summaryrefslogtreecommitdiffstats
path: root/toolkit/components/downloads/DownloadIntegration.jsm
diff options
context:
space:
mode:
Diffstat (limited to 'toolkit/components/downloads/DownloadIntegration.jsm')
-rw-r--r--toolkit/components/downloads/DownloadIntegration.jsm1394
1 files changed, 1394 insertions, 0 deletions
diff --git a/toolkit/components/downloads/DownloadIntegration.jsm b/toolkit/components/downloads/DownloadIntegration.jsm
new file mode 100644
index 0000000000..c3397fba5a
--- /dev/null
+++ b/toolkit/components/downloads/DownloadIntegration.jsm
@@ -0,0 +1,1394 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/**
+ * Provides functions to integrate with the host application, handling for
+ * example the global prompts on shutdown.
+ */
+
+"use strict";
+
+var EXPORTED_SYMBOLS = ["DownloadIntegration"];
+
+const { Integration } = ChromeUtils.import(
+ "resource://gre/modules/Integration.jsm"
+);
+const { XPCOMUtils } = ChromeUtils.import(
+ "resource://gre/modules/XPCOMUtils.jsm"
+);
+
+ChromeUtils.defineModuleGetter(
+ this,
+ "AsyncShutdown",
+ "resource://gre/modules/AsyncShutdown.jsm"
+);
+ChromeUtils.defineModuleGetter(
+ this,
+ "AppConstants",
+ "resource://gre/modules/AppConstants.jsm"
+);
+ChromeUtils.defineModuleGetter(
+ this,
+ "DeferredTask",
+ "resource://gre/modules/DeferredTask.jsm"
+);
+ChromeUtils.defineModuleGetter(
+ this,
+ "Downloads",
+ "resource://gre/modules/Downloads.jsm"
+);
+ChromeUtils.defineModuleGetter(
+ this,
+ "DownloadStore",
+ "resource://gre/modules/DownloadStore.jsm"
+);
+ChromeUtils.defineModuleGetter(
+ this,
+ "DownloadUIHelper",
+ "resource://gre/modules/DownloadUIHelper.jsm"
+);
+ChromeUtils.defineModuleGetter(
+ this,
+ "FileUtils",
+ "resource://gre/modules/FileUtils.jsm"
+);
+ChromeUtils.defineModuleGetter(
+ this,
+ "NetUtil",
+ "resource://gre/modules/NetUtil.jsm"
+);
+ChromeUtils.defineModuleGetter(this, "OS", "resource://gre/modules/osfile.jsm");
+ChromeUtils.defineModuleGetter(
+ this,
+ "PlacesUtils",
+ "resource://gre/modules/PlacesUtils.jsm"
+);
+ChromeUtils.defineModuleGetter(
+ this,
+ "Services",
+ "resource://gre/modules/Services.jsm"
+);
+ChromeUtils.defineModuleGetter(
+ this,
+ "NetUtil",
+ "resource://gre/modules/NetUtil.jsm"
+);
+ChromeUtils.defineModuleGetter(
+ this,
+ "CloudStorage",
+ "resource://gre/modules/CloudStorage.jsm"
+);
+
+XPCOMUtils.defineLazyServiceGetter(
+ this,
+ "gDownloadPlatform",
+ "@mozilla.org/toolkit/download-platform;1",
+ "mozIDownloadPlatform"
+);
+XPCOMUtils.defineLazyServiceGetter(
+ this,
+ "gEnvironment",
+ "@mozilla.org/process/environment;1",
+ "nsIEnvironment"
+);
+XPCOMUtils.defineLazyServiceGetter(
+ this,
+ "gMIMEService",
+ "@mozilla.org/mime;1",
+ "nsIMIMEService"
+);
+XPCOMUtils.defineLazyServiceGetter(
+ this,
+ "gExternalProtocolService",
+ "@mozilla.org/uriloader/external-protocol-service;1",
+ "nsIExternalProtocolService"
+);
+ChromeUtils.defineModuleGetter(
+ this,
+ "RuntimePermissions",
+ "resource://gre/modules/RuntimePermissions.jsm"
+);
+
+XPCOMUtils.defineLazyGetter(this, "gParentalControlsService", function() {
+ if ("@mozilla.org/parental-controls-service;1" in Cc) {
+ return Cc["@mozilla.org/parental-controls-service;1"].createInstance(
+ Ci.nsIParentalControlsService
+ );
+ }
+ return null;
+});
+
+XPCOMUtils.defineLazyServiceGetter(
+ this,
+ "gApplicationReputationService",
+ "@mozilla.org/reputationservice/application-reputation-service;1",
+ Ci.nsIApplicationReputationService
+);
+
+// We have to use the gCombinedDownloadIntegration identifier because, in this
+// module only, the DownloadIntegration identifier refers to the base version.
+/* global gCombinedDownloadIntegration:false */
+Integration.downloads.defineModuleGetter(
+ this,
+ "gCombinedDownloadIntegration",
+ "resource://gre/modules/DownloadIntegration.jsm",
+ "DownloadIntegration"
+);
+
+const Timer = Components.Constructor(
+ "@mozilla.org/timer;1",
+ "nsITimer",
+ "initWithCallback"
+);
+
+/**
+ * Indicates the delay between a change to the downloads data and the related
+ * save operation.
+ *
+ * For best efficiency, this value should be high enough that the input/output
+ * for opening or closing the target file does not overlap with the one for
+ * saving the list of downloads.
+ */
+const kSaveDelayMs = 1500;
+
+/**
+ * List of observers to listen against
+ */
+const kObserverTopics = [
+ "quit-application-requested",
+ "offline-requested",
+ "last-pb-context-exiting",
+ "last-pb-context-exited",
+ "sleep_notification",
+ "suspend_process_notification",
+ "wake_notification",
+ "resume_process_notification",
+ "network:offline-about-to-go-offline",
+ "network:offline-status-changed",
+ "xpcom-will-shutdown",
+];
+
+/**
+ * Maps nsIApplicationReputationService verdicts with the DownloadError ones.
+ */
+const kVerdictMap = {
+ [Ci.nsIApplicationReputationService.VERDICT_DANGEROUS]:
+ Downloads.Error.BLOCK_VERDICT_MALWARE,
+ [Ci.nsIApplicationReputationService.VERDICT_UNCOMMON]:
+ Downloads.Error.BLOCK_VERDICT_UNCOMMON,
+ [Ci.nsIApplicationReputationService.VERDICT_POTENTIALLY_UNWANTED]:
+ Downloads.Error.BLOCK_VERDICT_POTENTIALLY_UNWANTED,
+ [Ci.nsIApplicationReputationService.VERDICT_DANGEROUS_HOST]:
+ Downloads.Error.BLOCK_VERDICT_MALWARE,
+};
+
+/**
+ * Provides functions to integrate with the host application, handling for
+ * example the global prompts on shutdown.
+ */
+var DownloadIntegration = {
+ /**
+ * Main DownloadStore object for loading and saving the list of persistent
+ * downloads, or null if the download list was never requested and thus it
+ * doesn't need to be persisted.
+ */
+ _store: null,
+
+ /**
+ * Returns whether data for blocked downloads should be kept on disk.
+ * Implementations which support unblocking downloads may return true to
+ * keep the blocked download on disk until its fate is decided.
+ *
+ * If a download is blocked and the partial data is kept the Download's
+ * 'hasBlockedData' property will be true. In this state Download.unblock()
+ * or Download.confirmBlock() may be used to either unblock the download or
+ * remove the downloaded data respectively.
+ *
+ * Even if shouldKeepBlockedData returns true, if the download did not use a
+ * partFile the blocked data will be removed - preventing the complete
+ * download from existing on disk with its final filename.
+ *
+ * @return boolean True if data should be kept.
+ */
+ shouldKeepBlockedData() {
+ const FIREFOX_ID = "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}";
+ return Services.appinfo.ID == FIREFOX_ID;
+ },
+
+ /**
+ * Performs initialization of the list of persistent downloads, before its
+ * first use by the host application. This function may be called only once
+ * during the entire lifetime of the application.
+ *
+ * @param list
+ * DownloadList object to be initialized.
+ *
+ * @return {Promise}
+ * @resolves When the list has been initialized.
+ * @rejects JavaScript exception.
+ */
+ async initializePublicDownloadList(list) {
+ try {
+ await this.loadPublicDownloadListFromStore(list);
+ } catch (ex) {
+ Cu.reportError(ex);
+ }
+
+ if (AppConstants.MOZ_PLACES) {
+ // After the list of persistent downloads has been loaded, we can add the
+ // history observers, even if the load operation failed. This object is kept
+ // alive by the history service.
+ new DownloadHistoryObserver(list);
+ }
+ },
+
+ /**
+ * Called by initializePublicDownloadList to load the list of persistent
+ * downloads, before its first use by the host application. This function may
+ * be called only once during the entire lifetime of the application.
+ *
+ * @param list
+ * DownloadList object to be populated with the download objects
+ * serialized from the previous session. This list will be persisted
+ * to disk during the session lifetime.
+ *
+ * @return {Promise}
+ * @resolves When the list has been populated.
+ * @rejects JavaScript exception.
+ */
+ async loadPublicDownloadListFromStore(list) {
+ if (this._store) {
+ throw new Error("Initialization may be performed only once.");
+ }
+
+ this._store = new DownloadStore(
+ list,
+ OS.Path.join(OS.Constants.Path.profileDir, "downloads.json")
+ );
+ this._store.onsaveitem = this.shouldPersistDownload.bind(this);
+
+ try {
+ await this._store.load();
+ } catch (ex) {
+ Cu.reportError(ex);
+ }
+
+ // Add the view used for detecting changes to downloads to be persisted.
+ // We must do this after the list of persistent downloads has been loaded,
+ // even if the load operation failed. We wait for a complete initialization
+ // so other callers cannot modify the list without being detected. The
+ // DownloadAutoSaveView is kept alive by the underlying DownloadList.
+ await new DownloadAutoSaveView(list, this._store).initialize();
+ },
+
+ /**
+ * Determines if a Download object from the list of persistent downloads
+ * should be saved into a file, so that it can be restored across sessions.
+ *
+ * This function allows filtering out downloads that the host application is
+ * not interested in persisting across sessions, for example downloads that
+ * finished successfully.
+ *
+ * @param aDownload
+ * The Download object to be inspected. This is originally taken from
+ * the global DownloadList object for downloads that were not started
+ * from a private browsing window. The item may have been removed
+ * from the list since the save operation started, though in this case
+ * the save operation will be repeated later.
+ *
+ * @return True to save the download, false otherwise.
+ */
+ shouldPersistDownload(aDownload) {
+ // On all platforms, we save all the downloads currently in progress, as
+ // well as stopped downloads for which we retained partially downloaded
+ // data or we have blocked data.
+ // On Android we store all history; on Desktop, stopped downloads for which
+ // we don't need to track the presence of a ".part" file are only retained
+ // in the browser history.
+ return (
+ !aDownload.stopped ||
+ aDownload.hasPartialData ||
+ aDownload.hasBlockedData ||
+ AppConstants.platform == "android"
+ );
+ },
+
+ /**
+ * Returns the system downloads directory asynchronously.
+ *
+ * @return {Promise}
+ * @resolves The downloads directory string path.
+ */
+ async getSystemDownloadsDirectory() {
+ if (this._downloadsDirectory) {
+ return this._downloadsDirectory;
+ }
+
+ if (AppConstants.platform == "android") {
+ // Android doesn't have a $HOME directory, and by default we only have
+ // write access to /data/data/org.mozilla.{$APP} and /sdcard
+ this._downloadsDirectory = gEnvironment.get("DOWNLOADS_DIRECTORY");
+ if (!this._downloadsDirectory) {
+ throw new Components.Exception(
+ "DOWNLOADS_DIRECTORY is not set.",
+ Cr.NS_ERROR_FILE_UNRECOGNIZED_PATH
+ );
+ }
+ } else {
+ try {
+ this._downloadsDirectory = this._getDirectory("DfltDwnld");
+ } catch (e) {
+ this._downloadsDirectory = await this._createDownloadsDirectory("Home");
+ }
+ }
+
+ return this._downloadsDirectory;
+ },
+ _downloadsDirectory: null,
+
+ /**
+ * Returns the user downloads directory asynchronously.
+ *
+ * @return {Promise}
+ * @resolves The downloads directory string path.
+ */
+ async getPreferredDownloadsDirectory() {
+ let directoryPath = null;
+ let prefValue = Services.prefs.getIntPref("browser.download.folderList", 1);
+
+ switch (prefValue) {
+ case 0: // Desktop
+ directoryPath = this._getDirectory("Desk");
+ break;
+ case 1: // Downloads
+ directoryPath = await this.getSystemDownloadsDirectory();
+ break;
+ case 2: // Custom
+ try {
+ let directory = Services.prefs.getComplexValue(
+ "browser.download.dir",
+ Ci.nsIFile
+ );
+ directoryPath = directory.path;
+ await OS.File.makeDir(directoryPath, { ignoreExisting: true });
+ } catch (ex) {
+ // Either the preference isn't set or the directory cannot be created.
+ directoryPath = await this.getSystemDownloadsDirectory();
+ }
+ break;
+ case 3: // Cloud Storage
+ try {
+ directoryPath = await CloudStorage.getDownloadFolder();
+ } catch (ex) {}
+ if (!directoryPath) {
+ directoryPath = await this.getSystemDownloadsDirectory();
+ }
+ break;
+ default:
+ directoryPath = await this.getSystemDownloadsDirectory();
+ }
+ return directoryPath;
+ },
+
+ /**
+ * Returns the temporary downloads directory asynchronously.
+ *
+ * @return {Promise}
+ * @resolves The downloads directory string path.
+ */
+ async getTemporaryDownloadsDirectory() {
+ let directoryPath = null;
+ if (AppConstants.platform == "macosx") {
+ directoryPath = await this.getPreferredDownloadsDirectory();
+ } else if (AppConstants.platform == "android") {
+ directoryPath = await this.getSystemDownloadsDirectory();
+ } else {
+ directoryPath = this._getDirectory("TmpD");
+ }
+ return directoryPath;
+ },
+
+ /**
+ * Checks to determine whether to block downloads for parental controls.
+ *
+ * aParam aDownload
+ * The download object.
+ *
+ * @return {Promise}
+ * @resolves The boolean indicates to block downloads or not.
+ */
+ shouldBlockForParentalControls(aDownload) {
+ let isEnabled =
+ gParentalControlsService &&
+ gParentalControlsService.parentalControlsEnabled;
+ let shouldBlock =
+ isEnabled && gParentalControlsService.blockFileDownloadsEnabled;
+
+ // Log the event if required by parental controls settings.
+ if (isEnabled && gParentalControlsService.loggingEnabled) {
+ gParentalControlsService.log(
+ gParentalControlsService.ePCLog_FileDownload,
+ shouldBlock,
+ NetUtil.newURI(aDownload.source.url),
+ null
+ );
+ }
+
+ return Promise.resolve(shouldBlock);
+ },
+
+ /**
+ * Checks to determine whether to block downloads for not granted runtime permissions.
+ *
+ * @return {Promise}
+ * @resolves The boolean indicates to block downloads or not.
+ */
+ async shouldBlockForRuntimePermissions() {
+ return (
+ AppConstants.platform == "android" &&
+ !(await RuntimePermissions.waitForPermissions(
+ RuntimePermissions.WRITE_EXTERNAL_STORAGE
+ ))
+ );
+ },
+
+ /**
+ * Checks to determine whether to block downloads because they might be
+ * malware, based on application reputation checks.
+ *
+ * aParam aDownload
+ * The download object.
+ *
+ * @return {Promise}
+ * @resolves Object with the following properties:
+ * {
+ * shouldBlock: Whether the download should be blocked.
+ * verdict: Detailed reason for the block, according to the
+ * "Downloads.Error.BLOCK_VERDICT_" constants, or empty
+ * string if the reason is unknown.
+ * }
+ */
+ shouldBlockForReputationCheck(aDownload) {
+ let hash;
+ let sigInfo;
+ let channelRedirects;
+ try {
+ hash = aDownload.saver.getSha256Hash();
+ sigInfo = aDownload.saver.getSignatureInfo();
+ channelRedirects = aDownload.saver.getRedirects();
+ } catch (ex) {
+ // Bail if DownloadSaver doesn't have a hash or signature info.
+ return Promise.resolve({
+ shouldBlock: false,
+ verdict: "",
+ });
+ }
+ if (!hash || !sigInfo) {
+ return Promise.resolve({
+ shouldBlock: false,
+ verdict: "",
+ });
+ }
+ return new Promise(resolve => {
+ gApplicationReputationService.queryReputation(
+ {
+ sourceURI: NetUtil.newURI(aDownload.source.url),
+ referrerInfo: aDownload.source.referrerInfo,
+ fileSize: aDownload.currentBytes,
+ sha256Hash: hash,
+ suggestedFileName: OS.Path.basename(aDownload.target.path),
+ signatureInfo: sigInfo,
+ redirects: channelRedirects,
+ },
+ function onComplete(aShouldBlock, aRv, aVerdict) {
+ resolve({
+ shouldBlock: aShouldBlock,
+ verdict: (aShouldBlock && kVerdictMap[aVerdict]) || "",
+ });
+ }
+ );
+ });
+ },
+
+ /**
+ * Checks whether downloaded files should be marked as coming from
+ * Internet Zone.
+ *
+ * @return true if files should be marked
+ */
+ _shouldSaveZoneInformation() {
+ let key = Cc["@mozilla.org/windows-registry-key;1"].createInstance(
+ Ci.nsIWindowsRegKey
+ );
+ try {
+ key.open(
+ Ci.nsIWindowsRegKey.ROOT_KEY_CURRENT_USER,
+ "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments",
+ Ci.nsIWindowsRegKey.ACCESS_QUERY_VALUE
+ );
+ try {
+ return key.readIntValue("SaveZoneInformation") != 1;
+ } finally {
+ key.close();
+ }
+ } catch (ex) {
+ // If the key is not present, files should be marked by default.
+ return true;
+ }
+ },
+
+ /**
+ * Builds a key and URL value pair for the "Zone.Identifier" Alternate Data
+ * Stream.
+ *
+ * @param aKey
+ * String to write before the "=" sign. This is not validated.
+ * @param aUrl
+ * URL string to write after the "=" sign. Only the "http(s)" and
+ * "ftp" schemes are allowed, and usernames and passwords are
+ * stripped.
+ * @param [optional] aFallback
+ * Value to place after the "=" sign in case the URL scheme is not
+ * allowed. If unspecified, an empty string is returned when the
+ * scheme is not allowed.
+ *
+ * @return Line to add to the stream, including the final CRLF, or an empty
+ * string if the validation failed.
+ */
+ _zoneIdKey(aKey, aUrl, aFallback) {
+ try {
+ let url;
+ const uri = NetUtil.newURI(aUrl);
+ if (["http", "https", "ftp"].includes(uri.scheme)) {
+ url = uri
+ .mutate()
+ .setUserPass("")
+ .finalize().spec;
+ } else if (aFallback) {
+ url = aFallback;
+ } else {
+ return "";
+ }
+ return aKey + "=" + url + "\r\n";
+ } catch (e) {
+ return "";
+ }
+ },
+
+ /**
+ * Performs platform-specific operations when a download is done.
+ *
+ * aParam aDownload
+ * The Download object.
+ *
+ * @return {Promise}
+ * @resolves When all the operations completed successfully.
+ * @rejects JavaScript exception if any of the operations failed.
+ */
+ async downloadDone(aDownload) {
+ // On Windows, we mark any file saved to the NTFS file system as coming
+ // from the Internet security zone unless Group Policy disables the
+ // feature. We do this by writing to the "Zone.Identifier" Alternate
+ // Data Stream directly, because the Save method of the
+ // IAttachmentExecute interface would trigger operations that may cause
+ // the application to hang, or other performance issues.
+ // The stream created in this way is forward-compatible with all the
+ // current and future versions of Windows.
+ if (AppConstants.platform == "win" && this._shouldSaveZoneInformation()) {
+ let zone;
+ try {
+ zone = gDownloadPlatform.mapUrlToZone(aDownload.source.url);
+ } catch (e) {
+ // Default to Internet Zone if mapUrlToZone failed for
+ // whatever reason.
+ zone = Ci.mozIDownloadPlatform.ZONE_INTERNET;
+ }
+ try {
+ // Don't write zone IDs for Local, Intranet, or Trusted sites
+ // to match Windows behavior.
+ if (zone >= Ci.mozIDownloadPlatform.ZONE_INTERNET) {
+ let streamPath = aDownload.target.path + ":Zone.Identifier";
+ let stream = await OS.File.open(
+ streamPath,
+ { create: true },
+ { winAllowLengthBeyondMaxPathWithCaveats: true }
+ );
+ try {
+ let zoneId = "[ZoneTransfer]\r\nZoneId=" + zone + "\r\n";
+ let { url, isPrivate, referrerInfo } = aDownload.source;
+ if (!isPrivate) {
+ let referrer = referrerInfo
+ ? referrerInfo.computedReferrerSpec
+ : "";
+ zoneId +=
+ this._zoneIdKey("ReferrerUrl", referrer) +
+ this._zoneIdKey("HostUrl", url, "about:internet");
+ }
+ await stream.write(new TextEncoder().encode(zoneId));
+ } finally {
+ await stream.close();
+ }
+ }
+ } catch (ex) {
+ // If writing to the stream fails, we ignore the error and continue.
+ // The Windows API error 123 (ERROR_INVALID_NAME) is expected to
+ // occur when working on a file system that does not support
+ // Alternate Data Streams, like FAT32, thus we don't report this
+ // specific error.
+ if (!(ex instanceof OS.File.Error) || ex.winLastError != 123) {
+ Cu.reportError(ex);
+ }
+ }
+ }
+
+ // The file with the partially downloaded data has restrictive permissions
+ // that don't allow other users on the system to access it. Now that the
+ // download is completed, we need to adjust permissions based on whether
+ // this is a permanently downloaded file or a temporary download to be
+ // opened read-only with an external application.
+ try {
+ // The following logic to determine whether this is a temporary download
+ // is due to the fact that "deleteTempFileOnExit" is false on Mac, where
+ // downloads to be opened with external applications are preserved in
+ // the "Downloads" folder like normal downloads.
+ let isTemporaryDownload =
+ aDownload.launchWhenSucceeded &&
+ (aDownload.source.isPrivate ||
+ Services.prefs.getBoolPref(
+ "browser.helperApps.deleteTempFileOnExit"
+ ));
+ // Permanently downloaded files are made accessible by other users on
+ // this system, while temporary downloads are marked as read-only.
+ let options = {};
+ if (isTemporaryDownload) {
+ options.unixMode = 0o400;
+ options.winAttributes = { readOnly: true };
+ } else {
+ options.unixMode = 0o666;
+ }
+ // On Unix, the umask of the process is respected.
+ await OS.File.setPermissions(aDownload.target.path, options);
+ } catch (ex) {
+ // We should report errors with making the permissions less restrictive
+ // or marking the file as read-only on Unix and Mac, but this should not
+ // prevent the download from completing.
+ // The setPermissions API error EPERM is expected to occur when working
+ // on a file system that does not support file permissions, like FAT32,
+ // thus we don't report this error.
+ if (
+ !(ex instanceof OS.File.Error) ||
+ ex.unixErrno != OS.Constants.libc.EPERM
+ ) {
+ Cu.reportError(ex);
+ }
+ }
+
+ let aReferrer = null;
+ if (aDownload.source.referrerInfo) {
+ aReferrer = aDownload.source.referrerInfo.originalReferrer;
+ }
+
+ await gDownloadPlatform.downloadDone(
+ NetUtil.newURI(aDownload.source.url),
+ aReferrer,
+ new FileUtils.File(aDownload.target.path),
+ aDownload.contentType,
+ aDownload.source.isPrivate
+ );
+ },
+
+ /**
+ * Decide whether a download of this type, opened from the downloads
+ * list, should open internally.
+ *
+ * @param aMimeType
+ * The MIME type of the file, as a string
+ * @param [optional] aExtension
+ * The file extension, which can match instead of the MIME type.
+ */
+ shouldViewDownloadInternally(aMimeType, aExtension) {
+ // Refuse all files by default, this is meant to be replaced with a check
+ // for specific types via Integration.downloads.register().
+ return false;
+ },
+
+ /**
+ * Launches a file represented by the target of a download. This can
+ * open the file with the default application for the target MIME type
+ * or file extension, or with a custom application if
+ * aDownload.launcherPath is set.
+ *
+ * @param aDownload
+ * A Download object that contains the necessary information
+ * to launch the file. The relevant properties are: the target
+ * file, the contentType and the custom application chosen
+ * to launch it.
+ * @param options.openWhere Optional string indicating how to open when handling
+ * download by opening the target file URI.
+ * One of "window", "tab", "tabshifted"
+ * @param options.useSystemDefault
+ * Optional value indicating how to handle launching this download,
+ * this time only. Will override the associated mimeInfo.preferredAction
+ *
+ * @return {Promise}
+ * @resolves When the instruction to launch the file has been
+ * successfully given to the operating system. Note that
+ * the OS might still take a while until the file is actually
+ * launched.
+ * @rejects JavaScript exception if there was an error trying to launch
+ * the file.
+ */
+ async launchDownload(aDownload, { openWhere, useSystemDefault = null }) {
+ let file = new FileUtils.File(aDownload.target.path);
+
+ // In case of a double extension, like ".tar.gz", we only
+ // consider the last one, because the MIME service cannot
+ // handle multiple extensions.
+ let fileExtension = null,
+ mimeInfo = null;
+ let match = file.leafName.match(/\.([^.]+)$/);
+ if (match) {
+ fileExtension = match[1];
+ }
+
+ let isWindowsExe =
+ AppConstants.platform == "win" &&
+ fileExtension &&
+ fileExtension.toLowerCase() == "exe";
+
+ // Ask for confirmation if the file is executable, except for .exe on
+ // Windows where the operating system will show the prompt based on the
+ // security zone. We do this here, instead of letting the caller handle
+ // the prompt separately in the user interface layer, for two reasons. The
+ // first is because of its security nature, so that add-ons cannot forget
+ // to do this check. The second is that the system-level security prompt
+ // would be displayed at launch time in any case.
+ if (
+ file.isExecutable() &&
+ !isWindowsExe &&
+ !(await this.confirmLaunchExecutable(file.path))
+ ) {
+ return;
+ }
+
+ try {
+ // The MIME service might throw if contentType == "" and it can't find
+ // a MIME type for the given extension, so we'll treat this case as
+ // an unknown mimetype.
+ mimeInfo = gMIMEService.getFromTypeAndExtension(
+ aDownload.contentType,
+ fileExtension
+ );
+ } catch (e) {}
+
+ if (aDownload.launcherPath) {
+ if (!mimeInfo) {
+ // This should not happen on normal circumstances because launcherPath
+ // is only set when we had an instance of nsIMIMEInfo to retrieve
+ // the custom application chosen by the user.
+ throw new Error(
+ "Unable to create nsIMIMEInfo to launch a custom application"
+ );
+ }
+
+ // Custom application chosen
+ let localHandlerApp = Cc[
+ "@mozilla.org/uriloader/local-handler-app;1"
+ ].createInstance(Ci.nsILocalHandlerApp);
+ localHandlerApp.executable = new FileUtils.File(aDownload.launcherPath);
+
+ mimeInfo.preferredApplicationHandler = localHandlerApp;
+ mimeInfo.preferredAction = Ci.nsIMIMEInfo.useHelperApp;
+
+ this.launchFile(file, mimeInfo);
+ // After an attempt has been made to launch the download, clear the
+ // launchWhenSucceeded bit so future attempts to open the download can go
+ // through Firefox when possible.
+ aDownload.launchWhenSucceeded = false;
+ return;
+ }
+
+ if (!useSystemDefault && mimeInfo) {
+ useSystemDefault = mimeInfo.preferredAction == mimeInfo.useSystemDefault;
+ }
+ if (!useSystemDefault) {
+ // No explicit instruction was passed to launch this download using the default system viewer.
+ if (
+ aDownload.handleInternally ||
+ (mimeInfo &&
+ this.shouldViewDownloadInternally(mimeInfo.type, fileExtension) &&
+ !mimeInfo.alwaysAskBeforeHandling &&
+ mimeInfo.preferredAction === Ci.nsIHandlerInfo.handleInternally &&
+ !aDownload.launchWhenSucceeded)
+ ) {
+ DownloadUIHelper.loadFileIn(file, {
+ browsingContextId: aDownload.source.browsingContextId,
+ isPrivate: aDownload.source.isPrivate,
+ openWhere,
+ userContextId: aDownload.source.userContextId,
+ });
+ return;
+ }
+ }
+
+ // An attempt will now be made to launch the download, clear the
+ // launchWhenSucceeded bit so future attempts to open the download can go
+ // through Firefox when possible.
+ aDownload.launchWhenSucceeded = false;
+
+ // When a file has no extension, and there's an executable file with the
+ // same name in the same folder, Windows shell can get confused.
+ // For this reason we show the file in the containing folder instead of
+ // trying to open it.
+ // We also don't trust mimeinfo, it could be a type we can forward to a
+ // system handler, but it could also be an executable type, and we
+ // don't have an exhaustive list with all of them.
+ if (!fileExtension && AppConstants.platform == "win") {
+ // We can't check for the existance of a same-name file with every
+ // possible executable extension, so this is a catch-all.
+ this.showContainingDirectory(aDownload.target.path);
+ return;
+ }
+
+ // No custom application chosen, let's launch the file with the default
+ // handler. First, let's try to launch it through the MIME service.
+ if (mimeInfo) {
+ mimeInfo.preferredAction = Ci.nsIMIMEInfo.useSystemDefault;
+ try {
+ this.launchFile(file, mimeInfo);
+ return;
+ } catch (ex) {}
+ }
+
+ // If it didn't work or if there was no MIME info available,
+ // let's try to directly launch the file.
+ try {
+ this.launchFile(file);
+ return;
+ } catch (ex) {}
+
+ // If our previous attempts failed, try sending it through
+ // the system's external "file:" URL handler.
+ gExternalProtocolService.loadURI(
+ NetUtil.newURI(file),
+ Services.scriptSecurityManager.getSystemPrincipal()
+ );
+ },
+
+ /**
+ * Asks for confirmation for launching the specified executable file. This
+ * can be overridden by regression tests to avoid the interactive prompt.
+ */
+ async confirmLaunchExecutable(path) {
+ // We don't anchor the prompt to a specific window intentionally, not
+ // only because this is the same behavior as the system-level prompt,
+ // but also because the most recently active window is the right choice
+ // in basically all cases.
+ return DownloadUIHelper.getPrompter().confirmLaunchExecutable(path);
+ },
+
+ /**
+ * Launches the specified file, unless overridden by regression tests.
+ * @note Always use launchDownload() from the outside of this module, it is
+ * both more powerful and safer.
+ */
+ launchFile(file, mimeInfo) {
+ if (mimeInfo) {
+ mimeInfo.launchWithFile(file);
+ } else {
+ file.launch();
+ }
+ },
+
+ /**
+ * Shows the containing folder of a file.
+ *
+ * @param aFilePath
+ * The path to the file.
+ *
+ * @return {Promise}
+ * @resolves When the instruction to open the containing folder has been
+ * successfully given to the operating system. Note that
+ * the OS might still take a while until the folder is actually
+ * opened.
+ * @rejects JavaScript exception if there was an error trying to open
+ * the containing folder.
+ */
+ async showContainingDirectory(aFilePath) {
+ let file = new FileUtils.File(aFilePath);
+
+ try {
+ // Show the directory containing the file and select the file.
+ file.reveal();
+ return;
+ } catch (ex) {}
+
+ // If reveal fails for some reason (e.g., it's not implemented on unix
+ // or the file doesn't exist), try using the parent if we have it.
+ let parent = file.parent;
+ if (!parent) {
+ throw new Error(
+ "Unexpected reference to a top-level directory instead of a file"
+ );
+ }
+
+ try {
+ // Open the parent directory to show where the file should be.
+ parent.launch();
+ return;
+ } catch (ex) {}
+
+ // If launch also fails (probably because it's not implemented), let
+ // the OS handler try to open the parent.
+ gExternalProtocolService.loadURI(
+ NetUtil.newURI(parent),
+ Services.scriptSecurityManager.getSystemPrincipal()
+ );
+ },
+
+ /**
+ * Calls the directory service, create a downloads directory and returns an
+ * nsIFile for the downloads directory.
+ *
+ * @return {Promise}
+ * @resolves The directory string path.
+ */
+ _createDownloadsDirectory(aName) {
+ // We read the name of the directory from the list of translated strings
+ // that is kept by the UI helper module, even if this string is not strictly
+ // displayed in the user interface.
+ let directoryPath = OS.Path.join(
+ this._getDirectory(aName),
+ DownloadUIHelper.strings.downloadsFolder
+ );
+
+ // Create the Downloads folder and ignore if it already exists.
+ return OS.File.makeDir(directoryPath, { ignoreExisting: true }).then(
+ () => directoryPath
+ );
+ },
+
+ /**
+ * Returns the string path for the given directory service location name. This
+ * can be overridden by regression tests to return the path of the system
+ * temporary directory in all cases.
+ */
+ _getDirectory(name) {
+ return Services.dirsvc.get(name, Ci.nsIFile).path;
+ },
+
+ /**
+ * Register the downloads interruption observers.
+ *
+ * @param aList
+ * The public or private downloads list.
+ * @param aIsPrivate
+ * True if the list is private, false otherwise.
+ *
+ * @return {Promise}
+ * @resolves When the views and observers are added.
+ */
+ addListObservers(aList, aIsPrivate) {
+ DownloadObserver.registerView(aList, aIsPrivate);
+ if (!DownloadObserver.observersAdded) {
+ DownloadObserver.observersAdded = true;
+ for (let topic of kObserverTopics) {
+ Services.obs.addObserver(DownloadObserver, topic);
+ }
+ }
+ return Promise.resolve();
+ },
+
+ /**
+ * Force a save on _store if it exists. Used to ensure downloads do not
+ * persist after being sanitized on Android.
+ *
+ * @return {Promise}
+ * @resolves When _store.save() completes.
+ */
+ forceSave() {
+ if (this._store) {
+ return this._store.save();
+ }
+ return Promise.resolve();
+ },
+};
+
+var DownloadObserver = {
+ /**
+ * Flag to determine if the observers have been added previously.
+ */
+ observersAdded: false,
+
+ /**
+ * Timer used to delay restarting canceled downloads upon waking and returning
+ * online.
+ */
+ _wakeTimer: null,
+
+ /**
+ * Set that contains the in progress publics downloads.
+ * It's kept updated when a public download is added, removed or changes its
+ * properties.
+ */
+ _publicInProgressDownloads: new Set(),
+
+ /**
+ * Set that contains the in progress private downloads.
+ * It's kept updated when a private download is added, removed or changes its
+ * properties.
+ */
+ _privateInProgressDownloads: new Set(),
+
+ /**
+ * Set that contains the downloads that have been canceled when going offline
+ * or to sleep. These are started again when returning online or waking. This
+ * list is not persisted so when exiting and restarting, the downloads will not
+ * be started again.
+ */
+ _canceledOfflineDownloads: new Set(),
+
+ /**
+ * Registers a view that updates the corresponding downloads state set, based
+ * on the aIsPrivate argument. The set is updated when a download is added,
+ * removed or changes its properties.
+ *
+ * @param aList
+ * The public or private downloads list.
+ * @param aIsPrivate
+ * True if the list is private, false otherwise.
+ */
+ registerView: function DO_registerView(aList, aIsPrivate) {
+ let downloadsSet = aIsPrivate
+ ? this._privateInProgressDownloads
+ : this._publicInProgressDownloads;
+ let downloadsView = {
+ onDownloadAdded: aDownload => {
+ if (!aDownload.stopped) {
+ downloadsSet.add(aDownload);
+ }
+ },
+ onDownloadChanged: aDownload => {
+ if (aDownload.stopped) {
+ downloadsSet.delete(aDownload);
+ } else {
+ downloadsSet.add(aDownload);
+ }
+ },
+ onDownloadRemoved: aDownload => {
+ downloadsSet.delete(aDownload);
+ // The download must also be removed from the canceled when offline set.
+ this._canceledOfflineDownloads.delete(aDownload);
+ },
+ };
+
+ // We register the view asynchronously.
+ aList.addView(downloadsView).catch(Cu.reportError);
+ },
+
+ /**
+ * Wrapper that handles the test mode before calling the prompt that display
+ * a warning message box that informs that there are active downloads,
+ * and asks whether the user wants to cancel them or not.
+ *
+ * @param aCancel
+ * The observer notification subject.
+ * @param aDownloadsCount
+ * The current downloads count.
+ * @param aPrompter
+ * The prompter object that shows the confirm dialog.
+ * @param aPromptType
+ * The type of prompt notification depending on the observer.
+ */
+ _confirmCancelDownloads: function DO_confirmCancelDownload(
+ aCancel,
+ aDownloadsCount,
+ aPromptType
+ ) {
+ // Handle test mode
+ if (gCombinedDownloadIntegration._testPromptDownloads) {
+ gCombinedDownloadIntegration._testPromptDownloads = aDownloadsCount;
+ return;
+ }
+
+ if (!aDownloadsCount) {
+ return;
+ }
+
+ // If user has already dismissed the request, then do nothing.
+ if (aCancel instanceof Ci.nsISupportsPRBool && aCancel.data) {
+ return;
+ }
+
+ let prompter = DownloadUIHelper.getPrompter();
+ aCancel.data = prompter.confirmCancelDownloads(
+ aDownloadsCount,
+ prompter[aPromptType]
+ );
+ },
+
+ /**
+ * Resume all downloads that were paused when going offline, used when waking
+ * from sleep or returning from being offline.
+ */
+ _resumeOfflineDownloads: function DO_resumeOfflineDownloads() {
+ this._wakeTimer = null;
+
+ for (let download of this._canceledOfflineDownloads) {
+ download.start().catch(() => {});
+ }
+ this._canceledOfflineDownloads.clear();
+ },
+
+ // nsIObserver
+ observe: function DO_observe(aSubject, aTopic, aData) {
+ let downloadsCount;
+ switch (aTopic) {
+ case "quit-application-requested":
+ downloadsCount =
+ this._publicInProgressDownloads.size +
+ this._privateInProgressDownloads.size;
+ this._confirmCancelDownloads(aSubject, downloadsCount, "ON_QUIT");
+ break;
+ case "offline-requested":
+ downloadsCount =
+ this._publicInProgressDownloads.size +
+ this._privateInProgressDownloads.size;
+ this._confirmCancelDownloads(aSubject, downloadsCount, "ON_OFFLINE");
+ break;
+ case "last-pb-context-exiting":
+ downloadsCount = this._privateInProgressDownloads.size;
+ this._confirmCancelDownloads(
+ aSubject,
+ downloadsCount,
+ "ON_LEAVE_PRIVATE_BROWSING"
+ );
+ break;
+ case "last-pb-context-exited":
+ let promise = (async function() {
+ let list = await Downloads.getList(Downloads.PRIVATE);
+ let downloads = await list.getAll();
+
+ // We can remove the downloads and finalize them in parallel.
+ for (let download of downloads) {
+ list.remove(download).catch(Cu.reportError);
+ download.finalize(true).catch(Cu.reportError);
+ }
+ })();
+ // Handle test mode
+ if (gCombinedDownloadIntegration._testResolveClearPrivateList) {
+ gCombinedDownloadIntegration._testResolveClearPrivateList(promise);
+ } else {
+ promise.catch(ex => Cu.reportError(ex));
+ }
+ break;
+ case "sleep_notification":
+ case "suspend_process_notification":
+ case "network:offline-about-to-go-offline":
+ for (let download of this._publicInProgressDownloads) {
+ download.cancel();
+ this._canceledOfflineDownloads.add(download);
+ }
+ for (let download of this._privateInProgressDownloads) {
+ download.cancel();
+ this._canceledOfflineDownloads.add(download);
+ }
+ break;
+ case "wake_notification":
+ case "resume_process_notification":
+ let wakeDelay = Services.prefs.getIntPref(
+ "browser.download.manager.resumeOnWakeDelay",
+ 10000
+ );
+
+ if (wakeDelay >= 0) {
+ this._wakeTimer = new Timer(
+ this._resumeOfflineDownloads.bind(this),
+ wakeDelay,
+ Ci.nsITimer.TYPE_ONE_SHOT
+ );
+ }
+ break;
+ case "network:offline-status-changed":
+ if (aData == "online") {
+ this._resumeOfflineDownloads();
+ }
+ break;
+ // We need to unregister observers explicitly before we reach the
+ // "xpcom-shutdown" phase, otherwise observers may be notified when some
+ // required services are not available anymore. We can't unregister
+ // observers on "quit-application", because this module is also loaded
+ // during "make package" automation, and the quit notification is not sent
+ // in that execution environment (bug 973637).
+ case "xpcom-will-shutdown":
+ for (let topic of kObserverTopics) {
+ Services.obs.removeObserver(this, topic);
+ }
+ break;
+ }
+ },
+
+ QueryInterface: ChromeUtils.generateQI(["nsIObserver"]),
+};
+
+/**
+ * Registers a Places observer so that operations on download history are
+ * reflected on the provided list of downloads.
+ *
+ * You do not need to keep a reference to this object in order to keep it alive,
+ * because the history service already keeps a strong reference to it.
+ *
+ * @param aList
+ * DownloadList object linked to this observer.
+ */
+var DownloadHistoryObserver = function(aList) {
+ this._list = aList;
+ PlacesUtils.history.addObserver(this);
+
+ const placesObserver = new PlacesWeakCallbackWrapper(
+ this.handlePlacesEvents.bind(this)
+ );
+ PlacesObservers.addListener(["history-cleared"], placesObserver);
+};
+
+DownloadHistoryObserver.prototype = {
+ /**
+ * DownloadList object linked to this observer.
+ */
+ _list: null,
+
+ QueryInterface: ChromeUtils.generateQI(["nsINavHistoryObserver"]),
+
+ handlePlacesEvents(events) {
+ for (const event of events) {
+ switch (event.type) {
+ case "history-cleared": {
+ this._list.removeFinished();
+ break;
+ }
+ }
+ }
+ },
+
+ // nsINavHistoryObserver
+ onDeleteURI: function DL_onDeleteURI(aURI, aGUID) {
+ this._list.removeFinished(download =>
+ aURI.equals(NetUtil.newURI(download.source.url))
+ );
+ },
+
+ onBeginUpdateBatch() {},
+ onEndUpdateBatch() {},
+ onDeleteVisits() {},
+};
+
+/**
+ * This view can be added to a DownloadList object to trigger a save operation
+ * in the given DownloadStore object when a relevant change occurs. You should
+ * call the "initialize" method in order to register the view and load the
+ * current state from disk.
+ *
+ * You do not need to keep a reference to this object in order to keep it alive,
+ * because the DownloadList object already keeps a strong reference to it.
+ *
+ * @param aList
+ * The DownloadList object on which the view should be registered.
+ * @param aStore
+ * The DownloadStore object used for saving.
+ */
+var DownloadAutoSaveView = function(aList, aStore) {
+ this._list = aList;
+ this._store = aStore;
+ this._downloadsMap = new Map();
+ this._writer = new DeferredTask(() => this._store.save(), kSaveDelayMs);
+ AsyncShutdown.profileBeforeChange.addBlocker(
+ "DownloadAutoSaveView: writing data",
+ () => this._writer.finalize()
+ );
+};
+
+DownloadAutoSaveView.prototype = {
+ /**
+ * DownloadList object linked to this view.
+ */
+ _list: null,
+
+ /**
+ * The DownloadStore object used for saving.
+ */
+ _store: null,
+
+ /**
+ * True when the initial state of the downloads has been loaded.
+ */
+ _initialized: false,
+
+ /**
+ * Registers the view and loads the current state from disk.
+ *
+ * @return {Promise}
+ * @resolves When the view has been registered.
+ * @rejects JavaScript exception.
+ */
+ initialize() {
+ // We set _initialized to true after adding the view, so that
+ // onDownloadAdded doesn't cause a save to occur.
+ return this._list.addView(this).then(() => (this._initialized = true));
+ },
+
+ /**
+ * This map contains only Download objects that should be saved to disk, and
+ * associates them with the result of their getSerializationHash function, for
+ * the purpose of detecting changes to the relevant properties.
+ */
+ _downloadsMap: null,
+
+ /**
+ * DeferredTask for the save operation.
+ */
+ _writer: null,
+
+ /**
+ * Called when the list of downloads changed, this triggers the asynchronous
+ * serialization of the list of downloads.
+ */
+ saveSoon() {
+ this._writer.arm();
+ },
+
+ // DownloadList callback
+ onDownloadAdded(aDownload) {
+ if (gCombinedDownloadIntegration.shouldPersistDownload(aDownload)) {
+ this._downloadsMap.set(aDownload, aDownload.getSerializationHash());
+ if (this._initialized) {
+ this.saveSoon();
+ }
+ }
+ },
+
+ // DownloadList callback
+ onDownloadChanged(aDownload) {
+ if (!gCombinedDownloadIntegration.shouldPersistDownload(aDownload)) {
+ if (this._downloadsMap.has(aDownload)) {
+ this._downloadsMap.delete(aDownload);
+ this.saveSoon();
+ }
+ return;
+ }
+
+ let hash = aDownload.getSerializationHash();
+ if (this._downloadsMap.get(aDownload) != hash) {
+ this._downloadsMap.set(aDownload, hash);
+ this.saveSoon();
+ }
+ },
+
+ // DownloadList callback
+ onDownloadRemoved(aDownload) {
+ if (this._downloadsMap.has(aDownload)) {
+ this._downloadsMap.delete(aDownload);
+ this.saveSoon();
+ }
+ },
+};