1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef mozilla_dom_IdentityCredential_h
#define mozilla_dom_IdentityCredential_h
#include "mozilla/dom/CanonicalBrowsingContext.h"
#include "mozilla/dom/Credential.h"
#include "mozilla/dom/IPCIdentityCredential.h"
#include "mozilla/MozPromise.h"
#include "mozilla/Tuple.h"
namespace mozilla::dom {
class IdentityCredential final : public Credential {
public:
typedef MozPromise<RefPtr<IdentityCredential>, nsresult, true>
GetIdentityCredentialPromise;
typedef MozPromise<IPCIdentityCredential, nsresult, true>
GetIPCIdentityCredentialPromise;
typedef MozPromise<IdentityProvider, nsresult, true>
GetIdentityProviderPromise;
typedef MozPromise<bool, nsresult, true> ValidationPromise;
typedef MozPromise<IdentityInternalManifest, nsresult, true>
GetManifestPromise;
typedef MozPromise<Tuple<IdentityInternalManifest, IdentityAccountList>,
nsresult, true>
GetAccountListPromise;
typedef MozPromise<Tuple<IdentityToken, IdentityAccount>, nsresult, true>
GetTokenPromise;
typedef MozPromise<Tuple<IdentityInternalManifest, IdentityAccount>, nsresult,
true>
GetAccountPromise;
typedef MozPromise<IdentityClientMetadata, nsresult, true> GetMetadataPromise;
explicit IdentityCredential(nsPIDOMWindowInner* aParent);
protected:
~IdentityCredential() override;
public:
virtual JSObject* WrapObject(JSContext* aCx,
JS::Handle<JSObject*> aGivenProto) override;
void CopyValuesFrom(const IPCIdentityCredential& aOther);
IPCIdentityCredential MakeIPCIdentityCredential();
void GetToken(nsAString& aToken) const;
void SetToken(const nsAString& aToken);
static already_AddRefed<Promise> LogoutRPs(
GlobalObject& aGlobal,
const Sequence<IdentityCredentialLogoutRPsRequest>& aLogoutRequests,
ErrorResult& aRv);
static RefPtr<GetIdentityCredentialPromise> DiscoverFromExternalSource(
nsPIDOMWindowInner* aParent, const CredentialRequestOptions& aOptions,
bool aSameOriginWithAncestors);
static RefPtr<GetIPCIdentityCredentialPromise>
DiscoverFromExternalSourceInMainProcess(
nsIPrincipal* aPrincipal, CanonicalBrowsingContext* aBrowsingContext,
const IdentityCredentialRequestOptions& aOptions);
// Create an IPC credential that can be passed back to the content process.
// This calls a lot of helpers to do the logic of going from a single provider
// to a bearer token for an account at that provider.
//
// Arguments:
// aPrincipal: the caller of navigator.credentials.get()'s principal
// aProvider: the provider to validate the root manifest of
// Return value:
// a promise resolving to an IPC credential with type "identity", id
// constructed to identify it, and token corresponding to the token
// fetched in FetchToken. This promise may reject with nsresult errors.
// Side effects:
// Will send network requests to the IDP. The details of which are in the
// other static methods here.
static RefPtr<GetIPCIdentityCredentialPromise> CreateCredential(
nsIPrincipal* aPrincipal, BrowsingContext* aBrowsingContext,
const IdentityProvider& aProvider);
// Performs a Fetch for the root manifest of the provided identity provider
// and validates it as correct. The returned promise resolves with a bool
// that is true if everything is valid.
//
// Arguments:
// aPrincipal: the caller of navigator.credentials.get()'s principal
// aProvider: the provider to validate the root manifest of
// Return value:
// promise that resolves to a bool that indicates success. Will reject
// when there are network or other errors.
// Side effects:
// Network request to the IDP's well-known from inside a NullPrincipal
// sandbox
//
static RefPtr<ValidationPromise> CheckRootManifest(
nsIPrincipal* aPrincipal, const IdentityProvider& aProvider);
// Performs a Fetch for the internal manifest of the provided identity
// provider. The returned promise resolves with the manifest retrieved.
//
// Arguments:
// aPrincipal: the caller of navigator.credentials.get()'s principal
// aProvider: the provider to fetch the root manifest
// Return value:
// promise that resolves to the internal manifest. Will reject
// when there are network or other errors.
// Side effects:
// Network request to the URL in aProvider as the manifest from inside a
// NullPrincipal sandbox
//
static RefPtr<GetManifestPromise> FetchInternalManifest(
nsIPrincipal* aPrincipal, const IdentityProvider& aProvider);
// Performs a Fetch for the account list from the provided identity
// provider. The returned promise resolves with the manifest and the fetched
// account list in a tuple of objects. We put the argument manifest in the
// tuple to facilitate clean promise chaining.
//
// Arguments:
// aPrincipal: the caller of navigator.credentials.get()'s principal
// aProvider: the provider to get account lists from
// aManifest: the provider's internal manifest
// Return value:
// promise that resolves to a Tuple of the passed manifest and the fetched
// account list. Will reject when there are network or other errors.
// Side effects:
// Network request to the provider supplied account endpoint with
// credentials but without any indication of aPrincipal.
//
static RefPtr<GetAccountListPromise> FetchAccountList(
nsIPrincipal* aPrincipal, const IdentityProvider& aProvider,
const IdentityInternalManifest& aManifest);
// Performs a Fetch for a bearer token to the provided identity
// provider for a given account. The returned promise resolves with the
// account argument and the fetched token in a tuple of objects.
// We put the argument account in the
// tuple to facilitate clean promise chaining.
//
// Arguments:
// aPrincipal: the caller of navigator.credentials.get()'s principal
// aProvider: the provider to get account lists from
// aManifest: the provider's internal manifest
// aAccount: the account to request
// Return value:
// promise that resolves to a Tuple of the passed account and the fetched
// token. Will reject when there are network or other errors.
// Side effects:
// Network request to the provider supplied token endpoint with
// credentials and including information about the requesting principal.
//
static RefPtr<GetTokenPromise> FetchToken(
nsIPrincipal* aPrincipal, const IdentityProvider& aProvider,
const IdentityInternalManifest& aManifest,
const IdentityAccount& aAccount);
static RefPtr<GetMetadataPromise> FetchMetadata(
nsIPrincipal* aPrincipal, const IdentityProvider& aProvider,
const IdentityInternalManifest& aManifest);
static RefPtr<GetIdentityProviderPromise> PromptUserToSelectProvider(
BrowsingContext* aBrowsingContext,
const Sequence<IdentityProvider>& aProviders);
static RefPtr<GetAccountPromise> PromptUserToSelectAccount(
BrowsingContext* aBrowsingContext, const IdentityAccountList& aAccounts,
const IdentityInternalManifest& aManifest);
static RefPtr<GetAccountPromise> PromptUserWithPolicy(
BrowsingContext* aBrowsingContext, nsIPrincipal* aPrincipal,
const IdentityAccount& aAccount,
const IdentityInternalManifest& aManifest,
const IdentityProvider& aProvider);
static void CloseUserInterface(BrowsingContext* aBrowsingContext);
private:
nsAutoString mToken;
};
} // namespace mozilla::dom
#endif // mozilla_dom_IdentityCredential_h
|
