From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: deepak1556 Date: Wed, 27 Jan 2021 15:20:01 -0800 Subject: add TrustedAuthClient to URLLoaderFactory This allows intercepting authentication requests for the 'net' module. Without this, the 'login' event for electron.net.ClientRequest can't be implemented, because the existing path checks for the presence of a WebContents, and cancels the authentication if there's no WebContents available, which there isn't in the case of the 'net' module. diff --git a/services/network/public/mojom/network_context.mojom b/services/network/public/mojom/network_context.mojom index cfa9d0c197ca9851f13b088ecae4aba614c7ac55..d93a6ce481630535b75d858e5b7b04e50f81e2f8 100644 --- a/services/network/public/mojom/network_context.mojom +++ b/services/network/public/mojom/network_context.mojom @@ -192,6 +192,26 @@ struct CTPolicy { array excluded_legacy_spkis; }; +interface TrustedAuthClient { + OnAuthRequired( + mojo_base.mojom.UnguessableToken? window_id, + uint32 process_id, + uint32 routing_id, + uint32 request_id, + url.mojom.Url url, + bool first_auth_attempt, + AuthChallengeInfo auth_info, + URLResponseHead? head, + pending_remote auth_challenge_responder); +}; + +interface TrustedURLLoaderAuthClient { + // When a new URLLoader is created, this will be called to pass a + // corresponding |auth_client|. + OnLoaderCreated(int32 request_id, + pending_receiver auth_client); +}; + interface CertVerifierClient { Verify( int32 default_error, @@ -623,6 +643,8 @@ struct URLLoaderFactoryParams { // impact because of the extra process hops, so use should be minimized. pending_remote? header_client; + pending_remote? auth_client; + // Information used restrict access to identity information (like SameSite // cookies) and to shard network resources, like the cache. If set, takes // precedence over ResourceRequest::TrustedParams::IsolationInfo field diff --git a/services/network/url_loader.cc b/services/network/url_loader.cc index ce483753dff0130c5ac20258c0cf7e399c0d1c51..dea741c526f10616c3779f76a6d9cf8aece4210a 100644 --- a/services/network/url_loader.cc +++ b/services/network/url_loader.cc @@ -463,6 +463,7 @@ URLLoader::URLLoader( base::WeakPtr keepalive_statistics_recorder, base::WeakPtr network_usage_accumulator, mojom::TrustedURLLoaderHeaderClient* url_loader_header_client, + mojom::TrustedURLLoaderAuthClient* url_loader_auth_client, mojom::OriginPolicyManager* origin_policy_manager, std::unique_ptr trust_token_helper_factory, const cors::OriginAccessList& origin_access_list, @@ -533,6 +534,11 @@ URLLoader::URLLoader( header_client_.set_disconnect_handler( base::BindOnce(&URLLoader::OnMojoDisconnect, base::Unretained(this))); } + if (url_loader_auth_client) { + url_loader_auth_client->OnLoaderCreated(request_id_, auth_client_.BindNewPipeAndPassReceiver()); + auth_client_.set_disconnect_handler( + base::BindOnce(&URLLoader::OnMojoDisconnect, base::Unretained(this))); + } if (want_raw_headers_) { options_ |= mojom::kURLLoadOptionSendSSLInfoWithResponse | mojom::kURLLoadOptionSendSSLInfoForCertificateError; @@ -1189,7 +1195,7 @@ void URLLoader::OnAuthRequired(net::URLRequest* url_request, // |this| may have been deleted. return; } - if (!auth_cert_observer_) { + if (!auth_cert_observer_ && !auth_client_) { OnAuthCredentials(base::nullopt); return; } @@ -1201,10 +1207,21 @@ void URLLoader::OnAuthRequired(net::URLRequest* url_request, DCHECK(!auth_challenge_responder_receiver_.is_bound()); - auth_cert_observer_->OnAuthRequired( - fetch_window_id_, request_id_, url_request_->url(), first_auth_attempt_, - auth_info, url_request->response_headers(), - auth_challenge_responder_receiver_.BindNewPipeAndPassRemote()); + auto head = mojom::URLResponseHead::New(); + if (url_request->response_headers()) + head->headers = url_request->response_headers(); + head->auth_challenge_info = auth_info; + if (auth_client_) { + auth_client_->OnAuthRequired( + fetch_window_id_, request_id_, url_request_->url(), first_auth_attempt_, + auth_info, url_request->response_headers(), + auth_challenge_responder_receiver_.BindNewPipeAndPassRemote()); + } else { + auth_cert_observer_->OnAuthRequired( + fetch_window_id_, request_id_, url_request_->url(), first_auth_attempt_, + auth_info, url_request->response_headers(), + auth_challenge_responder_receiver_.BindNewPipeAndPassRemote()); + } auth_challenge_responder_receiver_.set_disconnect_handler( base::BindOnce(&URLLoader::DeleteSelf, base::Unretained(this))); diff --git a/services/network/url_loader.h b/services/network/url_loader.h index 21ec3b43cd58c738b281b3d51dde6879bb7619df..7c607c68ec27af31238537fd1943015d72c30a18 100644 --- a/services/network/url_loader.h +++ b/services/network/url_loader.h @@ -130,6 +130,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader base::WeakPtr keepalive_statistics_recorder, base::WeakPtr network_usage_accumulator, mojom::TrustedURLLoaderHeaderClient* url_loader_header_client, + mojom::TrustedURLLoaderAuthClient* url_loader_auth_client, mojom::OriginPolicyManager* origin_policy_manager, std::unique_ptr trust_token_helper_factory, @@ -500,6 +501,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader base::Optional fetch_window_id_; mojo::Remote header_client_; + mojo::Remote auth_client_; std::unique_ptr file_opener_for_upload_; diff --git a/services/network/url_loader_factory.cc b/services/network/url_loader_factory.cc index af9e13bb4f1fefbda57182069d5d677e23eaed56..5651380c7296eea4a520a0ef4d97ebe1f89ef0e5 100644 --- a/services/network/url_loader_factory.cc +++ b/services/network/url_loader_factory.cc @@ -77,6 +77,7 @@ URLLoaderFactory::URLLoaderFactory( resource_scheduler_client_(std::move(resource_scheduler_client)), header_client_(std::move(params_->header_client)), coep_reporter_(std::move(params_->coep_reporter)), + auth_client_(std::move(params_->auth_client)), cors_url_loader_factory_(cors_url_loader_factory), cookie_observer_(std::move(params_->cookie_observer)), auth_cert_observer_(std::move(params_->auth_cert_observer)), @@ -305,6 +306,7 @@ void URLLoaderFactory::CreateLoaderAndStart( std::move(keepalive_statistics_recorder), std::move(network_usage_accumulator), header_client_.is_bound() ? header_client_.get() : nullptr, + auth_client_.is_bound() ? auth_client_.get() : nullptr, context_->origin_policy_manager(), std::move(trust_token_factory), context_->cors_origin_access_list(), std::move(cookie_observer), std::move(auth_cert_observer), std::move(devtools_observer)); diff --git a/services/network/url_loader_factory.h b/services/network/url_loader_factory.h index 36978ccde84b7575c11035e9efb352b057e3cd1a..f68889501d243cc21b0e58567b63fbc02dd747e8 100644 --- a/services/network/url_loader_factory.h +++ b/services/network/url_loader_factory.h @@ -76,6 +76,7 @@ class URLLoaderFactory : public mojom::URLLoaderFactory { scoped_refptr resource_scheduler_client_; mojo::Remote header_client_; mojo::Remote coep_reporter_; + mojo::Remote auth_client_; // |cors_url_loader_factory_| owns this. cors::CorsURLLoaderFactory* cors_url_loader_factory_;