Add support for AuthEvent#20732
Conversation
| // As it stands, we can at least avoid users getting to an infinite loader | ||
| // in the case of `decryptOnAttachmentOpen`. |
There was a problem hiding this comment.
Can we console.warn something like "there are encrypted attachments but they are not supported yet"?
Also, question about the PDF format: is it possible to have some encrypted attachments and some not? In this case we should probably still show the non-encrypted ones.
There was a problem hiding this comment.
is it possible to have some encrypted attachments and some not? In this case we should probably still show the non-encrypted ones.
See the last 2 blockquotes from #20139 (comment).
As I understand it, pdf generators should make PDFs with all attachments encrypted.
There is also the case of encrypted attachments w/o AuthEvent.
I considered looking into it, indeed having a nice warning, but I think it’s better to spend that time into actually solving the issue #20139.
So this also relates to console.warn: this PR does not change encrypted attachment handling. Those are not detected and yield warnings already. This only honors when to ask for a password.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #20732 +/- ##
==========================================
+ Coverage 62.77% 62.81% +0.03%
==========================================
Files 169 169
Lines 119824 119837 +13
==========================================
+ Hits 75224 75274 +50
+ Misses 44600 44563 -37
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
This solves mozillaGH-20049, it’s an alternative to mozillaGH-20140. The analysis is a bit different. It builds on [my comment in the other issue](mozilla#20139 (comment)), and the fact that they are *separate* things. To recap, it is possible to have a document plain text but have attachments encrypted. In that case, instead of prompting upfront, PDFs can prompt later with `/AuthEvent /EFOpen`. The default is `/AuthEvent /DocOpen`. Which is typical. So `/AuthEvent` is uncommon. So, separate things: * encrypted attachments (regardless of `/AuthEvent`) (mozillaGH-20139) * `/AuthEvent /EFOpen` (regardless of whether there are attachments) (this issue/PR) This PR stops prompting for a password on doc open if there is an `/AuthEvent /EFOpen`. It also does not list delayed encrypted attachments in the sidebar. It does that to prevent an infinite loading screen in a known case but also so that there is a place marked in the code where future logic, after mozillaGH-20139, can support lazily decrypting attachments.
e92ce0c to
2fbf027
Compare
|
/botio test |
From: Bot.io (Linux m4)ReceivedCommand cmd_test from @nicolo-ribaudo received. Current queue size: 1 Live output at: http://54.241.84.105:8877/98dfdbb8ea80820/output.txt |
From: Bot.io (Windows)ReceivedCommand cmd_test from @nicolo-ribaudo received. Current queue size: 1 Live output at: http://54.193.163.58:8877/d6a920f112a1e0b/output.txt |
From: Bot.io (Linux m4)FailedFull output at http://54.241.84.105:8877/98dfdbb8ea80820/output.txt Total script time: 60.00 mins |
From: Bot.io (Windows)FailedFull output at http://54.193.163.58:8877/d6a920f112a1e0b/output.txt Total script time: 71.67 mins
Image differences available at: http://54.193.163.58:8877/d6a920f112a1e0b/reftest-analyzer.html#web=eq.log |
|
The browser in the linux bot just crashed /botio-linux test |
From: Bot.io (Linux m4)ReceivedCommand cmd_test from @nicolo-ribaudo received. Current queue size: 1 Live output at: http://54.241.84.105:8877/da34aa3b5bbce24/output.txt |
From: Bot.io (Linux m4)FailedFull output at http://54.241.84.105:8877/da34aa3b5bbce24/output.txt Total script time: 44.10 mins
Image differences available at: http://54.241.84.105:8877/da34aa3b5bbce24/reftest-analyzer.html#web=eq.log |
| // But it is at least possible to honour `/AuthEvent /EFOpen` by not | ||
| // asking for a password on document open. | ||
| this.decryptOnAttachmentOpen = | ||
| encrypt.get("CF")?.get("StdCF")?.get("AuthEvent")?.name === "EFOpen"; |
There was a problem hiding this comment.
So here you're reading the encrypt dict without setting suppressEncryption which is in contradiction with the comment below.
There was a problem hiding this comment.
It’s been a while, and I think the other PR landing first will require a rework of this PR anyway, but as I understand it:
This part that is read should not be encrypted.
The else branch (not setting things) prevents the trying-to-decrypt-things.
Otherwise, the trying-to-decrypt-things will prompt for the password on open.
| // But it is at least possible to honour `/AuthEvent /EFOpen` by not | ||
| // asking for a password on document open. | ||
| this.decryptOnAttachmentOpen = | ||
| encrypt.get("CF")?.get("StdCF")?.get("AuthEvent")?.name === "EFOpen"; |
There was a problem hiding this comment.
You completely ignore the EFF value, right ? Is it a good idea ?
calixteman
left a comment
There was a problem hiding this comment.
I tried with a pdf with an encrypted attachment and it's fine no password prompt when opening the file, but there's nothing in the attachments view (the button is even disabled).
So overall it looks like a regression.
The behavior today is that the attachments are shown but clicking on them does nothing. Do you think that behavior is more desirable than not showing the undownloadable attachment at all? |
Yeah, you're right: it's fair. |
|
Yeah agree. There are two issues going on:
We should eventually fix both, and for now this PR only fixes 2. Fixing (1) is a bit more complex because it requires showing the user a popup on attachment download, touching some paths that are currently synchronous. |
|
Okay, see GH-21234! |
This PR is related to mozillaGH-20732, which is about `AuthEvent` (to delay promting for a password), but instead adds the actual support for encrypted attachments. “Encrypted attachments” means that the main things are plain text. Note that some PDF viewers, like Preview/QuickLook/Safari or Chrome, do not support attachments at all. Note that the file checked into the tests is the same as `output-no-auth-event.pdf` referenced in <mozilla#20139 (comment)>. Closes mozillaGH-20139.
This PR is related to mozillaGH-20732, which is about `AuthEvent` (to delay promting for a password), but instead adds the actual support for encrypted attachments. “Encrypted attachments” means that the main things are plain text. Note that some PDF viewers, like Preview/QuickLook/Safari or Chrome, do not support attachments at all. Note that the file checked into the tests is the same as `output-no-auth-event.pdf` referenced in <mozilla#20139 (comment)>. Closes mozillaGH-20139.
This PR is related to mozillaGH-20732, which is about `AuthEvent` (to delay promting for a password), but instead adds the actual support for encrypted attachments. “Encrypted attachments” means that the main things are plain text. Note that some PDF viewers, like Preview/QuickLook/Safari or Chrome, do not support attachments at all. Note that the file checked into the tests is the same as `output-no-auth-event.pdf` referenced in <mozilla#20139 (comment)>. Closes mozillaGH-20139.
|
Closing, GH-21351 is a proper version. |
Normally entire PDFs are encrypted (or not). But it is also possible to only encrypt attachments. It is then also possible to *only* prompt for a password when the user opens them. In the existing flow, prompting for passwords happens because things are decrypted. A specific error is thrown, caught, and the user is prompted. To keep this flow working, this PR changes to decrypting attachments on demand, instead of eagerly. This sounds logical: to not read attachments on startup. I’ve extensively tested this, not only with regular attachments, but also with outline items and attachments in annotations. This PR builds on mozillaGH-21234. It’s an alternative to the naïve mozillaGH-20732. Closes mozillaGH-20049.
Normally entire PDFs are encrypted (or not). But it is also possible to only encrypt attachments. It is then also possible to *only* prompt for a password when the user opens them. In the existing flow, prompting for passwords happens because things are decrypted. A specific error is thrown, caught, and the user is prompted. To keep this flow working, this PR changes to decrypting attachments on demand, instead of eagerly. This sounds logical: to not read attachments on startup. I’ve extensively tested this, not only with regular attachments, but also with outline items and attachments in annotations. This PR builds on mozillaGH-21234. It’s an alternative to the naïve mozillaGH-20732. Closes mozillaGH-20049.
Normally entire PDFs are encrypted (or not). But it is also possible to only encrypt attachments. It is then also possible to *only* prompt for a password when the user opens them. In the existing flow, prompting for passwords happens because things are decrypted. A specific error is thrown, caught, and the user is prompted. To keep this flow working, this PR changes to decrypting attachments on demand, instead of eagerly. This sounds logical: to not read attachments on startup. I’ve extensively tested this, not only with regular attachments, but also with outline items and attachments in annotations. This PR builds on mozillaGH-21234. It’s an alternative to the naïve mozillaGH-20732. Closes mozillaGH-20049.
Hi!
This solves GH-20049, it’s an alternative to GH-20140. The analysis is a bit different. It builds on my comment in the other issue, and the fact that they are separate things.
To recap, it is possible to have a document plain text but have attachments encrypted. In that case, instead of prompting upfront, PDFs can prompt later with
/AuthEvent /EFOpen. The default is/AuthEvent /DocOpen. Which is typical. So/AuthEventis uncommon.So, separate things:
/AuthEvent) ([Bug]: File Attachments do not open when they are encrypted #20139)/AuthEvent /EFOpen(regardless of whether there are attachments) (this issue/PR)This PR stops prompting for a password on doc open if there is an
/AuthEvent /EFOpen. It also does not list delayed encrypted attachments in the sidebar. It does that to prevent an infinite loading screen in a known case but also so that there is a place marked in the code where future logic, after GH-20139, can support lazily decrypting attachments.