1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
|
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_COMMON_NET_GAIA_GAIA_AUTH_FETCHER_H_
#define CHROME_COMMON_NET_GAIA_GAIA_AUTH_FETCHER_H_
#pragma once
#include <string>
#include <vector>
#include "base/gtest_prod_util.h"
#include "base/memory/scoped_ptr.h"
#include "chrome/common/net/gaia/gaia_auth_consumer.h"
#include "content/public/common/url_fetcher_delegate.h"
#include "googleurl/src/gurl.h"
// Authenticate a user against the Google Accounts ClientLogin API
// with various capabilities and return results to a GaiaAuthConsumer.
//
// In the future, we will also issue auth tokens from this class.
// This class should be used on a single thread, but it can be whichever thread
// that you like.
//
// This class can handle one request at a time. To parallelize requests,
// create multiple GaiaAuthFetcher's.
class GaiaAuthFetcherTest;
namespace net {
class URLRequestContextGetter;
class URLRequestStatus;
typedef std::vector<std::string> ResponseCookies;
}
class GaiaAuthFetcher : public content::URLFetcherDelegate {
public:
enum HostedAccountsSetting {
HostedAccountsAllowed,
HostedAccountsNotAllowed
};
// Magic string indicating that, while a second factor is still
// needed to complete authentication, the user provided the right password.
static const char kSecondFactor[];
// This will later be hidden behind an auth service which caches
// tokens.
GaiaAuthFetcher(GaiaAuthConsumer* consumer,
const std::string& source,
net::URLRequestContextGetter* getter);
virtual ~GaiaAuthFetcher();
// GaiaAuthConsumer will be called on the original thread
// after results come back. This class is thread agnostic.
// You can't make more than request at a time.
void StartClientLogin(const std::string& username,
const std::string& password,
const char* const service,
const std::string& login_token,
const std::string& login_captcha,
HostedAccountsSetting allow_hosted_accounts);
// GaiaAuthConsumer will be called on the original thread
// after results come back. This class is thread agnostic.
// You can't make more than one request at a time.
void StartIssueAuthToken(const std::string& sid,
const std::string& lsid,
const char* const service);
// Start fetching OAuth login scoped token from the given ClientLogin token
// for "lso" service.
// Either OnOAuthLoginTokenSuccess or OnOAuthLoginTokenFailure method will be
// called on the consumer with results.
void StartOAuthLoginTokenFetch(const std::string& auth_token);
// Start a request to get user info.
// GaiaAuthConsumer will be called back on the same thread when
// results come back.
// You can't make more than one request at a time.
void StartGetUserInfo(const std::string& lsid);
// Start a TokenAuth request to pre-login the user with the given credentials.
void StartTokenAuth(const std::string& auth_token);
// Start a MergeSession request to pre-login the user with the given
// credentials. Unlike TokenAuth above, MergeSession will not sign out any
// existing accounts.
void StartMergeSession(const std::string& auth_token);
// Start a request to get an uber-auth token. The given |access_token| must
// be an OAuth2 valid access token.
void StartUberAuthTokenFetch(const std::string& access_token);
// Implementation of content::URLFetcherDelegate
virtual void OnURLFetchComplete(const content::URLFetcher* source) OVERRIDE;
// StartClientLogin been called && results not back yet?
bool HasPendingFetch();
// Stop any URL fetches in progress.
void CancelRequest();
// From a URLFetcher result, generate an appropriate error.
// From the API documentation, both IssueAuthToken and ClientLogin have
// the same error returns.
static GoogleServiceAuthError GenerateOAuthLoginError(
const std::string& data,
const net::URLRequestStatus& status);
private:
// ClientLogin body constants that don't change
static const char kCookiePersistence[];
static const char kAccountTypeHostedOrGoogle[];
static const char kAccountTypeGoogle[];
// The format of the POST body for ClientLogin.
static const char kClientLoginFormat[];
// The format of said POST body when CAPTCHA token & answer are specified.
static const char kClientLoginCaptchaFormat[];
// The format of the POST body for IssueAuthToken.
static const char kIssueAuthTokenFormat[];
// The format of the POST body to get OAuth2 auth code from auth token.
static const char kClientLoginToOAuth2BodyFormat[];
// The format of the POST body to get OAuth2 token pair from auth code.
static const char kOAuth2CodeToTokenPairBodyFormat[];
// The format of the POST body for GetUserInfo.
static const char kGetUserInfoFormat[];
// The format of the POST body for TokenAuth.
static const char kTokenAuthFormat[];
// The format of the POST body for MergeSession.
static const char kMergeSessionFormat[];
// The format of the URL for UberAuthToken.
static const char kUberAuthTokenURLFormat[];
// Constants for parsing ClientLogin errors.
static const char kAccountDeletedError[];
static const char kAccountDeletedErrorCode[];
static const char kAccountDisabledError[];
static const char kAccountDisabledErrorCode[];
static const char kBadAuthenticationError[];
static const char kBadAuthenticationErrorCode[];
static const char kCaptchaError[];
static const char kCaptchaErrorCode[];
static const char kServiceUnavailableError[];
static const char kServiceUnavailableErrorCode[];
static const char kErrorParam[];
static const char kErrorUrlParam[];
static const char kCaptchaUrlParam[];
static const char kCaptchaTokenParam[];
// Constants for request/response for OAuth2 requests.
static const char kAuthHeaderFormat[];
static const char kOAuthHeaderFormat[];
static const char kClientLoginToOAuth2CookiePartSecure[];
static const char kClientLoginToOAuth2CookiePartHttpOnly[];
static const char kClientLoginToOAuth2CookiePartCodePrefix[];
static const int kClientLoginToOAuth2CookiePartCodePrefixLength;
static const char kOAuth2RefreshTokenKey[];
static const char kOAuth2AccessTokenKey[];
static const char kOAuth2ExpiresInKey[];
// Process the results of a ClientLogin fetch.
void OnClientLoginFetched(const std::string& data,
const net::URLRequestStatus& status,
int response_code);
void OnIssueAuthTokenFetched(const std::string& data,
const net::URLRequestStatus& status,
int response_code);
void OnClientLoginToOAuth2Fetched(const std::string& data,
const net::ResponseCookies& cookies,
const net::URLRequestStatus& status,
int response_code);
void OnOAuth2TokenPairFetched(const std::string& data,
const net::URLRequestStatus& status,
int response_code);
void OnGetUserInfoFetched(const std::string& data,
const net::URLRequestStatus& status,
int response_code);
void OnTokenAuthFetched(const std::string& data,
const net::URLRequestStatus& status,
int response_code);
void OnMergeSessionFetched(const std::string& data,
const net::URLRequestStatus& status,
int response_code);
void OnUberAuthTokenFetch(const std::string& data,
const net::URLRequestStatus& status,
int response_code);
// Tokenize the results of a ClientLogin fetch.
static void ParseClientLoginResponse(const std::string& data,
std::string* sid,
std::string* lsid,
std::string* token);
static void ParseClientLoginFailure(const std::string& data,
std::string* error,
std::string* error_url,
std::string* captcha_url,
std::string* captcha_token);
// Parse ClientLogin to OAuth2 response.
static bool ParseClientLoginToOAuth2Response(
const net::ResponseCookies& cookies,
std::string* auth_code);
// Parse OAuth2 token pairresponse.
static bool ParseOAuth2TokenPairResponse(const std::string& data,
std::string* refresh_token,
std::string* access_token,
int* expires_in_secs);
static bool ParseClientLoginToOAuth2Cookie(const std::string& cookie,
std::string* auth_code);
// Is this a special case Gaia error for TwoFactor auth?
static bool IsSecondFactorSuccess(const std::string& alleged_error);
// Given parameters, create a ClientLogin request body.
static std::string MakeClientLoginBody(
const std::string& username,
const std::string& password,
const std::string& source,
const char* const service,
const std::string& login_token,
const std::string& login_captcha,
HostedAccountsSetting allow_hosted_accounts);
// Supply the sid / lsid returned from ClientLogin in order to
// request a long lived auth token for a service.
static std::string MakeIssueAuthTokenBody(const std::string& sid,
const std::string& lsid,
const char* const service);
// Create body to get OAuth2 auth code.
static std::string MakeGetAuthCodeBody();
// Given auth code, create body to get OAuth2 token pair.
static std::string MakeGetTokenPairBody(const std::string& auth_code);
// Supply the lsid returned from ClientLogin in order to fetch
// user information.
static std::string MakeGetUserInfoBody(const std::string& lsid);
// Supply the authentication token returned from StartIssueAuthToken.
static std::string MakeTokenAuthBody(const std::string& auth_token,
const std::string& continue_url,
const std::string& source);
// Supply the authentication token returned from StartIssueAuthToken.
static std::string MakeMergeSessionBody(const std::string& auth_token,
const std::string& continue_url,
const std::string& source);
static std::string MakeGetAuthCodeHeader(const std::string& auth_token);
void StartOAuth2TokenPairFetch(const std::string& auth_code);
// Create a fetcher useable for making any Gaia request.
static content::URLFetcher* CreateGaiaFetcher(
net::URLRequestContextGetter* getter,
const std::string& body,
const std::string& headers,
const GURL& gaia_gurl,
bool use_cookies,
content::URLFetcherDelegate* delegate);
// From a URLFetcher result, generate an appropriate error.
// From the API documentation, both IssueAuthToken and ClientLogin have
// the same error returns.
static GoogleServiceAuthError GenerateAuthError(
const std::string& data,
const net::URLRequestStatus& status);
// These fields are common to GaiaAuthFetcher, same every request
GaiaAuthConsumer* const consumer_;
net::URLRequestContextGetter* const getter_;
std::string source_;
const GURL client_login_gurl_;
const GURL issue_auth_token_gurl_;
const GURL client_login_to_oauth2_gurl_;
const GURL oauth2_token_gurl_;
const GURL get_user_info_gurl_;
const GURL token_auth_gurl_;
const GURL merge_session_gurl_;
const GURL uberauth_token_gurl_;
// While a fetch is going on:
scoped_ptr<content::URLFetcher> fetcher_;
std::string request_body_;
std::string requested_service_; // Currently tracked for IssueAuthToken only.
bool fetch_pending_;
friend class GaiaAuthFetcherTest;
FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, CaptchaParse);
FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, AccountDeletedError);
FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, AccountDisabledError);
FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, BadAuthenticationError);
FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, IncomprehensibleError);
FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, ServiceUnavailableError);
FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, CheckNormalErrorCode);
FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, CheckTwoFactorResponse);
FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, LoginNetFailure);
FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest,
ParseClientLoginToOAuth2Response);
FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, ParseOAuth2TokenPairResponse);
DISALLOW_COPY_AND_ASSIGN(GaiaAuthFetcher);
};
#endif // CHROME_COMMON_NET_GAIA_GAIA_AUTH_FETCHER_H_
|
