msg === "object") { - msg = JSON.stringify(msg); - } - response.bodyOutputStream.write(msg, msg.length); - } - - let server = httpd_setup( - { - "/session/destroy": function(request, response) { - response.setHeader("Content-Type", "application/json; charset=utf-8"); - response.setStatusLine(request.httpVersion, 401, "Unauthorized"); - writeResp(response, { - error: "invalid authentication timestamp", - code: 401, - errno: 111, - }); - }, - } - ); - - let client = new FxAccountsClient(server.baseURI); - - yield rejects(client.signOut(FAKE_SESSION_TOKEN, { - service: "sync", - }), function(err) { - return err.errno == 111; - }); - - yield deferredStop(server); -}); - -add_task(function* test_email_case() { - let canonicalEmail = "greta.garbo@gmail.com"; - let clientEmail = "Greta.Garbo@gmail.COM"; - let attempts = 0; - - function writeResp(response, msg) { - if (typeof msg === "object") { - msg = JSON.stringify(msg); - } - response.bodyOutputStream.write(msg, msg.length); - } - - let server = httpd_setup( - { - "/account/login": function(request, response) { - response.setHeader("Content-Type", "application/json; charset=utf-8"); - attempts += 1; - if (attempts > 2) { - response.setStatusLine(request.httpVersion, 429, "Sorry, you had your chance"); - return writeResp(response, ""); - } - - let body = CommonUtils.readBytesFromInputStream(request.bodyInputStream); - let jsonBody = JSON.parse(body); - let email = jsonBody.email; - - // If the client has the wrong case on the email, we return a 400, with - // the capitalization of the email as saved in the accounts database. - if (email == canonicalEmail) { - response.setStatusLine(request.httpVersion, 200, "Yay"); - return writeResp(response, {areWeHappy: "yes"}); - } - - response.setStatusLine(request.httpVersion, 400, "Incorrect email case"); - return writeResp(response, { - code: 400, - errno: 120, - error: "Incorrect email case", - email: canonicalEmail - }); - }, - } - ); - - let client = new FxAccountsClient(server.baseURI); - - let result = yield client.signIn(clientEmail, "123456"); - do_check_eq(result.areWeHappy, "yes"); - do_check_eq(attempts, 2); - - yield deferredStop(server); -}); - -// turn formatted test vectors into normal hex strings -function h(hexStr) { - return hexStr.replace(/\s+/g, ""); -} diff --git a/services/fxaccounts/tests/xpcshell/test_credentials.js b/services/fxaccounts/tests/xpcshell/test_credentials.js deleted file mode 100644 index cbd9e4c7a..000000000 --- a/services/fxaccounts/tests/xpcshell/test_credentials.js +++ /dev/null @@ -1,110 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - * http://creativecommons.org/publicdomain/zero/1.0/ */ - -Cu.import("resource://gre/modules/Credentials.jsm"); -Cu.import("resource://gre/modules/Promise.jsm"); -Cu.import("resource://services-common/utils.js"); -Cu.import("resource://services-crypto/utils.js"); - -var {hexToBytes: h2b, - hexAsString: h2s, - stringAsHex: s2h, - bytesAsHex: b2h} = CommonUtils; - -// Test vectors for the "onepw" protocol: -// https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol#wiki-test-vectors -var vectors = { - "client stretch-KDF": { - email: - h("616e6472c3a94065 78616d706c652e6f 7267"), - password: - h("70c3a4737377c3b6 7264"), - quickStretchedPW: - h("e4e8889bd8bd61ad 6de6b95c059d56e7 b50dacdaf62bd846 44af7e2add84345d"), - authPW: - h("247b675ffb4c4631 0bc87e26d712153a be5e1c90ef00a478 4594f97ef54f2375"), - authSalt: - h("00f0000000000000 0000000000000000 0000000000000000 0000000000000000"), - }, -}; - -// A simple test suite with no utf8 encoding madness. -add_task(function* test_onepw_setup_credentials() { - let email = "francine@example.org"; - let password = CommonUtils.encodeUTF8("i like pie"); - - let pbkdf2 = CryptoUtils.pbkdf2Generate; - let hkdf = CryptoUtils.hkdf; - - // quickStretch the email - let saltyEmail = Credentials.keyWordExtended("quickStretch", email); - - do_check_eq(b2h(saltyEmail), "6964656e746974792e6d6f7a696c6c612e636f6d2f7069636c2f76312f717569636b537472657463683a6672616e63696e65406578616d706c652e6f7267"); - - let pbkdf2Rounds = 1000; - let pbkdf2Len = 32; - - let quickStretchedPW = pbkdf2(password, saltyEmail, pbkdf2Rounds, pbkdf2Len, Ci.nsICryptoHMAC.SHA256, 32); - let quickStretchedActual = "6b88094c1c73bbf133223f300d101ed70837af48d9d2c1b6e7d38804b20cdde4"; - do_check_eq(b2h(quickStretchedPW), quickStretchedActual); - - // obtain hkdf info - let authKeyInfo = Credentials.keyWord('authPW'); - do_check_eq(b2h(authKeyInfo), "6964656e746974792e6d6f7a696c6c612e636f6d2f7069636c2f76312f617574685057"); - - // derive auth password - let hkdfSalt = h2b("00"); - let hkdfLen = 32; - let authPW = hkdf(quickStretchedPW, hkdfSalt, authKeyInfo, hkdfLen); - - do_check_eq(b2h(authPW), "4b8dec7f48e7852658163601ff766124c312f9392af6c3d4e1a247eb439be342"); - - // derive unwrap key - let unwrapKeyInfo = Credentials.keyWord('unwrapBkey'); - let unwrapKey = hkdf(quickStretchedPW, hkdfSalt, unwrapKeyInfo, hkdfLen); - - do_check_eq(b2h(unwrapKey), "8ff58975be391338e4ec5d7138b5ed7b65c7d1bfd1f3a4f93e05aa47d5b72be9"); -}); - -add_task(function* test_client_stretch_kdf() { - let pbkdf2 = CryptoUtils.pbkdf2Generate; - let hkdf = CryptoUtils.hkdf; - let expected = vectors["client stretch-KDF"]; - - let email = h2s(expected.email); - let password = h2s(expected.password); - - // Intermediate value from sjcl implementation in fxa-js-client - // The key thing is the c3a9 sequence in "andré" - let salt = Credentials.keyWordExtended("quickStretch", email); - do_check_eq(b2h(salt), "6964656e746974792e6d6f7a696c6c612e636f6d2f7069636c2f76312f717569636b537472657463683a616e6472c3a9406578616d706c652e6f7267"); - - let options = { - stretchedPassLength: 32, - pbkdf2Rounds: 1000, - hmacAlgorithm: Ci.nsICryptoHMAC.SHA256, - hmacLength: 32, - hkdfSalt: h2b("00"), - hkdfLength: 32, - }; - - let results = yield Credentials.setup(email, password, options); - - do_check_eq(expected.quickStretchedPW, b2h(results.quickStretchedPW), - "quickStretchedPW is wrong"); - - do_check_eq(expected.authPW, b2h(results.authPW), - "authPW is wrong"); -}); - -// End of tests -// Utility functions follow - -function run_test() { - run_next_test(); -} - -// turn formatted test vectors into normal hex strings -function h(hexStr) { - return hexStr.replace(/\s+/g, ""); -} diff --git a/services/fxaccounts/tests/xpcshell/test_loginmgr_storage.js b/services/fxaccounts/tests/xpcshell/test_loginmgr_storage.js deleted file mode 100644 index 64ddb1fd1..000000000 --- a/services/fxaccounts/tests/xpcshell/test_loginmgr_storage.js +++ /dev/null @@ -1,214 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - * http://creativecommons.org/publicdomain/zero/1.0/ */ - -"use strict"; - -// Tests for FxAccounts, storage and the master password. - -// Stop us hitting the real auth server. -Services.prefs.setCharPref("identity.fxaccounts.auth.uri", "http://localhost"); -// See verbose logging from FxAccounts.jsm -Services.prefs.setCharPref("identity.fxaccounts.loglevel", "Trace"); - -Cu.import("resource://gre/modules/Services.jsm"); -Cu.import("resource://gre/modules/FxAccounts.jsm"); -Cu.import("resource://gre/modules/FxAccountsClient.jsm"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -Cu.import("resource://gre/modules/osfile.jsm"); -Cu.import("resource://services-common/utils.js"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); - -// Use a backstage pass to get at our LoginManagerStorage object, so we can -// mock the prototype. -var {LoginManagerStorage} = Cu.import("resource://gre/modules/FxAccountsStorage.jsm", {}); -var isLoggedIn = true; -LoginManagerStorage.prototype.__defineGetter__("_isLoggedIn", () => isLoggedIn); - -function setLoginMgrLoggedInState(loggedIn) { - isLoggedIn = loggedIn; -} - - -initTestLogging("Trace"); - -function run_test() { - run_next_test(); -} - -function getLoginMgrData() { - let logins = Services.logins.findLogins({}, FXA_PWDMGR_HOST, null, FXA_PWDMGR_REALM); - if (logins.length == 0) { - return null; - } - Assert.equal(logins.length, 1, "only 1 login available"); - return logins[0]; -} - -function createFxAccounts() { - return new FxAccounts({ - _getDeviceName() { - return "mock device name"; - }, - fxaPushService: { - registerPushEndpoint() { - return new Promise((resolve) => { - resolve({ - endpoint: "http://mochi.test:8888" - }); - }); - }, - } - }); -} - -add_task(function* test_simple() { - let fxa = createFxAccounts(); - - let creds = { - uid: "abcd", - email: "test@example.com", - sessionToken: "sessionToken", - kA: "the kA value", - kB: "the kB value", - verified: true - }; - yield fxa.setSignedInUser(creds); - - // This should have stored stuff in both the .json file in the profile - // dir, and the login dir. - let path = OS.Path.join(OS.Constants.Path.profileDir, "signedInUser.json"); - let data = yield CommonUtils.readJSON(path); - - Assert.strictEqual(data.accountData.email, creds.email, "correct email in the clear text"); - Assert.strictEqual(data.accountData.sessionToken, creds.sessionToken, "correct sessionToken in the clear text"); - Assert.strictEqual(data.accountData.verified, creds.verified, "correct verified flag"); - - Assert.ok(!("kA" in data.accountData), "kA not stored in clear text"); - Assert.ok(!("kB" in data.accountData), "kB not stored in clear text"); - - let login = getLoginMgrData(); - Assert.strictEqual(login.username, creds.uid, "uid used for username"); - let loginData = JSON.parse(login.password); - Assert.strictEqual(loginData.version, data.version, "same version flag in both places"); - Assert.strictEqual(loginData.accountData.kA, creds.kA, "correct kA in the login mgr"); - Assert.strictEqual(loginData.accountData.kB, creds.kB, "correct kB in the login mgr"); - - Assert.ok(!("email" in loginData), "email not stored in the login mgr json"); - Assert.ok(!("sessionToken" in loginData), "sessionToken not stored in the login mgr json"); - Assert.ok(!("verified" in loginData), "verified not stored in the login mgr json"); - - yield fxa.signOut(/* localOnly = */ true); - Assert.strictEqual(getLoginMgrData(), null, "login mgr data deleted on logout"); -}); - -add_task(function* test_MPLocked() { - let fxa = createFxAccounts(); - - let creds = { - uid: "abcd", - email: "test@example.com", - sessionToken: "sessionToken", - kA: "the kA value", - kB: "the kB value", - verified: true - }; - - Assert.strictEqual(getLoginMgrData(), null, "no login mgr at the start"); - // tell the storage that the MP is locked. - setLoginMgrLoggedInState(false); - yield fxa.setSignedInUser(creds); - - // This should have stored stuff in the .json, and the login manager stuff - // will not exist. - let path = OS.Path.join(OS.Constants.Path.profileDir, "signedInUser.json"); - let data = yield CommonUtils.readJSON(path); - - Assert.strictEqual(data.accountData.email, creds.email, "correct email in the clear text"); - Assert.strictEqual(data.accountData.sessionToken, creds.sessionToken, "correct sessionToken in the clear text"); - Assert.strictEqual(data.accountData.verified, creds.verified, "correct verified flag"); - - Assert.ok(!("kA" in data.accountData), "kA not stored in clear text"); - Assert.ok(!("kB" in data.accountData), "kB not stored in clear text"); - - Assert.strictEqual(getLoginMgrData(), null, "login mgr data doesn't exist"); - yield fxa.signOut(/* localOnly = */ true) -}); - - -add_task(function* test_consistentWithMPEdgeCases() { - setLoginMgrLoggedInState(true); - - let fxa = createFxAccounts(); - - let creds1 = { - uid: "uid1", - email: "test@example.com", - sessionToken: "sessionToken", - kA: "the kA value", - kB: "the kB value", - verified: true - }; - - let creds2 = { - uid: "uid2", - email: "test2@example.com", - sessionToken: "sessionToken2", - kA: "the kA value2", - kB: "the kB value2", - verified: false, - }; - - // Log a user in while MP is unlocked. - yield fxa.setSignedInUser(creds1); - - // tell the storage that the MP is locked - this will prevent logout from - // being able to clear the data. - setLoginMgrLoggedInState(false); - - // now set the second credentials. - yield fxa.setSignedInUser(creds2); - - // We should still have creds1 data in the login manager. - let login = getLoginMgrData(); - Assert.strictEqual(login.username, creds1.uid); - // and that we do have the first kA in the login manager. - Assert.strictEqual(JSON.parse(login.password).accountData.kA, creds1.kA, - "stale data still in login mgr"); - - // Make a new FxA instance (otherwise the values in memory will be used) - // and we want the login manager to be unlocked. - setLoginMgrLoggedInState(true); - fxa = createFxAccounts(); - - let accountData = yield fxa.getSignedInUser(); - Assert.strictEqual(accountData.email, creds2.email); - // we should have no kA at all. - Assert.strictEqual(accountData.kA, undefined, "stale kA wasn't used"); - yield fxa.signOut(/* localOnly = */ true) -}); - -// A test for the fact we will accept either a UID or email when looking in -// the login manager. -add_task(function* test_uidMigration() { - setLoginMgrLoggedInState(true); - Assert.strictEqual(getLoginMgrData(), null, "expect no logins at the start"); - - // create the login entry using email as a key. - let contents = {kA: "kA"}; - - let loginInfo = new Components.Constructor( - "@mozilla.org/login-manager/loginInfo;1", Ci.nsILoginInfo, "init"); - let login = new loginInfo(FXA_PWDMGR_HOST, - null, // aFormSubmitURL, - FXA_PWDMGR_REALM, // aHttpRealm, - "foo@bar.com", // aUsername - JSON.stringify(contents), // aPassword - "", // aUsernameField - "");// aPasswordField - Services.logins.addLogin(login); - - // ensure we read it. - let storage = new LoginManagerStorage(); - let got = yield storage.get("uid", "foo@bar.com"); - Assert.deepEqual(got, contents); -}); diff --git a/services/fxaccounts/tests/xpcshell/test_oauth_client.js b/services/fxaccounts/tests/xpcshell/test_oauth_client.js deleted file mode 100644 index 9bcb1b1ab..000000000 --- a/services/fxaccounts/tests/xpcshell/test_oauth_client.js +++ /dev/null @@ -1,55 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - * http://creativecommons.org/publicdomain/zero/1.0/ */ - -"use strict"; - -Cu.import("resource://gre/modules/FxAccountsOAuthClient.jsm"); - -function run_test() { - validationHelper(undefined, - "Error: Missing 'parameters' configuration option"); - - validationHelper({}, - "Error: Missing 'parameters' configuration option"); - - validationHelper({ parameters: {} }, - "Error: Missing 'parameters.oauth_uri' parameter"); - - validationHelper({ parameters: { - oauth_uri: "http://oauth.test/v1" - }}, - "Error: Missing 'parameters.client_id' parameter"); - - validationHelper({ parameters: { - oauth_uri: "http://oauth.test/v1", - client_id: "client_id" - }}, - "Error: Missing 'parameters.content_uri' parameter"); - - validationHelper({ parameters: { - oauth_uri: "http://oauth.test/v1", - client_id: "client_id", - content_uri: "http://content.test" - }}, - "Error: Missing 'parameters.state' parameter"); - - validationHelper({ parameters: { - oauth_uri: "http://oauth.test/v1", - client_id: "client_id", - content_uri: "http://content.test", - state: "complete", - action: "force_auth" - }}, - "Error: parameters.email is required for action 'force_auth'"); - - run_next_test(); -} - -function validationHelper(params, expected) { - try { - new FxAccountsOAuthClient(params); - } catch (e) { - return do_check_eq(e.toString(), expected); - } - throw new Error("Validation helper error"); -} diff --git a/services/fxaccounts/tests/xpcshell/test_oauth_grant_client.js b/services/fxaccounts/tests/xpcshell/test_oauth_grant_client.js deleted file mode 100644 index 710a65ee5..000000000 --- a/services/fxaccounts/tests/xpcshell/test_oauth_grant_client.js +++ /dev/null @@ -1,292 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - * http://creativecommons.org/publicdomain/zero/1.0/ */ - -"use strict"; - -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -Cu.import("resource://gre/modules/FxAccountsOAuthGrantClient.jsm"); -Cu.import("resource://gre/modules/Services.jsm"); - -const CLIENT_OPTIONS = { - serverURL: "http://127.0.0.1:9010/v1", - client_id: 'abc123' -}; - -const STATUS_SUCCESS = 200; - -/** - * Mock request responder - * @param {String} response - * Mocked raw response from the server - * @returns {Function} - */ -var mockResponse = function (response) { - return function () { - return { - setHeader: function () {}, - post: function () { - this.response = response; - this.onComplete(); - } - }; - }; -}; - -/** - * Mock request error responder - * @param {Error} error - * Error object - * @returns {Function} - */ -var mockResponseError = function (error) { - return function () { - return { - setHeader: function () {}, - post: function () { - this.onComplete(error); - } - }; - }; -}; - -add_test(function missingParams () { - let client = new FxAccountsOAuthGrantClient(CLIENT_OPTIONS); - try { - client.getTokenFromAssertion() - } catch (e) { - do_check_eq(e.message, "Missing 'assertion' parameter"); - } - - try { - client.getTokenFromAssertion("assertion") - } catch (e) { - do_check_eq(e.message, "Missing 'scope' parameter"); - } - - run_next_test(); -}); - -add_test(function successfulResponse () { - let client = new FxAccountsOAuthGrantClient(CLIENT_OPTIONS); - let response = { - success: true, - status: STATUS_SUCCESS, - body: "{\"access_token\":\"http://example.com/image.jpeg\",\"id\":\"0d5c1a89b8c54580b8e3e8adadae864a\"}", - }; - - client._Request = new mockResponse(response); - client.getTokenFromAssertion("assertion", "scope") - .then( - function (result) { - do_check_eq(result.access_token, "http://example.com/image.jpeg"); - run_next_test(); - } - ); -}); - -add_test(function successfulDestroy () { - let client = new FxAccountsOAuthGrantClient(CLIENT_OPTIONS); - let response = { - success: true, - status: STATUS_SUCCESS, - body: "{}", - }; - - client._Request = new mockResponse(response); - client.destroyToken("deadbeef").then(run_next_test); -}); - -add_test(function parseErrorResponse () { - let client = new FxAccountsOAuthGrantClient(CLIENT_OPTIONS); - let response = { - success: true, - status: STATUS_SUCCESS, - body: "unexpected", - }; - - client._Request = new mockResponse(response); - client.getTokenFromAssertion("assertion", "scope") - .then( - null, - function (e) { - do_check_eq(e.name, "FxAccountsOAuthGrantClientError"); - do_check_eq(e.code, STATUS_SUCCESS); - do_check_eq(e.errno, ERRNO_PARSE); - do_check_eq(e.error, ERROR_PARSE); - do_check_eq(e.message, "unexpected"); - run_next_test(); - } - ); -}); - -add_test(function serverErrorResponse () { - let client = new FxAccountsOAuthGrantClient(CLIENT_OPTIONS); - let response = { - status: 400, - body: "{ \"code\": 400, \"errno\": 104, \"error\": \"Bad Request\", \"message\": \"Unauthorized\", \"reason\": \"Invalid fxa assertion\" }", - }; - - client._Request = new mockResponse(response); - client.getTokenFromAssertion("blah", "scope") - .then( - null, - function (e) { - do_check_eq(e.name, "FxAccountsOAuthGrantClientError"); - do_check_eq(e.code, 400); - do_check_eq(e.errno, ERRNO_INVALID_FXA_ASSERTION); - do_check_eq(e.error, "Bad Request"); - do_check_eq(e.message, "Unauthorized"); - run_next_test(); - } - ); -}); - -add_test(function networkErrorResponse () { - let client = new FxAccountsOAuthGrantClient({ - serverURL: "http://domain.dummy", - client_id: "abc123" - }); - Services.prefs.setBoolPref("identity.fxaccounts.skipDeviceRegistration", true); - client.getTokenFromAssertion("assertion", "scope") - .then( - null, - function (e) { - do_check_eq(e.name, "FxAccountsOAuthGrantClientError"); - do_check_eq(e.code, null); - do_check_eq(e.errno, ERRNO_NETWORK); - do_check_eq(e.error, ERROR_NETWORK); - run_next_test(); - } - ).catch(() => {}).then(() => - Services.prefs.clearUserPref("identity.fxaccounts.skipDeviceRegistration")); -}); - -add_test(function unsupportedMethod () { - let client = new FxAccountsOAuthGrantClient(CLIENT_OPTIONS); - - return client._createRequest("/", "PUT") - .then( - null, - function (e) { - do_check_eq(e.name, "FxAccountsOAuthGrantClientError"); - do_check_eq(e.code, ERROR_CODE_METHOD_NOT_ALLOWED); - do_check_eq(e.errno, ERRNO_NETWORK); - do_check_eq(e.error, ERROR_NETWORK); - do_check_eq(e.message, ERROR_MSG_METHOD_NOT_ALLOWED); - run_next_test(); - } - ); -}); - -add_test(function onCompleteRequestError () { - let client = new FxAccountsOAuthGrantClient(CLIENT_OPTIONS); - client._Request = new mockResponseError(new Error("onComplete error")); - client.getTokenFromAssertion("assertion", "scope") - .then( - null, - function (e) { - do_check_eq(e.name, "FxAccountsOAuthGrantClientError"); - do_check_eq(e.code, null); - do_check_eq(e.errno, ERRNO_NETWORK); - do_check_eq(e.error, ERROR_NETWORK); - do_check_eq(e.message, "Error: onComplete error"); - run_next_test(); - } - ); -}); - -add_test(function incorrectErrno() { - let client = new FxAccountsOAuthGrantClient(CLIENT_OPTIONS); - let response = { - status: 400, - body: "{ \"code\": 400, \"errno\": \"bad errno\", \"error\": \"Bad Request\", \"message\": \"Unauthorized\", \"reason\": \"Invalid fxa assertion\" }", - }; - - client._Request = new mockResponse(response); - client.getTokenFromAssertion("blah", "scope") - .then( - null, - function (e) { - do_check_eq(e.name, "FxAccountsOAuthGrantClientError"); - do_check_eq(e.code, 400); - do_check_eq(e.errno, ERRNO_UNKNOWN_ERROR); - do_check_eq(e.error, "Bad Request"); - do_check_eq(e.message, "Unauthorized"); - run_next_test(); - } - ); -}); - -add_test(function constructorTests() { - validationHelper(undefined, - "Error: Missing configuration options"); - - validationHelper({}, - "Error: Missing 'serverURL' parameter"); - - validationHelper({ serverURL: "http://example.com" }, - "Error: Missing 'client_id' parameter"); - - validationHelper({ client_id: "123ABC" }, - "Error: Missing 'serverURL' parameter"); - - validationHelper({ client_id: "123ABC", serverURL: "badUrl" }, - "Error: Invalid 'serverURL'"); - - run_next_test(); -}); - -add_test(function errorTests() { - let error1 = new FxAccountsOAuthGrantClientError(); - do_check_eq(error1.name, "FxAccountsOAuthGrantClientError"); - do_check_eq(error1.code, null); - do_check_eq(error1.errno, ERRNO_UNKNOWN_ERROR); - do_check_eq(error1.error, ERROR_UNKNOWN); - do_check_eq(error1.message, null); - - let error2 = new FxAccountsOAuthGrantClientError({ - code: STATUS_SUCCESS, - errno: 1, - error: "Error", - message: "Something", - }); - let fields2 = error2._toStringFields(); - let statusCode = 1; - - do_check_eq(error2.name, "FxAccountsOAuthGrantClientError"); - do_check_eq(error2.code, STATUS_SUCCESS); - do_check_eq(error2.errno, statusCode); - do_check_eq(error2.error, "Error"); - do_check_eq(error2.message, "Something"); - - do_check_eq(fields2.name, "FxAccountsOAuthGrantClientError"); - do_check_eq(fields2.code, STATUS_SUCCESS); - do_check_eq(fields2.errno, statusCode); - do_check_eq(fields2.error, "Error"); - do_check_eq(fields2.message, "Something"); - - do_check_true(error2.toString().indexOf("Something") >= 0); - run_next_test(); -}); - -function run_test() { - run_next_test(); -} - -/** - * Quick way to test the "FxAccountsOAuthGrantClient" constructor. - * - * @param {Object} options - * FxAccountsOAuthGrantClient constructor options - * @param {String} expected - * Expected error message - * @returns {*} - */ -function validationHelper(options, expected) { - try { - new FxAccountsOAuthGrantClient(options); - } catch (e) { - return do_check_eq(e.toString(), expected); - } - throw new Error("Validation helper error"); -} diff --git a/services/fxaccounts/tests/xpcshell/test_oauth_grant_client_server.js b/services/fxaccounts/tests/xpcshell/test_oauth_grant_client_server.js deleted file mode 100644 index bd446513e..000000000 --- a/services/fxaccounts/tests/xpcshell/test_oauth_grant_client_server.js +++ /dev/null @@ -1,73 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - * http://creativecommons.org/publicdomain/zero/1.0/ */ - -// A test of FxAccountsOAuthGrantClient but using a real server it can -// hit. -"use strict"; - -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -Cu.import("resource://gre/modules/FxAccountsOAuthGrantClient.jsm"); - -// handlers for our server. -var numTokenFetches; -var activeTokens; - -function authorize(request, response) { - response.setStatusLine("1.1", 200, "OK"); - let token = "token" + numTokenFetches; - numTokenFetches += 1; - activeTokens.add(token); - response.write(JSON.stringify({access_token: token})); -} - -function destroy(request, response) { - // Getting the body seems harder than it should be! - let sis = Cc["@mozilla.org/scriptableinputstream;1"] - .createInstance(Ci.nsIScriptableInputStream); - sis.init(request.bodyInputStream); - let body = JSON.parse(sis.read(sis.available())); - sis.close(); - let token = body.token; - ok(activeTokens.delete(token)); - print("after destroy have", activeTokens.size, "tokens left.") - response.setStatusLine("1.1", 200, "OK"); - response.write('{}'); -} - -function startServer() { - numTokenFetches = 0; - activeTokens = new Set(); - let srv = new HttpServer(); - srv.registerPathHandler("/v1/authorization", authorize); - srv.registerPathHandler("/v1/destroy", destroy); - srv.start(-1); - return srv; -} - -function promiseStopServer(server) { - return new Promise(resolve => { - server.stop(resolve); - }); -} - -add_task(function* getAndRevokeToken () { - let server = startServer(); - let clientOptions = { - serverURL: "http://localhost:" + server.identity.primaryPort + "/v1", - client_id: 'abc123', - } - - let client = new FxAccountsOAuthGrantClient(clientOptions); - let result = yield client.getTokenFromAssertion("assertion", "scope"); - equal(result.access_token, "token0"); - equal(numTokenFetches, 1, "we hit the server to fetch a token"); - yield client.destroyToken("token0"); - equal(activeTokens.size, 0, "We hit the server to revoke it"); - yield promiseStopServer(server); -}); - -// XXX - TODO - we should probably add more tests for unexpected responses etc. - -function run_test() { - run_next_test(); -} diff --git a/services/fxaccounts/tests/xpcshell/test_oauth_token_storage.js b/services/fxaccounts/tests/xpcshell/test_oauth_token_storage.js deleted file mode 100644 index 08642846b..000000000 --- a/services/fxaccounts/tests/xpcshell/test_oauth_token_storage.js +++ /dev/null @@ -1,165 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - * http://creativecommons.org/publicdomain/zero/1.0/ */ - -"use strict"; - -Cu.import("resource://gre/modules/FxAccounts.jsm"); -Cu.import("resource://gre/modules/FxAccountsClient.jsm"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -Cu.import("resource://gre/modules/osfile.jsm"); - -// We grab some additional stuff via backstage passes. -var {AccountState} = Cu.import("resource://gre/modules/FxAccounts.jsm", {}); - -function promiseNotification(topic) { - return new Promise(resolve => { - let observe = () => { - Services.obs.removeObserver(observe, topic); - resolve(); - } - Services.obs.addObserver(observe, topic, false); - }); -} - -// A storage manager that doesn't actually write anywhere. -function MockStorageManager() { -} - -MockStorageManager.prototype = { - promiseInitialized: Promise.resolve(), - - initialize(accountData) { - this.accountData = accountData; - }, - - finalize() { - return Promise.resolve(); - }, - - getAccountData() { - return Promise.resolve(this.accountData); - }, - - updateAccountData(updatedFields) { - for (let [name, value] of Object.entries(updatedFields)) { - if (value == null) { - delete this.accountData[name]; - } else { - this.accountData[name] = value; - } - } - return Promise.resolve(); - }, - - deleteAccountData() { - this.accountData = null; - return Promise.resolve(); - } -} - - -// Just enough mocks so we can avoid hawk etc. -function MockFxAccountsClient() { - this._email = "nobody@example.com"; - this._verified = false; - - this.accountStatus = function(uid) { - let deferred = Promise.defer(); - deferred.resolve(!!uid && (!this._deletedOnServer)); - return deferred.promise; - }; - - this.signOut = function() { return Promise.resolve(); }; - this.registerDevice = function() { return Promise.resolve(); }; - this.updateDevice = function() { return Promise.resolve(); }; - this.signOutAndDestroyDevice = function() { return Promise.resolve(); }; - this.getDeviceList = function() { return Promise.resolve(); }; - - FxAccountsClient.apply(this); -} - -MockFxAccountsClient.prototype = { - __proto__: FxAccountsClient.prototype -} - -function MockFxAccounts(device={}) { - return new FxAccounts({ - fxAccountsClient: new MockFxAccountsClient(), - newAccountState(credentials) { - // we use a real accountState but mocked storage. - let storage = new MockStorageManager(); - storage.initialize(credentials); - return new AccountState(storage); - }, - _getDeviceName() { - return "mock device name"; - }, - fxaPushService: { - registerPushEndpoint() { - return new Promise((resolve) => { - resolve({ - endpoint: "http://mochi.test:8888" - }); - }); - }, - }, - }); -} - -function* createMockFxA() { - let fxa = new MockFxAccounts(); - let credentials = { - email: "foo@example.com", - uid: "1234@lcip.org", - assertion: "foobar", - sessionToken: "dead", - kA: "beef", - kB: "cafe", - verified: true - }; - yield fxa.setSignedInUser(credentials); - return fxa; -} - -// The tests. -function run_test() { - run_next_test(); -} - -add_task(function* testCacheStorage() { - let fxa = yield createMockFxA(); - - // Hook what the impl calls to save to disk. - let cas = fxa.internal.currentAccountState; - let origPersistCached = cas._persistCachedTokens.bind(cas) - cas._persistCachedTokens = function() { - return origPersistCached().then(() => { - Services.obs.notifyObservers(null, "testhelper-fxa-cache-persist-done", null); - }); - }; - - let promiseWritten = promiseNotification("testhelper-fxa-cache-persist-done"); - let tokenData = {token: "token1", somethingelse: "something else"}; - let scopeArray = ["foo", "bar"]; - cas.setCachedToken(scopeArray, tokenData); - deepEqual(cas.getCachedToken(scopeArray), tokenData); - - deepEqual(cas.oauthTokens, {"bar|foo": tokenData}); - // wait for background write to complete. - yield promiseWritten; - - // Check the token cache made it to our mocked storage. - deepEqual(cas.storageManager.accountData.oauthTokens, {"bar|foo": tokenData}); - - // Drop the token from the cache and ensure it is removed from the json. - promiseWritten = promiseNotification("testhelper-fxa-cache-persist-done"); - yield cas.removeCachedToken("token1"); - deepEqual(cas.oauthTokens, {}); - yield promiseWritten; - deepEqual(cas.storageManager.accountData.oauthTokens, {}); - - // sign out and the token storage should end up with null. - let storageManager = cas.storageManager; // .signOut() removes the attribute. - yield fxa.signOut( /* localOnly = */ true); - deepEqual(storageManager.accountData, null); -}); diff --git a/services/fxaccounts/tests/xpcshell/test_oauth_tokens.js b/services/fxaccounts/tests/xpcshell/test_oauth_tokens.js deleted file mode 100644 index f758bf405..000000000 --- a/services/fxaccounts/tests/xpcshell/test_oauth_tokens.js +++ /dev/null @@ -1,251 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - * http://creativecommons.org/publicdomain/zero/1.0/ */ - -"use strict"; - -Cu.import("resource://gre/modules/FxAccounts.jsm"); -Cu.import("resource://gre/modules/FxAccountsClient.jsm"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -Cu.import("resource://gre/modules/FxAccountsOAuthGrantClient.jsm"); -Cu.import("resource://services-common/utils.js"); -var {AccountState} = Cu.import("resource://gre/modules/FxAccounts.jsm", {}); - -function promiseNotification(topic) { - return new Promise(resolve => { - let observe = () => { - Services.obs.removeObserver(observe, topic); - resolve(); - } - Services.obs.addObserver(observe, topic, false); - }); -} - -// Just enough mocks so we can avoid hawk and storage. -function MockStorageManager() { -} - -MockStorageManager.prototype = { - promiseInitialized: Promise.resolve(), - - initialize(accountData) { - this.accountData = accountData; - }, - - finalize() { - return Promise.resolve(); - }, - - getAccountData() { - return Promise.resolve(this.accountData); - }, - - updateAccountData(updatedFields) { - for (let [name, value] of Object.entries(updatedFields)) { - if (value == null) { - delete this.accountData[name]; - } else { - this.accountData[name] = value; - } - } - return Promise.resolve(); - }, - - deleteAccountData() { - this.accountData = null; - return Promise.resolve(); - } -} - -function MockFxAccountsClient() { - this._email = "nobody@example.com"; - this._verified = false; - - this.accountStatus = function(uid) { - let deferred = Promise.defer(); - deferred.resolve(!!uid && (!this._deletedOnServer)); - return deferred.promise; - }; - - this.signOut = function() { return Promise.resolve(); }; - this.registerDevice = function() { return Promise.resolve(); }; - this.updateDevice = function() { return Promise.resolve(); }; - this.signOutAndDestroyDevice = function() { return Promise.resolve(); }; - this.getDeviceList = function() { return Promise.resolve(); }; - - FxAccountsClient.apply(this); -} - -MockFxAccountsClient.prototype = { - __proto__: FxAccountsClient.prototype -} - -function MockFxAccounts(mockGrantClient) { - return new FxAccounts({ - fxAccountsClient: new MockFxAccountsClient(), - getAssertion: () => Promise.resolve("assertion"), - newAccountState(credentials) { - // we use a real accountState but mocked storage. - let storage = new MockStorageManager(); - storage.initialize(credentials); - return new AccountState(storage); - }, - _destroyOAuthToken: function(tokenData) { - // somewhat sad duplication of _destroyOAuthToken, but hard to avoid. - return mockGrantClient.destroyToken(tokenData.token).then( () => { - Services.obs.notifyObservers(null, "testhelper-fxa-revoke-complete", null); - }); - }, - _getDeviceName() { - return "mock device name"; - }, - fxaPushService: { - registerPushEndpoint() { - return new Promise((resolve) => { - resolve({ - endpoint: "http://mochi.test:8888" - }); - }); - }, - }, - }); -} - -function* createMockFxA(mockGrantClient) { - let fxa = new MockFxAccounts(mockGrantClient); - let credentials = { - email: "foo@example.com", - uid: "1234@lcip.org", - assertion: "foobar", - sessionToken: "dead", - kA: "beef", - kB: "cafe", - verified: true - }; - - yield fxa.setSignedInUser(credentials); - return fxa; -} - -// The tests. -function run_test() { - run_next_test(); -} - -function MockFxAccountsOAuthGrantClient() { - this.activeTokens = new Set(); -} - -MockFxAccountsOAuthGrantClient.prototype = { - serverURL: {href: "http://localhost"}, - getTokenFromAssertion(assertion, scope) { - let token = "token" + this.numTokenFetches; - this.numTokenFetches += 1; - this.activeTokens.add(token); - print("getTokenFromAssertion returning token", token); - return Promise.resolve({access_token: token}); - }, - destroyToken(token) { - ok(this.activeTokens.delete(token)); - print("after destroy have", this.activeTokens.size, "tokens left."); - return Promise.resolve({}); - }, - // and some stuff used only for tests. - numTokenFetches: 0, - activeTokens: null, -} - -add_task(function* testRevoke() { - let client = new MockFxAccountsOAuthGrantClient(); - let tokenOptions = { scope: "test-scope", client: client }; - let fxa = yield createMockFxA(client); - - // get our first token and check we hit the mock. - let token1 = yield fxa.getOAuthToken(tokenOptions); - equal(client.numTokenFetches, 1); - equal(client.activeTokens.size, 1); - ok(token1, "got a token"); - equal(token1, "token0"); - - // drop the new token from our cache. - yield fxa.removeCachedOAuthToken({token: token1}); - - // FxA fires an observer when the "background" revoke is complete. - yield promiseNotification("testhelper-fxa-revoke-complete"); - // the revoke should have been successful. - equal(client.activeTokens.size, 0); - // fetching it again hits the server. - let token2 = yield fxa.getOAuthToken(tokenOptions); - equal(client.numTokenFetches, 2); - equal(client.activeTokens.size, 1); - ok(token2, "got a token"); - notEqual(token1, token2, "got a different token"); -}); - -add_task(function* testSignOutDestroysTokens() { - let client = new MockFxAccountsOAuthGrantClient(); - let fxa = yield createMockFxA(client); - - // get our first token and check we hit the mock. - let token1 = yield fxa.getOAuthToken({ scope: "test-scope", client: client }); - equal(client.numTokenFetches, 1); - equal(client.activeTokens.size, 1); - ok(token1, "got a token"); - - // get another - let token2 = yield fxa.getOAuthToken({ scope: "test-scope-2", client: client }); - equal(client.numTokenFetches, 2); - equal(client.activeTokens.size, 2); - ok(token2, "got a token"); - notEqual(token1, token2, "got a different token"); - - // now sign out - they should be removed. - yield fxa.signOut(); - // FxA fires an observer when the "background" signout is complete. - yield promiseNotification("testhelper-fxa-signout-complete"); - // No active tokens left. - equal(client.activeTokens.size, 0); -}); - -add_task(function* testTokenRaces() { - // Here we do 2 concurrent fetches each for 2 different token scopes (ie, - // 4 token fetches in total). - // This should provoke a potential race in the token fetching but we should - // handle and detect that leaving us with one of the fetch tokens being - // revoked and the same token value returned to both calls. - let client = new MockFxAccountsOAuthGrantClient(); - let fxa = yield createMockFxA(client); - - // We should see 2 notifications as part of this - set up the listeners - // now (and wait on them later) - let notifications = Promise.all([ - promiseNotification("testhelper-fxa-revoke-complete"), - promiseNotification("testhelper-fxa-revoke-complete"), - ]); - let results = yield Promise.all([ - fxa.getOAuthToken({scope: "test-scope", client: client}), - fxa.getOAuthToken({scope: "test-scope", client: client}), - fxa.getOAuthToken({scope: "test-scope-2", client: client}), - fxa.getOAuthToken({scope: "test-scope-2", client: client}), - ]); - - equal(client.numTokenFetches, 4, "should have fetched 4 tokens."); - // We should see 2 of the 4 revoked due to the race. - yield notifications; - - // Should have 2 unique tokens - results.sort(); - equal(results[0], results[1]); - equal(results[2], results[3]); - // should be 2 active. - equal(client.activeTokens.size, 2); - // Which can each be revoked. - notifications = Promise.all([ - promiseNotification("testhelper-fxa-revoke-complete"), - promiseNotification("testhelper-fxa-revoke-complete"), - ]); - yield fxa.removeCachedOAuthToken({token: results[0]}); - equal(client.activeTokens.size, 1); - yield fxa.removeCachedOAuthToken({token: results[2]}); - equal(client.activeTokens.size, 0); - yield notifications; -}); diff --git a/services/fxaccounts/tests/xpcshell/test_profile.js b/services/fxaccounts/tests/xpcshell/test_profile.js deleted file mode 100644 index 13adf8cbb..000000000 --- a/services/fxaccounts/tests/xpcshell/test_profile.js +++ /dev/null @@ -1,409 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - * http://creativecommons.org/publicdomain/zero/1.0/ */ - -"use strict"; - -Cu.import("resource://gre/modules/Promise.jsm"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -Cu.import("resource://gre/modules/FxAccountsProfileClient.jsm"); -Cu.import("resource://gre/modules/FxAccountsProfile.jsm"); - -const URL_STRING = "https://example.com"; -Services.prefs.setCharPref("identity.fxaccounts.settings.uri", "https://example.com/settings"); - -const STATUS_SUCCESS = 200; - -/** - * Mock request responder - * @param {String} response - * Mocked raw response from the server - * @returns {Function} - */ -var mockResponse = function (response) { - let Request = function (requestUri) { - // Store the request uri so tests can inspect it - Request._requestUri = requestUri; - return { - setHeader: function () {}, - head: function () { - this.response = response; - this.onComplete(); - } - }; - }; - - return Request; -}; - -/** - * Mock request error responder - * @param {Error} error - * Error object - * @returns {Function} - */ -var mockResponseError = function (error) { - return function () { - return { - setHeader: function () {}, - head: function () { - this.onComplete(error); - } - }; - }; -}; - -var mockClient = function (fxa) { - let options = { - serverURL: "http://127.0.0.1:1111/v1", - fxa: fxa, - } - return new FxAccountsProfileClient(options); -}; - -const ACCOUNT_DATA = { - uid: "abc123" -}; - -function FxaMock() { -} -FxaMock.prototype = { - currentAccountState: { - profile: null, - get isCurrent() { - return true; - } - }, - - getSignedInUser: function () { - return Promise.resolve(ACCOUNT_DATA); - } -}; - -var mockFxa = function() { - return new FxaMock(); -}; - -function CreateFxAccountsProfile(fxa = null, client = null) { - if (!fxa) { - fxa = mockFxa(); - } - let options = { - fxa: fxa, - profileServerUrl: "http://127.0.0.1:1111/v1" - } - if (client) { - options.profileClient = client; - } - return new FxAccountsProfile(options); -} - -add_test(function getCachedProfile() { - let profile = CreateFxAccountsProfile(); - // a little pointless until bug 1157529 is fixed... - profile._cachedProfile = { avatar: "myurl" }; - - return profile._getCachedProfile() - .then(function (cached) { - do_check_eq(cached.avatar, "myurl"); - run_next_test(); - }); -}); - -add_test(function cacheProfile_change() { - let fxa = mockFxa(); -/* Saving profile data disabled - bug 1157529 - let setUserAccountDataCalled = false; - fxa.setUserAccountData = function (data) { - setUserAccountDataCalled = true; - do_check_eq(data.profile.avatar, "myurl"); - return Promise.resolve(); - }; -*/ - let profile = CreateFxAccountsProfile(fxa); - - makeObserver(ON_PROFILE_CHANGE_NOTIFICATION, function (subject, topic, data) { - do_check_eq(data, ACCOUNT_DATA.uid); -// do_check_true(setUserAccountDataCalled); - bug 1157529 - run_next_test(); - }); - - return profile._cacheProfile({ avatar: "myurl" }); -}); - -add_test(function cacheProfile_no_change() { - let fxa = mockFxa(); - let profile = CreateFxAccountsProfile(fxa) - profile._cachedProfile = { avatar: "myurl" }; -// XXX - saving is disabled (but we can leave that in for now as we are -// just checking it is *not* called) - fxa.setSignedInUser = function (data) { - throw new Error("should not update account data"); - }; - - return profile._cacheProfile({ avatar: "myurl" }) - .then((result) => { - do_check_false(!!result); - run_next_test(); - }); -}); - -add_test(function fetchAndCacheProfile_ok() { - let client = mockClient(mockFxa()); - client.fetchProfile = function () { - return Promise.resolve({ avatar: "myimg"}); - }; - let profile = CreateFxAccountsProfile(null, client); - - profile._cacheProfile = function (toCache) { - do_check_eq(toCache.avatar, "myimg"); - return Promise.resolve(); - }; - - return profile._fetchAndCacheProfile() - .then(result => { - do_check_eq(result.avatar, "myimg"); - run_next_test(); - }); -}); - -// Check that a second profile request when one is already in-flight reuses -// the in-flight one. -add_task(function* fetchAndCacheProfileOnce() { - // A promise that remains unresolved while we fire off 2 requests for - // a profile. - let resolveProfile; - let promiseProfile = new Promise(resolve => { - resolveProfile = resolve; - }); - let numFetches = 0; - let client = mockClient(mockFxa()); - client.fetchProfile = function () { - numFetches += 1; - return promiseProfile; - }; - let profile = CreateFxAccountsProfile(null, client); - - let request1 = profile._fetchAndCacheProfile(); - let request2 = profile._fetchAndCacheProfile(); - - // should be one request made to fetch the profile (but the promise returned - // by it remains unresolved) - do_check_eq(numFetches, 1); - - // resolve the promise. - resolveProfile({ avatar: "myimg"}); - - // both requests should complete with the same data. - let got1 = yield request1; - do_check_eq(got1.avatar, "myimg"); - let got2 = yield request1; - do_check_eq(got2.avatar, "myimg"); - - // and still only 1 request was made. - do_check_eq(numFetches, 1); -}); - -// Check that sharing a single fetch promise works correctly when the promise -// is rejected. -add_task(function* fetchAndCacheProfileOnce() { - // A promise that remains unresolved while we fire off 2 requests for - // a profile. - let rejectProfile; - let promiseProfile = new Promise((resolve,reject) => { - rejectProfile = reject; - }); - let numFetches = 0; - let client = mockClient(mockFxa()); - client.fetchProfile = function () { - numFetches += 1; - return promiseProfile; - }; - let profile = CreateFxAccountsProfile(null, client); - - let request1 = profile._fetchAndCacheProfile(); - let request2 = profile._fetchAndCacheProfile(); - - // should be one request made to fetch the profile (but the promise returned - // by it remains unresolved) - do_check_eq(numFetches, 1); - - // reject the promise. - rejectProfile("oh noes"); - - // both requests should reject. - try { - yield request1; - throw new Error("should have rejected"); - } catch (ex) { - if (ex != "oh noes") { - throw ex; - } - } - try { - yield request2; - throw new Error("should have rejected"); - } catch (ex) { - if (ex != "oh noes") { - throw ex; - } - } - - // but a new request should work. - client.fetchProfile = function () { - return Promise.resolve({ avatar: "myimg"}); - }; - - let got = yield profile._fetchAndCacheProfile(); - do_check_eq(got.avatar, "myimg"); -}); - -// Check that a new profile request within PROFILE_FRESHNESS_THRESHOLD of the -// last one doesn't kick off a new request to check the cached copy is fresh. -add_task(function* fetchAndCacheProfileAfterThreshold() { - let numFetches = 0; - let client = mockClient(mockFxa()); - client.fetchProfile = function () { - numFetches += 1; - return Promise.resolve({ avatar: "myimg"}); - }; - let profile = CreateFxAccountsProfile(null, client); - profile.PROFILE_FRESHNESS_THRESHOLD = 1000; - - yield profile.getProfile(); - do_check_eq(numFetches, 1); - - yield profile.getProfile(); - do_check_eq(numFetches, 1); - - yield new Promise(resolve => { - do_timeout(1000, resolve); - }); - - yield profile.getProfile(); - do_check_eq(numFetches, 2); -}); - -// Check that a new profile request within PROFILE_FRESHNESS_THRESHOLD of the -// last one *does* kick off a new request if ON_PROFILE_CHANGE_NOTIFICATION -// is sent. -add_task(function* fetchAndCacheProfileBeforeThresholdOnNotification() { - let numFetches = 0; - let client = mockClient(mockFxa()); - client.fetchProfile = function () { - numFetches += 1; - return Promise.resolve({ avatar: "myimg"}); - }; - let profile = CreateFxAccountsProfile(null, client); - profile.PROFILE_FRESHNESS_THRESHOLD = 1000; - - yield profile.getProfile(); - do_check_eq(numFetches, 1); - - Services.obs.notifyObservers(null, ON_PROFILE_CHANGE_NOTIFICATION, null); - - yield profile.getProfile(); - do_check_eq(numFetches, 2); -}); - -add_test(function tearDown_ok() { - let profile = CreateFxAccountsProfile(); - - do_check_true(!!profile.client); - do_check_true(!!profile.fxa); - - profile.tearDown(); - do_check_null(profile.fxa); - do_check_null(profile.client); - - run_next_test(); -}); - -add_test(function getProfile_ok() { - let cachedUrl = "myurl"; - let didFetch = false; - - let profile = CreateFxAccountsProfile(); - profile._getCachedProfile = function () { - return Promise.resolve({ avatar: cachedUrl }); - }; - - profile._fetchAndCacheProfile = function () { - didFetch = true; - return Promise.resolve(); - }; - - return profile.getProfile() - .then(result => { - do_check_eq(result.avatar, cachedUrl); - do_check_true(didFetch); - run_next_test(); - }); -}); - -add_test(function getProfile_no_cache() { - let fetchedUrl = "newUrl"; - let profile = CreateFxAccountsProfile(); - profile._getCachedProfile = function () { - return Promise.resolve(); - }; - - profile._fetchAndCacheProfile = function () { - return Promise.resolve({ avatar: fetchedUrl }); - }; - - return profile.getProfile() - .then(result => { - do_check_eq(result.avatar, fetchedUrl); - run_next_test(); - }); -}); - -add_test(function getProfile_has_cached_fetch_deleted() { - let cachedUrl = "myurl"; - - let fxa = mockFxa(); - let client = mockClient(fxa); - client.fetchProfile = function () { - return Promise.resolve({ avatar: null }); - }; - - let profile = CreateFxAccountsProfile(fxa, client); - profile._cachedProfile = { avatar: cachedUrl }; - -// instead of checking this in a mocked "save" function, just check after the -// observer - makeObserver(ON_PROFILE_CHANGE_NOTIFICATION, function (subject, topic, data) { - profile.getProfile() - .then(profileData => { - do_check_null(profileData.avatar); - run_next_test(); - }); - }); - - return profile.getProfile() - .then(result => { - do_check_eq(result.avatar, "myurl"); - }); -}); - -function run_test() { - run_next_test(); -} - -function makeObserver(aObserveTopic, aObserveFunc) { - let callback = function (aSubject, aTopic, aData) { - log.debug("observed " + aTopic + " " + aData); - if (aTopic == aObserveTopic) { - removeMe(); - aObserveFunc(aSubject, aTopic, aData); - } - }; - - function removeMe() { - log.debug("removing observer for " + aObserveTopic); - Services.obs.removeObserver(callback, aObserveTopic); - } - - Services.obs.addObserver(callback, aObserveTopic, false); - return removeMe; -} diff --git a/services/fxaccounts/tests/xpcshell/test_profile_client.js b/services/fxaccounts/tests/xpcshell/test_profile_client.js deleted file mode 100644 index 20ff6efc6..000000000 --- a/services/fxaccounts/tests/xpcshell/test_profile_client.js +++ /dev/null @@ -1,411 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - * http://creativecommons.org/publicdomain/zero/1.0/ */ - -"use strict"; - -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -Cu.import("resource://gre/modules/FxAccountsProfileClient.jsm"); - -const STATUS_SUCCESS = 200; - -/** - * Mock request responder - * @param {String} response - * Mocked raw response from the server - * @returns {Function} - */ -var mockResponse = function (response) { - let Request = function (requestUri) { - // Store the request uri so tests can inspect it - Request._requestUri = requestUri; - return { - setHeader: function () {}, - get: function () { - this.response = response; - this.onComplete(); - } - }; - }; - - return Request; -}; - -// A simple mock FxA that hands out tokens without checking them and doesn't -// expect tokens to be revoked. We have specific token tests further down that -// has more checks here. -var mockFxa = { - getOAuthToken(options) { - do_check_eq(options.scope, "profile"); - return "token"; - } -} - -const PROFILE_OPTIONS = { - serverURL: "http://127.0.0.1:1111/v1", - fxa: mockFxa, -}; - -/** - * Mock request error responder - * @param {Error} error - * Error object - * @returns {Function} - */ -var mockResponseError = function (error) { - return function () { - return { - setHeader: function () {}, - get: function () { - this.onComplete(error); - } - }; - }; -}; - -add_test(function successfulResponse () { - let client = new FxAccountsProfileClient(PROFILE_OPTIONS); - let response = { - success: true, - status: STATUS_SUCCESS, - body: "{\"email\":\"someone@restmail.net\",\"uid\":\"0d5c1a89b8c54580b8e3e8adadae864a\"}", - }; - - client._Request = new mockResponse(response); - client.fetchProfile() - .then( - function (result) { - do_check_eq(client._Request._requestUri, "http://127.0.0.1:1111/v1/profile"); - do_check_eq(result.email, "someone@restmail.net"); - do_check_eq(result.uid, "0d5c1a89b8c54580b8e3e8adadae864a"); - run_next_test(); - } - ); -}); - -add_test(function parseErrorResponse () { - let client = new FxAccountsProfileClient(PROFILE_OPTIONS); - let response = { - success: true, - status: STATUS_SUCCESS, - body: "unexpected", - }; - - client._Request = new mockResponse(response); - client.fetchProfile() - .then( - null, - function (e) { - do_check_eq(e.name, "FxAccountsProfileClientError"); - do_check_eq(e.code, STATUS_SUCCESS); - do_check_eq(e.errno, ERRNO_PARSE); - do_check_eq(e.error, ERROR_PARSE); - do_check_eq(e.message, "unexpected"); - run_next_test(); - } - ); -}); - -add_test(function serverErrorResponse () { - let client = new FxAccountsProfileClient(PROFILE_OPTIONS); - let response = { - status: 500, - body: "{ \"code\": 500, \"errno\": 100, \"error\": \"Bad Request\", \"message\": \"Something went wrong\", \"reason\": \"Because the internet\" }", - }; - - client._Request = new mockResponse(response); - client.fetchProfile() - .then( - null, - function (e) { - do_check_eq(e.name, "FxAccountsProfileClientError"); - do_check_eq(e.code, 500); - do_check_eq(e.errno, 100); - do_check_eq(e.error, "Bad Request"); - do_check_eq(e.message, "Something went wrong"); - run_next_test(); - } - ); -}); - -// Test that we get a token, then if we get a 401 we revoke it, get a new one -// and retry. -add_test(function server401ResponseThenSuccess () { - // The last token we handed out. - let lastToken = -1; - // The number of times our removeCachedOAuthToken function was called. - let numTokensRemoved = 0; - - let mockFxa = { - getOAuthToken(options) { - do_check_eq(options.scope, "profile"); - return "" + ++lastToken; // tokens are strings. - }, - removeCachedOAuthToken(options) { - // This test never has more than 1 token alive at once, so the token - // being revoked must always be the last token we handed out. - do_check_eq(parseInt(options.token), lastToken); - ++numTokensRemoved; - } - } - let profileOptions = { - serverURL: "http://127.0.0.1:1111/v1", - fxa: mockFxa, - }; - let client = new FxAccountsProfileClient(profileOptions); - - // 2 responses - first one implying the token has expired, second works. - let responses = [ - { - status: 401, - body: "{ \"code\": 401, \"errno\": 100, \"error\": \"Token expired\", \"message\": \"That token is too old\", \"reason\": \"Because security\" }", - }, - { - success: true, - status: STATUS_SUCCESS, - body: "{\"avatar\":\"http://example.com/image.jpg\",\"id\":\"0d5c1a89b8c54580b8e3e8adadae864a\"}", - }, - ]; - - let numRequests = 0; - let numAuthHeaders = 0; - // Like mockResponse but we want access to headers etc. - client._Request = function(requestUri) { - return { - setHeader: function (name, value) { - if (name == "Authorization") { - numAuthHeaders++; - do_check_eq(value, "Bearer " + lastToken); - } - }, - get: function () { - this.response = responses[numRequests]; - ++numRequests; - this.onComplete(); - } - }; - } - - client.fetchProfile() - .then(result => { - do_check_eq(result.avatar, "http://example.com/image.jpg"); - do_check_eq(result.id, "0d5c1a89b8c54580b8e3e8adadae864a"); - // should have been exactly 2 requests and exactly 2 auth headers. - do_check_eq(numRequests, 2); - do_check_eq(numAuthHeaders, 2); - // and we should have seen one token revoked. - do_check_eq(numTokensRemoved, 1); - - run_next_test(); - } - ); -}); - -// Test that we get a token, then if we get a 401 we revoke it, get a new one -// and retry - but we *still* get a 401 on the retry, so the caller sees that. -add_test(function server401ResponsePersists () { - // The last token we handed out. - let lastToken = -1; - // The number of times our removeCachedOAuthToken function was called. - let numTokensRemoved = 0; - - let mockFxa = { - getOAuthToken(options) { - do_check_eq(options.scope, "profile"); - return "" + ++lastToken; // tokens are strings. - }, - removeCachedOAuthToken(options) { - // This test never has more than 1 token alive at once, so the token - // being revoked must always be the last token we handed out. - do_check_eq(parseInt(options.token), lastToken); - ++numTokensRemoved; - } - } - let profileOptions = { - serverURL: "http://127.0.0.1:1111/v1", - fxa: mockFxa, - }; - let client = new FxAccountsProfileClient(profileOptions); - - let response = { - status: 401, - body: "{ \"code\": 401, \"errno\": 100, \"error\": \"It's not your token, it's you!\", \"message\": \"I don't like you\", \"reason\": \"Because security\" }", - }; - - let numRequests = 0; - let numAuthHeaders = 0; - client._Request = function(requestUri) { - return { - setHeader: function (name, value) { - if (name == "Authorization") { - numAuthHeaders++; - do_check_eq(value, "Bearer " + lastToken); - } - }, - get: function () { - this.response = response; - ++numRequests; - this.onComplete(); - } - }; - } - - client.fetchProfile().then( - null, - function (e) { - do_check_eq(e.name, "FxAccountsProfileClientError"); - do_check_eq(e.code, 401); - do_check_eq(e.errno, 100); - do_check_eq(e.error, "It's not your token, it's you!"); - // should have been exactly 2 requests and exactly 2 auth headers. - do_check_eq(numRequests, 2); - do_check_eq(numAuthHeaders, 2); - // and we should have seen both tokens revoked. - do_check_eq(numTokensRemoved, 2); - run_next_test(); - } - ); -}); - -add_test(function networkErrorResponse () { - let client = new FxAccountsProfileClient({ - serverURL: "http://domain.dummy", - fxa: mockFxa, - }); - client.fetchProfile() - .then( - null, - function (e) { - do_check_eq(e.name, "FxAccountsProfileClientError"); - do_check_eq(e.code, null); - do_check_eq(e.errno, ERRNO_NETWORK); - do_check_eq(e.error, ERROR_NETWORK); - run_next_test(); - } - ); -}); - -add_test(function unsupportedMethod () { - let client = new FxAccountsProfileClient(PROFILE_OPTIONS); - - return client._createRequest("/profile", "PUT") - .then( - null, - function (e) { - do_check_eq(e.name, "FxAccountsProfileClientError"); - do_check_eq(e.code, ERROR_CODE_METHOD_NOT_ALLOWED); - do_check_eq(e.errno, ERRNO_NETWORK); - do_check_eq(e.error, ERROR_NETWORK); - do_check_eq(e.message, ERROR_MSG_METHOD_NOT_ALLOWED); - run_next_test(); - } - ); -}); - -add_test(function onCompleteRequestError () { - let client = new FxAccountsProfileClient(PROFILE_OPTIONS); - client._Request = new mockResponseError(new Error("onComplete error")); - client.fetchProfile() - .then( - null, - function (e) { - do_check_eq(e.name, "FxAccountsProfileClientError"); - do_check_eq(e.code, null); - do_check_eq(e.errno, ERRNO_NETWORK); - do_check_eq(e.error, ERROR_NETWORK); - do_check_eq(e.message, "Error: onComplete error"); - run_next_test(); - } - ); -}); - -add_test(function fetchProfileImage_successfulResponse () { - let client = new FxAccountsProfileClient(PROFILE_OPTIONS); - let response = { - success: true, - status: STATUS_SUCCESS, - body: "{\"avatar\":\"http://example.com/image.jpg\",\"id\":\"0d5c1a89b8c54580b8e3e8adadae864a\"}", - }; - - client._Request = new mockResponse(response); - client.fetchProfileImage() - .then( - function (result) { - do_check_eq(client._Request._requestUri, "http://127.0.0.1:1111/v1/avatar"); - do_check_eq(result.avatar, "http://example.com/image.jpg"); - do_check_eq(result.id, "0d5c1a89b8c54580b8e3e8adadae864a"); - run_next_test(); - } - ); -}); - -add_test(function constructorTests() { - validationHelper(undefined, - "Error: Missing 'serverURL' configuration option"); - - validationHelper({}, - "Error: Missing 'serverURL' configuration option"); - - validationHelper({ serverURL: "badUrl" }, - "Error: Invalid 'serverURL'"); - - run_next_test(); -}); - -add_test(function errorTests() { - let error1 = new FxAccountsProfileClientError(); - do_check_eq(error1.name, "FxAccountsProfileClientError"); - do_check_eq(error1.code, null); - do_check_eq(error1.errno, ERRNO_UNKNOWN_ERROR); - do_check_eq(error1.error, ERROR_UNKNOWN); - do_check_eq(error1.message, null); - - let error2 = new FxAccountsProfileClientError({ - code: STATUS_SUCCESS, - errno: 1, - error: "Error", - message: "Something", - }); - let fields2 = error2._toStringFields(); - let statusCode = 1; - - do_check_eq(error2.name, "FxAccountsProfileClientError"); - do_check_eq(error2.code, STATUS_SUCCESS); - do_check_eq(error2.errno, statusCode); - do_check_eq(error2.error, "Error"); - do_check_eq(error2.message, "Something"); - - do_check_eq(fields2.name, "FxAccountsProfileClientError"); - do_check_eq(fields2.code, STATUS_SUCCESS); - do_check_eq(fields2.errno, statusCode); - do_check_eq(fields2.error, "Error"); - do_check_eq(fields2.message, "Something"); - - do_check_true(error2.toString().indexOf("Something") >= 0); - run_next_test(); -}); - -function run_test() { - run_next_test(); -} - -/** - * Quick way to test the "FxAccountsProfileClient" constructor. - * - * @param {Object} options - * FxAccountsProfileClient constructor options - * @param {String} expected - * Expected error message - * @returns {*} - */ -function validationHelper(options, expected) { - // add fxa to options - that missing isn't what we are testing here. - if (options) { - options.fxa = mockFxa; - } - try { - new FxAccountsProfileClient(options); - } catch (e) { - return do_check_eq(e.toString(), expected); - } - throw new Error("Validation helper error"); -} diff --git a/services/fxaccounts/tests/xpcshell/test_push_service.js b/services/fxaccounts/tests/xpcshell/test_push_service.js deleted file mode 100644 index 8d66f6fa8..000000000 --- a/services/fxaccounts/tests/xpcshell/test_push_service.js +++ /dev/null @@ -1,236 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - * http://creativecommons.org/publicdomain/zero/1.0/ */ - -"use strict"; - -// Tests for the FxA push service. - -Cu.import("resource://gre/modules/Task.jsm"); -Cu.import("resource://gre/modules/Services.jsm"); -Cu.import("resource://gre/modules/Promise.jsm"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -Cu.import("resource://gre/modules/FxAccountsPush.js"); -Cu.import("resource://gre/modules/Log.jsm"); - -XPCOMUtils.defineLazyServiceGetter(this, "pushService", - "@mozilla.org/push/Service;1", "nsIPushService"); - -initTestLogging("Trace"); -log.level = Log.Level.Trace; - -const MOCK_ENDPOINT = "http://mochi.test:8888"; - -// tests do not allow external connections, mock the PushService -let mockPushService = { - pushTopic: this.pushService.pushTopic, - subscriptionChangeTopic: this.pushService.subscriptionChangeTopic, - subscribe(scope, principal, cb) { - cb(Components.results.NS_OK, { - endpoint: MOCK_ENDPOINT - }); - }, - unsubscribe(scope, principal, cb) { - cb(Components.results.NS_OK, true); - } -}; - -let mockFxAccounts = { - checkVerificationStatus() {}, - updateDeviceRegistration() {} -}; - -let mockLog = { - trace() {}, - debug() {}, - warn() {}, - error() {} -}; - - -add_task(function* initialize() { - let pushService = new FxAccountsPushService(); - equal(pushService.initialize(), false); -}); - -add_task(function* registerPushEndpointSuccess() { - let pushService = new FxAccountsPushService({ - pushService: mockPushService, - fxAccounts: mockFxAccounts, - }); - - let subscription = yield pushService.registerPushEndpoint(); - equal(subscription.endpoint, MOCK_ENDPOINT); -}); - -add_task(function* registerPushEndpointFailure() { - let failPushService = Object.assign(mockPushService, { - subscribe(scope, principal, cb) { - cb(Components.results.NS_ERROR_ABORT); - } - }); - - let pushService = new FxAccountsPushService({ - pushService: failPushService, - fxAccounts: mockFxAccounts, - }); - - let subscription = yield pushService.registerPushEndpoint(); - equal(subscription, null); -}); - -add_task(function* unsubscribeSuccess() { - let pushService = new FxAccountsPushService({ - pushService: mockPushService, - fxAccounts: mockFxAccounts, - }); - - let result = yield pushService.unsubscribe(); - equal(result, true); -}); - -add_task(function* unsubscribeFailure() { - let failPushService = Object.assign(mockPushService, { - unsubscribe(scope, principal, cb) { - cb(Components.results.NS_ERROR_ABORT); - } - }); - - let pushService = new FxAccountsPushService({ - pushService: failPushService, - fxAccounts: mockFxAccounts, - }); - - let result = yield pushService.unsubscribe(); - equal(result, null); -}); - -add_test(function observeLogout() { - let customLog = Object.assign(mockLog, { - trace: function (msg) { - if (msg === "FxAccountsPushService unsubscribe") { - // logout means we unsubscribe - run_next_test(); - } - } - }); - - let pushService = new FxAccountsPushService({ - pushService: mockPushService, - log: customLog - }); - - pushService.observe(null, ONLOGOUT_NOTIFICATION); -}); - -add_test(function observePushTopicVerify() { - let emptyMsg = { - QueryInterface: function() { - return this; - } - }; - let customAccounts = Object.assign(mockFxAccounts, { - checkVerificationStatus: function () { - // checking verification status on push messages without data - run_next_test(); - } - }); - - let pushService = new FxAccountsPushService({ - pushService: mockPushService, - fxAccounts: customAccounts, - }); - - pushService.observe(emptyMsg, mockPushService.pushTopic, FXA_PUSH_SCOPE_ACCOUNT_UPDATE); -}); - -add_test(function observePushTopicDeviceDisconnected() { - const deviceId = "bogusid"; - let msg = { - data: { - json: () => ({ - command: ON_DEVICE_DISCONNECTED_NOTIFICATION, - data: { - id: deviceId - } - }) - }, - QueryInterface: function() { - return this; - } - }; - let customAccounts = Object.assign(mockFxAccounts, { - handleDeviceDisconnection: function () { - // checking verification status on push messages without data - run_next_test(); - } - }); - - let pushService = new FxAccountsPushService({ - pushService: mockPushService, - fxAccounts: customAccounts, - }); - - pushService.observe(msg, mockPushService.pushTopic, FXA_PUSH_SCOPE_ACCOUNT_UPDATE); -}); - -add_test(function observePushTopicPasswordChanged() { - let msg = { - data: { - json: () => ({ - command: ON_PASSWORD_CHANGED_NOTIFICATION - }) - }, - QueryInterface: function() { - return this; - } - }; - - let pushService = new FxAccountsPushService({ - pushService: mockPushService, - }); - - pushService._onPasswordChanged = function () { - run_next_test(); - } - - pushService.observe(msg, mockPushService.pushTopic, FXA_PUSH_SCOPE_ACCOUNT_UPDATE); -}); - -add_test(function observePushTopicPasswordReset() { - let msg = { - data: { - json: () => ({ - command: ON_PASSWORD_RESET_NOTIFICATION - }) - }, - QueryInterface: function() { - return this; - } - }; - - let pushService = new FxAccountsPushService({ - pushService: mockPushService - }); - - pushService._onPasswordChanged = function () { - run_next_test(); - } - - pushService.observe(msg, mockPushService.pushTopic, FXA_PUSH_SCOPE_ACCOUNT_UPDATE); -}); - -add_test(function observeSubscriptionChangeTopic() { - let customAccounts = Object.assign(mockFxAccounts, { - updateDeviceRegistration: function () { - // subscription change means updating the device registration - run_next_test(); - } - }); - - let pushService = new FxAccountsPushService({ - pushService: mockPushService, - fxAccounts: customAccounts, - }); - - pushService.observe(null, mockPushService.subscriptionChangeTopic, FXA_PUSH_SCOPE_ACCOUNT_UPDATE); -}); diff --git a/services/fxaccounts/tests/xpcshell/test_storage_manager.js b/services/fxaccounts/tests/xpcshell/test_storage_manager.js deleted file mode 100644 index 6a293a0ff..000000000 --- a/services/fxaccounts/tests/xpcshell/test_storage_manager.js +++ /dev/null @@ -1,477 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - * http://creativecommons.org/publicdomain/zero/1.0/ */ - -"use strict"; - -// Tests for the FxA storage manager. - -Cu.import("resource://gre/modules/Task.jsm"); -Cu.import("resource://gre/modules/Services.jsm"); -Cu.import("resource://gre/modules/FxAccountsStorage.jsm"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -Cu.import("resource://gre/modules/Log.jsm"); - -initTestLogging("Trace"); -log.level = Log.Level.Trace; - -const DEVICE_REGISTRATION_VERSION = 42; - -// A couple of mocks we can use. -function MockedPlainStorage(accountData) { - let data = null; - if (accountData) { - data = { - version: DATA_FORMAT_VERSION, - accountData: accountData, - } - } - this.data = data; - this.numReads = 0; -} -MockedPlainStorage.prototype = { - get: Task.async(function* () { - this.numReads++; - Assert.equal(this.numReads, 1, "should only ever be 1 read of acct data"); - return this.data; - }), - - set: Task.async(function* (data) { - this.data = data; - }), -}; - -function MockedSecureStorage(accountData) { - let data = null; - if (accountData) { - data = { - version: DATA_FORMAT_VERSION, - accountData: accountData, - } - } - this.data = data; - this.numReads = 0; -} - -MockedSecureStorage.prototype = { - fetchCount: 0, - locked: false, - STORAGE_LOCKED: function() {}, - get: Task.async(function* (uid, email) { - this.fetchCount++; - if (this.locked) { - throw new this.STORAGE_LOCKED(); - } - this.numReads++; - Assert.equal(this.numReads, 1, "should only ever be 1 read of unlocked data"); - return this.data; - }), - - set: Task.async(function* (uid, contents) { - this.data = contents; - }), -} - -function add_storage_task(testFunction) { - add_task(function* () { - print("Starting test with secure storage manager"); - yield testFunction(new FxAccountsStorageManager()); - }); - add_task(function* () { - print("Starting test with simple storage manager"); - yield testFunction(new FxAccountsStorageManager({useSecure: false})); - }); -} - -// initialized without account data and there's nothing to read. Not logged in. -add_storage_task(function* checkInitializedEmpty(sm) { - if (sm.secureStorage) { - sm.secureStorage = new MockedSecureStorage(null); - } - yield sm.initialize(); - Assert.strictEqual((yield sm.getAccountData()), null); - Assert.rejects(sm.updateAccountData({kA: "kA"}), "No user is logged in") -}); - -// Initialized with account data (ie, simulating a new user being logged in). -// Should reflect the initial data and be written to storage. -add_storage_task(function* checkNewUser(sm) { - let initialAccountData = { - uid: "uid", - email: "someone@somewhere.com", - kA: "kA", - deviceId: "device id" - }; - sm.plainStorage = new MockedPlainStorage() - if (sm.secureStorage) { - sm.secureStorage = new MockedSecureStorage(null); - } - yield sm.initialize(initialAccountData); - let accountData = yield sm.getAccountData(); - Assert.equal(accountData.uid, initialAccountData.uid); - Assert.equal(accountData.email, initialAccountData.email); - Assert.equal(accountData.kA, initialAccountData.kA); - Assert.equal(accountData.deviceId, initialAccountData.deviceId); - - // and it should have been written to storage. - Assert.equal(sm.plainStorage.data.accountData.uid, initialAccountData.uid); - Assert.equal(sm.plainStorage.data.accountData.email, initialAccountData.email); - Assert.equal(sm.plainStorage.data.accountData.deviceId, initialAccountData.deviceId); - // check secure - if (sm.secureStorage) { - Assert.equal(sm.secureStorage.data.accountData.kA, initialAccountData.kA); - } else { - Assert.equal(sm.plainStorage.data.accountData.kA, initialAccountData.kA); - } -}); - -// Initialized without account data but storage has it available. -add_storage_task(function* checkEverythingRead(sm) { - sm.plainStorage = new MockedPlainStorage({ - uid: "uid", - email: "someone@somewhere.com", - deviceId: "wibble", - deviceRegistrationVersion: null - }); - if (sm.secureStorage) { - sm.secureStorage = new MockedSecureStorage(null); - } - yield sm.initialize(); - let accountData = yield sm.getAccountData(); - Assert.ok(accountData, "read account data"); - Assert.equal(accountData.uid, "uid"); - Assert.equal(accountData.email, "someone@somewhere.com"); - Assert.equal(accountData.deviceId, "wibble"); - Assert.equal(accountData.deviceRegistrationVersion, null); - // Update the data - we should be able to fetch it back and it should appear - // in our storage. - yield sm.updateAccountData({ - verified: true, - kA: "kA", - kB: "kB", - deviceRegistrationVersion: DEVICE_REGISTRATION_VERSION - }); - accountData = yield sm.getAccountData(); - Assert.equal(accountData.kB, "kB"); - Assert.equal(accountData.kA, "kA"); - Assert.equal(accountData.deviceId, "wibble"); - Assert.equal(accountData.deviceRegistrationVersion, DEVICE_REGISTRATION_VERSION); - // Check the new value was written to storage. - yield sm._promiseStorageComplete; // storage is written in the background. - // "verified", "deviceId" and "deviceRegistrationVersion" are plain-text fields. - Assert.equal(sm.plainStorage.data.accountData.verified, true); - Assert.equal(sm.plainStorage.data.accountData.deviceId, "wibble"); - Assert.equal(sm.plainStorage.data.accountData.deviceRegistrationVersion, DEVICE_REGISTRATION_VERSION); - // "kA" and "foo" are secure - if (sm.secureStorage) { - Assert.equal(sm.secureStorage.data.accountData.kA, "kA"); - Assert.equal(sm.secureStorage.data.accountData.kB, "kB"); - } else { - Assert.equal(sm.plainStorage.data.accountData.kA, "kA"); - Assert.equal(sm.plainStorage.data.accountData.kB, "kB"); - } -}); - -add_storage_task(function* checkInvalidUpdates(sm) { - sm.plainStorage = new MockedPlainStorage({uid: "uid", email: "someone@somewhere.com"}) - if (sm.secureStorage) { - sm.secureStorage = new MockedSecureStorage(null); - } - Assert.rejects(sm.updateAccountData({uid: "another"}), "Can't change"); - Assert.rejects(sm.updateAccountData({email: "someoneelse"}), "Can't change"); -}); - -add_storage_task(function* checkNullUpdatesRemovedUnlocked(sm) { - if (sm.secureStorage) { - sm.plainStorage = new MockedPlainStorage({uid: "uid", email: "someone@somewhere.com"}) - sm.secureStorage = new MockedSecureStorage({kA: "kA", kB: "kB"}); - } else { - sm.plainStorage = new MockedPlainStorage({uid: "uid", email: "someone@somewhere.com", - kA: "kA", kB: "kB"}); - } - yield sm.initialize(); - - yield sm.updateAccountData({kA: null}); - let accountData = yield sm.getAccountData(); - Assert.ok(!accountData.kA); - Assert.equal(accountData.kB, "kB"); -}); - -add_storage_task(function* checkDelete(sm) { - if (sm.secureStorage) { - sm.plainStorage = new MockedPlainStorage({uid: "uid", email: "someone@somewhere.com"}) - sm.secureStorage = new MockedSecureStorage({kA: "kA", kB: "kB"}); - } else { - sm.plainStorage = new MockedPlainStorage({uid: "uid", email: "someone@somewhere.com", - kA: "kA", kB: "kB"}); - } - yield sm.initialize(); - - yield sm.deleteAccountData(); - // Storage should have been reset to null. - Assert.equal(sm.plainStorage.data, null); - if (sm.secureStorage) { - Assert.equal(sm.secureStorage.data, null); - } - // And everything should reflect no user. - Assert.equal((yield sm.getAccountData()), null); -}); - -// Some tests only for the secure storage manager. -add_task(function* checkNullUpdatesRemovedLocked() { - let sm = new FxAccountsStorageManager(); - sm.plainStorage = new MockedPlainStorage({uid: "uid", email: "someone@somewhere.com"}) - sm.secureStorage = new MockedSecureStorage({kA: "kA", kB: "kB"}); - sm.secureStorage.locked = true; - yield sm.initialize(); - - yield sm.updateAccountData({kA: null}); - let accountData = yield sm.getAccountData(); - Assert.ok(!accountData.kA); - // still no kB as we are locked. - Assert.ok(!accountData.kB); - - // now unlock - should still be no kA but kB should appear. - sm.secureStorage.locked = false; - accountData = yield sm.getAccountData(); - Assert.ok(!accountData.kA); - Assert.equal(accountData.kB, "kB"); - // And secure storage should have been written with our previously-cached - // data. - Assert.strictEqual(sm.secureStorage.data.accountData.kA, undefined); - Assert.strictEqual(sm.secureStorage.data.accountData.kB, "kB"); -}); - -add_task(function* checkEverythingReadSecure() { - let sm = new FxAccountsStorageManager(); - sm.plainStorage = new MockedPlainStorage({uid: "uid", email: "someone@somewhere.com"}) - sm.secureStorage = new MockedSecureStorage({kA: "kA"}); - yield sm.initialize(); - - let accountData = yield sm.getAccountData(); - Assert.ok(accountData, "read account data"); - Assert.equal(accountData.uid, "uid"); - Assert.equal(accountData.email, "someone@somewhere.com"); - Assert.equal(accountData.kA, "kA"); -}); - -add_task(function* checkMemoryFieldsNotReturnedByDefault() { - let sm = new FxAccountsStorageManager(); - sm.plainStorage = new MockedPlainStorage({uid: "uid", email: "someone@somewhere.com"}) - sm.secureStorage = new MockedSecureStorage({kA: "kA"}); - yield sm.initialize(); - - // keyPair is a memory field. - yield sm.updateAccountData({keyPair: "the keypair value"}); - let accountData = yield sm.getAccountData(); - - // Requesting everything should *not* return in memory fields. - Assert.strictEqual(accountData.keyPair, undefined); - // But requesting them specifically does get them. - accountData = yield sm.getAccountData("keyPair"); - Assert.strictEqual(accountData.keyPair, "the keypair value"); -}); - -add_task(function* checkExplicitGet() { - let sm = new FxAccountsStorageManager(); - sm.plainStorage = new MockedPlainStorage({uid: "uid", email: "someone@somewhere.com"}) - sm.secureStorage = new MockedSecureStorage({kA: "kA"}); - yield sm.initialize(); - - let accountData = yield sm.getAccountData(["uid", "kA"]); - Assert.ok(accountData, "read account data"); - Assert.equal(accountData.uid, "uid"); - Assert.equal(accountData.kA, "kA"); - // We didn't ask for email so shouldn't have got it. - Assert.strictEqual(accountData.email, undefined); -}); - -add_task(function* checkExplicitGetNoSecureRead() { - let sm = new FxAccountsStorageManager(); - sm.plainStorage = new MockedPlainStorage({uid: "uid", email: "someone@somewhere.com"}) - sm.secureStorage = new MockedSecureStorage({kA: "kA"}); - yield sm.initialize(); - - Assert.equal(sm.secureStorage.fetchCount, 0); - // request 2 fields in secure storage - it should have caused a single fetch. - let accountData = yield sm.getAccountData(["email", "uid"]); - Assert.ok(accountData, "read account data"); - Assert.equal(accountData.uid, "uid"); - Assert.equal(accountData.email, "someone@somewhere.com"); - Assert.strictEqual(accountData.kA, undefined); - Assert.equal(sm.secureStorage.fetchCount, 1); -}); - -add_task(function* checkLockedUpdates() { - let sm = new FxAccountsStorageManager(); - sm.plainStorage = new MockedPlainStorage({uid: "uid", email: "someone@somewhere.com"}) - sm.secureStorage = new MockedSecureStorage({kA: "old-kA", kB: "kB"}); - sm.secureStorage.locked = true; - yield sm.initialize(); - - let accountData = yield sm.getAccountData(); - // requesting kA and kB will fail as storage is locked. - Assert.ok(!accountData.kA); - Assert.ok(!accountData.kB); - // While locked we can still update it and see the updated value. - sm.updateAccountData({kA: "new-kA"}); - accountData = yield sm.getAccountData(); - Assert.equal(accountData.kA, "new-kA"); - // unlock. - sm.secureStorage.locked = false; - accountData = yield sm.getAccountData(); - // should reflect the value we updated and the one we didn't. - Assert.equal(accountData.kA, "new-kA"); - Assert.equal(accountData.kB, "kB"); - // And storage should also reflect it. - Assert.strictEqual(sm.secureStorage.data.accountData.kA, "new-kA"); - Assert.strictEqual(sm.secureStorage.data.accountData.kB, "kB"); -}); - -// Some tests for the "storage queue" functionality. - -// A helper for our queued tests. It creates a StorageManager and then queues -// an unresolved promise. The tests then do additional setup and checks, then -// resolves or rejects the blocked promise. -var setupStorageManagerForQueueTest = Task.async(function* () { - let sm = new FxAccountsStorageManager(); - sm.plainStorage = new MockedPlainStorage({uid: "uid", email: "someone@somewhere.com"}) - sm.secureStorage = new MockedSecureStorage({kA: "kA"}); - sm.secureStorage.locked = true; - yield sm.initialize(); - - let resolveBlocked, rejectBlocked; - let blockedPromise = new Promise((resolve, reject) => { - resolveBlocked = resolve; - rejectBlocked = reject; - }); - - sm._queueStorageOperation(() => blockedPromise); - return {sm, blockedPromise, resolveBlocked, rejectBlocked} -}); - -// First the general functionality. -add_task(function* checkQueueSemantics() { - let { sm, resolveBlocked } = yield setupStorageManagerForQueueTest(); - - // We've one unresolved promise in the queue - add another promise. - let resolveSubsequent; - let subsequentPromise = new Promise(resolve => { - resolveSubsequent = resolve; - }); - let subsequentCalled = false; - - sm._queueStorageOperation(() => { - subsequentCalled = true; - resolveSubsequent(); - return subsequentPromise; - }); - - // Our "subsequent" function should not have been called yet. - Assert.ok(!subsequentCalled); - - // Release our blocked promise. - resolveBlocked(); - - // Our subsequent promise should end up resolved. - yield subsequentPromise; - Assert.ok(subsequentCalled); - yield sm.finalize(); -}); - -// Check that a queued promise being rejected works correctly. -add_task(function* checkQueueSemanticsOnError() { - let { sm, blockedPromise, rejectBlocked } = yield setupStorageManagerForQueueTest(); - - let resolveSubsequent; - let subsequentPromise = new Promise(resolve => { - resolveSubsequent = resolve; - }); - let subsequentCalled = false; - - sm._queueStorageOperation(() => { - subsequentCalled = true; - resolveSubsequent(); - return subsequentPromise; - }); - - // Our "subsequent" function should not have been called yet. - Assert.ok(!subsequentCalled); - - // Reject our blocked promise - the subsequent operations should still work - // correctly. - rejectBlocked("oh no"); - - // Our subsequent promise should end up resolved. - yield subsequentPromise; - Assert.ok(subsequentCalled); - - // But the first promise should reflect the rejection. - try { - yield blockedPromise; - Assert.ok(false, "expected this promise to reject"); - } catch (ex) { - Assert.equal(ex, "oh no"); - } - yield sm.finalize(); -}); - - -// And some tests for the specific operations that are queued. -add_task(function* checkQueuedReadAndUpdate() { - let { sm, resolveBlocked } = yield setupStorageManagerForQueueTest(); - // Mock the underlying operations - // _doReadAndUpdateSecure is queued by _maybeReadAndUpdateSecure - let _doReadCalled = false; - sm._doReadAndUpdateSecure = () => { - _doReadCalled = true; - return Promise.resolve(); - } - - let resultPromise = sm._maybeReadAndUpdateSecure(); - Assert.ok(!_doReadCalled); - - resolveBlocked(); - yield resultPromise; - Assert.ok(_doReadCalled); - yield sm.finalize(); -}); - -add_task(function* checkQueuedWrite() { - let { sm, resolveBlocked } = yield setupStorageManagerForQueueTest(); - // Mock the underlying operations - let __writeCalled = false; - sm.__write = () => { - __writeCalled = true; - return Promise.resolve(); - } - - let writePromise = sm._write(); - Assert.ok(!__writeCalled); - - resolveBlocked(); - yield writePromise; - Assert.ok(__writeCalled); - yield sm.finalize(); -}); - -add_task(function* checkQueuedDelete() { - let { sm, resolveBlocked } = yield setupStorageManagerForQueueTest(); - // Mock the underlying operations - let _deleteCalled = false; - sm._deleteAccountData = () => { - _deleteCalled = true; - return Promise.resolve(); - } - - let resultPromise = sm.deleteAccountData(); - Assert.ok(!_deleteCalled); - - resolveBlocked(); - yield resultPromise; - Assert.ok(_deleteCalled); - yield sm.finalize(); -}); - -function run_test() { - run_next_test(); -} diff --git a/services/fxaccounts/tests/xpcshell/test_web_channel.js b/services/fxaccounts/tests/xpcshell/test_web_channel.js deleted file mode 100644 index 3cf566278..000000000 --- a/services/fxaccounts/tests/xpcshell/test_web_channel.js +++ /dev/null @@ -1,499 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - * http://creativecommons.org/publicdomain/zero/1.0/ */ - -"use strict"; - -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -const { FxAccountsWebChannel, FxAccountsWebChannelHelpers } = - Cu.import("resource://gre/modules/FxAccountsWebChannel.jsm"); - -const URL_STRING = "https://example.com"; - -const mockSendingContext = { - browser: {}, - principal: {}, - eventTarget: {} -}; - -add_test(function () { - validationHelper(undefined, - "Error: Missing configuration options"); - - validationHelper({ - channel_id: WEBCHANNEL_ID - }, - "Error: Missing 'content_uri' option"); - - validationHelper({ - content_uri: 'bad uri', - channel_id: WEBCHANNEL_ID - }, - /NS_ERROR_MALFORMED_URI/); - - validationHelper({ - content_uri: URL_STRING - }, - 'Error: Missing \'channel_id\' option'); - - run_next_test(); -}); - -add_task(function* test_rejection_reporting() { - let mockMessage = { - command: 'fxaccounts:login', - messageId: '1234', - data: { email: 'testuser@testuser.com' }, - }; - - let channel = new FxAccountsWebChannel({ - channel_id: WEBCHANNEL_ID, - content_uri: URL_STRING, - helpers: { - login(accountData) { - equal(accountData.email, 'testuser@testuser.com', - 'Should forward incoming message data to the helper'); - return Promise.reject(new Error('oops')); - }, - }, - }); - - let promiseSend = new Promise(resolve => { - channel._channel.send = (message, context) => { - resolve({ message, context }); - }; - }); - - channel._channelCallback(WEBCHANNEL_ID, mockMessage, mockSendingContext); - - let { message, context } = yield promiseSend; - - equal(context, mockSendingContext, 'Should forward the original context'); - equal(message.command, 'fxaccounts:login', - 'Should include the incoming command'); - equal(message.messageId, '1234', 'Should include the message ID'); - equal(message.data.error.message, 'Error: oops', - 'Should convert the error message to a string'); - notStrictEqual(message.data.error.stack, null, - 'Should include the stack for JS error rejections'); -}); - -add_test(function test_exception_reporting() { - let mockMessage = { - command: 'fxaccounts:sync_preferences', - messageId: '5678', - data: { entryPoint: 'fxa:verification_complete' } - }; - - let channel = new FxAccountsWebChannel({ - channel_id: WEBCHANNEL_ID, - content_uri: URL_STRING, - helpers: { - openSyncPreferences(browser, entryPoint) { - equal(entryPoint, 'fxa:verification_complete', - 'Should forward incoming message data to the helper'); - throw new TypeError('splines not reticulated'); - }, - }, - }); - - channel._channel.send = (message, context) => { - equal(context, mockSendingContext, 'Should forward the original context'); - equal(message.command, 'fxaccounts:sync_preferences', - 'Should include the incoming command'); - equal(message.messageId, '5678', 'Should include the message ID'); - equal(message.data.error.message, 'TypeError: splines not reticulated', - 'Should convert the exception to a string'); - notStrictEqual(message.data.error.stack, null, - 'Should include the stack for JS exceptions'); - - run_next_test(); - }; - - channel._channelCallback(WEBCHANNEL_ID, mockMessage, mockSendingContext); -}); - -add_test(function test_profile_image_change_message() { - var mockMessage = { - command: "profile:change", - data: { uid: "foo" } - }; - - makeObserver(ON_PROFILE_CHANGE_NOTIFICATION, function (subject, topic, data) { - do_check_eq(data, "foo"); - run_next_test(); - }); - - var channel = new FxAccountsWebChannel({ - channel_id: WEBCHANNEL_ID, - content_uri: URL_STRING - }); - - channel._channelCallback(WEBCHANNEL_ID, mockMessage, mockSendingContext); -}); - -add_test(function test_login_message() { - let mockMessage = { - command: 'fxaccounts:login', - data: { email: 'testuser@testuser.com' } - }; - - let channel = new FxAccountsWebChannel({ - channel_id: WEBCHANNEL_ID, - content_uri: URL_STRING, - helpers: { - login: function (accountData) { - do_check_eq(accountData.email, 'testuser@testuser.com'); - run_next_test(); - return Promise.resolve(); - } - } - }); - - channel._channelCallback(WEBCHANNEL_ID, mockMessage, mockSendingContext); -}); - -add_test(function test_logout_message() { - let mockMessage = { - command: 'fxaccounts:logout', - data: { uid: "foo" } - }; - - let channel = new FxAccountsWebChannel({ - channel_id: WEBCHANNEL_ID, - content_uri: URL_STRING, - helpers: { - logout: function (uid) { - do_check_eq(uid, 'foo'); - run_next_test(); - return Promise.resolve(); - } - } - }); - - channel._channelCallback(WEBCHANNEL_ID, mockMessage, mockSendingContext); -}); - -add_test(function test_delete_message() { - let mockMessage = { - command: 'fxaccounts:delete', - data: { uid: "foo" } - }; - - let channel = new FxAccountsWebChannel({ - channel_id: WEBCHANNEL_ID, - content_uri: URL_STRING, - helpers: { - logout: function (uid) { - do_check_eq(uid, 'foo'); - run_next_test(); - return Promise.resolve(); - } - } - }); - - channel._channelCallback(WEBCHANNEL_ID, mockMessage, mockSendingContext); -}); - -add_test(function test_can_link_account_message() { - let mockMessage = { - command: 'fxaccounts:can_link_account', - data: { email: 'testuser@testuser.com' } - }; - - let channel = new FxAccountsWebChannel({ - channel_id: WEBCHANNEL_ID, - content_uri: URL_STRING, - helpers: { - shouldAllowRelink: function (email) { - do_check_eq(email, 'testuser@testuser.com'); - run_next_test(); - } - } - }); - - channel._channelCallback(WEBCHANNEL_ID, mockMessage, mockSendingContext); -}); - -add_test(function test_sync_preferences_message() { - let mockMessage = { - command: 'fxaccounts:sync_preferences', - data: { entryPoint: 'fxa:verification_complete' } - }; - - let channel = new FxAccountsWebChannel({ - channel_id: WEBCHANNEL_ID, - content_uri: URL_STRING, - helpers: { - openSyncPreferences: function (browser, entryPoint) { - do_check_eq(entryPoint, 'fxa:verification_complete'); - do_check_eq(browser, mockSendingContext.browser); - run_next_test(); - } - } - }); - - channel._channelCallback(WEBCHANNEL_ID, mockMessage, mockSendingContext); -}); - -add_test(function test_unrecognized_message() { - let mockMessage = { - command: 'fxaccounts:unrecognized', - data: {} - }; - - let channel = new FxAccountsWebChannel({ - channel_id: WEBCHANNEL_ID, - content_uri: URL_STRING - }); - - // no error is expected. - channel._channelCallback(WEBCHANNEL_ID, mockMessage, mockSendingContext); - run_next_test(); -}); - - -add_test(function test_helpers_should_allow_relink_same_email() { - let helpers = new FxAccountsWebChannelHelpers(); - - helpers.setPreviousAccountNameHashPref('testuser@testuser.com'); - do_check_true(helpers.shouldAllowRelink('testuser@testuser.com')); - - run_next_test(); -}); - -add_test(function test_helpers_should_allow_relink_different_email() { - let helpers = new FxAccountsWebChannelHelpers(); - - helpers.setPreviousAccountNameHashPref('testuser@testuser.com'); - - helpers._promptForRelink = (acctName) => { - return acctName === 'allowed_to_relink@testuser.com'; - }; - - do_check_true(helpers.shouldAllowRelink('allowed_to_relink@testuser.com')); - do_check_false(helpers.shouldAllowRelink('not_allowed_to_relink@testuser.com')); - - run_next_test(); -}); - -add_task(function* test_helpers_login_without_customize_sync() { - let helpers = new FxAccountsWebChannelHelpers({ - fxAccounts: { - setSignedInUser: function(accountData) { - return new Promise(resolve => { - // ensure fxAccounts is informed of the new user being signed in. - do_check_eq(accountData.email, 'testuser@testuser.com'); - - // verifiedCanLinkAccount should be stripped in the data. - do_check_false('verifiedCanLinkAccount' in accountData); - - // the customizeSync pref should not update - do_check_false(helpers.getShowCustomizeSyncPref()); - - // previously signed in user preference is updated. - do_check_eq(helpers.getPreviousAccountNameHashPref(), helpers.sha256('testuser@testuser.com')); - - resolve(); - }); - } - } - }); - - // the show customize sync pref should stay the same - helpers.setShowCustomizeSyncPref(false); - - // ensure the previous account pref is overwritten. - helpers.setPreviousAccountNameHashPref('lastuser@testuser.com'); - - yield helpers.login({ - email: 'testuser@testuser.com', - verifiedCanLinkAccount: true, - customizeSync: false - }); -}); - -add_task(function* test_helpers_login_with_customize_sync() { - let helpers = new FxAccountsWebChannelHelpers({ - fxAccounts: { - setSignedInUser: function(accountData) { - return new Promise(resolve => { - // ensure fxAccounts is informed of the new user being signed in. - do_check_eq(accountData.email, 'testuser@testuser.com'); - - // customizeSync should be stripped in the data. - do_check_false('customizeSync' in accountData); - - // the customizeSync pref should not update - do_check_true(helpers.getShowCustomizeSyncPref()); - - resolve(); - }); - } - } - }); - - // the customize sync pref should be overwritten - helpers.setShowCustomizeSyncPref(false); - - yield helpers.login({ - email: 'testuser@testuser.com', - verifiedCanLinkAccount: true, - customizeSync: true - }); -}); - -add_task(function* test_helpers_login_with_customize_sync_and_declined_engines() { - let helpers = new FxAccountsWebChannelHelpers({ - fxAccounts: { - setSignedInUser: function(accountData) { - return new Promise(resolve => { - // ensure fxAccounts is informed of the new user being signed in. - do_check_eq(accountData.email, 'testuser@testuser.com'); - - // customizeSync should be stripped in the data. - do_check_false('customizeSync' in accountData); - do_check_false('declinedSyncEngines' in accountData); - do_check_eq(Services.prefs.getBoolPref("services.sync.engine.addons"), false); - do_check_eq(Services.prefs.getBoolPref("services.sync.engine.bookmarks"), true); - do_check_eq(Services.prefs.getBoolPref("services.sync.engine.history"), true); - do_check_eq(Services.prefs.getBoolPref("services.sync.engine.passwords"), true); - do_check_eq(Services.prefs.getBoolPref("services.sync.engine.prefs"), false); - do_check_eq(Services.prefs.getBoolPref("services.sync.engine.tabs"), true); - - // the customizeSync pref should be disabled - do_check_false(helpers.getShowCustomizeSyncPref()); - - resolve(); - }); - } - } - }); - - // the customize sync pref should be overwritten - helpers.setShowCustomizeSyncPref(true); - - do_check_eq(Services.prefs.getBoolPref("services.sync.engine.addons"), true); - do_check_eq(Services.prefs.getBoolPref("services.sync.engine.bookmarks"), true); - do_check_eq(Services.prefs.getBoolPref("services.sync.engine.history"), true); - do_check_eq(Services.prefs.getBoolPref("services.sync.engine.passwords"), true); - do_check_eq(Services.prefs.getBoolPref("services.sync.engine.prefs"), true); - do_check_eq(Services.prefs.getBoolPref("services.sync.engine.tabs"), true); - yield helpers.login({ - email: 'testuser@testuser.com', - verifiedCanLinkAccount: true, - customizeSync: true, - declinedSyncEngines: ['addons', 'prefs'] - }); -}); - -add_test(function test_helpers_open_sync_preferences() { - let helpers = new FxAccountsWebChannelHelpers({ - fxAccounts: { - } - }); - - let mockBrowser = { - loadURI(uri) { - do_check_eq(uri, "about:preferences?entrypoint=fxa%3Averification_complete#sync"); - run_next_test(); - } - }; - - helpers.openSyncPreferences(mockBrowser, "fxa:verification_complete"); -}); - -add_task(function* test_helpers_change_password() { - let wasCalled = { - updateUserAccountData: false, - updateDeviceRegistration: false - }; - let helpers = new FxAccountsWebChannelHelpers({ - fxAccounts: { - updateUserAccountData(credentials) { - return new Promise(resolve => { - do_check_true(credentials.hasOwnProperty("email")); - do_check_true(credentials.hasOwnProperty("uid")); - do_check_true(credentials.hasOwnProperty("kA")); - do_check_true(credentials.hasOwnProperty("deviceId")); - do_check_null(credentials.deviceId); - // "foo" isn't a field known by storage, so should be dropped. - do_check_false(credentials.hasOwnProperty("foo")); - wasCalled.updateUserAccountData = true; - - resolve(); - }); - }, - - updateDeviceRegistration() { - do_check_eq(arguments.length, 0); - wasCalled.updateDeviceRegistration = true; - return Promise.resolve() - } - } - }); - yield helpers.changePassword({ email: "email", uid: "uid", kA: "kA", foo: "foo" }); - do_check_true(wasCalled.updateUserAccountData); - do_check_true(wasCalled.updateDeviceRegistration); -}); - -add_task(function* test_helpers_change_password_with_error() { - let wasCalled = { - updateUserAccountData: false, - updateDeviceRegistration: false - }; - let helpers = new FxAccountsWebChannelHelpers({ - fxAccounts: { - updateUserAccountData() { - wasCalled.updateUserAccountData = true; - return Promise.reject(); - }, - - updateDeviceRegistration() { - wasCalled.updateDeviceRegistration = true; - return Promise.resolve() - } - } - }); - try { - yield helpers.changePassword({}); - do_check_false('changePassword should have rejected'); - } catch (_) { - do_check_true(wasCalled.updateUserAccountData); - do_check_false(wasCalled.updateDeviceRegistration); - } -}); - -function run_test() { - run_next_test(); -} - -function makeObserver(aObserveTopic, aObserveFunc) { - let callback = function (aSubject, aTopic, aData) { - log.debug("observed " + aTopic + " " + aData); - if (aTopic == aObserveTopic) { - removeMe(); - aObserveFunc(aSubject, aTopic, aData); - } - }; - - function removeMe() { - log.debug("removing observer for " + aObserveTopic); - Services.obs.removeObserver(callback, aObserveTopic); - } - - Services.obs.addObserver(callback, aObserveTopic, false); - return removeMe; -} - -function validationHelper(params, expected) { - try { - new FxAccountsWebChannel(params); - } catch (e) { - if (typeof expected === 'string') { - return do_check_eq(e.toString(), expected); - } else { - return do_check_true(e.toString().match(expected)); - } - } - throw new Error("Validation helper error"); -} diff --git a/services/fxaccounts/tests/xpcshell/xpcshell.ini b/services/fxaccounts/tests/xpcshell/xpcshell.ini deleted file mode 100644 index 56a3d2947..000000000 --- a/services/fxaccounts/tests/xpcshell/xpcshell.ini +++ /dev/null @@ -1,23 +0,0 @@ -[DEFAULT] -head = head.js ../../../common/tests/unit/head_helpers.js ../../../common/tests/unit/head_http.js -tail = -skip-if = (toolkit == 'android' || appname == 'thunderbird') -support-files = - !/services/common/tests/unit/head_helpers.js - !/services/common/tests/unit/head_http.js - -[test_accounts.js] -[test_accounts_device_registration.js] -[test_client.js] -[test_credentials.js] -[test_loginmgr_storage.js] -[test_oauth_client.js] -[test_oauth_grant_client.js] -[test_oauth_grant_client_server.js] -[test_oauth_tokens.js] -[test_oauth_token_storage.js] -[test_profile_client.js] -[test_push_service.js] -[test_web_channel.js] -[test_profile.js] -[test_storage_manager.js] diff --git a/services/moz.build b/services/moz.build index 91f1e285e..e98d15275 100644 --- a/services/moz.build +++ b/services/moz.build @@ -9,8 +9,5 @@ DIRS += [ 'crypto', ] -if CONFIG['MOZ_WIDGET_TOOLKIT'] != 'android': - DIRS += ['fxaccounts'] - if CONFIG['MOZ_SERVICES_SYNC']: DIRS += ['sync'] diff --git a/services/sync/modules-testing/fxa_utils.js b/services/sync/modules-testing/fxa_utils.js deleted file mode 100644 index 70aa17b03..000000000 --- a/services/sync/modules-testing/fxa_utils.js +++ /dev/null @@ -1,58 +0,0 @@ -"use strict";
-
-this.EXPORTED_SYMBOLS = [
- "initializeIdentityWithTokenServerResponse",
-];
-
-var {utils: Cu} = Components;
-
-Cu.import("resource://gre/modules/Log.jsm");
-Cu.import("resource://services-sync/main.js");
-Cu.import("resource://services-sync/browserid_identity.js");
-Cu.import("resource://services-common/tokenserverclient.js");
-Cu.import("resource://testing-common/services/common/logging.js");
-Cu.import("resource://testing-common/services/sync/utils.js");
-
-// Create a new browserid_identity object and initialize it with a
-// mocked TokenServerClient which always receives the specified response.
-this.initializeIdentityWithTokenServerResponse = function(response) {
- // First create a mock "request" object that well' hack into the token server.
- // A log for it
- let requestLog = Log.repository.getLogger("testing.mock-rest");
- if (!requestLog.appenders.length) { // might as well see what it says :)
- requestLog.addAppender(new Log.DumpAppender());
- requestLog.level = Log.Level.Trace;
- }
-
- // A mock request object.
- function MockRESTRequest(url) {};
- MockRESTRequest.prototype = {
- _log: requestLog,
- setHeader: function() {},
- get: function(callback) {
- this.response = response;
- callback.call(this);
- }
- }
- // The mocked TokenServer client which will get the response.
- function MockTSC() { }
- MockTSC.prototype = new TokenServerClient();
- MockTSC.prototype.constructor = MockTSC;
- MockTSC.prototype.newRESTRequest = function(url) {
- return new MockRESTRequest(url);
- }
- // Arrange for the same observerPrefix as browserid_identity uses.
- MockTSC.prototype.observerPrefix = "weave:service";
-
- // tie it all together.
- Weave.Status.__authManager = Weave.Service.identity = new BrowserIDManager();
- Weave.Service._clusterManager = Weave.Service.identity.createClusterManager(Weave.Service);
- let browseridManager = Weave.Service.identity;
- // a sanity check
- if (!(browseridManager instanceof BrowserIDManager)) {
- throw new Error("sync isn't configured for browserid_identity");
- }
- let mockTSC = new MockTSC()
- configureFxAccountIdentity(browseridManager);
- browseridManager._tokenServerClient = mockTSC;
-}
diff --git a/services/sync/modules-testing/utils.js b/services/sync/modules-testing/utils.js index fc14f2fbd..64c9b163d 100644 --- a/services/sync/modules-testing/utils.js +++ b/services/sync/modules-testing/utils.js @@ -28,8 +28,6 @@ Cu.import("resource://services-sync/util.js"); Cu.import("resource://services-sync/browserid_identity.js"); Cu.import("resource://testing-common/services/common/logging.js"); Cu.import("resource://testing-common/services/sync/fakeservices.js"); -Cu.import("resource://gre/modules/FxAccounts.jsm"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); Cu.import("resource://gre/modules/Promise.jsm"); /** @@ -77,27 +75,8 @@ this.setBasicCredentials = this.makeIdentityConfig = function(overrides) { // first setup the defaults. let result = { - // Username used in both fxaccount and sync identity configs. + // Username used in sync identity config. username: "foo", - // fxaccount specific credentials. - fxaccount: { - user: { - assertion: 'assertion', - email: 'email', - kA: 'kA', - kB: 'kB', - sessionToken: 'sessionToken', - uid: 'user_uid', - verified: true, - }, - token: { - endpoint: Svc.Prefs.get("tokenServerURI"), - duration: 300, - id: "id", - key: "key", - // uid will be set to the username. - } - }, sync: { // username will come from the top-level username password: "whatever", @@ -114,64 +93,15 @@ this.makeIdentityConfig = function(overrides) { // TODO: allow just some attributes to be specified result.sync = overrides.sync; } - if (overrides.fxaccount) { - // TODO: allow just some attributes to be specified - result.fxaccount = overrides.fxaccount; - } } return result; } -// Configure an instance of an FxAccount identity provider with the specified -// config (or the default config if not specified). -this.configureFxAccountIdentity = function(authService, - config = makeIdentityConfig()) { - let MockInternal = {}; - let fxa = new FxAccounts(MockInternal); - - // until we get better test infrastructure for bid_identity, we set the - // signedin user's "email" to the username, simply as many tests rely on this. - config.fxaccount.user.email = config.username; - fxa.internal.currentAccountState.signedInUser = { - version: DATA_FORMAT_VERSION, - accountData: config.fxaccount.user - }; - fxa.internal.currentAccountState.getCertificate = function(data, keyPair, mustBeValidUntil) { - this.cert = { - validUntil: fxa.internal.now() + CERT_LIFETIME, - cert: "certificate", - }; - return Promise.resolve(this.cert.cert); - }; - - let mockTSC = { // TokenServerClient - getTokenFromBrowserIDAssertion: function(uri, assertion, cb) { - config.fxaccount.token.uid = config.username; - cb(null, config.fxaccount.token); - }, - }; - authService._fxaService = fxa; - authService._tokenServerClient = mockTSC; - // Set the "account" of the browserId manager to be the "email" of the - // logged in user of the mockFXA service. - authService._signedInUser = fxa.internal.currentAccountState.signedInUser.accountData; - authService._account = config.fxaccount.user.email; -} - this.configureIdentity = function(identityOverrides) { let config = makeIdentityConfig(identityOverrides); let ns = {}; Cu.import("resource://services-sync/service.js", ns); - if (ns.Service.identity instanceof BrowserIDManager) { - // do the FxAccounts thang... - configureFxAccountIdentity(ns.Service.identity, config); - return ns.Service.identity.initializeWithCurrentIdentity().then(() => { - // need to wait until this identity manager is readyToAuthenticate. - return ns.Service.identity.whenReadyToAuthenticate.promise; - }); - } - // old style identity provider. setBasicCredentials(config.username, config.sync.password, config.sync.syncKey); let deferred = Promise.defer(); deferred.resolve(); @@ -184,7 +114,6 @@ this.SyncTestingInfrastructure = function (server, username, password, syncKey) ensureLegacyIdentityManager(); let config = makeIdentityConfig(); - // XXX - hacks for the sync identity provider. if (username) config.username = username; if (password) @@ -223,10 +152,10 @@ this.encryptPayload = function encryptPayload(cleartext) { }; } -// This helper can be used instead of 'add_test' or 'add_task' to run the +// This helper was used instead of 'add_test' or 'add_task' to run the // specified test function twice - once with the old-style sync identity // manager and once with the new-style BrowserID identity manager, to ensure -// it works in both cases. +// it worked in both cases. Currently it's equal to just one. XXX: cleanup? // // * The test itself should be passed as 'test' - ie, test code will generally // pass |this|. @@ -248,12 +177,4 @@ this.add_identity_test = function(test, testFunction) { yield testFunction(); Status.__authManager = ns.Service.identity = oldIdentity; }); - // another task for the FxAccounts identity manager. - test.add_task(function() { - note("FxAccounts"); - let oldIdentity = Status._authManager; - Status.__authManager = ns.Service.identity = new BrowserIDManager(); - yield testFunction(); - Status.__authManager = ns.Service.identity = oldIdentity; - }); } diff --git a/services/sync/modules/util.js b/services/sync/modules/util.js index 12496d23a..7fd5a7971 100644 --- a/services/sync/modules/util.js +++ b/services/sync/modules/util.js @@ -19,13 +19,6 @@ Cu.import("resource://gre/modules/XPCOMUtils.jsm", this); Cu.import("resource://gre/modules/osfile.jsm", this); Cu.import("resource://gre/modules/Task.jsm", this); -// FxAccountsCommon.js doesn't use a "namespace", so create one here. -XPCOMUtils.defineLazyGetter(this, "FxAccountsCommon", function() { - let FxAccountsCommon = {}; - Cu.import("resource://gre/modules/FxAccountsCommon.js", FxAccountsCommon); - return FxAccountsCommon; -}); - /* * Utility functions */ @@ -599,9 +592,6 @@ this.Utils = { */ getSyncCredentialsHosts: function() { let result = new Set(this.getSyncCredentialsHostsLegacy()); - for (let host of this.getSyncCredentialsHostsFxA()) { - result.add(host); - } return result; }, @@ -613,36 +603,6 @@ this.Utils = { return new Set([PWDMGR_HOST]); }, - /* - * Get the FxA identity hosts. - */ - getSyncCredentialsHostsFxA: function() { - // This is somewhat expensive and the result static, so we cache the result. - if (this._syncCredentialsHostsFxA) { - return this._syncCredentialsHostsFxA; - } - let result = new Set(); - // the FxA host - result.add(FxAccountsCommon.FXA_PWDMGR_HOST); - // - // The FxA hosts - these almost certainly all have the same hostname, but - // better safe than sorry... - for (let prefName of ["identity.fxaccounts.remote.force_auth.uri", - "identity.fxaccounts.remote.signup.uri", - "identity.fxaccounts.remote.signin.uri", - "identity.fxaccounts.settings.uri"]) { - let prefVal; - try { - prefVal = Services.prefs.getCharPref(prefName); - } catch (_) { - continue; - } - let uri = Services.io.newURI(prefVal, null, null); - result.add(uri.prePath); - } - return this._syncCredentialsHostsFxA = result; - }, - getDefaultDeviceName() { // Generate a client name if we don't have a useful one yet let env = Cc["@mozilla.org/process/environment;1"] diff --git a/services/sync/moz.build b/services/sync/moz.build index ceb4eb502..56421a03e 100644 --- a/services/sync/moz.build +++ b/services/sync/moz.build @@ -54,7 +54,6 @@ EXTRA_JS_MODULES['services-sync'].stages += [ TESTING_JS_MODULES.services.sync += [ 'modules-testing/fakeservices.js', - 'modules-testing/fxa_utils.js', 'modules-testing/rotaryengine.js', 'modules-testing/utils.js', ] diff --git a/services/sync/tests/unit/test_browserid_identity.js b/services/sync/tests/unit/test_browserid_identity.js deleted file mode 100644 index f3cde9f8f..000000000 --- a/services/sync/tests/unit/test_browserid_identity.js +++ /dev/null @@ -1,682 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - * http://creativecommons.org/publicdomain/zero/1.0/ */ - -Cu.import("resource://gre/modules/FxAccounts.jsm"); -Cu.import("resource://services-sync/browserid_identity.js"); -Cu.import("resource://services-sync/rest.js"); -Cu.import("resource://services-sync/util.js"); -Cu.import("resource://services-common/utils.js"); -Cu.import("resource://services-crypto/utils.js"); -Cu.import("resource://testing-common/services/sync/utils.js"); -Cu.import("resource://testing-common/services/sync/fxa_utils.js"); -Cu.import("resource://services-common/hawkclient.js"); -Cu.import("resource://gre/modules/FxAccounts.jsm"); -Cu.import("resource://gre/modules/FxAccountsClient.jsm"); -Cu.import("resource://gre/modules/FxAccountsCommon.js"); -Cu.import("resource://services-sync/service.js"); -Cu.import("resource://services-sync/status.js"); -Cu.import("resource://services-sync/constants.js"); - -const SECOND_MS = 1000; -const MINUTE_MS = SECOND_MS * 60; -const HOUR_MS = MINUTE_MS * 60; - -let identityConfig = makeIdentityConfig(); -let browseridManager = new BrowserIDManager(); -configureFxAccountIdentity(browseridManager, identityConfig); - -/** - * Mock client clock and skew vs server in FxAccounts signed-in user module and - * API client. browserid_identity.js queries these values to construct HAWK - * headers. We will use this to test clock skew compensation in these headers - * below. - */ -let MockFxAccountsClient = function() { - FxAccountsClient.apply(this); -}; -MockFxAccountsClient.prototype = { - __proto__: FxAccountsClient.prototype -}; - -function MockFxAccounts() { - let fxa = new FxAccounts({ - _now_is: Date.now(), - - now: function () { - return this._now_is; - }, - - fxAccountsClient: new MockFxAccountsClient() - }); - fxa.internal.currentAccountState.getCertificate = function(data, keyPair, mustBeValidUntil) { - this.cert = { - validUntil: fxa.internal.now() + CERT_LIFETIME, - cert: "certificate", - }; - return Promise.resolve(this.cert.cert); - }; - return fxa; -} - -function run_test() { - initTestLogging("Trace"); - Log.repository.getLogger("Sync.Identity").level = Log.Level.Trace; - Log.repository.getLogger("Sync.BrowserIDManager").level = Log.Level.Trace; - run_next_test(); -}; - -add_test(function test_initial_state() { - _("Verify initial state"); - do_check_false(!!browseridManager._token); - do_check_false(browseridManager.hasValidToken()); - run_next_test(); - } -); - -add_task(function test_initialializeWithCurrentIdentity() { - _("Verify start after initializeWithCurrentIdentity"); - browseridManager.initializeWithCurrentIdentity(); - yield browseridManager.whenReadyToAuthenticate.promise; - do_check_true(!!browseridManager._token); - do_check_true(browseridManager.hasValidToken()); - do_check_eq(browseridManager.account, identityConfig.fxaccount.user.email); - } -); - -add_task(function test_initialializeWithNoKeys() { - _("Verify start after initializeWithCurrentIdentity without kA, kB or keyFetchToken"); - let identityConfig = makeIdentityConfig(); - delete identityConfig.fxaccount.user.kA; - delete identityConfig.fxaccount.user.kB; - // there's no keyFetchToken by default, so the initialize should fail. - configureFxAccountIdentity(browseridManager, identityConfig); - - yield browseridManager.initializeWithCurrentIdentity(); - yield browseridManager.whenReadyToAuthenticate.promise; - do_check_eq(Status.login, LOGIN_SUCCEEDED, "login succeeded even without keys"); - do_check_false(browseridManager._canFetchKeys(), "_canFetchKeys reflects lack of keys"); - do_check_eq(browseridManager._token, null, "we don't have a token"); -}); - -add_test(function test_getResourceAuthenticator() { - _("BrowserIDManager supplies a Resource Authenticator callback which returns a Hawk header."); - configureFxAccountIdentity(browseridManager); - let authenticator = browseridManager.getResourceAuthenticator(); - do_check_true(!!authenticator); - let req = {uri: CommonUtils.makeURI( - "https://example.net/somewhere/over/the/rainbow"), - method: 'GET'}; - let output = authenticator(req, 'GET'); - do_check_true('headers' in output); - do_check_true('authorization' in output.headers); - do_check_true(output.headers.authorization.startsWith('Hawk')); - _("Expected internal state after successful call."); - do_check_eq(browseridManager._token.uid, identityConfig.fxaccount.token.uid); - run_next_test(); - } -); - -add_test(function test_getRESTRequestAuthenticator() { - _("BrowserIDManager supplies a REST Request Authenticator callback which sets a Hawk header on a request object."); - let request = new SyncStorageRequest( - "https://example.net/somewhere/over/the/rainbow"); - let authenticator = browseridManager.getRESTRequestAuthenticator(); - do_check_true(!!authenticator); - let output = authenticator(request, 'GET'); - do_check_eq(request.uri, output.uri); - do_check_true(output._headers.authorization.startsWith('Hawk')); - do_check_true(output._headers.authorization.includes('nonce')); - do_check_true(browseridManager.hasValidToken()); - run_next_test(); - } -); - -add_test(function test_resourceAuthenticatorSkew() { - _("BrowserIDManager Resource Authenticator compensates for clock skew in Hawk header."); - - // Clock is skewed 12 hours into the future - // We pick a date in the past so we don't risk concealing bugs in code that - // uses new Date() instead of our given date. - let now = new Date("Fri Apr 09 2004 00:00:00 GMT-0700").valueOf() + 12 * HOUR_MS; - let browseridManager = new BrowserIDManager(); - let hawkClient = new HawkClient("https://example.net/v1", "/foo"); - - // mock fxa hawk client skew - hawkClient.now = function() { - dump("mocked client now: " + now + '\n'); - return now; - } - // Imagine there's already been one fxa request and the hawk client has - // already detected skew vs the fxa auth server. - let localtimeOffsetMsec = -1 * 12 * HOUR_MS; - hawkClient._localtimeOffsetMsec = localtimeOffsetMsec; - - let fxaClient = new MockFxAccountsClient(); - fxaClient.hawk = hawkClient; - - // Sanity check - do_check_eq(hawkClient.now(), now); - do_check_eq(hawkClient.localtimeOffsetMsec, localtimeOffsetMsec); - - // Properly picked up by the client - do_check_eq(fxaClient.now(), now); - do_check_eq(fxaClient.localtimeOffsetMsec, localtimeOffsetMsec); - - let fxa = new MockFxAccounts(); - fxa.internal._now_is = now; - fxa.internal.fxAccountsClient = fxaClient; - - // Picked up by the signed-in user module - do_check_eq(fxa.internal.now(), now); - do_check_eq(fxa.internal.localtimeOffsetMsec, localtimeOffsetMsec); - - do_check_eq(fxa.now(), now); - do_check_eq(fxa.localtimeOffsetMsec, localtimeOffsetMsec); - - // Mocks within mocks... - configureFxAccountIdentity(browseridManager, identityConfig); - - // Ensure the new FxAccounts mock has a signed-in user. - fxa.internal.currentAccountState.signedInUser = browseridManager._fxaService.internal.currentAccountState.signedInUser; - - browseridManager._fxaService = fxa; - - do_check_eq(browseridManager._fxaService.internal.now(), now); - do_check_eq(browseridManager._fxaService.internal.localtimeOffsetMsec, - localtimeOffsetMsec); - - do_check_eq(browseridManager._fxaService.now(), now); - do_check_eq(browseridManager._fxaService.localtimeOffsetMsec, - localtimeOffsetMsec); - - let request = new SyncStorageRequest("https://example.net/i/like/pie/"); - let authenticator = browseridManager.getResourceAuthenticator(); - let output = authenticator(request, 'GET'); - dump("output" + JSON.stringify(output)); - let authHeader = output.headers.authorization; - do_check_true(authHeader.startsWith('Hawk')); - - // Skew correction is applied in the header and we're within the two-minute - // window. - do_check_eq(getTimestamp(authHeader), now - 12 * HOUR_MS); - do_check_true( - (getTimestampDelta(authHeader, now) - 12 * HOUR_MS) < 2 * MINUTE_MS); - - run_next_test(); -}); - -add_test(function test_RESTResourceAuthenticatorSkew() { - _("BrowserIDManager REST Resource Authenticator compensates for clock skew in Hawk header."); - - // Clock is skewed 12 hours into the future from our arbitary date - let now = new Date("Fri Apr 09 2004 00:00:00 GMT-0700").valueOf() + 12 * HOUR_MS; - let browseridManager = new BrowserIDManager(); - let hawkClient = new HawkClient("https://example.net/v1", "/foo"); - - // mock fxa hawk client skew - hawkClient.now = function() { - return now; - } - // Imagine there's already been one fxa request and the hawk client has - // already detected skew vs the fxa auth server. - hawkClient._localtimeOffsetMsec = -1 * 12 * HOUR_MS; - - let fxaClient = new MockFxAccountsClient(); - fxaClient.hawk = hawkClient; - let fxa = new MockFxAccounts(); - fxa.internal._now_is = now; - fxa.internal.fxAccountsClient = fxaClient; - - configureFxAccountIdentity(browseridManager, identityConfig); - - // Ensure the new FxAccounts mock has a signed-in user. - fxa.internal.currentAccountState.signedInUser = browseridManager._fxaService.internal.currentAccountState.signedInUser; - - browseridManager._fxaService = fxa; - - do_check_eq(browseridManager._fxaService.internal.now(), now); - - let request = new SyncStorageRequest("https://example.net/i/like/pie/"); - let authenticator = browseridManager.getResourceAuthenticator(); - let output = authenticator(request, 'GET'); - dump("output" + JSON.stringify(output)); - let authHeader = output.headers.authorization; - do_check_true(authHeader.startsWith('Hawk')); - - // Skew correction is applied in the header and we're within the two-minute - // window. - do_check_eq(getTimestamp(authHeader), now - 12 * HOUR_MS); - do_check_true( - (getTimestampDelta(authHeader, now) - 12 * HOUR_MS) < 2 * MINUTE_MS); - - run_next_test(); -}); - -add_task(function test_ensureLoggedIn() { - configureFxAccountIdentity(browseridManager); - yield browseridManager.initializeWithCurrentIdentity(); - yield browseridManager.whenReadyToAuthenticate.promise; - Assert.equal(Status.login, LOGIN_SUCCEEDED, "original initialize worked"); - yield browseridManager.ensureLoggedIn(); - Assert.equal(Status.login, LOGIN_SUCCEEDED, "original ensureLoggedIn worked"); - Assert.ok(browseridManager._shouldHaveSyncKeyBundle, - "_shouldHaveSyncKeyBundle should always be true after ensureLogin completes."); - - // arrange for no logged in user. - let fxa = browseridManager._fxaService - let signedInUser = fxa.internal.currentAccountState.signedInUser; - fxa.internal.currentAccountState.signedInUser = null; - browseridManager.initializeWithCurrentIdentity(); - Assert.ok(!browseridManager._shouldHaveSyncKeyBundle, - "_shouldHaveSyncKeyBundle should be false so we know we are testing what we think we are."); - Status.login = LOGIN_FAILED_NO_USERNAME; - yield Assert.rejects(browseridManager.ensureLoggedIn(), "expecting rejection due to no user"); - Assert.ok(browseridManager._shouldHaveSyncKeyBundle, - "_shouldHaveSyncKeyBundle should always be true after ensureLogin completes."); - fxa.internal.currentAccountState.signedInUser = signedInUser; - Status.login = LOGIN_FAILED_LOGIN_REJECTED; - yield Assert.rejects(browseridManager.ensureLoggedIn(), - "LOGIN_FAILED_LOGIN_REJECTED should have caused immediate rejection"); - Assert.equal(Status.login, LOGIN_FAILED_LOGIN_REJECTED, - "status should remain LOGIN_FAILED_LOGIN_REJECTED"); - Status.login = LOGIN_FAILED_NETWORK_ERROR; - yield browseridManager.ensureLoggedIn(); - Assert.equal(Status.login, LOGIN_SUCCEEDED, "final ensureLoggedIn worked"); -}); - -add_test(function test_tokenExpiration() { - _("BrowserIDManager notices token expiration:"); - let bimExp = new BrowserIDManager(); - configureFxAccountIdentity(bimExp, identityConfig); - - let authenticator = bimExp.getResourceAuthenticator(); - do_check_true(!!authenticator); - let req = {uri: CommonUtils.makeURI( - "https://example.net/somewhere/over/the/rainbow"), - method: 'GET'}; - authenticator(req, 'GET'); - - // Mock the clock. - _("Forcing the token to expire ..."); - Object.defineProperty(bimExp, "_now", { - value: function customNow() { - return (Date.now() + 3000001); - }, - writable: true, - }); - do_check_true(bimExp._token.expiration < bimExp._now()); - _("... means BrowserIDManager knows to re-fetch it on the next call."); - do_check_false(bimExp.hasValidToken()); - run_next_test(); - } -); - -add_test(function test_sha256() { - // Test vectors from http://www.bichlmeier.info/sha256test.html - let vectors = [ - ["", - "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"], - ["abc", - "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"], - ["message digest", - "f7846f55cf23e14eebeab5b4e1550cad5b509e3348fbc4efa3a1413d393cb650"], - ["secure hash algorithm", - "f30ceb2bb2829e79e4ca9753d35a8ecc00262d164cc077080295381cbd643f0d"], - ["SHA256 is considered to be safe", - "6819d915c73f4d1e77e4e1b52d1fa0f9cf9beaead3939f15874bd988e2a23630"], - ["abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1"], - ["For this sample, this 63-byte string will be used as input data", - "f08a78cbbaee082b052ae0708f32fa1e50c5c421aa772ba5dbb406a2ea6be342"], - ["This is exactly 64 bytes long, not counting the terminating byte", - "ab64eff7e88e2e46165e29f2bce41826bd4c7b3552f6b382a9e7d3af47c245f8"] - ]; - let bidUser = new BrowserIDManager(); - for (let [input,output] of vectors) { - do_check_eq(CommonUtils.bytesAsHex(bidUser._sha256(input)), output); - } - run_next_test(); -}); - -add_test(function test_computeXClientStateHeader() { - let kBhex = "fd5c747806c07ce0b9d69dcfea144663e630b65ec4963596a22f24910d7dd15d"; - let kB = CommonUtils.hexToBytes(kBhex); - - let bidUser = new BrowserIDManager(); - let header = bidUser._computeXClientState(kB); - - do_check_eq(header, "6ae94683571c7a7c54dab4700aa3995f"); - run_next_test(); -}); - -add_task(function test_getTokenErrors() { - _("BrowserIDManager correctly handles various failures to get a token."); - - _("Arrange for a 401 - Sync should reflect an auth error."); - initializeIdentityWithTokenServerResponse({ - status: 401, - headers: {"content-type": "application/json"}, - body: JSON.stringify({}), - }); - let browseridManager = Service.identity; - - yield browseridManager.initializeWithCurrentIdentity(); - yield Assert.rejects(browseridManager.whenReadyToAuthenticate.promise, - "should reject due to 401"); - Assert.equal(Status.login, LOGIN_FAILED_LOGIN_REJECTED, "login was rejected"); - - // XXX - other interesting responses to return? - - // And for good measure, some totally "unexpected" errors - we generally - // assume these problems are going to magically go away at some point. - _("Arrange for an empty body with a 200 response - should reflect a network error."); - initializeIdentityWithTokenServerResponse({ - status: 200, - headers: [], - body: "", - }); - browseridManager = Service.identity; - yield browseridManager.initializeWithCurrentIdentity(); - yield Assert.rejects(browseridManager.whenReadyToAuthenticate.promise, - "should reject due to non-JSON response"); - Assert.equal(Status.login, LOGIN_FAILED_NETWORK_ERROR, "login state is LOGIN_FAILED_NETWORK_ERROR"); -}); - -add_task(function test_getTokenErrorWithRetry() { - _("tokenserver sends an observer notification on various backoff headers."); - - // Set Sync's backoffInterval to zero - after we simulated the backoff header - // it should reflect the value we sent. - Status.backoffInterval = 0; - _("Arrange for a 503 with a Retry-After header."); - initializeIdentityWithTokenServerResponse({ - status: 503, - headers: {"content-type": "application/json", - "retry-after": "100"}, - body: JSON.stringify({}), - }); - let browseridManager = Service.identity; - - yield browseridManager.initializeWithCurrentIdentity(); - yield Assert.rejects(browseridManager.whenReadyToAuthenticate.promise, - "should reject due to 503"); - - // The observer should have fired - check it got the value in the response. - Assert.equal(Status.login, LOGIN_FAILED_NETWORK_ERROR, "login was rejected"); - // Sync will have the value in ms with some slop - so check it is at least that. - Assert.ok(Status.backoffInterval >= 100000); - - _("Arrange for a 200 with an X-Backoff header."); - Status.backoffInterval = 0; - initializeIdentityWithTokenServerResponse({ - status: 503, - headers: {"content-type": "application/json", - "x-backoff": "200"}, - body: JSON.stringify({}), - }); - browseridManager = Service.identity; - - yield browseridManager.initializeWithCurrentIdentity(); - yield Assert.rejects(browseridManager.whenReadyToAuthenticate.promise, - "should reject due to no token in response"); - - // The observer should have fired - check it got the value in the response. - Assert.ok(Status.backoffInterval >= 200000); -}); - -add_task(function test_getKeysErrorWithBackoff() { - _("Auth server (via hawk) sends an observer notification on backoff headers."); - - // Set Sync's backoffInterval to zero - after we simulated the backoff header - // it should reflect the value we sent. - Status.backoffInterval = 0; - _("Arrange for a 503 with a X-Backoff header."); - - let config = makeIdentityConfig(); - // We want no kA or kB so we attempt to fetch them. - delete config.fxaccount.user.kA; - delete config.fxaccount.user.kB; - config.fxaccount.user.keyFetchToken = "keyfetchtoken"; - yield initializeIdentityWithHAWKResponseFactory(config, function(method, data, uri) { - Assert.equal(method, "get"); - Assert.equal(uri, "http://mockedserver:9999/account/keys") - return { - status: 503, - headers: {"content-type": "application/json", - "x-backoff": "100"}, - body: "{}", - } - }); - - let browseridManager = Service.identity; - yield Assert.rejects(browseridManager.whenReadyToAuthenticate.promise, - "should reject due to 503"); - - // The observer should have fired - check it got the value in the response. - Assert.equal(Status.login, LOGIN_FAILED_NETWORK_ERROR, "login was rejected"); - // Sync will have the value in ms with some slop - so check it is at least that. - Assert.ok(Status.backoffInterval >= 100000); -}); - -add_task(function test_getKeysErrorWithRetry() { - _("Auth server (via hawk) sends an observer notification on retry headers."); - - // Set Sync's backoffInterval to zero - after we simulated the backoff header - // it should reflect the value we sent. - Status.backoffInterval = 0; - _("Arrange for a 503 with a Retry-After header."); - - let config = makeIdentityConfig(); - // We want no kA or kB so we attempt to fetch them. - delete config.fxaccount.user.kA; - delete config.fxaccount.user.kB; - config.fxaccount.user.keyFetchToken = "keyfetchtoken"; - yield initializeIdentityWithHAWKResponseFactory(config, function(method, data, uri) { - Assert.equal(method, "get"); - Assert.equal(uri, "http://mockedserver:9999/account/keys") - return { - status: 503, - headers: {"content-type": "application/json", - "retry-after": "100"}, - body: "{}", - } - }); - - let browseridManager = Service.identity; - yield Assert.rejects(browseridManager.whenReadyToAuthenticate.promise, - "should reject due to 503"); - - // The observer should have fired - check it got the value in the response. - Assert.equal(Status.login, LOGIN_FAILED_NETWORK_ERROR, "login was rejected"); - // Sync will have the value in ms with some slop - so check it is at least that. - Assert.ok(Status.backoffInterval >= 100000); -}); - -add_task(function test_getHAWKErrors() { - _("BrowserIDManager correctly handles various HAWK failures."); - - _("Arrange for a 401 - Sync should reflect an auth error."); - let config = makeIdentityConfig(); - yield initializeIdentityWithHAWKResponseFactory(config, function(method, data, uri) { - Assert.equal(method, "post"); - Assert.equal(uri, "http://mockedserver:9999/certificate/sign") - return { - status: 401, - headers: {"content-type": "application/json"}, - body: JSON.stringify({}), - } - }); - Assert.equal(Status.login, LOGIN_FAILED_LOGIN_REJECTED, "login was rejected"); - - // XXX - other interesting responses to return? - - // And for good measure, some totally "unexpected" errors - we generally - // assume these problems are going to magically go away at some point. - _("Arrange for an empty body with a 200 response - should reflect a network error."); - yield initializeIdentityWithHAWKResponseFactory(config, function(method, data, uri) { - Assert.equal(method, "post"); - Assert.equal(uri, "http://mockedserver:9999/certificate/sign") - return { - status: 200, - headers: [], - body: "", - } - }); - Assert.equal(Status.login, LOGIN_FAILED_NETWORK_ERROR, "login state is LOGIN_FAILED_NETWORK_ERROR"); -}); - -add_task(function test_getGetKeysFailing401() { - _("BrowserIDManager correctly handles 401 responses fetching keys."); - - _("Arrange for a 401 - Sync should reflect an auth error."); - let config = makeIdentityConfig(); - // We want no kA or kB so we attempt to fetch them. - delete config.fxaccount.user.kA; - delete config.fxaccount.user.kB; - config.fxaccount.user.keyFetchToken = "keyfetchtoken"; - yield initializeIdentityWithHAWKResponseFactory(config, function(method, data, uri) { - Assert.equal(method, "get"); - Assert.equal(uri, "http://mockedserver:9999/account/keys") - return { - status: 401, - headers: {"content-type": "application/json"}, - body: "{}", - } - }); - Assert.equal(Status.login, LOGIN_FAILED_LOGIN_REJECTED, "login was rejected"); -}); - -add_task(function test_getGetKeysFailing503() { - _("BrowserIDManager correctly handles 5XX responses fetching keys."); - - _("Arrange for a 503 - Sync should reflect a network error."); - let config = makeIdentityConfig(); - // We want no kA or kB so we attempt to fetch them. - delete config.fxaccount.user.kA; - delete config.fxaccount.user.kB; - config.fxaccount.user.keyFetchToken = "keyfetchtoken"; - yield initializeIdentityWithHAWKResponseFactory(config, function(method, data, uri) { - Assert.equal(method, "get"); - Assert.equal(uri, "http://mockedserver:9999/account/keys") - return { - status: 503, - headers: {"content-type": "application/json"}, - body: "{}", - } - }); - Assert.equal(Status.login, LOGIN_FAILED_NETWORK_ERROR, "state reflects network error"); -}); - -add_task(function test_getKeysMissing() { - _("BrowserIDManager correctly handles getKeys succeeding but not returning keys."); - - let browseridManager = new BrowserIDManager(); - let identityConfig = makeIdentityConfig(); - // our mock identity config already has kA and kB - remove them or we never - // try and fetch them. - delete identityConfig.fxaccount.user.kA; - delete identityConfig.fxaccount.user.kB; - identityConfig.fxaccount.user.keyFetchToken = 'keyFetchToken'; - - configureFxAccountIdentity(browseridManager, identityConfig); - - // Mock a fxAccounts object that returns no keys - let fxa = new FxAccounts({ - fetchAndUnwrapKeys: function () { - return Promise.resolve({}); - }, - fxAccountsClient: new MockFxAccountsClient() - }); - - // Add a mock to the currentAccountState object. - fxa.internal.currentAccountState.getCertificate = function(data, keyPair, mustBeValidUntil) { - this.cert = { - validUntil: fxa.internal.now() + CERT_LIFETIME, - cert: "certificate", - }; - return Promise.resolve(this.cert.cert); - }; - - // Ensure the new FxAccounts mock has a signed-in user. - fxa.internal.currentAccountState.signedInUser = browseridManager._fxaService.internal.currentAccountState.signedInUser; - - browseridManager._fxaService = fxa; - - yield browseridManager.initializeWithCurrentIdentity(); - - let ex; - try { - yield browseridManager.whenReadyToAuthenticate.promise; - } catch (e) { - ex = e; - } - - Assert.ok(ex.message.indexOf("missing kA or kB") >= 0); -}); - -// End of tests -// Utility functions follow - -// Create a new browserid_identity object and initialize it with a -// hawk mock that simulates HTTP responses. -// The callback function will be called each time the mocked hawk server wants -// to make a request. The result of the callback should be the mock response -// object that will be returned to hawk. -// A token server mock will be used that doesn't hit a server, so we move -// directly to a hawk request. -function* initializeIdentityWithHAWKResponseFactory(config, cbGetResponse) { - // A mock request object. - function MockRESTRequest(uri, credentials, extra) { - this._uri = uri; - this._credentials = credentials; - this._extra = extra; - }; - MockRESTRequest.prototype = { - setHeader: function() {}, - post: function(data, callback) { - this.response = cbGetResponse("post", data, this._uri, this._credentials, this._extra); - callback.call(this); - }, - get: function(callback) { - this.response = cbGetResponse("get", null, this._uri, this._credentials, this._extra); - callback.call(this); - } - } - - // The hawk client. - function MockedHawkClient() {} - MockedHawkClient.prototype = new HawkClient("http://mockedserver:9999"); - MockedHawkClient.prototype.constructor = MockedHawkClient; - MockedHawkClient.prototype.newHAWKAuthenticatedRESTRequest = function(uri, credentials, extra) { - return new MockRESTRequest(uri, credentials, extra); - } - // Arrange for the same observerPrefix as FxAccountsClient uses - MockedHawkClient.prototype.observerPrefix = "FxA:hawk"; - - // tie it all together - configureFxAccountIdentity isn't useful here :( - let fxaClient = new MockFxAccountsClient(); - fxaClient.hawk = new MockedHawkClient(); - let internal = { - fxAccountsClient: fxaClient, - } - let fxa = new FxAccounts(internal); - fxa.internal.currentAccountState.signedInUser = { - accountData: config.fxaccount.user, - }; - - browseridManager._fxaService = fxa; - browseridManager._signedInUser = null; - yield browseridManager.initializeWithCurrentIdentity(); - yield Assert.rejects(browseridManager.whenReadyToAuthenticate.promise, - "expecting rejection due to hawk error"); -} - - -function getTimestamp(hawkAuthHeader) { - return parseInt(/ts="(\d+)"/.exec(hawkAuthHeader)[1], 10) * SECOND_MS; -} - -function getTimestampDelta(hawkAuthHeader, now=Date.now()) { - return Math.abs(getTimestamp(hawkAuthHeader) - now); -} - diff --git a/services/sync/tests/unit/test_errorhandler.js b/services/sync/tests/unit/test_errorhandler.js index c087acc9f..25d79002c 100644 --- a/services/sync/tests/unit/test_errorhandler.js +++ b/services/sync/tests/unit/test_errorhandler.js @@ -486,8 +486,6 @@ add_identity_test(this, function test_shouldReportLoginFailureWithNoCluster() { do_check_false(errorHandler.shouldReportError()); }); -// XXX - how to arrange for 'Service.identity.basicPassword = null;' in -// an fxaccounts environment? add_task(function test_login_syncAndReportErrors_non_network_error() { // Test non-network errors are reported // when calling syncAndReportErrors @@ -536,8 +534,6 @@ add_identity_test(this, function test_sync_syncAndReportErrors_non_network_error yield deferred.promise; }); -// XXX - how to arrange for 'Service.identity.basicPassword = null;' in -// an fxaccounts environment? add_task(function test_login_syncAndReportErrors_prolonged_non_network_error() { // Test prolonged, non-network errors are // reported when calling syncAndReportErrors. diff --git a/services/sync/tests/unit/test_load_modules.js b/services/sync/tests/unit/test_load_modules.js index 4f561bae6..8e3fcf1f3 100644 --- a/services/sync/tests/unit/test_load_modules.js +++ b/services/sync/tests/unit/test_load_modules.js @@ -37,7 +37,6 @@ const testingModules = [ "fakeservices.js", "rotaryengine.js", "utils.js", - "fxa_utils.js", ]; function run_test() { diff --git a/services/sync/tests/unit/xpcshell.ini b/services/sync/tests/unit/xpcshell.ini index 28424129b..2f9884751 100644 --- a/services/sync/tests/unit/xpcshell.ini +++ b/services/sync/tests/unit/xpcshell.ini @@ -50,7 +50,6 @@ skip-if = os == "win" || os == "android" [test_syncstoragerequest.js] # Generic Sync types. -[test_browserid_identity.js] [test_collection_inc_get.js] [test_collections_recovery.js] [test_identity_manager.js] diff --git a/services/sync/tps/extensions/tps/resource/auth/fxaccounts.jsm b/services/sync/tps/extensions/tps/resource/auth/fxaccounts.jsm deleted file mode 100644 index f5daa14be..000000000 --- a/services/sync/tps/extensions/tps/resource/auth/fxaccounts.jsm +++ /dev/null @@ -1,96 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ - -"use strict"; - -this.EXPORTED_SYMBOLS = [ - "Authentication", -]; - -const {classes: Cc, interfaces: Ci, utils: Cu} = Components; - -Cu.import("resource://gre/modules/FxAccounts.jsm"); -Cu.import("resource://gre/modules/FxAccountsClient.jsm"); -Cu.import("resource://services-common/async.js"); -Cu.import("resource://services-sync/main.js"); -Cu.import("resource://tps/logger.jsm"); - - -/** - * Helper object for Firefox Accounts authentication - */ -var Authentication = { - - /** - * Check if an user has been logged in - */ - get isLoggedIn() { - return !!this.getSignedInUser(); - }, - - /** - * Wrapper to retrieve the currently signed in user - * - * @returns Information about the currently signed in user - */ - getSignedInUser: function getSignedInUser() { - let cb = Async.makeSpinningCallback(); - - fxAccounts.getSignedInUser().then(user => { - cb(null, user); - }, error => { - cb(error); - }) - - try { - return cb.wait(); - } catch (error) { - Logger.logError("getSignedInUser() failed with: " + JSON.stringify(error)); - throw error; - } - }, - - /** - * Wrapper to synchronize the login of a user - * - * @param account - * Account information of the user to login - * @param account.username - * The username for the account (utf8) - * @param account.password - * The user's password - */ - signIn: function signIn(account) { - let cb = Async.makeSpinningCallback(); - - Logger.AssertTrue(account["username"], "Username has been found"); - Logger.AssertTrue(account["password"], "Password has been found"); - - Logger.logInfo("Login user: " + account["username"] + '\n'); - - let client = new FxAccountsClient(); - client.signIn(account["username"], account["password"], true).then(credentials => { - return fxAccounts.setSignedInUser(credentials); - }).then(() => { - cb(null, true); - }, error => { - cb(error, false); - }); - - try { - cb.wait(); - - if (Weave.Status.login !== Weave.LOGIN_SUCCEEDED) { - Logger.logInfo("Logging into Weave."); - Weave.Service.login(); - Logger.AssertEqual(Weave.Status.login, Weave.LOGIN_SUCCEEDED, - "Weave logged in"); - } - - return true; - } catch (error) { - throw new Error("signIn() failed with: " + error.message); - } - } -}; diff --git a/services/sync/tps/extensions/tps/resource/tps.jsm b/services/sync/tps/extensions/tps/resource/tps.jsm index ca3e4d578..c94112a6f 100644 --- a/services/sync/tps/extensions/tps/resource/tps.jsm +++ b/services/sync/tps/extensions/tps/resource/tps.jsm @@ -74,9 +74,7 @@ const ACTIONS = [ ACTION_VERIFY_NOT, ]; -const OBSERVER_TOPICS = ["fxaccounts:onlogin", - "fxaccounts:onlogout", - "private-browsing", +const OBSERVER_TOPICS = ["private-browsing", "quit-application-requested", "sessionstore-windows-restored", "weave:engine:start-tracking", |