Necko:nsIAuthPrompt2

From MozillaWiki
Revision as of 16:13, 28 September 2005 by Biesi (talk | contribs)
Jump to navigation Jump to search

https://bugzilla.mozilla.org/show_bug.cgi?id=265780

This page describes new and improved authentication interfaces for necko. There are various downsides of the current ones, including:

The interfaces in question are nsIAuthPrompt and nsIPromptService; possibly nsIPrompt as well.

I'll suggest an nsIAuthPrompt2 interface below. Its methods will have counterparts in nsIPromptService2; they will have the same signature but an addition window argument.

The nsIAuthPrompt2 is what necko calls stuff on; nsIPromptService2 is what embeddors would implement.

This suggestion is based on https://bugzilla.mozilla.org/attachment.cgi?id=163161 but slightly modified. 

interface nsIAuthPrompt2 : nsISupports
{         
   const PRUint32 SAVE_PASSWORD_NEVER             = 0;
   const PRUint32 SAVE_PASSWORD_FOR_SESSION       = 1;
   const PRUint32 SAVE_PASSWORD_PERMANENTLY       = 2;

   /** @name Security Levels */
   /* @{ */
   /**
    * The password will be sent unencrypted. No security provided.
    */
   const PRUint32 LEVEL_NONE = 0;
   /**
    * Password will be sent encrypted, but the connection is otherwise
    * insecure.
    */
   const PRUint32 LEVEL_PW_ENCRYPTED = 1;
   /**
    * The connection, both for password and data, is secure.
    */
   const PRUint32 LEVEL_SECURE = 2;
   /* @} */

   /** @name Flags */
   /* @{ */
   /**
    * This dialog belongs to a network host.
    */
   const PRUint32 AUTH_HOST = 0;
   /**
    * This dialog belongs to a proxy.
    */
   const PRUint32 AUTH_PROXY = 1;

   /**
    * This dialog needs domain information. The user interface should show a
    * domain field, prefilled with the aDomain paramter's value.
    */
   const PRUint32 NEED_DOMAIN = 2;

   /**
    * This dialog only asks for password information. The implementation SHOULD
    * NOT show a username field. It MUST NOT modify the user inout parameter,
    * although it should show its initial value to the user in some form. For
    * example, a paragraph in the dialog might say "Please enter your password
    * for user jsmith at server intranet".
    *
    * This flag is mutually exclusive with NEED_DOMAIN.
    */
   const PRUint32 ONLY_PASSWORD = 4;
   /* @} */

   /**
    * Requests a username and a password. Implementations will commonly show a
    * dialog with a username and password field, depending on flags also a
    * domain field.
    *
    * @param aChannel
    *        The channel that requires authentication.
    * @param passwordRealm
    *        The server-supplied realm for the password. This is a
    *        human-readable string like "Secret files".
    * @param level
    *        One of the level constants from above. See there for descriptions
    *        of the levels.
    * @param savePassword
    *        Hint to the implementation whether to allow saving a password and
    *        for which duration. See above for descriptions of the values.
    * @param flags
    *        Flags describing this dialog. A bitwise OR of the flag values
    *        above.
    * @param user
    *        The initial value should be used to prefill the dialog.
    *        Implementations should not show the password in clear.
    *        On return, this parameter should contain the username entered by
    *        the user.
    * @param pwd
    *        The initial value should be used to prefill the dialog or show it
    *        in some other way to the user.
    *        On return, this parameter should contain the username entered by
    *        the user.
    * @param domain
    *        The initial value should be used to prefill the dialog or show it
    *        in some other way to the user.
    *        On return, this parameter should contain the domain entered by
    *        the user.
    *        This parameter is only used if flags include AUTH_DOMAIN.
    *
    * @retval true
    *         Authentication can proceed using the values of the out
    *         parameters.
    * @retval false
    *         Authentication should be cancelled, usually because the user did
    *         not provide username/password.
    *
    * @note   Exceptions thrown from this function will be treated like a
    *         return value of false.
    */
   boolean promptUsernameAndPassword(in nsIChannel aChannel,
                                     in AString passwordRealm,
                                     in PRUint32 level,
                                     in PRUint32 savePassword,
                                     in PRUint32 flags,
                                     inout AString user, 
                                     inout AString pwd,
                                     inout AString domain);

};

Issues:

  • NSS wants to prompt for passwords as well, and has no nsIChannel available
    • Make aChannel an nsISupports, which can also be a certificate or certificate store or whatever?
  • Gnome wants asynchronous password prompts
    • Provide a *async variant, taking a callback?
Retrieved from "https://wiki.allizom.org/index.php?title=Necko:nsIAuthPrompt2&oldid=12302"