Implement new password separated sign in flow for chrome desktop.

chrome/browser/resources/gaia_auth_host/authenticator.js

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 <include src="saml_handler.js">
 
 /**
  * @fileoverview An UI component to authenciate to Chrome. The component hosts
  * IdP web pages in a webview. A client who is interested in monitoring
  * authentication events should pass a listener object of type
@@ skipping 184 matching lines @@
   Authenticator.prototype.load = function(authMode, data) {
     this.authMode = authMode;
     this.clearCredentials_();
     // gaiaUrl parameter is used for testing. Once defined, it is never changed.
     this.idpOrigin_ = data.gaiaUrl || IDP_ORIGIN;
     this.continueUrl_ = data.continueUrl || CONTINUE_URL;
     this.continueUrlWithoutParams_ =
         this.continueUrl_.substring(0, this.continueUrl_.indexOf('?')) ||
         this.continueUrl_;
     this.isConstrainedWindow_ = data.constrained == '1';
-    this.isNewGaiaFlowChromeOS = data.isNewGaiaFlowChromeOS;
+    this.isNewGaiaFlow = data.isNewGaiaFlow;
     this.useEafe_ = data.useEafe || false;
     this.clientId_ = data.clientId;
     this.gapsCookie_ = data.gapsCookie;
     this.gapsCookieSent_ = false;
     this.newGapsCookie_ = null;
     this.dontResizeNonEmbeddedPages = data.dontResizeNonEmbeddedPages;
 
     this.initialFrameUrl_ = this.constructInitialFrameUrl_(data);
     this.reloadUrl_ = data.frameUrl || this.initialFrameUrl_;
     // Don't block insecure content for desktop flow because it lands on
     // http. Otherwise, block insecure content as long as gaia is https.
     this.samlHandler_.blockInsecureContent = authMode != AuthMode.DESKTOP &&
         this.idpOrigin_.indexOf('https://') == 0;
     this.needPassword = !('needPassword' in data) || data.needPassword;
 
-    if (this.isNewGaiaFlowChromeOS) {
+    if (this.isNewGaiaFlow) {
       this.webview_.contextMenus.onShow.addListener(function(e) {
         e.preventDefault();
       });
 
       if (!this.onBeforeSetHeadersSet_) {
         this.onBeforeSetHeadersSet_ = true;
         var filterPrefix = this.idpOrigin_ + EMBEDDED_SETUP_CHROMEOS_ENDPOINT;
         // This depends on gaiaUrl parameter, that is why it is here.
         this.webview_.request.onBeforeSendHeaders.addListener(
             this.onBeforeSendHeaders_.bind(this),
             {urls: [filterPrefix + '?*', filterPrefix + '/*']},
             ['requestHeaders', 'blocking']);
       }
     }
 
     this.webview_.src = this.reloadUrl_;
   };
 
   /**
    * Reloads the authenticator component.
    */
   Authenticator.prototype.reload = function() {
     this.clearCredentials_();
     this.webview_.src = this.reloadUrl_;
   };
 
   Authenticator.prototype.constructInitialFrameUrl_ = function(data) {
     var path = data.gaiaPath;
-    if (!path && this.isNewGaiaFlowChromeOS)
+    if (!path && this.isNewGaiaFlow)
       path = EMBEDDED_SETUP_CHROMEOS_ENDPOINT;
     if (!path)
       path = IDP_PATH;
     var url = this.idpOrigin_ + path;
 
-    if (this.isNewGaiaFlowChromeOS) {
+    if (this.isNewGaiaFlow) {
       if (data.chromeType)
         url = appendParam(url, 'chrometype', data.chromeType);
       if (data.clientId)
         url = appendParam(url, 'client_id', data.clientId);
       if (data.enterpriseDomain)
         url = appendParam(url, 'manageddomain', data.enterpriseDomain);
       if (data.clientVersion)
         url = appendParam(url, 'client_version', data.clientVersion);
       if (data.platformVersion)
         url = appendParam(url, 'platform_version', data.platformVersion);
       if (data.releaseChannel)
         url = appendParam(url, 'release_channel', data.releaseChannel);
       if (data.endpointGen)
         url = appendParam(url, 'endpoint_gen', data.endpointGen);
     } else {
       url = appendParam(url, 'continue', this.continueUrl_);
       url = appendParam(url, 'service', data.service || SERVICE_ID);
     }
     if (data.hl)
       url = appendParam(url, 'hl', data.hl);
     if (data.gaiaId)
       url = appendParam(url, 'user_id', data.gaiaId);
-    if (data.email)
-      url = appendParam(url, 'Email', data.email);
+    if (data.email) {
+      // The email fields allow for the following possibilities:
+      //
+      // 1/ If neither Email nor email_hint is supplied, then the email text
+      // field is blank and the user must type an email to proceed.
+      //
+      // 2/ If Email is supplied, then the email is hardcoded and the user
+      // cannot change it.  The user is asked for password.  This is useful for
+      // re-auth scenarios, where chrome needs the user to authenticate for a
+      // specific account and only that  account.
+      //
+      // 3/ If email_hint is supplied, gaia will prefill the email text field
+      // using the given email address, but the user can still change it and
+      // then proceed.  This is used on desktop when the user disconnects their
+      // profile then reconnects, to encourage them to use the same account.
+      if (data.readOnlyEmail) {
+        url = appendParam(url, 'Email', data.email);
+      } else {
+        url = appendParam(url, 'email_hint', data.email);
+      }
+    }
     if (this.isConstrainedWindow_)
       url = appendParam(url, 'source', CONSTRAINED_FLOW_SOURCE);
     if (data.flow)
       url = appendParam(url, 'flow', data.flow);
     if (data.emailDomain)
       url = appendParam(url, 'emaildomain', data.emailDomain);
     return url;
   };
 
   /**
@@ skipping 99 matching lines @@
         // Removes "" around.
         this.email_ = signinDetails['email'].slice(1, -1);
         this.gaiaId_ = signinDetails['obfuscatedid'].slice(1, -1);
         this.sessionIndex_ = signinDetails['sessionindex'];
       } else if (headerName == LOCATION_HEADER) {
         // If the "choose what to sync" checkbox was clicked, then the continue
         // URL will contain a source=3 field.
         var location = decodeURIComponent(header.value);
         this.chooseWhatToSync_ = !!location.match(/(\?|&)source=3($|&)/);
       } else if (
-          this.isNewGaiaFlowChromeOS && headerName == SET_COOKIE_HEADER) {
+          this.isNewGaiaFlow && headerName == SET_COOKIE_HEADER) {
         var headerValue = header.value;
         if (headerValue.indexOf(OAUTH_CODE_COOKIE + '=', 0) == 0) {
           this.oauthCode_ =
               headerValue.substring(OAUTH_CODE_COOKIE.length + 1).split(';')[0];
         }
         if (headerValue.indexOf(GAPS_COOKIE + '=', 0) == 0) {
           this.newGapsCookie_ =
               headerValue.substring(GAPS_COOKIE.length + 1).split(';')[0];
         }
       }
@@ skipping 26 matching lines @@
   };
 
   /**
    * Handler for webView.request.onBeforeSendHeaders .
    * @return {!Object} Modified request headers.
    * @private
    */
   Authenticator.prototype.onBeforeSendHeaders_ = function(details) {
     // We should re-send cookie if first request was unsuccessful (i.e. no new
     // GAPS cookie was received).
-    if (this.isNewGaiaFlowChromeOS && this.gapsCookie_ &&
+    if (this.isNewGaiaFlow && this.gapsCookie_ &&
         (!this.gapsCookieSent_ || !this.newGapsCookie_)) {
       var headers = details.requestHeaders;
       var found = false;
       var gapsCookie = this.gapsCookie_;
 
       for (var i = 0, l = headers.length; i < l; ++i) {
         if (headers[i].name == COOKIE_HEADER) {
           headers[i].value = this.updateCookieValue_(headers[i].value,
                                                      GAPS_COOKIE, gapsCookie);
           found = true;
@@ skipping 277 matching lines @@
         this.webview_.contentWindow.postMessage(msg, this.idpOrigin_);
       }).bind(this), EAFE_INITIAL_MESSAGE_DELAY_IN_MS);
     }
   };
 
   /**
    * Invoked when the webview navigates withing the current document.
    * @private
    */
   Authenticator.prototype.onLoadCommit_ = function(e) {
-    if (this.oauthCode_) {
-      this.skipForNow_ = true;
+    if (this.oauthCode_)
       this.maybeCompleteAuth_();
-    }
   };
 
   /**
    * Returns |true| if event |e| was sent from the hosted webview.
    * @private
    */
   Authenticator.prototype.isWebviewEvent_ = function(e) {
     // Note: <webview> prints error message to console if |contentWindow| is not
     // defined.
     // TODO(dzhioev): remove the message. http://crbug.com/469522
@@ skipping 17 matching lines @@
   Authenticator.AuthMode = AuthMode;
   Authenticator.SUPPORTED_PARAMS = SUPPORTED_PARAMS;
 
   return {
     // TODO(guohui, xiyuan): Rename GaiaAuthHost to Authenticator once the old
     // iframe-based flow is deprecated.
     GaiaAuthHost: Authenticator,
     Authenticator: Authenticator
   };
 });