Pre- and Auto-login should not log the user out of an already signed in

chrome/common/net/gaia/gaia_auth_fetcher.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/net/gaia/gaia_auth_fetcher.h"
 
 #include <string>
 #include <utility>
 #include <vector>
 
@@ skipping 36 matching lines @@
     "service=%s&"
     "Session=%s";
 // static
 const char GaiaAuthFetcher::kGetUserInfoFormat[] =
     "LSID=%s";
 // static
 const char GaiaAuthFetcher::kTokenAuthFormat[] =
     "auth=%s&"
     "continue=%s&"
     "source=%s";
+// static
+const char GaiaAuthFetcher::kMergeSessionFormat[] =
+    "uberauth=%s&"
+    "continue=%s&"
+    "source=%s";
 
 // static
 const char GaiaAuthFetcher::kAccountDeletedError[] = "AccountDeleted";
 const char GaiaAuthFetcher::kAccountDeletedErrorCode[] = "adel";
 // static
 const char GaiaAuthFetcher::kAccountDisabledError[] = "AccountDisabled";
 const char GaiaAuthFetcher::kAccountDisabledErrorCode[] = "adis";
 // static
 const char GaiaAuthFetcher::kBadAuthenticationError[] = "BadAuthentication";
 const char GaiaAuthFetcher::kBadAuthenticationErrorCode[] = "badauth";
@@ skipping 30 matching lines @@
 GaiaAuthFetcher::GaiaAuthFetcher(GaiaAuthConsumer* consumer,
                                        const std::string& source,
                                        net::URLRequestContextGetter* getter)
     : consumer_(consumer),
       getter_(getter),
       source_(source),
       client_login_gurl_(GaiaUrls::GetInstance()->client_login_url()),
       issue_auth_token_gurl_(GaiaUrls::GetInstance()->issue_auth_token_url()),
       get_user_info_gurl_(GaiaUrls::GetInstance()->get_user_info_url()),
       token_auth_gurl_(GaiaUrls::GetInstance()->token_auth_url()),
+      merge_session_gurl_(GaiaUrls::GetInstance()->merge_session_url()),
       fetch_pending_(false) {}
 
 GaiaAuthFetcher::~GaiaAuthFetcher() {}
 
 bool GaiaAuthFetcher::HasPendingFetch() {
   return fetch_pending_;
 }
 
 void GaiaAuthFetcher::CancelRequest() {
   fetcher_.reset();
   fetch_pending_ = false;
 }
 
 // static
 URLFetcher* GaiaAuthFetcher::CreateGaiaFetcher(
     net::URLRequestContextGetter* getter,
     const std::string& body,
     const GURL& gaia_gurl,
     URLFetcher::Delegate* delegate) {
+  return CreateGaiaFetcherWithFlags(getter, body, gaia_gurl,
+                                    net::LOAD_DO_NOT_SEND_COOKIES, delegate);
+}
+
+// static
+URLFetcher* GaiaAuthFetcher::CreateGaiaFetcherWithFlags(
+    net::URLRequestContextGetter* getter,
+    const std::string& body,
+    const GURL& gaia_gurl,
+    int flags,
+    URLFetcher::Delegate* delegate) {
 
   URLFetcher* to_return =
       URLFetcher::Create(0,
                          gaia_gurl,
                          URLFetcher::POST,
                          delegate);
   to_return->set_request_context(getter);
-  to_return->set_load_flags(net::LOAD_DO_NOT_SEND_COOKIES);
+  to_return->set_load_flags(flags);
   to_return->set_upload_data("application/x-www-form-urlencoded", body);
   return to_return;
 }
 
 // static
 std::string GaiaAuthFetcher::MakeClientLoginBody(
     const std::string& username,
     const std::string& password,
     const std::string& source,
     const char* service,
@@ skipping 62 matching lines @@
                                                const std::string& source) {
   std::string encoded_auth_token = EscapeUrlEncodedData(auth_token, true);
   std::string encoded_continue_url = EscapeUrlEncodedData(continue_url, true);
   std::string encoded_source = EscapeUrlEncodedData(source, true);
   return base::StringPrintf(kTokenAuthFormat,
                             encoded_auth_token.c_str(),
                             encoded_continue_url.c_str(),
                             encoded_source.c_str());
 }
 
+// static
+std::string GaiaAuthFetcher::MakeMergeSessionBody(
+    const std::string& auth_token,
+    const std::string& continue_url,
+    const std::string& source) {
+  std::string encoded_auth_token = EscapeUrlEncodedData(auth_token, true);
+  std::string encoded_continue_url = EscapeUrlEncodedData(continue_url, true);
+  std::string encoded_source = EscapeUrlEncodedData(source, true);
+  return base::StringPrintf(kMergeSessionFormat,
+                            encoded_auth_token.c_str(),
+                            encoded_continue_url.c_str(),
+                            encoded_source.c_str());
+}
+
 // Helper method that extracts tokens from a successful reply.
 // static
 void GaiaAuthFetcher::ParseClientLoginResponse(const std::string& data,
                                                   std::string* sid,
                                                   std::string* lsid,
                                                   std::string* token) {
   using std::vector;
   using std::pair;
   using std::string;
 
@@ skipping 109 matching lines @@
   std::string continue_url("http://www.google.com");
   request_body_ = MakeTokenAuthBody(auth_token, continue_url, source_);
   fetcher_.reset(CreateGaiaFetcher(getter_,
                                    request_body_,
                                    token_auth_gurl_,
                                    this));
   fetch_pending_ = true;
   fetcher_->Start();
 }
 
+void GaiaAuthFetcher::StartMergeSession(const std::string& auth_token) {
+  DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
+
+  VLOG(1) << "Starting MergeSession with auth_token=" << auth_token;
+
+  // The continue URL is a required parameter of the MergeSession API, but in
+  // this case we don't actually need or want to navigate to it.  Setting it to
+  // an arbitrary Google URL.
+  //
+  // In order for the new session to be merged correctly, the server needs to
+  // know what sessions already exist in the browser.  The fecther needs to be

[Rick Campbell, 2011/08/08 21:24:51]

TYPO: fetcher

[Roger Tawa OOO till Jul 10th, 2011/08/09 20:50:49]

Done.

+  // created such that it sends the cookies with the request, which is
+  // different from all other requests the fetcher can make.
+  std::string continue_url("http://www.google.com");
+  request_body_ = MakeMergeSessionBody(auth_token, continue_url, source_);
+  fetcher_.reset(CreateGaiaFetcherWithFlags(getter_,
+                                            request_body_,
+                                            merge_session_gurl_,
+                                            net::LOAD_NORMAL,

[Rick Campbell, 2011/08/08 21:24:51]

Just looping back to my comment about preferring a boolean "send_cookies" rather
than the more generic flags, I note in passing the use of net::LOAD_NORMAL here.
 This highlights that what is normal for most URL fetchers is abnormal in
auth-related use, and might even warrant a comment calling this out to avoid
reader confusion.

The similar mechanism in GaiaOAuthFetcher tests send_cookies to determine
whether to call set_load_flags.  This has the nice side-effect that it never
uses net::LOAD_NORMAL for that abnormal case and highlights that the cookies are
the only reason that flags are set.

[Roger Tawa OOO till Jul 10th, 2011/08/09 20:50:49]

Done.

+                                            this));
+  fetch_pending_ = true;
+  fetcher_->Start();
+}
+
 // static
 GoogleServiceAuthError GaiaAuthFetcher::GenerateAuthError(
     const std::string& data,
     const net::URLRequestStatus& status) {
   if (!status.is_success()) {
     if (status.status() == net::URLRequestStatus::CANCELED) {
       return GoogleServiceAuthError(GoogleServiceAuthError::REQUEST_CANCELED);
     } else {
       LOG(WARNING) << "Could not reach Google Accounts servers: errno "
           << status.os_error();
@@ skipping 150 matching lines @@
 void GaiaAuthFetcher::OnTokenAuthFetched(const std::string& data,
                                          const net::URLRequestStatus& status,
                                          int response_code) {
   if (status.is_success() && response_code == RC_REQUEST_OK) {
     consumer_->OnTokenAuthSuccess(data);
   } else {
     consumer_->OnTokenAuthFailure(GenerateAuthError(data, status));
   }
 }
 
+void GaiaAuthFetcher::OnMergeSessionFetched(const std::string& data,
+                                            const net::URLRequestStatus& status,
+                                            int response_code) {
+  if (status.is_success() && response_code == RC_REQUEST_OK) {
+    consumer_->OnMergeSessionSuccess(data);
+  } else {
+    consumer_->OnMergeSessionFailure(GenerateAuthError(data, status));
+  }
+}
+
 void GaiaAuthFetcher::OnURLFetchComplete(const URLFetcher* source,
                                          const GURL& url,
                                          const net::URLRequestStatus& status,
                                          int response_code,
                                          const net::ResponseCookies& cookies,
                                          const std::string& data) {
   fetch_pending_ = false;
   if (url == client_login_gurl_) {
     OnClientLoginFetched(data, status, response_code);
   } else if (url == issue_auth_token_gurl_) {
     OnIssueAuthTokenFetched(data, status, response_code);
   } else if (url == get_user_info_gurl_) {
     OnGetUserInfoFetched(data, status, response_code);
   } else if (url == token_auth_gurl_) {
     OnTokenAuthFetched(data, status, response_code);
+  } else if (url == merge_session_gurl_ ||
+      (source && source->original_url() == merge_session_gurl_)) {
+    // MergeSession may redirect, so check the original URL of the fetcher.
+    OnMergeSessionFetched(data, status, response_code);
   } else {
     NOTREACHED();
   }
 }
 
 // static
 bool GaiaAuthFetcher::IsSecondFactorSuccess(
     const std::string& alleged_error) {
   return alleged_error.find(kSecondFactor) !=
       std::string::npos;
 }