Merge pull request #277 from mozilla/enable-sync

FxA and Sync Support

Author: gcp

.github/workflows/enterprise.yml

@@ -260,6 +260,11 @@ jobs:
           . venv_tests/bin/activate
           MOZ_LOG=console:5 xvfb-run python3 test_felt_browser_external_link.py ${{ steps.unpack.outputs.runtime_path }} $PWD/geckodriver $PWD/profiles/
 
+      - name: "test browser fxa"
+        run: |
+          . venv_tests/bin/activate
+          MOZ_LOG=console:5 python3 test_felt_browser_fxa.py ${{ steps.unpack.outputs.runtime_path }} $PWD/geckodriver $PWD/profiles/
+
       - name: "test browser restart is a quit"
         run: |
           . venv_tests/bin/activate
@@ -543,6 +548,12 @@ jobs:
           $Env:MOZ_LOG="console:5"
           python3 test_felt_browser_signout.py "${{ steps.unpack.outputs.firefox_path }}" "${{ steps.unpack.outputs.geckodriver_path }}" "${{ steps.unpack.outputs.profiles_path }}"
 
+      - name: "test browser fxa"
+        run: |
+          . venv_tests\Scripts\activate
+          $Env:MOZ_LOG="console:5"
+          python3 test_felt_browser_fxa.py "${{ steps.unpack.outputs.firefox_path }}" "${{ steps.unpack.outputs.geckodriver_path }}" "${{ steps.unpack.outputs.profiles_path }}"
+
       ### This is failing on our GCP workers in a non debuggable way.
       ### GitHub Actions Windows workers are fine and TaskCluster.
       # - name: "test browser safe mode"
@@ -977,6 +988,11 @@ jobs:
           . venv_tests/bin/activate
           MOZ_LOG=console:5 python3 test_felt_browser_signout.py "${{ steps.attach.outputs.runtime_path }}" $PWD/geckodriver $PWD/profiles/
 
+      - name: "test browser fxa"
+        run: |
+          . venv_tests/bin/activate
+          MOZ_LOG=console:5 python3 test_felt_browser_fxa.py "${{ steps.attach.outputs.runtime_path }}" $PWD/geckodriver $PWD/profiles/
+
       - name: "test browser safe mode"
         run: |
           . venv_tests/bin/activate

.prettierignore

@@ -1241,6 +1241,8 @@ toolkit/modules/AppConstants.sys.mjs
 
 # Files with MOZ_ENTERPRISE preprocessor directives
 browser/components/enterprisepolicies/helpers/WebsiteFilter.sys.mjs
+services/fxaccounts/FxAccounts.sys.mjs
+services/fxaccounts/FxAccountsClient.sys.mjs
 toolkit/components/downloads/DownloadCore.sys.mjs
 toolkit/components/printing/content/print.js
 toolkit/mozapps/extensions/AddonManager.sys.mjs

browser/branding/enterprise/pref/firefox-enterprise.js

@@ -4,7 +4,15 @@
 
 /* global pref */
 
-// This file contains felt-specific prefs.
 pref("enterprise.console.address", "https://console.enterfox.eu");
+
+// Endpoint will be provided by the console.
+pref(
+  "identity.sync.tokenserver.uri",
+  "https://ent-dev-tokenserver.sync.nonprod.webservices.mozgcp.net/1.0/sync/1.5"
+);
+
 pref("browser.profiles.enabled", false);
 pref("extensions.activeThemeID", "firefox-enterprise-light@mozilla.org");
+
+pref("enterprise.loglevel", "Error");

browser/components/BrowserComponents.manifest

@@ -108,5 +108,8 @@ category browser-quit-application-granted resource://gre/modules/UpdateListener.
 #endif
 category browser-quit-application-granted moz-src:///browser/components/urlbar/UrlbarSearchTermsPersistence.sys.mjs UrlbarSearchTermsPersistence.uninit
 category browser-quit-application-granted resource:///modules/ipprotection/IPProtectionService.sys.mjs IPProtectionService.uninit
+#ifdef MOZ_ENTERPRISE
+category browser-quit-application-granted resource:///modules/enterprise/EnterpriseHandler.sys.mjs EnterpriseHandler.uninit
+#endif
 
 category search-service-notification moz-src:///browser/components/search/SearchUIUtils.sys.mjs SearchUIUtils.showSearchServiceNotification

browser/components/enterprise/EnterpriseCommon.sys.mjs

@@ -8,4 +8,7 @@ export const isTesting = () => {
   return Services.prefs.getBoolPref(IS_TESTING_ENVIRONMENT, false);
 };
 
-export const EnterpriseCommon = {};
+export const EnterpriseCommon = {
+  ENTERPRISE_DEVICE_ID_PREF: "enterprise.sync.device_id",
+  ENTERPRISE_LOGLEVEL_PREF: "enterprise.loglevel",
+};

browser/components/enterprise/EnterpriseHandler.sys.mjs

@@ -11,21 +11,119 @@ ChromeUtils.defineLazyGetter(lazy, "localization", () => {
 ChromeUtils.defineESModuleGetters(lazy, {
   BrowserUtils: "resource://gre/modules/BrowserUtils.sys.mjs",
   ConsoleClient: "resource:///modules/enterprise/ConsoleClient.sys.mjs",
+  EnterpriseCommon: "resource:///modules/enterprise/EnterpriseCommon.sys.mjs",
+  UIState: "resource://services-sync/UIState.sys.mjs",
+  Weave: "resource://services-sync/main.sys.mjs",
+});
+
+ChromeUtils.defineLazyGetter(lazy, "log", () => {
+  return console.createInstance({
+    prefix: "EnterpriseHandler",
+    maxLogLevelPref: lazy.EnterpriseCommon.ENTERPRISE_LOGLEVEL_PREF,
+  });
 });
 
 const PROMPT_ON_SIGNOUT_PREF = "enterprise.promptOnSignout";
+const ENTERPRISE_SYNC_ENABLED_PREF = "enterprise.sync.enabledByDefault";
 
 export const EnterpriseHandler = {
   /**
    * @type {{name:string, email:string, pictureUrl:string} | null}
    */
   _signedInUser: null,
 
-  async init(window) {
-    await this.initUser();
+  /**
+   * Whether the handler is initialized, hence we have retrieved the
+   * user information and initialized the sync state.
+   */
+  _isInitialized: false,
 
-    this.hideFxaToolbarButton(window);
+  /**
+   * Handles the enterprise state for each new browser window.
+   * On first call:
+   *    - Make a request to the console to retrieve the user information of the signed in user.
+   *    - Configure sync to be enabled or disable (depending on ENTERPRISE_SYNC_ENABLED_PREF)
+   * On every call:
+   *    - Hide FxA toolbar button and FxA item in app menu (hamburger menu)
+   *
+   * @param {Window} window chrome window
+   */
+  async init(window) {
+    if (!this._isInitialized) {
+      lazy.log.debug("Initializing...");
+      await this.initUser();
+      this.setupSyncOnceInitialized(window);
+    }
     this.updateBadge(window);
+    this.restrictEnterpriseView(window);
+    this._isInitialized = true;
+  },
+
+  /**
+   * Check if the FxA state is initialised yet.
+   *    - If the state is still undefined, listen for a state update
+   *      and set up once the state update occurs.
+   *    - If the state is initialized, set up sync immediately.
+   *
+   * @param {Window} window chrome window
+   */
+  setupSyncOnceInitialized(window) {
+    const status = lazy.UIState.get().status;
+    if (status === lazy.UIState.get().STATUS_NOT_CONFIGURED) {
+      // State not configured yet.
+      lazy.log.debug("Waiting for FxA/Sync status to be updated");
+      const syncStateObserver = (_, topic) => {
+        switch (topic) {
+          case lazy.UIState.ON_UPDATE:
+            lazy.log.debug("Sync state has been initialized");
+            this.setUpSync(window);
+            Services.obs.removeObserver(
+              syncStateObserver,
+              lazy.UIState.ON_UPDATE
+            );
+            break;
+          default:
+            break;
+        }
+      };
+      Services.obs.addObserver(syncStateObserver, lazy.UIState.ON_UPDATE);
+      return;
+    }
+    this.setUpSync();
+  },
+
+  /**
+   * Align sync state with expected state (ENTERPRISE_SYNC_ENABLED_PREF)
+   * by enabling or disabling sync.
+   *
+   * @param {Window} window chrome window
+   */
+  setUpSync(window) {
+    lazy.log.debug("Handling sync state.");
+    const isSyncCurrentlyEnabled = lazy.UIState.get().syncEnabled;
+    const isEnableSync = Services.prefs.getBoolPref(
+      ENTERPRISE_SYNC_ENABLED_PREF,
+      false
+    );
+
+    if (isSyncCurrentlyEnabled === isEnableSync) {
+      // Nothing to do
+      lazy.log.debug(
+        `Not changing sync state. It was already ${isSyncCurrentlyEnabled ? "enabled" : "disabled"}`
+      );
+      return;
+    }
+
+    if (isEnableSync) {
+      lazy.log.debug(`Connect sync.`);
+      lazy.Weave.Service.configure();
+    } else {
+      lazy.log.debug(`Disconnect sync.`);
+      window.gSync.disconnect({
+        confirm: false,
+        disconnectAccount: false,
+      });
+    }
   },
 
   async initUser() {
@@ -42,6 +140,11 @@ export const EnterpriseHandler = {
     }
   },
 
+  /**
+   * Updates the user icon
+   *
+   * @param {Window} window chrome window
+   */
   updateBadge(window) {
     const userIcon = window.document.querySelector("#enterprise-user-icon");
 
@@ -99,11 +202,17 @@ export const EnterpriseHandler = {
     }
   },
 
-  // TODO: FxA shows up in a lot of different areas. For now we hide the most prominent
-  // toolbar button. How to hide or integrate with Fxa and Sync to be determined.
-  hideFxaToolbarButton(window) {
-    const fxaBtn = window.document.getElementById("fxa-toolbar-menu-button");
-    fxaBtn.hidden = true;
+  /**
+   * Hide away FxA appearances in the toolbar and the app menu (hamburger menu)
+   *
+   * @param {Window} window chrome window
+   */
+  restrictEnterpriseView(window) {
+    // Hides fxa toolbar button
+    Services.prefs.setBoolPref("identity.fxaccounts.toolbar.enabled", false);
+
+    // Hides fxa item and separator in main view (hamburg menu)
+    window.PanelUI.mainView.setAttribute("restricted-enterprise-view", true);
   },
 
   async onSignOut(window) {
@@ -168,4 +277,9 @@ export const EnterpriseHandler = {
       Services.startup.quit(Ci.nsIAppStartup.eForceQuit);
     }
   },
+
+  uninit() {
+    this._signedInUser = {};
+    this._isInitialized = false;
+  },
 };

browser/components/enterprise/modules/ConsoleClient.sys.mjs

@@ -6,6 +6,7 @@ const lazy = {};
 
 ChromeUtils.defineESModuleGetters(lazy, {
   TelemetryEnvironment: "resource://gre/modules/TelemetryEnvironment.sys.mjs",
+  EnterpriseCommon: "resource:///modules/enterprise/EnterpriseCommon.sys.mjs",
 });
 
 /**
@@ -104,6 +105,10 @@ export const ConsoleClient = {
       DEVICE_POSTURE: "/sso/device_posture",
       WHOAMI: "/api/browser/whoami",
       LEARN_MORE: "/downloads/firefox.html",
+      FXACCOUNT: "/api/browser/account",
+      FXACCOUNTS_OAUTH: "/api/fxa/oauth/v1",
+      FXACCOUNTS_PROFILE: "/api/fxa/profile/v1",
+      FXACCOUNTS_AUTH: "/api/fxa/api/v1",
     };
   },
 
@@ -148,6 +153,33 @@ export const ConsoleClient = {
     return url.href;
   },
 
+  /**
+   * Get the FxAccounts OAuth endpoint of the console
+   *
+   * returns {string} URI of the endpoint
+   */
+  get fxAccountsOAuth() {
+    return this.constructURI(this._paths.FXACCOUNTS_OAUTH);
+  },
+
+  /**
+   * Get the FxAccounts Profile endpoint of the console
+   *
+   * returns {string} URI of the endpoint
+   */
+  get fxAccountsProfile() {
+    return this.constructURI(this._paths.FXACCOUNTS_PROFILE);
+  },
+
+  /**
+   * Get the FxAccounts Auth endpoint of the console
+   *
+   * returns {string} URI of the endpoint
+   */
+  get fxAccountsAuth() {
+    return this.constructURI(this._paths.FXACCOUNTS_AUTH);
+  },
+
   /**
    * SSO callback uri that we match to create Felt actors on
    *
@@ -189,6 +221,24 @@ export const ConsoleClient = {
     return payload;
   },
 
+  /**
+   * Fetch the account data used for fxa and sync.
+   *
+   * @returns {Promise<object>}
+   */
+  async getFxAccountData() {
+    const deviceId = Services.prefs.getStringPref(
+      lazy.EnterpriseCommon.ENTERPRISE_DEVICE_ID_PREF,
+      ""
+    );
+    const body = {};
+    if (deviceId !== "") {
+      body.device_id = deviceId;
+    }
+    const payload = await this._post(this._paths.FXACCOUNT, body);
+    return payload;
+  },
+
   /**
    * Collect the device posture data and send them to the console.
    *
@@ -506,4 +556,4 @@ export const ConsoleClient = {
       }
     }
   },
-}.init();
+}.init();