WebIdentityParent.h (13627B)
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #ifndef mozilla_dom_WebIdentityParent_h 8 #define mozilla_dom_WebIdentityParent_h 9 10 #include "mozilla/dom/PWebIdentity.h" 11 #include "mozilla/dom/PWebIdentityParent.h" 12 #include "mozilla/dom/WindowGlobalParent.h" 13 14 namespace mozilla::dom { 15 16 class WebIdentityParent final : public PWebIdentityParent { 17 NS_INLINE_DECL_REFCOUNTING(WebIdentityParent, override); 18 19 public: 20 WebIdentityParent() = default; 21 virtual void ActorDestroy(ActorDestroyReason aWhy) override; 22 23 CanonicalBrowsingContext* MaybeBrowsingContext() { 24 WindowGlobalParent* manager = static_cast<WindowGlobalParent*>(Manager()); 25 if (!manager) { 26 return nullptr; 27 } 28 return manager->BrowsingContext(); 29 } 30 31 mozilla::ipc::IPCResult RecvGetIdentityCredential( 32 IdentityCredentialRequestOptions&& aOptions, 33 const CredentialMediationRequirement& aMediationRequirement, 34 bool aHasUserActivation, const GetIdentityCredentialResolver& aResolver); 35 36 mozilla::ipc::IPCResult RecvRequestCancel(); 37 38 mozilla::ipc::IPCResult RecvDisconnectIdentityCredential( 39 const IdentityCredentialDisconnectOptions& aOptions, 40 const DisconnectIdentityCredentialResolver& aResolver); 41 42 mozilla::ipc::IPCResult RecvSetLoginStatus( 43 LoginStatus aStatus, const SetLoginStatusResolver& aResolver); 44 45 mozilla::ipc::IPCResult RecvPreventSilentAccess( 46 const PreventSilentAccessResolver& aResolver); 47 48 mozilla::ipc::IPCResult RecvResolveContinuationWindow( 49 nsCString&& aToken, IdentityResolveOptions&& aOptions, 50 const ResolveContinuationWindowResolver& aResolver); 51 52 mozilla::ipc::IPCResult RecvIsActiveContinuationWindow( 53 const IsActiveContinuationWindowResolver& aResolver); 54 55 private: 56 ~WebIdentityParent() = default; 57 }; 58 59 namespace identity { 60 // These are promise types, all used to support the async implementation of 61 // this API. All are of the form MozPromise<RefPtr<T>, nsresult>. 62 // Tuples are included to shuffle additional values along, so that the 63 // intermediate state is entirely in the promise chain and we don't have to 64 // capture an early step's result into a callback for a subsequent promise. 65 using GetIdentityCredentialPromise = 66 MozPromise<RefPtr<IdentityCredential>, nsresult, true>; 67 using GetIdentityCredentialsPromise = 68 MozPromise<nsTArray<RefPtr<IdentityCredential>>, nsresult, true>; 69 using GetIPCIdentityCredentialPromise = 70 MozPromise<IPCIdentityCredential, nsresult, true>; 71 using GetIPCIdentityCredentialsPromise = 72 MozPromise<CopyableTArray<IPCIdentityCredential>, nsresult, true>; 73 using GetIdentityProviderRequestOptionsPromise = 74 MozPromise<IdentityProviderRequestOptions, nsresult, true>; 75 using ValidationPromise = MozPromise<bool, nsresult, true>; 76 using GetRootManifestPromise = 77 MozPromise<Maybe<IdentityProviderWellKnown>, nsresult, true>; 78 using GetManifestPromise = 79 MozPromise<IdentityProviderAPIConfig, nsresult, true>; 80 using IdentityProviderRequestOptionsWithManifest = 81 std::tuple<IdentityProviderRequestOptions, IdentityProviderAPIConfig>; 82 using GetIdentityProviderRequestOptionsWithManifestPromise = 83 MozPromise<IdentityProviderRequestOptionsWithManifest, nsresult, true>; 84 using GetAccountListPromise = MozPromise< 85 std::tuple<IdentityProviderAPIConfig, IdentityProviderAccountList>, 86 nsresult, true>; 87 using GetIdentityAssertionPromise = 88 MozPromise<std::tuple<IdentityAssertionResponse, IdentityProviderAccount>, 89 nsresult, true>; 90 using GetTokenPromise = 91 MozPromise<std::tuple<nsCString, nsCString, const bool>, nsresult, true>; 92 using GetAccountPromise = MozPromise< 93 std::tuple<IdentityProviderAPIConfig, IdentityProviderAccount, const bool>, 94 nsresult, true>; 95 using GetMetadataPromise = 96 MozPromise<IdentityProviderClientMetadata, nsresult, true>; 97 98 RefPtr<GetIPCIdentityCredentialPromise> GetCredentialInMainProcess( 99 nsIPrincipal* aPrincipal, WebIdentityParent* aRelyingParty, 100 IdentityCredentialRequestOptions&& aOptions, 101 const CredentialMediationRequirement& aMediationRequirement, 102 bool aHasUserActivation); 103 104 nsresult CanSilentlyCollect(nsIPrincipal* aPrincipal, 105 nsIPrincipal* aIDPPrincipal, bool* aResult); 106 107 Maybe<IdentityProviderAccount> FindAccountToReauthenticate( 108 const IdentityProviderRequestOptions& aProvider, nsIPrincipal* aRPPrincipal, 109 const IdentityProviderAccountList& aAccountList); 110 111 Maybe<IdentityProviderRequestOptionsWithManifest> SkipAccountChooser( 112 const Sequence<IdentityProviderRequestOptions>& aProviders, 113 const Sequence<GetManifestPromise::ResolveOrRejectValue>& aManifests); 114 115 // Start the FedCM flow. This will start the timeout timer, fire initial 116 // network requests, prompt the user, and call into CreateCredential. 117 // 118 // Arguments: 119 // aPrincipal: the caller of navigator.credentials.get()'s principal 120 // aBrowsingContext: the BC of the caller of navigator.credentials.get() 121 // aOptions: argument passed to navigator.credentials.get() 122 // Return value: 123 // a promise resolving to an IPC credential with type "identity", id 124 // constructed to identify it, and token corresponding to the token 125 // fetched in FetchToken. This promise may reject with nsresult errors. 126 // Side effects: 127 // Will send network requests to the IDP. The details of which are in the 128 // other methods here. 129 RefPtr<GetIPCIdentityCredentialPromise> DiscoverFromExternalSourceInMainProcess( 130 nsIPrincipal* aPrincipal, WebIdentityParent* aRelyingParty, 131 const IdentityCredentialRequestOptions& aOptions, 132 const CredentialMediationRequirement& aMediationRequirement); 133 134 // Create an IPC credential that can be passed back to the content process. 135 // This calls a lot of helpers to do the logic of going from a single provider 136 // to a bearer token for an account at that provider. 137 // 138 // Arguments: 139 // aPrincipal: the caller of navigator.credentials.get()'s principal 140 // aBrowsingContext: the BC of the caller of navigator.credentials.get() 141 // aProvider: the provider to validate the root manifest of 142 // aManifest: the internal manifest of the identity provider 143 // Return value: 144 // a promise resolving to an IPC credential with type "identity", id 145 // constructed to identify it, and token corresponding to the token 146 // fetched in FetchToken. This promise may reject with nsresult errors. 147 // Side effects: 148 // Will send network requests to the IDP. The details of which are in the 149 // other methods here. 150 RefPtr<GetIPCIdentityCredentialPromise> CreateCredentialDuringDiscovery( 151 nsIPrincipal* aPrincipal, WebIdentityParent* aRelyingParty, 152 const IdentityProviderRequestOptions& aProvider, 153 const IdentityProviderAPIConfig& aManifest, 154 const CredentialMediationRequirement& aMediationRequirement); 155 156 // Performs a Fetch for the root manifest of the provided identity provider 157 // if needed and validates its structure. The returned promise resolves 158 // if a regular manifest fetch can proceed, with a root manifest value if 159 // one was fetched 160 // 161 // Arguments: 162 // aPrincipal: the caller of navigator.credentials.get()'s principal 163 // aProvider: the provider to validate the root manifest of 164 // Return value: 165 // promise that resolves to a root manifest if one is fetched. Will reject 166 // when there are network or other errors. 167 // Side effects: 168 // Network request to the IDP's well-known if it is needed 169 // 170 RefPtr<GetRootManifestPromise> FetchRootManifest( 171 nsIPrincipal* aPrincipal, const IdentityProviderConfig& aProvider); 172 173 // Performs a Fetch for the internal manifest of the provided identity 174 // provider. The returned promise resolves with the manifest retrieved. 175 // 176 // Arguments: 177 // aPrincipal: the caller of navigator.credentials.get()'s principal 178 // aProvider: the provider to fetch the root manifest 179 // Return value: 180 // promise that resolves to the internal manifest. Will reject 181 // when there are network or other errors. 182 // Side effects: 183 // Network request to the URL in aProvider as the manifest from inside a 184 // NullPrincipal sandbox 185 // 186 RefPtr<GetManifestPromise> FetchManifest( 187 nsIPrincipal* aPrincipal, const IdentityProviderConfig& aProvider); 188 189 // Performs a Fetch for the account list from the provided identity 190 // provider. The returned promise resolves with the manifest and the fetched 191 // account list in a tuple of objects. We put the argument manifest in the 192 // tuple to facilitate clean promise chaining. 193 // 194 // Arguments: 195 // aPrincipal: the caller of navigator.credentials.get()'s principal 196 // aProvider: the provider to get account lists from 197 // aManifest: the provider's internal manifest 198 // Return value: 199 // promise that resolves to a Tuple of the passed manifest and the fetched 200 // account list. Will reject when there are network or other errors. 201 // Side effects: 202 // Network request to the provider supplied account endpoint with 203 // credentials but without any indication of aPrincipal. 204 // 205 RefPtr<GetAccountListPromise> FetchAccountList( 206 nsIPrincipal* aPrincipal, const IdentityProviderRequestOptions& aProvider, 207 const IdentityProviderAPIConfig& aManifest); 208 209 // Performs a Fetch for a bearer token to the provided identity 210 // provider for a given account. The returned promise resolves with the 211 // account argument and the fetched token in a tuple of objects. 212 // We put the argument account in the 213 // tuple to facilitate clean promise chaining. 214 // 215 // Arguments: 216 // aPrincipal: the caller of navigator.credentials.get()'s principal 217 // aProvider: the provider to get account lists from 218 // aManifest: the provider's internal manifest 219 // aAccount: the account to request 220 // aIsAutoSelected: whether the account was auto-selected during the user 221 // account selection process 222 // Return value: 223 // promise that resolves to a Tuple of the passed account and the fetched 224 // token. Will reject when there are network or other errors. 225 // Side effects: 226 // Network request to the provider supplied token endpoint with 227 // credentials and including information about the requesting principal. 228 // 229 RefPtr<GetTokenPromise> FetchToken( 230 nsIPrincipal* aPrincipal, WebIdentityParent* aRelyingParty, 231 const IdentityProviderRequestOptions& aProvider, 232 const IdentityProviderAPIConfig& aManifest, 233 const IdentityProviderAccount& aAccount, const bool aIsAutoSelected); 234 235 // Show the user a dialog to select what identity provider they would like 236 // to try to log in with. 237 // 238 // Arguments: 239 // aBrowsingContext: the BC of the caller of navigator.credentials.get() 240 // aProviders: the providers to let the user select from 241 // aManifests: the manifests 242 // Return value: 243 // a promise resolving to an identity provider that the user took action 244 // to select. This promise may reject with nsresult errors. 245 // Side effects: 246 // Will show a dialog to the user. 247 RefPtr<GetIdentityProviderRequestOptionsWithManifestPromise> 248 PromptUserToSelectProvider( 249 BrowsingContext* aBrowsingContext, 250 const Sequence<IdentityProviderRequestOptions>& aProviders, 251 const Sequence<GetManifestPromise::ResolveOrRejectValue>& aManifests); 252 253 // Show the user a dialog to select what account they would like 254 // to try to log in with. 255 // 256 // Arguments: 257 // aBrowsingContext: the BC of the caller of navigator.credentials.get() 258 // aAccounts: the accounts to let the user select from 259 // aProvider: the provider that was chosen 260 // aManifest: the identity provider that was chosen's manifest 261 // Return value: 262 // a promise resolving to an account that the user took action 263 // to select (and aManifest). This promise may reject with nsresult errors. 264 // Side effects: 265 // Will show a dialog to the user. 266 RefPtr<GetAccountPromise> PromptUserToSelectAccount( 267 BrowsingContext* aBrowsingContext, 268 const IdentityProviderAccountList& aAccounts, 269 const IdentityProviderRequestOptions& aProvider, 270 const IdentityProviderAPIConfig& aManifest); 271 272 // Make a connection between the identity provider, relying party, and the 273 // account ID in the persistent database. 274 // 275 // Arguments: 276 // aPrincipal: the principal of the callor of navigator.credentials.get() 277 // aAccountId: the account to be linked 278 // aProvider: the identity provider's requested options 279 // Return value: 280 // Success or failure, as nsresult 281 // Side effects: 282 // Modifies the IdentityCredentialStorageService state for this account. 283 nsresult LinkAccount(nsIPrincipal* aPrincipal, const nsCString& aAccountId, 284 const IdentityProviderRequestOptions& aProvider); 285 286 // Close all dialogs associated with IdentityCredential generation on the 287 // provided browsing context 288 // 289 // Arguments: 290 // aBrowsingContext: the BC of the caller of navigator.credentials.get() 291 // Side effects: 292 // Will close a dialog shown to the user. 293 void CloseUserInterface(BrowsingContext* aBrowsingContext); 294 295 RefPtr<MozPromise<bool, nsresult, true>> DisconnectInMainProcess( 296 nsIPrincipal* aDocumentPrincipal, 297 const IdentityCredentialDisconnectOptions& aOptions); 298 299 RefPtr<GetTokenPromise> AuthorizationPopupForToken( 300 nsIURI* aContinueURI, WebIdentityParent* aRelyingParty, 301 const IdentityProviderAccount& aAccount, const bool isAutoSelected); 302 303 } // namespace identity 304 305 } // namespace mozilla::dom 306 307 #endif // mozilla_dom_WebIdentityParent_h