Prompt user for credentials when http request needs it (#34620)

* prompt user to get their credentials

Signed-off-by: Lloyd Massiah artmis9@protonmail.com

move credential prompt to a function

Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>

* add prompt for step 15.4

Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>

* add new prompt definition for user credentials

Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>

* remove default implementation for HttpState which allowed making the embedder_proxy non-optional

- default implementation was only used in tests so created an alternative create_http_state function

Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>

add credentials to authentication cache

Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>

* add tests that are successful for the happy path

Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>

* add test for user cancels prompt and user inputs incorrect credentials, and refactor shared code between tests

Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>

* handle error when setting username and password in Url and ran formatting

Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>

renaming test functions

Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>

* change authentication flag to false for proxy authentication. The spec doesn't specify that the flag should be true, and the flag is by default false

Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>

* clean up test code a bit

Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>

* add skeleton implementation to support open harmony and android

Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>

* update warning message to include Android

Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>

* fix build error for OH os and Android

Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>

* remove unused import to fix warning

Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>

---------

Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>
Co-authored-by: lazypassion <25536767+lazypassion@users.noreply.github.com>

components/net/tests/fetch.rs

@@ -29,7 +29,6 @@ use net::filemanager_thread::FileManager;
 use net::hsts::HstsEntry;
 use net::protocols::ProtocolRegistry;
 use net::resource_thread::CoreResourceThreadPool;
-use net::test::HttpState;
 use net_traits::filemanager_thread::FileTokenCheck;
 use net_traits::http_status::HttpStatus;
 use net_traits::request::{
@@ -47,8 +46,8 @@ use uuid::Uuid;
 
 use crate::http_loader::{expect_devtools_http_request, expect_devtools_http_response};
 use crate::{
-    create_embedder_proxy, fetch, fetch_with_context, fetch_with_cors_cache, make_server,
-    make_ssl_server, new_fetch_context, DEFAULT_USER_AGENT,
+    create_embedder_proxy, create_http_state, fetch, fetch_with_context, fetch_with_cors_cache,
+    make_server, make_ssl_server, new_fetch_context, DEFAULT_USER_AGENT,
 };
 
 // TODO write a struct that impls Handler for storing test values
@@ -669,7 +668,7 @@ fn test_fetch_with_hsts() {
     let (server, url) = make_ssl_server(handler);
 
     let mut context = FetchContext {
-        state: Arc::new(HttpState::default()),
+        state: Arc::new(create_http_state(None)),
         user_agent: DEFAULT_USER_AGENT.into(),
         devtools_chan: None,
         filemanager: Arc::new(Mutex::new(FileManager::new(
@@ -724,7 +723,7 @@ fn test_load_adds_host_to_hsts_list_when_url_is_https() {
     url.as_mut_url().set_scheme("https").unwrap();
 
     let mut context = FetchContext {
-        state: Arc::new(HttpState::default()),
+        state: Arc::new(create_http_state(None)),
         user_agent: DEFAULT_USER_AGENT.into(),
         devtools_chan: None,
         filemanager: Arc::new(Mutex::new(FileManager::new(
@@ -781,7 +780,7 @@ fn test_fetch_self_signed() {
     url.as_mut_url().set_scheme("https").unwrap();
 
     let mut context = FetchContext {
-        state: Arc::new(HttpState::default()),
+        state: Arc::new(create_http_state(None)),
         user_agent: DEFAULT_USER_AGENT.into(),
         devtools_chan: None,
         filemanager: Arc::new(Mutex::new(FileManager::new(

components/net/tests/http_loader.rs

@@ -6,7 +6,6 @@
 
 use std::collections::HashMap;
 use std::io::Write;
-use std::str;
 use std::sync::atomic::{AtomicBool, Ordering};
 use std::sync::{Arc, Mutex, RwLock};
 use std::time::Duration;
@@ -47,7 +46,10 @@ use servo_url::{ImmutableOrigin, ServoUrl};
 use tokio_test::block_on;
 use url::Url;
 
-use crate::{fetch, fetch_with_context, make_server, new_fetch_context};
+use crate::{
+    create_embedder_proxy_and_receiver, fetch, fetch_with_context, make_server, new_fetch_context,
+    receive_credential_prompt_msgs,
+};
 
 fn mock_origin() -> ImmutableOrigin {
     ServoUrl::parse("http://servo.org").unwrap().origin()
@@ -1479,3 +1481,180 @@ fn test_origin_serialization_compatability() {
 
     ensure_serialiations_match("data:,dataurltexta");
 }
+
+#[test]
+fn test_user_credentials_prompt_when_proxy_authentication_is_required() {
+    let handler = move |request: HyperRequest<Body>, response: &mut HyperResponse<Body>| {
+        let expected = Authorization::basic("username", "test");
+        if let Some(credentials) = request.headers().typed_get::<Authorization<Basic>>() {
+            if credentials == expected {
+                *response.status_mut() = StatusCode::OK;
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        } else {
+            *response.status_mut() = StatusCode::PROXY_AUTHENTICATION_REQUIRED;
+        }
+    };
+    let (server, url) = make_server(handler);
+
+    let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer)
+        .method(Method::GET)
+        .body(None)
+        .destination(Destination::Document)
+        .origin(mock_origin())
+        .pipeline_id(Some(TEST_PIPELINE_ID))
+        .credentials_mode(CredentialsMode::Include)
+        .build();
+
+    let (embedder_proxy, embedder_receiver) = create_embedder_proxy_and_receiver();
+    let _ = receive_credential_prompt_msgs(
+        embedder_receiver,
+        Some("username".to_string()),
+        Some("test".to_string()),
+    );
+
+    let mut context = new_fetch_context(None, Some(embedder_proxy), None);
+
+    let response = fetch_with_context(&mut request, &mut context);
+
+    let _ = server.close();
+
+    assert!(response
+        .internal_response
+        .unwrap()
+        .status
+        .code()
+        .is_success());
+}
+
+#[test]
+fn test_prompt_credentials_when_client_receives_unauthorized_response() {
+    let handler = move |request: HyperRequest<Body>, response: &mut HyperResponse<Body>| {
+        let expected = Authorization::basic("username", "test");
+        if let Some(credentials) = request.headers().typed_get::<Authorization<Basic>>() {
+            if credentials == expected {
+                *response.status_mut() = StatusCode::OK;
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        } else {
+            *response.status_mut() = StatusCode::UNAUTHORIZED;
+        }
+    };
+    let (server, url) = make_server(handler);
+
+    let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer)
+        .method(Method::GET)
+        .body(None)
+        .destination(Destination::Document)
+        .origin(mock_origin())
+        .pipeline_id(Some(TEST_PIPELINE_ID))
+        .credentials_mode(CredentialsMode::Include)
+        .build();
+
+    let (embedder_proxy, embedder_receiver) = create_embedder_proxy_and_receiver();
+    let _ = receive_credential_prompt_msgs(
+        embedder_receiver,
+        Some("username".to_string()),
+        Some("test".to_string()),
+    );
+    let mut context = new_fetch_context(None, Some(embedder_proxy), None);
+
+    let response = fetch_with_context(&mut request, &mut context);
+
+    server.close();
+
+    assert!(response
+        .internal_response
+        .unwrap()
+        .status
+        .code()
+        .is_success());
+}
+
+#[test]
+fn test_prompt_credentials_user_cancels_dialog_input() {
+    let handler = move |request: HyperRequest<Body>, response: &mut HyperResponse<Body>| {
+        let expected = Authorization::basic("username", "test");
+        if let Some(credentials) = request.headers().typed_get::<Authorization<Basic>>() {
+            if credentials == expected {
+                *response.status_mut() = StatusCode::OK;
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        } else {
+            *response.status_mut() = StatusCode::UNAUTHORIZED;
+        }
+    };
+    let (server, url) = make_server(handler);
+
+    let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer)
+        .method(Method::GET)
+        .body(None)
+        .destination(Destination::Document)
+        .origin(mock_origin())
+        .pipeline_id(Some(TEST_PIPELINE_ID))
+        .credentials_mode(CredentialsMode::Include)
+        .build();
+
+    let (embedder_proxy, embedder_receiver) = create_embedder_proxy_and_receiver();
+    let _ = receive_credential_prompt_msgs(embedder_receiver, None, None);
+    let mut context = new_fetch_context(None, Some(embedder_proxy), None);
+
+    let response = fetch_with_context(&mut request, &mut context);
+
+    server.close();
+
+    assert!(response
+        .internal_response
+        .unwrap()
+        .status
+        .code()
+        .is_client_error());
+}
+
+#[test]
+fn test_prompt_credentials_user_input_incorrect_credentials() {
+    let handler = move |request: HyperRequest<Body>, response: &mut HyperResponse<Body>| {
+        let expected = Authorization::basic("username", "test");
+        if let Some(credentials) = request.headers().typed_get::<Authorization<Basic>>() {
+            if credentials == expected {
+                *response.status_mut() = StatusCode::OK;
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        } else {
+            *response.status_mut() = StatusCode::UNAUTHORIZED;
+        }
+    };
+    let (server, url) = make_server(handler);
+
+    let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer)
+        .method(Method::GET)
+        .body(None)
+        .destination(Destination::Document)
+        .origin(mock_origin())
+        .pipeline_id(Some(TEST_PIPELINE_ID))
+        .credentials_mode(CredentialsMode::Include)
+        .build();
+
+    let (embedder_proxy, embedder_receiver) = create_embedder_proxy_and_receiver();
+    let _ = receive_credential_prompt_msgs(
+        embedder_receiver,
+        Some("test".to_string()),
+        Some("test".to_string()),
+    );
+    let mut context = new_fetch_context(None, Some(embedder_proxy), None);
+
+    let response = fetch_with_context(&mut request, &mut context);
+
+    server.close();
+
+    assert!(response
+        .internal_response
+        .unwrap()
+        .status
+        .code()
+        .is_client_error());
+}

components/net/tests/main.rs

@@ -19,21 +19,23 @@ mod resource_thread;
 mod subresource_integrity;
 
 use core::convert::Infallible;
+use std::collections::HashMap;
 use std::fs::File;
 use std::io::{self, BufReader};
 use std::net::TcpListener as StdTcpListener;
 use std::path::{Path, PathBuf};
-use std::sync::{Arc, LazyLock, Mutex, Weak};
+use std::sync::{Arc, LazyLock, Mutex, RwLock, Weak};
 
 use crossbeam_channel::{unbounded, Sender};
 use devtools_traits::DevtoolsControlMsg;
-use embedder_traits::{EmbedderProxy, EventLoopWaker};
+use embedder_traits::{EmbedderProxy, EmbedderReceiver, EventLoopWaker};
 use futures::future::ready;
 use futures::StreamExt;
 use hyper::server::conn::Http;
 use hyper::server::Server as HyperServer;
 use hyper::service::{make_service_fn, service_fn};
 use hyper::{Body, Request as HyperRequest, Response as HyperResponse};
+use net::connector::{create_http_client, create_tls_config};
 use net::fetch::cors_cache::CorsCache;
 use net::fetch::methods::{self, CancellationListener, FetchContext};
 use net::filemanager_thread::FileManager;
@@ -95,6 +97,76 @@ fn create_embedder_proxy() -> EmbedderProxy {
     }
 }
 
+fn create_embedder_proxy_and_receiver() -> (EmbedderProxy, EmbedderReceiver) {
+    let (sender, receiver) = unbounded();
+    let event_loop_waker = || {
+        struct DummyEventLoopWaker {}
+        impl DummyEventLoopWaker {
+            fn new() -> DummyEventLoopWaker {
+                DummyEventLoopWaker {}
+            }
+        }
+        impl embedder_traits::EventLoopWaker for DummyEventLoopWaker {
+            fn wake(&self) {}
+            fn clone_box(&self) -> Box<dyn embedder_traits::EventLoopWaker> {
+                Box::new(DummyEventLoopWaker {})
+            }
+        }
+
+        Box::new(DummyEventLoopWaker::new())
+    };
+
+    let embedder_proxy = embedder_traits::EmbedderProxy {
+        sender: sender.clone(),
+        event_loop_waker: event_loop_waker(),
+    };
+
+    let embedder_receiver = EmbedderReceiver { receiver };
+    (embedder_proxy, embedder_receiver)
+}
+
+fn receive_credential_prompt_msgs(
+    mut embedder_receiver: EmbedderReceiver,
+    username: Option<String>,
+    password: Option<String>,
+) -> std::thread::JoinHandle<()> {
+    std::thread::spawn(move || {
+        let (_browser_context_id, embedder_msg) = embedder_receiver.recv_embedder_msg();
+        match embedder_msg {
+            embedder_traits::EmbedderMsg::Prompt(prompt_definition, _prompt_origin) => {
+                match prompt_definition {
+                    embedder_traits::PromptDefinition::Credentials(ipc_sender) => {
+                        ipc_sender
+                            .send(embedder_traits::PromptCredentialsInput { username, password })
+                            .unwrap();
+                    },
+                    _ => unreachable!(),
+                }
+            },
+            _ => unreachable!(),
+        }
+    })
+}
+
+fn create_http_state(fc: Option<EmbedderProxy>) -> HttpState {
+    let override_manager = net::connector::CertificateErrorOverrideManager::new();
+    HttpState {
+        hsts_list: RwLock::new(net::hsts::HstsList::default()),
+        cookie_jar: RwLock::new(net::cookie_storage::CookieStorage::new(150)),
+        auth_cache: RwLock::new(net::resource_thread::AuthCache::default()),
+        history_states: RwLock::new(HashMap::new()),
+        http_cache: RwLock::new(net::http_cache::HttpCache::default()),
+        http_cache_state: Mutex::new(HashMap::new()),
+        client: create_http_client(create_tls_config(
+            net::connector::CACertificates::Default,
+            false, /* ignore_certificate_errors */
+            override_manager.clone(),
+        )),
+        override_manager,
+        embedder_proxy: Mutex::new(fc.unwrap_or_else(|| create_embedder_proxy())),
+    }
+}
+
 fn new_fetch_context(
     dc: Option<Sender<DevtoolsControlMsg>>,
     fc: Option<EmbedderProxy>,
@@ -103,7 +175,7 @@ fn new_fetch_context(
     let sender = fc.unwrap_or_else(|| create_embedder_proxy());
 
     FetchContext {
-        state: Arc::new(HttpState::default()),
+        state: Arc::new(create_http_state(Some(sender.clone()))),
         user_agent: DEFAULT_USER_AGENT.into(),
         devtools_chan: dc.map(|dc| Arc::new(Mutex::new(dc))),
         filemanager: Arc::new(Mutex::new(FileManager::new(