From e94037960c73e463e8a897c3447c94e1bf7f9392 Mon Sep 17 00:00:00 2001 From: Robin THONI Date: Thu, 27 Jun 2019 15:12:45 +0100 Subject: [PATCH] Ask user confirmation before attempting http authentication --- js/background/inject/inject.js | 34 +++++++++++++++++++++-- js/background/service/httpAuth.js | 45 ++++++++++++++++++++++++------- 2 files changed, 68 insertions(+), 11 deletions(-) diff --git a/js/background/inject/inject.js b/js/background/inject/inject.js index 0f662007..0bb69c86 100644 --- a/js/background/inject/inject.js +++ b/js/background/inject/inject.js @@ -381,6 +381,36 @@ $j(document).ready(function () { _this.copyText = copyText; + function httpAuthRequest(args, sender, sendResponse) { + var login = args.data.login; + var requestDetails = args.data.requestDetails; + var username = (login.username) ? login.username : login.email; + var identity; + + if (login.username && login.email) + { + identity = login.username + " (" + login.email + ")"; + } else { + identity = username; + } + + var useLogin = confirm("Passman: Login as " + identity + " on " + requestDetails.url + "?"); + var credentials = null; + + if (useLogin) { + credentials = { + username: username, + password: login.password + }; + } + + sendResponse({ + credentials: credentials + }); + } + + _this.httpAuthRequest = httpAuthRequest; + function init() { checkForMined(); initForms(); @@ -403,10 +433,10 @@ $j(document).ready(function () { } }, 10); - API.runtime.onMessage.addListener(function (msg, sender) { + API.runtime.onMessage.addListener(function (msg, sender, sendResponse) { //console.log('Method call', msg.method); if (_this[msg.method]) { - _this[msg.method](msg.args, sender); + _this[msg.method](msg.args, sender, sendResponse); } }); }); diff --git a/js/background/service/httpAuth.js b/js/background/service/httpAuth.js index 1a2629ce..20a76fbb 100644 --- a/js/background/service/httpAuth.js +++ b/js/background/service/httpAuth.js @@ -37,7 +37,7 @@ } var auth_tries = []; - var provideCredentialsSync = function (requestDetails) { + var provideCredentialsSync = function (requestDetails, asyncCallback) { if (!auth_tries[requestDetails.requestId]) { auth_tries[requestDetails.requestId] = 0; } @@ -48,23 +48,50 @@ // assume our credentials were bad, and give up. if (pendingRequests.indexOf(requestDetails.requestId) === -1) { pendingRequests.push(requestDetails.requestId); - return { - authCredentials: { - username: (login.username) ? login.username : login.email , - password: login.password - } - }; + if (login) { + var data = { + login: login, + requestDetails: requestDetails + }; + API.tabs.sendMessage(requestDetails.tabId, { + method: 'httpAuthRequest', + args: { + data: data + } + }).then(function (response) { + var result; + if (response != null) { + var credentials = response.credentials; + if (credentials != null) { + result = { + authCredentials: credentials + }; + } + } else { + var username = (login.username) ? login.username : login.email; + result = { + authCredentials: { + username: username, + password: login.password + } + }; + } + asyncCallback(result); + }); + } else { + asyncCallback(undefined); + } } else { console.warn("bad credentials for: " + requestDetails.url + ', Showing login dialog'); //return {cancel: true}; - return undefined; + asyncCallback(undefined); } }; - API.webRequest.onAuthRequired.addListener(provideCredentialsSync, {urls: [""]}, ["blocking"]); + API.webRequest.onAuthRequired.addListener(provideCredentialsSync, {urls: [""]}, ["asyncBlocking"]); API.webRequest.onCompleted.addListener( completed,