1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
// Copyright 2022 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_WEBID_FEDERATED_IDENTITY_PERMISSION_CONTEXT_H_
#define CHROME_BROWSER_WEBID_FEDERATED_IDENTITY_PERMISSION_CONTEXT_H_
#include <string>
#include <vector>
#include "base/memory/scoped_refptr.h"
#include "base/observer_list.h"
#include "components/keyed_service/core/keyed_service.h"
#include "components/permissions/object_permission_context_base.h"
#include "components/signin/public/identity_manager/identity_manager.h"
#include "components/webid/federated_identity_data_model.h"
#include "content/public/browser/federated_identity_permission_context_delegate.h"
#include "net/base/schemeful_site.h"
#include "third_party/blink/public/mojom/webid/federated_auth_request.mojom-forward.h"
namespace content {
class BrowserContext;
} // namespace content
namespace blink::common::webid {
struct LoginStatusOptions;
} // namespace blink::common::webid
class FederatedIdentityAccountKeyedPermissionContext;
class FederatedIdentityIdentityProviderRegistrationContext;
class FederatedIdentityIdentityProviderSigninStatusContext;
// Context for storing permissions associated with the ability for a relying
// party site to pass an identity request to an identity provider through a
// Javascript API.
class FederatedIdentityPermissionContext
: public content::FederatedIdentityPermissionContextDelegate,
public signin::IdentityManager::Observer,
public KeyedService,
public webid::FederatedIdentityDataModel {
public:
explicit FederatedIdentityPermissionContext(
content::BrowserContext* browser_context);
~FederatedIdentityPermissionContext() override;
FederatedIdentityPermissionContext(
const FederatedIdentityPermissionContext&) = delete;
FederatedIdentityPermissionContext& operator=(
const FederatedIdentityPermissionContext&) = delete;
// KeyedService:
void Shutdown() override;
// content::FederatedIdentityPermissionContextDelegate:
void AddIdpSigninStatusObserver(IdpSigninStatusObserver* observer) override;
void RemoveIdpSigninStatusObserver(
IdpSigninStatusObserver* observer) override;
bool HasSharingPermission(const url::Origin& relying_party_requester,
const url::Origin& relying_party_embedder,
const url::Origin& identity_provider) override;
std::optional<base::Time> GetLastUsedTimestamp(
const url::Origin& relying_party_requester,
const url::Origin& relying_party_embedder,
const url::Origin& identity_provider,
const std::string& account_id) override;
bool HasSharingPermission(
const url::Origin& relying_party_requester) override;
void GrantSharingPermission(const url::Origin& relying_party_requester,
const url::Origin& relying_party_embedder,
const url::Origin& identity_provider,
const std::string& account_id) override;
void RevokeSharingPermission(const url::Origin& relying_party_requester,
const url::Origin& relying_party_embedder,
const url::Origin& identity_provider,
const std::string& account_id) override;
void RefreshExistingSharingPermission(
const url::Origin& relying_party_requester,
const url::Origin& relying_party_embedder,
const url::Origin& identity_provider,
const std::string& account_id) override;
std::optional<bool> GetIdpSigninStatus(
const url::Origin& idp_origin) override;
base::Value::List GetAccounts(const url::Origin& identity_provider) override;
void SetIdpSigninStatus(
const url::Origin& idp_origin,
bool idp_signin_status,
base::optional_ref<const blink::common::webid::LoginStatusOptions>)
override;
std::vector<GURL> GetRegisteredIdPs() override;
void RegisterIdP(const GURL& url) override;
void UnregisterIdP(const GURL& url) override;
void OnSetRequiresUserMediation(const url::Origin& relying_party,
base::OnceClosure callback) override;
// signin::IdentityManager::Observer:
void OnAccountsInCookieUpdated(
const signin::AccountsInCookieJarInfo& accounts_in_cookie_jar_info,
const GoogleServiceAuthError& error) override;
// FederatedIdentityDataModel:
void GetAllDataKeys(
base::OnceCallback<void(std::vector<DataKey>)> callback) override;
void RemoveFederatedIdentityDataByDataKey(
const DataKey& data_key,
base::OnceClosure callback) override;
void FlushScheduledSaveSettingsCalls();
// Returns whether there is an existing sharing permission for the given
// (relying party embedder site, identity provider site) pair.
bool HasSharingPermission(const net::SchemefulSite& relying_party_embedder,
const net::SchemefulSite& identity_provider);
// Marks the given (site, site) pair as eligible to use FedCM sharing
// permission as a signal for the Storage Access API. This is only valid to
// call for pairs that already have sharing permission.
void MarkStorageAccessEligible(
const net::SchemefulSite& relying_party_embedder,
const net::SchemefulSite& identity_provider,
base::OnceClosure callback);
// Converts existing sharing permission grants into (site, site)-keyed content
// settings.
ContentSettingsForOneType GetSharingPermissionGrantsAsContentSettings();
private:
std::unique_ptr<FederatedIdentityAccountKeyedPermissionContext>
sharing_context_;
std::unique_ptr<FederatedIdentityIdentityProviderSigninStatusContext>
idp_signin_context_;
std::unique_ptr<FederatedIdentityIdentityProviderRegistrationContext>
idp_registration_context_;
base::ScopedObservation<signin::IdentityManager,
signin::IdentityManager::Observer>
obs_{this};
base::ObserverList<IdpSigninStatusObserver> idp_signin_status_observer_list_;
};
#endif // CHROME_BROWSER_WEBID_FEDERATED_IDENTITY_PERMISSION_CONTEXT_H_
|
