| // Copyright 2022 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "chrome/browser/webid/federated_identity_api_permission_context.h" |
| |
| #include "chrome/browser/browser_features.h" |
| #include "chrome/browser/content_settings/cookie_settings_factory.h" |
| #include "chrome/browser/content_settings/host_content_settings_map_factory.h" |
| #include "chrome/browser/permissions/permission_decision_auto_blocker_factory.h" |
| #include "chrome/browser/profiles/profile.h" |
| #include "components/content_settings/core/common/content_settings_types.h" |
| #include "components/permissions/permission_decision_auto_blocker.h" |
| #include "content/public/browser/render_frame_host.h" |
| #include "content/public/common/content_features.h" |
| #include "net/cookies/site_for_cookies.h" |
| #include "third_party/blink/public/common/storage_key/storage_key.h" |
| #include "url/origin.h" |
| |
| using PermissionStatus = |
| content::FederatedIdentityApiPermissionContextDelegate::PermissionStatus; |
| |
| FederatedIdentityApiPermissionContext::FederatedIdentityApiPermissionContext( |
| content::BrowserContext* browser_context) |
| : host_content_settings_map_( |
| HostContentSettingsMapFactory::GetForProfile(browser_context)), |
| cookie_settings_(CookieSettingsFactory::GetForProfile( |
| Profile::FromBrowserContext(browser_context))), |
| permission_autoblocker_( |
| PermissionDecisionAutoBlockerFactory::GetForProfile( |
| Profile::FromBrowserContext(browser_context))) {} |
| |
| FederatedIdentityApiPermissionContext:: |
| ~FederatedIdentityApiPermissionContext() = default; |
| |
| content::FederatedIdentityApiPermissionContextDelegate::PermissionStatus |
| FederatedIdentityApiPermissionContext::GetApiPermissionStatus( |
| const url::Origin& relying_party_embedder) { |
| if (!base::FeatureList::IsEnabled(features::kFedCm)) |
| return PermissionStatus::BLOCKED_VARIATIONS; |
| |
| const GURL rp_embedder_url = relying_party_embedder.GetURL(); |
| |
| const ContentSetting setting = host_content_settings_map_->GetContentSetting( |
| rp_embedder_url, rp_embedder_url, |
| ContentSettingsType::FEDERATED_IDENTITY_API); |
| switch (setting) { |
| case CONTENT_SETTING_ALLOW: |
| break; |
| case CONTENT_SETTING_BLOCK: |
| return PermissionStatus::BLOCKED_SETTINGS; |
| default: |
| NOTREACHED(); |
| } |
| |
| if (permission_autoblocker_->IsEmbargoed( |
| rp_embedder_url, ContentSettingsType::FEDERATED_IDENTITY_API)) { |
| return PermissionStatus::BLOCKED_EMBARGO; |
| } |
| |
| return PermissionStatus::GRANTED; |
| } |
| |
| void FederatedIdentityApiPermissionContext::RecordDismissAndEmbargo( |
| const url::Origin& relying_party_embedder) { |
| const GURL rp_embedder_url = relying_party_embedder.GetURL(); |
| // If content setting is allowed for `rp_embedder_url` but is disabled |
| // globally, reset it first to make sure the toggle in PageInfo is correct. |
| // See crbug.com/40230194 for why the resetting is not conditional on the |
| // default content setting state. |
| const ContentSetting setting = host_content_settings_map_->GetContentSetting( |
| rp_embedder_url, rp_embedder_url, |
| ContentSettingsType::FEDERATED_IDENTITY_API); |
| if (setting == CONTENT_SETTING_ALLOW) { |
| host_content_settings_map_->SetContentSettingDefaultScope( |
| rp_embedder_url, rp_embedder_url, |
| ContentSettingsType::FEDERATED_IDENTITY_API, CONTENT_SETTING_DEFAULT); |
| } |
| permission_autoblocker_->RecordDismissAndEmbargo( |
| rp_embedder_url, ContentSettingsType::FEDERATED_IDENTITY_API, |
| /*dismissed_prompt_was_quiet=*/false); |
| } |
| |
| void FederatedIdentityApiPermissionContext::RemoveEmbargoAndResetCounts( |
| const url::Origin& relying_party_embedder) { |
| permission_autoblocker_->RemoveEmbargoAndResetCounts( |
| relying_party_embedder.GetURL(), |
| ContentSettingsType::FEDERATED_IDENTITY_API); |
| } |
| |
| void FederatedIdentityApiPermissionContext::RecordIgnoreAndEmbargo( |
| const url::Origin& relying_party_embedder) { |
| const GURL rp_embedder_url = relying_party_embedder.GetURL(); |
| // If content setting is allowed for `rp_embedder_url` but is disabled |
| // globally, reset it first to make sure the toggle in PageInfo is correct. |
| // See crbug.com/40230194 for why the resetting is not conditional on the |
| // default content setting state. |
| const ContentSetting setting = host_content_settings_map_->GetContentSetting( |
| rp_embedder_url, rp_embedder_url, |
| ContentSettingsType::FEDERATED_IDENTITY_API); |
| if (setting == CONTENT_SETTING_ALLOW) { |
| host_content_settings_map_->SetContentSettingDefaultScope( |
| rp_embedder_url, rp_embedder_url, |
| ContentSettingsType::FEDERATED_IDENTITY_API, CONTENT_SETTING_DEFAULT); |
| } |
| permission_autoblocker_->RecordIgnoreAndEmbargo( |
| rp_embedder_url, ContentSettingsType::FEDERATED_IDENTITY_API, |
| /*ignored_prompt_was_quiet=*/false); |
| } |
| |
| bool FederatedIdentityApiPermissionContext::HasThirdPartyCookiesAccess( |
| content::RenderFrameHost& host, |
| const GURL& provider_url, |
| const url::Origin& relying_party_embedder) const { |
| return cookie_settings_->IsFullCookieAccessAllowed( |
| /*request_url=*/provider_url, |
| /*first_party_url=*/ |
| net::SiteForCookies::FromOrigin(relying_party_embedder), |
| /*top_frame_origin=*/relying_party_embedder, |
| host.GetCookieSettingOverrides(), |
| host.GetStorageKey().ToCookiePartitionKey()); |
| } |
| |
| bool FederatedIdentityApiPermissionContext:: |
| AreThirdPartyCookiesEnabledInSettings() const { |
| return !cookie_settings_->ShouldBlockThirdPartyCookies(); |
| } |
