Merge 224474 "Fix OAuth "trampoline" content script to send a me..."

> Fix OAuth "trampoline" content script to send a message with the oauth > results rather than using a redirect into the extension. > BUG=291207 > Review URL: https://chromiumcodereview.appspot.com/23891005 Review URL: https://codereview.chromium.org/25338002 git-svn-id: svn://svn.chromium.org/chrome/branches/1599/src@226030 0039d316-1c4b-4281-b951-d872f2087c98
author: rmsousa@chromium.org <rmsousa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-09-30 19:51:45 +0000
committer: rmsousa@chromium.org <rmsousa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-09-30 19:51:45 +0000
commit: 881ad1d6d4a1c4410be6b0e0d0537f6c28dbeed6 (patch)
tree: 12f7f07c8fd630982d4139a8d717a116fe366224
parent: 50153f6528cf4d1b10fe5640f9bdf4b973e097b9 (diff)
download: chromium_src-881ad1d6d4a1c4410be6b0e0d0537f6c28dbeed6.zip
chromium_src-881ad1d6d4a1c4410be6b0e0d0537f6c28dbeed6.tar.gz
chromium_src-881ad1d6d4a1c4410be6b0e0d0537f6c28dbeed6.tar.bz2
7 files changed, 43 insertions, 62 deletions
diff --git a/remoting/remoting.gyp b/remoting/remoting.gyp
index f81cfd3..e70f5f1 100644
--- a/remoting/remoting.gyp
+++ b/remoting/remoting.gyp
@@ -134,7 +134,6 @@
       'webapp/main.html',
       'webapp/manifest.json',
       'webapp/menu_button.css',
-      'webapp/oauth2_callback.html',
       'webapp/open_sans.css',
       'webapp/open_sans.woff',
       'webapp/scale-to-fit.webp',
@@ -172,7 +171,6 @@
       'webapp/menu_button.js',
       'webapp/oauth2.js',
       'webapp/oauth2_api.js',
-      'webapp/oauth2_callback.js',
       'webapp/paired_client_manager.js',
       'webapp/plugin_settings.js',
       'webapp/remoting.js',
diff --git a/remoting/webapp/all_js_load.gtestjs b/remoting/webapp/all_js_load.gtestjs
index 8c2c67b..c00cc0b 100644
--- a/remoting/webapp/all_js_load.gtestjs
+++ b/remoting/webapp/all_js_load.gtestjs
@@ -50,7 +50,6 @@ AllJsLoadTest.prototype = {
     'log_to_server.js',
     'menu_button.js',
     'oauth2_api.js',
-    'oauth2_callback.js',
     'oauth2.js',
     'paired_client_manager.js',
     'plugin_settings.js',
diff --git a/remoting/webapp/cs_oauth2_trampoline.js b/remoting/webapp/cs_oauth2_trampoline.js
index efe3fa4..0cf2327 100644
--- a/remoting/webapp/cs_oauth2_trampoline.js
+++ b/remoting/webapp/cs_oauth2_trampoline.js
@@ -13,6 +13,14 @@ var unofficialPath = '/talkgadget/oauth/chrome-remote-desktop/dev';
 
 if (window.location.pathname == officialPath ||
     window.location.pathname == unofficialPath) {
-  window.location.replace(
-      chrome.extension.getURL('oauth2_callback.html') + window.location.search);
+  var query = window.location.search.substring(1);
+  var parts = query.split('&');
+  var queryArgs = {};
+  for (var i = 0; i < parts.length; i++) {
+    var pair = parts[i].split('=');
+    queryArgs[decodeURIComponent(pair[0])] = decodeURIComponent(pair[1]);
+  }
+
+  chrome.extension.sendMessage(queryArgs);
+  window.close();
 }
diff --git a/remoting/webapp/jscompiler_hacks.js b/remoting/webapp/jscompiler_hacks.js
index ad4d755..8f1ce32 100644
--- a/remoting/webapp/jscompiler_hacks.js
+++ b/remoting/webapp/jscompiler_hacks.js
@@ -204,7 +204,9 @@ chrome.Window = function() {
   this.type = '';
 };
 
-/** @param {string} message*/
+/**
+ * @param {*} message
+ */
 chrome.extension.sendMessage = function(message) {}
 
 /** @type {chrome.Event} */
diff --git a/remoting/webapp/oauth2.js b/remoting/webapp/oauth2.js
index 6cc4b93..ce0da2d 100644
--- a/remoting/webapp/oauth2.js
+++ b/remoting/webapp/oauth2.js
@@ -267,6 +267,8 @@ remoting.OAuth2.prototype.onTokens_ =
  * @return {void} Nothing.
  */
 remoting.OAuth2.prototype.doAuthRedirect = function() {
+  /** @type {remoting.OAuth2} */
+  var that = this;
   var xsrf_token = remoting.generateXsrfToken();
   window.localStorage.setItem(this.KEY_XSRF_TOKEN_, xsrf_token);
   var GET_CODE_URL = this.getOAuth2AuthEndpoint_() + '?' +
@@ -279,7 +281,34 @@ remoting.OAuth2.prototype.doAuthRedirect = function() {
           'access_type': 'offline',
           'approval_prompt': 'force'
         });
-  window.location.replace(GET_CODE_URL);
+
+  /**
+   * Processes the results of the oauth flow.
+   *
+   * @param {Object.<string, string>} message Dictionary containing the parsed
+   *   OAuth redirect URL parameters.
+   */
+  function oauth2MessageListener(message) {
+    if ('code' in message && 'state' in message) {
+      var onDone = function() {
+        window.location.reload();
+      };
+      that.exchangeCodeForToken(
+          message['code'], message['state'], onDone);
+    } else {
+      if ('error' in message) {
+        console.error(
+            'Could not obtain authorization code: ' + message['error']);
+      } else {
+        // We intentionally don't log the response - since we don't understand
+        // it, we can't tell if it has sensitive data.
+        console.error('Invalid oauth2 response.');
+      }
+    }
+    chrome.extension.onMessage.removeListener(oauth2MessageListener);
+  }
+  chrome.extension.onMessage.addListener(oauth2MessageListener);
+  window.open(GET_CODE_URL, '_blank', 'location=yes,toolbar=no,menubar=no');
 };
 
 /**
diff --git a/remoting/webapp/oauth2_callback.html b/remoting/webapp/oauth2_callback.html
deleted file mode 100644
index 764c7b6..0000000
--- a/remoting/webapp/oauth2_callback.html
+++ /dev/null
@@ -1,16 +0,0 @@
-<!doctype html>
-<!--
-Copyright (c) 2011 The Chromium Authors. All rights reserved.
-Use of this source code is governed by a BSD-style license that can be
-found in the LICENSE file.
--->
-
-<html>
-  <head>
-    <script src="oauth2.js"></script>
-    <script src="oauth2_api.js"></script>
-    <script src="plugin_settings.js"></script>
-    <script src="xhr.js"></script>
-    <script src="oauth2_callback.js"></script>
-  </head>
-</html>
diff --git a/remoting/webapp/oauth2_callback.js b/remoting/webapp/oauth2_callback.js
deleted file mode 100644
index 3517935..0000000
--- a/remoting/webapp/oauth2_callback.js
+++ /dev/null
@@ -1,39 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-/**
- * @fileoverview
- * OAuth2 class that handles retrieval/storage of an OAuth2 token.
- *
- * Uses a content script to trampoline the OAuth redirect page back into the
- * extension context.  This works around the lack of native support for
- * chrome-extensions in OAuth2.
- */
-
-'use strict';
-
-var remoting = remoting || {};
-
-function retrieveRefreshToken() {
-  var query = window.location.search.substring(1);
-  var parts = query.split('&');
-  var queryArgs = {};
-  for (var i = 0; i < parts.length; i++) {
-    var pair = parts[i].split('=');
-    queryArgs[pair[0]] = pair[1];
-  }
-
-  if ('code' in queryArgs && 'state' in queryArgs) {
-    remoting.settings = new remoting.Settings();
-    var oauth2 = new remoting.OAuth2();
-    oauth2.exchangeCodeForToken(queryArgs['code'], queryArgs['state'],
-      function() {
-        window.location.replace(chrome.extension.getURL('main.html'));
-      });
-  } else {
-    window.location.replace(chrome.extension.getURL('main.html'));
-  }
-}
-
-window.addEventListener('load', retrieveRefreshToken, false);
author	rmsousa@chromium.org <rmsousa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-09-30 19:51:45 +0000
committer	rmsousa@chromium.org <rmsousa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-09-30 19:51:45 +0000
commit	881ad1d6d4a1c4410be6b0e0d0537f6c28dbeed6 (patch)
tree	12f7f07c8fd630982d4139a8d717a116fe366224
parent	50153f6528cf4d1b10fe5640f9bdf4b973e097b9 (diff)
download	chromium_src-881ad1d6d4a1c4410be6b0e0d0537f6c28dbeed6.zip chromium_src-881ad1d6d4a1c4410be6b0e0d0537f6c28dbeed6.tar.gz chromium_src-881ad1d6d4a1c4410be6b0e0d0537f6c28dbeed6.tar.bz2