Closed Bug 1383426 Opened 7 years ago Closed 7 years ago

proxyAPI should notify addon when authentication fails

Categories

(WebExtensions :: Request Handling, enhancement, P2)

Product:
WebExtensions
Component:
Request Handling
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: ericjung, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [proxy]) 

When authentication fails, the addon should be notified through a listener or similar means. We could reuse https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/proxy/onProxyError, but I think another listener would be more appropriate; e.g. onAuthenticationError.

For implementation:

In FoxyProxy, we handle it like this:

Implement nsIAuthPromptProvider.getAuthPrompt(). If aPromptReason === Ci.nsIAuthPromptProvider.PROMPT_PROXY, then we return our own nsIAuthPrompt2 instance. In our nsIAuthPrompt2.promptAuth() function, we increment a counter. If the counter is less than 10, we fill the nsIAuthInformation object with username/password/realm/etc. If the counter is 10 or more, we assume authentication failed. There's actually another step where we check Ci.nsILoginManager for saved credentials, but I don't think we should do that for the API.

https://code.getfoxyproxy.org/Foxyproxy_Firefox/tree/src/modules/authPromptProvider.jsm#n128
Blocks: webextensions-proxy-api
Depends on: 1381290
Priority: -- → P2
Whiteboard: [proxy]
Please make it P1. For our webextension it's a vital bug. We will have a gap for not working extension for 1.5 months if this won't be fixed in FF 57.

Our extension: https://addons.mozilla.org/firefox/addon/browsec/
> Please make it P1. For our webextension it's a vital bug

I don't think this is going to make Firefox 57. You should be able to implement this yourself, within your addon, using counters. High-level overview:

1. In webrequest.onBeforeRequest() or similar, set counter for this URL to 0.
2. In webrequest.onAuthRequired(), if isProxy is |true| and counter for |url| is greater than 1 (or you can use a fudge factor of 3 or 5), then you know authentication has failed.
3. In webrequest.onCompleted, reset counter for this URL

I did something in the FoxyProxy legacy addon very similar to this, and it worked fine. When FoxyProxy detected broken credentials in this manner, user was alerted.
I'll second that.  Firefox doesn't technically know a auth failure happened, it gets a 407 response from the http server.  When that happens, webRequest.onAuthRequired is called.  You have to decide when to consider that an auth failure and notify the user.  If you can technically explain a problem not covered by this please feel free to reopen.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
> 1. In webrequest.onBeforeRequest() or similar, set counter for this URL to 0.

Don't do it by URL. Do it by requestId. Much easier and more precise, too.

> 3. In webrequest.onCompleted, reset counter for this URL.

Not sure this is necessary if doing it by requestId. Just be sure the counter array (if that's what you'll be using to store counters) doesn't grow without bounds.
Chrome Addon which does something like this:
https://chrome.google.com/webstore/detail/proxy-auto-auth/ggmdpepbjljkkkdaklfihhngmmgmpggp

I'm not vouching for this code, and I don't know the license under which is it published:

chrome.webRequest.onAuthRequired.addListener(
	function(details) {

	var locked = isLocked();
	var idstr = details.requestId.toString();

	if(details.isProxy === true && !locked) {
		console.log('AUTH - ' + details.requestId);
			
		if(!(idstr in calls))
			calls[idstr] = 0;
		calls[idstr] = calls[idstr] + 1;
			
		var retry = parseInt(localStorage["proxy_retry"]) || DEFAULT_RETRY_ATTEMPTS || 5;
			
		if(calls[idstr] >= retry){
			lock();
			chrome.notifications.create(NOTIFICATION_ID, {
				'type': 'basic',
				'iconUrl': 'icon_locked_128.png',
				'title': 'Proxy Auto Auth error',
				'message': 'A lot of Proxy Authentication requests have been detected. There is probably a mistake in your credentials. For your safety, the extension has been temporary locked. To unlock it, click the save button in the options.',
				'isClickable': true,
				'priority': 2
			}, function(id){ 
				//console.log('notification callback'); 
			});
			calls = {};
			return({
				cancel : true
			});
		}
			
		var login = localStorage["proxy_login"];
		var password = localStorage["proxy_password"];
		
		if (login && password && !locked) {
			return({
				authCredentials : {
					'username' : login,
					'password' : password
				}
			});
		}
	},
{urls: ["<all_urls>"]}, 
["blocking"]
});
No longer depends on: 1381290
Product: Toolkit → WebExtensions
You need to log in before you can comment on or make changes to this bug.