Add IssueAuthToken and unit tests to GaiaAuthenticator2.

chrome/common/net/gaia/gaia_authenticator2.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/net/gaia/gaia_authenticator2.h"
 
 #include <string>
 
 #include "base/string_split.h"
 #include "base/string_util.h"
@@ skipping 16 matching lines @@
 // static
 const char GaiaAuthenticator2::kClientLoginCaptchaFormat[] =
     "Email=%s&"
     "Passwd=%s&"
     "PersistentCookie=%s&"
     "accountType=%s&"
     "source=%s&"
     "service=%s&"
     "logintoken=%s&"
     "logincaptcha=%s";
+// static
+const char GaiaAuthenticator2::kIssueAuthTokenFormat[] =
+    "SID=%s&"
+    "LSID=%s&"
+    "service=%s&"
+    "Session=true";
 
 // static
 const char GaiaAuthenticator2::kCookiePersistence[] = "true";
 // static
 const char GaiaAuthenticator2::kAccountType[] = "HOSTED_OR_GOOGLE";
 // static
 const char GaiaAuthenticator2::kChromeOSSource[] = "chromeos";
 // static
 // Service name for Gaia Contacts API. API is used to get user's image.
 const char GaiaAuthenticator2::kContactsService[] = "cp";
 // static
 const char GaiaAuthenticator2::kSecondFactor[] = "Info=InvalidSecondFactor";
 
 // TODO(chron): These urls are also in auth_response_handler.h.
 // The URLs for different calls in the Google Accounts programmatic login API.
 const char GaiaAuthenticator2::kClientLoginUrl[] =
     "https://www.google.com/accounts/ClientLogin";
 const char GaiaAuthenticator2::kIssueAuthTokenUrl[] =
     "https://www.google.com/accounts/IssueAuthToken";
-// TODO(chron): Fix this URL not to hardcode source
-// TODO(cmasone): make sure that using an http:// URL in the "continue"
-// parameter here doesn't open the system up to attack long-term.
-const char GaiaAuthenticator2::kTokenAuthUrl[] =
-    "https://www.google.com/accounts/TokenAuth?"
-        "continue=http://www.google.com/webhp&source=chromeos&auth=";
 
 GaiaAuthenticator2::GaiaAuthenticator2(GaiaAuthConsumer* consumer,
                                        const std::string& source,
                                        URLRequestContextGetter* getter)
     : consumer_(consumer),
       getter_(getter),
       source_(source),
       client_login_gurl_(kClientLoginUrl),
-      fetch_pending_(false){}
+      issue_auth_token_gurl_(kIssueAuthTokenUrl),
+      fetch_pending_(false) {}
 
 GaiaAuthenticator2::~GaiaAuthenticator2() {}
 
 bool GaiaAuthenticator2::HasPendingFetch() {
   return fetch_pending_;
 }
 
 void GaiaAuthenticator2::CancelRequest() {
   fetcher_.reset();
   fetch_pending_ = false;
 }
 
 // static
-URLFetcher* GaiaAuthenticator2::CreateClientLoginFetcher(
+URLFetcher* GaiaAuthenticator2::CreateGaiaFetcher(
     URLRequestContextGetter* getter,
     const std::string& body,
-    const GURL& client_login_gurl,
+    const GURL& gaia_gurl,
     URLFetcher::Delegate* delegate) {
 
   URLFetcher* to_return =
       URLFetcher::Create(0,
-                         client_login_gurl,
+                         gaia_gurl,
                          URLFetcher::POST,
                          delegate);
   to_return->set_request_context(getter);
   to_return->set_load_flags(net::LOAD_DO_NOT_SEND_COOKIES);
   to_return->set_upload_data("application/x-www-form-urlencoded", body);
   return to_return;
 }
 
-std::string GaiaAuthenticator2::GenerateRequestBody(
+// static
+std::string GaiaAuthenticator2::MakeClientLoginBody(
     const std::string& username,
     const std::string& password,
     const std::string& source,
     const char* service,
     const std::string& login_token,
     const std::string& login_captcha) {
 
   if (login_token.empty() || login_captcha.empty()) {
     return StringPrintf(kClientLoginFormat,
                         UrlEncodeString(username).c_str(),
                         UrlEncodeString(password).c_str(),
                         kCookiePersistence,
                         kAccountType,
                         source.c_str(),
                         service);
   }
 
   return StringPrintf(kClientLoginCaptchaFormat,
                       UrlEncodeString(username).c_str(),
                       UrlEncodeString(password).c_str(),
                       kCookiePersistence,
                       kAccountType,
                       source.c_str(),
                       service,
                       UrlEncodeString(login_token).c_str(),
                       UrlEncodeString(login_captcha).c_str());
 
 }
 
-// Helper method that extracts tokens from a successful reply, and saves them
-// in the right fields.
+// static
+std::string GaiaAuthenticator2::MakeIssueAuthTokenBody(
+    const std::string& sid,
+    const std::string& lsid,
+    const char* const service) {
+
+  return StringPrintf(kIssueAuthTokenFormat,
+                      UrlEncodeString(sid).c_str(),
+                      UrlEncodeString(lsid).c_str(),
+                      service);
+}
+
+// Helper method that extracts tokens from a successful reply.
 // static
 void GaiaAuthenticator2::ParseClientLoginResponse(const std::string& data,
                                                   std::string* sid,
                                                   std::string* lsid,
                                                   std::string* token) {
   using std::vector;
   using std::pair;
   using std::string;
 
   vector<pair<string, string> > tokens;
   base::SplitStringIntoKeyValuePairs(data, '=', '\n', &tokens);
   for (vector<pair<string, string> >::iterator i = tokens.begin();
       i != tokens.end(); ++i) {
     if (i->first == "SID") {
       sid->assign(i->second);
     } else if (i->first == "LSID") {
       lsid->assign(i->second);
     } else if (i->first == "Auth") {
       token->assign(i->second);
     }
   }
 }
 
 void GaiaAuthenticator2::StartClientLogin(const std::string& username,
                                           const std::string& password,
-                                          const char* service,
+                                          const char* const service,
                                           const std::string& login_token,
                                           const std::string& login_captcha) {
 
+  DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
+
   // This class is thread agnostic, so be sure to call this only on the
   // same thread each time.
-  LOG(INFO) << "Starting new ClientLogin fetch.";
+  LOG(INFO) << "Starting new ClientLogin fetch for:" << username;
 
   // Must outlive fetcher_.
-  request_body_ = GenerateRequestBody(username,
+  request_body_ = MakeClientLoginBody(username,
                                       password,
                                       source_,
                                       service,
                                       login_token,
                                       login_captcha);
-
-  fetcher_.reset(CreateClientLoginFetcher(getter_,
-                                          request_body_,
-                                          client_login_gurl_,
-                                          this));
+  fetcher_.reset(CreateGaiaFetcher(getter_,
+                                   request_body_,
+                                   client_login_gurl_,
+                                   this));
   fetch_pending_ = true;
   fetcher_->Start();
 }
 
-void GaiaAuthenticator2::OnClientLoginFetched(const std::string& data,
-                                              const URLRequestStatus& status,
-                                              int response_code) {
+void GaiaAuthenticator2::StartIssueAuthToken(const std::string& sid,
+                                             const std::string& lsid,
+                                             const char* const service) {
 
-  if (status.is_success() && response_code == RC_REQUEST_OK) {
-    LOG(INFO) << "ClientLogin successful!";
-    std::string sid;
-    std::string lsid;
-    std::string token;
-    ParseClientLoginResponse(data, &sid, &lsid, &token);
-    consumer_->OnClientLoginSuccess(
-        GaiaAuthConsumer::ClientLoginResult(sid, lsid, token, data));
-    return;
-  }
+  DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
 
-  GaiaAuthConsumer::ClientLoginError error;
+  LOG(INFO) << "Starting IssueAuthToken for: " << service;
+  requested_service_ = service;
+  request_body_ = MakeIssueAuthTokenBody(sid, lsid, service);
+  fetcher_.reset(CreateGaiaFetcher(getter_,
+                                   request_body_,
+                                   issue_auth_token_gurl_,
+                                   this));
+  fetch_pending_ = true;
+  fetcher_->Start();
+}
+
+GaiaAuthConsumer::GaiaAuthError GaiaAuthenticator2::GenerateAuthError(
+    const std::string& data,
+    const URLRequestStatus& status) {
+
+  GaiaAuthConsumer::GaiaAuthError error;
   error.data = data;
 
   if (!status.is_success()) {
     if (status.status() == URLRequestStatus::CANCELED) {
       error.code = GaiaAuthConsumer::REQUEST_CANCELED;
     } else {
       error.code = GaiaAuthConsumer::NETWORK_ERROR;
       error.network_error = status.os_error();
       LOG(WARNING) << "Could not reach Google Accounts servers: errno "
         << status.os_error();
     }
   } else {
     if (IsSecondFactorSuccess(data)) {
       error.code = GaiaAuthConsumer::TWO_FACTOR;
     } else {
       error.code = GaiaAuthConsumer::PERMISSION_DENIED;
     }
   }
 
-  consumer_->OnClientLoginFailure(error);
+  return error;
+}
+
+void GaiaAuthenticator2::OnClientLoginFetched(const std::string& data,
+                                              const URLRequestStatus& status,
+                                              int response_code) {
+
+  if (status.is_success() && response_code == RC_REQUEST_OK) {
+    LOG(INFO) << "ClientLogin successful!";
+    std::string sid;
+    std::string lsid;
+    std::string token;
+    ParseClientLoginResponse(data, &sid, &lsid, &token);
+    consumer_->OnClientLoginSuccess(
+        GaiaAuthConsumer::ClientLoginResult(sid, lsid, token, data));
+    return;
+  }

[Zachary Kuznia, 2010/07/06 03:33:23]

Perhaps make this an "} else {" to make the flow of this function more clear.

+
+  consumer_->OnClientLoginFailure(GenerateAuthError(data, status));
+}
+
+void GaiaAuthenticator2::OnIssueAuthTokenFetched(
+    const std::string& data,
+    const URLRequestStatus& status,
+    int response_code) {
+  if (status.is_success() && response_code == RC_REQUEST_OK) {
+    // Only the bare token is returned in the body of this Gaia call
+    // without any padding.
+    consumer_->OnIssueAuthTokenSuccess(requested_service_, data);
+  } else {
+    consumer_->OnIssueAuthTokenFailure(requested_service_,
+        GenerateAuthError(data, status));
+  }
 }
 
 void GaiaAuthenticator2::OnURLFetchComplete(const URLFetcher* source,
                                             const GURL& url,
                                             const URLRequestStatus& status,
                                             int response_code,
                                             const ResponseCookies& cookies,
                                             const std::string& data) {
   fetch_pending_ = false;
   if (url == client_login_gurl_) {
     OnClientLoginFetched(data, status, response_code);
-    return;
+  } else if (url == issue_auth_token_gurl_) {
+    OnIssueAuthTokenFetched(data, status, response_code);
+  } else {
+    NOTREACHED();
   }
-  NOTREACHED();
 }
 
 // static
 bool GaiaAuthenticator2::IsSecondFactorSuccess(
     const std::string& alleged_error) {
   return alleged_error.find(kSecondFactor) !=
       std::string::npos;
 }