Add m-esr52 at 52.6.0

1 files changed, 511 insertions, 0 deletions

diff --git a/toolkit/components/passwordmgr/LoginManagerParent.jsm b/toolkit/components/passwordmgr/LoginManagerParent.jsm
new file mode 100644
index 000000000..e472fb61c
--- /dev/null
+++ b/toolkit/components/passwordmgr/LoginManagerParent.jsm
@@ -0,0 +1,511 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+const { classes: Cc, interfaces: Ci, results: Cr, utils: Cu } = Components;
+
+Cu.importGlobalProperties(["URL"]);
+Cu.import("resource://gre/modules/XPCOMUtils.jsm");
+Cu.import("resource://gre/modules/Services.jsm");
+Cu.import("resource://gre/modules/Task.jsm");
+
+XPCOMUtils.defineLazyModuleGetter(this, "UserAutoCompleteResult",
+                                  "resource://gre/modules/LoginManagerContent.jsm");
+XPCOMUtils.defineLazyModuleGetter(this, "AutoCompletePopup",
+                                  "resource://gre/modules/AutoCompletePopup.jsm");
+XPCOMUtils.defineLazyModuleGetter(this, "DeferredTask",
+                                  "resource://gre/modules/DeferredTask.jsm");
+XPCOMUtils.defineLazyModuleGetter(this, "LoginHelper",
+                                  "resource://gre/modules/LoginHelper.jsm");
+
+XPCOMUtils.defineLazyGetter(this, "log", () => {
+  let logger = LoginHelper.createLogger("LoginManagerParent");
+  return logger.log.bind(logger);
+});
+
+this.EXPORTED_SYMBOLS = [ "LoginManagerParent" ];
+
+var LoginManagerParent = {
+  /**
+   * Reference to the default LoginRecipesParent (instead of the initialization promise) for
+   * synchronous access. This is a temporary hack and new consumers should yield on
+   * recipeParentPromise instead.
+   *
+   * @type LoginRecipesParent
+   * @deprecated
+   */
+  _recipeManager: null,
+
+  // Tracks the last time the user cancelled the master password prompt,
+  // to avoid spamming master password prompts on autocomplete searches.
+  _lastMPLoginCancelled: Math.NEGATIVE_INFINITY,
+
+  _searchAndDedupeLogins: function (formOrigin, actionOrigin) {
+    let logins;
+    try {
+      logins = LoginHelper.searchLoginsWithObject({
+        hostname: formOrigin,
+        formSubmitURL: actionOrigin,
+        schemeUpgrades: LoginHelper.schemeUpgrades,
+      });
+    } catch (e) {
+      // Record the last time the user cancelled the MP prompt
+      // to avoid spamming them with MP prompts for autocomplete.
+      if (e.result == Cr.NS_ERROR_ABORT) {
+        log("User cancelled master password prompt.");
+        this._lastMPLoginCancelled = Date.now();
+        return [];
+      }
+      throw e;
+    }
+
+    // Dedupe so the length checks below still make sense with scheme upgrades.
+    let resolveBy = [
+      "scheme",
+      "timePasswordChanged",
+    ];
+    return LoginHelper.dedupeLogins(logins, ["username"], resolveBy, formOrigin);
+  },
+
+  init: function() {
+    let mm = Cc["@mozilla.org/globalmessagemanager;1"]
+               .getService(Ci.nsIMessageListenerManager);
+    mm.addMessageListener("RemoteLogins:findLogins", this);
+    mm.addMessageListener("RemoteLogins:findRecipes", this);
+    mm.addMessageListener("RemoteLogins:onFormSubmit", this);
+    mm.addMessageListener("RemoteLogins:autoCompleteLogins", this);
+    mm.addMessageListener("RemoteLogins:removeLogin", this);
+    mm.addMessageListener("RemoteLogins:insecureLoginFormPresent", this);
+
+    XPCOMUtils.defineLazyGetter(this, "recipeParentPromise", () => {
+      const { LoginRecipesParent } = Cu.import("resource://gre/modules/LoginRecipes.jsm", {});
+      this._recipeManager = new LoginRecipesParent({
+        defaults: Services.prefs.getComplexValue("signon.recipes.path", Ci.nsISupportsString).data,
+      });
+      return this._recipeManager.initializationPromise;
+    });
+  },
+
+  receiveMessage: function (msg) {
+    let data = msg.data;
+    switch (msg.name) {
+      case "RemoteLogins:findLogins": {
+        // TODO Verify msg.target's principals against the formOrigin?
+        this.sendLoginDataToChild(data.options.showMasterPassword,
+                                  data.formOrigin,
+                                  data.actionOrigin,
+                                  data.requestId,
+                                  msg.target.messageManager);
+        break;
+      }
+
+      case "RemoteLogins:findRecipes": {
+        let formHost = (new URL(data.formOrigin)).host;
+        return this._recipeManager.getRecipesForHost(formHost);
+      }
+
+      case "RemoteLogins:onFormSubmit": {
+        // TODO Verify msg.target's principals against the formOrigin?
+        this.onFormSubmit(data.hostname,
+                          data.formSubmitURL,
+                          data.usernameField,
+                          data.newPasswordField,
+                          data.oldPasswordField,
+                          msg.objects.openerTopWindow,
+                          msg.target);
+        break;
+      }
+
+      case "RemoteLogins:insecureLoginFormPresent": {
+        this.setHasInsecureLoginForms(msg.target, data.hasInsecureLoginForms);
+        break;
+      }
+
+      case "RemoteLogins:autoCompleteLogins": {
+        this.doAutocompleteSearch(data, msg.target);
+        break;
+      }
+
+      case "RemoteLogins:removeLogin": {
+        let login = LoginHelper.vanillaObjectToLogin(data.login);
+        AutoCompletePopup.removeLogin(login);
+        break;
+      }
+    }
+
+    return undefined;
+  },
+
+  /**
+   * Trigger a login form fill and send relevant data (e.g. logins and recipes)
+   * to the child process (LoginManagerContent).
+   */
+  fillForm: Task.async(function* ({ browser, loginFormOrigin, login, inputElement }) {
+    let recipes = [];
+    if (loginFormOrigin) {
+      let formHost;
+      try {
+        formHost = (new URL(loginFormOrigin)).host;
+        let recipeManager = yield this.recipeParentPromise;
+        recipes = recipeManager.getRecipesForHost(formHost);
+      } catch (ex) {
+        // Some schemes e.g. chrome aren't supported by URL
+      }
+    }
+
+    // Convert the array of nsILoginInfo to vanilla JS objects since nsILoginInfo
+    // doesn't support structured cloning.
+    let jsLogins = [LoginHelper.loginToVanillaObject(login)];
+
+    let objects = inputElement ? {inputElement} : null;
+    browser.messageManager.sendAsyncMessage("RemoteLogins:fillForm", {
+      loginFormOrigin,
+      logins: jsLogins,
+      recipes,
+    }, objects);
+  }),
+
+  /**
+   * Send relevant data (e.g. logins and recipes) to the child process (LoginManagerContent).
+   */
+  sendLoginDataToChild: Task.async(function*(showMasterPassword, formOrigin, actionOrigin,
+                                             requestId, target) {
+    let recipes = [];
+    if (formOrigin) {
+      let formHost;
+      try {
+        formHost = (new URL(formOrigin)).host;
+        let recipeManager = yield this.recipeParentPromise;
+        recipes = recipeManager.getRecipesForHost(formHost);
+      } catch (ex) {
+        // Some schemes e.g. chrome aren't supported by URL
+      }
+    }
+
+    if (!showMasterPassword && !Services.logins.isLoggedIn) {
+      try {
+        target.sendAsyncMessage("RemoteLogins:loginsFound", {
+          requestId: requestId,
+          logins: [],
+          recipes,
+        });
+      } catch (e) {
+        log("error sending message to target", e);
+      }
+      return;
+    }
+
+    // If we're currently displaying a master password prompt, defer
+    // processing this form until the user handles the prompt.
+    if (Services.logins.uiBusy) {
+      log("deferring sendLoginDataToChild for", formOrigin);
+      let self = this;
+      let observer = {
+        QueryInterface: XPCOMUtils.generateQI([Ci.nsIObserver,
+                                               Ci.nsISupportsWeakReference]),
+
+        observe: function (subject, topic, data) {
+          log("Got deferred sendLoginDataToChild notification:", topic);
+          // Only run observer once.
+          Services.obs.removeObserver(this, "passwordmgr-crypto-login");
+          Services.obs.removeObserver(this, "passwordmgr-crypto-loginCanceled");
+          if (topic == "passwordmgr-crypto-loginCanceled") {
+            target.sendAsyncMessage("RemoteLogins:loginsFound", {
+              requestId: requestId,
+              logins: [],
+              recipes,
+            });
+            return;
+          }
+
+          self.sendLoginDataToChild(showMasterPassword, formOrigin, actionOrigin,
+                                    requestId, target);
+        },
+      };
+
+      // Possible leak: it's possible that neither of these notifications
+      // will fire, and if that happens, we'll leak the observer (and
+      // never return). We should guarantee that at least one of these
+      // will fire.
+      // See bug XXX.
+      Services.obs.addObserver(observer, "passwordmgr-crypto-login", false);
+      Services.obs.addObserver(observer, "passwordmgr-crypto-loginCanceled", false);
+      return;
+    }
+
+    let logins = this._searchAndDedupeLogins(formOrigin, actionOrigin);
+
+    log("sendLoginDataToChild:", logins.length, "deduped logins");
+    // Convert the array of nsILoginInfo to vanilla JS objects since nsILoginInfo
+    // doesn't support structured cloning.
+    var jsLogins = LoginHelper.loginsToVanillaObjects(logins);
+    target.sendAsyncMessage("RemoteLogins:loginsFound", {
+      requestId: requestId,
+      logins: jsLogins,
+      recipes,
+    });
+  }),
+
+  doAutocompleteSearch: function({ formOrigin, actionOrigin,
+                                   searchString, previousResult,
+                                   rect, requestId, isSecure, isPasswordField,
+                                   remote }, target) {
+    // Note: previousResult is a regular object, not an
+    // nsIAutoCompleteResult.
+
+    // Cancel if we unsuccessfully prompted for the master password too recently.
+    if (!Services.logins.isLoggedIn) {
+      let timeDiff = Date.now() - this._lastMPLoginCancelled;
+      if (timeDiff < this._repromptTimeout) {
+        log("Not searching logins for autocomplete since the master password " +
+            `prompt was last cancelled ${Math.round(timeDiff / 1000)} seconds ago.`);
+        // Send an empty array to make LoginManagerContent clear the
+        // outstanding request it has temporarily saved.
+        target.messageManager.sendAsyncMessage("RemoteLogins:loginsAutoCompleted", {
+          requestId,
+          logins: [],
+        });
+        return;
+      }
+    }
+
+    let searchStringLower = searchString.toLowerCase();
+    let logins;
+    if (previousResult &&
+        searchStringLower.startsWith(previousResult.searchString.toLowerCase())) {
+      log("Using previous autocomplete result");
+
+      // We have a list of results for a shorter search string, so just
+      // filter them further based on the new search string.
+      logins = LoginHelper.vanillaObjectsToLogins(previousResult.logins);
+    } else {
+      log("Creating new autocomplete search result.");
+
+      logins = this._searchAndDedupeLogins(formOrigin, actionOrigin);
+    }
+
+    let matchingLogins = logins.filter(function(fullMatch) {
+      let match = fullMatch.username;
+
+      // Remove results that are too short, or have different prefix.
+      // Also don't offer empty usernames as possible results except
+      // for password field.
+      if (isPasswordField) {
+        return true;
+      }
+      return match && match.toLowerCase().startsWith(searchStringLower);
+    });
+
+    // XXX In the E10S case, we're responsible for showing our own
+    // autocomplete popup here because the autocomplete protocol hasn't
+    // been e10s-ized yet. In the non-e10s case, our caller is responsible
+    // for showing the autocomplete popup (via the regular
+    // nsAutoCompleteController).
+    if (remote) {
+      let results = new UserAutoCompleteResult(searchString, matchingLogins, {isSecure});
+      AutoCompletePopup.showPopupWithResults({ browser: target.ownerDocument.defaultView, rect, results });
+    }
+
+    // Convert the array of nsILoginInfo to vanilla JS objects since nsILoginInfo
+    // doesn't support structured cloning.
+    var jsLogins = LoginHelper.loginsToVanillaObjects(matchingLogins);
+    target.messageManager.sendAsyncMessage("RemoteLogins:loginsAutoCompleted", {
+      requestId: requestId,
+      logins: jsLogins,
+    });
+  },
+
+  onFormSubmit: function(hostname, formSubmitURL,
+                         usernameField, newPasswordField,
+                         oldPasswordField, openerTopWindow,
+                         target) {
+    function getPrompter() {
+      var prompterSvc = Cc["@mozilla.org/login-manager/prompter;1"].
+                        createInstance(Ci.nsILoginManagerPrompter);
+      prompterSvc.init(target.ownerDocument.defaultView);
+      prompterSvc.browser = target;
+      prompterSvc.opener = openerTopWindow;
+      return prompterSvc;
+    }
+
+    function recordLoginUse(login) {
+      // Update the lastUsed timestamp and increment the use count.
+      let propBag = Cc["@mozilla.org/hash-property-bag;1"].
+                    createInstance(Ci.nsIWritablePropertyBag);
+      propBag.setProperty("timeLastUsed", Date.now());
+      propBag.setProperty("timesUsedIncrement", 1);
+      Services.logins.modifyLogin(login, propBag);
+    }
+
+    if (!Services.logins.getLoginSavingEnabled(hostname)) {
+      log("(form submission ignored -- saving is disabled for:", hostname, ")");
+      return;
+    }
+
+    var formLogin = Cc["@mozilla.org/login-manager/loginInfo;1"].
+                    createInstance(Ci.nsILoginInfo);
+    formLogin.init(hostname, formSubmitURL, null,
+                   (usernameField ? usernameField.value : ""),
+                   newPasswordField.value,
+                   (usernameField ? usernameField.name  : ""),
+                   newPasswordField.name);
+
+    // Below here we have one login per hostPort + action + username with the
+    // matching scheme being preferred.
+    let logins = this._searchAndDedupeLogins(hostname, formSubmitURL);
+
+    // If we didn't find a username field, but seem to be changing a
+    // password, allow the user to select from a list of applicable
+    // logins to update the password for.
+    if (!usernameField && oldPasswordField && logins.length > 0) {
+      var prompter = getPrompter();
+
+      if (logins.length == 1) {
+        var oldLogin = logins[0];
+
+        if (oldLogin.password == formLogin.password) {
+          recordLoginUse(oldLogin);
+          log("(Not prompting to save/change since we have no username and the " +
+              "only saved password matches the new password)");
+          return;
+        }
+
+        formLogin.username      = oldLogin.username;
+        formLogin.usernameField = oldLogin.usernameField;
+
+        prompter.promptToChangePassword(oldLogin, formLogin);
+      } else {
+        // Note: It's possible that that we already have the correct u+p saved
+        // but since we don't have the username, we don't know if the user is
+        // changing a second account to the new password so we ask anyways.
+
+        prompter.promptToChangePasswordWithUsernames(
+                            logins, logins.length, formLogin);
+      }
+
+      return;
+    }
+
+
+    var existingLogin = null;
+    // Look for an existing login that matches the form login.
+    for (let login of logins) {
+      let same;
+
+      // If one login has a username but the other doesn't, ignore
+      // the username when comparing and only match if they have the
+      // same password. Otherwise, compare the logins and match even
+      // if the passwords differ.
+      if (!login.username && formLogin.username) {
+        var restoreMe = formLogin.username;
+        formLogin.username = "";
+        same = LoginHelper.doLoginsMatch(formLogin, login, {
+          ignorePassword: false,
+          ignoreSchemes: LoginHelper.schemeUpgrades,
+        });
+        formLogin.username = restoreMe;
+      } else if (!formLogin.username && login.username) {
+        formLogin.username = login.username;
+        same = LoginHelper.doLoginsMatch(formLogin, login, {
+          ignorePassword: false,
+          ignoreSchemes: LoginHelper.schemeUpgrades,
+        });
+        formLogin.username = ""; // we know it's always blank.
+      } else {
+        same = LoginHelper.doLoginsMatch(formLogin, login, {
+          ignorePassword: true,
+          ignoreSchemes: LoginHelper.schemeUpgrades,
+        });
+      }
+
+      if (same) {
+        existingLogin = login;
+        break;
+      }
+    }
+
+    if (existingLogin) {
+      log("Found an existing login matching this form submission");
+
+      // Change password if needed.
+      if (existingLogin.password != formLogin.password) {
+        log("...passwords differ, prompting to change.");
+        prompter = getPrompter();
+        prompter.promptToChangePassword(existingLogin, formLogin);
+      } else if (!existingLogin.username && formLogin.username) {
+        log("...empty username update, prompting to change.");
+        prompter = getPrompter();
+        prompter.promptToChangePassword(existingLogin, formLogin);
+      } else {
+        recordLoginUse(existingLogin);
+      }
+
+      return;
+    }
+
+
+    // Prompt user to save login (via dialog or notification bar)
+    prompter = getPrompter();
+    prompter.promptToSavePassword(formLogin);
+  },
+
+  /**
+   * Maps all the <browser> elements for tabs in the parent process to the
+   * current state used to display tab-specific UI.
+   *
+   * This mapping is not updated in case a web page is moved to a different
+   * chrome window by the swapDocShells method. In this case, it is possible
+   * that a UI update just requested for the login fill doorhanger and then
+   * delayed by a few hundred milliseconds will be lost. Later requests would
+   * use the new browser reference instead.
+   *
+   * Given that the case above is rare, and it would not cause any origin
+   * mismatch at the time of filling because the origin is checked later in the
+   * content process, this case is left unhandled.
+   */
+  loginFormStateByBrowser: new WeakMap(),
+
+  /**
+   * Retrieves a reference to the state object associated with the given
+   * browser. This is initialized to an empty object.
+   */
+  stateForBrowser(browser) {
+    let loginFormState = this.loginFormStateByBrowser.get(browser);
+    if (!loginFormState) {
+      loginFormState = {};
+      this.loginFormStateByBrowser.set(browser, loginFormState);
+    }
+    return loginFormState;
+  },
+
+  /**
+   * Returns true if the page currently loaded in the given browser element has
+   * insecure login forms. This state may be updated asynchronously, in which
+   * case a custom event named InsecureLoginFormsStateChange will be dispatched
+   * on the browser element.
+   */
+  hasInsecureLoginForms(browser) {
+    return !!this.stateForBrowser(browser).hasInsecureLoginForms;
+  },
+
+  /**
+   * Called to indicate whether an insecure password field is present so
+   * insecure password UI can know when to show.
+   */
+  setHasInsecureLoginForms(browser, hasInsecureLoginForms) {
+    let state = this.stateForBrowser(browser);
+
+    // Update the data to use to the latest known values. Since messages are
+    // processed in order, this will always be the latest version to use.
+    state.hasInsecureLoginForms = hasInsecureLoginForms;
+
+    // Report the insecure login form state immediately.
+    browser.dispatchEvent(new browser.ownerDocument.defaultView
+                                 .CustomEvent("InsecureLoginFormsStateChange"));
+  },
+};
+
+XPCOMUtils.defineLazyPreferenceGetter(LoginManagerParent, "_repromptTimeout",
+  "signon.masterPasswordReprompt.timeout_ms", 900000); // 15 Minutes