ChangePasswordURLs.sys.mjs

Enable keyboard shortcuts

/* This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this

 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/**

 * Manages change password links for saved logins using data from

 * RemoteSettings.

 * The 'change-password-urls' RemoteSettings collection maps domains to HTTPS

 * password change URLs. This module determines which saved logins match

 * those domains and returns a mapping of login GUIDs to their corresponding

 * password change URLs.

 * Domain matching is based on eTLD+1 comparison and does not guarantee that

 * the returned password change URL is specific to the exact subdomain of the login.

*/

const lazy = {};

ChromeUtils.defineESModuleGetters(lazy, {

  LoginHelper: "resource://gre/modules/LoginHelper.sys.mjs",

  RemoteSettings: "resource://services-settings/remote-settings.sys.mjs",

  RemoteSettingsClient:

    "resource://services-settings/RemoteSettingsClient.sys.mjs",

});

ChromeUtils.defineLazyGetter(lazy, "log", () => {

  return lazy.LoginHelper.createLogger("ChangePasswordURLs");

});

export const ChangePasswordURLs = {

  REMOTE_SETTINGS_COLLECTION: "change-password-urls",

/**

   * Fetch and normalize the domain to password change URL mapping

   * from RemoteSettings.

   * @returns {Map<string, string>} A Map of domain to HTTPS password change URL.

*/

  async _getDomainToChangePasswordURLMap() {

    let records;

    try {

      records = await lazy

        .RemoteSettings(this.REMOTE_SETTINGS_COLLECTION)

        .get();

    } catch (ex) {

      if (ex instanceof lazy.RemoteSettingsClient.UnknownCollectionError) {

        lazy.log.warn(

          "Could not get Remote Settings collection.",

          this.REMOTE_SETTINGS_COLLECTION

);

        return new Map();

      throw ex;

    const domainMap = new Map();

    for (const record of records) {

      if (!record.host || !record.url) {

        continue;

      if (!this._isValidHTTPSURL(record.url)) {

        continue;

      domainMap.set(record.host, record.url);

    return domainMap;

},

/**

   * Return a Map of login GUIDs to password change URLs. Logins with invalid

   * origins or without a matching domain are skipped.

   * @param {nsILoginInfo[]} logins Saved logins to match against known domains.

   * @returns {Map<string, string>} A Map from login GUID to password change URL.

*/

  async getChangePasswordURLsByLoginGUID(logins) {

    const changePasswordURLsByLoginGUID = new Map();

    const domainMap = await this._getDomainToChangePasswordURLMap();

    for (const login of logins) {

      let loginHost;

      try {

        loginHost = Services.io.newURI(login.origin).host;

      } catch {

        continue;

      for (const [domain, url] of domainMap) {

        if (Services.eTLD.hasRootDomain(loginHost, domain)) {

          changePasswordURLsByLoginGUID.set(login.guid, url);

          break;

    return changePasswordURLsByLoginGUID;

},

  _isValidHTTPSURL(url) {

    try {

      let uri = Services.io.newURI(url);

      return uri.scheme === "https";

    } catch {

      return false;

},

};