summaryrefslogtreecommitdiffstats
path: root/services/fxaccounts/FxAccountsCommands.sys.mjs
diff options
context:
space:
mode:
Diffstat (limited to 'services/fxaccounts/FxAccountsCommands.sys.mjs')
-rw-r--r--services/fxaccounts/FxAccountsCommands.sys.mjs336
1 files changed, 330 insertions, 6 deletions
diff --git a/services/fxaccounts/FxAccountsCommands.sys.mjs b/services/fxaccounts/FxAccountsCommands.sys.mjs
index 40fcc7f925..0851906061 100644
--- a/services/fxaccounts/FxAccountsCommands.sys.mjs
+++ b/services/fxaccounts/FxAccountsCommands.sys.mjs
@@ -5,10 +5,14 @@
import {
COMMAND_SENDTAB,
COMMAND_SENDTAB_TAIL,
+ COMMAND_CLOSETAB,
+ COMMAND_CLOSETAB_TAIL,
SCOPE_OLD_SYNC,
log,
} from "resource://gre/modules/FxAccountsCommon.sys.mjs";
+import { clearTimeout, setTimeout } from "resource://gre/modules/Timer.sys.mjs";
+
import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs";
import { Observers } from "resource://services-common/observers.sys.mjs";
@@ -36,18 +40,32 @@ export class FxAccountsCommands {
constructor(fxAccountsInternal) {
this._fxai = fxAccountsInternal;
this.sendTab = new SendTab(this, fxAccountsInternal);
+ this.closeTab = new CloseRemoteTab(this, fxAccountsInternal);
this._invokeRateLimitExpiry = 0;
}
async availableCommands() {
+ // Invalid keys usually means the account is not verified yet.
const encryptedSendTabKeys = await this.sendTab.getEncryptedSendTabKeys();
- if (!encryptedSendTabKeys) {
- // This will happen if the account is not verified yet.
- return {};
+ let commands = {};
+
+ if (encryptedSendTabKeys) {
+ commands[COMMAND_SENDTAB] = encryptedSendTabKeys;
}
- return {
- [COMMAND_SENDTAB]: encryptedSendTabKeys,
- };
+
+ // Close Tab is still a worked-on feature, so we should not broadcast it widely yet
+ let closeTabEnabled = Services.prefs.getBoolPref(
+ "identity.fxaccounts.commands.remoteTabManagement.enabled",
+ false
+ );
+ if (closeTabEnabled) {
+ const encryptedCloseTabKeys =
+ await this.closeTab.getEncryptedCloseTabKeys();
+ if (encryptedCloseTabKeys) {
+ commands[COMMAND_CLOSETAB] = encryptedCloseTabKeys;
+ }
+ }
+ return commands;
}
async invoke(command, device, payload) {
@@ -166,6 +184,7 @@ export class FxAccountsCommands {
}
// We debounce multiple incoming tabs so we show a single notification.
const tabsReceived = [];
+ const tabsToClose = [];
for (const { index, data } of messages) {
const { command, payload, sender: senderId } = data;
const reason = this._getReason(notifiedIndex, index);
@@ -179,6 +198,24 @@ export class FxAccountsCommands {
);
}
switch (command) {
+ case COMMAND_CLOSETAB:
+ try {
+ const { urls } = await this.closeTab.handleTabClose(
+ senderId,
+ payload,
+ reason
+ );
+ log.info(
+ `Close Tab received with FxA commands: "${urls.length} tabs"
+ from ${sender ? sender.name : "Unknown device"}.`
+ );
+ // URLs are PII, so only logged at trace.
+ log.trace(`Close Remote Tabs received URLs: ${urls}`);
+ tabsToClose.push({ urls, sender });
+ } catch (e) {
+ log.error(`Error while handling incoming Close Tab payload.`, e);
+ }
+ break;
case COMMAND_SENDTAB:
try {
const { title, uri } = await this.sendTab.handle(
@@ -212,11 +249,18 @@ export class FxAccountsCommands {
if (tabsReceived.length) {
this._notifyFxATabsReceived(tabsReceived);
}
+ if (tabsToClose.length) {
+ this._notifyFxATabsClosed(tabsToClose);
+ }
}
_notifyFxATabsReceived(tabsReceived) {
Observers.notify("fxaccounts:commands:open-uri", tabsReceived);
}
+
+ _notifyFxATabsClosed(tabsToClose) {
+ Observers.notify("fxaccounts:commands:close-uri", tabsToClose);
+ }
}
/**
@@ -458,6 +502,286 @@ export class SendTab {
}
}
+/**
+ * Close Tabs is built on-top of device commands and handles
+ * actions a client wants to perform on tabs found on other devices
+ * This class is very similar to the Send Tab component in FxAccountsCommands
+ *
+ * Devices exchange keys wrapped in the oldsync key between themselves (getEncryptedCloseTabKeys)
+ * during the device registration flow. The FxA server can theoretically never
+ * retrieve the close tab keys since it doesn't know the oldsync key.
+ *
+ * Note: Close Tabs does things slightly different from SendTab
+ * The sender encrypts the close-tab command using the receiver's public key,
+ * and the FxA server stores it (without re-encrypting).
+ * A web-push notifies the receiver that a new command is available.
+ * The receiver decrypts the payload using its private key.
+ */
+export class CloseRemoteTab {
+ constructor(commands, fxAccountsInternal) {
+ this._commands = commands;
+ this._fxai = fxAccountsInternal;
+ this.pendingClosedTabs = new Map();
+ // pushes happen per device, making a timer per device makes sending
+ // the pushes a little more sane
+ this.pushTimers = new Map();
+ }
+
+ /**
+ * Sending a push everytime the user wants to close a tab on a remote device
+ * could lead to excessive notifications to the users device, push throttling, etc
+ * so we add the tabs to a queue and have a timer that sends the push after a certain
+ * amount of "inactivity"
+ */
+ /**
+ * @param {Device} targetDevice - Device object (typically returned by fxAccounts.getDevicesList()).
+ * @param {String} tab - url for the tab to close
+ * @param {Integer} how far to delay, in miliseconds, the push for this timer
+ */
+ enqueueTabToClose(targetDevice, tab, pushDelay = 6000) {
+ if (this.pendingClosedTabs.has(targetDevice.id)) {
+ this.pendingClosedTabs.get(targetDevice.id).tabs.push(tab);
+ } else {
+ this.pendingClosedTabs.set(targetDevice.id, {
+ device: targetDevice,
+ tabs: [tab],
+ });
+ }
+
+ // extend the timer
+ this._refreshPushTimer(targetDevice.id, pushDelay);
+ }
+
+ async _refreshPushTimer(deviceId, pushDelay) {
+ // If the user is still performing "actions" for this device
+ // reset the timer to send the push
+ if (this.pushTimers.has(deviceId)) {
+ clearTimeout(this.pushTimers.get(deviceId));
+ }
+
+ // There is a possibility that the browser closes before this actually executes
+ // we should catch the browser as it's closing and immediately fire these
+ // See https://bugzilla.mozilla.org/show_bug.cgi?id=1888299
+ const timerId = setTimeout(async () => {
+ let { device, tabs } = this.pendingClosedTabs.get(deviceId);
+ // send a push notification for this specific device
+ await this._sendCloseTabPush(device, tabs);
+
+ // Clear the timer
+ this.pushTimers.delete(deviceId);
+ // We also need to locally store the tabs we sent so the user doesn't
+ // see these anymore
+ this.pendingClosedTabs.delete(deviceId);
+
+ // This is used for tests only, to get around timer woes
+ Observers.notify("test:fxaccounts:commands:close-uri:sent");
+ }, pushDelay);
+
+ // Store the new timer with the device
+ this.pushTimers.set(deviceId, timerId);
+ }
+
+ /**
+ * @param {Device} target - Device object (typically returned by fxAccounts.getDevicesList()).
+ * @param {String[]} urls - array of urls that should be closed on the remote device
+ */
+ async _sendCloseTabPush(target, urls) {
+ log.info(`Sending tab closures to ${target.id} device.`);
+ const flowID = this._fxai.telemetry.generateFlowID();
+ const encoder = new TextEncoder();
+ try {
+ const streamID = this._fxai.telemetry.generateFlowID();
+ const targetData = { flowID, streamID, urls };
+ const bytes = encoder.encode(JSON.stringify(targetData));
+ const encrypted = await this._encrypt(bytes, target);
+ // FxA expects an object as the payload, but we only have a single encrypted string; wrap it.
+ // If you add any plaintext items to this payload, please carefully consider the privacy implications
+ // of revealing that data to the FxA server.
+ const payload = { encrypted };
+ await this._commands.invoke(COMMAND_CLOSETAB, target, payload);
+ this._fxai.telemetry.recordEvent(
+ "command-sent",
+ COMMAND_CLOSETAB_TAIL,
+ this._fxai.telemetry.sanitizeDeviceId(target.id),
+ { flowID, streamID }
+ );
+ } catch (error) {
+ // We should also show the user there was some kind've error
+ log.error("Error while invoking a send tab command.", error);
+ }
+ }
+
+ // Returns true if the target device is compatible with FxA Commands Send tab.
+ isDeviceCompatible(device) {
+ let pref = Services.prefs.getBoolPref(
+ "identity.fxaccounts.commands.remoteTabManagement.enabled",
+ false
+ );
+ return (
+ pref &&
+ device.availableCommands &&
+ device.availableCommands[COMMAND_CLOSETAB]
+ );
+ }
+
+ // Handle incoming remote tab payload, called by FxAccountsCommands.
+ async handleTabClose(senderID, { encrypted }, reason) {
+ const bytes = await this._decrypt(encrypted);
+ const decoder = new TextDecoder("utf8");
+ const data = JSON.parse(decoder.decode(bytes));
+ // urls is an array of strings
+ const { flowID, streamID, urls } = data;
+ this._fxai.telemetry.recordEvent(
+ "command-received",
+ COMMAND_CLOSETAB_TAIL,
+ this._fxai.telemetry.sanitizeDeviceId(senderID),
+ { flowID, streamID, reason }
+ );
+
+ return {
+ urls,
+ };
+ }
+
+ async _encrypt(bytes, device) {
+ let bundle = device.availableCommands[COMMAND_CLOSETAB];
+ if (!bundle) {
+ throw new Error(`Device ${device.id} does not have close tab keys.`);
+ }
+ const oldsyncKey = await this._fxai.keys.getKeyForScope(SCOPE_OLD_SYNC);
+ const json = JSON.parse(bundle);
+ const wrapper = new lazy.CryptoWrapper();
+ wrapper.deserialize({ payload: json });
+ const syncKeyBundle = lazy.BulkKeyBundle.fromJWK(oldsyncKey);
+ let { publicKey, authSecret } = await wrapper.decrypt(syncKeyBundle);
+ authSecret = urlsafeBase64Decode(authSecret);
+ publicKey = urlsafeBase64Decode(publicKey);
+
+ const { ciphertext: encrypted } = await lazy.PushCrypto.encrypt(
+ bytes,
+ publicKey,
+ authSecret
+ );
+ return urlsafeBase64Encode(encrypted);
+ }
+
+ async _getPersistedCloseTabKeys() {
+ const { device } = await this._fxai.getUserAccountData(["device"]);
+ return device && device.closeTabKeys;
+ }
+
+ async _decrypt(ciphertext) {
+ let { privateKey, publicKey, authSecret } =
+ await this._getPersistedCloseTabKeys();
+ publicKey = urlsafeBase64Decode(publicKey);
+ authSecret = urlsafeBase64Decode(authSecret);
+ ciphertext = new Uint8Array(urlsafeBase64Decode(ciphertext));
+ return lazy.PushCrypto.decrypt(
+ privateKey,
+ publicKey,
+ authSecret,
+ // The only Push encoding we support.
+ { encoding: "aes128gcm" },
+ ciphertext
+ );
+ }
+
+ async _generateAndPersistCloseTabKeys() {
+ let [publicKey, privateKey] = await lazy.PushCrypto.generateKeys();
+ publicKey = urlsafeBase64Encode(publicKey);
+ let authSecret = lazy.PushCrypto.generateAuthenticationSecret();
+ authSecret = urlsafeBase64Encode(authSecret);
+ const closeTabKeys = {
+ publicKey,
+ privateKey,
+ authSecret,
+ };
+ await this._fxai.withCurrentAccountState(async state => {
+ const { device } = await state.getUserAccountData(["device"]);
+ await state.updateUserAccountData({
+ device: {
+ ...device,
+ closeTabKeys,
+ },
+ });
+ });
+ return closeTabKeys;
+ }
+
+ async _getPersistedEncryptedCloseTabKey() {
+ const { encryptedCloseTabKeys } = await this._fxai.getUserAccountData([
+ "encryptedCloseTabKeys",
+ ]);
+ return encryptedCloseTabKeys;
+ }
+
+ async _generateAndPersistEncryptedCloseTabKeys() {
+ let closeTabKeys = await this._getPersistedCloseTabKeys();
+ if (!closeTabKeys) {
+ log.info("Could not find closeTab keys, generating them");
+ closeTabKeys = await this._generateAndPersistCloseTabKeys();
+ }
+ // Strip the private key from the bundle to encrypt.
+ const keyToEncrypt = {
+ publicKey: closeTabKeys.publicKey,
+ authSecret: closeTabKeys.authSecret,
+ };
+ if (!(await this._fxai.keys.canGetKeyForScope(SCOPE_OLD_SYNC))) {
+ log.info("Can't fetch keys, so unable to determine closeTab keys");
+ return null;
+ }
+ let oldsyncKey;
+ try {
+ oldsyncKey = await this._fxai.keys.getKeyForScope(SCOPE_OLD_SYNC);
+ } catch (ex) {
+ log.warn(
+ "Failed to fetch keys, so unable to determine closeTab keys",
+ ex
+ );
+ return null;
+ }
+ const wrapper = new lazy.CryptoWrapper();
+ wrapper.cleartext = keyToEncrypt;
+ const keyBundle = lazy.BulkKeyBundle.fromJWK(oldsyncKey);
+ await wrapper.encrypt(keyBundle);
+ const encryptedCloseTabKeys = JSON.stringify({
+ // This is expected in hex, due to pre-JWK sync key ids :-(
+ kid: this._fxai.keys.kidAsHex(oldsyncKey),
+ IV: wrapper.IV,
+ hmac: wrapper.hmac,
+ ciphertext: wrapper.ciphertext,
+ });
+ await this._fxai.withCurrentAccountState(async state => {
+ await state.updateUserAccountData({
+ encryptedCloseTabKeys,
+ });
+ });
+ return encryptedCloseTabKeys;
+ }
+
+ async getEncryptedCloseTabKeys() {
+ let encryptedCloseTabKeys = await this._getPersistedEncryptedCloseTabKey();
+ const closeTabKeys = await this._getPersistedCloseTabKeys();
+ if (!encryptedCloseTabKeys || !closeTabKeys) {
+ log.info("Generating and persisting encrypted closeTab keys");
+ // `_generateAndPersistEncryptedCloseTabKeys` requires the sync key
+ // which cannot be accessed if the login manager is locked
+ // (i.e when the primary password is locked) or if the sync keys
+ // aren't accessible (account isn't verified)
+ // so this function could fail to retrieve the keys
+ // however, device registration will trigger when the account
+ // is verified, so it's OK
+ // Note that it's okay to persist those keys, because they are
+ // already persisted in plaintext and the encrypted bundle
+ // does not include the sync-key (the sync key is used to encrypt
+ // it though)
+ encryptedCloseTabKeys =
+ await this._generateAndPersistEncryptedCloseTabKeys();
+ }
+ return encryptedCloseTabKeys;
+ }
+}
+
function urlsafeBase64Encode(buffer) {
return ChromeUtils.base64URLEncode(new Uint8Array(buffer), { pad: false });
}