libservo: Add a delegate method for HTTP authentication (#35400)

Add a delegate method for HTTP authentication and a related
`AuthenticationRequest` object that carries with it the URL as well as
whether or not the authentication request is for a proxy or not.

This is now separate from the prompt API because requesting
authentication doesn't necessarily involve prompting -- this is an
implementation detail of the embedder. In addition, the internal bits
are cleaned up slightly.

Signed-off-by: Martin Robinson <mrobinson@igalia.com>

components/net/http_loader.rs

@@ -9,15 +9,13 @@ use std::time::{Duration, SystemTime, UNIX_EPOCH};
 
 use async_recursion::async_recursion;
 use base::cross_process_instant::CrossProcessInstant;
-use base::id::{HistoryStateId, PipelineId, WebViewId};
+use base::id::{HistoryStateId, PipelineId};
 use crossbeam_channel::Sender;
 use devtools_traits::{
     ChromeToDevtoolsControlMsg, DevtoolsControlMsg, HttpRequest as DevtoolsHttpRequest,
     HttpResponse as DevtoolsHttpResponse, NetworkEvent,
 };
-use embedder_traits::{
-    EmbedderMsg, EmbedderProxy, PromptCredentialsInput, PromptDefinition, PromptOrigin,
-};
+use embedder_traits::{AuthenticationResponse, EmbedderMsg, EmbedderProxy};
 use futures::{future, TryFutureExt, TryStreamExt};
 use headers::authorization::Basic;
 use headers::{
@@ -107,6 +105,28 @@ pub struct HttpState {
     pub embedder_proxy: Mutex<EmbedderProxy>,
 }
 
+impl HttpState {
+    fn request_authentication(
+        &self,
+        request: &Request,
+        response: &Response,
+    ) -> Option<AuthenticationResponse> {
+        // We do not make an authentication request for non-WebView associated HTTP requests.
+        let webview_id = request.target_webview_id?;
+        let for_proxy = response.status == StatusCode::PROXY_AUTHENTICATION_REQUIRED;
+
+        let embedder_proxy = self.embedder_proxy.lock().unwrap();
+        let (ipc_sender, ipc_receiver) = ipc::channel().unwrap();
+        embedder_proxy.send(EmbedderMsg::RequestAuthentication(
+            webview_id,
+            request.url(),
+            for_proxy,
+            ipc_sender,
+        ));
+        ipc_receiver.recv().ok()?
+    }
+}
+
 /// Step 13 of <https://fetch.spec.whatwg.org/#concept-fetch>.
 pub(crate) fn set_default_accept(request: &mut Request) {
     if request.headers.contains_key(header::ACCEPT) {
@@ -1595,27 +1615,22 @@ async fn http_network_or_cache_fetch(
 
         // Step 14.3 If request’s use-URL-credentials flag is unset or isAuthenticationFetch is true, then:
         if !request.use_url_credentials || authentication_fetch_flag {
-            let Some(webview_id) = request.target_webview_id else {
-                return response;
-            };
-            let Some(credentials) =
-                prompt_user_for_credentials(&context.state.embedder_proxy, webview_id)
-            else {
-                return response;
-            };
-            let Some(username) = credentials.username else {
-                return response;
-            };
-            let Some(password) = credentials.password else {
+            let Some(credentials) = context.state.request_authentication(request, &response) else {
                 return response;
             };
 
-            if let Err(err) = request.current_url_mut().set_username(&username) {
+            if let Err(err) = request
+                .current_url_mut()
+                .set_username(&credentials.username)
+            {
                 error!("error setting username for url: {:?}", err);
                 return response;
             };
 
-            if let Err(err) = request.current_url_mut().set_password(Some(&password)) {
+            if let Err(err) = request
+                .current_url_mut()
+                .set_password(Some(&credentials.password))
+            {
                 error!("error setting password for url: {:?}", err);
                 return response;
             };
@@ -1654,25 +1669,14 @@ async fn http_network_or_cache_fetch(
 
         // Step 15.4 Prompt the end user as appropriate in request’s window
         // window and store the result as a proxy-authentication entry.
-        let Some(webview_id) = request.target_webview_id else {
-            return response;
-        };
-        let Some(credentials) =
-            prompt_user_for_credentials(&context.state.embedder_proxy, webview_id)
-        else {
-            return response;
-        };
-        let Some(user_name) = credentials.username else {
-            return response;
-        };
-        let Some(password) = credentials.password else {
+        let Some(credentials) = context.state.request_authentication(request, &response) else {
             return response;
         };
 
-        // store the credentials as a proxy-authentication entry.
+        // Store the credentials as a proxy-authentication entry.
         let entry = AuthCacheEntry {
-            user_name,
-            password,
+            user_name: credentials.username,
+            password: credentials.password,
         };
         {
             let mut auth_cache = context.state.auth_cache.write().unwrap();
@@ -1794,28 +1798,6 @@ impl Drop for ResponseEndTimer {
     }
 }
 
-fn prompt_user_for_credentials(
-    embedder_proxy: &Mutex<EmbedderProxy>,
-    webview_id: WebViewId,
-) -> Option<PromptCredentialsInput> {
-    let proxy = embedder_proxy.lock().unwrap();
-
-    let (ipc_sender, ipc_receiver) = ipc::channel().unwrap();
-
-    proxy.send(EmbedderMsg::Prompt(
-        webview_id,
-        PromptDefinition::Credentials(ipc_sender),
-        PromptOrigin::Trusted,
-    ));
-
-    let Ok(credentials) = ipc_receiver.recv() else {
-        warn!("error getting user credentials");
-        return None;
-    };
-
-    Some(credentials)
-}
-
 /// [HTTP network fetch](https://fetch.spec.whatwg.org/#http-network-fetch)
 async fn http_network_fetch(
     fetch_params: &mut FetchParams,

components/net/tests/http_loader.rs

@@ -17,6 +17,7 @@ use devtools_traits::{
     ChromeToDevtoolsControlMsg, DevtoolsControlMsg, HttpRequest as DevtoolsHttpRequest,
     HttpResponse as DevtoolsHttpResponse, NetworkEvent,
 };
+use embedder_traits::AuthenticationResponse;
 use flate2::write::{GzEncoder, ZlibEncoder};
 use flate2::Compression;
 use headers::authorization::Basic;
@@ -1577,8 +1578,10 @@ fn test_user_credentials_prompt_when_proxy_authentication_is_required() {
     let (embedder_proxy, embedder_receiver) = create_embedder_proxy_and_receiver();
     let _ = receive_credential_prompt_msgs(
         embedder_receiver,
-        Some("username".to_string()),
-        Some("test".to_string()),
+        Some(AuthenticationResponse {
+            username: "username".into(),
+            password: "test".into(),
+        }),
     );
 
     let mut context = new_fetch_context(None, Some(embedder_proxy), None);
@@ -1625,8 +1628,10 @@ fn test_prompt_credentials_when_client_receives_unauthorized_response() {
     let (embedder_proxy, embedder_receiver) = create_embedder_proxy_and_receiver();
     let _ = receive_credential_prompt_msgs(
         embedder_receiver,
-        Some("username".to_string()),
-        Some("test".to_string()),
+        Some(AuthenticationResponse {
+            username: "username".into(),
+            password: "test".into(),
+        }),
     );
     let mut context = new_fetch_context(None, Some(embedder_proxy), None);
 
@@ -1670,7 +1675,7 @@ fn test_prompt_credentials_user_cancels_dialog_input() {
         .build();
 
     let (embedder_proxy, embedder_receiver) = create_embedder_proxy_and_receiver();
-    let _ = receive_credential_prompt_msgs(embedder_receiver, None, None);
+    let _ = receive_credential_prompt_msgs(embedder_receiver, None);
     let mut context = new_fetch_context(None, Some(embedder_proxy), None);
 
     let response = fetch_with_context(request, &mut context);
@@ -1715,8 +1720,10 @@ fn test_prompt_credentials_user_input_incorrect_credentials() {
     let (embedder_proxy, embedder_receiver) = create_embedder_proxy_and_receiver();
     let _ = receive_credential_prompt_msgs(
         embedder_receiver,
-        Some("test".to_string()),
-        Some("test".to_string()),
+        Some(AuthenticationResponse {
+            username: "test".into(),
+            password: "test".into(),
+        }),
     );
     let mut context = new_fetch_context(None, Some(embedder_proxy), None);
 

components/net/tests/main.rs

@@ -28,7 +28,7 @@ use std::sync::{Arc, LazyLock, Mutex, RwLock, Weak};
 
 use crossbeam_channel::{unbounded, Receiver, Sender};
 use devtools_traits::DevtoolsControlMsg;
-use embedder_traits::{EmbedderMsg, EmbedderProxy, EventLoopWaker};
+use embedder_traits::{AuthenticationResponse, EmbedderMsg, EmbedderProxy, EventLoopWaker};
 use futures::future::ready;
 use http_body_util::combinators::BoxBody;
 use http_body_util::{BodyExt, Empty, Full};
@@ -125,21 +125,13 @@ fn create_embedder_proxy_and_receiver() -> (EmbedderProxy, Receiver<EmbedderMsg>
 
 fn receive_credential_prompt_msgs(
     embedder_receiver: Receiver<EmbedderMsg>,
-    username: Option<String>,
-    password: Option<String>,
+    response: Option<AuthenticationResponse>,
 ) -> std::thread::JoinHandle<()> {
     std::thread::spawn(move || loop {
         let embedder_msg = embedder_receiver.recv().unwrap();
         match embedder_msg {
-            embedder_traits::EmbedderMsg::Prompt(_, prompt_definition, _prompt_origin) => {
-                match prompt_definition {
-                    embedder_traits::PromptDefinition::Credentials(ipc_sender) => {
-                        ipc_sender
-                            .send(embedder_traits::PromptCredentialsInput { username, password })
-                            .unwrap();
-                    },
-                    _ => unreachable!(),
-                }
+            embedder_traits::EmbedderMsg::RequestAuthentication(_, _, _, response_sender) => {
+                let _ = response_sender.send(response);
                 break;
             },
             embedder_traits::EmbedderMsg::WebResourceRequested(..) => {},