mirrors/zotero
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Check for invalid certificate in Zotero.HTTP.request()

Browse source 
We were checking for this in the sync API client, but that didn't apply
to Amazon S3 for ZFS.
This commit is contained in:
Dan Stillman 2017-09-20 00:19:42 -04:00
parent a858368642
commit 365e58249d
3 changed files with 69 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
chrome/content/zotero/xpcom/http.js
View file

@ -58,6 +58,16 @@ Zotero.HTTP = new function() {
}; };
this.TimeoutException.prototype = Object.create(Error.prototype); this.TimeoutException.prototype = Object.create(Error.prototype);
this.SecurityException = function (msg, options = {}) {
this.message = msg;
this.stack = new Error().stack;
for (let i in options) {
this[i] = options[i];
}
};
this.SecurityException.prototype = Object.create(Zotero.Error.prototype);
this.promise = function () { this.promise = function () {
Zotero.debug("Zotero.HTTP.promise() is deprecated -- use Zotero.HTTP.request()", 2); Zotero.debug("Zotero.HTTP.promise() is deprecated -- use Zotero.HTTP.request()", 2);
return this.request.apply(this, arguments); return this.request.apply(this, arguments);
@ -257,6 +267,15 @@ Zotero.HTTP = new function() {
msg += ":\n\n" + xmlhttp.responseText; msg += ":\n\n" + xmlhttp.responseText;
} }
Zotero.debug(msg, 1); Zotero.debug(msg, 1);
try {
_checkSecurity(xmlhttp, channel);
}
catch (e) {
deferred.reject(e);
return;
}
deferred.reject(new Zotero.HTTP.UnexpectedStatusException(xmlhttp, msg)); deferred.reject(new Zotero.HTTP.UnexpectedStatusException(xmlhttp, msg));
} }
}; };
@ -934,6 +953,50 @@ Zotero.HTTP = new function() {
break; break;
} }
} }
function _checkSecurity(xmlhttp, channel) {
if (xmlhttp.status != 0 || !channel) {
return;
}
let secInfo = channel.securityInfo;
if (secInfo instanceof Ci.nsITransportSecurityInfo) {
secInfo.QueryInterface(Ci.nsITransportSecurityInfo);
if ((secInfo.securityState & Ci.nsIWebProgressListener.STATE_IS_INSECURE)
== Ci.nsIWebProgressListener.STATE_IS_INSECURE) {
let url = channel.name;
let ios = Components.classes["@mozilla.org/network/io-service;1"]
.getService(Components.interfaces.nsIIOService);
try {
var uri = ios.newURI(url, null, null);
var host = uri.host;
}
catch (e) {
Zotero.debug(e);
}
let kbURL = 'https://www.zotero.org/support/kb/ssl_certificate_error';
msg = Zotero.getString('sync.storage.error.webdav.sslCertificateError', host);
dialogButtonText = Zotero.getString('general.moreInformation');
dialogButtonCallback = function () {
let wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
.getService(Components.interfaces.nsIWindowMediator);
let win = wm.getMostRecentWindow("navigator:browser");
win.ZoteroPane.loadURI(kbURL, { metaKey: true, shiftKey: true });
};
}
else if ((secInfo.securityState & Ci.nsIWebProgressListener.STATE_IS_BROKEN)
== Ci.nsIWebProgressListener.STATE_IS_BROKEN) {
msg = Zotero.getString('sync.error.sslConnectionError');
}
throw new Zotero.HTTP.SecurityException(
msg,
{
dialogButtonText,
dialogButtonCallback
}
);
}
}
/** /**
* Mimics the window.location/document.location interface, given an nsIURL * Mimics the window.location/document.location interface, given an nsIURL

5
chrome/content/zotero/xpcom/storage/zfs.js
View file

@ -643,6 +643,11 @@ Zotero.Sync.Storage.Mode.ZFS.prototype = {
); );
} }
catch (e) { catch (e) {
// Certificate error
if (e instanceof Zotero.Error) {
throw e;
}
// For timeouts and failures from S3, which happen intermittently, // For timeouts and failures from S3, which happen intermittently,
// wait a little and try again // wait a little and try again
let timeoutMessage = "Your socket connection to the server was not read from or " let timeoutMessage = "Your socket connection to the server was not read from or "

35
chrome/content/zotero/xpcom/sync/syncAPIClient.js
View file

@ -799,40 +799,7 @@ Zotero.Sync.APIClient.prototype = {
let dialogButtonText = null; let dialogButtonText = null;
let dialogButtonCallback = null; let dialogButtonCallback = null;
// Check SSL cert if (xmlhttp.status === 0) {
if (channel) {
let secInfo = channel.securityInfo;
if (secInfo instanceof Ci.nsITransportSecurityInfo) {
secInfo.QueryInterface(Ci.nsITransportSecurityInfo);
if ((secInfo.securityState & Ci.nsIWebProgressListener.STATE_IS_INSECURE)
== Ci.nsIWebProgressListener.STATE_IS_INSECURE) {
let url = channel.name;
let ios = Components.classes["@mozilla.org/network/io-service;1"]
.getService(Components.interfaces.nsIIOService);
try {
var uri = ios.newURI(url, null, null);
var host = uri.host;
}
catch (e) {
Zotero.debug(e);
}
let kbURL = 'https://www.zotero.org/support/kb/ssl_certificate_error';
msg = Zotero.getString('sync.storage.error.webdav.sslCertificateError', host);
dialogButtonText = Zotero.getString('general.moreInformation');
dialogButtonCallback = function () {
let wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
.getService(Components.interfaces.nsIWindowMediator);
let win = wm.getMostRecentWindow("navigator:browser");
win.ZoteroPane.loadURI(kbURL, { metaKey: true, shiftKey: true });
};
}
else if ((secInfo.securityState & Ci.nsIWebProgressListener.STATE_IS_BROKEN)
== Ci.nsIWebProgressListener.STATE_IS_BROKEN) {
msg = Zotero.getString('sync.error.sslConnectionError');
}
}
}
if (!msg && xmlhttp.status === 0) {
msg = Zotero.getString('sync.error.checkConnection'); msg = Zotero.getString('sync.error.checkConnection');
} }
if (!msg) { if (!msg) {