Switch to less intrusive register(browser_name...)

rayluo · rayluo · commit 449c2505bc8f · 2021-08-05T15:30:06.000-07:00
diff --git a/msal/application.py b/msal/application.py
@@ -28,22 +28,6 @@
 
 logger = logging.getLogger(__name__)
 
-if True:  # Prefer launching Edge when running on Linux to support device-based CA.
-    # This section only works when being run before webbrowser.open().
-    # We could theoretically put it inside acquire_token_interactive(),
-    # but that won't work for some of our major downstream applications
-    # because they happen to invoke webbrowser.open() before calling MSAL.
-    # So, we choose to add this logic at MSAL's module level.
-    if ("BROWSER" not in os.environ  # Customize it when end user has no preference
-            and sys.platform == "linux"):  # On Linux, only Edge will have CA support
-        os.environ["BROWSER"] = (  # This is the executable file name
-            # Hard-coding a well-known location can avoid unwittingly invoking
-            # a potentially malicious "microsoft-edge" in current working directory.
-            "/usr/bin/microsoft-edge")
-        # Unavailable browser will be silently ignored and fall back to the default
-        # More details at https://docs.python.org/3/library/webbrowser.html
-        logger.debug("Prefer %s as browser for sign-in.", os.environ.get("BROWSER"))
-
 
 def extract_certs(public_cert_content):
     # Parses raw public certificate file contents and returns a list of strings
@@ -86,6 +70,25 @@ def _clean_up(result):
     return result
 
 
+def _preferred_browser():
+    """Register Edge and return a name suitable for webbrowser.get(...),
+    if running on Linux and there is no BROWSER env var, otherwise return None.
+    """
+    browser_path = "/usr/bin/microsoft-edge"  # Use a full path owned by sys admin
+    browser_name = "microsoft-edge"  # Use a generic meaningful name
+    if ("BROWSER" not in os.environ  # Customize it when end user has no preference
+            and sys.platform == "linux"  # On Linux, only Edge will have CA support
+            and os.path.exists(browser_path)):  # Edge is usually installed here
+        try:
+            import webbrowser  # Lazy import. Some distro may not have this.
+            webbrowser.register(
+                browser_name, None, webbrowser.BackgroundBrowser(browser_path))
+            return browser_name
+        except ImportError:
+            pass  # We may still proceed
+    return None
+
+
 class ClientApplication(object):
 
     ACQUIRE_TOKEN_SILENT_ID = "84"
@@ -1410,6 +1413,7 @@ def acquire_token_interactive(
                 },
             data=dict(kwargs.pop("data", {}), claims=claims),
             headers=telemetry_context.generate_headers(),
+            browser_name=_preferred_browser(),
             **kwargs))
         telemetry_context.update_telemetry(response)
         return response
