diff options
| author | bartfab@chromium.org <bartfab@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-01-17 19:35:29 +0000 |
|---|---|---|
| committer | bartfab@chromium.org <bartfab@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-01-17 19:35:29 +0000 |
| commit | 2f18ff3db768d73b0f652de1cb763050d1eee233 (patch) | |
| tree | a6c9af0bdc1047da4ab46265f917721dda2b4684 /google_apis/gaia | |
| parent | 7c456e1fec5d136a7af6eb53412bf974f6283035 (diff) | |
| download | chromium_src-2f18ff3db768d73b0f652de1cb763050d1eee233.zip chromium_src-2f18ff3db768d73b0f652de1cb763050d1eee233.tar.gz chromium_src-2f18ff3db768d73b0f652de1cb763050d1eee233.tar.bz2 | |
Switch GAIA e-mail address retrieval from /GetUserInfo to /ListAccounts
Previously, the Chrome OS SAML login flow was passing the LSID obtained
via /ServiceLogin to /GetUserInfo in order to retrieve the authenticated
user's e-mail address. It turns out that this is wrong because
/ServiceLogin yields a browser LSID and /GetUserInfo expects a
programmatic LSID. In many cases, the two LSID flavors are identical and
the existing code worked. But under some conditions, the browser LSID
could be different, causing /GetUserInfo to fail.
This CL switches to /ListAccounts instead, which handles browser LSIDs.
An additional advantage of /ListAccounts is that it will read the LSID
from cookies, removing the need to extract the LSID from the cookie jar
explicitly.
I could have further simplified the code by doing an XHR to /ListAccounts
from the JS code of the auth extension, avoiding the JS -> C++ -> JS round
trip. However, this would have been a CORS request, requiring the GAIA
URL to be hard-coded in the auth extension's manifest. The implementation
in this CL, which makes the /ListAccounts call from C++, is more flexible
as it preserves the ability to change the GAIA URL via a command-line
flag.
BUG=332132
TEST=Updated browser test and manual
Review URL: https://codereview.chromium.org/134483008
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@245585 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'google_apis/gaia')
| -rw-r--r-- | google_apis/gaia/fake_gaia.cc | 22 | ||||
| -rw-r--r-- | google_apis/gaia/fake_gaia.h | 6 |
2 files changed, 10 insertions, 18 deletions
diff --git a/google_apis/gaia/fake_gaia.cc b/google_apis/gaia/fake_gaia.cc index 5ddd8f0..3eec9a8 100644 --- a/google_apis/gaia/fake_gaia.cc +++ b/google_apis/gaia/fake_gaia.cc @@ -47,6 +47,9 @@ const base::FilePath::CharType kServiceLogin[] = const char kAuthHeaderBearer[] = "Bearer "; const char kAuthHeaderOAuth[] = "OAuth "; +const char kListAccountsResponseFormat[] = + "[\"gaia.l.a.r\",[[\"gaia.l.a\",1,\"\",\"%s\",\"\",1,1,0]]]"; + typedef std::map<std::string, std::string> CookieMap; // Parses cookie name-value map our of |request|. @@ -169,9 +172,9 @@ void FakeGaia::Initialize() { REGISTER_RESPONSE_HANDLER( gaia_urls->oauth2_issue_token_url(), HandleIssueToken); - // Handles /GetUserInfo GAIA call. + // Handles /ListAccounts GAIA call. REGISTER_RESPONSE_HANDLER( - gaia_urls->get_user_info_url(), HandleGetUserInfo); + gaia_urls->list_accounts_url(), HandleListAccounts); } scoped_ptr<HttpResponse> FakeGaia::HandleRequest(const HttpRequest& request) { @@ -519,20 +522,9 @@ void FakeGaia::HandleIssueToken(const HttpRequest& request, } } -void FakeGaia::HandleGetUserInfo(const HttpRequest& request, +void FakeGaia::HandleListAccounts(const HttpRequest& request, BasicHttpResponse* http_response) { - std::string lsid; - if (!GetQueryParameter(request.content, "LSID", &lsid)) { - http_response->set_code(net::HTTP_BAD_REQUEST); - LOG(ERROR) << "/GetUserInfo missing LSID"; - return; - } - if (lsid != merge_session_params_.auth_lsid_cookie) { - http_response->set_code(net::HTTP_BAD_REQUEST); - LOG(ERROR) << "/GetUserInfo contains unknown LSID"; - return; - } http_response->set_content(base::StringPrintf( - "email=%s", merge_session_params_.email.c_str())); + kListAccountsResponseFormat, merge_session_params_.email.c_str())); http_response->set_code(net::HTTP_OK); } diff --git a/google_apis/gaia/fake_gaia.h b/google_apis/gaia/fake_gaia.h index 1f5fbe1..ef49cd6 100644 --- a/google_apis/gaia/fake_gaia.h +++ b/google_apis/gaia/fake_gaia.h @@ -72,7 +72,7 @@ class FakeGaia { std::string session_sid_cookie; std::string session_lsid_cookie; - // The e-mail address returned by /GetUserInfo. + // The e-mail address returned by /ListAccounts. std::string email; }; @@ -148,8 +148,8 @@ class FakeGaia { net::test_server::BasicHttpResponse* http_response); void HandleIssueToken(const net::test_server::HttpRequest& request, net::test_server::BasicHttpResponse* http_response); - void HandleGetUserInfo(const net::test_server::HttpRequest& request, - net::test_server::BasicHttpResponse* http_response); + void HandleListAccounts(const net::test_server::HttpRequest& request, + net::test_server::BasicHttpResponse* http_response); // Returns the access token associated with |auth_token| that matches the // given |client_id| and |scope_string|. If |scope_string| is empty, the first |