Change X-Auto-Login implementation to use OAuth token.

chrome/common/net/gaia/gaia_auth_fetcher.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/net/gaia/gaia_auth_fetcher.h"
 
 #include <algorithm>
 #include <string>
 #include <utility>
 #include <vector>
@@ skipping 62 matching lines @@
 // static
 const char GaiaAuthFetcher::kTokenAuthFormat[] =
     "auth=%s&"
     "continue=%s&"
     "source=%s";
 // static
 const char GaiaAuthFetcher::kMergeSessionFormat[] =
     "uberauth=%s&"
     "continue=%s&"
     "source=%s";
+// static
+const char GaiaAuthFetcher::kUberAuthTokenURLFormat[] =
+    "%s?source=%s&"
+    "issueuberauth=1";
 
 // static
 const char GaiaAuthFetcher::kAccountDeletedError[] = "AccountDeleted";
 const char GaiaAuthFetcher::kAccountDeletedErrorCode[] = "adel";
 // static
 const char GaiaAuthFetcher::kAccountDisabledError[] = "AccountDisabled";
 const char GaiaAuthFetcher::kAccountDisabledErrorCode[] = "adis";
 // static
 const char GaiaAuthFetcher::kBadAuthenticationError[] = "BadAuthentication";
 const char GaiaAuthFetcher::kBadAuthenticationErrorCode[] = "badauth";
@@ skipping 24 matching lines @@
 const char GaiaAuthFetcher::kAccountTypeGoogle[] =
     "GOOGLE";
 
 // static
 const char GaiaAuthFetcher::kSecondFactor[] = "Info=InvalidSecondFactor";
 
 // static
 const char GaiaAuthFetcher::kAuthHeaderFormat[] =
     "Authorization: GoogleLogin auth=%s";
 // static
+const char GaiaAuthFetcher::kOAuthHeaderFormat[] = "Authorization: OAuth %s";
+// static
 const char GaiaAuthFetcher::kClientLoginToOAuth2CookiePartSecure[] = "Secure";
 // static
 const char GaiaAuthFetcher::kClientLoginToOAuth2CookiePartHttpOnly[] =
     "HttpOnly";
 // static
 const char GaiaAuthFetcher::kClientLoginToOAuth2CookiePartCodePrefix[] =
     "oauth_code=";
 // static
 const int GaiaAuthFetcher::kClientLoginToOAuth2CookiePartCodePrefixLength =
     arraysize(GaiaAuthFetcher::kClientLoginToOAuth2CookiePartCodePrefix) - 1;
@@ skipping 11 matching lines @@
       getter_(getter),
       source_(source),
       client_login_gurl_(GaiaUrls::GetInstance()->client_login_url()),
       issue_auth_token_gurl_(GaiaUrls::GetInstance()->issue_auth_token_url()),
       client_login_to_oauth2_gurl_(
           GaiaUrls::GetInstance()->client_login_to_oauth2_url()),
       oauth2_token_gurl_(GaiaUrls::GetInstance()->oauth2_token_url()),
       get_user_info_gurl_(GaiaUrls::GetInstance()->get_user_info_url()),
       token_auth_gurl_(GaiaUrls::GetInstance()->token_auth_url()),
       merge_session_gurl_(GaiaUrls::GetInstance()->merge_session_url()),
+      uberauth_token_gurl_(base::StringPrintf(kUberAuthTokenURLFormat,
+          GaiaUrls::GetInstance()->oauth1_login_url().c_str(), source.c_str())),
       fetch_pending_(false) {}
 
 GaiaAuthFetcher::~GaiaAuthFetcher() {}
 
 bool GaiaAuthFetcher::HasPendingFetch() {
   return fetch_pending_;
 }
 
 void GaiaAuthFetcher::CancelRequest() {
   fetcher_.reset();
   fetch_pending_ = false;
 }
 
 // static
 content::URLFetcher* GaiaAuthFetcher::CreateGaiaFetcher(
     net::URLRequestContextGetter* getter,
     const std::string& body,
     const std::string& headers,
     const GURL& gaia_gurl,
     bool use_cookies,
     content::URLFetcherDelegate* delegate) {
   content::URLFetcher* to_return = content::URLFetcher::Create(
-      0, gaia_gurl, content::URLFetcher::POST, delegate);
+      0, gaia_gurl,
+      body == "" ? content::URLFetcher::GET : content::URLFetcher::POST,
+      delegate);
   to_return->SetRequestContext(getter);
   to_return->SetUploadData("application/x-www-form-urlencoded", body);
 
   // The Gaia token exchange requests do not require any cookie-based
   // identification as part of requests.  We suppress sending any cookies to
   // maintain a separation between the user's browsing and Chrome's internal
   // services.  Where such mixing is desired (MergeSession), it will be done
   // explicitly.
   if (!use_cookies) {
     to_return->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
@@ skipping 373 matching lines @@
                                    request_body_,
                                    "",
                                    merge_session_gurl_,
                                    true,
                                    this));
   fetch_pending_ = true;
   fetcher_->Start();
 }
 
 // static
+void GaiaAuthFetcher::StartUberAuthTokenFetch(const std::string& access_token) {
+  DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
+
+  DVLOG(1) << "Starting StartUberAuthTokenFetch with access_token="
+           << access_token;
+  std::string authentication_header =
+      base::StringPrintf(kOAuthHeaderFormat, access_token.c_str());
+  fetcher_.reset(CreateGaiaFetcher(getter_,
+                                   "",
+                                   authentication_header,
+                                   uberauth_token_gurl_,
+                                   false,
+                                   this));
+  fetch_pending_ = true;
+  fetcher_->Start();
+}
+
+// static
 GoogleServiceAuthError GaiaAuthFetcher::GenerateAuthError(
     const std::string& data,
     const net::URLRequestStatus& status) {
   if (!status.is_success()) {
     if (status.status() == net::URLRequestStatus::CANCELED) {
       return GoogleServiceAuthError(GoogleServiceAuthError::REQUEST_CANCELED);
     } else {
       DLOG(WARNING) << "Could not reach Google Accounts servers: errno "
           << status.error();
       return GoogleServiceAuthError::FromConnectionError(status.error());
@@ skipping 206 matching lines @@
 void GaiaAuthFetcher::OnMergeSessionFetched(const std::string& data,
                                             const net::URLRequestStatus& status,
                                             int response_code) {
   if (status.is_success() && response_code == RC_REQUEST_OK) {
     consumer_->OnMergeSessionSuccess(data);
   } else {
     consumer_->OnMergeSessionFailure(GenerateAuthError(data, status));
   }
 }
 
+void GaiaAuthFetcher::OnUberAuthTokenFetch(const std::string& data,
+                                           const net::URLRequestStatus& status,
+                                           int response_code) {
+  if (status.is_success() && response_code == RC_REQUEST_OK) {
+    consumer_->OnUberAuthTokenSuccess(data);
+  } else {
+    consumer_->OnUberAuthTokenFailure(GenerateAuthError(data, status));
+  }
+}
+
 void GaiaAuthFetcher::OnURLFetchComplete(const content::URLFetcher* source) {
   fetch_pending_ = false;
   const GURL& url = source->GetURL();
   const net::URLRequestStatus& status = source->GetStatus();
   int response_code = source->GetResponseCode();
   std::string data;
   source->GetResponseAsString(&data);
   if (url == client_login_gurl_) {
     OnClientLoginFetched(data, status, response_code);
   } else if (url == issue_auth_token_gurl_) {
     OnIssueAuthTokenFetched(data, status, response_code);
   } else if (url == client_login_to_oauth2_gurl_) {
     OnClientLoginToOAuth2Fetched(
         data, source->GetCookies(), status, response_code);
   } else if (url == oauth2_token_gurl_) {
     OnOAuth2TokenPairFetched(data, status, response_code);
   } else if (url == get_user_info_gurl_) {
     OnGetUserInfoFetched(data, status, response_code);
   } else if (url == token_auth_gurl_) {
     OnTokenAuthFetched(data, status, response_code);
   } else if (url == merge_session_gurl_ ||
       (source && source->GetOriginalURL() == merge_session_gurl_)) {
     // MergeSession may redirect, so check the original URL of the fetcher.
     OnMergeSessionFetched(data, status, response_code);
+  } else if (url == uberauth_token_gurl_) {
+    OnUberAuthTokenFetch(data, status, response_code);
   } else {
     NOTREACHED();
   }
 }
 
 // static
 bool GaiaAuthFetcher::IsSecondFactorSuccess(
     const std::string& alleged_error) {
   return alleged_error.find(kSecondFactor) !=
       std::string::npos;
 }