deprecate app.allowNTLMCredentialsForAllDomains

2016-05-23 10:59:55 +05:30 · 2016-05-23 10:59:55 +05:30 · f68d0f324f
commit f68d0f324f
parent 62cad610e0
5 changed files with 55 additions and 14 deletions
--- a/atom/browser/api/atom_api_session.cc
+++ b/atom/browser/api/atom_api_session.cc
@ -36,6 +36,8 @@
 #include "net/base/load_flags.h"
 #include "net/disk_cache/disk_cache.h"
 #include "net/dns/host_cache.h"
+#include "net/http/http_auth_handler_factory.h"
+#include "net/http/http_auth_preferences.h"
 #include "net/proxy/proxy_service.h"
 #include "net/proxy/proxy_config_service_fixed.h"
 #include "net/url_request/url_request_context.h"
@ -284,6 +286,19 @@ void ClearHostResolverCacheInIO(
  }
 }

+void AllowNTLMCredentialsForDomainsInIO(
+    const scoped_refptr<net::URLRequestContextGetter>& context_getter,
+    const std::string& domains) {
+  auto request_context = context_getter->GetURLRequestContext();
+  auto auth_handler = request_context->http_auth_handler_factory();
+  if (auth_handler) {
+    auto auth_preferences = const_cast<net::HttpAuthPreferences*>(
+        auth_handler->http_auth_preferences());
+    if (auth_preferences)
+      auth_preferences->set_server_whitelist(domains);
+  }
+}
+
 }  // namespace

 Session::Session(v8::Isolate* isolate, AtomBrowserContext* browser_context)
@ -432,6 +447,13 @@ void Session::ClearHostResolverCache(mate::Arguments* args) {
                 callback));
 }

+void Session::AllowNTLMCredentialsForDomains(const std::string& domains) {
+  BrowserThread::PostTask(BrowserThread::IO, FROM_HERE,
+      base::Bind(&AllowNTLMCredentialsForDomainsInIO,
+                 make_scoped_refptr(browser_context_->GetRequestContext()),
+                 domains));
+}
+
 v8::Local<v8::Value> Session::Cookies(v8::Isolate* isolate) {
  if (cookies_.IsEmpty()) {
    auto handle = atom::api::Cookies::Create(isolate, browser_context());
@ -487,6 +509,8 @@ void Session::BuildPrototype(v8::Isolate* isolate,
      .SetMethod("setPermissionRequestHandler",
                 &Session::SetPermissionRequestHandler)
      .SetMethod("clearHostResolverCache", &Session::ClearHostResolverCache)
+      .SetMethod("allowNTLMCredentialsForDomains",
+                 &Session::AllowNTLMCredentialsForDomains)
      .SetProperty("cookies", &Session::Cookies)
      .SetProperty("webRequest", &Session::WebRequest);
 }
--- a/atom/browser/api/atom_api_session.h
+++ b/atom/browser/api/atom_api_session.h
@ -79,6 +79,7 @@ class Session: public mate::TrackableObject<Session>,
  void SetPermissionRequestHandler(v8::Local<v8::Value> val,
                                   mate::Arguments* args);
  void ClearHostResolverCache(mate::Arguments* args);
+  void AllowNTLMCredentialsForDomains(const std::string& domains);
  v8::Local<v8::Value> Cookies(v8::Isolate* isolate);
  v8::Local<v8::Value> WebRequest(v8::Isolate* isolate);

--- a/docs/api/app.md
+++ b/docs/api/app.md
@ -443,16 +443,6 @@ Adds `tasks` to the [Tasks][tasks] category of the JumpList on Windows.
  consists of two or more icons, set this value to identify the icon. If an
  icon file consists of one icon, this value is 0.

-### `app.allowNTLMCredentialsForAllDomains()`
-
-Dynamically sets whether to always send credentials for HTTP NTLM or Negotiate
-authentication - normally, Electron will only send NTLM/Kerberos credentials for
-URLs that fall under "Local Intranet" sites (i.e. are in the same domain as you).
-However, this detection often fails when corporate networks are badly configured,
-so this lets you co-opt this behavior and enable it for all URLs.
-
-**Note:** This method should be called before the `ready` event gets emitted.
-
 ### `app.makeSingleInstance(callback)`

 * `callback` Function
--- a/docs/api/session.md
+++ b/docs/api/session.md
@ -323,6 +323,23 @@ session.fromPartition(partition).setPermissionRequestHandler((webContents, permi

 Clears the host resolver cache.

+#### `ses.allowNTLMCredentialsForDomains(domains)`
+
+* `domains` String - A comma-seperated list of servers for which
+  integrated authentication is enabled.
+
+Dynamically sets whether to always send credentials for HTTP NTLM or Negotiate
+authentication.
+
+```javascript
+// consider any url ending with `example.com`, `foobar.com`, `baz`
+// for integrated authentication.
+session.defaultSession.allowNTLMCredentialsForDomains('*example.com, *foobar.com, *baz')
+
+// consider all urls for integrated authentication.
+session.defaultSession.allowNTLMCredentialsForDomains('*')
+```
+
 #### `ses.webRequest`

 The `webRequest` API set allows to intercept and modify contents of a request at
--- a/lib/browser/api/app.js
+++ b/lib/browser/api/app.js
@ -1,6 +1,6 @@
 'use strict'

-const {Menu} = require('electron')
+const {deprecate, Menu, session} = require('electron')
 const {EventEmitter} = require('events')

 const bindings = process.atomBinding('app')
@ -22,9 +22,6 @@ Object.assign(app, {
  commandLine: {
    appendSwitch: bindings.appendSwitch,
    appendArgument: bindings.appendArgument
-  },
-  allowNTLMCredentialsForAllDomains () {
-    this.commandLine.appendSwitch('auth-server-whitelist', '*')
  }
 })

@ -44,6 +41,18 @@ if (process.platform === 'darwin') {
  }
 }

+app.allowNTLMCredentialsForAllDomains = function (allow) {
+  if (!process.noDeprecations) {
+    deprecate.warn('app.allowNTLMCredentialsForAllDomains', 'session.allowNTLMCredentialsForDomains')
+  }
+  let domains = allow ? '*' : ''
+  if (!this.isReady()) {
+    this.commandLine.appendSwitch('auth-server-whitelist', domains)
+  } else {
+    session.defaultSession.allowNTLMCredentialsForDomains(domains)
+  }
+}
+
 // Routes the events to webContents.
 const events = ['login', 'certificate-error', 'select-client-certificate']
 for (let name of events) {