// Copyright 2020 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "content/browser/webid/idp_network_request_manager.h" #include "base/base64.h" #include "base/containers/flat_set.h" #include "base/json/json_writer.h" #include "base/strings/escape.h" #include "base/strings/string_util.h" #include "base/task/sequenced_task_runner.h" #include "content/browser/renderer_host/render_frame_host_impl.h" #include "content/browser/webid/fedcm_metrics.h" #include "content/browser/webid/flags.h" #include "content/browser/webid/webid_utils.h" #include "content/public/browser/identity_request_dialog_controller.h" #include "content/public/browser/render_frame_host.h" #include "content/public/browser/storage_partition.h" #include "content/public/common/color_parser.h" #include "mojo/public/cpp/bindings/remote.h" #include "net/base/isolation_info.h" #include "net/base/registry_controlled_domains/registry_controlled_domain.h" #include "net/base/url_util.h" #include "net/cookies/site_for_cookies.h" #include "net/http/http_request_headers.h" #include "net/http/http_status_code.h" #include "services/data_decoder/public/cpp/decode_image.h" #include "services/network/public/cpp/is_potentially_trustworthy.h" #include "services/network/public/cpp/resource_request.h" #include "services/network/public/cpp/shared_url_loader_factory.h" #include "services/network/public/cpp/simple_url_loader.h" #include "services/network/public/mojom/client_security_state.mojom.h" #include "services/network/public/mojom/url_response_head.mojom.h" #include "third_party/blink/public/common/manifest/manifest_icon_selector.h" #include "third_party/blink/public/mojom/webid/federated_auth_request.mojom.h" #include "third_party/skia/include/core/SkBitmap.h" #include "ui/gfx/color_utils.h" #include "ui/gfx/image/image.h" #include "url/origin.h" namespace content { namespace { LoginState; AccountList; ClientMetadata; Endpoints; FetchStatus; TokenResult; TokenError; ParseStatus; AccountsResponseInvalidReason; ErrorDialogType; TokenResponseType; ErrorUrlType; // TODO(kenrb): These need to be defined in the explainer or draft spec and // referenced here. // Path to find the well-known file on the eTLD+1 host. constexpr char kWellKnownPath[] = …; // Well-known file JSON keys constexpr char kProviderUrlListKey[] = …; // fedcm.json configuration keys. constexpr char kIdAssertionEndpoint[] = …; constexpr char kClientMetadataEndpointKey[] = …; constexpr char kMetricsEndpoint[] = …; constexpr char kDisconnectEndpoint[] = …; constexpr char kModesKey[] = …; constexpr char kTypesKey[] = …; // Keys in the 'accounts' dictionary constexpr char kIncludeKey[] = …; // Keys in the 'modes' dictionary. constexpr char kButtonModeKey[] = …; constexpr char kWidgetModeKey[] = …; // Keys in the specific mode dictionary. constexpr char kSupportsUseOtherAccountKey[] = …; // Shared between the well-known files and config files constexpr char kAccountsEndpointKey[] = …; constexpr char kLoginUrlKey[] = …; // Keys in fedcm.json 'branding' dictionary. constexpr char kIdpBrandingBackgroundColorKey[] = …; constexpr char kIdpBrandingForegroundColorKey[] = …; // Client metadata keys. constexpr char kPrivacyPolicyKey[] = …; constexpr char kTermsOfServiceKey[] = …; // Accounts endpoint response keys. constexpr char kAccountsKey[] = …; constexpr char kIdpBrandingKey[] = …; // Keys in 'account' dictionary in accounts endpoint. constexpr char kAccountIdKey[] = …; constexpr char kAccountEmailKey[] = …; constexpr char kAccountNameKey[] = …; constexpr char kAccountGivenNameKey[] = …; constexpr char kAccountPictureKey[] = …; constexpr char kAccountApprovedClientsKey[] = …; constexpr char kHintsKey[] = …; constexpr char kDomainHintsKey[] = …; constexpr char kLabelsKey[] = …; // Keys in 'branding' 'icons' dictionary in config for the IDP icon and client // metadata endpoint for the RP icon. constexpr char kBrandingIconsKey[] = …; constexpr char kBrandingIconUrl[] = …; constexpr char kBrandingIconSize[] = …; // The id assertion endpoint contains a token result. constexpr char kTokenKey[] = …; // The id assertion endpoint contains a URL, which indicates that // the serve wants to direct the user to continue on a pop-up // window before it provides a token result. constexpr char kContinueOnKey[] = …; // The id assertion endpoint may contain an error dict containing a code and url // which describes the error. constexpr char kErrorKey[] = …; constexpr char kErrorCodeKey[] = …; constexpr char kErrorUrlKey[] = …; // Body content types. constexpr char kUrlEncodedContentType[] = …; constexpr char kPlusJson[] = …; constexpr char kApplicationJson[] = …; constexpr char kTextJson[] = …; // Error API codes. constexpr char kGenericEmpty[] = …; constexpr char kInvalidRequest[] = …; constexpr char kUnauthorizedClient[] = …; constexpr char kAccessDenied[] = …; constexpr char kTemporarilyUnavailable[] = …; constexpr char kServerError[] = …; // Disconnect response keys. constexpr char kDisconnectAccountId[] = …; // 1 MiB is an arbitrary upper bound that should account for any reasonable // response size that is a part of this protocol. constexpr int maxResponseSizeInKiB = …; net::NetworkTrafficAnnotationTag CreateTrafficAnnotation() { … } GURL ResolveConfigUrl(const GURL& config_url, const std::string& endpoint) { … } GURL ExtractUrl(const base::Value::Dict& response, const char* key) { … } std::string ExtractString(const base::Value::Dict& response, const char* key) { … } std::optional<content::IdentityRequestAccount> ParseAccount( const base::Value::Dict& account, const std::string& client_id) { … } // Parses accounts from given Value. Returns true if parse is successful and // adds parsed accounts to the |account_list|. bool ParseAccounts(const base::Value::List& accounts, AccountList& account_list, const std::string& client_id, AccountsResponseInvalidReason& parsing_error) { … } std::optional<SkColor> ParseCssColor(const std::string* value) { … } GURL FindBestMatchingIconUrl(const base::Value::List* icons_value, int brand_icon_ideal_size, int brand_icon_minimum_size) { … } // Parse IdentityProviderMetadata from given value. Overwrites |idp_metadata| // with the parsed value. void ParseIdentityProviderMetadata(const base::Value::Dict& idp_metadata_value, int brand_icon_ideal_size, int brand_icon_minimum_size, IdentityProviderMetadata& idp_metadata) { … } // This method follows https://mimesniff.spec.whatwg.org/#json-mime-type. bool IsJsonMimeType(const std::string& mime_type) { … } ParseStatus GetResponseError(std::string* response_body, int response_code, const std::string& mime_type) { … } ParseStatus GetParsingError( const data_decoder::DataDecoder::ValueOrError& result) { … } void OnJsonParsed( IdpNetworkRequestManager::ParseJsonCallback parse_json_callback, int response_code, data_decoder::DataDecoder::ValueOrError result) { … } void OnDownloadedJson( IdpNetworkRequestManager::ParseJsonCallback parse_json_callback, std::unique_ptr<std::string> response_body, int response_code, const std::string& mime_type) { … } GURL ExtractEndpoint(const GURL& provider, const base::Value::Dict& response, const char* key) { … } void OnWellKnownParsed( IdpNetworkRequestManager::FetchWellKnownCallback callback, const GURL& well_known_url, FetchStatus fetch_status, data_decoder::DataDecoder::ValueOrError result) { … } void OnConfigParsed(const GURL& provider, blink::mojom::RpMode rp_mode, int idp_brand_icon_ideal_size, int idp_brand_icon_minimum_size, IdpNetworkRequestManager::FetchConfigCallback callback, FetchStatus fetch_status, data_decoder::DataDecoder::ValueOrError result) { … } void OnClientMetadataParsed( int rp_brand_icon_ideal_size, int rp_brand_icon_minimum_size, IdpNetworkRequestManager::FetchClientMetadataCallback callback, FetchStatus fetch_status, data_decoder::DataDecoder::ValueOrError result) { … } void OnAccountsRequestParsed( std::string client_id, IdpNetworkRequestManager::AccountsRequestCallback callback, FetchStatus fetch_status, data_decoder::DataDecoder::ValueOrError result) { … } std::pair<GURL, std::optional<ErrorUrlType>> GetErrorUrlAndType( const std::string* url, const GURL& idp_url) { … } ErrorDialogType GetErrorDialogType(const std::string& code, const GURL& url) { … } TokenResponseType GetTokenResponseType(const std::string* token, const std::string* continue_on, const base::Value::Dict* error) { … } bool IsOkResponseCode(int response_code) { … } ErrorDialogType GetErrorDialogTypeAndSetTokenError(int response_code, TokenResult& token_result) { … } void OnTokenRequestParsed( IdpNetworkRequestManager::TokenRequestCallback callback, IdpNetworkRequestManager::ContinueOnCallback continue_on_callback, IdpNetworkRequestManager::RecordErrorMetricsCallback record_error_metrics_callback, const GURL& token_url, FetchStatus fetch_status, data_decoder::DataDecoder::ValueOrError result) { … } void OnLogoutCompleted(IdpNetworkRequestManager::LogoutCallback callback, std::unique_ptr<std::string> response_body, int response_code, const std::string& mime_type) { … } void OnDisconnectResponseParsed( IdpNetworkRequestManager::DisconnectCallback callback, FetchStatus fetch_status, data_decoder::DataDecoder::ValueOrError result) { … } } // namespace IdpNetworkRequestManager::Endpoints::Endpoints() = default; IdpNetworkRequestManager::Endpoints::~Endpoints() = default; IdpNetworkRequestManager::Endpoints::Endpoints(const Endpoints& other) = default; IdpNetworkRequestManager::WellKnown::WellKnown() = default; IdpNetworkRequestManager::WellKnown::~WellKnown() = default; IdpNetworkRequestManager::WellKnown::WellKnown(const WellKnown& other) = default; IdpNetworkRequestManager::TokenResult::TokenResult() = default; IdpNetworkRequestManager::TokenResult::~TokenResult() = default; IdpNetworkRequestManager::TokenResult::TokenResult(const TokenResult& other) = default; // static std::unique_ptr<IdpNetworkRequestManager> IdpNetworkRequestManager::Create( RenderFrameHostImpl* host) { … } IdpNetworkRequestManager::IdpNetworkRequestManager( const url::Origin& relying_party_origin, scoped_refptr<network::SharedURLLoaderFactory> loader_factory, network::mojom::ClientSecurityStatePtr client_security_state) : … { … } IdpNetworkRequestManager::~IdpNetworkRequestManager() = default; // static std::optional<GURL> IdpNetworkRequestManager::ComputeWellKnownUrl( const GURL& provider) { … } void IdpNetworkRequestManager::FetchWellKnown(const GURL& provider, FetchWellKnownCallback callback) { … } void IdpNetworkRequestManager::FetchConfig(const GURL& provider, blink::mojom::RpMode rp_mode, int idp_brand_icon_ideal_size, int idp_brand_icon_minimum_size, FetchConfigCallback callback) { … } void IdpNetworkRequestManager::SendAccountsRequest( const GURL& accounts_url, const std::string& client_id, AccountsRequestCallback callback) { … } void IdpNetworkRequestManager::SendTokenRequest( const GURL& token_url, const std::string& account, const std::string& url_encoded_post_data, TokenRequestCallback callback, ContinueOnCallback continue_on, RecordErrorMetricsCallback record_error_metrics_callback) { … } void IdpNetworkRequestManager::SendSuccessfulTokenRequestMetrics( const GURL& metrics_endpoint_url, base::TimeDelta api_call_to_show_dialog_time, base::TimeDelta show_dialog_to_continue_clicked_time, base::TimeDelta account_selected_to_token_response_time, base::TimeDelta api_call_to_token_response_time) { … } void IdpNetworkRequestManager::SendFailedTokenRequestMetrics( const GURL& metrics_endpoint_url, MetricsEndpointErrorCode error_code) { … } void IdpNetworkRequestManager::SendLogout(const GURL& logout_url, LogoutCallback callback) { … } void IdpNetworkRequestManager::SendDisconnectRequest( const GURL& disconnect_url, const std::string& account_hint, const std::string& client_id, DisconnectCallback callback) { … } void IdpNetworkRequestManager::DownloadAndDecodeImage(const GURL& url, ImageCallback callback) { … } void IdpNetworkRequestManager::DownloadJsonAndParse( std::unique_ptr<network::ResourceRequest> resource_request, std::optional<std::string> url_encoded_post_data, ParseJsonCallback parse_json_callback, size_t max_download_size, bool allow_http_error_results) { … } void IdpNetworkRequestManager::DownloadUrl( std::unique_ptr<network::ResourceRequest> resource_request, std::optional<std::string> url_encoded_post_data, DownloadCallback callback, size_t max_download_size, bool allow_http_error_results) { … } void IdpNetworkRequestManager::OnDownloadedUrl( std::unique_ptr<network::SimpleURLLoader> url_loader, IdpNetworkRequestManager::DownloadCallback callback, std::unique_ptr<std::string> response_body) { … } void IdpNetworkRequestManager::FetchClientMetadata( const GURL& endpoint, const std::string& client_id, int rp_brand_icon_ideal_size, int rp_brand_icon_minimum_size, FetchClientMetadataCallback callback) { … } void IdpNetworkRequestManager::OnDownloadedImage( ImageCallback callback, std::unique_ptr<std::string> response_body, int response_code, const std::string& mime_type) { … } void IdpNetworkRequestManager::OnDecodedImage(ImageCallback callback, const SkBitmap& decoded_bitmap) { … } std::unique_ptr<network::ResourceRequest> IdpNetworkRequestManager::CreateUncredentialedResourceRequest( const GURL& target_url, bool send_origin, bool follow_redirects) const { … } std::unique_ptr<network::ResourceRequest> IdpNetworkRequestManager::CreateCredentialedResourceRequest( const GURL& target_url, CredentialedResourceRequestType type) const { … } } // namespace content
Codebase Browser
chromium