Fix OAuth "trampoline" content script to send a message with the oauth results rather than using a redirect into the extension.

BUG=291207

Review URL: https://chromiumcodereview.appspot.com/23891005

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@224474 0039d316-1c4b-4281-b951-d872f2087c98

6 files changed, 44 insertions, 83 deletions

diff --git a/remoting/remoting.gyp b/remoting/remoting.gyp
index a8bda51..092fbb6 100644
--- a/remoting/remoting.gyp
+++ b/remoting/remoting.gyp
@@ -135,7 +135,6 @@
       'webapp/main.html',
       'webapp/manifest.json',
       'webapp/menu_button.css',
-      'webapp/oauth2_callback.html',
       'webapp/open_sans.css',
       'webapp/open_sans.woff',
       'webapp/scale-to-fit.webp',
@@ -173,7 +172,6 @@
       'webapp/menu_button.js',
       'webapp/oauth2.js',
       'webapp/oauth2_api.js',
-      'webapp/oauth2_callback.js',
       'webapp/paired_client_manager.js',
       'webapp/plugin_settings.js',
       'webapp/remoting.js',
diff --git a/remoting/webapp/cs_oauth2_trampoline.js b/remoting/webapp/cs_oauth2_trampoline.js
index efe3fa4..0cf2327 100644
--- a/remoting/webapp/cs_oauth2_trampoline.js
+++ b/remoting/webapp/cs_oauth2_trampoline.js
@@ -13,6 +13,14 @@ var unofficialPath = '/talkgadget/oauth/chrome-remote-desktop/dev';
 
 if (window.location.pathname == officialPath ||
     window.location.pathname == unofficialPath) {
-  window.location.replace(
-      chrome.extension.getURL('oauth2_callback.html') + window.location.search);
+  var query = window.location.search.substring(1);
+  var parts = query.split('&');
+  var queryArgs = {};
+  for (var i = 0; i < parts.length; i++) {
+    var pair = parts[i].split('=');
+    queryArgs[decodeURIComponent(pair[0])] = decodeURIComponent(pair[1]);
+  }
+
+  chrome.extension.sendMessage(queryArgs);
+  window.close();
 }
diff --git a/remoting/webapp/jscompiler_hacks.js b/remoting/webapp/jscompiler_hacks.js
index 57c9419..94c3ba1 100644
--- a/remoting/webapp/jscompiler_hacks.js
+++ b/remoting/webapp/jscompiler_hacks.js
@@ -127,28 +127,7 @@ chrome.app.window = {
  */
 chrome.contextMenus = {
   /** @type {chrome.Event} */
-  onClicked: null,
-  /**
-   * @param {!Object} createProperties
-   * @param {function()=} opt_callback
-   * @return {string|number}
-   */
-  create: function(createProperties, opt_callback) {},
-  /**
-   * @param {string|number} menuItemId
-   * @param {function()=} opt_callback
-   */
-  remove: function(menuItemId, opt_callback) {},
-  /**
-   * @param {function()=} opt_callback
-   */
-  removeAll: function(opt_callback) {},
-  /**
-   * @param {string|number} id
-   * @param {!Object} updateProperties
-   * @param {function()=} opt_callback
-   */
-  update: function(id, updateProperties, opt_callback) {}
+  onClicked: null
 };
 
 /** @type {Object} */
@@ -234,7 +213,9 @@ chrome.Window = function() {
   this.type = '';
 };
 
-/** @param {string} message*/
+/**
+ * @param {*} message
+ */
 chrome.extension.sendMessage = function(message) {}
 
 /** @type {chrome.Event} */
diff --git a/remoting/webapp/oauth2.js b/remoting/webapp/oauth2.js
index 6cc4b93..ce0da2d 100644
--- a/remoting/webapp/oauth2.js
+++ b/remoting/webapp/oauth2.js
@@ -267,6 +267,8 @@ remoting.OAuth2.prototype.onTokens_ =
  * @return {void} Nothing.
  */
 remoting.OAuth2.prototype.doAuthRedirect = function() {
+  /** @type {remoting.OAuth2} */
+  var that = this;
   var xsrf_token = remoting.generateXsrfToken();
   window.localStorage.setItem(this.KEY_XSRF_TOKEN_, xsrf_token);
   var GET_CODE_URL = this.getOAuth2AuthEndpoint_() + '?' +
@@ -279,7 +281,34 @@ remoting.OAuth2.prototype.doAuthRedirect = function() {
           'access_type': 'offline',
           'approval_prompt': 'force'
         });
-  window.location.replace(GET_CODE_URL);
+
+  /**
+   * Processes the results of the oauth flow.
+   *
+   * @param {Object.<string, string>} message Dictionary containing the parsed
+   *   OAuth redirect URL parameters.
+   */
+  function oauth2MessageListener(message) {
+    if ('code' in message && 'state' in message) {
+      var onDone = function() {
+        window.location.reload();
+      };
+      that.exchangeCodeForToken(
+          message['code'], message['state'], onDone);
+    } else {
+      if ('error' in message) {
+        console.error(
+            'Could not obtain authorization code: ' + message['error']);
+      } else {
+        // We intentionally don't log the response - since we don't understand
+        // it, we can't tell if it has sensitive data.
+        console.error('Invalid oauth2 response.');
+      }
+    }
+    chrome.extension.onMessage.removeListener(oauth2MessageListener);
+  }
+  chrome.extension.onMessage.addListener(oauth2MessageListener);
+  window.open(GET_CODE_URL, '_blank', 'location=yes,toolbar=no,menubar=no');
 };
 
 /**
diff --git a/remoting/webapp/oauth2_callback.html b/remoting/webapp/oauth2_callback.html
deleted file mode 100644
index 764c7b6..0000000
--- a/remoting/webapp/oauth2_callback.html
+++ /dev/null
@@ -1,16 +0,0 @@
-<!doctype html>
-<!--
-Copyright (c) 2011 The Chromium Authors. All rights reserved.
-Use of this source code is governed by a BSD-style license that can be
-found in the LICENSE file.
--->
-
-<html>
-  <head>
-    <script src="oauth2.js"></script>
-    <script src="oauth2_api.js"></script>
-    <script src="plugin_settings.js"></script>
-    <script src="xhr.js"></script>
-    <script src="oauth2_callback.js"></script>
-  </head>
-</html>
diff --git a/remoting/webapp/oauth2_callback.js b/remoting/webapp/oauth2_callback.js
deleted file mode 100644
index 3517935..0000000
--- a/remoting/webapp/oauth2_callback.js
+++ /dev/null
@@ -1,39 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-/**
- * @fileoverview
- * OAuth2 class that handles retrieval/storage of an OAuth2 token.
- *
- * Uses a content script to trampoline the OAuth redirect page back into the
- * extension context.  This works around the lack of native support for
- * chrome-extensions in OAuth2.
- */
-
-'use strict';
-
-var remoting = remoting || {};
-
-function retrieveRefreshToken() {
-  var query = window.location.search.substring(1);
-  var parts = query.split('&');
-  var queryArgs = {};
-  for (var i = 0; i < parts.length; i++) {
-    var pair = parts[i].split('=');
-    queryArgs[pair[0]] = pair[1];
-  }
-
-  if ('code' in queryArgs && 'state' in queryArgs) {
-    remoting.settings = new remoting.Settings();
-    var oauth2 = new remoting.OAuth2();
-    oauth2.exchangeCodeForToken(queryArgs['code'], queryArgs['state'],
-      function() {
-        window.location.replace(chrome.extension.getURL('main.html'));
-      });
-  } else {
-    window.location.replace(chrome.extension.getURL('main.html'));
-  }
-}
-
-window.addEventListener('load', retrieveRefreshToken, false);