|
|
@@ -0,0 +1,158 @@
|
|
|
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
+From: Jeremy Apthorp <[email protected]>
|
|
|
+Date: Tue, 12 Nov 2019 11:50:16 -0800
|
|
|
+Subject: add TrustedAuthClient to URLLoaderFactory
|
|
|
+
|
|
|
+This allows intercepting authentication requests for the 'net' module.
|
|
|
+Without this, the 'login' event for electron.net.ClientRequest can't be
|
|
|
+implemented, because the existing path checks for the presence of a
|
|
|
+WebContents, and cancels the authentication if there's no WebContents
|
|
|
+available, which there isn't in the case of the 'net' module.
|
|
|
+
|
|
|
+diff --git a/services/network/public/mojom/network_context.mojom b/services/network/public/mojom/network_context.mojom
|
|
|
+index 6b14d8354375377526e141ee499a7583be3f22b0..eeb9e19c0ecdf4631e596e7c0927693f2239f293 100644
|
|
|
+--- a/services/network/public/mojom/network_context.mojom
|
|
|
++++ b/services/network/public/mojom/network_context.mojom
|
|
|
+@@ -181,6 +181,25 @@ interface TrustedURLLoaderHeaderClient {
|
|
|
+ pending_receiver<TrustedHeaderClient> header_client);
|
|
|
+ };
|
|
|
+
|
|
|
++interface TrustedAuthClient {
|
|
|
++ OnAuthRequired(
|
|
|
++ mojo_base.mojom.UnguessableToken? window_id,
|
|
|
++ uint32 process_id,
|
|
|
++ uint32 routing_id,
|
|
|
++ uint32 request_id,
|
|
|
++ url.mojom.Url url,
|
|
|
++ bool first_auth_attempt,
|
|
|
++ AuthChallengeInfo auth_info,
|
|
|
++ URLResponseHead? head,
|
|
|
++ pending_remote<AuthChallengeResponder> auth_challenge_responder);
|
|
|
++};
|
|
|
++interface TrustedURLLoaderAuthClient {
|
|
|
++ // When a new URLLoader is created, this will be called to pass a
|
|
|
++ // corresponding |auth_client|.
|
|
|
++ OnLoaderCreated(int32 request_id,
|
|
|
++ pending_receiver<TrustedAuthClient> auth_client);
|
|
|
++};
|
|
|
++
|
|
|
+ interface CertVerifierClient {
|
|
|
+ Verify(
|
|
|
+ int32 default_error,
|
|
|
+@@ -559,6 +578,8 @@ struct URLLoaderFactoryParams {
|
|
|
+ // impact because of the extra process hops, so use should be minimized.
|
|
|
+ pending_remote<TrustedURLLoaderHeaderClient>? header_client;
|
|
|
+
|
|
|
++ pending_remote<TrustedURLLoaderAuthClient>? auth_client;
|
|
|
++
|
|
|
+ // If non-empty array is given, |factory_bound_allow_patterns| is used for
|
|
|
+ // CORS checks in addition to the per-context allow patterns that is managed
|
|
|
+ // via NetworkContext interface. This still respects the per-context block
|
|
|
+diff --git a/services/network/url_loader.cc b/services/network/url_loader.cc
|
|
|
+index d4e13ffaed76847b00cf98b248ba17ad70a9884c..33ab3ea9c60e097d8525f1066f3890a5bccd754a 100644
|
|
|
+--- a/services/network/url_loader.cc
|
|
|
++++ b/services/network/url_loader.cc
|
|
|
+@@ -335,6 +335,7 @@ URLLoader::URLLoader(
|
|
|
+ base::WeakPtr<KeepaliveStatisticsRecorder> keepalive_statistics_recorder,
|
|
|
+ base::WeakPtr<NetworkUsageAccumulator> network_usage_accumulator,
|
|
|
+ mojom::TrustedURLLoaderHeaderClient* url_loader_header_client,
|
|
|
++ mojom::TrustedURLLoaderAuthClient* url_loader_auth_client,
|
|
|
+ mojom::OriginPolicyManager* origin_policy_manager)
|
|
|
+ : url_request_context_(url_request_context),
|
|
|
+ network_service_client_(network_service_client),
|
|
|
+@@ -391,6 +392,11 @@ URLLoader::URLLoader(
|
|
|
+ header_client_.set_disconnect_handler(
|
|
|
+ base::BindOnce(&URLLoader::OnConnectionError, base::Unretained(this)));
|
|
|
+ }
|
|
|
++ if (url_loader_auth_client) {
|
|
|
++ url_loader_auth_client->OnLoaderCreated(request_id_, auth_client_.BindNewPipeAndPassReceiver());
|
|
|
++ auth_client_.set_disconnect_handler(
|
|
|
++ base::BindOnce(&URLLoader::OnConnectionError, base::Unretained(this)));
|
|
|
++ }
|
|
|
+ if (want_raw_headers_) {
|
|
|
+ options_ |= mojom::kURLLoadOptionSendSSLInfoWithResponse |
|
|
|
+ mojom::kURLLoadOptionSendSSLInfoForCertificateError;
|
|
|
+@@ -818,7 +824,7 @@ void URLLoader::OnReceivedRedirect(net::URLRequest* url_request,
|
|
|
+
|
|
|
+ void URLLoader::OnAuthRequired(net::URLRequest* url_request,
|
|
|
+ const net::AuthChallengeInfo& auth_info) {
|
|
|
+- if (!network_context_client_) {
|
|
|
++ if (!network_context_client_ && !auth_client_) {
|
|
|
+ OnAuthCredentials(base::nullopt);
|
|
|
+ return;
|
|
|
+ }
|
|
|
+@@ -834,10 +840,18 @@ void URLLoader::OnAuthRequired(net::URLRequest* url_request,
|
|
|
+ if (url_request->response_headers())
|
|
|
+ head.headers = url_request->response_headers();
|
|
|
+ head.auth_challenge_info = auth_info;
|
|
|
+- network_context_client_->OnAuthRequired(
|
|
|
+- fetch_window_id_, factory_params_->process_id, render_frame_id_,
|
|
|
+- request_id_, url_request_->url(), first_auth_attempt_, auth_info, head,
|
|
|
+- auth_challenge_responder_receiver_.BindNewPipeAndPassRemote());
|
|
|
++
|
|
|
++ if (auth_client_) {
|
|
|
++ auth_client_->OnAuthRequired(
|
|
|
++ fetch_window_id_, factory_params_->process_id, render_frame_id_,
|
|
|
++ request_id_, url_request_->url(), first_auth_attempt_, auth_info, head,
|
|
|
++ auth_challenge_responder_receiver_.BindNewPipeAndPassRemote());
|
|
|
++ } else {
|
|
|
++ network_context_client_->OnAuthRequired(
|
|
|
++ fetch_window_id_, factory_params_->process_id, render_frame_id_,
|
|
|
++ request_id_, url_request_->url(), first_auth_attempt_, auth_info, head,
|
|
|
++ auth_challenge_responder_receiver_.BindNewPipeAndPassRemote());
|
|
|
++ }
|
|
|
+
|
|
|
+ auth_challenge_responder_receiver_.set_disconnect_handler(
|
|
|
+ base::BindOnce(&URLLoader::DeleteSelf, base::Unretained(this)));
|
|
|
+diff --git a/services/network/url_loader.h b/services/network/url_loader.h
|
|
|
+index 0a47148a52a46f8a6f12f503731623f87e15b173..db8ca018c7e99a1a1acea156b4d49a755b93cc09 100644
|
|
|
+--- a/services/network/url_loader.h
|
|
|
++++ b/services/network/url_loader.h
|
|
|
+@@ -85,6 +85,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader
|
|
|
+ base::WeakPtr<KeepaliveStatisticsRecorder> keepalive_statistics_recorder,
|
|
|
+ base::WeakPtr<NetworkUsageAccumulator> network_usage_accumulator,
|
|
|
+ mojom::TrustedURLLoaderHeaderClient* url_loader_header_client,
|
|
|
++ mojom::TrustedURLLoaderAuthClient* url_loader_auth_client,
|
|
|
+ mojom::OriginPolicyManager* origin_policy_manager);
|
|
|
+ ~URLLoader() override;
|
|
|
+
|
|
|
+@@ -362,6 +363,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader
|
|
|
+ base::Optional<base::UnguessableToken> fetch_window_id_;
|
|
|
+
|
|
|
+ mojo::Remote<mojom::TrustedHeaderClient> header_client_;
|
|
|
++ mojo::Remote<mojom::TrustedAuthClient> auth_client_;
|
|
|
+
|
|
|
+ std::unique_ptr<FileOpenerForUpload> file_opener_for_upload_;
|
|
|
+
|
|
|
+diff --git a/services/network/url_loader_factory.cc b/services/network/url_loader_factory.cc
|
|
|
+index 7145e0e96550d554bb1df85bd79818ec9a45f7b1..53225eb1b0b7f1aa2498cecc8222f9f897ac364f 100644
|
|
|
+--- a/services/network/url_loader_factory.cc
|
|
|
++++ b/services/network/url_loader_factory.cc
|
|
|
+@@ -65,6 +65,7 @@ URLLoaderFactory::URLLoaderFactory(
|
|
|
+ params_(std::move(params)),
|
|
|
+ resource_scheduler_client_(std::move(resource_scheduler_client)),
|
|
|
+ header_client_(std::move(params_->header_client)),
|
|
|
++ auth_client_(std::move(params_->auth_client)),
|
|
|
+ cors_url_loader_factory_(cors_url_loader_factory) {
|
|
|
+ DCHECK(context);
|
|
|
+ DCHECK_NE(mojom::kInvalidProcessId, params_->process_id);
|
|
|
+@@ -209,6 +210,7 @@ void URLLoaderFactory::CreateLoaderAndStart(
|
|
|
+ resource_scheduler_client_, std::move(keepalive_statistics_recorder),
|
|
|
+ std::move(network_usage_accumulator),
|
|
|
+ header_client_.is_bound() ? header_client_.get() : nullptr,
|
|
|
++ auth_client_.is_bound() ? auth_client_.get() : nullptr,
|
|
|
+ context_->origin_policy_manager());
|
|
|
+ cors_url_loader_factory_->OnLoaderCreated(std::move(loader));
|
|
|
+ }
|
|
|
+diff --git a/services/network/url_loader_factory.h b/services/network/url_loader_factory.h
|
|
|
+index 7b143aa49be833ddf05b7b99bea19ee0b674b79c..6d1fbca87e3827c953fdac2cfb96806114d8aea9 100644
|
|
|
+--- a/services/network/url_loader_factory.h
|
|
|
++++ b/services/network/url_loader_factory.h
|
|
|
+@@ -71,6 +71,7 @@ class URLLoaderFactory : public mojom::URLLoaderFactory {
|
|
|
+ mojom::URLLoaderFactoryParamsPtr params_;
|
|
|
+ scoped_refptr<ResourceSchedulerClient> resource_scheduler_client_;
|
|
|
+ mojo::Remote<mojom::TrustedURLLoaderHeaderClient> header_client_;
|
|
|
++ mojo::Remote<mojom::TrustedURLLoaderAuthClient> auth_client_;
|
|
|
+
|
|
|
+ // |cors_url_loader_factory_| owns this.
|
|
|
+ cors::CorsURLLoaderFactory* cors_url_loader_factory_;
|
Jeremy Apthorp