Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-27 23:02:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7e6034ce84
gecko-dev/services/fxaccounts/FxAccountsCommands.js

431 lines
15 KiB
JavaScript
Raw Blame History

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
const EXPORTED_SYMBOLS = ["SendTab", "FxAccountsCommands"];
const {
COMMAND_SENDTAB,
COMMAND_SENDTAB_TAIL,
SCOPE_OLD_SYNC,
log,
} = ChromeUtils.import("resource://gre/modules/FxAccountsCommon.js");
ChromeUtils.defineModuleGetter(
this,
"PushCrypto",
"resource://gre/modules/PushCrypto.jsm"
);
const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
const { XPCOMUtils } = ChromeUtils.import(
"resource://gre/modules/XPCOMUtils.jsm"
);
const { Observers } = ChromeUtils.import(
"resource://services-common/observers.js"
);
XPCOMUtils.defineLazyModuleGetters(this, {
BulkKeyBundle: "resource://services-sync/keys.js",
CommonUtils: "resource://services-common/utils.js",
CryptoUtils: "resource://services-crypto/utils.js",
CryptoWrapper: "resource://services-sync/record.js",
});
class FxAccountsCommands {
constructor(fxAccountsInternal) {
this._fxai = fxAccountsInternal;
this.sendTab = new SendTab(this, fxAccountsInternal);
this._invokeRateLimitExpiry = 0;
}
async availableCommands() {
if (
!Services.prefs.getBoolPref("identity.fxaccounts.commands.enabled", true)
) {
return {};
}
const sendTabKey = await this.sendTab.getEncryptedKey();
if (!sendTabKey) {
// This will happen if the account is not verified yet.
return {};
}
return {
[COMMAND_SENDTAB]: sendTabKey,
};
}
async invoke(command, device, payload) {
const { sessionToken } = await this._fxai.getUserAccountData([
"sessionToken",
]);
const client = this._fxai.fxAccountsClient;
const now = Date.now();
if (now < this._invokeRateLimitExpiry) {
const remaining = (this._invokeRateLimitExpiry - now) / 1000;
throw new Error(
`Invoke for ${command} is rate-limited for ${remaining} seconds.`
);
}
try {
let info = await client.invokeCommand(
sessionToken,
command,
device.id,
payload
);
if (!info.enqueued || !info.notified) {
// We want an error log here to help diagnose users who report failure.
log.error("Sending was only partially successful", info);
} else {
log.info("Successfully sent", info);
}
} catch (err) {
if (err.code && err.code === 429 && err.retryAfter) {
this._invokeRateLimitExpiry = Date.now() + err.retryAfter * 1000;
}
throw err;
}
log.info(`Payload sent to device ${device.id}.`);
}
/**
* Poll and handle device commands for the current device.
* This method can be called either in response to a Push message,
* or by itself as a "commands recovery" mechanism.
*
* @param {Number} notifiedIndex "Command received" push messages include
* the index of the command that triggered the message. We use it as a
* hint when we have no "last command index" stored.
*/
async pollDeviceCommands(notifiedIndex = 0) {
// Whether the call to `pollDeviceCommands` was initiated by a Push message from the FxA
// servers in response to a message being received or simply scheduled in order
// to fetch missed messages.
if (
!Services.prefs.getBoolPref("identity.fxaccounts.commands.enabled", true)
) {
return false;
}
log.info(`Polling device commands.`);
await this._fxai.withCurrentAccountState(async state => {
const { device } = await state.getUserAccountData(["device"]);
if (!device) {
throw new Error("No device registration.");
}
// We increment lastCommandIndex by 1 because the server response includes the current index.
// If we don't have a `lastCommandIndex` stored, we fall back on the index from the push message we just got.
const lastCommandIndex = device.lastCommandIndex + 1 || notifiedIndex;
// We have already received this message before.
if (notifiedIndex > 0 && notifiedIndex < lastCommandIndex) {
return;
}
const { index, messages } = await this._fetchDeviceCommands(
lastCommandIndex
);
if (messages.length) {
await state.updateUserAccountData({
device: { ...device, lastCommandIndex: index },
});
log.info(`Handling ${messages.length} messages`);
await this._handleCommands(messages, notifiedIndex);
}
});
return true;
}
async _fetchDeviceCommands(index, limit = null) {
const userData = await this._fxai.getUserAccountData();
if (!userData) {
throw new Error("No user.");
}
const { sessionToken } = userData;
if (!sessionToken) {
throw new Error("No session token.");
}
const client = this._fxai.fxAccountsClient;
const opts = { index };
if (limit != null) {
opts.limit = limit;
}
return client.getCommands(sessionToken, opts);
}
_getReason(notifiedIndex, messageIndex) {
// The returned reason value represents an explanation for why the command associated with the
// message of the given `messageIndex` is being handled. If `notifiedIndex` is zero the command
// is a part of a fallback polling process initiated by "Sync Now" ["poll"]. If `notifiedIndex` is
// greater than `messageIndex` this is a push command that was previously missed ["push-missed"],
// otherwise we assume this is a push command with no missed messages ["push"].
if (notifiedIndex == 0) {
return "poll";
} else if (notifiedIndex > messageIndex) {
return "push-missed";
}
// Note: The returned reason might be "push" in the case where a user sends multiple tabs
// in quick succession. We are not attempting to distinguish this from other push cases at
// present.
return "push";
}
async _handleCommands(messages, notifiedIndex) {
try {
await this._fxai.device.refreshDeviceList();
} catch (e) {
log.warn("Error refreshing device list", e);
}
// We debounce multiple incoming tabs so we show a single notification.
const tabsReceived = [];
for (const { index, data } of messages) {
const { command, payload, sender: senderId } = data;
const reason = this._getReason(notifiedIndex, index);
const sender =
senderId && this._fxai.device.recentDeviceList
? this._fxai.device.recentDeviceList.find(d => d.id == senderId)
: null;
if (!sender) {
log.warn(
"Incoming command is from an unknown device (maybe disconnected?)"
);
}
switch (command) {
case COMMAND_SENDTAB:
try {
const { title, uri } = await this.sendTab.handle(
senderId,
payload,
reason
);
log.info(
`Tab received with FxA commands: ${title} from ${
sender ? sender.name : "Unknown device"
}.`
);
tabsReceived.push({ title, uri, sender });
} catch (e) {
log.error(`Error while handling incoming Send Tab payload.`, e);
}
break;
default:
log.info(`Unknown command: ${command}.`);
}
}
if (tabsReceived.length) {
Observers.notify("fxaccounts:commands:open-uri", tabsReceived);
}
}
}
/**
* Send Tab is built on top of FxA commands.
*
* Devices exchange keys wrapped in the oldsync key between themselves (getEncryptedKey)
* during the device registration flow. The FxA server can theorically never
* retrieve the send tab keys since it doesn't know the oldsync key.
*/
class SendTab {
constructor(commands, fxAccountsInternal) {
this._commands = commands;
this._fxai = fxAccountsInternal;
}
/**
* @param {Device[]} to - Device objects (typically returned by fxAccounts.getDevicesList()).
* @param {Object} tab
* @param {string} tab.url
* @param {string} tab.title
* @returns A report object, in the shape of
* {succeded: [Device], error: [{device: Device, error: Exception}]}
*/
async send(to, tab) {
log.info(`Sending a tab to ${to.length} devices.`);
const flowID = this._fxai.telemetry.generateFlowID();
const encoder = new TextEncoder("utf8");
const data = { entries: [{ title: tab.title, url: tab.url }] };
const report = {
succeeded: [],
failed: [],
};
for (let device of to) {
try {
const streamID = this._fxai.telemetry.generateFlowID();
const targetData = Object.assign({ flowID, streamID }, data);
const bytes = encoder.encode(JSON.stringify(targetData));
const encrypted = await this._encrypt(bytes, device);
// FxA expects an object as the payload, but we only have a single encrypted string; wrap it.
// If you add any plaintext items to this payload, please carefully consider the privacy implications
// of revealing that data to the FxA server.
const payload = { encrypted };
await this._commands.invoke(COMMAND_SENDTAB, device, payload);
this._fxai.telemetry.recordEvent(
"command-sent",
COMMAND_SENDTAB_TAIL,
this._fxai.telemetry.sanitizeDeviceId(device.id),
{ flowID, streamID }
);
report.succeeded.push(device);
} catch (error) {
log.error("Error while invoking a send tab command.", error);
report.failed.push({ device, error });
}
}
return report;
}
// Returns true if the target device is compatible with FxA Commands Send tab.
isDeviceCompatible(device) {
return (
Services.prefs.getBoolPref(
"identity.fxaccounts.commands.enabled",
true
) &&
device.availableCommands &&
device.availableCommands[COMMAND_SENDTAB]
);
}
// Handle incoming send tab payload, called by FxAccountsCommands.
async handle(senderID, { encrypted }, reason) {
const bytes = await this._decrypt(encrypted);
const decoder = new TextDecoder("utf8");
const data = JSON.parse(decoder.decode(bytes));
const { flowID, streamID, entries } = data;
const current = data.hasOwnProperty("current")
? data.current
: entries.length - 1;
const { title, url: uri } = entries[current];
// `flowID` and `streamID` are in the top-level of the JSON, `entries` is
// an array of "tabs" with `current` being what index is the one we care
// about, or the last one if not specified.
this._fxai.telemetry.recordEvent(
"command-received",
COMMAND_SENDTAB_TAIL,
this._fxai.telemetry.sanitizeDeviceId(senderID),
{ flowID, streamID, reason }
);
return {
title,
uri,
};
}
async _encrypt(bytes, device) {
let bundle = device.availableCommands[COMMAND_SENDTAB];
if (!bundle) {
throw new Error(`Device ${device.id} does not have send tab keys.`);
}
const oldsyncKey = await this._fxai.keys.getKeyForScope(SCOPE_OLD_SYNC);
// Older clients expect this to be hex, due to pre-JWK sync key ids :-(
const ourKid = this._fxai.keys.kidAsHex(oldsyncKey);
const { kid: theirKid } = JSON.parse(
device.availableCommands[COMMAND_SENDTAB]
);
if (theirKid != ourKid) {
throw new Error("Target Send Tab key ID is different from ours");
}
const json = JSON.parse(bundle);
const wrapper = new CryptoWrapper();
wrapper.deserialize({ payload: json });
const syncKeyBundle = BulkKeyBundle.fromJWK(oldsyncKey);
let { publicKey, authSecret } = await wrapper.decrypt(syncKeyBundle);
authSecret = urlsafeBase64Decode(authSecret);
publicKey = urlsafeBase64Decode(publicKey);
const { ciphertext: encrypted } = await PushCrypto.encrypt(
bytes,
publicKey,
authSecret
);
return urlsafeBase64Encode(encrypted);
}
async _getPersistedKeys() {
const { device } = await this._fxai.getUserAccountData(["device"]);
return device && device.sendTabKeys;
}
async _decrypt(ciphertext) {
let { privateKey, publicKey, authSecret } = await this._getPersistedKeys();
publicKey = urlsafeBase64Decode(publicKey);
authSecret = urlsafeBase64Decode(authSecret);
ciphertext = new Uint8Array(urlsafeBase64Decode(ciphertext));
return PushCrypto.decrypt(
privateKey,
publicKey,
authSecret,
// The only Push encoding we support.
{ encoding: "aes128gcm" },
ciphertext
);
}
async _generateAndPersistKeys() {
let [publicKey, privateKey] = await PushCrypto.generateKeys();
publicKey = urlsafeBase64Encode(publicKey);
let authSecret = PushCrypto.generateAuthenticationSecret();
authSecret = urlsafeBase64Encode(authSecret);
const sendTabKeys = {
publicKey,
privateKey,
authSecret,
};
await this._fxai.withCurrentAccountState(async state => {
const { device } = await state.getUserAccountData(["device"]);
await state.updateUserAccountData({
device: {
...device,
sendTabKeys,
},
});
});
return sendTabKeys;
}
async getEncryptedKey() {
let sendTabKeys = await this._getPersistedKeys();
if (!sendTabKeys) {
sendTabKeys = await this._generateAndPersistKeys();
}
// Strip the private key from the bundle to encrypt.
const keyToEncrypt = {
publicKey: sendTabKeys.publicKey,
authSecret: sendTabKeys.authSecret,
};
// getEncryptedKey() will be called as part of device registration, which
// happens immediately after signup/signin, so there's a good chance we
// don't yet have the sync keys. Unverified users will be unable to fetch
// keys, meaning they will end up registering the device twice (once without
// sendtab support, then once with sendtab support when they verify), but
// that's OK.
// TODO: this will fail if master password is locked; should we prompt to unlock it here?
if (!(await this._fxai.keys.canGetKeyForScope(SCOPE_OLD_SYNC))) {
log.info("Can't fetch keys, so unable to determine sendtab keys");
return null;
}
let oldsyncKey;
try {
oldsyncKey = await this._fxai.keys.getKeyForScope(SCOPE_OLD_SYNC);
} catch (ex) {
log.warn("Failed to fetch keys, so unable to determine sendtab keys", ex);
return null;
}
const wrapper = new CryptoWrapper();
wrapper.cleartext = keyToEncrypt;
const keyBundle = BulkKeyBundle.fromJWK(oldsyncKey);
await wrapper.encrypt(keyBundle);
return JSON.stringify({
// Older clients expect this to be hex, due to pre-JWK sync key ids :-(
kid: this._fxai.keys.kidAsHex(oldsyncKey),
IV: wrapper.IV,
hmac: wrapper.hmac,
ciphertext: wrapper.ciphertext,
});
}
}
function urlsafeBase64Encode(buffer) {
return ChromeUtils.base64URLEncode(new Uint8Array(buffer), { pad: false });
}
function urlsafeBase64Decode(str) {
return ChromeUtils.base64URLDecode(str, { padding: "reject" });
}
Reference in New Issue View Git Blame Copy Permalink