/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this file, * You can obtain one at http://mozilla.org/MPL/2.0/. */ const DEBUG = false; // set to true to show debug messages const kCAPTIVEPORTALDETECTOR_CID = Components.ID( "{d9cd00ba-aa4d-47b1-8792-b1fe0cd35060}" ); const kOpenCaptivePortalLoginEvent = "captive-portal-login"; const kAbortCaptivePortalLoginEvent = "captive-portal-login-abort"; const kCaptivePortalLoginSuccessEvent = "captive-portal-login-success"; const kCaptivePortalCheckComplete = "captive-portal-check-complete"; function URLFetcher(url, timeout) { let self = this; let xhr = new XMLHttpRequest(); xhr.open("GET", url, true); // Prevent the request from reading from the cache. xhr.channel.loadFlags |= Ci.nsIRequest.LOAD_BYPASS_CACHE; // Prevent the request from writing to the cache. xhr.channel.loadFlags |= Ci.nsIRequest.INHIBIT_CACHING; // Prevent privacy leaks xhr.channel.loadFlags |= Ci.nsIRequest.LOAD_ANONYMOUS; // Use the system's resolver for this check xhr.channel.setTRRMode(Ci.nsIRequest.TRR_DISABLED_MODE); // We except this from being classified xhr.channel.loadFlags |= Ci.nsIChannel.LOAD_BYPASS_URL_CLASSIFIER; // Prevent HTTPS-Only Mode from upgrading the request. xhr.channel.loadInfo.httpsOnlyStatus |= Ci.nsILoadInfo.HTTPS_ONLY_EXEMPT; // Allow deprecated HTTP request from SystemPrincipal xhr.channel.loadInfo.allowDeprecatedSystemRequests = true; // We don't want to follow _any_ redirects xhr.channel.QueryInterface(Ci.nsIHttpChannel).redirectionLimit = 0; // bug 1666072 - firefox.com returns a HSTS header triggering a https upgrade // but the upgrade triggers an internal redirect causing an incorrect locked // portal notification. We exclude CP detection from STS. xhr.channel.QueryInterface(Ci.nsIHttpChannel).allowSTS = false; // The Cache-Control header is only interpreted by proxies and the // final destination. It does not help if a resource is already // cached locally. xhr.setRequestHeader("Cache-Control", "no-cache"); // HTTP/1.0 servers might not implement Cache-Control and // might only implement Pragma: no-cache xhr.setRequestHeader("Pragma", "no-cache"); xhr.timeout = timeout; xhr.ontimeout = function () { self.ontimeout(); }; xhr.onerror = function () { self.onerror(); }; xhr.onreadystatechange = function () { if (xhr.readyState === 4) { if (self._isAborted) { return; } if (xhr.status === 200) { self.onsuccess(xhr.responseText); } else if (xhr.status) { self.onredirectorerror(xhr.status); } else if ( xhr.channel && xhr.channel.status == Cr.NS_ERROR_REDIRECT_LOOP ) { // For some redirects we don't get a status, so we need to check it // this way. This only works because we set the redirectionLimit to 0. self.onredirectorerror(300); // No need to invoke the onerror callback, we handled it here. xhr.onerror = null; } } }; xhr.send(); this._xhr = xhr; } URLFetcher.prototype = { _isAborted: false, ontimeout() {}, onerror() {}, abort() { if (!this._isAborted) { this._isAborted = true; this._xhr.abort(); } }, }; function LoginObserver(captivePortalDetector) { const LOGIN_OBSERVER_STATE_DETACHED = 0; /* Should not monitor network activity since no ongoing login procedure */ const LOGIN_OBSERVER_STATE_IDLE = 1; /* No network activity currently, waiting for a longer enough idle period */ const LOGIN_OBSERVER_STATE_BURST = 2; /* Network activity is detected, probably caused by a login procedure */ const LOGIN_OBSERVER_STATE_VERIFY_NEEDED = 3; /* Verifing network accessiblity is required after a long enough idle */ const LOGIN_OBSERVER_STATE_VERIFYING = 4; /* LoginObserver is probing if public network is available */ let state = LOGIN_OBSERVER_STATE_DETACHED; let timer = Cc["@mozilla.org/timer;1"].createInstance(Ci.nsITimer); let activityDistributor = Cc[ "@mozilla.org/network/http-activity-distributor;1" ].getService(Ci.nsIHttpActivityDistributor); let urlFetcher = null; let pageCheckingDone = function pageCheckingDone() { if (state === LOGIN_OBSERVER_STATE_VERIFYING) { urlFetcher = null; // Finish polling the canonical site, switch back to idle state and // waiting for next burst state = LOGIN_OBSERVER_STATE_IDLE; timer.initWithCallback( observer, captivePortalDetector._pollingTime, timer.TYPE_ONE_SHOT ); } }; let checkPageContent = function checkPageContent() { debug("checking if public network is available after the login procedure"); urlFetcher = new URLFetcher( captivePortalDetector._canonicalSiteURL, captivePortalDetector._maxWaitingTime ); urlFetcher.ontimeout = pageCheckingDone; urlFetcher.onerror = pageCheckingDone; urlFetcher.onsuccess = function (content) { if (captivePortalDetector.validateContent(content)) { urlFetcher = null; captivePortalDetector.executeCallback(true); } else { pageCheckingDone(); } }; urlFetcher.onredirectorerror = pageCheckingDone; }; // Public interface of LoginObserver let observer = { QueryInterface: ChromeUtils.generateQI([ "nsIHttpActivityObserver", "nsITimerCallback", ]), attach: function attach() { if (state === LOGIN_OBSERVER_STATE_DETACHED) { activityDistributor.addObserver(this); state = LOGIN_OBSERVER_STATE_IDLE; timer.initWithCallback( this, captivePortalDetector._pollingTime, timer.TYPE_ONE_SHOT ); debug("attach HttpObserver for login activity"); } }, detach: function detach() { if (state !== LOGIN_OBSERVER_STATE_DETACHED) { if (urlFetcher) { urlFetcher.abort(); urlFetcher = null; } activityDistributor.removeObserver(this); timer.cancel(); state = LOGIN_OBSERVER_STATE_DETACHED; debug("detach HttpObserver for login activity"); } }, /* * Treat all HTTP transactions as captive portal login activities. */ observeActivity: function observeActivity( aHttpChannel, aActivityType, aActivitySubtype ) { if ( aActivityType === Ci.nsIHttpActivityObserver.ACTIVITY_TYPE_HTTP_TRANSACTION && aActivitySubtype === Ci.nsIHttpActivityObserver.ACTIVITY_SUBTYPE_RESPONSE_COMPLETE ) { switch (state) { case LOGIN_OBSERVER_STATE_IDLE: case LOGIN_OBSERVER_STATE_VERIFY_NEEDED: state = LOGIN_OBSERVER_STATE_BURST; break; default: break; } } }, /* * Check if login activity is finished according to HTTP burst. */ notify: function notify() { switch (state) { case LOGIN_OBSERVER_STATE_BURST: // Wait while network stays idle for a short period state = LOGIN_OBSERVER_STATE_VERIFY_NEEDED; // Fall through to start polling timer case LOGIN_OBSERVER_STATE_IDLE: // Just fall through to perform a captive portal check. case LOGIN_OBSERVER_STATE_VERIFY_NEEDED: // Polling the canonical website since network stays idle for a while state = LOGIN_OBSERVER_STATE_VERIFYING; checkPageContent(); break; default: break; } }, }; return observer; } export function CaptivePortalDetector() { // Load preference this._canonicalSiteURL = null; this._canonicalSiteExpectedContent = null; try { this._canonicalSiteURL = Services.prefs.getCharPref( "captivedetect.canonicalURL" ); this._canonicalSiteExpectedContent = Services.prefs.getCharPref( "captivedetect.canonicalContent" ); } catch (e) { debug("canonicalURL or canonicalContent not set."); } this._maxWaitingTime = Services.prefs.getIntPref( "captivedetect.maxWaitingTime" ); this._pollingTime = Services.prefs.getIntPref("captivedetect.pollingTime"); this._maxRetryCount = Services.prefs.getIntPref( "captivedetect.maxRetryCount" ); debug( "Load Prefs {site=" + this._canonicalSiteURL + ",content=" + this._canonicalSiteExpectedContent + ",time=" + this._maxWaitingTime + "max-retry=" + this._maxRetryCount + "}" ); // Create HttpObserver for monitoring the login procedure this._loginObserver = LoginObserver(this); this._nextRequestId = 0; this._runningRequest = null; this._requestQueue = []; // Maintain a progress table, store callbacks and the ongoing XHR this._interfaceNames = {}; // Maintain names of the requested network interfaces debug( "CaptiveProtalDetector initiated, waiting for network connection established" ); } CaptivePortalDetector.prototype = { classID: kCAPTIVEPORTALDETECTOR_CID, QueryInterface: ChromeUtils.generateQI(["nsICaptivePortalDetector"]), // nsICaptivePortalDetector checkCaptivePortal: function checkCaptivePortal(aInterfaceName, aCallback) { if (!this._canonicalSiteURL) { throw Components.Exception("No canonical URL set up."); } // Prevent multiple requests on a single network interface if (this._interfaceNames[aInterfaceName]) { throw Components.Exception( "Do not allow multiple request on one interface: " + aInterfaceName ); } let request = { interfaceName: aInterfaceName }; if (aCallback) { let callback = aCallback.QueryInterface(Ci.nsICaptivePortalCallback); request.callback = callback; request.retryCount = 0; } this._addRequest(request); }, abort: function abort(aInterfaceName) { debug("abort for " + aInterfaceName); this._removeRequest(aInterfaceName); }, finishPreparation: function finishPreparation(aInterfaceName) { debug('finish preparation phase for interface "' + aInterfaceName + '"'); if ( !this._runningRequest || this._runningRequest.interfaceName !== aInterfaceName ) { debug("invalid finishPreparation for " + aInterfaceName); throw Components.Exception( "only first request is allowed to invoke |finishPreparation|" ); } this._startDetection(); }, cancelLogin: function cancelLogin(eventId) { debug('login canceled by user for request "' + eventId + '"'); // Captive portal login procedure is canceled by user if ( this._runningRequest && this._runningRequest.hasOwnProperty("eventId") ) { let id = this._runningRequest.eventId; if (eventId === id) { this.executeCallback(false); } } }, _applyDetection: function _applyDetection() { debug("enter applyDetection(" + this._runningRequest.interfaceName + ")"); // Execute network interface preparation if (this._runningRequest.hasOwnProperty("callback")) { this._runningRequest.callback.prepare(); } else { this._startDetection(); } }, _startDetection: function _startDetection() { debug( "startDetection {site=" + this._canonicalSiteURL + ",content=" + this._canonicalSiteExpectedContent + ",time=" + this._maxWaitingTime + "}" ); let self = this; let urlFetcher = new URLFetcher( this._canonicalSiteURL, this._maxWaitingTime ); let mayRetry = this._mayRetry.bind(this); urlFetcher.ontimeout = mayRetry; urlFetcher.onerror = mayRetry; urlFetcher.onsuccess = function (content) { if (self.validateContent(content)) { self.executeCallback(true); } else { // Content of the canonical website has been overwrite self._startLogin(); } }; urlFetcher.onredirectorerror = function (status) { if (status >= 300 && status <= 399) { // The canonical website has been redirected to an unknown location self._startLogin(); } else if (status === 511) { // Got a RFC 6585 "Network Authentication Required" error page self._startLogin(); } else { mayRetry(); } }; this._runningRequest.urlFetcher = urlFetcher; }, _startLogin: function _startLogin() { let id = this._allocateRequestId(); let details = { type: kOpenCaptivePortalLoginEvent, id, url: this._canonicalSiteURL, }; this._loginObserver.attach(); this._runningRequest.eventId = id; this._sendEvent(kOpenCaptivePortalLoginEvent, details); }, _mayRetry: function _mayRetry() { if ( this._runningRequest && this._runningRequest.retryCount++ < this._maxRetryCount ) { debug( "retry-Detection: " + this._runningRequest.retryCount + "/" + this._maxRetryCount ); this._startDetection(); } else { this.executeCallback(false); } }, executeCallback: function executeCallback(success) { if (this._runningRequest) { debug("callback executed"); if (this._runningRequest.hasOwnProperty("callback")) { this._runningRequest.callback.complete(success); } // Only when the request has a event id and |success| is true // do we need to notify the login-success event. if (this._runningRequest.hasOwnProperty("eventId") && success) { let details = { type: kCaptivePortalLoginSuccessEvent, id: this._runningRequest.eventId, }; this._sendEvent(kCaptivePortalLoginSuccessEvent, details); } // Continue the following request this._runningRequest.complete = true; this._removeRequest(this._runningRequest.interfaceName); } }, _sendEvent: function _sendEvent(topic, details) { debug('sendEvent "' + JSON.stringify(details) + '"'); Services.obs.notifyObservers(this, topic, JSON.stringify(details)); }, validateContent: function validateContent(content) { debug("received content: " + content); let valid = content === this._canonicalSiteExpectedContent; // We need a way to indicate that a check has been performed, and if we are // still in a captive portal. this._sendEvent(kCaptivePortalCheckComplete, !valid); return valid; }, _allocateRequestId: function _allocateRequestId() { let newId = this._nextRequestId++; return newId.toString(); }, _runNextRequest: function _runNextRequest() { let nextRequest = this._requestQueue.shift(); if (nextRequest) { this._runningRequest = nextRequest; this._applyDetection(); } }, _addRequest: function _addRequest(request) { this._interfaceNames[request.interfaceName] = true; this._requestQueue.push(request); if (!this._runningRequest) { this._runNextRequest(); } }, _removeRequest: function _removeRequest(aInterfaceName) { if (!this._interfaceNames[aInterfaceName]) { return; } delete this._interfaceNames[aInterfaceName]; if ( this._runningRequest && this._runningRequest.interfaceName === aInterfaceName ) { this._loginObserver.detach(); if (!this._runningRequest.complete) { // Abort the user login procedure if (this._runningRequest.hasOwnProperty("eventId")) { let details = { type: kAbortCaptivePortalLoginEvent, id: this._runningRequest.eventId, }; this._sendEvent(kAbortCaptivePortalLoginEvent, details); } // Abort the ongoing HTTP request if (this._runningRequest.hasOwnProperty("urlFetcher")) { this._runningRequest.urlFetcher.abort(); } } debug("remove running request"); this._runningRequest = null; // Continue next pending reqeust if the ongoing one has been aborted this._runNextRequest(); return; } // Check if a pending request has been aborted for (let i = 0; i < this._requestQueue.length; i++) { if (this._requestQueue[i].interfaceName == aInterfaceName) { this._requestQueue.splice(i, 1); debug( "remove pending request #" + i + ", remaining " + this._requestQueue.length ); break; } } }, }; var debug; if (DEBUG) { // eslint-disable-next-line no-global-assign debug = function (s) { dump("-*- CaptivePortalDetector component: " + s + "\n"); }; } else { // eslint-disable-next-line no-global-assign debug = function () {}; }