summaryrefslogtreecommitdiffstats
path: root/services/fxaccounts/FxAccountsConfig.sys.mjs
diff options
context:
space:
mode:
Diffstat (limited to 'services/fxaccounts/FxAccountsConfig.sys.mjs')
-rw-r--r--services/fxaccounts/FxAccountsConfig.sys.mjs360
1 files changed, 360 insertions, 0 deletions
diff --git a/services/fxaccounts/FxAccountsConfig.sys.mjs b/services/fxaccounts/FxAccountsConfig.sys.mjs
new file mode 100644
index 0000000000..cf26704a50
--- /dev/null
+++ b/services/fxaccounts/FxAccountsConfig.sys.mjs
@@ -0,0 +1,360 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { RESTRequest } from "resource://services-common/rest.sys.mjs";
+
+import {
+ log,
+ SCOPE_OLD_SYNC,
+ SCOPE_PROFILE,
+} from "resource://gre/modules/FxAccountsCommon.sys.mjs";
+import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs";
+
+const lazy = {};
+
+ChromeUtils.defineLazyGetter(lazy, "fxAccounts", () => {
+ return ChromeUtils.importESModule(
+ "resource://gre/modules/FxAccounts.sys.mjs"
+ ).getFxAccountsSingleton();
+});
+
+ChromeUtils.defineESModuleGetters(lazy, {
+ EnsureFxAccountsWebChannel:
+ "resource://gre/modules/FxAccountsWebChannel.sys.mjs",
+});
+
+XPCOMUtils.defineLazyPreferenceGetter(
+ lazy,
+ "ROOT_URL",
+ "identity.fxaccounts.remote.root"
+);
+XPCOMUtils.defineLazyPreferenceGetter(
+ lazy,
+ "CONTEXT_PARAM",
+ "identity.fxaccounts.contextParam"
+);
+XPCOMUtils.defineLazyPreferenceGetter(
+ lazy,
+ "REQUIRES_HTTPS",
+ "identity.fxaccounts.allowHttp",
+ false,
+ null,
+ val => !val
+);
+
+const CONFIG_PREFS = [
+ "identity.fxaccounts.remote.root",
+ "identity.fxaccounts.auth.uri",
+ "identity.fxaccounts.remote.oauth.uri",
+ "identity.fxaccounts.remote.profile.uri",
+ "identity.fxaccounts.remote.pairing.uri",
+ "identity.sync.tokenserver.uri",
+];
+const SYNC_PARAM = "sync";
+
+export var FxAccountsConfig = {
+ async promiseEmailURI(email, entrypoint, extraParams = {}) {
+ const authParams = await this._getAuthParams();
+ return this._buildURL("", {
+ extraParams: {
+ entrypoint,
+ email,
+ ...authParams,
+ ...extraParams,
+ },
+ });
+ },
+
+ async promiseConnectAccountURI(entrypoint, extraParams = {}) {
+ const authParams = await this._getAuthParams();
+ return this._buildURL("", {
+ extraParams: {
+ entrypoint,
+ action: "email",
+ ...authParams,
+ ...extraParams,
+ },
+ });
+ },
+
+ async promiseForceSigninURI(entrypoint, extraParams = {}) {
+ const authParams = await this._getAuthParams();
+ return this._buildURL("force_auth", {
+ extraParams: { entrypoint, ...authParams, ...extraParams },
+ addAccountIdentifiers: true,
+ });
+ },
+
+ async promiseManageURI(entrypoint, extraParams = {}) {
+ return this._buildURL("settings", {
+ extraParams: { entrypoint, ...extraParams },
+ addAccountIdentifiers: true,
+ });
+ },
+
+ async promiseChangeAvatarURI(entrypoint, extraParams = {}) {
+ return this._buildURL("settings/avatar/change", {
+ extraParams: { entrypoint, ...extraParams },
+ addAccountIdentifiers: true,
+ });
+ },
+
+ async promiseManageDevicesURI(entrypoint, extraParams = {}) {
+ return this._buildURL("settings/clients", {
+ extraParams: { entrypoint, ...extraParams },
+ addAccountIdentifiers: true,
+ });
+ },
+
+ async promiseConnectDeviceURI(entrypoint, extraParams = {}) {
+ return this._buildURL("connect_another_device", {
+ extraParams: { entrypoint, service: SYNC_PARAM, ...extraParams },
+ addAccountIdentifiers: true,
+ });
+ },
+
+ async promisePairingURI(extraParams = {}) {
+ return this._buildURL("pair", {
+ extraParams,
+ includeDefaultParams: false,
+ });
+ },
+
+ async promiseOAuthURI(extraParams = {}) {
+ return this._buildURL("oauth", {
+ extraParams,
+ includeDefaultParams: false,
+ });
+ },
+
+ async promiseMetricsFlowURI(entrypoint, extraParams = {}) {
+ return this._buildURL("metrics-flow", {
+ extraParams: { entrypoint, ...extraParams },
+ includeDefaultParams: false,
+ });
+ },
+
+ get defaultParams() {
+ return { context: lazy.CONTEXT_PARAM };
+ },
+
+ /**
+ * @param path should be parsable by the URL constructor first parameter.
+ * @param {bool} [options.includeDefaultParams] If true include the default search params.
+ * @param {Object.<string, string>} [options.extraParams] Additionnal search params.
+ * @param {bool} [options.addAccountIdentifiers] if true we add the current logged-in user uid and email to the search params.
+ */
+ async _buildURL(
+ path,
+ {
+ includeDefaultParams = true,
+ extraParams = {},
+ addAccountIdentifiers = false,
+ }
+ ) {
+ await this.ensureConfigured();
+ const url = new URL(path, lazy.ROOT_URL);
+ if (lazy.REQUIRES_HTTPS && url.protocol != "https:") {
+ throw new Error("Firefox Accounts server must use HTTPS");
+ }
+ const params = {
+ ...(includeDefaultParams ? this.defaultParams : null),
+ ...extraParams,
+ };
+ for (let [k, v] of Object.entries(params)) {
+ url.searchParams.append(k, v);
+ }
+ if (addAccountIdentifiers) {
+ const accountData = await this.getSignedInUser();
+ if (!accountData) {
+ return null;
+ }
+ url.searchParams.append("uid", accountData.uid);
+ url.searchParams.append("email", accountData.email);
+ }
+ return url.href;
+ },
+
+ async _buildURLFromString(href, extraParams = {}) {
+ const url = new URL(href);
+ for (let [k, v] of Object.entries(extraParams)) {
+ url.searchParams.append(k, v);
+ }
+ return url.href;
+ },
+
+ resetConfigURLs() {
+ let autoconfigURL = this.getAutoConfigURL();
+ if (!autoconfigURL) {
+ return;
+ }
+ // They have the autoconfig uri pref set, so we clear all the prefs that we
+ // will have initialized, which will leave them pointing at production.
+ for (let pref of CONFIG_PREFS) {
+ Services.prefs.clearUserPref(pref);
+ }
+ // Reset the webchannel.
+ lazy.EnsureFxAccountsWebChannel();
+ },
+
+ getAutoConfigURL() {
+ let pref = Services.prefs.getStringPref(
+ "identity.fxaccounts.autoconfig.uri",
+ ""
+ );
+ if (!pref) {
+ // no pref / empty pref means we don't bother here.
+ return "";
+ }
+ let rootURL = Services.urlFormatter.formatURL(pref);
+ if (rootURL.endsWith("/")) {
+ rootURL = rootURL.slice(0, -1);
+ }
+ return rootURL;
+ },
+
+ async ensureConfigured() {
+ let isSignedIn = !!(await this.getSignedInUser());
+ if (!isSignedIn) {
+ await this.updateConfigURLs();
+ }
+ },
+
+ // Returns true if this user is using the FxA "production" systems, false
+ // if using any other configuration, including self-hosting or the FxA
+ // non-production systems such as "dev" or "staging".
+ // It's typically used as a proxy for "is this likely to be a self-hosted
+ // user?", but it's named this way to make the implementation less
+ // surprising. As a result, it's fairly conservative and would prefer to have
+ // a false-negative than a false-position as it determines things which users
+ // might consider sensitive (notably, telemetry).
+ // Note also that while it's possible to self-host just sync and not FxA, we
+ // don't make that distinction - that's a self-hoster from the POV of this
+ // function.
+ isProductionConfig() {
+ // Specifically, if the autoconfig URLs, or *any* of the URLs that
+ // we consider configurable are modified, we assume self-hosted.
+ if (this.getAutoConfigURL()) {
+ return false;
+ }
+ for (let pref of CONFIG_PREFS) {
+ if (Services.prefs.prefHasUserValue(pref)) {
+ return false;
+ }
+ }
+ return true;
+ },
+
+ // Read expected client configuration from the fxa auth server
+ // (from `identity.fxaccounts.autoconfig.uri`/.well-known/fxa-client-configuration)
+ // and replace all the relevant our prefs with the information found there.
+ // This is only done before sign-in and sign-up, and even then only if the
+ // `identity.fxaccounts.autoconfig.uri` preference is set.
+ async updateConfigURLs() {
+ let rootURL = this.getAutoConfigURL();
+ if (!rootURL) {
+ return;
+ }
+ const config = await this.fetchConfigDocument(rootURL);
+ try {
+ // Update the prefs directly specified by the config.
+ let authServerBase = config.auth_server_base_url;
+ if (!authServerBase.endsWith("/v1")) {
+ authServerBase += "/v1";
+ }
+ Services.prefs.setStringPref(
+ "identity.fxaccounts.auth.uri",
+ authServerBase
+ );
+ Services.prefs.setStringPref(
+ "identity.fxaccounts.remote.oauth.uri",
+ config.oauth_server_base_url + "/v1"
+ );
+ // At the time of landing this, our servers didn't yet answer with pairing_server_base_uri.
+ // Remove this condition check once Firefox 68 is stable.
+ if (config.pairing_server_base_uri) {
+ Services.prefs.setStringPref(
+ "identity.fxaccounts.remote.pairing.uri",
+ config.pairing_server_base_uri
+ );
+ }
+ Services.prefs.setStringPref(
+ "identity.fxaccounts.remote.profile.uri",
+ config.profile_server_base_url + "/v1"
+ );
+ Services.prefs.setStringPref(
+ "identity.sync.tokenserver.uri",
+ config.sync_tokenserver_base_url + "/1.0/sync/1.5"
+ );
+ Services.prefs.setStringPref("identity.fxaccounts.remote.root", rootURL);
+
+ // Ensure the webchannel is pointed at the correct uri
+ lazy.EnsureFxAccountsWebChannel();
+ } catch (e) {
+ log.error(
+ "Failed to initialize configuration preferences from autoconfig object",
+ e
+ );
+ throw e;
+ }
+ },
+
+ // Read expected client configuration from the fxa auth server
+ // (or from the provided rootURL, if present) and return it as an object.
+ async fetchConfigDocument(rootURL = null) {
+ if (!rootURL) {
+ rootURL = lazy.ROOT_URL;
+ }
+ let configURL = rootURL + "/.well-known/fxa-client-configuration";
+ let request = new RESTRequest(configURL);
+ request.setHeader("Accept", "application/json");
+
+ // Catch and rethrow the error inline.
+ let resp = await request.get().catch(e => {
+ log.error(`Failed to get configuration object from "${configURL}"`, e);
+ throw e;
+ });
+ if (!resp.success) {
+ // Note: 'resp.body' is included with the error log below as we are not concerned
+ // that the body will contain PII, but if that changes it should be excluded.
+ log.error(
+ `Received HTTP response code ${resp.status} from configuration object request:
+ ${resp.body}`
+ );
+ throw new Error(
+ `HTTP status ${resp.status} from configuration object request`
+ );
+ }
+ log.debug("Got successful configuration response", resp.body);
+ try {
+ return JSON.parse(resp.body);
+ } catch (e) {
+ log.error(
+ `Failed to parse configuration preferences from ${configURL}`,
+ e
+ );
+ throw e;
+ }
+ },
+
+ // For test purposes, returns a Promise.
+ getSignedInUser() {
+ return lazy.fxAccounts.getSignedInUser();
+ },
+
+ _isOAuthFlow() {
+ return Services.prefs.getBoolPref(
+ "identity.fxaccounts.oauth.enabled",
+ false
+ );
+ },
+
+ async _getAuthParams() {
+ if (this._isOAuthFlow()) {
+ const scopes = [SCOPE_OLD_SYNC, SCOPE_PROFILE];
+ return lazy.fxAccounts._internal.beginOAuthFlow(scopes);
+ }
+ return { service: SYNC_PARAM };
+ },
+};