Use GET for requests to o/oauth2/programmatic_auth

Per input from server-side engineers, we should make requests to
o/oauth2/programmatic_auth using the HTTP GET method. While at it,
remove StartLsoForOAuthLoginTokenExchange as it is no longer used.

BUG=chromium:493877, chromium:493249
TEST=Various flavors of signing in to Chrome still work.

Review URL: https://codereview.chromium.org/1183413002

Cr-Commit-Position: refs/heads/master@{#334790}

4 files changed, 33 insertions, 81 deletions

diff --git a/google_apis/gaia/fake_gaia.cc b/google_apis/gaia/fake_gaia.cc
index 1b5d408..bbf5216 100644
--- a/google_apis/gaia/fake_gaia.cc
+++ b/google_apis/gaia/fake_gaia.cc
@@ -387,9 +387,12 @@ void FakeGaia::HandleProgramaticAuth(
     return;
   }
 
+  GURL request_url = GURL("http://localhost").Resolve(request.relative_url);
+  std::string request_query = request_url.query();
+
   GaiaUrls* gaia_urls = GaiaUrls::GetInstance();
   std::string scope;
-  if (!GetQueryParameter(request.content, "scope", &scope) ||
+  if (!GetQueryParameter(request_query, "scope", &scope) ||
       GaiaConstants::kOAuth1LoginScope != scope) {
     return;
   }
@@ -409,7 +412,7 @@ void FakeGaia::HandleProgramaticAuth(
   }
 
   std::string client_id;
-  if (!GetQueryParameter(request.content, "client_id", &client_id) ||
+  if (!GetQueryParameter(request_query, "client_id", &client_id) ||
       gaia_urls->oauth2_chrome_client_id() != client_id) {
     return;
   }
diff --git a/google_apis/gaia/gaia_auth_fetcher.cc b/google_apis/gaia/gaia_auth_fetcher.cc
index 0ae6912..9175bd2 100644
--- a/google_apis/gaia/gaia_auth_fetcher.cc
+++ b/google_apis/gaia/gaia_auth_fetcher.cc
@@ -102,11 +102,8 @@ const char GaiaAuthFetcher::kIssueAuthTokenFormat[] =
     "service=%s&"
     "Session=%s";
 // static
-const char GaiaAuthFetcher::kClientLoginToOAuth2BodyFormat[] =
-    "scope=%s&client_id=%s";
-// static
-const char GaiaAuthFetcher::kClientLoginToOAuth2WithDeviceTypeBodyFormat[] =
-    "scope=%s&client_id=%s&device_type=chrome";
+const char GaiaAuthFetcher::kClientLoginToOAuth2URLFormat[] =
+    "?scope=%s&client_id=%s";
 // static
 const char GaiaAuthFetcher::kOAuth2CodeToTokenPairBodyFormat[] =
     "scope=%s&"
@@ -330,23 +327,6 @@ std::string GaiaAuthFetcher::MakeIssueAuthTokenBody(
 }
 
 // static
-std::string GaiaAuthFetcher::MakeGetAuthCodeBody(bool include_device_type) {
-  std::string encoded_scope = net::EscapeUrlEncodedData(
-      GaiaConstants::kOAuth1LoginScope, true);
-  std::string encoded_client_id = net::EscapeUrlEncodedData(
-      GaiaUrls::GetInstance()->oauth2_chrome_client_id(), true);
-  if (include_device_type) {
-    return base::StringPrintf(kClientLoginToOAuth2WithDeviceTypeBodyFormat,
-                              encoded_scope.c_str(),
-                              encoded_client_id.c_str());
-  } else {
-    return base::StringPrintf(kClientLoginToOAuth2BodyFormat,
-                              encoded_scope.c_str(),
-                              encoded_client_id.c_str());
-  }
-}
-
-// static
 std::string GaiaAuthFetcher::MakeGetTokenPairBody(
     const std::string& auth_code,
     const std::string& device_id) {
@@ -620,20 +600,6 @@ void GaiaAuthFetcher::StartIssueAuthToken(const std::string& sid,
                             issue_auth_token_gurl_, kLoadFlagsIgnoreCookies);
 }
 
-void GaiaAuthFetcher::StartLsoForOAuthLoginTokenExchange(
-    const std::string& auth_token) {
-  DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
-
-  DVLOG(1) << "Starting OAuth login token exchange with auth_token";
-  request_body_ = MakeGetAuthCodeBody(false);
-  client_login_to_oauth2_gurl_ =
-      GaiaUrls::GetInstance()->client_login_to_oauth2_url();
-
-  CreateAndStartGaiaFetcher(request_body_, MakeGetAuthCodeHeader(auth_token),
-                            client_login_to_oauth2_gurl_,
-                            kLoadFlagsIgnoreCookies);
-}
-
 void GaiaAuthFetcher::StartRevokeOAuth2Token(const std::string& auth_token) {
   DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
 
@@ -655,14 +621,18 @@ void GaiaAuthFetcher::StartCookieForOAuthLoginTokenExchangeWithDeviceId(
   DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
 
   DVLOG(1) << "Starting OAuth login token fetch with cookie jar";
-  request_body_ = MakeGetAuthCodeBody(!device_id.empty());
 
-  client_login_to_oauth2_gurl_ =
-      GaiaUrls::GetInstance()->client_login_to_oauth2_url();
-  if (!session_index.empty()) {
-    client_login_to_oauth2_gurl_ =
-        client_login_to_oauth2_gurl_.Resolve("?authuser=" + session_index);
-  }
+  std::string encoded_scope = net::EscapeUrlEncodedData(
+      GaiaConstants::kOAuth1LoginScope, true);
+  std::string encoded_client_id = net::EscapeUrlEncodedData(
+      GaiaUrls::GetInstance()->oauth2_chrome_client_id(), true);
+  std::string query_string =
+      base::StringPrintf(kClientLoginToOAuth2URLFormat, encoded_scope.c_str(),
+                         encoded_client_id.c_str());
+  if (!device_id.empty())
+    query_string += "&device_type=chrome";
+  if (!session_index.empty())
+    query_string += "&authuser=" + session_index;
 
   std::string device_id_header;
   if (!device_id.empty()) {
@@ -670,8 +640,9 @@ void GaiaAuthFetcher::StartCookieForOAuthLoginTokenExchangeWithDeviceId(
         base::StringPrintf(kDeviceIdHeaderFormat, device_id.c_str());
   }
 
-  CreateAndStartGaiaFetcher(request_body_, device_id_header,
-                            client_login_to_oauth2_gurl_, net::LOAD_NORMAL);
+  CreateAndStartGaiaFetcher(std::string(), device_id_header,
+                            client_login_to_oauth2_gurl_.Resolve(query_string),
+                            net::LOAD_NORMAL);
 }
 
 void GaiaAuthFetcher::StartAuthCodeForOAuth2TokenExchange(
@@ -1080,7 +1051,8 @@ void GaiaAuthFetcher::DispatchFetchedRequest(
     OnClientLoginFetched(data, status, response_code);
   } else if (url == issue_auth_token_gurl_) {
     OnIssueAuthTokenFetched(data, status, response_code);
-  } else if (url == client_login_to_oauth2_gurl_) {
+  } else if (base::StartsWithASCII(url.spec(),
+                                   client_login_to_oauth2_gurl_.spec(), true)) {
     OnClientLoginToOAuth2Fetched(data, cookies, status, response_code);
   } else if (url == oauth2_token_gurl_) {
     OnOAuth2TokenPairFetched(data, status, response_code);
diff --git a/google_apis/gaia/gaia_auth_fetcher.h b/google_apis/gaia/gaia_auth_fetcher.h
index 163db74..4a9838f 100644
--- a/google_apis/gaia/gaia_auth_fetcher.h
+++ b/google_apis/gaia/gaia_auth_fetcher.h
@@ -97,13 +97,6 @@ class GaiaAuthFetcher : public net::URLFetcherDelegate {
   void StartIssueAuthTokenForOAuth2(const std::string& oauth2_access_token,
                                     const char* const service);
 
-  // Start a request to exchange an "lso" service token given by |auth_token|
-  // for an OAuthLogin-scoped oauth2 token.
-  //
-  // Either OnClientOAuthSuccess or OnClientOAuthFailure will be
-  // called on the consumer on the original thread.
-  void StartLsoForOAuthLoginTokenExchange(const std::string& auth_token);
-
   // Start a request to revoke |auth_token|.
   //
   // OnOAuth2RevokeTokenCompleted will be called on the consumer on the original
@@ -269,11 +262,8 @@ class GaiaAuthFetcher : public net::URLFetcherDelegate {
   static const char kClientLoginCaptchaFormat[];
   // The format of the POST body for IssueAuthToken.
   static const char kIssueAuthTokenFormat[];
-  // The format of the POST body to get OAuth2 auth code from auth token.
-  static const char kClientLoginToOAuth2BodyFormat[];
-  // The format of the POST body to get OAuth2 auth code from auth token. This
-  // format is used for request annotated with device_id.
-  static const char kClientLoginToOAuth2WithDeviceTypeBodyFormat[];
+  // The format of the query string to get OAuth2 auth code from auth token.
+  static const char kClientLoginToOAuth2URLFormat[];
   // The format of the POST body to get OAuth2 token pair from auth code.
   static const char kOAuth2CodeToTokenPairBodyFormat[];
   // Additional param for the POST body to get OAuth2 token pair from auth code.
@@ -421,8 +411,6 @@ class GaiaAuthFetcher : public net::URLFetcherDelegate {
   static std::string MakeIssueAuthTokenBody(const std::string& sid,
                                             const std::string& lsid,
                                             const char* const service);
-  // Create body to get OAuth2 auth code.
-  static std::string MakeGetAuthCodeBody(bool include_device_type);
   // Given auth code and device ID (optional), create body to get OAuth2 token
   // pair.
   static std::string MakeGetTokenPairBody(const std::string& auth_code,
diff --git a/google_apis/gaia/gaia_auth_fetcher_unittest.cc b/google_apis/gaia/gaia_auth_fetcher_unittest.cc
index 7bab642..28e5aff 100644
--- a/google_apis/gaia/gaia_auth_fetcher_unittest.cc
+++ b/google_apis/gaia/gaia_auth_fetcher_unittest.cc
@@ -558,11 +558,12 @@ TEST_F(GaiaAuthFetcherTest, OAuthLoginTokenSuccess) {
 
   net::TestURLFetcherFactory factory;
   GaiaAuthFetcher auth(&consumer, std::string(), GetRequestContext());
-  auth.StartLsoForOAuthLoginTokenExchange("lso_token");
+  auth.StartCookieForOAuthLoginTokenExchange("0");
   net::TestURLFetcher* fetcher = factory.GetFetcherByID(0);
   EXPECT_TRUE(NULL != fetcher);
-  EXPECT_EQ(net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES,
-            fetcher->GetLoadFlags());
+  EXPECT_EQ(net::LOAD_NORMAL, fetcher->GetLoadFlags());
+  EXPECT_EQ(std::string::npos,
+            fetcher->GetOriginalURL().query().find("device_type=chrome"));
 
   net::ResponseCookies cookies;
   cookies.push_back(kGetAuthCodeValidCookie);
@@ -586,18 +587,6 @@ TEST_F(GaiaAuthFetcherTest, OAuthLoginTokenSuccess) {
   EXPECT_FALSE(auth.HasPendingFetch());
 }
 
-TEST_F(GaiaAuthFetcherTest, OAuthLoginTokenWithCookies) {
-  MockGaiaConsumer consumer;
-  net::TestURLFetcherFactory factory;
-  GaiaAuthFetcher auth(&consumer, std::string(), GetRequestContext());
-  auth.StartCookieForOAuthLoginTokenExchange("0");
-  net::TestURLFetcher* fetcher = factory.GetFetcherByID(0);
-  EXPECT_TRUE(NULL != fetcher);
-  EXPECT_EQ(net::LOAD_NORMAL, fetcher->GetLoadFlags());
-  EXPECT_FALSE(base::EndsWith(fetcher->upload_data(), "device_type=chrome",
-                              true));
-}
-
 TEST_F(GaiaAuthFetcherTest, OAuthLoginTokenWithCookies_DeviceId) {
   MockGaiaConsumer consumer;
   net::TestURLFetcherFactory factory;
@@ -608,8 +597,8 @@ TEST_F(GaiaAuthFetcherTest, OAuthLoginTokenWithCookies_DeviceId) {
   net::TestURLFetcher* fetcher = factory.GetFetcherByID(0);
   EXPECT_TRUE(NULL != fetcher);
   EXPECT_EQ(net::LOAD_NORMAL, fetcher->GetLoadFlags());
-  EXPECT_TRUE(base::EndsWith(fetcher->upload_data(), "device_type=chrome",
-                             true));
+  EXPECT_NE(std::string::npos,
+            fetcher->GetOriginalURL().query().find("device_type=chrome"));
   net::HttpRequestHeaders extra_request_headers;
   fetcher->GetExtraRequestHeaders(&extra_request_headers);
   std::string device_id;
@@ -624,7 +613,7 @@ TEST_F(GaiaAuthFetcherTest, OAuthLoginTokenClientLoginToOAuth2Failure) {
 
   net::TestURLFetcherFactory factory;
   GaiaAuthFetcher auth(&consumer, std::string(), GetRequestContext());
-  auth.StartLsoForOAuthLoginTokenExchange("lso_token");
+  auth.StartCookieForOAuthLoginTokenExchange(std::string());
 
   net::ResponseCookies cookies;
   EXPECT_TRUE(auth.HasPendingFetch());
@@ -647,7 +636,7 @@ TEST_F(GaiaAuthFetcherTest, OAuthLoginTokenOAuth2TokenPairFailure) {
 
   net::TestURLFetcherFactory factory;
   GaiaAuthFetcher auth(&consumer, std::string(), GetRequestContext());
-  auth.StartLsoForOAuthLoginTokenExchange("lso_token");
+  auth.StartCookieForOAuthLoginTokenExchange(std::string());
 
   net::ResponseCookies cookies;
   cookies.push_back(kGetAuthCodeValidCookie);