-
Notifications
You must be signed in to change notification settings - Fork 221
/
logins.udl
161 lines (125 loc) · 5.02 KB
/
logins.udl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
namespace logins {
// We expose the crypto primitives on the namespace
// Create a new, random, encryption key.
[Throws=LoginsApiError]
string create_key();
// Decrypt an `EncryptedLogin` to a `Login`
[Throws=LoginsApiError]
Login decrypt_login(EncryptedLogin login, [ByRef]string encryption_key);
// Encrypt a `Login` to an `EncryptedLogin`
[Throws=LoginsApiError]
EncryptedLogin encrypt_login(Login login, [ByRef]string encryption_key);
// Decrypt an encrypted `string` to `SecureLoginFields`
[Throws=LoginsApiError]
SecureLoginFields decrypt_fields(string sec_fields, [ByRef]string encryption_key);
// Encrypt `SecureLoginFields` to an encrypted `string`
[Throws=LoginsApiError]
string encrypt_fields(SecureLoginFields sec_fields, [ByRef]string encryption_key);
// Create a "canary" string, which can be used to test if the encryption key is still valid for the logins data
[Throws=LoginsApiError]
string create_canary([ByRef]string text, [ByRef]string encryption_key);
// Check that key is still valid using the output of `create_canary`. `text` much match the text you initially passed to `create_canary()`
[Throws=LoginsApiError]
boolean check_canary([ByRef]string canary, [ByRef]string text, [ByRef]string encryption_key);
[Throws=LoginsApiError]
void migrate_logins(
[ByRef]string path,
[ByRef]string new_encryption_key,
[ByRef]string sqlcipher_path,
[ByRef]string sqlcipher_key,
string? salt
);
};
// The fields you can add or update.
dictionary LoginFields {
string origin;
string? http_realm;
string? form_action_origin;
string username_field;
string password_field;
};
// Fields available only while the encryption key is known.
dictionary SecureLoginFields {
string password;
string username;
};
// Fields specific to database records
dictionary RecordFields {
string id;
i64 times_used;
i64 time_created;
i64 time_last_used;
i64 time_password_changed;
};
// A login entry from the user, not linked to any database record.
// The add/update APIs input these, alongside an encryption key.
dictionary LoginEntry {
LoginFields fields;
SecureLoginFields sec_fields;
};
// A login stored in the database
dictionary Login {
RecordFields record;
LoginFields fields;
SecureLoginFields sec_fields;
};
// An encrypted version of [Login]. This is what we return for all the "read"
// APIs - we never return the cleartext of encrypted fields.
dictionary EncryptedLogin {
RecordFields record;
LoginFields fields;
string sec_fields; // ciphertext of a SecureLoginFields
};
// These are the errors returned by our public API.
[Error]
interface LoginsApiError {
// The login data supplied is invalid. The reason will indicate what's wrong with it.
InvalidRecord(string reason);
// Asking to do something with a guid which doesn't exist.
NoSuchRecord(string reason);
// The encryption key supplied of the correct format, but not the correct key.
IncorrectKey();
// An operation was interrupted at the request of the consuming app.
Interrupted(string reason);
// Sync reported that authentication failed and the user should re-enter their FxA password.
// TODO: remove this at the same time as remove the sync() method in favour of the SyncManager.
SyncAuthInvalid(string reason);
// something internal went wrong which doesn't have a public error value
// because the consuming app can not reasonably take any action to resolve it.
// The underlying error will have been logged and reported.
// (ideally would just be `Unexpected`, but that would be a breaking change)
UnexpectedLoginsApiError(string reason);
};
interface LoginStore {
[Throws=LoginsApiError]
constructor(string path);
[Throws=LoginsApiError]
EncryptedLogin add(LoginEntry login, [ByRef]string encryption_key);
[Throws=LoginsApiError]
EncryptedLogin update([ByRef] string id, LoginEntry login, [ByRef]string encryption_key);
[Throws=LoginsApiError]
EncryptedLogin add_or_update(LoginEntry login, [ByRef]string encryption_key);
[Throws=LoginsApiError]
boolean delete([ByRef] string id);
[Throws=LoginsApiError]
void wipe();
[Throws=LoginsApiError]
void wipe_local();
[Throws=LoginsApiError, Self=ByArc]
void reset();
[Throws=LoginsApiError]
void touch([ByRef] string id);
[Throws=LoginsApiError]
sequence<EncryptedLogin> list();
[Throws=LoginsApiError]
sequence<EncryptedLogin> get_by_base_domain([ByRef] string base_domain);
[Throws=LoginsApiError]
Login? find_login_to_update(LoginEntry look, [ByRef]string encryption_key);
[Throws=LoginsApiError]
EncryptedLogin? get([ByRef] string id);
[Self=ByArc]
void register_with_sync_manager();
};