bootstrap: Make Eafe work in webview.

chrome/browser/resources/gaia_auth_host/authenticator.js

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 <include src="saml_handler.js">
 
 /**
  * @fileoverview An UI component to authenciate to Chrome. The component hosts
  * IdP web pages in a webview. A client who is interested in monitoring
  * authentication events should pass a listener object of type
@@ skipping 58 matching lines @@
     'gaiaPath',      // Gaia path to use without a leading slash.
     'hl',            // Language code for the user interface.
     'email',         // Pre-fill the email field in Gaia UI.
     'service',       // Name of Gaia service.
     'continueUrl',   // Continue url to use.
     'frameUrl',      // Initial frame URL to use. If empty defaults to
                      // gaiaUrl.
     'constrained',   // Whether the extension is loaded in a constrained
                      // window.
     'clientId',      // Chrome client id.
+    'useEafe',       // Whether to use EAFE.
     'needPassword',  // Whether the host is interested in getting a password.
                      // If this set to |false|, |confirmPasswordCallback| is
                      // not called before dispatching |authCopleted|.
                      // Default is |true|.
     'flow',          // One of 'default', 'enterprise', or 'theftprotection'.
     'enterpriseDomain',    // Domain in which hosting device is (or should be)
                            // enrolled.
     'emailDomain',         // Value used to prefill domain for email.
     'deviceId',            // User device ID (sync Id).
     'sessionIsEphemeral',  // User session would be ephemeral.
@@ skipping 22 matching lines @@
     this.continueUrl_ = null;
     this.continueUrlWithoutParams_ = null;
     this.initialFrameUrl_ = null;
     this.reloadUrl_ = null;
     this.trusted_ = true;
     this.oauth_code_ = null;
     this.deviceId_ = null;
     this.sessionIsEphemeral_ = null;
     this.onBeforeSetHeadersSet_ = false;
 
+    this.useEafe_ = false;
+    this.clientId_ = null;
+
     this.samlHandler_ = new cr.login.SamlHandler(this.webview_);
     this.confirmPasswordCallback = null;
     this.noPasswordCallback = null;
     this.insecureContentBlockedCallback = null;
     this.samlApiUsedCallback = null;
     this.missingGaiaInfoCallback = null;
     this.needPassword = true;
     this.samlHandler_.addEventListener(
         'insecureContentBlocked',
         this.onInsecureContentBlocked_.bind(this));
@@ skipping 55 matching lines @@
    */
   Authenticator.prototype.load = function(authMode, data) {
     this.clearCredentials_();
     this.idpOrigin_ = data.gaiaUrl || IDP_ORIGIN;
     this.continueUrl_ = data.continueUrl || CONTINUE_URL;
     this.continueUrlWithoutParams_ =
         this.continueUrl_.substring(0, this.continueUrl_.indexOf('?')) ||
         this.continueUrl_;
     this.isConstrainedWindow_ = data.constrained == '1';
     this.isNewGaiaFlowChromeOS = data.isNewGaiaFlowChromeOS;
+    this.useEafe_ = data.useEafe || false;
+    this.clientId_ = data.clientId;
 
     this.initialFrameUrl_ = this.constructInitialFrameUrl_(data);
     this.reloadUrl_ = data.frameUrl || this.initialFrameUrl_;
     // Don't block insecure content for desktop flow because it lands on
     // http. Otherwise, block insecure content as long as gaia is https.
     this.samlHandler_.blockInsecureContent = authMode != AuthMode.DESKTOP &&
         this.idpOrigin_.indexOf('https://') == 0;
     this.needPassword = !('needPassword' in data) || data.needPassword;
 
     if (this.isNewGaiaFlowChromeOS) {
@@ skipping 219 matching lines @@
    */
   Authenticator.prototype.onMessageFromWebview_ = function(e) {
     if (!this.isWebviewEvent_(e))
       return;
 
     // The event origin does not have a trailing slash.
     if (e.origin != this.idpOrigin_.substring(0, this.idpOrigin_.length - 1)) {
       return;
     }
 
+    // EAFE passes back auth code via message.
+    if (this.useEafe_ &&
+        typeof e.data == 'object' &&
+        e.data.hasOwnProperty('authorizationCode')) {
+      assert(!this.oauth_code_);
+      this.oauth_code_ = e.data.authorizationCode;
+      this.dispatchEvent(
+          new CustomEvent('authCompleted',
+                          {
+                            detail: {
+                              authCodeOnly: true,
+                              authCode: this.oauth_code_
+                            }
+                          }));
+      return;
+    }
+
     // Gaia messages must be an object with 'method' property.
     if (typeof e.data != 'object' || !e.data.hasOwnProperty('method')) {
       return;
     }
 
     var msg = e.data;
     if (msg.method == 'attemptLogin') {
       this.email_ = msg.email;
       this.password_ = msg.password;
       this.chooseWhatToSync_ = msg.chooseWhatToSync;
@@ skipping 178 matching lines @@
    * Invoked when the webview finishes loading a page.
    * @private
    */
   Authenticator.prototype.onLoadStop_ = function(e) {
     if (!this.loaded_) {
       this.loaded_ = true;
       this.dispatchEvent(new Event('ready'));
       // Focus webview after dispatching event when webview is already visible.
       this.webview_.focus();
     }
+
+    // Sends client id to EAFE on every loadstop after a small timeout. This is
+    // needed because EAFE sits behind SSO and initialize asynchrounouly
+    // and we don't know for sure when it is loaded and ready to listen
+    // for message. The postMessage is guarded by EAFE's origin.
+    if (this.useEafe_) {
+      // An arbitrary small timeout for delivering the initial message.
+      var EAFE_INITIAL_MESSAGE_DELAY_IN_MS = 500;
+      window.setTimeout((function() {
+        var msg = {
+          'clientId': this.clientId_
+        };
+        this.webview_.contentWindow.postMessage(msg, this.idpOrigin_);
+      }).bind(this), EAFE_INITIAL_MESSAGE_DELAY_IN_MS);
+    }
   };
 
   /**
    * Invoked when the webview navigates withing the current document.
    * @private
    */
   Authenticator.prototype.onLoadCommit_ = function(e) {
     if (this.oauth_code_) {
       this.skipForNow_ = true;
       this.maybeCompleteAuth_();
@@ skipping 28 matching lines @@
   Authenticator.AuthMode = AuthMode;
   Authenticator.SUPPORTED_PARAMS = SUPPORTED_PARAMS;
 
   return {
     // TODO(guohui, xiyuan): Rename GaiaAuthHost to Authenticator once the old
     // iframe-based flow is deprecated.
     GaiaAuthHost: Authenticator,
     Authenticator: Authenticator
   };
 });