From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Jeremy Apthorp Date: Tue, 12 Nov 2019 11:50:16 -0800 Subject: add TrustedAuthClient to URLLoaderFactory This allows intercepting authentication requests for the 'net' module. Without this, the 'login' event for electron.net.ClientRequest can't be implemented, because the existing path checks for the presence of a WebContents, and cancels the authentication if there's no WebContents available, which there isn't in the case of the 'net' module. diff --git a/services/network/public/mojom/network_context.mojom b/services/network/public/mojom/network_context.mojom index c37432121142472010b767b7fb257e20bc60b3fc..099c94d1db7994a0608864cb05e3686a85b7070d 100644 --- a/services/network/public/mojom/network_context.mojom +++ b/services/network/public/mojom/network_context.mojom @@ -193,6 +193,25 @@ struct HttpAuthStaticNetworkContextParams { = DefaultCredentials.ALLOW_DEFAULT_CREDENTIALS; }; +interface TrustedAuthClient { + OnAuthRequired( + mojo_base.mojom.UnguessableToken? window_id, + uint32 process_id, + uint32 routing_id, + uint32 request_id, + url.mojom.Url url, + bool first_auth_attempt, + AuthChallengeInfo auth_info, + URLResponseHead? head, + pending_remote auth_challenge_responder); +}; +interface TrustedURLLoaderAuthClient { + // When a new URLLoader is created, this will be called to pass a + // corresponding |auth_client|. + OnLoaderCreated(int32 request_id, + pending_receiver auth_client); +}; + interface CertVerifierClient { Verify( int32 default_error, @@ -633,6 +652,8 @@ struct URLLoaderFactoryParams { // interface. This still respects the per-context block lists. CorsOriginAccessPatterns? factory_bound_access_patterns; + pending_remote? auth_client; + // Key used to isolate shared network resources like the cache. NetworkIsolationKey? network_isolation_key; diff --git a/services/network/url_loader.cc b/services/network/url_loader.cc index 9452018180979377728162209651ebd914bd95a4..6c9f3192260bcce252c7868e042bd40a205b55b8 100644 --- a/services/network/url_loader.cc +++ b/services/network/url_loader.cc @@ -486,6 +486,7 @@ URLLoader::URLLoader( base::WeakPtr keepalive_statistics_recorder, base::WeakPtr network_usage_accumulator, mojom::TrustedURLLoaderHeaderClient* url_loader_header_client, + mojom::TrustedURLLoaderAuthClient* url_loader_auth_client, mojom::OriginPolicyManager* origin_policy_manager) : url_request_context_(url_request_context), network_service_client_(network_service_client), @@ -544,6 +545,11 @@ URLLoader::URLLoader( header_client_.set_disconnect_handler( base::BindOnce(&URLLoader::OnMojoDisconnect, base::Unretained(this))); } + if (url_loader_auth_client) { + url_loader_auth_client->OnLoaderCreated(request_id_, auth_client_.BindNewPipeAndPassReceiver()); + auth_client_.set_disconnect_handler( + base::BindOnce(&URLLoader::OnMojoDisconnect, base::Unretained(this))); + } if (want_raw_headers_) { options_ |= mojom::kURLLoadOptionSendSSLInfoWithResponse | mojom::kURLLoadOptionSendSSLInfoForCertificateError; @@ -982,7 +988,7 @@ void URLLoader::OnReceivedRedirect(net::URLRequest* url_request, void URLLoader::OnAuthRequired(net::URLRequest* url_request, const net::AuthChallengeInfo& auth_info) { - if (!network_context_client_) { + if (!network_context_client_ && !auth_client_) { OnAuthCredentials(base::nullopt); return; } @@ -998,11 +1004,20 @@ void URLLoader::OnAuthRequired(net::URLRequest* url_request, if (url_request->response_headers()) head->headers = url_request->response_headers(); head->auth_challenge_info = auth_info; - network_context_client_->OnAuthRequired( - fetch_window_id_, factory_params_->process_id, render_frame_id_, - request_id_, url_request_->url(), first_auth_attempt_, auth_info, - std::move(head), - auth_challenge_responder_receiver_.BindNewPipeAndPassRemote()); + + if (auth_client_) { + auth_client_->OnAuthRequired( + fetch_window_id_, factory_params_->process_id, render_frame_id_, + request_id_, url_request_->url(), first_auth_attempt_, auth_info, + std::move(head), + auth_challenge_responder_receiver_.BindNewPipeAndPassRemote()); + } else { + network_context_client_->OnAuthRequired( + fetch_window_id_, factory_params_->process_id, render_frame_id_, + request_id_, url_request_->url(), first_auth_attempt_, auth_info, + std::move(head), + auth_challenge_responder_receiver_.BindNewPipeAndPassRemote()); + } auth_challenge_responder_receiver_.set_disconnect_handler( base::BindOnce(&URLLoader::DeleteSelf, base::Unretained(this))); diff --git a/services/network/url_loader.h b/services/network/url_loader.h index 5b8e727e4a8f71d646eb2502d27256dcdae22e78..8b63418451933382b414e47001b9859017b60f7f 100644 --- a/services/network/url_loader.h +++ b/services/network/url_loader.h @@ -106,6 +106,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader base::WeakPtr keepalive_statistics_recorder, base::WeakPtr network_usage_accumulator, mojom::TrustedURLLoaderHeaderClient* url_loader_header_client, + mojom::TrustedURLLoaderAuthClient* url_loader_auth_client, mojom::OriginPolicyManager* origin_policy_manager); ~URLLoader() override; @@ -413,6 +414,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader base::Optional fetch_window_id_; mojo::Remote header_client_; + mojo::Remote auth_client_; std::unique_ptr file_opener_for_upload_; diff --git a/services/network/url_loader_factory.cc b/services/network/url_loader_factory.cc index f3a9baefc1a18924503d7a6850bc704310e50015..9b3802dbdf7a1ab3f132529b794665a68eeac673 100644 --- a/services/network/url_loader_factory.cc +++ b/services/network/url_loader_factory.cc @@ -66,6 +66,7 @@ URLLoaderFactory::URLLoaderFactory( resource_scheduler_client_(std::move(resource_scheduler_client)), header_client_(std::move(params_->header_client)), coep_reporter_(std::move(params_->coep_reporter)), + auth_client_(std::move(params_->auth_client)), cors_url_loader_factory_(cors_url_loader_factory) { DCHECK(context); DCHECK_NE(mojom::kInvalidProcessId, params_->process_id); @@ -209,6 +210,7 @@ void URLLoaderFactory::CreateLoaderAndStart( std::move(keepalive_statistics_recorder), std::move(network_usage_accumulator), header_client_.is_bound() ? header_client_.get() : nullptr, + auth_client_.is_bound() ? auth_client_.get() : nullptr, context_->origin_policy_manager()); cors_url_loader_factory_->OnLoaderCreated(std::move(loader)); } diff --git a/services/network/url_loader_factory.h b/services/network/url_loader_factory.h index 1a623585035487de061ba6476914992ea2f7ac88..caa19dcd4b99296e50f8e22bfc92a70ba14473d1 100644 --- a/services/network/url_loader_factory.h +++ b/services/network/url_loader_factory.h @@ -74,6 +74,7 @@ class URLLoaderFactory : public mojom::URLLoaderFactory { scoped_refptr resource_scheduler_client_; mojo::Remote header_client_; mojo::Remote coep_reporter_; + mojo::Remote auth_client_; // |cors_url_loader_factory_| owns this. cors::CorsURLLoaderFactory* cors_url_loader_factory_;