electron/patches/chromium/add_trustedauthclient_to_urlloaderfactory.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jeremy Apthorp <nornagon@nornagon.net>
Date: Tue, 12 Nov 2019 11:50:16 -0800
Subject: add TrustedAuthClient to URLLoaderFactory

This allows intercepting authentication requests for the 'net' module.
Without this, the 'login' event for electron.net.ClientRequest can't be
implemented, because the existing path checks for the presence of a
WebContents, and cancels the authentication if there's no WebContents
available, which there isn't in the case of the 'net' module.

diff --git a/services/network/public/mojom/network_context.mojom b/services/network/public/mojom/network_context.mojom
index 6b14d8354375377526e141ee499a7583be3f22b0..eeb9e19c0ecdf4631e596e7c0927693f2239f293 100644
--- a/services/network/public/mojom/network_context.mojom
+++ b/services/network/public/mojom/network_context.mojom
@@ -181,6 +181,25 @@ interface TrustedURLLoaderHeaderClient {
       pending_receiver<TrustedHeaderClient> header_client);
 };
 
+interface TrustedAuthClient {
+  OnAuthRequired(
+      mojo_base.mojom.UnguessableToken? window_id,
+      uint32 process_id,
+      uint32 routing_id,
+      uint32 request_id,
+      url.mojom.Url url,
+      bool first_auth_attempt,
+      AuthChallengeInfo auth_info,
+      URLResponseHead? head,
+      pending_remote<AuthChallengeResponder> auth_challenge_responder);
+};
+interface TrustedURLLoaderAuthClient {
+  // When a new URLLoader is created, this will be called to pass a
+  // corresponding |auth_client|.
+  OnLoaderCreated(int32 request_id,
+                  pending_receiver<TrustedAuthClient> auth_client);
+};
+
 interface CertVerifierClient {
   Verify(
     int32 default_error,
@@ -559,6 +578,8 @@ struct URLLoaderFactoryParams {
   // impact because of the extra process hops, so use should be minimized.
   pending_remote<TrustedURLLoaderHeaderClient>? header_client;
 
+  pending_remote<TrustedURLLoaderAuthClient>? auth_client;
+
   // If non-empty array is given, |factory_bound_allow_patterns| is used for
   // CORS checks in addition to the per-context allow patterns that is managed
   // via NetworkContext interface. This still respects the per-context block
diff --git a/services/network/url_loader.cc b/services/network/url_loader.cc
index d4e13ffaed76847b00cf98b248ba17ad70a9884c..33ab3ea9c60e097d8525f1066f3890a5bccd754a 100644
--- a/services/network/url_loader.cc
+++ b/services/network/url_loader.cc
@@ -335,6 +335,7 @@ URLLoader::URLLoader(
     base::WeakPtr<KeepaliveStatisticsRecorder> keepalive_statistics_recorder,
     base::WeakPtr<NetworkUsageAccumulator> network_usage_accumulator,
     mojom::TrustedURLLoaderHeaderClient* url_loader_header_client,
+    mojom::TrustedURLLoaderAuthClient* url_loader_auth_client,
     mojom::OriginPolicyManager* origin_policy_manager)
     : url_request_context_(url_request_context),
       network_service_client_(network_service_client),
@@ -391,6 +392,11 @@ URLLoader::URLLoader(
     header_client_.set_disconnect_handler(
         base::BindOnce(&URLLoader::OnConnectionError, base::Unretained(this)));
   }
+  if (url_loader_auth_client) {
+    url_loader_auth_client->OnLoaderCreated(request_id_, auth_client_.BindNewPipeAndPassReceiver());
+    auth_client_.set_disconnect_handler(
+        base::BindOnce(&URLLoader::OnConnectionError, base::Unretained(this)));
+  }
   if (want_raw_headers_) {
     options_ |= mojom::kURLLoadOptionSendSSLInfoWithResponse |
                 mojom::kURLLoadOptionSendSSLInfoForCertificateError;
@@ -818,7 +824,7 @@ void URLLoader::OnReceivedRedirect(net::URLRequest* url_request,
 
 void URLLoader::OnAuthRequired(net::URLRequest* url_request,
                                const net::AuthChallengeInfo& auth_info) {
-  if (!network_context_client_) {
+  if (!network_context_client_ && !auth_client_) {
     OnAuthCredentials(base::nullopt);
     return;
   }
@@ -834,10 +840,18 @@ void URLLoader::OnAuthRequired(net::URLRequest* url_request,
   if (url_request->response_headers())
     head.headers = url_request->response_headers();
   head.auth_challenge_info = auth_info;
-  network_context_client_->OnAuthRequired(
-      fetch_window_id_, factory_params_->process_id, render_frame_id_,
-      request_id_, url_request_->url(), first_auth_attempt_, auth_info, head,
-      auth_challenge_responder_receiver_.BindNewPipeAndPassRemote());
+
+  if (auth_client_) {
+    auth_client_->OnAuthRequired(
+        fetch_window_id_, factory_params_->process_id, render_frame_id_,
+        request_id_, url_request_->url(), first_auth_attempt_, auth_info, head,
+        auth_challenge_responder_receiver_.BindNewPipeAndPassRemote());
+  } else {
+    network_context_client_->OnAuthRequired(
+        fetch_window_id_, factory_params_->process_id, render_frame_id_,
+        request_id_, url_request_->url(), first_auth_attempt_, auth_info, head,
+        auth_challenge_responder_receiver_.BindNewPipeAndPassRemote());
+  }
 
   auth_challenge_responder_receiver_.set_disconnect_handler(
       base::BindOnce(&URLLoader::DeleteSelf, base::Unretained(this)));
diff --git a/services/network/url_loader.h b/services/network/url_loader.h
index 0a47148a52a46f8a6f12f503731623f87e15b173..db8ca018c7e99a1a1acea156b4d49a755b93cc09 100644
--- a/services/network/url_loader.h
+++ b/services/network/url_loader.h
@@ -85,6 +85,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader
       base::WeakPtr<KeepaliveStatisticsRecorder> keepalive_statistics_recorder,
       base::WeakPtr<NetworkUsageAccumulator> network_usage_accumulator,
       mojom::TrustedURLLoaderHeaderClient* url_loader_header_client,
+      mojom::TrustedURLLoaderAuthClient* url_loader_auth_client,
       mojom::OriginPolicyManager* origin_policy_manager);
   ~URLLoader() override;
 
@@ -362,6 +363,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader
   base::Optional<base::UnguessableToken> fetch_window_id_;
 
   mojo::Remote<mojom::TrustedHeaderClient> header_client_;
+  mojo::Remote<mojom::TrustedAuthClient> auth_client_;
 
   std::unique_ptr<FileOpenerForUpload> file_opener_for_upload_;
 
diff --git a/services/network/url_loader_factory.cc b/services/network/url_loader_factory.cc
index 7145e0e96550d554bb1df85bd79818ec9a45f7b1..53225eb1b0b7f1aa2498cecc8222f9f897ac364f 100644
--- a/services/network/url_loader_factory.cc
+++ b/services/network/url_loader_factory.cc
@@ -65,6 +65,7 @@ URLLoaderFactory::URLLoaderFactory(
       params_(std::move(params)),
       resource_scheduler_client_(std::move(resource_scheduler_client)),
       header_client_(std::move(params_->header_client)),
+      auth_client_(std::move(params_->auth_client)),
       cors_url_loader_factory_(cors_url_loader_factory) {
   DCHECK(context);
   DCHECK_NE(mojom::kInvalidProcessId, params_->process_id);
@@ -209,6 +210,7 @@ void URLLoaderFactory::CreateLoaderAndStart(
       resource_scheduler_client_, std::move(keepalive_statistics_recorder),
       std::move(network_usage_accumulator),
       header_client_.is_bound() ? header_client_.get() : nullptr,
+      auth_client_.is_bound() ? auth_client_.get() : nullptr,
       context_->origin_policy_manager());
   cors_url_loader_factory_->OnLoaderCreated(std::move(loader));
 }
diff --git a/services/network/url_loader_factory.h b/services/network/url_loader_factory.h
index 7b143aa49be833ddf05b7b99bea19ee0b674b79c..6d1fbca87e3827c953fdac2cfb96806114d8aea9 100644
--- a/services/network/url_loader_factory.h
+++ b/services/network/url_loader_factory.h
@@ -71,6 +71,7 @@ class URLLoaderFactory : public mojom::URLLoaderFactory {
   mojom::URLLoaderFactoryParamsPtr params_;
   scoped_refptr<ResourceSchedulerClient> resource_scheduler_client_;
   mojo::Remote<mojom::TrustedURLLoaderHeaderClient> header_client_;
+  mojo::Remote<mojom::TrustedURLLoaderAuthClient> auth_client_;
 
   // |cors_url_loader_factory_| owns this.
   cors::CorsURLLoaderFactory* cors_url_loader_factory_;
fix: implement 'login' event for net.ClientRequest (#21096) 2019-11-14 18:01:18 +00:00			`From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001`
			`From: Jeremy Apthorp <nornagon@nornagon.net>`
			`Date: Tue, 12 Nov 2019 11:50:16 -0800`
			`Subject: add TrustedAuthClient to URLLoaderFactory`

			`This allows intercepting authentication requests for the 'net' module.`
			`Without this, the 'login' event for electron.net.ClientRequest can't be`
			`implemented, because the existing path checks for the presence of a`
			`WebContents, and cancels the authentication if there's no WebContents`
			`available, which there isn't in the case of the 'net' module.`

			`diff --git a/services/network/public/mojom/network_context.mojom b/services/network/public/mojom/network_context.mojom`
			`index 6b14d8354375377526e141ee499a7583be3f22b0..eeb9e19c0ecdf4631e596e7c0927693f2239f293 100644`
			`--- a/services/network/public/mojom/network_context.mojom`
			`+++ b/services/network/public/mojom/network_context.mojom`
			`@@ -181,6 +181,25 @@ interface TrustedURLLoaderHeaderClient {`
			`pending_receiver<TrustedHeaderClient> header_client);`
			`};`

			`+interface TrustedAuthClient {`
			`+ OnAuthRequired(`
			`+ mojo_base.mojom.UnguessableToken? window_id,`
			`+ uint32 process_id,`
			`+ uint32 routing_id,`
			`+ uint32 request_id,`
			`+ url.mojom.Url url,`
			`+ bool first_auth_attempt,`
			`+ AuthChallengeInfo auth_info,`
			`+ URLResponseHead? head,`
			`+ pending_remote<AuthChallengeResponder> auth_challenge_responder);`
			`+};`
			`+interface TrustedURLLoaderAuthClient {`
			`+ // When a new URLLoader is created, this will be called to pass a`
			`+ // corresponding \|auth_client\|.`
			`+ OnLoaderCreated(int32 request_id,`
			`+ pending_receiver<TrustedAuthClient> auth_client);`
			`+};`
			`+`
			`interface CertVerifierClient {`
			`Verify(`
			`int32 default_error,`
			`@@ -559,6 +578,8 @@ struct URLLoaderFactoryParams {`
			`// impact because of the extra process hops, so use should be minimized.`
			`pending_remote<TrustedURLLoaderHeaderClient>? header_client;`

			`+ pending_remote<TrustedURLLoaderAuthClient>? auth_client;`
			`+`
			`// If non-empty array is given, \|factory_bound_allow_patterns\| is used for`
			`// CORS checks in addition to the per-context allow patterns that is managed`
			`// via NetworkContext interface. This still respects the per-context block`
			`diff --git a/services/network/url_loader.cc b/services/network/url_loader.cc`
			`index d4e13ffaed76847b00cf98b248ba17ad70a9884c..33ab3ea9c60e097d8525f1066f3890a5bccd754a 100644`
			`--- a/services/network/url_loader.cc`
			`+++ b/services/network/url_loader.cc`
			`@@ -335,6 +335,7 @@ URLLoader::URLLoader(`
			`base::WeakPtr<KeepaliveStatisticsRecorder> keepalive_statistics_recorder,`
			`base::WeakPtr<NetworkUsageAccumulator> network_usage_accumulator,`
			`mojom::TrustedURLLoaderHeaderClient* url_loader_header_client,`
			`+ mojom::TrustedURLLoaderAuthClient* url_loader_auth_client,`
			`mojom::OriginPolicyManager* origin_policy_manager)`
			`: url_request_context_(url_request_context),`
			`network_service_client_(network_service_client),`
			`@@ -391,6 +392,11 @@ URLLoader::URLLoader(`
			`header_client_.set_disconnect_handler(`
			`base::BindOnce(&URLLoader::OnConnectionError, base::Unretained(this)));`
			`}`
			`+ if (url_loader_auth_client) {`
			`+ url_loader_auth_client->OnLoaderCreated(request_id_, auth_client_.BindNewPipeAndPassReceiver());`
			`+ auth_client_.set_disconnect_handler(`
			`+ base::BindOnce(&URLLoader::OnConnectionError, base::Unretained(this)));`
			`+ }`
			`if (want_raw_headers_) {`
			`options_ \|= mojom::kURLLoadOptionSendSSLInfoWithResponse \|`
			`mojom::kURLLoadOptionSendSSLInfoForCertificateError;`
			`@@ -818,7 +824,7 @@ void URLLoader::OnReceivedRedirect(net::URLRequest* url_request,`

			`void URLLoader::OnAuthRequired(net::URLRequest* url_request,`
			`const net::AuthChallengeInfo& auth_info) {`
			`- if (!network_context_client_) {`
			`+ if (!network_context_client_ && !auth_client_) {`
			`OnAuthCredentials(base::nullopt);`
			`return;`
			`}`
			`@@ -834,10 +840,18 @@ void URLLoader::OnAuthRequired(net::URLRequest* url_request,`
			`if (url_request->response_headers())`
			`head.headers = url_request->response_headers();`
			`head.auth_challenge_info = auth_info;`
			`- network_context_client_->OnAuthRequired(`
			`- fetch_window_id_, factory_params_->process_id, render_frame_id_,`
			`- request_id_, url_request_->url(), first_auth_attempt_, auth_info, head,`
			`- auth_challenge_responder_receiver_.BindNewPipeAndPassRemote());`
			`+`
			`+ if (auth_client_) {`
			`+ auth_client_->OnAuthRequired(`
			`+ fetch_window_id_, factory_params_->process_id, render_frame_id_,`
			`+ request_id_, url_request_->url(), first_auth_attempt_, auth_info, head,`
			`+ auth_challenge_responder_receiver_.BindNewPipeAndPassRemote());`
			`+ } else {`
			`+ network_context_client_->OnAuthRequired(`
			`+ fetch_window_id_, factory_params_->process_id, render_frame_id_,`
			`+ request_id_, url_request_->url(), first_auth_attempt_, auth_info, head,`
			`+ auth_challenge_responder_receiver_.BindNewPipeAndPassRemote());`
			`+ }`

			`auth_challenge_responder_receiver_.set_disconnect_handler(`
			`base::BindOnce(&URLLoader::DeleteSelf, base::Unretained(this)));`
			`diff --git a/services/network/url_loader.h b/services/network/url_loader.h`
			`index 0a47148a52a46f8a6f12f503731623f87e15b173..db8ca018c7e99a1a1acea156b4d49a755b93cc09 100644`
			`--- a/services/network/url_loader.h`
			`+++ b/services/network/url_loader.h`
			`@@ -85,6 +85,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader`
			`base::WeakPtr<KeepaliveStatisticsRecorder> keepalive_statistics_recorder,`
			`base::WeakPtr<NetworkUsageAccumulator> network_usage_accumulator,`
			`mojom::TrustedURLLoaderHeaderClient* url_loader_header_client,`
			`+ mojom::TrustedURLLoaderAuthClient* url_loader_auth_client,`
			`mojom::OriginPolicyManager* origin_policy_manager);`
			`~URLLoader() override;`

			`@@ -362,6 +363,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader`
			`base::Optional<base::UnguessableToken> fetch_window_id_;`

			`mojo::Remote<mojom::TrustedHeaderClient> header_client_;`
			`+ mojo::Remote<mojom::TrustedAuthClient> auth_client_;`

			`std::unique_ptr<FileOpenerForUpload> file_opener_for_upload_;`

			`diff --git a/services/network/url_loader_factory.cc b/services/network/url_loader_factory.cc`
			`index 7145e0e96550d554bb1df85bd79818ec9a45f7b1..53225eb1b0b7f1aa2498cecc8222f9f897ac364f 100644`
			`--- a/services/network/url_loader_factory.cc`
			`+++ b/services/network/url_loader_factory.cc`
			`@@ -65,6 +65,7 @@ URLLoaderFactory::URLLoaderFactory(`
			`params_(std::move(params)),`
			`resource_scheduler_client_(std::move(resource_scheduler_client)),`
			`header_client_(std::move(params_->header_client)),`
			`+ auth_client_(std::move(params_->auth_client)),`
			`cors_url_loader_factory_(cors_url_loader_factory) {`
			`DCHECK(context);`
			`DCHECK_NE(mojom::kInvalidProcessId, params_->process_id);`
			`@@ -209,6 +210,7 @@ void URLLoaderFactory::CreateLoaderAndStart(`
			`resource_scheduler_client_, std::move(keepalive_statistics_recorder),`
			`std::move(network_usage_accumulator),`
			`header_client_.is_bound() ? header_client_.get() : nullptr,`
			`+ auth_client_.is_bound() ? auth_client_.get() : nullptr,`
			`context_->origin_policy_manager());`
			`cors_url_loader_factory_->OnLoaderCreated(std::move(loader));`
			`}`
			`diff --git a/services/network/url_loader_factory.h b/services/network/url_loader_factory.h`
			`index 7b143aa49be833ddf05b7b99bea19ee0b674b79c..6d1fbca87e3827c953fdac2cfb96806114d8aea9 100644`
			`--- a/services/network/url_loader_factory.h`
			`+++ b/services/network/url_loader_factory.h`
			`@@ -71,6 +71,7 @@ class URLLoaderFactory : public mojom::URLLoaderFactory {`
			`mojom::URLLoaderFactoryParamsPtr params_;`
			`scoped_refptr<ResourceSchedulerClient> resource_scheduler_client_;`
			`mojo::Remote<mojom::TrustedURLLoaderHeaderClient> header_client_;`
			`+ mojo::Remote<mojom::TrustedURLLoaderAuthClient> auth_client_;`

			`// \|cors_url_loader_factory_\| owns this.`
			`cors::CorsURLLoaderFactory* cors_url_loader_factory_;`