Bug 1023266 - Make the Mobile ID API privileged. Part 2: Fix permission check. r=jedp, a=lmandel
authorFernando Jiménez <ferjmoreno@gmail.com>
Fri, 27 Jun 2014 01:18:20 +0200
changeset 207527 d1302463099e15b1b795effdd3a3995c0f6643ae
parent 207526 2c0abc52701804ddc88a5757f6c251a60eabbdf7
child 207528 ebff751502d33d4e5d80aaa5d0a7e039cc65498b
push id3741
push userasasaki@mozilla.com
push dateMon, 21 Jul 2014 20:25:18 +0000
treeherdermozilla-beta@4d6f46f5af68 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjedp, lmandel
bugs1023266
milestone32.0a2
Bug 1023266 - Make the Mobile ID API privileged. Part 2: Fix permission check. r=jedp, a=lmandel
services/mobileid/MobileIdentityCommon.jsm
services/mobileid/MobileIdentityManager.jsm
--- a/services/mobileid/MobileIdentityCommon.jsm
+++ b/services/mobileid/MobileIdentityCommon.jsm
@@ -86,16 +86,17 @@ this.ERROR_INVALID_BODY_MISSING_PARAMS  
 this.ERROR_INVALID_BODY_PARAMS                    = "INVALID_BODY_PARAMS";
 this.ERROR_INVALID_PHONE_NUMBER                   = "INVALID_PHONE_NUMBER";
 this.ERROR_INVALID_PROMPT_RESULT                  = "INVALID_PROMPT_RESULT";
 this.ERROR_INVALID_REQUEST_SIGNATURE              = "INVALID_REQUEST_SIGNATURE";
 this.ERROR_INVALID_VERIFICATION_CODE              = "INVALID_VERIFICATION_CODE";
 this.ERROR_MISSING_CONTENT_LENGTH_HEADER          = "MISSING_CONTENT_LENGTH_HEADER";
 this.ERROR_NO_RETRIES_LEFT                        = "NO_RETRIES_LEFT";
 this.ERROR_OFFLINE                                = "OFFLINE";
+this.ERROR_PERMISSION_DENIED                      = "PERMISSION_DENIED";
 this.ERROR_REQUEST_BODY_TOO_LARGE                 = "REQUEST_BODY_TOO_LARGE";
 this.ERROR_SERVICE_TEMPORARILY_UNAVAILABLE        = "SERVICE_TEMPORARILY_UNAVAILABLE";
 this.ERROR_TOO_MANY_REQUESTS_MSISDN               = "TOO_MANY_REQUESTS_MSISDN";
 this.ERROR_TOO_MANY_REQUESTS_UNSPECIFIED          = "TOO_MANY_REQUESTS_UNSPECIFIED";
 this.ERROR_TOO_MANY_REQUESTS_VERIFICAITON_CODE    = "TOO_MANY_REQUESTS_VERIFICATION_CODE";
 this.ERROR_TOO_MANY_REQUESTS_VERIFICATION_METHOD  = "TOO_MANY_REQUESTS_VERIFICATION_METHOD";
 this.ERROR_UNKNOWN                                = "UNKNOWN";
 this.ERROR_UNVERIFIED_ACCOUNT                     = "UNVERIFIED_ACCOUNT";
--- a/services/mobileid/MobileIdentityManager.jsm
+++ b/services/mobileid/MobileIdentityManager.jsm
@@ -315,25 +315,19 @@ let MobileIdentityManager = {
     log.debug("UI resend code");
     if (!this.activeVerificationFlow) {
       return;
     }
     this.doVerification();
   },
 
   /*********************************************************
-   * Permissions helpers
+   * Permissions helper
    ********************************************************/
 
-  hasPermission: function(aPrincipal) {
-    let permission = permissionManager.testPermissionFromPrincipal(aPrincipal,
-                                                                   MOBILEID_PERM);
-    return permission == Ci.nsIPermissionManager.ALLOW_ACTION;
-  },
-
   addPermission: function(aPrincipal) {
     permissionManager.addFromPrincipal(aPrincipal, MOBILEID_PERM,
                                        Ci.nsIPermissionManager.ALLOW_ACTION);
   },
 
   /*********************************************************
    * Phone number verification
    ********************************************************/
@@ -752,18 +746,24 @@ let MobileIdentityManager = {
       (creds) => {
         // Even if we have credentails it is possible that the user has
         // removed the permission to share its mobile id with this origin, so
         // we check the permission and if it is not granted, we ask the user
         // before generating and sharing the assertion.
         // If we've just prompted the user in the previous step, the permission
         // is already granted and stored so we just progress the credentials.
         if (creds) {
-          if (this.hasPermission(principal)) {
+          let permission = permissionManager.testPermissionFromPrincipal(
+            principal,
+            MOBILEID_PERM
+          );
+          if (permission == Ci.nsIPermissionManager.ALLOW_ACTION) {
             return creds;
+          } else if (permission == Ci.nsIPermissionManager.DENY_ACTION) {
+            return Promise.reject(ERROR_PERMISSION_DENIED);
           }
           return this.promptAndVerify(principal, manifestURL, creds);
         }
         return this.promptAndVerify(principal, manifestURL);
       }
     )
     .then(
       (creds) => {