2019-11-14 18:01:18 +00:00
|
|
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Jeremy Apthorp <nornagon@nornagon.net>
|
|
|
|
|
Date: Tue, 12 Nov 2019 11:50:16 -0800
|
|
|
|
|
Subject: add TrustedAuthClient to URLLoaderFactory
|
|
|
|
|
|
|
|
|
|
This allows intercepting authentication requests for the 'net' module.
|
|
|
|
|
Without this, the 'login' event for electron.net.ClientRequest can't be
|
|
|
|
|
implemented, because the existing path checks for the presence of a
|
|
|
|
|
WebContents, and cancels the authentication if there's no WebContents
|
|
|
|
|
available, which there isn't in the case of the 'net' module.
|
|
|
|
|
|
|
|
|
|
diff --git a/services/network/public/mojom/network_context.mojom b/services/network/public/mojom/network_context.mojom
|
2020-04-24 01:55:17 +00:00
|
|
|
index 18c3c5312be05333e6ed19ad53bb6296be5db4b7..21299b9959c3f9f44c419d769b0aaff59b1d89f7 100644
|
2019-11-14 18:01:18 +00:00
|
|
|
--- a/services/network/public/mojom/network_context.mojom
|
|
|
|
|
+++ b/services/network/public/mojom/network_context.mojom
|
2020-04-13 23:39:26 +00:00
|
|
|
@@ -161,6 +161,25 @@ struct HttpAuthStaticNetworkContextParams {
|
2019-12-11 00:22:35 +00:00
|
|
|
= DefaultCredentials.ALLOW_DEFAULT_CREDENTIALS;
|
2019-11-14 18:01:18 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
+interface TrustedAuthClient {
|
|
|
|
|
+ OnAuthRequired(
|
|
|
|
|
+ mojo_base.mojom.UnguessableToken? window_id,
|
|
|
|
|
+ uint32 process_id,
|
|
|
|
|
+ uint32 routing_id,
|
|
|
|
|
+ uint32 request_id,
|
|
|
|
|
+ url.mojom.Url url,
|
|
|
|
|
+ bool first_auth_attempt,
|
|
|
|
|
+ AuthChallengeInfo auth_info,
|
|
|
|
|
+ URLResponseHead? head,
|
|
|
|
|
+ pending_remote<AuthChallengeResponder> auth_challenge_responder);
|
|
|
|
|
+};
|
|
|
|
|
+interface TrustedURLLoaderAuthClient {
|
|
|
|
|
+ // When a new URLLoader is created, this will be called to pass a
|
|
|
|
|
+ // corresponding |auth_client|.
|
|
|
|
|
+ OnLoaderCreated(int32 request_id,
|
|
|
|
|
+ pending_receiver<TrustedAuthClient> auth_client);
|
|
|
|
|
+};
|
|
|
|
|
+
|
|
|
|
|
interface CertVerifierClient {
|
|
|
|
|
Verify(
|
|
|
|
|
int32 default_error,
|
2020-04-24 01:55:17 +00:00
|
|
|
@@ -605,6 +624,8 @@ struct URLLoaderFactoryParams {
|
2020-04-13 23:39:26 +00:00
|
|
|
// impact because of the extra process hops, so use should be minimized.
|
|
|
|
|
pending_remote<TrustedURLLoaderHeaderClient>? header_client;
|
2019-11-14 18:01:18 +00:00
|
|
|
|
|
|
|
|
+ pending_remote<TrustedURLLoaderAuthClient>? auth_client;
|
|
|
|
|
+
|
2020-04-13 23:39:26 +00:00
|
|
|
// |factory_bound_access_patterns| are used for CORS checks in addition to
|
|
|
|
|
// the per-context allow patterns that is managed via NetworkContext
|
|
|
|
|
// interface. This still respects the per-context block lists.
|
2019-11-14 18:01:18 +00:00
|
|
|
diff --git a/services/network/url_loader.cc b/services/network/url_loader.cc
|
2020-04-24 01:55:17 +00:00
|
|
|
index aa4c83af9f4e321add47653f8cebb5b4092efd3e..daaef90fdbb7a42b1a3ec9151bd51bcab4a1a270 100644
|
2019-11-14 18:01:18 +00:00
|
|
|
--- a/services/network/url_loader.cc
|
|
|
|
|
+++ b/services/network/url_loader.cc
|
2020-04-24 01:55:17 +00:00
|
|
|
@@ -474,6 +474,7 @@ URLLoader::URLLoader(
|
2019-11-14 18:01:18 +00:00
|
|
|
base::WeakPtr<KeepaliveStatisticsRecorder> keepalive_statistics_recorder,
|
|
|
|
|
base::WeakPtr<NetworkUsageAccumulator> network_usage_accumulator,
|
|
|
|
|
mojom::TrustedURLLoaderHeaderClient* url_loader_header_client,
|
|
|
|
|
+ mojom::TrustedURLLoaderAuthClient* url_loader_auth_client,
|
2020-04-06 20:09:52 +00:00
|
|
|
mojom::OriginPolicyManager* origin_policy_manager,
|
2020-04-13 23:39:26 +00:00
|
|
|
std::unique_ptr<TrustTokenRequestHelperFactory> trust_token_helper_factory)
|
2019-11-14 18:01:18 +00:00
|
|
|
: url_request_context_(url_request_context),
|
2020-04-24 01:55:17 +00:00
|
|
|
@@ -530,6 +531,11 @@ URLLoader::URLLoader(
|
2019-11-14 18:01:18 +00:00
|
|
|
header_client_.set_disconnect_handler(
|
2019-12-11 00:22:35 +00:00
|
|
|
base::BindOnce(&URLLoader::OnMojoDisconnect, base::Unretained(this)));
|
2019-11-14 18:01:18 +00:00
|
|
|
}
|
|
|
|
|
+ if (url_loader_auth_client) {
|
|
|
|
|
+ url_loader_auth_client->OnLoaderCreated(request_id_, auth_client_.BindNewPipeAndPassReceiver());
|
|
|
|
|
+ auth_client_.set_disconnect_handler(
|
2019-12-11 00:22:35 +00:00
|
|
|
+ base::BindOnce(&URLLoader::OnMojoDisconnect, base::Unretained(this)));
|
2019-11-14 18:01:18 +00:00
|
|
|
+ }
|
|
|
|
|
if (want_raw_headers_) {
|
|
|
|
|
options_ |= mojom::kURLLoadOptionSendSSLInfoWithResponse |
|
|
|
|
|
mojom::kURLLoadOptionSendSSLInfoForCertificateError;
|
2020-04-24 01:55:17 +00:00
|
|
|
@@ -1009,7 +1015,7 @@ void URLLoader::OnReceivedRedirect(net::URLRequest* url_request,
|
2019-11-14 18:01:18 +00:00
|
|
|
|
|
|
|
|
void URLLoader::OnAuthRequired(net::URLRequest* url_request,
|
|
|
|
|
const net::AuthChallengeInfo& auth_info) {
|
|
|
|
|
- if (!network_context_client_) {
|
|
|
|
|
+ if (!network_context_client_ && !auth_client_) {
|
|
|
|
|
OnAuthCredentials(base::nullopt);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2020-04-24 01:55:17 +00:00
|
|
|
@@ -1025,11 +1031,20 @@ void URLLoader::OnAuthRequired(net::URLRequest* url_request,
|
2019-11-14 18:01:18 +00:00
|
|
|
if (url_request->response_headers())
|
2019-12-13 20:13:12 +00:00
|
|
|
head->headers = url_request->response_headers();
|
|
|
|
|
head->auth_challenge_info = auth_info;
|
2019-11-14 18:01:18 +00:00
|
|
|
- network_context_client_->OnAuthRequired(
|
|
|
|
|
- fetch_window_id_, factory_params_->process_id, render_frame_id_,
|
2019-12-13 20:13:12 +00:00
|
|
|
- request_id_, url_request_->url(), first_auth_attempt_, auth_info,
|
|
|
|
|
- std::move(head),
|
2019-11-14 18:01:18 +00:00
|
|
|
- auth_challenge_responder_receiver_.BindNewPipeAndPassRemote());
|
|
|
|
|
+
|
|
|
|
|
+ if (auth_client_) {
|
|
|
|
|
+ auth_client_->OnAuthRequired(
|
|
|
|
|
+ fetch_window_id_, factory_params_->process_id, render_frame_id_,
|
2019-12-13 20:13:12 +00:00
|
|
|
+ request_id_, url_request_->url(), first_auth_attempt_, auth_info,
|
|
|
|
|
+ std::move(head),
|
2019-11-14 18:01:18 +00:00
|
|
|
+ auth_challenge_responder_receiver_.BindNewPipeAndPassRemote());
|
|
|
|
|
+ } else {
|
|
|
|
|
+ network_context_client_->OnAuthRequired(
|
|
|
|
|
+ fetch_window_id_, factory_params_->process_id, render_frame_id_,
|
2019-12-13 20:13:12 +00:00
|
|
|
+ request_id_, url_request_->url(), first_auth_attempt_, auth_info,
|
|
|
|
|
+ std::move(head),
|
2019-11-14 18:01:18 +00:00
|
|
|
+ auth_challenge_responder_receiver_.BindNewPipeAndPassRemote());
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
|
|
auth_challenge_responder_receiver_.set_disconnect_handler(
|
|
|
|
|
base::BindOnce(&URLLoader::DeleteSelf, base::Unretained(this)));
|
|
|
|
|
diff --git a/services/network/url_loader.h b/services/network/url_loader.h
|
2020-04-24 01:55:17 +00:00
|
|
|
index 70508cbc5f527dc1fc5db0165dad18a0b9e4d9e3..09d4e0bbe6b0750a3e7188a8b9db0ee5aafbf921 100644
|
2019-11-14 18:01:18 +00:00
|
|
|
--- a/services/network/url_loader.h
|
|
|
|
|
+++ b/services/network/url_loader.h
|
2020-04-13 23:39:26 +00:00
|
|
|
@@ -112,6 +112,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader
|
2019-11-14 18:01:18 +00:00
|
|
|
base::WeakPtr<KeepaliveStatisticsRecorder> keepalive_statistics_recorder,
|
|
|
|
|
base::WeakPtr<NetworkUsageAccumulator> network_usage_accumulator,
|
|
|
|
|
mojom::TrustedURLLoaderHeaderClient* url_loader_header_client,
|
|
|
|
|
+ mojom::TrustedURLLoaderAuthClient* url_loader_auth_client,
|
2020-04-06 20:09:52 +00:00
|
|
|
mojom::OriginPolicyManager* origin_policy_manager,
|
2020-04-13 23:39:26 +00:00
|
|
|
std::unique_ptr<TrustTokenRequestHelperFactory>
|
|
|
|
|
trust_token_helper_factory);
|
|
|
|
|
@@ -447,6 +448,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader
|
2019-11-14 18:01:18 +00:00
|
|
|
base::Optional<base::UnguessableToken> fetch_window_id_;
|
|
|
|
|
|
|
|
|
|
mojo::Remote<mojom::TrustedHeaderClient> header_client_;
|
|
|
|
|
+ mojo::Remote<mojom::TrustedAuthClient> auth_client_;
|
|
|
|
|
|
|
|
|
|
std::unique_ptr<FileOpenerForUpload> file_opener_for_upload_;
|
|
|
|
|
|
|
|
|
|
diff --git a/services/network/url_loader_factory.cc b/services/network/url_loader_factory.cc
|
2020-04-13 23:39:26 +00:00
|
|
|
index 1c43785d9b2c19dd4129f030e3ec9475a9bb4b31..730635d7f18bf95100558c37a1d38304a22f650d 100644
|
2019-11-14 18:01:18 +00:00
|
|
|
--- a/services/network/url_loader_factory.cc
|
|
|
|
|
+++ b/services/network/url_loader_factory.cc
|
2020-04-13 23:39:26 +00:00
|
|
|
@@ -68,6 +68,7 @@ URLLoaderFactory::URLLoaderFactory(
|
2019-11-14 18:01:18 +00:00
|
|
|
resource_scheduler_client_(std::move(resource_scheduler_client)),
|
|
|
|
|
header_client_(std::move(params_->header_client)),
|
2020-03-11 11:15:07 +00:00
|
|
|
coep_reporter_(std::move(params_->coep_reporter)),
|
2019-11-14 18:01:18 +00:00
|
|
|
+ auth_client_(std::move(params_->auth_client)),
|
|
|
|
|
cors_url_loader_factory_(cors_url_loader_factory) {
|
|
|
|
|
DCHECK(context);
|
|
|
|
|
DCHECK_NE(mojom::kInvalidProcessId, params_->process_id);
|
2020-04-13 23:39:26 +00:00
|
|
|
@@ -230,6 +231,7 @@ void URLLoaderFactory::CreateLoaderAndStart(
|
2020-03-11 11:15:07 +00:00
|
|
|
std::move(keepalive_statistics_recorder),
|
2019-11-14 18:01:18 +00:00
|
|
|
std::move(network_usage_accumulator),
|
|
|
|
|
header_client_.is_bound() ? header_client_.get() : nullptr,
|
|
|
|
|
+ auth_client_.is_bound() ? auth_client_.get() : nullptr,
|
2020-04-13 23:39:26 +00:00
|
|
|
context_->origin_policy_manager(),
|
|
|
|
|
url_request.trust_token_params
|
|
|
|
|
? std::make_unique<TrustTokenRequestHelperFactory>(
|
2019-11-14 18:01:18 +00:00
|
|
|
diff --git a/services/network/url_loader_factory.h b/services/network/url_loader_factory.h
|
2020-03-11 11:15:07 +00:00
|
|
|
index 1a623585035487de061ba6476914992ea2f7ac88..caa19dcd4b99296e50f8e22bfc92a70ba14473d1 100644
|
2019-11-14 18:01:18 +00:00
|
|
|
--- a/services/network/url_loader_factory.h
|
|
|
|
|
+++ b/services/network/url_loader_factory.h
|
2020-03-11 11:15:07 +00:00
|
|
|
@@ -74,6 +74,7 @@ class URLLoaderFactory : public mojom::URLLoaderFactory {
|
2019-11-14 18:01:18 +00:00
|
|
|
scoped_refptr<ResourceSchedulerClient> resource_scheduler_client_;
|
|
|
|
|
mojo::Remote<mojom::TrustedURLLoaderHeaderClient> header_client_;
|
2020-03-11 11:15:07 +00:00
|
|
|
mojo::Remote<mojom::CrossOriginEmbedderPolicyReporter> coep_reporter_;
|
2019-11-14 18:01:18 +00:00
|
|
|
+ mojo::Remote<mojom::TrustedURLLoaderAuthClient> auth_client_;
|
|
|
|
|
|
|
|
|
|
// |cors_url_loader_factory_| owns this.
|
|
|
|
|
cors::CorsURLLoaderFactory* cors_url_loader_factory_;
|
