M1606: Implementing HTTP authorization UI and persistent sessions

From Expertiza_Wiki
Jump to navigation Jump to search

M1606: Implementing HTTP authorization UI and persistent sessions

Web pages make use of sessions all the time. These are required to persist throughout the life of the user's interaction with the web site or web application.This is supported by Servo as of today. However it doesn't support the persistence of data upon the closing and reopening of the web browser.<ref> https://github.com/servo/servo/wiki/Persistent-sessions-student-project</ref>

With this project we aim to create the necessary infrastructure to support this.

Introduction

Servo

Servo is a web browser layout engine written in Rust and is currently being developed by Mozilla Research. The aim of the project is not to create a full browser but is rather to create a highly parallel environment that allows for many components be handled by fine-grained, isolated tasks. Servo is built on top of Rust to provide a secure and reliable foundation and is focused on creating a reliable and fast browser engine.<ref>https://en.wikipedia.org/wiki/Servo_(layout_engine)</ref>

Rust

Rust is a multi-paradigm, compiled programming language that is a good language for creating highly safe systems. Rust and Servo have a symbiotic relationship as the development of servo has influenced the design of the language. Rust is a modern, fast, memory safe and multithreaded programming language that focuses on speed and safety for developing reliable and efficient systems. It eliminates all data races by having numerous compile-time safety checks that adds no runtime overhead.<ref>https://en.wikipedia.org/wiki/Rust_(programming_language)</ref>

Previous Related Work

A Wiki Page regarding this work can be found here

1) Added a new command line flag --profile-dir [path] that stores an optional directory path in the Opts struct in opts.rs, creates the directory if it does not exist.

2) Created Rust FFI bindings for the tinyfiledialogs library to allow calling the C methods from Servo.

3) In resource_thread.rs, defined an HTTP authorization cache storage (username, password, URL) and instantiated it like the cookie_storage member (inside an Arc<Rwlock<>> value, to enable sharing it between threads).

4) In modify_request_headers in http_loader.rs, implemented the remaining pieces of step 12 of the appropriate specification using the authorization cache.

Scope

The scope of this project is to:

1)

2)

3)

4)

Design Patterns

The team was not given much freedom for design patterns. We followed and used the existing servo design strategy. You can read about the servo design here

Implementation / Design Decisions

Here are some of the design decisions that we have made for implementing the steps mentioned in Scope :

Step 1

Objective: Make an authorization UI appear when a 401 HTTP response is received

Using the tinyfiledialogs RUST FFI bindings that the team created in the initial steps we will create a UI for the user to enter his username and password when a 401 request is received for a basic HTTP authentication. We will first check if the status code of the http response is "unauthorized". If the code is unauthorized we will display the UI for the user to enter his username and password. After the username and password are entered the request is restarted with the authentication header added. If the request is now successful we create a new authentication entry struct and place it into the Authentication hash map for future use.

Step 2

Objective:

Step 3

Objective:

Step 4

Objective:

Testing

Testing the new command line flag --profile-dir

Steps for Testing the new command line flag --profile-dir can be found here

Unit Test for set authorization header if url does not have credentials

Steps for Unit Tests for set authorization header if url does not have credentials can be found here

GUI test for the tinyfiledialogs lib

Steps for GUI test for the tinyfiledialogs lib can be found here

References

<references/>