1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 var EXPORTED_SYMBOLS = ["FxAccountsConfig"];
7 const { RESTRequest } = ChromeUtils.import(
8 "resource://services-common/rest.js"
10 const { log } = ChromeUtils.import(
11 "resource://gre/modules/FxAccountsCommon.js"
13 const { XPCOMUtils } = ChromeUtils.importESModule(
14 "resource://gre/modules/XPCOMUtils.sys.mjs"
19 XPCOMUtils.defineLazyGetter(lazy, "fxAccounts", () => {
20 return ChromeUtils.import(
21 "resource://gre/modules/FxAccounts.jsm"
22 ).getFxAccountsSingleton();
25 ChromeUtils.defineModuleGetter(
27 "EnsureFxAccountsWebChannel",
28 "resource://gre/modules/FxAccountsWebChannel.jsm"
31 XPCOMUtils.defineLazyPreferenceGetter(
34 "identity.fxaccounts.remote.root"
36 XPCOMUtils.defineLazyPreferenceGetter(
39 "identity.fxaccounts.contextParam"
41 XPCOMUtils.defineLazyPreferenceGetter(
44 "identity.fxaccounts.allowHttp",
50 const CONFIG_PREFS = [
51 "identity.fxaccounts.remote.root",
52 "identity.fxaccounts.auth.uri",
53 "identity.fxaccounts.remote.oauth.uri",
54 "identity.fxaccounts.remote.profile.uri",
55 "identity.fxaccounts.remote.pairing.uri",
56 "identity.sync.tokenserver.uri",
58 const SYNC_PARAM = "sync";
60 var FxAccountsConfig = {
61 async promiseEmailURI(email, entrypoint, extraParams = {}) {
62 return this._buildURL("", {
63 extraParams: { entrypoint, email, service: SYNC_PARAM, ...extraParams },
67 async promiseConnectAccountURI(entrypoint, extraParams = {}) {
68 return this._buildURL("", {
78 async promiseForceSigninURI(entrypoint, extraParams = {}) {
79 return this._buildURL("force_auth", {
80 extraParams: { entrypoint, service: SYNC_PARAM, ...extraParams },
81 addAccountIdentifiers: true,
85 async promiseManageURI(entrypoint, extraParams = {}) {
86 return this._buildURL("settings", {
87 extraParams: { entrypoint, ...extraParams },
88 addAccountIdentifiers: true,
92 async promiseChangeAvatarURI(entrypoint, extraParams = {}) {
93 return this._buildURL("settings/avatar/change", {
94 extraParams: { entrypoint, ...extraParams },
95 addAccountIdentifiers: true,
99 async promiseManageDevicesURI(entrypoint, extraParams = {}) {
100 return this._buildURL("settings/clients", {
101 extraParams: { entrypoint, ...extraParams },
102 addAccountIdentifiers: true,
106 async promiseConnectDeviceURI(entrypoint, extraParams = {}) {
107 return this._buildURL("connect_another_device", {
108 extraParams: { entrypoint, service: SYNC_PARAM, ...extraParams },
109 addAccountIdentifiers: true,
113 async promisePairingURI(extraParams = {}) {
114 return this._buildURL("pair", {
116 includeDefaultParams: false,
120 async promiseOAuthURI(extraParams = {}) {
121 return this._buildURL("oauth", {
123 includeDefaultParams: false,
127 async promiseMetricsFlowURI(entrypoint, extraParams = {}) {
128 return this._buildURL("metrics-flow", {
129 extraParams: { entrypoint, ...extraParams },
130 includeDefaultParams: false,
134 get defaultParams() {
135 return { context: lazy.CONTEXT_PARAM };
139 * @param path should be parsable by the URL constructor first parameter.
140 * @param {bool} [options.includeDefaultParams] If true include the default search params.
141 * @param {Object.<string, string>} [options.extraParams] Additionnal search params.
142 * @param {bool} [options.addAccountIdentifiers] if true we add the current logged-in user uid and email to the search params.
147 includeDefaultParams = true,
149 addAccountIdentifiers = false,
152 await this.ensureConfigured();
153 const url = new URL(path, lazy.ROOT_URL);
154 if (lazy.REQUIRES_HTTPS && url.protocol != "https:") {
155 throw new Error("Firefox Accounts server must use HTTPS");
158 ...(includeDefaultParams ? this.defaultParams : null),
161 for (let [k, v] of Object.entries(params)) {
162 url.searchParams.append(k, v);
164 if (addAccountIdentifiers) {
165 const accountData = await this.getSignedInUser();
169 url.searchParams.append("uid", accountData.uid);
170 url.searchParams.append("email", accountData.email);
175 async _buildURLFromString(href, extraParams = {}) {
176 const url = new URL(href);
177 for (let [k, v] of Object.entries(extraParams)) {
178 url.searchParams.append(k, v);
184 let autoconfigURL = this.getAutoConfigURL();
185 if (!autoconfigURL) {
188 // They have the autoconfig uri pref set, so we clear all the prefs that we
189 // will have initialized, which will leave them pointing at production.
190 for (let pref of CONFIG_PREFS) {
191 Services.prefs.clearUserPref(pref);
193 // Reset the webchannel.
194 lazy.EnsureFxAccountsWebChannel();
198 let pref = Services.prefs.getCharPref(
199 "identity.fxaccounts.autoconfig.uri",
203 // no pref / empty pref means we don't bother here.
206 let rootURL = Services.urlFormatter.formatURL(pref);
207 if (rootURL.endsWith("/")) {
208 rootURL = rootURL.slice(0, -1);
213 async ensureConfigured() {
214 let isSignedIn = !!(await this.getSignedInUser());
216 await this.updateConfigURLs();
220 // Returns true if this user is using the FxA "production" systems, false
221 // if using any other configuration, including self-hosting or the FxA
222 // non-production systems such as "dev" or "staging".
223 // It's typically used as a proxy for "is this likely to be a self-hosted
224 // user?", but it's named this way to make the implementation less
225 // surprising. As a result, it's fairly conservative and would prefer to have
226 // a false-negative than a false-position as it determines things which users
227 // might consider sensitive (notably, telemetry).
228 // Note also that while it's possible to self-host just sync and not FxA, we
229 // don't make that distinction - that's a self-hoster from the POV of this
231 isProductionConfig() {
232 // Specifically, if the autoconfig URLs, or *any* of the URLs that
233 // we consider configurable are modified, we assume self-hosted.
234 if (this.getAutoConfigURL()) {
237 for (let pref of CONFIG_PREFS) {
238 if (Services.prefs.prefHasUserValue(pref)) {
245 // Read expected client configuration from the fxa auth server
246 // (from `identity.fxaccounts.autoconfig.uri`/.well-known/fxa-client-configuration)
247 // and replace all the relevant our prefs with the information found there.
248 // This is only done before sign-in and sign-up, and even then only if the
249 // `identity.fxaccounts.autoconfig.uri` preference is set.
250 async updateConfigURLs() {
251 let rootURL = this.getAutoConfigURL();
255 const config = await this.fetchConfigDocument(rootURL);
257 // Update the prefs directly specified by the config.
258 let authServerBase = config.auth_server_base_url;
259 if (!authServerBase.endsWith("/v1")) {
260 authServerBase += "/v1";
262 Services.prefs.setCharPref(
263 "identity.fxaccounts.auth.uri",
266 Services.prefs.setCharPref(
267 "identity.fxaccounts.remote.oauth.uri",
268 config.oauth_server_base_url + "/v1"
270 // At the time of landing this, our servers didn't yet answer with pairing_server_base_uri.
271 // Remove this condition check once Firefox 68 is stable.
272 if (config.pairing_server_base_uri) {
273 Services.prefs.setCharPref(
274 "identity.fxaccounts.remote.pairing.uri",
275 config.pairing_server_base_uri
278 Services.prefs.setCharPref(
279 "identity.fxaccounts.remote.profile.uri",
280 config.profile_server_base_url + "/v1"
282 Services.prefs.setCharPref(
283 "identity.sync.tokenserver.uri",
284 config.sync_tokenserver_base_url + "/1.0/sync/1.5"
286 Services.prefs.setCharPref("identity.fxaccounts.remote.root", rootURL);
288 // Ensure the webchannel is pointed at the correct uri
289 lazy.EnsureFxAccountsWebChannel();
292 "Failed to initialize configuration preferences from autoconfig object",
299 // Read expected client configuration from the fxa auth server
300 // (or from the provided rootURL, if present) and return it as an object.
301 async fetchConfigDocument(rootURL = null) {
303 rootURL = lazy.ROOT_URL;
305 let configURL = rootURL + "/.well-known/fxa-client-configuration";
306 let request = new RESTRequest(configURL);
307 request.setHeader("Accept", "application/json");
309 // Catch and rethrow the error inline.
310 let resp = await request.get().catch(e => {
311 log.error(`Failed to get configuration object from "${configURL}"`, e);
315 // Note: 'resp.body' is included with the error log below as we are not concerned
316 // that the body will contain PII, but if that changes it should be excluded.
318 `Received HTTP response code ${resp.status} from configuration object request:
322 `HTTP status ${resp.status} from configuration object request`
325 log.debug("Got successful configuration response", resp.body);
327 return JSON.parse(resp.body);
330 `Failed to parse configuration preferences from ${configURL}`,
337 // For test purposes, returns a Promise.
339 return lazy.fxAccounts.getSignedInUser();