Add support for self-hosted Firefox Sync servers

Add two gsettings value to allow manual firefox sync server
configuration.

Fixes: https://gitlab.gnome.org/GNOME/epiphany/-/issues/22

5 files changed, 46 insertions, 14 deletions

diff --git a/lib/ephy-prefs.h b/lib/ephy-prefs.h
index 0f0e54f3f..d42344190 100644
--- a/lib/ephy-prefs.h
+++ b/lib/ephy-prefs.h
@@ -191,6 +191,8 @@ static const char * const ephy_prefs_web_schema[] = {
 #define EPHY_PREFS_SYNC_HISTORY_INITIAL   "sync-history-initial"
 #define EPHY_PREFS_SYNC_OPEN_TABS_ENABLED "sync-open-tabs-enabled"
 #define EPHY_PREFS_SYNC_OPEN_TABS_TIME    "sync-open-tabs-time"
+#define EPHY_PREFS_SYNC_TOKEN_SERVER      "sync-token-server"
+#define EPHY_PREFS_SYNC_ACCOUNTS_SERVER   "sync-accounts-server"
 
 #define EPHY_PREFS_WEB_APP_SCHEMA            "org.gnome.Epiphany.webapp"
 #define EPHY_PREFS_WEB_APP_ADDITIONAL_URLS   "additional-urls"
diff --git a/lib/ephy-sync-utils.c b/lib/ephy-sync-utils.c
index 13e7d96ca..c7476fd3e 100644
--- a/lib/ephy-sync-utils.c
+++ b/lib/ephy-sync-utils.c
@@ -511,3 +511,15 @@ ephy_sync_utils_get_open_tabs_sync_time (void)
 {
   return g_settings_get_int64 (EPHY_SETTINGS_SYNC, EPHY_PREFS_SYNC_OPEN_TABS_TIME);
 }
+
+char *
+ephy_sync_utils_get_token_server (void)
+{
+  return g_settings_get_string (EPHY_SETTINGS_SYNC, EPHY_PREFS_SYNC_TOKEN_SERVER);
+}
+
+char *
+ephy_sync_utils_get_accounts_server (void)
+{
+  return g_settings_get_string (EPHY_SETTINGS_SYNC, EPHY_PREFS_SYNC_ACCOUNTS_SERVER);
+}
diff --git a/lib/ephy-sync-utils.h b/lib/ephy-sync-utils.h
index f6f4e46ff..6f34d8d74 100644
--- a/lib/ephy-sync-utils.h
+++ b/lib/ephy-sync-utils.h
@@ -30,9 +30,6 @@ const SecretSchema *ephy_sync_utils_get_secret_schema (void) G_GNUC_CONST;
 #define EPHY_SYNC_SECRET_SCHEMA       (ephy_sync_utils_get_secret_schema ())
 #define EPHY_SYNC_SECRET_ACCOUNT_KEY  "firefox_account"
 
-#define EPHY_SYNC_FX_TOKEN_SERVER_URL     "https://token.services.mozilla.com/1.0/sync/1.5"
-#define EPHY_SYNC_FX_ACCOUNTS_SERVER_URL  "https://api.accounts.firefox.com/v1"
-
 #define EPHY_SYNC_STORAGE_VERSION 5
 #define EPHY_SYNC_DEVICE_ID_LEN   32
 #define EPHY_SYNC_BSO_ID_LEN      12
@@ -100,4 +97,7 @@ gboolean  ephy_sync_utils_open_tabs_sync_is_enabled     (void);
 void      ephy_sync_utils_set_open_tabs_sync_time       (gint64 time);
 gint64    ephy_sync_utils_get_open_tabs_sync_time       (void);
 
+char     *ephy_sync_utils_get_token_server              (void);
+char     *ephy_sync_utils_get_accounts_server           (void);
+
 G_END_DECLS
diff --git a/lib/sync/debug/ephy-sync-debug.c b/lib/sync/debug/ephy-sync-debug.c
index fc5803d60..2eb266770 100644
--- a/lib/sync/debug/ephy-sync-debug.c
+++ b/lib/sync/debug/ephy-sync-debug.c
@@ -278,6 +278,7 @@ ephy_sync_debug_get_signed_certificate (const char           *session_token,
   char *n;
   char *e;
   guint status_code;
+  g_autofree char *accounts_server = NULL;
 
   g_assert (session_token);
   g_assert (keypair);
@@ -298,7 +299,8 @@ ephy_sync_debug_get_signed_certificate (const char           *session_token,
   json_node_set_object (node, json_body);
   body = json_to_string (node, FALSE);
 
-  url = g_strdup_printf ("%s/certificate/sign", EPHY_SYNC_FX_ACCOUNTS_SERVER_URL);
+  accounts_server = ephy_sync_utils_get_accounts_server ();
+  url = g_strdup_printf ("%s/certificate/sign", accounts_server);
   msg = ephy_sync_debug_prepare_soup_message (url, "POST", body,
                                               id_hex, key, 32);
   session = soup_session_new ();
@@ -359,6 +361,7 @@ ephy_sync_debug_get_storage_credentials (char **storage_endpoint,
   const char *session_token;
   guint status_code;
   gboolean success = FALSE;
+  g_autofree char *token_server = NULL;
 
   secrets = ephy_sync_debug_load_secrets ();
   if (!secrets)
@@ -370,13 +373,14 @@ ephy_sync_debug_get_storage_credentials (char **storage_endpoint,
   if (!certificate)
     goto free_keypair;
 
-  audience = ephy_sync_utils_get_audience (EPHY_SYNC_FX_TOKEN_SERVER_URL);
+  token_server = ephy_sync_utils_get_token_server ();
+  audience = ephy_sync_utils_get_audience (token_server);
   assertion = ephy_sync_crypto_create_assertion (certificate, audience, 300, keypair);
   kb = ephy_sync_utils_decode_hex (json_object_get_string_member (secrets, "master_key"));
   hashed_kb = g_compute_checksum_for_data (G_CHECKSUM_SHA256, kb, 32);
   client_state = g_strndup (hashed_kb, 32);
   authorization = g_strdup_printf ("BrowserID %s", assertion);
-  msg = soup_message_new ("GET", EPHY_SYNC_FX_TOKEN_SERVER_URL);
+  msg = soup_message_new ("GET", token_server);
   soup_message_headers_append (msg->request_headers, "X-Client-State", client_state);
   soup_message_headers_append (msg->request_headers, "authorization", authorization);
   session = soup_session_new ();
@@ -1024,6 +1028,7 @@ ephy_sync_debug_view_connected_devices (void)
   char *id_hex;
   char *url;
   const char *session_token;
+  g_autofree char *accounts_server = NULL;
 
   secrets = ephy_sync_debug_load_secrets ();
   if (!secrets)
@@ -1032,7 +1037,8 @@ ephy_sync_debug_view_connected_devices (void)
   session_token = json_object_get_string_member (secrets, "session_token");
   ephy_sync_crypto_derive_session_token (session_token, &id, &key, &tmp);
 
-  url = g_strdup_printf ("%s/account/devices", EPHY_SYNC_FX_ACCOUNTS_SERVER_URL);
+  accounts_server = ephy_sync_utils_get_accounts_server ();
+  url = g_strdup_printf ("%s/account/devices", accounts_server);
   id_hex = ephy_sync_utils_encode_hex (id, 32);
   msg = ephy_sync_debug_prepare_soup_message (url, "GET", NULL, id_hex, key, 32);
   session = soup_session_new ();
@@ -1076,6 +1082,7 @@ ephy_sync_debug_get_current_device (void)
   char *url;
   const char *session_token;
   guint status_code;
+  g_autofree char *accounts_server = NULL;
 
   secrets = ephy_sync_debug_load_secrets ();
   if (!secrets)
@@ -1084,7 +1091,8 @@ ephy_sync_debug_get_current_device (void)
   session_token = json_object_get_string_member (secrets, "session_token");
   ephy_sync_crypto_derive_session_token (session_token, &id, &key, &tmp);
 
-  url = g_strdup_printf ("%s/account/devices", EPHY_SYNC_FX_ACCOUNTS_SERVER_URL);
+  accounts_server = ephy_sync_utils_get_accounts_server ();
+  url = g_strdup_printf ("%s/account/devices", accounts_server);
   id_hex = ephy_sync_utils_encode_hex (id, 32);
   msg = ephy_sync_debug_prepare_soup_message (url, "GET", NULL, id_hex, key, 32);
   session = soup_session_new ();
diff --git a/lib/sync/ephy-sync-service.c b/lib/sync/ephy-sync-service.c
index f56581b5c..b7f5600b8 100644
--- a/lib/sync/ephy-sync-service.c
+++ b/lib/sync/ephy-sync-service.c
@@ -465,6 +465,7 @@ ephy_sync_service_fxa_hawk_post (EphySyncService     *self,
   SoupMessage *msg;
   char *url;
   const char *content_type = "application/json; charset=utf-8";
+  g_autofree char *accounts_server = NULL;
 
   g_assert (EPHY_IS_SYNC_SERVICE (self));
   g_assert (endpoint);
@@ -472,7 +473,8 @@ ephy_sync_service_fxa_hawk_post (EphySyncService     *self,
   g_assert (key);
   g_assert (request_body);
 
-  url = g_strdup_printf ("%s/%s", EPHY_SYNC_FX_ACCOUNTS_SERVER_URL, endpoint);
+  accounts_server = ephy_sync_utils_get_accounts_server ();
+  url = g_strdup_printf ("%s/%s", accounts_server, endpoint);
   msg = soup_message_new (SOUP_METHOD_POST, url);
   soup_message_set_request (msg, content_type, SOUP_MEMORY_COPY,
                             request_body, strlen (request_body));
@@ -502,13 +504,15 @@ ephy_sync_service_fxa_hawk_get (EphySyncService     *self,
   SyncCryptoHawkHeader *header;
   SoupMessage *msg;
   char *url;
+  g_autofree char *accounts_server = NULL;
 
   g_assert (EPHY_IS_SYNC_SERVICE (self));
   g_assert (endpoint);
   g_assert (id);
   g_assert (key);
 
-  url = g_strdup_printf ("%s/%s", EPHY_SYNC_FX_ACCOUNTS_SERVER_URL, endpoint);
+  accounts_server = ephy_sync_utils_get_accounts_server ();
+  url = g_strdup_printf ("%s/%s", accounts_server, endpoint);
   msg = soup_message_new (SOUP_METHOD_GET, url);
   header = ephy_sync_crypto_hawk_header_new (url, "GET", id, key, key_len, NULL);
   soup_message_headers_append (msg->request_headers, "authorization", header->header);
@@ -613,6 +617,7 @@ ephy_sync_service_verify_certificate (EphySyncService *self,
   const char *email;
   gsize len;
   gboolean retval = FALSE;
+  g_autofree char *accounts_server = NULL;
 
   g_assert (EPHY_IS_SYNC_SERVICE (self));
   g_assert (ephy_sync_service_get_secret (self, secrets[UID]));
@@ -662,7 +667,8 @@ ephy_sync_service_verify_certificate (EphySyncService *self,
     g_warning ("JSON object has missing or invalid 'email' member");
     goto out;
   }
-  uri = soup_uri_new (EPHY_SYNC_FX_ACCOUNTS_SERVER_URL);
+  accounts_server = ephy_sync_utils_get_accounts_server ();
+  uri = soup_uri_new (accounts_server);
   expected = g_strdup_printf ("%s@%s",
                               ephy_sync_service_get_secret (self, secrets[UID]),
                               soup_uri_get_host (uri));
@@ -749,6 +755,7 @@ ephy_sync_service_destroy_session (EphySyncService *self,
   char *url;
   const char *content_type = "application/json; charset=utf-8";
   const char *request_body = "{}";
+  g_autofree char *accounts_server = NULL;
 
   g_assert (EPHY_IS_SYNC_SERVICE (self));
   if (!session_token)
@@ -756,7 +763,8 @@ ephy_sync_service_destroy_session (EphySyncService *self,
   g_assert (session_token);
 
   /* This also destroys the device associated with the session token. */
-  url = g_strdup_printf ("%s/session/destroy", EPHY_SYNC_FX_ACCOUNTS_SERVER_URL);
+  accounts_server = ephy_sync_utils_get_accounts_server ();
+  url = g_strdup_printf ("%s/session/destroy", accounts_server);
   ephy_sync_crypto_derive_session_token (session_token, &token_id,
                                          &req_hmac_key, &tmp);
   token_id_hex = ephy_sync_utils_encode_hex (token_id, 32);
@@ -880,12 +888,14 @@ ephy_sync_service_trade_browserid_assertion (EphySyncService *self)
   char *audience;
   char *assertion;
   char *authorization;
+  g_autofree char *token_server = NULL;
 
   g_assert (EPHY_IS_SYNC_SERVICE (self));
   g_assert (self->certificate);
   g_assert (self->key_pair);
 
-  audience = ephy_sync_utils_get_audience (EPHY_SYNC_FX_TOKEN_SERVER_URL);
+  token_server = ephy_sync_utils_get_token_server ();
+  audience = ephy_sync_utils_get_audience (token_server);
   assertion = ephy_sync_crypto_create_assertion (self->certificate, audience,
                                                  300, self->key_pair);
   kb = ephy_sync_utils_decode_hex (ephy_sync_service_get_secret (self, secrets[MASTER_KEY]));
@@ -893,7 +903,7 @@ ephy_sync_service_trade_browserid_assertion (EphySyncService *self)
   client_state = g_strndup (hashed_kb, 32);
   authorization = g_strdup_printf ("BrowserID %s", assertion);
 
-  msg = soup_message_new (SOUP_METHOD_GET, EPHY_SYNC_FX_TOKEN_SERVER_URL);
+  msg = soup_message_new (SOUP_METHOD_GET, token_server);
   /* We need to add the X-Client-State header so that the Token Server will
    * recognize accounts that were previously used to sync Firefox data too.
    */