Bug 1059391 - Add pref to disable caching of Sync authentication credentials. r=markh, a=sledru
authorChris Karlof <ckarlof@mozilla.com>
Thu, 28 Aug 2014 17:21:03 -0700
changeset 216895 c45a0f90b53e
parent 216894 449e9b0c1780
child 216896 3f58f21ebcf6
push id3959
push userryanvm@gmail.com
push date2014-10-01 19:28 +0000
treeherdermozilla-beta@6326278b28ac [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmarkh, sledru
bugs1059391
milestone33.0
Bug 1059391 - Add pref to disable caching of Sync authentication credentials. r=markh, a=sledru This introduces a debugging pref, "services.sync.debug.ignoreCachedAuthCredentials". This flag allows testers to disable caching of authentication credentials to make debugging of expired and revoked credentials easier. This will help expedite any visble auth errors resulting from a expired or revoked FxA session token, e.g., from resetting or changing the FxA password. This pref is not set by default.
services/fxaccounts/FxAccounts.jsm
services/sync/modules/browserid_identity.js
--- a/services/fxaccounts/FxAccounts.jsm
+++ b/services/fxaccounts/FxAccounts.jsm
@@ -158,17 +158,28 @@ AccountState.prototype = {
           validUntil: willBeValidUntil
         };
         return cert;
       }
     ).then(result => this.resolve(result));
   },
 
   getKeyPair: function(mustBeValidUntil) {
-    if (this.keyPair && (this.keyPair.validUntil > mustBeValidUntil)) {
+    // If the debugging pref to ignore cached authentication credentials is set for Sync,
+    // then don't use any cached key pair, i.e., generate a new one and get it signed.
+    // The purpose of this pref is to expedite any auth errors as the result of a
+    // expired or revoked FxA session token, e.g., from resetting or changing the FxA
+    // password.
+    let ignoreCachedAuthCredentials = false;
+    try {
+      ignoreCachedAuthCredentials = Services.prefs.getBoolPref("services.sync.debug.ignoreCachedAuthCredentials");
+    } catch(e) {
+      // Pref doesn't exist
+    }
+    if (!ignoreCachedAuthCredentials && this.keyPair && (this.keyPair.validUntil > mustBeValidUntil)) {
       log.debug("getKeyPair: already have a keyPair");
       return this.resolve(this.keyPair.keyPair);
     }
     // Otherwse, create a keypair and set validity limit.
     let willBeValidUntil = this.fxaInternal.now() + KEY_LIFETIME;
     let d = Promise.defer();
     jwcrypto.generateKeyPair("DS160", (err, kp) => {
       if (err) {
--- a/services/sync/modules/browserid_identity.js
+++ b/services/sync/modules/browserid_identity.js
@@ -428,16 +428,27 @@ this.BrowserIDManager.prototype = {
     return STATUS_OK;
   },
 
   /**
    * Do we have a non-null, not yet expired token for the user currently
    * signed in?
    */
   hasValidToken: function() {
+    // If pref is set to ignore cached authentication credentials for debugging,
+    // then return false to force the fetching of a new token.
+    let ignoreCachedAuthCredentials = false;
+    try {
+      ignoreCachedAuthCredentials = Svc.Prefs.get("debug.ignoreCachedAuthCredentials");
+    } catch(e) {
+      // Pref doesn't exist
+    }
+    if (ignoreCachedAuthCredentials) {
+      return false;
+    }
     if (!this._token) {
       return false;
     }
     if (this._token.expiration < this._now()) {
       return false;
     }
     return true;
   },