The elements of the SyncResultObject#conflicts field are {local,
remote} pairs. However, the elements of the SyncResultObject#resolved
field are just the resolutions, and trying to access "local" and
"remote" fields of those resolutions causes a crash. Add a test that
demonstrates the error, and then fix it.
MozReview-Commit-ID: LF0NBw5VKBC
Get rid of the ugly hack where test code monkeypatches a singleton to
convince the rest of the ExtensionStorageSync code that a fake user is
logged in. Instead, take a handle to the fxAccounts service at
construction time. Test code can provide any kind of fxAccounts it
wants, including one that has a hard-coded user.
This provokes a bunch of changes:
- ExtensionStorageSync is now no longer a singleton, but a class. You
have to instantiate it in order to do anything with it. A global
instance extensionStorageSync is provided for use by Sync code as
well as WebExtension code.
- CryptoCollection is now also a class, and each ExtensionStorageSync
instance has its own CryptoCollection. This dependency should maybe
also be injected, but for the time being it doesn't provide us any
value to do so.
- Converting singletons with asynchronous methods to classes is a pain
in the neck. We convert async method foo from `foo:
Task.async(....)` to `async foo() { .... }`. While we're here,
convert KeyRingEncryptionRemoteTransformer#decode to async/await to
eliminate a need for `let self = this`.
- Update Sync code and WebExtension code to use extensionStorageSync.
- There's a cyclic dependency where CryptoCollection#sync depends on
ExtensionStorageSync#_syncCollection which depends on
CryptoCollection#getKeyRing. As a short-term hack, we now require an
ExtensionStorageSync argument to CryptoCollection#sync.
- KeyRingEncryptionRemoteTransformer now takes a handle to fxAccounts
on construction time as well. Because this is the only
EncryptionRemoteTransformer subclass that accesses fxAccounts, we
can get rid of the hack where the tests monkeypatch something in the
EncryptionRemoteTransformer prototype.
- CollectionKeyEncryptionRemoteTransformer now takes a handle to a
CryptoCollection, rather than relying on a global one.
- A bunch of methods that previously assumed access to fxAccounts now
check if fxAccounts is present (i.e. if we're on Android). Strictly
speaking, this isn't required by this change, but it helps make
certain kinds of failure a little easier to diagnose.
- Update tests, including extracting a domain-specific helper method
to hide the use of CollectionKeyEncryptionRemoteTransformer. We now
no longer monkeypatch in our mock fxaService, but pass it to the
test so that it can do whatever it wants with it. We also provide an
ExtensionStorageSync instance for convenience. Access to the global
cryptoCollection is now done through an ExtensionStorageSync
instance.
To summarize, we've gone from a situation where a bunch of singletons
had implicit dependencies on other singletons in a shared global
namespace, to a situation where dependencies are provided explicitly
using method/constructor arguments. This highlights some of the
dependencies present:
- ExtensionStorageSync depends on CryptoCollection and fxAccounts if
it needs to sync
- Every collection created via openCollection needs a handle to
CryptoCollection so it can correctly create its remote transformers
- CryptoCollection needs a handle to fxAccounts so it can create its
own remote transformer for its special collection
Most of this is only possible, or at least much easier, because we no
longer try to juggle Sqlite connections but just keep one around
forever.
However, please note:
- CryptoCollection needs a handle to ExtensionStorageSync to actually
perform syncing logic because that's where we foolishly put the
logic to make requests
- There's still a backing Sqlite store which is shared by everything
- There's still a singleton tracking contexts that opened extensions
which we manage to try to clean contexts up correctly
MozReview-Commit-ID: DGIzyRTdYZ1
Since services/sync doesn't ship on Android, this meant
conditionally-defining some variables such as `cryptoCollection` and
`CollectionKeyEncryptionRemoteTransformer` depending on whether or not
we were on Android. However, none of these definitions really rely on
functionality that isn't present on Android (although you can't really
use them yet either). Move the dependency together with the dependant
code so we can simplify a bit. This lets us remove conditional uses of
`cryptoCollection` and `CollectionKeyEncryptionRemoteTransformer`.
Because the WebExtensions source directory has more stringent eslint
rules, we end up reformatting and commenting a bit in addition to
moving.
MozReview-Commit-ID: 2ddDeymYFNi
This does a sha256 of record IDs, the same way we do for collection
IDs, during encryption.
The way we compute the new ID (using an overridden method) is a little
bit of a hack, but we use the new ID as part of the HMAC. This also
invalidates a previous assumption, which is that we kept record IDs
the same during decryption.
MozReview-Commit-ID: Gbzlo9OE1he
This ties the collection ID used for a given extension to the "salts"
record. This blocks an attack where, given the user's ID, an attacker
could just hash all the extension IDs on addons.mozilla.org to
generate possible hashed collection IDs.
MozReview-Commit-ID: OABsOOMn2F
Because these need to be encrypted with kB like the keyring does, and
wiped at the same time as the keyring does, just smush them into the
keyring. Rename `ensureKeysFor` to `ensureCanSync`, but don't update
it to return the salts -- for now, we don't need that.
MozReview-Commit-ID: DOJxdx5ugKl
`generateUUID()` returns an `nsID`, which is not exactly the same as a
UUID. `nsID`s can be converted to strings using `toString()`, but if
you use `JSON.stringify()`, they become `{}`. Object comparison in JS
performs identity comparison, which would be useless even if the UUIDs
were sensible, which they aren't. As a result, trying to sync keyrings
always failed, because it always seemed like UUIDs had changed, even
when they hadn't.
Because it never occurred to me that UUIDs wouldn't be strings, I
never even wrote a test for this. Correct this, and fix the test.
Thanks to :vasilica_mihasca and :markh for reporting and diagnosing this.
MozReview-Commit-ID: EthxkFFwRbQ
This major version of kinto.js released without a FirefoxStorage
adapter. Since Gecko is the only project with a need for this adapter
as well as the only one who can use it, that file moves to this repo
as a new kinto-storage-adapter.js. This file is mostly a copy of the
most recent FirefoxStorage.js, plus some other non-exported utility
functions copied from kinto.js to make it work.
This changes the export of the kinto-offline-client.js from a
`loadKinto` function which returns the Kinto class, to the actual
Kinto class itself, with the user expected to "hook up" the
adapter. It turns out that this doesn't change much in how we actually
use Kinto, since we were always previously explicitly selecting the
Kinto adapter.
This release of kinto.js also changes some of the build options
around, which changes the minified output of kinto-offline-client.js.
There are still some outstanding stylistic complaints about
FirefoxAdapter having to do with its _init static method which is
public and the fact that sometimes FirefoxAdapter manages its own
Sqlite connection and sometimes it doesn't. These will be addressed in
a future patch.
MozReview-Commit-ID: HF0oNCEDcFs
