From 3f627fb88e71cf5c5f0956036e26bb8e2d21920f Mon Sep 17 00:00:00 2001 From: Henrik Skupin Date: Fri, 21 Mar 2014 10:23:15 +0100 Subject: [PATCH] Bug 982591 - Update TPS to retrieve keys from server instead of hard-coding them. r=warner --HG-- extra : rebase_source : 2a9449aeca2f28a2bce648971619635b19a4d670 --- services/fxaccounts/FxAccounts.jsm | 12 +++++++----- services/fxaccounts/FxAccountsClient.jsm | 14 +++++++++----- .../fxaccounts/tests/xpcshell/test_client.js | 6 ++++++ .../tps/extensions/tps/resource/fxaccounts.jsm | 17 ++++++----------- 4 files changed, 28 insertions(+), 21 deletions(-) diff --git a/services/fxaccounts/FxAccounts.jsm b/services/fxaccounts/FxAccounts.jsm index 81570bc5b37a..bfb4f835b0b5 100644 --- a/services/fxaccounts/FxAccounts.jsm +++ b/services/fxaccounts/FxAccounts.jsm @@ -360,13 +360,15 @@ FxAccountsInternal.prototype = { * The credentials object obtained by logging in or creating * an account on the FxA server: * { - * email: The users email address - * uid: The user's unique id - * sessionToken: Session for the FxA server - * keyFetchToken: an unused keyFetchToken - * verified: true/false * authAt: The time (seconds since epoch) that this record was * authenticated + * email: The users email address + * keyFetchToken: a keyFetchToken which has not yet been used + * sessionToken: Session for the FxA server + * uid: The user's unique id + * unwrapBKey: used to unwrap kB, derived locally from the + * password (not revealed to the FxA server) + * verified: true/false * } * @return Promise * The promise resolves to null when the data is saved diff --git a/services/fxaccounts/FxAccountsClient.jsm b/services/fxaccounts/FxAccountsClient.jsm index 15c31d0109de..fe3fdde9f0bb 100644 --- a/services/fxaccounts/FxAccountsClient.jsm +++ b/services/fxaccounts/FxAccountsClient.jsm @@ -94,19 +94,21 @@ this.FxAccountsClient.prototype = { * @return Promise * Returns a promise that resolves to an object: * { - * uid: the user's unique ID (hex) - * sessionToken: a session token (hex) - * keyFetchToken: a key fetch token (hex) - * verified: flag indicating verification status of the email * authAt: authentication time for the session (seconds since epoch) * email: the primary email for this account + * keyFetchToken: a key fetch token (hex) + * sessionToken: a session token (hex) + * uid: the user's unique ID (hex) + * unwrapBKey: used to unwrap kB, derived locally from the + * password (not revealed to the FxA server) + * verified: flag indicating verification status of the email * } */ signIn: function signIn(email, password, getKeys=false, retryOK=true) { return Credentials.setup(email, password).then((creds) => { let data = { - email: creds.emailUTF8, authPW: CommonUtils.bytesAsHex(creds.authPW), + email: creds.emailUTF8, }; let keys = getKeys ? "?keys=true" : ""; @@ -115,6 +117,8 @@ this.FxAccountsClient.prototype = { // the caller can set its signed-in user state accordingly. result => { result.email = data.email; + result.unwrapBKey = CommonUtils.bytesAsHex(creds.unwrapBKey); + return result; }, error => { diff --git a/services/fxaccounts/tests/xpcshell/test_client.js b/services/fxaccounts/tests/xpcshell/test_client.js index 149a74fdd812..b6344b121085 100644 --- a/services/fxaccounts/tests/xpcshell/test_client.js +++ b/services/fxaccounts/tests/xpcshell/test_client.js @@ -283,16 +283,22 @@ add_task(function test_signIn() { let client = new FxAccountsClient(server.baseURI); let result = yield client.signIn('mé@example.com', 'bigsecret'); do_check_eq(FAKE_SESSION_TOKEN, result.sessionToken); + do_check_eq(result.unwrapBKey, + "c076ec3f4af123a615157154c6e1d0d6293e514fd7b0221e32d50517ecf002b8"); do_check_eq(undefined, result.keyFetchToken); // Login with retrieving optional keys let result = yield client.signIn('you@example.com', 'bigsecret', true); do_check_eq(FAKE_SESSION_TOKEN, result.sessionToken); + do_check_eq(result.unwrapBKey, + "65970516211062112e955d6420bebe020269d6b6a91ebd288319fc8d0cb49624"); do_check_eq("keyFetchToken", result.keyFetchToken); // Retry due to wrong email capitalization let result = yield client.signIn('You@example.com', 'bigsecret', true); do_check_eq(FAKE_SESSION_TOKEN, result.sessionToken); + do_check_eq(result.unwrapBKey, + "65970516211062112e955d6420bebe020269d6b6a91ebd288319fc8d0cb49624"); do_check_eq("keyFetchToken", result.keyFetchToken); // Don't retry due to wrong email capitalization diff --git a/services/sync/tps/extensions/tps/resource/fxaccounts.jsm b/services/sync/tps/extensions/tps/resource/fxaccounts.jsm index 5330947000f0..82d2c3ec7aec 100644 --- a/services/sync/tps/extensions/tps/resource/fxaccounts.jsm +++ b/services/sync/tps/extensions/tps/resource/fxaccounts.jsm @@ -10,6 +10,7 @@ this.EXPORTED_SYMBOLS = [ const {classes: Cc, interfaces: Ci, utils: Cu} = Components; +Cu.import("resource://gre/modules/FxAccounts.jsm"); Cu.import("resource://gre/modules/FxAccountsClient.jsm"); Cu.import("resource://services-common/async.js"); Cu.import("resource://services-sync/main.js"); @@ -33,17 +34,11 @@ var FxAccountsHelper = { let cb = Async.makeSpinningCallback(); var client = new FxAccountsClient(); - client.signIn(email, password).then(credentials => { - // Add keys because without those setSignedInUser() will fail - credentials.kA = 'foo'; - credentials.kB = 'bar'; - - Weave.Service.identity._fxaService.setSignedInUser(credentials).then(() => { - cb(null); - }, err => { - cb(err); - }); - }, (err) => { + client.signIn(email, password, true).then(credentials => { + return fxAccounts.setSignedInUser(credentials); + }).then(() => { + cb(null); + }, err => { cb(err); });