Pass Device ID in the oauth2/token request. Keep Device ID in local state on Chrome OS.

chrome/browser/resources/gaia_auth_host/authenticator.js

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 <include src="saml_handler.js">
 
 /**
  * @fileoverview An UI component to authenciate to Chrome. The component hosts
  * IdP web pages in a webview. A client who is interested in monitoring
  * authentication events should pass a listener object of type
@@ skipping 11 matching lines @@
   var IDP_PATH = 'ServiceLogin?skipvpage=true&sarp=1&rm=hide';
   var CONTINUE_URL =
       'chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/success.html';
   var SIGN_IN_HEADER = 'google-accounts-signin';
   var EMBEDDED_FORM_HEADER = 'google-accounts-embedded';
   var LOCATION_HEADER = 'location';
   var SET_COOKIE_HEADER = 'set-cookie';
   var OAUTH_CODE_COOKIE = 'oauth_code';
   var SERVICE_ID = 'chromeoslogin';
   var EMBEDDED_SETUP_CHROMEOS_ENDPOINT = 'embedded/setup/chromeos';
-  var X_DEVICE_ID_HEADER = 'X-Device-ID';
-  var EPHEMERAL_DEVICE_ID_PREFIX = 't_';
 
   /**
    * The source URL parameter for the constrained signin flow.
    */
   var CONSTRAINED_FLOW_SOURCE = 'chrome';
 
   /**
    * Enum for the authorization mode, must match AuthMode defined in
    * chrome/browser/ui/webui/inline_login_ui.cc.
    * @enum {number}
@@ skipping 34 matching lines @@
     'clientId',      // Chrome client id.
     'useEafe',       // Whether to use EAFE.
     'needPassword',  // Whether the host is interested in getting a password.
                      // If this set to |false|, |confirmPasswordCallback| is
                      // not called before dispatching |authCopleted|.
                      // Default is |true|.
     'flow',          // One of 'default', 'enterprise', or 'theftprotection'.
     'enterpriseDomain',    // Domain in which hosting device is (or should be)
                            // enrolled.
     'emailDomain',         // Value used to prefill domain for email.
-    'deviceId',            // User device ID (sync Id).
-    'sessionIsEphemeral',  // User session would be ephemeral.
     'clientVersion',       // Version of the Chrome build.
     'platformVersion',     // Version of the OS build.
     'releaseChannel',      // Installation channel.
     'endpointGen',         // Current endpoint generation.
   ];
 
   /**
    * Initializes the authenticator component.
    * @param {webview|string} webview The webview element or its ID to host IdP
    *     web pages.
@@ skipping 12 matching lines @@
     this.authFlow = AuthFlow.DEFAULT;
     this.authDomain = '';
     this.loaded_ = false;
     this.idpOrigin_ = null;
     this.continueUrl_ = null;
     this.continueUrlWithoutParams_ = null;
     this.initialFrameUrl_ = null;
     this.reloadUrl_ = null;
     this.trusted_ = true;
     this.oauth_code_ = null;
-    this.deviceId_ = null;
-    this.sessionIsEphemeral_ = null;
-    this.onBeforeSetHeadersSet_ = false;
 
     this.useEafe_ = false;
     this.clientId_ = null;
 
     this.samlHandler_ = new cr.login.SamlHandler(this.webview_);
     this.confirmPasswordCallback = null;
     this.noPasswordCallback = null;
     this.insecureContentBlockedCallback = null;
     this.samlApiUsedCallback = null;
     this.missingGaiaInfoCallback = null;
@@ skipping 74 matching lines @@
     // Don't block insecure content for desktop flow because it lands on
     // http. Otherwise, block insecure content as long as gaia is https.
     this.samlHandler_.blockInsecureContent = authMode != AuthMode.DESKTOP &&
         this.idpOrigin_.indexOf('https://') == 0;
     this.needPassword = !('needPassword' in data) || data.needPassword;
 
     if (this.isNewGaiaFlowChromeOS) {
       this.webview_.contextMenus.onShow.addListener(function(e) {
         e.preventDefault();
       });
-      if (!this.onBeforeSetHeadersSet_) {
-        this.onBeforeSetHeadersSet_ = true;
-        var filterPrefix = this.idpOrigin_ + EMBEDDED_SETUP_CHROMEOS_ENDPOINT;
-        this.webview_.request.onBeforeSendHeaders.addListener(
-            this.onBeforeSendHeaders_.bind(this),
-            {urls: [filterPrefix + '?*', filterPrefix + '/*']},
-            ['requestHeaders', 'blocking']);
-      }
     }
 
     this.webview_.src = this.reloadUrl_;
   };
 
   /**
    * Reloads the authenticator component.
    */
   Authenticator.prototype.reload = function() {
     this.clearCredentials_();
@@ skipping 17 matching lines @@
       if (data.enterpriseDomain)
         url = appendParam(url, 'manageddomain', data.enterpriseDomain);
       if (data.clientVersion)
         url = appendParam(url, 'client_version', data.clientVersion);
       if (data.platformVersion)
         url = appendParam(url, 'platform_version', data.platformVersion);
       if (data.releaseChannel)
         url = appendParam(url, 'release_channel', data.releaseChannel);
       if (data.endpointGen)
         url = appendParam(url, 'endpoint_gen', data.endpointGen);
-      this.deviceId_ = data.deviceId;
-      this.sessionIsEphemeral_ = data.sessionIsEphemeral;
     } else {
       url = appendParam(url, 'continue', this.continueUrl_);
       url = appendParam(url, 'service', data.service || SERVICE_ID);
     }
     if (data.hl)
       url = appendParam(url, 'hl', data.hl);
     if (data.gaiaId)
       url = appendParam(url, 'user_id', data.gaiaId);
     if (data.email)
       url = appendParam(url, 'Email', data.email);
@@ skipping 114 matching lines @@
         var headerValue = header.value;
         if (headerValue.indexOf(OAUTH_CODE_COOKIE + '=', 0) == 0) {
           this.oauth_code_ =
               headerValue.substring(OAUTH_CODE_COOKIE.length + 1).split(';')[0];
         }
       }
     }
   };
 
   /**
-   * Handler for webView.request.onBeforeSendHeaders .
-   * @return {!Object} Modified request headers.
-   * @private
-   */
-  Authenticator.prototype.onBeforeSendHeaders_ = function(details) {
-    // deviceId_ is empty when we do not need to send it. For example,
-    // in case of device enrollment.
-    if (this.isNewGaiaFlowChromeOS && this.deviceId_) {
-      var headers = details.requestHeaders;
-      var found = false;
-      var deviceId = this.getGAIADeviceId_();
-
-      for (var i = 0, l = headers.length; i < l; ++i) {
-        if (headers[i].name == X_DEVICE_ID_HEADER) {
-          headers[i].value = deviceId;
-          found = true;
-          break;
-        }
-      }
-      if (!found) {
-        details.requestHeaders.push(
-            {name: X_DEVICE_ID_HEADER, value: deviceId});
-      }
-    }
-    return {
-      requestHeaders: details.requestHeaders
-    };
-  };
-
-  /**
    * Returns true if given HTML5 message is received from the webview element.
    * @param {object} e Payload of the received HTML5 message.
    */
   Authenticator.prototype.isGaiaMessage = function(e) {
     if (!this.isWebviewEvent_(e))
       return false;
 
     // The event origin does not have a trailing slash.
     if (e.origin != this.idpOrigin_.substring(0, this.idpOrigin_.length - 1)) {
       return false;
@@ skipping 135 matching lines @@
                         {
                           detail: {
                             email: this.email_ || '',
                             gaiaId: this.gaiaId_ || '',
                             password: this.password_ || '',
                             authCode: this.oauth_code_,
                             usingSAML: this.authFlow == AuthFlow.SAML,
                             chooseWhatToSync: this.chooseWhatToSync_,
                             skipForNow: this.skipForNow_,
                             sessionIndex: this.sessionIndex_ || '',
-                            trusted: this.trusted_,
-                            deviceId: this.deviceId_ || ''
+                            trusted: this.trusted_
                           }
                         }));
     this.clearCredentials_();
   };
 
   /**
    * Invoked when |samlHandler_| fires 'insecureContentBlocked' event.
    * @private
    */
   Authenticator.prototype.onInsecureContentBlocked_ = function(e) {
@@ skipping 43 matching lines @@
       // mode, and then set it to 100% zoom.
       this.webview_.setZoomMode('per-view');
       this.webview_.setZoom(1);
     }
 
     // Posts a message to IdP pages to initiate communication.
     var currentUrl = this.webview_.src;
     if (currentUrl.lastIndexOf(this.idpOrigin_) == 0) {
       var msg = {
         'method': 'handshake',
-        'deviceId': this.getGAIADeviceId_(),
       };
 
       this.webview_.contentWindow.postMessage(msg, currentUrl);
     }
   };
 
   /**
    * Invoked when the webview fails loading a page.
    * @private
    */
@@ skipping 48 matching lines @@
    */
   Authenticator.prototype.isWebviewEvent_ = function(e) {
     // Note: <webview> prints error message to console if |contentWindow| is not
     // defined.
     // TODO(dzhioev): remove the message. http://crbug.com/469522
     var webviewWindow = this.webview_.contentWindow;
     return !!webviewWindow && webviewWindow === e.source;
   };
 
   /**
-   * Format deviceId for GAIA .
-   * @return {string} deviceId.
-   * @private
-   */
-  Authenticator.prototype.getGAIADeviceId_ = function() {
-    // deviceId_ is empty when we do not need to send it. For example,
-    // in case of device enrollment.
-    if (!(this.isNewGaiaFlowChromeOS && this.deviceId_))
-      return;
-
-    if (this.sessionIsEphemeral_)
-      return EPHEMERAL_DEVICE_ID_PREFIX + this.deviceId_;
-    else
-      return this.deviceId_;
-  };
-
-  /**
-   * Informs Gaia of new deviceId to be used.
-   */
-  Authenticator.prototype.updateDeviceId = function(deviceId) {
-    this.deviceId_ = deviceId;
-    var msg = {
-      'method': 'updateDeviceId',
-      'deviceId': this.getGAIADeviceId_(),
-    };
-
-    var currentUrl = this.webview_.src;
-    this.webview_.contentWindow.postMessage(msg, currentUrl);
-  };
-
-  /**
    * The current auth flow of the hosted auth page.
    * @type {AuthFlow}
    */
   cr.defineProperty(Authenticator, 'authFlow');
 
   /**
    * The domain name of the current auth page.
    * @type {string}
    */
   cr.defineProperty(Authenticator, 'authDomain');
 
   Authenticator.AuthFlow = AuthFlow;
   Authenticator.AuthMode = AuthMode;
   Authenticator.SUPPORTED_PARAMS = SUPPORTED_PARAMS;
 
   return {
     // TODO(guohui, xiyuan): Rename GaiaAuthHost to Authenticator once the old
     // iframe-based flow is deprecated.
     GaiaAuthHost: Authenticator,
     Authenticator: Authenticator
   };
 });