Necko:nsIAuthPrompt2

From MozillaWiki
Jump to: navigation, search

https://bugzilla.mozilla.org/show_bug.cgi?id=265780

This page describes new and improved authentication interfaces for necko. There are various downsides of the current ones, including:

The interfaces in question are nsIAuthPrompt and nsIPromptService; possibly nsIPrompt as well.

I'll suggest an nsIAuthPrompt2 interface below. Its methods will have counterparts in nsIPromptService2; they will have the same signature but an additional window argument.

The nsIAuthPrompt2 is what necko calls stuff on; nsIPromptService2 is what embeddors would implement.

This suggestion is based on https://bugzilla.mozilla.org/attachment.cgi?id=163161 but slightly modified, and async calls added.

/**
* A object that hold authentication information. The caller of
* nsIAuthPrompt2::promptUsernameAndPassword or
* nsIAuthPrompt2::promptPasswordAsync provides an object implementing this
* interface; the prompt implementation can then read the values here to prefill
* the dialog. After the user entered the authentication information, it should
* set the attributes of this object to indicate to the caller what was entered
* by the user.
*/
[scriptable, uuid(0d73639c-2a92-4518-9f92-28f71fea5f20)]
interface nsIAuthInformation : nsISupports
{
 /** @name Flags */
 /* @{ */
 /**
  * This dialog belongs to a network host.
  */
 const PRUint32 AUTH_HOST = 1;
 /**
  * This dialog belongs to a proxy.
  */
 const PRUint32 AUTH_PROXY = 2;
 /**
  * This dialog needs domain information. The user interface should show a
  * domain field, prefilled with the domain attribute's value.
  */
 const PRUint32 NEED_DOMAIN = 4;
 /**
  * This dialog only asks for password information. The implementation SHOULD
  * NOT show a username field. It MUST NOT modify the user attribute,
  * although it should show its initial value to the user in some form. For
  * example, a paragraph in the dialog might say "Please enter your password
  * for user jsmith at server intranet".
  *
  * This flag is mutually exclusive with #NEED_DOMAIN.
  */
 const PRUint32 ONLY_PASSWORD = 8;
 /* @} */
 /**
  * Flags describing this dialog. A bitwise OR of the flag values
  * above.
  *
  * It is possible that neither #AUTH_HOST nor #AUTH_PROXY are set.
  *
  * Implementations should ignore flags they don't understand; especially, they
  * should not throw an exception because of an unsupported flag.
  */
 readonly attribute unsigned long flags;
 /**
  * The server-supplied realm of the authentication as defined in RFC 2617.
  * Can be the empty string if the protocol does not support realms.
  * Otherwise, this is a human-readable string like "Secret files".
  */
 readonly attribute AString realm;
 /**
  * The authentication scheme used for this request, if applicable. If the
  * protocol for this authentication does not support schemes, this will be
  * the empty string. Otherwise, this will be a string such as "basic" or 
  * "digest". This string will always be in lowercase.
  */
 readonly attribute AUTF8String authenticationScheme;
 /**
  * The initial value should be used to prefill the dialog.
  * Implementations should not show the password in clear.
  * On return, this parameter should contain the username entered by
  * the user.
  */
 attribute AString username;
 /**
  * The initial value should be used to prefill the dialog or show it
  * in some other way to the user.
  * On return, this parameter should contain the username entered by
  * the user.
  */
 attribute AString password;
 /**
  * The initial value should be used to prefill the dialog or show it
  * in some other way to the user.
  * On return, this parameter should contain the domain entered by
  * the user.
  * This attribute is only used if flags include #NEED_DOMAIN.
  */
 attribute AString domain;
};
/**
* Interface for callback methods for the asynchronous nsIAuthPrompt2 method.
* Callers MUST call exactly one method if nsIAuthPrompt2::promptPasswordAsync
* returns successfully. They MUST NOT call any method on this interface before
* promptPasswordAsync returns.
*/
[scriptable, uuid(bdc387d7-2d29-4cac-92f1-dd75d786631d)]
interface nsIAuthPromptCallback : nsISupports
{
 /**
  * Authentication information is available.
  *
  * @param aContext
  *        The context as passed to promptPasswordAsync
  * @param aAuthInfo
  *        Authentication information. Must be the same object that was passed
  *        to promptPasswordAsync.
  *
  * @note  Any exceptions thrown from this method should be ignored.
  */
 void onAuthAvailable(in nsISupports aContext,
                      in nsIAuthInformation aAuthInfo);
 /**
  * Notification that the prompt was cancelled.
  *
  * @param aContext
  *        The context that was passed to promptPasswordAsync.
  * @param userCancel
  *        If false, this prompt was cancelled by calling the
  *        the cancel method on the nsICancelable; otherwise,
  *        it was cancelled by the user.
  */
 void onAuthCancelled(in nsISupports aContext, in boolean userCancel);
};


/**
* An interface allowing to prompt for a username and password. This interface
* is usually acquired using getInterface on notification callbacks or similar.
* It can be used to prompt users for authentication information, either
* synchronously or asynchronously.
*/
[scriptable, uuid(447fc780-1d28-412a-91a1-466d48129c65)]
interface nsIAuthPrompt2 : nsISupports
{         
 /** @name Security Levels */
 /* @{ */
 /**
  * The password will be sent unencrypted. No security provided.
  */
 const PRUint32 LEVEL_NONE = 0;
 /**
  * Password will be sent encrypted, but the connection is otherwise
  * insecure.
  */
 const PRUint32 LEVEL_PW_ENCRYPTED = 1;
 /**
  * The connection, both for password and data, is secure.
  */
 const PRUint32 LEVEL_SECURE = 2;
 /* @} */
 /**
  * Requests a username and a password. Implementations will commonly show a
  * dialog with a username and password field, depending on flags also a
  * domain field.
  *
  * @param aChannel
  *        The channel that requires authentication.
  * @param level
  *        One of the level constants from above. See there for descriptions
  *        of the levels.
  * @param authInfo
  *        Authentication information object. The implementation should fill in
  *        this object with the information entered by the user before
  *        returning.
  *
  * @retval true
  *         Authentication can proceed using the values in the authInfo
  *         object.
  * @retval false
  *         Authentication should be cancelled, usually because the user did
  *         not provide username/password.
  *
  * @note   Exceptions thrown from this function will be treated like a
  *         return value of false.
  */
 boolean promptAuth(in nsIChannel aChannel,
                    in PRUint32 level,
                    in nsIAuthInformation authInfo);
 /**
  * Asynchronously prompt the user for a username and password.
  * This has largely the same semantics as promptUsernameAndPassword(),
  * but must return immediately after calling and return the entered
  * data in a callback.
  *
  * If the user closes the dialog using a cancel button or similar,
  * the callback's nsIAuthPromptCallback::onAuthCancelled method must be
  * called.
  * Calling nsICancelable::cancel on the returned object SHOULD close the
  * dialog and MUST call nsIAuthPromptCallback::onAuthCancelled on the provided
  * callback.
  *
  * @throw NS_ERROR_NOT_IMPLEMENTED
  *        Asynchronous authentication prompts are not supported;
  *        the caller should fall back to promptUsernameAndPassword().
  */
 nsICancelable asyncPromptAuth(in nsIChannel aChannel,
                               in nsIAuthPromptCallback aCallback,
                               in nsISupports aContext,
                               in PRUint32 level,
                               in nsIAuthInformation authInfo);
};



Issues

  • NSS/PSM wants to prompt for passwords as well, and has no nsIChannel available
    • http://lxr.mozilla.org/seamonkey/source/security/manager/ssl/src/nsNSSCallbacks.cpp#188
    • Make aChannel an nsISupports, which can also be a certificate or certificate store or whatever?
    • However, after thinking more about this, I don't think it makes sense for this interface to be used by PSM. PSM has no use for a user or a domain, the "levels" here are not useful for it, and dialogs for certificate stores will probably look quite different. It should have its own interface.
  • Use nsIRequest instead of nsIChannel?
    • SOCKS authentication on a raw socket might be a use case
    • But nsIRequest has no obvious place to get something remotely URI-like
  • The parameter lists are quite long; group some of the info together on an object? This object could be passed to both functions.
    • It would fix this error: ../../../../../mozilla/netwerk/base/public/nsIAuthPrompt2.idl:106: Error: [domstring], [utf8string], [cstring], [astring] types cannot be used as inout parameters
    • switched to that in the interfaces above
  • mention threads in the docs
  • what's "LEVEL_SECURE"?
  • maybe nsIAuthInformation could have a parameter filled on return for how long to allow caching of auth info

Reasonings

This lists some reasons for why some parts of the interface look like they do

  • nsIChannel as opposed to nsIURI allows inspecting the securityInfo of the channel to determine the quality of the SSL encryption
  • Added authenticationScheme (RFC 2617 wording) to nsIAuthInformation to provide more information to the impl (they can always ignore the field if they don't care). this will be basic, digest, etc.
    • The level is still useful, for SSL and for not requiring the impl to understand all possible schemes, and also for non-HTTP protocols

Wallet/Satchel

These want to add a checkbox to the dialog. I propose an interface like this:

/**
 * This interface allows creating auth prompts that have a specific parent.
 */
[scriptable, uuid(...)]
interface nsIPromptFactory
{
 /**
  * Returns an object implementing the specified interface that creates
  * prompts parented to aParent.
  */
 void getPrompt(in nsIDOMWindow aParent, in nsIIDRef iid,
                [iid_is(iid),retval] out nsQIResult result);
};

This allows more flexibility than the current interface that wraps an nsIPrompt.

For actually adding the checkbox, nsIPromptService2 will need a method like promptUsernameAndPassword2Checkbox (I decided on naming it promptAuth)