Merge pull request #409 from aurimasv/cookies

Manage cookies received from other hosts.
2015-02-14 13:24:58 -05:00 · 2015-02-14 13:24:58 -05:00 · 64f7710877
commit 64f7710877
parent 161733b207 0998b15fac
4 changed files with 250 additions and 30 deletions
--- a/chrome/content/zotero/xpcom/connector/connector.js
+++ b/chrome/content/zotero/xpcom/connector/connector.js
@ -143,7 +143,7 @@ Zotero.Connector = new function() {
 	 * @param	{Object}		data			RPC data. See documentation above.
 	 * @param	{Function}		callback		Function to be called when requests complete.
 	 */
-	this.callMethod = function(method, data, callback) {
+	this.callMethod = function(method, data, callback, tab) {
 		// Don't bother trying if not online in bookmarklet
 		if(Zotero.isBookmarklet && this.isOnline === false) {
 			callback(false, 0);
@ -211,6 +211,57 @@ Zotero.Connector = new function() {
 					"X-Zotero-Connector-API-Version":CONNECTOR_API_VERSION
 				});
 		}
 	},
 	/**
 	 * Adds detailed cookies to the data before sending "saveItems" request to
 	 *  the server/Standalone
 	 *
 	 * @param	{Object} data RPC data. See documentation above.
 	 * @param	{Function} callback Function to be called when requests complete.
 	 */
 	this.setCookiesThenSaveItems = function(data, callback, tab) {
 		if(Zotero.isFx && !Zotero.isBookmarklet && data.uri) {
 			var host = Services.ios.newURI(data.uri, null, null).host;
 			var cookieEnum = Services.cookies.getCookiesFromHost(host);
 			var cookieHeader = '';
 			while(cookieEnum.hasMoreElements()) {
 				var cookie = cookieEnum.getNext().QueryInterface(Components.interfaces.nsICookie2);
 				cookieHeader += '\n' + cookie.name + '=' + cookie.value
 					+ ';Domain=' + cookie.host
 					+ (cookie.path ? ';Path=' + cookie.path : '')
 					+ (!cookie.isDomain ? ';hostOnly' : '') //not a legit flag, but we have to use it internally
 					+ (cookie.isSecure ? ';secure' : '');
 			}
 			if(cookieHeader) {
 				data.detailedCookies = cookieHeader.substr(1);
 			}
 			this.callMethod("saveItems", data, callback, tab);
 			return;
 		} else if(Zotero.isChrome && !Zotero.isBookmarklet) {
 			var self = this;
 			chrome.cookies.getAll({url: tab.url}, function(cookies) {
 				var cookieHeader = '';
 				for(var i=0, n=cookies.length; i<n; i++) {
 					cookieHeader += '\n' + cookies[i].name + '=' + cookies[i].value
 						+ ';Domain=' + cookies[i].domain
 						+ (cookies[i].path ? ';Path=' + cookies[i].path : '')
 						+ (cookies[i].hostOnly ? ';hostOnly' : '') //not a legit flag, but we have to use it internally
 						+ (cookies[i].secure ? ';secure' : '');
 				}
 				if(cookieHeader) {
 					data.detailedCookies = cookieHeader.substr(1);
 				}
 				self.callMethod("saveItems", data, callback, tab);
 			});
 			return;
 		}
 		this.callMethod("saveItems", data, callback, tab);
 	}
 }
--- a/chrome/content/zotero/xpcom/connector/translate_item.js
+++ b/chrome/content/zotero/xpcom/connector/translate_item.js
@ -80,8 +80,7 @@ Zotero.Translate.ItemSaver.prototype = {
 			payload.uri = this._uri;
 			payload.cookie = this._cookie;
 		}
-		
+		Zotero.Connector.setCookiesThenSaveItems(payload, function(data, status) {
 		Zotero.Connector.callMethod("saveItems", payload, function(data, status) {
 			if(data !== false) {
 				Zotero.debug("Translate: Save via Standalone succeeded");
 				var haveAttachments = false;
--- a/chrome/content/zotero/xpcom/cookieSandbox.js
+++ b/chrome/content/zotero/xpcom/cookieSandbox.js
@ -47,11 +47,9 @@ Zotero.CookieSandbox = function(browser, uri, cookieData, userAgent) {
 	this._cookies = {};
 	if(cookieData) {
-		var splitCookies = cookieData.split(/; ?/);
+		var splitCookies = cookieData.split(/;\s*/);
 		for each(var cookie in splitCookies) {
-			var key = cookie.substr(0, cookie.indexOf("="));
+			this.setCookie(cookie, this.URI.host);
 			var value = cookie.substr(cookie.indexOf("=")+1);
 			this._cookies[key] = value;
 		}
 	}
@ -63,29 +61,93 @@ Zotero.CookieSandbox = function(browser, uri, cookieData, userAgent) {
 	}
 }
 /**
 * Normalizes the host string: lower-case, remove leading period, some more cleanup
 * @param {String} host;
 */
 Zotero.CookieSandbox.normalizeHost = function(host) {
 	return host.trim().toLowerCase().replace(/^\.+|[:\/].*/g, '');
 }
 /**
 * Normalizes the path string
 * @param {String} path;
 */
 Zotero.CookieSandbox.normalizePath = function(path) {
 	return '/' + path.trim().replace(/^\/+|[?#].*/g, '');
 }
 /**
 * Generates a semicolon-separated string of cookie values from a list of cookies
 * @param {Object} cookies Object containing key: value cookie pairs
 */
 Zotero.CookieSandbox.generateCookieString = function(cookies) {
 	var str = '';
 	for(var key in cookies) {
 		str += '; ' + key + '=' + cookies[key];
 	}
 	return str ? str.substr(2) : '';
 }
 Zotero.CookieSandbox.prototype = {
 	/**
 	 * Adds cookies to this CookieSandbox based on a cookie header
 	 * @param {String} cookieString;
 	 * @param {nsIURI} [uri] URI of the header origin.
 	                   Used to verify same origin. If omitted validation is not performed
 	 */
-	"addCookiesFromHeader":function(cookieString) {
+	"addCookiesFromHeader":function(cookieString, uri) {
 		var cookies = cookieString.split("\n");
 		if(uri) {
 			var validDomain = '.' + Zotero.CookieSandbox.normalizeHost(uri.host);
 		}
 		for(var i=0, n=cookies.length; i<n; i++) {
-			var cookieInfo = cookies[i].split(/; ?/);
+			var cookieInfo = cookies[i].split(/;\s*/);
-			var secure = false;
+			var secure = false, path = '', domain = '', hostOnly = false;
 			for(var j=1, m=cookieInfo.length; j<m; j++) {
-				if(cookieInfo[j].substr(0, cookieInfo[j].indexOf("=")).toLowerCase() === "secure") {
+				var pair = cookieInfo[j].split(/\s*=\s*/);
-					secure = true;
+				switch(pair[0].trim().toLowerCase()) {
-					break;
+					case 'secure':
 						secure = true;
 						break;
 					case 'domain':
 						domain = pair[1];
 						break;
 					case 'path':
 						path = pair[1];
 						break;
 					case 'hostonly':
 						hostOnly = true;
 						break;
 				}
 				if(secure && domain && path && hostOnly) break;
 			}
 			// Domain must be a suffix of the host setting the cookie
 			if(validDomain && domain) {
 				var normalizedDomain = Zotero.CookieSandbox.normalizeHost(domain);
 				var substrMatch = validDomain.lastIndexOf(normalizedDomain);
 				var publicSuffix;
 				try { publicSuffix = Services.eTLD.getPublicSuffix(uri) }  catch(e) {}
 				if(substrMatch == -1 || !publicSuffix || publicSuffix == normalizedDomain
 					|| (substrMatch + normalizedDomain.length != validDomain.length)
 					|| (validDomain.charAt(substrMatch-1) != '.')) {
 					Zotero.debug("CookieSandbox: Ignoring attempt to set a cookie for different host");
 					continue;
 				}
 			}
-			if(!secure) {
+			// When no domain is set, use requestor's host (hostOnly cookie)
-				var key = cookieInfo[0].substr(0, cookieInfo[0].indexOf("="));
+			if(validDomain && !domain) {
-				var value = cookieInfo[0].substr(cookieInfo[0].indexOf("=")+1);
+				domain = validDomain.substr(1);
-				this._cookies[key] = value;
+				hostOnly = true;
 			}
 			this.setCookie(cookieInfo[0], domain, path, secure, hostOnly);
 		}
 	},
@ -104,13 +166,112 @@ Zotero.CookieSandbox.prototype = {
 	"attachToInterfaceRequestor": function(ir) {
 		Zotero.CookieSandbox.Observer.trackedInterfaceRequestors.push(Components.utils.getWeakReference(ir.QueryInterface(Components.interfaces.nsIInterfaceRequestor)));
 		Zotero.CookieSandbox.Observer.trackedInterfaceRequestorSandboxes.push(this);
 	},
 	/**
 	 * Set a cookie for a specified host
 	 * @param {String} cookiePair A single cookie pair in the form key=value
 	 * @param {String} [host] Host to bind the cookie to.
 	 *                        Defaults to the host set on this.URI
 	 * @param {String} [path]
 	 * @param {Boolean} [secure] Whether the cookie has the secure attribute set
 	 * @param {Boolean} [hostOnly] Whether the cookie is a host-only cookie
 	 */
 	"setCookie": function(cookiePair, host, path, secure, hostOnly) {
 		var splitAt = cookiePair.indexOf('=');
 		if(splitAt === -1) {
 			Zotero.debug("CookieSandbox: Not setting invalid cookie.");
 			return;
 		}
 		var pair = [cookiePair.substring(0,splitAt), cookiePair.substring(splitAt+1)];
 		var name = pair[0].trim();
 		var value = pair[1].trim();
 		if(!name) {
 			Zotero.debug("CookieSandbox: Ignoring attempt to set cookie with no name");
 			return;
 		}
 		host = '.' + Zotero.CookieSandbox.normalizeHost(host);
 		if(!path) path = '/';
 		path = Zotero.CookieSandbox.normalizePath(path);
 		if(!this._cookies[host]) {
 			this._cookies[host] = {};
 		}
 		if(!this._cookies[host][path]) {
 			this._cookies[host][path] = {};
 		}
 		/*Zotero.debug("CookieSandbox: adding cookie " + name + '='
 			+ value + ' for host ' + host + ' and path ' + path 
 			+ '[' + (hostOnly?'hostOnly,':'') + (secure?'secure':'') + ']');*/
 		this._cookies[host][path][name] = {
 			value: value,
 			secure: !!secure,
 			hostOnly: !!hostOnly
 		};
 	},
 	/**
 	 * Returns a list of cookies that should be sent to the given URI
 	 * @param {nsIURI} uri
 	 */
 	"getCookiesForURI": function(uri) {
 		var hostParts = Zotero.CookieSandbox.normalizeHost(uri.host).split('.'),
 			pathParts = Zotero.CookieSandbox.normalizePath(uri.path).split('/'),
 			cookies = {}, found = false, secure = uri.scheme.toUpperCase() == 'HTTPS';
 		// Fetch cookies starting from the highest level domain
 		var cookieHost = '.' + hostParts[hostParts.length-1];
 		for(var i=hostParts.length-2; i>=0; i--) {
 			cookieHost = '.' + hostParts[i] + cookieHost;
 			if(this._cookies[cookieHost]) {
 				found = this._getCookiesForPath(cookies, this._cookies[cookieHost], pathParts, secure, i==0) || found;
 			}
 		}
 		//Zotero.debug("CookieSandbox: returning cookies:");
 		//Zotero.debug(cookies);
 		return found ? cookies : null;
 	},
 	"_getCookiesForPath": function(cookies, cookiePaths, pathParts, secure, isHost) {
 		var found = false;
 		var path = '';
 		for(var i=0, n=pathParts.length; i<n; i++) {
 			path += pathParts[i];
 			var cookiesForPath = cookiePaths[path];
 			if(cookiesForPath) {
 				for(var key in cookiesForPath) {
 					if(cookiesForPath[key].secure && !secure) continue;
 					if(cookiesForPath[key].hostOnly && !isHost) continue;
 					found = true;
 					cookies[key] = cookiesForPath[key].value;
 				}
 			}
 			// Also check paths with trailing / (but not for last part)
 			path += '/';
 			cookiesForPath = cookiePaths[path];
 			if(cookiesForPath && i != n-1) {
 				for(var key in cookiesForPath) {
 					if(cookiesForPath[key].secure && !secure) continue;
 					if(cookiesForPath[key].hostOnly && !isHost) continue;
 					found = true;
 					cookies[key] = cookiesForPath[key].value;
 				}
 			}
 		}
 		return found;
 	}
 }
 Zotero.CookieSandbox.prototype.__defineGetter__("cookieString", function() {
 	return [key+"="+this._cookies[key] for(key in this._cookies)].join("; ");
 });
 /**
 * nsIObserver implementation for adding, clearing, and slurping cookies
 */
@ -218,8 +379,12 @@ Zotero.CookieSandbox.Observer = new function() {
 		}
 		if(topic == "http-on-modify-request") {
-			// clear cookies to be sent to other domains
+			// Clear cookies to be sent to other domains if we're not explicitly managing them
-			if(!trackedBy || channel.URI.host != trackedBy.URI.host) {
+			if(trackedBy) {
 				var cookiesForURI = trackedBy.getCookiesForURI(channel.URI);
 			}
 			if(!trackedBy || !cookiesForURI) {
 				channel.setRequestHeader("Cookie", "", false);
 				channel.setRequestHeader("Cookie2", "", false);
 				Zotero.debug("CookieSandbox: Cleared cookies to be sent to "+channelURI, 5);
@ -231,26 +396,27 @@ Zotero.CookieSandbox.Observer = new function() {
 			}
 			// add cookies to be sent to this domain
-			channel.setRequestHeader("Cookie", trackedBy.cookieString, false);
+			channel.setRequestHeader("Cookie", Zotero.CookieSandbox.generateCookieString(cookiesForURI), false);
 			Zotero.debug("CookieSandbox: Added cookies for request to "+channelURI, 5);
 		} else if(topic == "http-on-examine-response") {
 			// clear cookies being received
 			try {
 				var cookieHeader = channel.getResponseHeader("Set-Cookie");
 			} catch(e) {
 				Zotero.debug("CookieSandbox: No Set-Cookie header received for "+channelURI, 5);
 				return;
 			}
 			channel.setResponseHeader("Set-Cookie", "", false);
 			channel.setResponseHeader("Set-Cookie2", "", false);
-			// don't process further if these cookies are for another set of domains
+			if(!cookieHeader || !trackedBy) {
-			if(!trackedBy || channel.URI.host != trackedBy.URI.host) {
+				Zotero.debug("CookieSandbox: Not tracking received cookies for "+channelURI, 5);
 				Zotero.debug("CookieSandbox: Rejected cookies from "+channelURI, 5);
 				return;
 			}
-			// put new cookies into our sandbox
+			// Put new cookies into our sandbox
-			if(cookieHeader) trackedBy.addCookiesFromHeader(cookieHeader);
+			trackedBy.addCookiesFromHeader(cookieHeader, channel.URI);
 			Zotero.debug("CookieSandbox: Slurped cookies from "+channelURI, 5);
 		}
--- a/chrome/content/zotero/xpcom/server_connector.js
+++ b/chrome/content/zotero/xpcom/server_connector.js
@ -339,7 +339,11 @@ Zotero.Server.Connector.SaveItem.prototype = {
 		} catch(e) {}
 		var cookieSandbox = data["uri"] ? new Zotero.CookieSandbox(null, data["uri"],
-			data["cookie"] || "", url.userAgent) : null;
+			data["detailedCookies"] ? "" : data["cookie"] || "", url.userAgent) : null;
 		if(cookieSandbox && data.detailedCookies) {
 			cookieSandbox.addCookiesFromHeader(data.detailedCookies);
 		}
 		for(var i=0; i<data.items.length; i++) {
 			Zotero.Server.Connector.AttachmentProgressManager.add(data.items[i].attachments);
 		}