gnome-shell/js/portalHelper/main.js
2023-04-25 10:45:19 +00:00

370 lines
12 KiB
JavaScript

/* exported main */
imports.gi.versions.Pango = '1.0';
imports.gi.versions.Gtk = '3.0';
imports.gi.versions.WebKit2 = '4.1';
const Gettext = imports.gettext;
const { Gio, GLib, GObject, Gtk, Pango, WebKit2: WebKit } = imports.gi;
const _ = Gettext.gettext;
const Config = imports.misc.config;
const { loadInterfaceXML } = imports.misc.fileUtils;
const PortalHelperResult = {
CANCELLED: 0,
COMPLETED: 1,
RECHECK: 2,
};
const PortalHelperSecurityLevel = {
NOT_YET_DETERMINED: 0,
SECURE: 1,
INSECURE: 2,
};
const HTTP_URI_FLAGS =
GLib.UriFlags.HAS_PASSWORD |
GLib.UriFlags.ENCODED_PATH |
GLib.UriFlags.ENCODED_QUERY |
GLib.UriFlags.ENCODED_FRAGMENT |
GLib.UriFlags.SCHEME_NORMALIZE |
GLib.UriFlags.PARSE_RELAXED;
const CONNECTIVITY_CHECK_HOST = 'nmcheck.gnome.org';
const CONNECTIVITY_CHECK_URI = `http://${CONNECTIVITY_CHECK_HOST}`;
const CONNECTIVITY_RECHECK_RATELIMIT_TIMEOUT = 30 * GLib.USEC_PER_SEC;
const HelperDBusInterface = loadInterfaceXML('org.gnome.Shell.PortalHelper');
var PortalHeaderBar = GObject.registerClass(
class PortalHeaderBar extends Gtk.HeaderBar {
_init() {
super._init({ show_close_button: true });
// See ephy-title-box.c in epiphany for the layout
const vbox = new Gtk.Box({
orientation: Gtk.Orientation.VERTICAL,
spacing: 0,
});
this.set_custom_title(vbox);
/* TRANSLATORS: this is the title of the wifi captive portal login window */
const titleLabel = new Gtk.Label({
label: _('Hotspot Login'),
wrap: false,
single_line_mode: true,
ellipsize: Pango.EllipsizeMode.END,
});
titleLabel.get_style_context().add_class('title');
vbox.add(titleLabel);
const hbox = new Gtk.Box({
orientation: Gtk.Orientation.HORIZONTAL,
spacing: 4,
halign: Gtk.Align.CENTER,
valign: Gtk.Align.BASELINE,
});
hbox.get_style_context().add_class('subtitle');
vbox.add(hbox);
this._lockImage = new Gtk.Image({
icon_size: Gtk.IconSize.MENU,
valign: Gtk.Align.BASELINE,
});
hbox.add(this._lockImage);
this.subtitleLabel = new Gtk.Label({
wrap: false,
single_line_mode: true,
ellipsize: Pango.EllipsizeMode.END,
valign: Gtk.Align.BASELINE,
selectable: true,
});
this.subtitleLabel.get_style_context().add_class('subtitle');
hbox.add(this.subtitleLabel);
vbox.show_all();
}
setSubtitle(label) {
this.subtitleLabel.set_text(label);
}
setSecurityIcon(securityLevel) {
switch (securityLevel) {
case PortalHelperSecurityLevel.NOT_YET_DETERMINED:
this._lockImage.hide();
break;
case PortalHelperSecurityLevel.SECURE:
this._lockImage.show();
this._lockImage.set_from_icon_name("channel-secure-symbolic", Gtk.IconSize.MENU);
this._lockImage.set_tooltip_text(null);
break;
case PortalHelperSecurityLevel.INSECURE:
this._lockImage.show();
this._lockImage.set_from_icon_name("channel-insecure-symbolic", Gtk.IconSize.MENU);
this._lockImage.set_tooltip_text(_('Your connection to this hotspot login is not secure. Passwords or other information you enter on this page can be viewed by people nearby.'));
break;
}
}
});
var PortalWindow = GObject.registerClass(
class PortalWindow extends Gtk.ApplicationWindow {
_init(application, url, timestamp, doneCallback) {
super._init({ application });
this._headerBar = new PortalHeaderBar();
this._headerBar.setSecurityIcon(PortalHelperSecurityLevel.NOT_YET_DETERMINED);
this.set_titlebar(this._headerBar);
this._headerBar.show();
if (!url) {
url = CONNECTIVITY_CHECK_URI;
this._originalUrlWasGnome = true;
} else {
this._originalUrlWasGnome = false;
}
this._uri = GLib.Uri.parse(url, HTTP_URI_FLAGS);
this._everSeenRedirect = false;
this._originalUrl = url;
this._doneCallback = doneCallback;
this._lastRecheck = 0;
this._recheckAtExit = false;
this._webContext = WebKit.WebContext.new_ephemeral();
this._webContext.set_cache_model(WebKit.CacheModel.DOCUMENT_VIEWER);
this._webContext.set_network_proxy_settings(WebKit.NetworkProxyMode.NO_PROXY, null);
if (this._webContext.set_sandbox_enabled) {
// We have WebKitGTK 2.26 or newer.
this._webContext.set_sandbox_enabled(true);
}
this._webView = WebKit.WebView.new_with_context(this._webContext);
this._webView.connect('decide-policy', this._onDecidePolicy.bind(this));
this._webView.connect('load-changed', this._onLoadChanged.bind(this));
this._webView.connect('insecure-content-detected', this._onInsecureContentDetected.bind(this));
this._webView.connect('load-failed-with-tls-errors', this._onLoadFailedWithTlsErrors.bind(this));
this._webView.load_uri(url);
this._webView.connect('notify::uri', this._syncUri.bind(this));
this._syncUri();
this.add(this._webView);
this._webView.show();
this.set_size_request(600, 450);
this.maximize();
this.present_with_time(timestamp);
this.application.set_accels_for_action('app.quit', ['<Primary>q', '<Primary>w']);
}
_syncUri() {
let uri = this._webView.uri;
if (uri)
this._headerBar.setSubtitle(GLib.uri_unescape_string(uri, null));
else
this._headerBar.setSubtitle('');
}
refresh() {
this._everSeenRedirect = false;
this._webView.load_uri(this._originalUrl);
}
vfunc_delete_event(_event) {
if (this._recheckAtExit)
this._doneCallback(PortalHelperResult.RECHECK);
else
this._doneCallback(PortalHelperResult.CANCELLED);
return false;
}
_onLoadChanged(view, loadEvent) {
if (loadEvent == WebKit.LoadEvent.STARTED) {
this._headerBar.setSecurityIcon(PortalHelperSecurityLevel.NOT_YET_DETERMINED);
} else if (loadEvent == WebKit.LoadEvent.COMMITTED) {
let tlsInfo = this._webView.get_tls_info();
let ret = tlsInfo[0];
let flags = tlsInfo[2];
if (ret && flags == 0)
this._headerBar.setSecurityIcon(PortalHelperSecurityLevel.SECURE);
else
this._headerBar.setSecurityIcon(PortalHelperSecurityLevel.INSECURE);
}
}
_onInsecureContentDetected() {
this._headerBar.setSecurityIcon(PortalHelperSecurityLevel.INSECURE);
}
_onLoadFailedWithTlsErrors(view, failingURI, certificate, _errors) {
this._headerBar.setSecurityIcon(PortalHelperSecurityLevel.INSECURE);
let uri = GLib.Uri.parse(failingURI, HTTP_URI_FLAGS);
this._webContext.allow_tls_certificate_for_host(certificate, uri.get_host());
this._webView.load_uri(failingURI);
return true;
}
_onDecidePolicy(view, decision, type) {
if (type == WebKit.PolicyDecisionType.NEW_WINDOW_ACTION) {
let navigationAction = decision.get_navigation_action();
if (navigationAction.is_user_gesture()) {
// Even though the portal asks for a new window,
// perform the navigation in the current one. Some
// portals open a window as their last login step and
// ignoring that window causes them to not let the
// user go through. We don't risk popups taking over
// the page because we check that the navigation is
// user initiated.
this._webView.load_request(navigationAction.get_request());
}
decision.ignore();
return true;
}
if (type != WebKit.PolicyDecisionType.NAVIGATION_ACTION)
return false;
let request = decision.get_request();
const uri = GLib.Uri.parse(request.get_uri(), HTTP_URI_FLAGS);
if (uri.get_host() !== this._uri.get_host() && this._originalUrlWasGnome) {
if (uri.get_host() == CONNECTIVITY_CHECK_HOST && this._everSeenRedirect) {
// Yay, we got to gnome!
decision.ignore();
this._doneCallback(PortalHelperResult.COMPLETED);
return true;
} else if (uri.get_host() != CONNECTIVITY_CHECK_HOST) {
this._everSeenRedirect = true;
}
}
// We *may* have finished here, but we don't know for
// sure. Tell gnome-shell to run another connectivity check
// (but ratelimit the checks, we don't want to spam
// nmcheck.gnome.org for portals that have 10 or more internal
// redirects - and unfortunately they exist)
// If we hit the rate limit, we also queue a recheck
// when the window is closed, just in case we miss the
// final check and don't realize we're connected
// This should not be a problem in the cancelled logic,
// because if the user doesn't want to start the login,
// we should not see any redirect at all, outside this._uri
let now = GLib.get_monotonic_time();
let shouldRecheck = (now - this._lastRecheck) >
CONNECTIVITY_RECHECK_RATELIMIT_TIMEOUT;
if (shouldRecheck) {
this._lastRecheck = now;
this._recheckAtExit = false;
this._doneCallback(PortalHelperResult.RECHECK);
} else {
this._recheckAtExit = true;
}
// Update the URI, in case of chained redirects, so we still
// think we're doing the login until gnome-shell kills us
this._uri = uri;
decision.use();
return true;
}
});
var WebPortalHelper = GObject.registerClass(
class WebPortalHelper extends Gtk.Application {
_init() {
super._init({
application_id: 'org.gnome.Shell.PortalHelper',
flags: Gio.ApplicationFlags.IS_SERVICE,
inactivity_timeout: 30000,
});
this._dbusImpl = Gio.DBusExportedObject.wrapJSObject(HelperDBusInterface, this);
this._queue = [];
let action = new Gio.SimpleAction({ name: 'quit' });
action.connect('activate', () => this.active_window.destroy());
this.add_action(action);
}
vfunc_dbus_register(connection, path) {
this._dbusImpl.export(connection, path);
super.vfunc_dbus_register(connection, path);
return true;
}
vfunc_dbus_unregister(connection, path) {
this._dbusImpl.unexport_from_connection(connection);
super.vfunc_dbus_unregister(connection, path);
}
vfunc_activate() {
// If launched manually (for example for testing), force a dummy authentication
// session with the default url
this.Authenticate('/org/gnome/dummy', '', 0);
}
Authenticate(connection, url, timestamp) {
this._queue.push({ connection, url, timestamp });
this._processQueue();
}
Close(connection) {
for (let i = 0; i < this._queue.length; i++) {
let obj = this._queue[i];
if (obj.connection == connection) {
if (obj.window)
obj.window.destroy();
this._queue.splice(i, 1);
break;
}
}
this._processQueue();
}
Refresh(connection) {
for (let i = 0; i < this._queue.length; i++) {
let obj = this._queue[i];
if (obj.connection == connection) {
if (obj.window)
obj.window.refresh();
break;
}
}
}
_processQueue() {
if (this._queue.length == 0)
return;
let top = this._queue[0];
if (top.window != null)
return;
top.window = new PortalWindow(this, top.url, top.timestamp, result => {
this._dbusImpl.emit_signal('Done', new GLib.Variant('(ou)', [top.connection, result]));
});
}
});
function main(argv) {
if (!WebKit.WebContext.new_ephemeral) {
log('WebKitGTK 2.16 is required for the portal-helper, see https://bugzilla.gnome.org/show_bug.cgi?id=780453');
return 1;
}
Gettext.bindtextdomain(Config.GETTEXT_PACKAGE, Config.LOCALEDIR);
Gettext.textdomain(Config.GETTEXT_PACKAGE);
let app = new WebPortalHelper();
return app.run(argv);
}