From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: deepak1556 Date: Wed, 27 Jan 2021 15:20:01 -0800 Subject: add TrustedAuthClient to URLLoaderFactory This allows intercepting authentication requests for the 'net' module. Without this, the 'login' event for electron.net.ClientRequest can't be implemented, because the existing path checks for the presence of a WebContents, and cancels the authentication if there's no WebContents available, which there isn't in the case of the 'net' module. diff --git a/services/network/public/mojom/network_context.mojom b/services/network/public/mojom/network_context.mojom index b35746e2850d7d724fcf3dc09ddbfea1ca56a746..491172c51c2d196573f2e835f7b81df30a33cf2f 100644 --- a/services/network/public/mojom/network_context.mojom +++ b/services/network/public/mojom/network_context.mojom @@ -192,6 +192,26 @@ struct CTPolicy { array excluded_legacy_spkis; }; +interface TrustedAuthClient { + OnAuthRequired( + mojo_base.mojom.UnguessableToken? window_id, + uint32 process_id, + uint32 routing_id, + uint32 request_id, + url.mojom.Url url, + bool first_auth_attempt, + AuthChallengeInfo auth_info, + URLResponseHead? head, + pending_remote auth_challenge_responder); +}; + +interface TrustedURLLoaderAuthClient { + // When a new URLLoader is created, this will be called to pass a + // corresponding |auth_client|. + OnLoaderCreated(int32 request_id, + pending_receiver auth_client); +}; + interface CertVerifierClient { Verify( int32 default_error, @@ -606,6 +626,8 @@ struct URLLoaderFactoryParams { // impact because of the extra process hops, so use should be minimized. pending_remote? header_client; + pending_remote? auth_client; + // Information used restrict access to identity information (like SameSite // cookies) and to shard network resources, like the cache. If set, takes // precedence over ResourceRequest::TrustedParams::IsolationInfo field diff --git a/services/network/url_loader.cc b/services/network/url_loader.cc index 136c4ec48412354cbc3d77880dd34ec836694004..f484bb54c59866d13e532cd81ed28ad9f982549a 100644 --- a/services/network/url_loader.cc +++ b/services/network/url_loader.cc @@ -465,6 +465,7 @@ URLLoader::URLLoader( scoped_refptr resource_scheduler_client, base::WeakPtr keepalive_statistics_recorder, mojom::TrustedURLLoaderHeaderClient* url_loader_header_client, + mojom::TrustedURLLoaderAuthClient* url_loader_auth_client, mojom::OriginPolicyManager* origin_policy_manager, std::unique_ptr trust_token_helper_factory, const cors::OriginAccessList& origin_access_list, @@ -533,6 +534,11 @@ URLLoader::URLLoader( header_client_.set_disconnect_handler( base::BindOnce(&URLLoader::OnMojoDisconnect, base::Unretained(this))); } + if (url_loader_auth_client) { + url_loader_auth_client->OnLoaderCreated(request_id_, auth_client_.BindNewPipeAndPassReceiver()); + auth_client_.set_disconnect_handler( + base::BindOnce(&URLLoader::OnMojoDisconnect, base::Unretained(this))); + } if (want_raw_headers_) { options_ |= mojom::kURLLoadOptionSendSSLInfoWithResponse | mojom::kURLLoadOptionSendSSLInfoForCertificateError; @@ -1198,7 +1204,7 @@ void URLLoader::OnAuthRequired(net::URLRequest* url_request, return; } auto* url_loader_network_observer = GetURLLoaderNetworkServiceObserver(); - if (!url_loader_network_observer) { + if (!url_loader_network_observer && !auth_client_) { OnAuthCredentials(base::nullopt); return; } @@ -1210,10 +1216,22 @@ void URLLoader::OnAuthRequired(net::URLRequest* url_request, DCHECK(!auth_challenge_responder_receiver_.is_bound()); - url_loader_network_observer->OnAuthRequired( - fetch_window_id_, request_id_, url_request_->url(), first_auth_attempt_, - auth_info, url_request->response_headers(), - auth_challenge_responder_receiver_.BindNewPipeAndPassRemote()); + auto head = mojom::URLResponseHead::New(); + if (url_request->response_headers()) + head->headers = url_request->response_headers(); + head->auth_challenge_info = auth_info; + if (auth_client_) { + auth_client_->OnAuthRequired( + fetch_window_id_, factory_params_->process_id, render_frame_id_, + request_id_, url_request_->url(), first_auth_attempt_, auth_info, + std::move(head), + auth_challenge_responder_receiver_.BindNewPipeAndPassRemote()); + } else { + url_loader_network_observer->OnAuthRequired( + fetch_window_id_, request_id_, url_request_->url(), first_auth_attempt_, + auth_info, url_request->response_headers(), + auth_challenge_responder_receiver_.BindNewPipeAndPassRemote()); + } auth_challenge_responder_receiver_.set_disconnect_handler( base::BindOnce(&URLLoader::DeleteSelf, base::Unretained(this))); diff --git a/services/network/url_loader.h b/services/network/url_loader.h index f8c6112335ea43912485e76ec48d28b8609fab83..25c17fc78a03ba6a0b1a399e22bbba827e2275fb 100644 --- a/services/network/url_loader.h +++ b/services/network/url_loader.h @@ -128,6 +128,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader scoped_refptr resource_scheduler_client, base::WeakPtr keepalive_statistics_recorder, mojom::TrustedURLLoaderHeaderClient* url_loader_header_client, + mojom::TrustedURLLoaderAuthClient* url_loader_auth_client, mojom::OriginPolicyManager* origin_policy_manager, std::unique_ptr trust_token_helper_factory, @@ -517,6 +518,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader base::Optional fetch_window_id_; mojo::Remote header_client_; + mojo::Remote auth_client_; std::unique_ptr file_opener_for_upload_; diff --git a/services/network/url_loader_factory.cc b/services/network/url_loader_factory.cc index 766d343375c24c5746fb442370b544a8cf76d58f..627efb08ed0974f0c7672085e46996048af8c244 100644 --- a/services/network/url_loader_factory.cc +++ b/services/network/url_loader_factory.cc @@ -76,6 +76,7 @@ URLLoaderFactory::URLLoaderFactory( resource_scheduler_client_(std::move(resource_scheduler_client)), header_client_(std::move(params_->header_client)), coep_reporter_(std::move(params_->coep_reporter)), + auth_client_(std::move(params_->auth_client)), cors_url_loader_factory_(cors_url_loader_factory), cookie_observer_(std::move(params_->cookie_observer)), url_loader_network_service_observer_( @@ -279,6 +280,7 @@ void URLLoaderFactory::CreateLoaderAndStart( context_->require_network_isolation_key(), resource_scheduler_client_, std::move(keepalive_statistics_recorder), header_client_.is_bound() ? header_client_.get() : nullptr, + auth_client_.is_bound() ? auth_client_.get() : nullptr, context_->origin_policy_manager(), std::move(trust_token_factory), context_->cors_origin_access_list(), std::move(cookie_observer), std::move(url_loader_network_observer), std::move(devtools_observer)); diff --git a/services/network/url_loader_factory.h b/services/network/url_loader_factory.h index f0e423b245026a06161ab922c1aed44c9152e40a..ebce1dae5a0bceeff8e77595d4cb57166c1d236f 100644 --- a/services/network/url_loader_factory.h +++ b/services/network/url_loader_factory.h @@ -79,6 +79,7 @@ class URLLoaderFactory : public mojom::URLLoaderFactory { scoped_refptr resource_scheduler_client_; mojo::Remote header_client_; mojo::Remote coep_reporter_; + mojo::Remote auth_client_; // |cors_url_loader_factory_| owns this. cors::CorsURLLoaderFactory* cors_url_loader_factory_;