AboutProtectionsParent.sys.mjs

mozilla-central/browser/actors/AboutProtectionsParent.sys.mjs (file symbol)

Enable keyboard shortcuts

Source code

File a bug in Firefox :: General

Revision control

Copy as Markdown

Other Tools

/* This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this

 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs";

const lazy = {};

ChromeUtils.defineESModuleGetters(lazy, {

  AddonManager: "resource://gre/modules/AddonManager.sys.mjs",

  BrowserUtils: "resource://gre/modules/BrowserUtils.sys.mjs",

  FXA_PWDMGR_HOST: "resource://gre/modules/FxAccountsCommon.sys.mjs",

  FXA_PWDMGR_REALM: "resource://gre/modules/FxAccountsCommon.sys.mjs",

  LoginBreaches: "resource:///modules/LoginBreaches.sys.mjs",

  LoginHelper: "resource://gre/modules/LoginHelper.sys.mjs",

  PrivateBrowsingUtils: "resource://gre/modules/PrivateBrowsingUtils.sys.mjs",

  Region: "resource://gre/modules/Region.sys.mjs",

});

ChromeUtils.defineLazyGetter(lazy, "fxAccounts", () => {

  return ChromeUtils.importESModule(

    "resource://gre/modules/FxAccounts.sys.mjs"

  ).getFxAccountsSingleton();

});

XPCOMUtils.defineLazyServiceGetter(

  lazy,

  "TrackingDBService",

  "@mozilla.org/tracking-db-service;1",

  "nsITrackingDBService"

);

let idToTextMap = new Map([

  [Ci.nsITrackingDBService.TRACKERS_ID, "tracker"],

  [Ci.nsITrackingDBService.TRACKING_COOKIES_ID, "cookie"],

  [Ci.nsITrackingDBService.CRYPTOMINERS_ID, "cryptominer"],

  [Ci.nsITrackingDBService.FINGERPRINTERS_ID, "fingerprinter"],

  // We map the suspicious fingerprinter to fingerprinter category to aggregate

  // the number.

  [Ci.nsITrackingDBService.SUSPICIOUS_FINGERPRINTERS_ID, "fingerprinter"],

  [Ci.nsITrackingDBService.SOCIAL_ID, "social"],

]);

const MONITOR_API_ENDPOINT = Services.urlFormatter.formatURLPref(

  "browser.contentblocking.report.endpoint_url"

);

const SECURE_PROXY_ADDON_ID = "secure-proxy@mozilla.com";

const SCOPE_MONITOR = [

  "profile:uid",

  "https://identity.mozilla.com/apps/monitor",

];

const SCOPE_VPN = "profile https://identity.mozilla.com/account/subscriptions";

const VPN_ENDPOINT = `${Services.prefs.getStringPref(

  "identity.fxaccounts.auth.uri"

)}oauth/subscriptions/active`;

// The ID of the vpn subscription, if we see this ID attached to a user's account then they have subscribed to vpn.

const VPN_SUB_ID = Services.prefs.getStringPref(

  "browser.contentblocking.report.vpn_sub_id"

);

// Error messages

const INVALID_OAUTH_TOKEN = "Invalid OAuth token";

const USER_UNSUBSCRIBED_TO_MONITOR = "User is not subscribed to Monitor";

const SERVICE_UNAVAILABLE = "Service unavailable";

const UNEXPECTED_RESPONSE = "Unexpected response";

const UNKNOWN_ERROR = "Unknown error";

// Valid response info for successful Monitor data

const MONITOR_RESPONSE_PROPS = [

  "monitoredEmails",

  "numBreaches",

  "passwords",

  "numBreachesResolved",

  "passwordsResolved",

];

let gTestOverride = null;

let monitorResponse = null;

let entrypoint = "direct";

export class AboutProtectionsParent extends JSWindowActorParent {

  constructor() {

    super();

  // Some tests wish to override certain functions with ones that mostly do nothing.

  static setTestOverride(callback) {

    gTestOverride = callback;

/**

   * Fetches and validates data from the Monitor endpoint. If successful, then return

   * expected data. Otherwise, throw the appropriate error depending on the status code.

   * @return valid data from endpoint.

*/

  async fetchUserBreachStats(token) {

    if (monitorResponse && monitorResponse.timestamp) {

      var timeDiff = Date.now() - monitorResponse.timestamp;

      let oneDayInMS = 24 * 60 * 60 * 1000;

      if (timeDiff >= oneDayInMS) {

        monitorResponse = null;

      } else {

        return monitorResponse;

    // Make the request

    const headers = new Headers();

    headers.append("Authorization", `Bearer ${token}`);

    const request = new Request(MONITOR_API_ENDPOINT, { headers });

    const response = await fetch(request);

    if (response.ok) {

      // Validate the shape of the response is what we're expecting.

      const json = await response.json();

      // Make sure that we're getting the expected data.

      let isValid = null;

      for (let prop in json) {

        isValid = MONITOR_RESPONSE_PROPS.includes(prop);

        if (!isValid) {

          break;

      monitorResponse = isValid ? json : new Error(UNEXPECTED_RESPONSE);

      if (isValid) {

        monitorResponse.timestamp = Date.now();

    } else {

      // Check the reason for the error

      switch (response.status) {

        case 400:

        case 401:

          monitorResponse = new Error(INVALID_OAUTH_TOKEN);

          break;

        case 404:

          monitorResponse = new Error(USER_UNSUBSCRIBED_TO_MONITOR);

          break;

        case 503:

          monitorResponse = new Error(SERVICE_UNAVAILABLE);

          break;

        default:

          monitorResponse = new Error(UNKNOWN_ERROR);

          break;

    if (monitorResponse instanceof Error) {

      throw monitorResponse;

    return monitorResponse;

/**

   * Retrieves login data for the user.

   * @return {{

   *            numLogins: Number,

   *            potentiallyBreachedLogins: Number,

   *            mobileDeviceConnected: Boolean }}

*/

  async getLoginData() {

    if (gTestOverride && "getLoginData" in gTestOverride) {

      return gTestOverride.getLoginData();

    try {

      if (await lazy.fxAccounts.getSignedInUser()) {

        await lazy.fxAccounts.device.refreshDeviceList();

    } catch (e) {

      console.error("There was an error fetching login data: ", e.message);

    const userFacingLogins =

      Services.logins.countLogins("", "", "") -

      Services.logins.countLogins(

        lazy.FXA_PWDMGR_HOST,

        null,

        lazy.FXA_PWDMGR_REALM

);

    let potentiallyBreachedLogins = null;

    // Get the stats for number of potentially breached Lockwise passwords

    // if the Primary Password isn't locked.

    if (userFacingLogins && Services.logins.isLoggedIn) {

      const logins = await lazy.LoginHelper.getAllUserFacingLogins();

      potentiallyBreachedLogins =

        await lazy.LoginBreaches.getPotentialBreachesByLoginGUID(logins);

    let mobileDeviceConnected =

      lazy.fxAccounts.device.recentDeviceList &&

      lazy.fxAccounts.device.recentDeviceList.filter(

        device => device.type == "mobile"

      ).length;

    return {

      numLogins: userFacingLogins,

      potentiallyBreachedLogins: potentiallyBreachedLogins

        ? potentiallyBreachedLogins.size

        : 0,

      mobileDeviceConnected,

};

/**

   * Retrieves monitor data for the user.

   * @return {{ monitoredEmails: Number,

   *            numBreaches: Number,

   *            passwords: Number,

   *            userEmail: String|null,

   *            error: Boolean }}

   *         Monitor data.

*/

  async getMonitorData() {

    if (gTestOverride && "getMonitorData" in gTestOverride) {

      monitorResponse = gTestOverride.getMonitorData();

      monitorResponse.timestamp = Date.now();

      // In a test, expect this to not fetch from the monitor endpoint due to the timestamp guaranteeing we use the cache.

      monitorResponse = await this.fetchUserBreachStats();

      return monitorResponse;

    let monitorData = {};

    let userEmail = null;

    let token = await this.getMonitorScopedOAuthToken();

    try {

      if (token) {

        monitorData = await this.fetchUserBreachStats(token);

        // Send back user's email so the protections report can direct them to the proper

        // OAuth flow on Monitor.

        const { email } = await lazy.fxAccounts.getSignedInUser();

        userEmail = email;

      } else {

        // If no account exists, then the user is not logged in with an fxAccount.

        monitorData = {

          errorMessage: "No account",

};

    } catch (e) {

      console.error(e.message);

      monitorData.errorMessage = e.message;

      // If the user's OAuth token is invalid, we clear the cached token and refetch

      // again. If OAuth token is invalid after the second fetch, then the monitor UI

      // will simply show the "no logins" UI version.

      if (e.message === INVALID_OAUTH_TOKEN) {

        await lazy.fxAccounts.removeCachedOAuthToken({ token });

        token = await this.getMonitorScopedOAuthToken();

        try {

          monitorData = await this.fetchUserBreachStats(token);

        } catch (_) {

          console.error(e.message);

      } else if (e.message === USER_UNSUBSCRIBED_TO_MONITOR) {

        // Send back user's email so the protections report can direct them to the proper

        // OAuth flow on Monitor.

        const { email } = await lazy.fxAccounts.getSignedInUser();

        userEmail = email;

      } else {

        monitorData.errorMessage = e.message || "An error ocurred.";

    return {

      ...monitorData,

      userEmail,

      error: !!monitorData.errorMessage,

};

  async getMonitorScopedOAuthToken() {

    let token = null;

    try {

      token = await lazy.fxAccounts.getOAuthToken({ scope: SCOPE_MONITOR });

    } catch (e) {

      console.error(

        "There was an error fetching the user's token: ",

        e.message

);

    return token;

/**

   * The proxy card will only show if the user is in the US, has the browser language in "en-US",

   * and does not yet have Proxy installed.

*/

  async shouldShowProxyCard() {

    const region = lazy.Region.home || "";

    const languages = Services.prefs.getComplexValue(

      "intl.accept_languages",

      Ci.nsIPrefLocalizedString

);

    const alreadyInstalled = await lazy.AddonManager.getAddonByID(

      SECURE_PROXY_ADDON_ID

);

    return (

      region.toLowerCase() === "us" &&

      !alreadyInstalled &&

      languages.data.toLowerCase().includes("en-us")

);

  async VPNSubStatus() {

    // For testing, set vpn sub status manually

    if (gTestOverride && "vpnOverrides" in gTestOverride) {

      return gTestOverride.vpnOverrides();

    let vpnToken;

    try {

      vpnToken = await lazy.fxAccounts.getOAuthToken({ scope: SCOPE_VPN });

    } catch (e) {

      console.error(

        "There was an error fetching the user's token: ",

        e.message

);

      // there was an error, assume user is not subscribed to VPN

      return false;

    let headers = new Headers();

    headers.append("Authorization", `Bearer ${vpnToken}`);

    const request = new Request(VPN_ENDPOINT, { headers });

    const res = await fetch(request);

    if (res.ok) {

      const result = await res.json();

      for (let sub of result) {

        if (sub.subscriptionId == VPN_SUB_ID) {

          return true;

      return false;

    // unknown logic: assume user is not subscribed to VPN

    return false;

  async receiveMessage(aMessage) {

    let win = this.browsingContext.top.embedderElement.ownerGlobal;

    switch (aMessage.name) {

      case "OpenAboutLogins":

        lazy.LoginHelper.openPasswordManager(win, {

          entryPoint: "aboutprotections",

});

        break;

      case "OpenContentBlockingPreferences":

        win.openPreferences("privacy-trackingprotection", {

          origin: "about-protections",

});

        break;

      case "OpenSyncPreferences":

        win.openTrustedLinkIn("about:preferences#sync", "tab");

        break;

      case "FetchContentBlockingEvents":

        let dataToSend = {};

        let displayNames = new Services.intl.DisplayNames(undefined, {

          type: "weekday",

          style: "abbreviated",

          calendar: "gregory",

});

        // Weekdays starting Sunday (7) to Saturday (6).

        let weekdays = [7, 1, 2, 3, 4, 5, 6].map(day => displayNames.of(day));

        dataToSend.weekdays = weekdays;

        if (lazy.PrivateBrowsingUtils.isWindowPrivate(win)) {

          dataToSend.isPrivate = true;

          return dataToSend;

        let sumEvents = await lazy.TrackingDBService.sumAllEvents();

        let earliestDate =

          await lazy.TrackingDBService.getEarliestRecordedDate();

        let eventsByDate = await lazy.TrackingDBService.getEventsByDateRange(

          aMessage.data.from,

          aMessage.data.to

);

        let largest = 0;

        for (let result of eventsByDate) {

          let count = result.getResultByName("count");

          let type = result.getResultByName("type");

          let timestamp = result.getResultByName("timestamp");

          let typeStr = idToTextMap.get(type);

          dataToSend[timestamp] = dataToSend[timestamp] ?? { total: 0 };

          let currentCnt = dataToSend[timestamp][typeStr] ?? 0;

          currentCnt += count;

          dataToSend[timestamp][typeStr] = currentCnt;

          dataToSend[timestamp].total += count;

          // Record the largest amount of tracking events found per day,

          // to create the tallest column on the graph and compare other days to.

          if (largest < dataToSend[timestamp].total) {

            largest = dataToSend[timestamp].total;

        dataToSend.largest = largest;

        dataToSend.earliestDate = earliestDate;

        dataToSend.sumEvents = sumEvents;

        return dataToSend;

      case "FetchMonitorData":

        return this.getMonitorData();

      case "FetchUserLoginsData":

        return this.getLoginData();

      case "ClearMonitorCache":

        monitorResponse = null;

        break;

      case "GetShowProxyCard":

        let card = await this.shouldShowProxyCard();

        return card;

      case "RecordEntryPoint":

        entrypoint = aMessage.data.entrypoint;

        break;

      case "FetchEntryPoint":

        return entrypoint;

      case "FetchVPNSubStatus":

        return this.VPNSubStatus();

      case "FetchShowVPNCard":

        return lazy.BrowserUtils.shouldShowVPNPromo();

    return undefined;