Bug 1411646 prevent oauth redirect requests from happening, r=rpl

MozReview-Commit-ID: L8ekyXDeCbp --HG-- extra : rebase_source : 47b0e4a16c18cdc125d0af5d4749285f58f517e0
2024-10-11 12:25:53 +00:00 · 2017-11-09 15:11:13 -08:00 · 2017-11-09 15:11:13 -08:00 · 4e6c5b003f
commit 4e6c5b003f
parent aedb2fa4c6
2 changed files with 21 additions and 12 deletions
--- a/toolkit/components/extensions/ext-identity.js
+++ b/toolkit/components/extensions/ext-identity.js
@ -63,26 +63,25 @@ const openOAuthWindow = (details, redirectURI) => {
    // If the user just closes the window we need to reject
    function unloadlistener() {
      window.removeEventListener("unload", unloadlistener);
-      window.gBrowser.removeTabsProgressListener(wpl);
+      window.gBrowser.removeProgressListener(wpl);
      reject({message: "User cancelled or denied access."});
    }

    wpl = {
-      onLocationChange(browser, webProgress, request, locationURI) {
-        if (locationURI.spec.startsWith(redirectURI)) {
-          resolve(locationURI.spec);
+      onStateChange(progress, request, flags, status) {
+        if (request instanceof Ci.nsIHttpChannel &&
+          request.URI.spec.startsWith(redirectURI)) {
+          request.cancel(Components.results.NS_BINDING_ABORTED);
          window.removeEventListener("unload", unloadlistener);
-          window.gBrowser.removeTabsProgressListener(wpl);
+          window.gBrowser.removeProgressListener(wpl);
          window.close();
+          resolve(request.URI.spec);
        }
      },
-      onProgressChange() {},
-      onStatusChange() {},
-      onSecurityChange() {},
    };

    promiseDocumentLoaded(window.document).then(() => {
-      window.gBrowser.addTabsProgressListener(wpl);
+      window.gBrowser.addProgressListener(wpl);
      window.addEventListener("unload", unloadlistener);
    });
  });
--- a/toolkit/components/extensions/test/mochitest/test_chrome_ext_identity.html
+++ b/toolkit/components/extensions/test/mochitest/test_chrome_ext_identity.html
@ -144,6 +144,13 @@ function background_launchWebAuthFlow(interactive, path, redirect = true) {
    url = `${url}&no_redirect=1`;
  }

+  // Ensure we do not start the actual request for the redirect url.
+  browser.webRequest.onBeforeRequest.addListener(details => {
+    if (details.url.startsWith(expected_redirect)) {
+      browser.test.fail("onBeforeRequest called for redirect url");
+    }
+  }, {urls: ["https://35b64b676900f491c00e7f618d43f7040e88422e.example.com/*"]});
+
  browser.identity.launchWebAuthFlow({interactive, url}).then((redirectURL) => {
    browser.test.assertTrue(redirectURL.startsWith(redirect_uri), `correct redirect url ${redirectURL}`);
    if (redirect) {
@ -172,8 +179,9 @@ add_task(async function test_autoRedirect() {
        },
      },
      "permissions": [
+        "webRequest",
        "identity",
-        "https://example.com/",
+        "https://*.example.com/*",
      ],
    },
    background: `(${background_launchWebAuthFlow})(false, "redirect_auto.sjs")`,
@ -194,8 +202,9 @@ add_task(async function test_noRedirect() {
        },
      },
      "permissions": [
+        "webRequest",
        "identity",
-        "https://example.com/",
+        "https://*.example.com/*",
      ],
    },
    background: `(${background_launchWebAuthFlow})(false, "redirect_auto.sjs", false)`,
@ -219,8 +228,9 @@ add_task(async function test_interaction() {
        },
      },
      "permissions": [
+        "webRequest",
        "identity",
-        "https://example.com/",
+        "https://*.example.com/*",
      ],
    },
    background: `(${background_launchWebAuthFlow})(true, "oauth.html")`,