Chrome OS Gaia: Use auth_code cookie which is set by MinuteMaid to get OAuth2 Refresh Token

This cookie is also used for detection finish of the flow BUG=459651 Review URL: https://codereview.chromium.org/948153004 Cr-Commit-Position: refs/heads/master@{#317841}
author: rsorokin <rsorokin@chromium.org> 2015-02-24 10:47:48 -0800
committer: Commit bot <commit-bot@chromium.org> 2015-02-24 18:48:57 +0000
commit: 03af37f8f1a479f319a02d4264b5541b027d842d (patch)
tree: a997a08fc04d91af0c0e531460429e0102084494
parent: e94a02f1bcbf2daaf9807ad11ebd67296cc88e7b (diff)
download: chromium_src-03af37f8f1a479f319a02d4264b5541b027d842d.zip
chromium_src-03af37f8f1a479f319a02d4264b5541b027d842d.tar.gz
chromium_src-03af37f8f1a479f319a02d4264b5541b027d842d.tar.bz2
3 files changed, 31 insertions, 13 deletions
diff --git a/chrome/browser/resources/chromeos/login/screen_gaia_signin.js b/chrome/browser/resources/chromeos/login/screen_gaia_signin.js
index 9aed933..db74e5d 100644
--- a/chrome/browser/resources/chromeos/login/screen_gaia_signin.js
+++ b/chrome/browser/resources/chromeos/login/screen_gaia_signin.js
@@ -318,6 +318,7 @@ login.createScreen('GaiaSigninScreen', 'gaia-signin', function() {
         if (data.enterpriseDomain)
           params.enterpriseDomain = data.enterpriseDomain;
         data.useEmbedded = false;
+        params.isMinuteMaidChromeOS = true;
         $('login-header-bar').showGuestButton = true;
       }
 
diff --git a/chrome/browser/resources/gaia_auth_host/authenticator.js b/chrome/browser/resources/gaia_auth_host/authenticator.js
index a7f3ddd..680ec62 100644
--- a/chrome/browser/resources/gaia_auth_host/authenticator.js
+++ b/chrome/browser/resources/gaia_auth_host/authenticator.js
@@ -23,6 +23,8 @@ cr.define('cr.login', function() {
   var EMBEDDED_FORM_HEADER = 'google-accounts-embedded';
   var SAML_HEADER = 'google-accounts-saml';
   var LOCATION_HEADER = 'location';
+  var SET_COOKIE_HEADER = 'set-cookie';
+  var OAUTH_CODE_COOKIE = 'oauth_code';
   var SERVICE_ID = 'chromeoslogin';
 
   /**
@@ -63,7 +65,8 @@ cr.define('cr.login', function() {
     'service',       // Name of Gaia service;
     'continueUrl',   // Continue url to use;
     'frameUrl',      // Initial frame URL to use. If empty defaults to gaiaUrl.
-    'constrained'    // Whether the extension is loaded in a constrained window;
+    'constrained',   // Whether the extension is loaded in a constrained window;
+    'clientId'       // Chrome client id;
   ];
 
   /**
@@ -90,6 +93,7 @@ cr.define('cr.login', function() {
     this.initialFrameUrl_ = null;
     this.reloadUrl_ = null;
     this.trusted_ = true;
+    this.oauth_code_ = null;
 
     this.webview_.addEventListener('droplink', this.onDropLink_.bind(this));
     this.webview_.addEventListener(
@@ -106,7 +110,7 @@ cr.define('cr.login', function() {
         ['responseHeaders']);
     this.webview_.request.onHeadersReceived.addListener(
         this.onHeadersReceived_.bind(this),
-        {urls: ['<all_urls>'], types: ['main_frame']},
+        {urls: ['<all_urls>'], types: ['main_frame', 'xmlhttprequest']},
         ['responseHeaders']);
     window.addEventListener(
         'message', this.onMessageFromWebview_.bind(this), false);
@@ -132,6 +136,7 @@ cr.define('cr.login', function() {
         this.continueUrl_.substring(0, this.continueUrl_.indexOf('?')) ||
         this.continueUrl_;
     this.isConstrainedWindow_ = data.constrained == '1';
+    this.isMinuteMaidChromeOS = data.isMinuteMaidChromeOS;
 
     this.initialFrameUrl_ = this.constructInitialFrameUrl_(data);
     this.reloadUrl_ = data.frameUrl || this.initialFrameUrl_;
@@ -161,10 +166,15 @@ cr.define('cr.login', function() {
   Authenticator.prototype.constructInitialFrameUrl_ = function(data) {
     var url = this.idpOrigin_ + (data.gaiaPath || IDP_PATH);
 
-    if (data.enterpriseDomain)
-      url = appendParam(url, 'managedomain', data.enterpriseDomain);
-    url = appendParam(url, 'continue', this.continueUrl_);
-    url = appendParam(url, 'service', data.service || SERVICE_ID);
+    if (this.isMinuteMaidChromeOS) {
+      if (data.clientId)
+        url = appendParam(url, 'client_id', data.clientId);
+      if (data.enterpriseDomain)
+        url = appendParam(url, 'managedomain', data.enterpriseDomain);
+    } else {
+      url = appendParam(url, 'continue', this.continueUrl_);
+      url = appendParam(url, 'service', data.service || SERVICE_ID);
+    }
     if (data.hl)
       url = appendParam(url, 'hl', data.hl);
     if (data.email)
@@ -290,6 +300,12 @@ cr.define('cr.login', function() {
         // URL will contain a source=3 field.
         var location = decodeURIComponent(header.value);
         this.chooseWhatToSync_ = !!location.match(/(\?|&)source=3($|&)/);
+      } else if (this.isMinuteMaidChromeOS && headerName == SET_COOKIE_HEADER) {
+        var headerValue = header.value;
+        if (headerValue.indexOf(OAUTH_CODE_COOKIE + '=', 0) == 0) {
+          this.oauth_code_ =
+              headerValue.substring(OAUTH_CODE_COOKIE.length + 1).split(';')[0];
+        }
       }
     }
   };
@@ -329,6 +345,7 @@ cr.define('cr.login', function() {
                         {detail: {email: this.email_ || '',
                                   gaiaId: this.gaiaId_ || '',
                                   password: this.password_ || '',
+                                  authCode: this.oauth_code_,
                                   usingSAML: this.authFlow_ == AuthFlow.SAML,
                                   chooseWhatToSync: this.chooseWhatToSync_,
                                   skipForNow: this.skipForNow_,
@@ -384,11 +401,8 @@ cr.define('cr.login', function() {
    * @private
    */
   Authenticator.prototype.onLoadCommit_ = function(e) {
-    var currentUrl = e.url;
-
-    // TODO(rsorokin): temporary solution. Need to wait for oauth_code in
-    // headers.
-    if (currentUrl.indexOf('#close', 0) != -1) {
+    // TODO(rsorokin): Investigate whether this breaks SAML.
+    if (this.oauth_code_) {
       this.skipForNow_ = true;
       this.onAuthCompleted_();
     }
diff --git a/chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc b/chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc
index b8bc382..c0dfa04 100644
--- a/chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc
+++ b/chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc
@@ -231,6 +231,8 @@ void GaiaScreenHandler::LoadGaia(const GaiaContext& context) {
     std::string enterprise_domain(connector->GetEnterpriseDomain());
     if (!enterprise_domain.empty())
       params.SetString("enterpriseDomain", enterprise_domain);
+    params.SetString("clientId",
+                     GaiaUrls::GetInstance()->oauth2_chrome_client_id());
     if (!command_line->HasSwitch(switches::kGaiaEndpointChromeOS)) {
       command_line->AppendSwitchASCII(switches::kGaiaEndpointChromeOS,
                                       kMinuteMaidPath);
@@ -381,8 +383,9 @@ void GaiaScreenHandler::HandleCompleteAuthentication(
 
   DCHECK(!email.empty());
   DCHECK(!gaia_id.empty());
-  Delegate()->SetDisplayEmail(gaia::SanitizeEmail(email));
-  UserContext user_context(email);
+  const std::string sanitized_email = gaia::SanitizeEmail(email);
+  Delegate()->SetDisplayEmail(sanitized_email);
+  UserContext user_context(sanitized_email);
   user_context.SetGaiaID(gaia_id);
   user_context.SetKey(Key(password));
   user_context.SetAuthCode(auth_code);
author	rsorokin <rsorokin@chromium.org>	2015-02-24 10:47:48 -0800
committer	Commit bot <commit-bot@chromium.org>	2015-02-24 18:48:57 +0000
commit	03af37f8f1a479f319a02d4264b5541b027d842d (patch)
tree	a997a08fc04d91af0c0e531460429e0102084494
parent	e94a02f1bcbf2daaf9807ad11ebd67296cc88e7b (diff)
download	chromium_src-03af37f8f1a479f319a02d4264b5541b027d842d.zip chromium_src-03af37f8f1a479f319a02d4264b5541b027d842d.tar.gz chromium_src-03af37f8f1a479f319a02d4264b5541b027d842d.tar.bz2