Pre- and Auto-login should not log the user out of an already signed in

chrome/common/net/gaia/gaia_auth_fetcher.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/net/gaia/gaia_auth_fetcher.h"
 
 #include <string>
 #include <utility>
 #include <vector>
 
@@ skipping 36 matching lines @@
     "service=%s&"
     "Session=%s";
 // static
 const char GaiaAuthFetcher::kGetUserInfoFormat[] =
     "LSID=%s";
 // static
 const char GaiaAuthFetcher::kTokenAuthFormat[] =
     "auth=%s&"
     "continue=%s&"
     "source=%s";
+// static
+const char GaiaAuthFetcher::kMergeSessionFormat[] =
+    "uberauth=%s&"
+    "continue=%s&"
+    "source=%s";
 
 // static
 const char GaiaAuthFetcher::kAccountDeletedError[] = "AccountDeleted";
 const char GaiaAuthFetcher::kAccountDeletedErrorCode[] = "adel";
 // static
 const char GaiaAuthFetcher::kAccountDisabledError[] = "AccountDisabled";
 const char GaiaAuthFetcher::kAccountDisabledErrorCode[] = "adis";
 // static
 const char GaiaAuthFetcher::kBadAuthenticationError[] = "BadAuthentication";
 const char GaiaAuthFetcher::kBadAuthenticationErrorCode[] = "badauth";
@@ skipping 30 matching lines @@
 GaiaAuthFetcher::GaiaAuthFetcher(GaiaAuthConsumer* consumer,
                                        const std::string& source,
                                        net::URLRequestContextGetter* getter)
     : consumer_(consumer),
       getter_(getter),
       source_(source),
       client_login_gurl_(GaiaUrls::GetInstance()->client_login_url()),
       issue_auth_token_gurl_(GaiaUrls::GetInstance()->issue_auth_token_url()),
       get_user_info_gurl_(GaiaUrls::GetInstance()->get_user_info_url()),
       token_auth_gurl_(GaiaUrls::GetInstance()->token_auth_url()),
+      merge_session_gurl_(GaiaUrls::GetInstance()->merge_session_url()),
       fetch_pending_(false) {}
 
 GaiaAuthFetcher::~GaiaAuthFetcher() {}
 
 bool GaiaAuthFetcher::HasPendingFetch() {
   return fetch_pending_;
 }
 
 void GaiaAuthFetcher::CancelRequest() {
   fetcher_.reset();
   fetch_pending_ = false;
 }
 
 // static
 URLFetcher* GaiaAuthFetcher::CreateGaiaFetcher(
     net::URLRequestContextGetter* getter,
     const std::string& body,
     const GURL& gaia_gurl,
+    bool send_cookies,
     URLFetcher::Delegate* delegate) {
 
   URLFetcher* to_return =
       URLFetcher::Create(0,
                          gaia_gurl,
                          URLFetcher::POST,
                          delegate);
   to_return->set_request_context(getter);
-  to_return->set_load_flags(net::LOAD_DO_NOT_SEND_COOKIES);
   to_return->set_upload_data("application/x-www-form-urlencoded", body);
+
+  // The Gaia token exchange requests do not require any cookie-based
+  // identification as part of requests.  We suppress sending any cookies to
+  // maintain a separation between the user's browsing and Chrome's internal
+  // services.  Where such mixing is desired (MergeSession), it will be done
+  // explicitly.
+  if (!send_cookies)
+    to_return->set_load_flags(net::LOAD_DO_NOT_SEND_COOKIES);
+
   return to_return;
 }
 
 // static
 std::string GaiaAuthFetcher::MakeClientLoginBody(
     const std::string& username,
     const std::string& password,
     const std::string& source,
     const char* service,
     const std::string& login_token,
@@ skipping 61 matching lines @@
                                                const std::string& source) {
   std::string encoded_auth_token = EscapeUrlEncodedData(auth_token, true);
   std::string encoded_continue_url = EscapeUrlEncodedData(continue_url, true);
   std::string encoded_source = EscapeUrlEncodedData(source, true);
   return base::StringPrintf(kTokenAuthFormat,
                             encoded_auth_token.c_str(),
                             encoded_continue_url.c_str(),
                             encoded_source.c_str());
 }
 
+// static
+std::string GaiaAuthFetcher::MakeMergeSessionBody(
+    const std::string& auth_token,
+    const std::string& continue_url,
+    const std::string& source) {
+  std::string encoded_auth_token = EscapeUrlEncodedData(auth_token, true);
+  std::string encoded_continue_url = EscapeUrlEncodedData(continue_url, true);
+  std::string encoded_source = EscapeUrlEncodedData(source, true);
+  return base::StringPrintf(kMergeSessionFormat,
+                            encoded_auth_token.c_str(),
+                            encoded_continue_url.c_str(),
+                            encoded_source.c_str());
+}
+
 // Helper method that extracts tokens from a successful reply.
 // static
 void GaiaAuthFetcher::ParseClientLoginResponse(const std::string& data,
                                                   std::string* sid,
                                                   std::string* lsid,
                                                   std::string* token) {
   using std::vector;
   using std::pair;
   using std::string;
 
@@ skipping 55 matching lines @@
   request_body_ = MakeClientLoginBody(username,
                                       password,
                                       source_,
                                       service,
                                       login_token,
                                       login_captcha,
                                       allow_hosted_accounts);
   fetcher_.reset(CreateGaiaFetcher(getter_,
                                    request_body_,
                                    client_login_gurl_,
+                                   false,
                                    this));
   fetch_pending_ = true;
   fetcher_->Start();
 }
 
 void GaiaAuthFetcher::StartIssueAuthToken(const std::string& sid,
                                           const std::string& lsid,
                                           const char* const service) {
   DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
 
   VLOG(1) << "Starting IssueAuthToken for: " << service;
   requested_service_ = service;
   request_body_ = MakeIssueAuthTokenBody(sid, lsid, service);
   fetcher_.reset(CreateGaiaFetcher(getter_,
                                    request_body_,
                                    issue_auth_token_gurl_,
+                                   false,
                                    this));
   fetch_pending_ = true;
   fetcher_->Start();
 }
 
 void GaiaAuthFetcher::StartGetUserInfo(const std::string& lsid,
                                        const std::string& info_key) {
   DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
 
   VLOG(1) << "Starting GetUserInfo for lsid=" << lsid;
   request_body_ = MakeGetUserInfoBody(lsid);
   fetcher_.reset(CreateGaiaFetcher(getter_,
                                    request_body_,
                                    get_user_info_gurl_,
+                                   false,
                                    this));
   fetch_pending_ = true;
   requested_info_key_ = info_key;
   fetcher_->Start();
 }
 
 void GaiaAuthFetcher::StartTokenAuth(const std::string& auth_token) {
   DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
 
   VLOG(1) << "Starting TokenAuth with auth_token=" << auth_token;
 
   // The continue URL is a required parameter of the TokenAuth API, but in this
   // case we don't actually need or want to navigate to it.  Setting it to
   // an arbitrary Google URL.
   std::string continue_url("http://www.google.com");
   request_body_ = MakeTokenAuthBody(auth_token, continue_url, source_);
   fetcher_.reset(CreateGaiaFetcher(getter_,
                                    request_body_,
                                    token_auth_gurl_,
+                                   false,
+                                   this));
+  fetch_pending_ = true;
+  fetcher_->Start();
+}
+
+void GaiaAuthFetcher::StartMergeSession(const std::string& auth_token) {
+  DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
+
+  VLOG(1) << "Starting MergeSession with auth_token=" << auth_token;
+
+  // The continue URL is a required parameter of the MergeSession API, but in
+  // this case we don't actually need or want to navigate to it.  Setting it to
+  // an arbitrary Google URL.
+  //
+  // In order for the new session to be merged correctly, the server needs to
+  // know what sessions already exist in the browser.  The fetcher needs to be
+  // created such that it sends the cookies with the request, which is
+  // different from all other requests the fetcher can make.
+  std::string continue_url("http://www.google.com");
+  request_body_ = MakeMergeSessionBody(auth_token, continue_url, source_);
+  fetcher_.reset(CreateGaiaFetcher(getter_,
+                                   request_body_,
+                                   merge_session_gurl_,
+                                   true,
                                    this));
   fetch_pending_ = true;
   fetcher_->Start();
 }
 
 // static
 GoogleServiceAuthError GaiaAuthFetcher::GenerateAuthError(
     const std::string& data,
     const net::URLRequestStatus& status) {
   if (!status.is_success()) {
@@ skipping 155 matching lines @@
 void GaiaAuthFetcher::OnTokenAuthFetched(const std::string& data,
                                          const net::URLRequestStatus& status,
                                          int response_code) {
   if (status.is_success() && response_code == RC_REQUEST_OK) {
     consumer_->OnTokenAuthSuccess(data);
   } else {
     consumer_->OnTokenAuthFailure(GenerateAuthError(data, status));
   }
 }
 
+void GaiaAuthFetcher::OnMergeSessionFetched(const std::string& data,
+                                            const net::URLRequestStatus& status,
+                                            int response_code) {
+  if (status.is_success() && response_code == RC_REQUEST_OK) {
+    consumer_->OnMergeSessionSuccess(data);
+  } else {
+    consumer_->OnMergeSessionFailure(GenerateAuthError(data, status));
+  }
+}
+
 void GaiaAuthFetcher::OnURLFetchComplete(const URLFetcher* source,
                                          const GURL& url,
                                          const net::URLRequestStatus& status,
                                          int response_code,
                                          const net::ResponseCookies& cookies,
                                          const std::string& data) {
   fetch_pending_ = false;
   if (url == client_login_gurl_) {
     OnClientLoginFetched(data, status, response_code);
   } else if (url == issue_auth_token_gurl_) {
     OnIssueAuthTokenFetched(data, status, response_code);
   } else if (url == get_user_info_gurl_) {
     OnGetUserInfoFetched(data, status, response_code);
   } else if (url == token_auth_gurl_) {
     OnTokenAuthFetched(data, status, response_code);
+  } else if (url == merge_session_gurl_ ||
+      (source && source->original_url() == merge_session_gurl_)) {
+    // MergeSession may redirect, so check the original URL of the fetcher.
+    OnMergeSessionFetched(data, status, response_code);
   } else {
     NOTREACHED();
   }
 }
 
 // static
 bool GaiaAuthFetcher::IsSecondFactorSuccess(
     const std::string& alleged_error) {
   return alleged_error.find(kSecondFactor) !=
       std::string::npos;
 }