Implement new password separated sign in flow for chrome desktop.

chrome/browser/resources/gaia_auth_host/authenticator.js

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 <include src="saml_handler.js">
 
 /**
  * @fileoverview An UI component to authenciate to Chrome. The component hosts
  * IdP web pages in a webview. A client who is interested in monitoring
  * authentication events should pass a listener object of type
@@ skipping 184 matching lines @@
   Authenticator.prototype.load = function(authMode, data) {
     this.authMode = authMode;
     this.clearCredentials_();
     // gaiaUrl parameter is used for testing. Once defined, it is never changed.
     this.idpOrigin_ = data.gaiaUrl || IDP_ORIGIN;
     this.continueUrl_ = data.continueUrl || CONTINUE_URL;
     this.continueUrlWithoutParams_ =
         this.continueUrl_.substring(0, this.continueUrl_.indexOf('?')) ||
         this.continueUrl_;
     this.isConstrainedWindow_ = data.constrained == '1';
-    this.isNewGaiaFlowChromeOS = data.isNewGaiaFlowChromeOS;
+    this.isNewGaiaFlow = data.isNewGaiaFlow;
     this.useEafe_ = data.useEafe || false;
     this.clientId_ = data.clientId;
     this.gapsCookie_ = data.gapsCookie;
     this.gapsCookieSent_ = false;
     this.newGapsCookie_ = null;
 
     this.initialFrameUrl_ = this.constructInitialFrameUrl_(data);
     this.reloadUrl_ = data.frameUrl || this.initialFrameUrl_;
     // Don't block insecure content for desktop flow because it lands on
     // http. Otherwise, block insecure content as long as gaia is https.
     this.samlHandler_.blockInsecureContent = authMode != AuthMode.DESKTOP &&
         this.idpOrigin_.indexOf('https://') == 0;
     this.needPassword = !('needPassword' in data) || data.needPassword;
 
-    if (this.isNewGaiaFlowChromeOS) {
+    if (this.isNewGaiaFlow) {
       this.webview_.contextMenus.onShow.addListener(function(e) {
         e.preventDefault();
       });
 
       if (!this.onBeforeSetHeadersSet_) {
         this.onBeforeSetHeadersSet_ = true;
         var filterPrefix = this.idpOrigin_ + EMBEDDED_SETUP_CHROMEOS_ENDPOINT;
         // This depends on gaiaUrl parameter, that is why it is here.
         this.webview_.request.onBeforeSendHeaders.addListener(
             this.onBeforeSendHeaders_.bind(this),
             {urls: [filterPrefix + '?*', filterPrefix + '/*']},
             ['requestHeaders', 'blocking']);
       }
     }
 
     this.webview_.src = this.reloadUrl_;
   };
 
   /**
    * Reloads the authenticator component.
    */
   Authenticator.prototype.reload = function() {
     this.clearCredentials_();
     this.webview_.src = this.reloadUrl_;
   };
 
   Authenticator.prototype.constructInitialFrameUrl_ = function(data) {
     var path = data.gaiaPath;
-    if (!path && this.isNewGaiaFlowChromeOS)
+    if (!path && this.isNewGaiaFlow)
       path = EMBEDDED_SETUP_CHROMEOS_ENDPOINT;
     if (!path)
       path = IDP_PATH;
     var url = this.idpOrigin_ + path;
 
-    if (this.isNewGaiaFlowChromeOS) {
+    if (this.isNewGaiaFlow) {
       if (data.chromeType)
         url = appendParam(url, 'chrometype', data.chromeType);
       if (data.clientId)
         url = appendParam(url, 'client_id', data.clientId);
       if (data.enterpriseDomain)
         url = appendParam(url, 'manageddomain', data.enterpriseDomain);
       if (data.clientVersion)
         url = appendParam(url, 'client_version', data.clientVersion);
       if (data.platformVersion)
         url = appendParam(url, 'platform_version', data.platformVersion);
       if (data.releaseChannel)
         url = appendParam(url, 'release_channel', data.releaseChannel);
       if (data.endpointGen)
         url = appendParam(url, 'endpoint_gen', data.endpointGen);
     } else {
       url = appendParam(url, 'continue', this.continueUrl_);
       url = appendParam(url, 'service', data.service || SERVICE_ID);
     }
     if (data.hl)
       url = appendParam(url, 'hl', data.hl);
     if (data.gaiaId)
       url = appendParam(url, 'user_id', data.gaiaId);
-    if (data.email)
-      url = appendParam(url, 'Email', data.email);
+    if (data.email) {
+      if (data.readOnlyEmail) {
+        url = appendParam(url, 'Email', data.email);
+      } else {
+        url = appendParam(url, 'email_hint', data.email);

[achuithb, 2015/09/16 22:53:27]

What's this?

[Roger Tawa OOO till Jul 10th, 2015/09/24 05:54:18]

The email fields allow for the following possibilities:

1/ If neither Email nor email_hint is supplied, then the email text field is
blank and the user must type an email to proceed.

2/ If Email is supplied, then the email is hardcoded and the user cannot change
it.  The user is asked for password.  This is useful for re-auth scenarios,
where chrome needs the user to authenticate for a specific account and only that
account.

3/ If email_hint is supplied, gaia will prefill the email text field using the
given email address, but the user can still change it and then proceed.  This is
used on desktop when the user disconnects their profile then reconnects, to
encourage them to use the same account.

+      }
+    }
     if (this.isConstrainedWindow_)
       url = appendParam(url, 'source', CONSTRAINED_FLOW_SOURCE);
     if (data.flow)
       url = appendParam(url, 'flow', data.flow);
     if (data.emailDomain)
       url = appendParam(url, 'emaildomain', data.emailDomain);
     return url;
   };
 
   /**
@@ skipping 94 matching lines @@
         // Removes "" around.
         this.email_ = signinDetails['email'].slice(1, -1);
         this.gaiaId_ = signinDetails['obfuscatedid'].slice(1, -1);
         this.sessionIndex_ = signinDetails['sessionindex'];
       } else if (headerName == LOCATION_HEADER) {
         // If the "choose what to sync" checkbox was clicked, then the continue
         // URL will contain a source=3 field.
         var location = decodeURIComponent(header.value);
         this.chooseWhatToSync_ = !!location.match(/(\?|&)source=3($|&)/);
       } else if (
-          this.isNewGaiaFlowChromeOS && headerName == SET_COOKIE_HEADER) {
+          this.isNewGaiaFlow && headerName == SET_COOKIE_HEADER) {
         var headerValue = header.value;
         if (headerValue.indexOf(OAUTH_CODE_COOKIE + '=', 0) == 0) {
           this.oauthCode_ =
               headerValue.substring(OAUTH_CODE_COOKIE.length + 1).split(';')[0];
         }
         if (headerValue.indexOf(GAPS_COOKIE + '=', 0) == 0) {
           this.newGapsCookie_ =
               headerValue.substring(GAPS_COOKIE.length + 1).split(';')[0];
         }
       }
@@ skipping 26 matching lines @@
   };
 
   /**
    * Handler for webView.request.onBeforeSendHeaders .
    * @return {!Object} Modified request headers.
    * @private
    */
   Authenticator.prototype.onBeforeSendHeaders_ = function(details) {
     // We should re-send cookie if first request was unsuccessful (i.e. no new
     // GAPS cookie was received).
-    if (this.isNewGaiaFlowChromeOS && this.gapsCookie_ &&
+    if (this.isNewGaiaFlow && this.gapsCookie_ &&
         (!this.gapsCookieSent_ || !this.newGapsCookie_)) {
       var headers = details.requestHeaders;
       var found = false;
       var gapsCookie = this.gapsCookie_;
 
       for (var i = 0, l = headers.length; i < l; ++i) {
         if (headers[i].name == COOKIE_HEADER) {
           headers[i].value = this.updateCookieValue_(headers[i].value,
                                                      GAPS_COOKIE, gapsCookie);
           found = true;
@@ skipping 274 matching lines @@
         this.webview_.contentWindow.postMessage(msg, this.idpOrigin_);
       }).bind(this), EAFE_INITIAL_MESSAGE_DELAY_IN_MS);
     }
   };
 
   /**
    * Invoked when the webview navigates withing the current document.
    * @private
    */
   Authenticator.prototype.onLoadCommit_ = function(e) {
-    if (this.oauthCode_) {
-      this.skipForNow_ = true;
+    if (this.oauthCode_)
       this.maybeCompleteAuth_();
-    }
   };
 
   /**
    * Returns |true| if event |e| was sent from the hosted webview.
    * @private
    */
   Authenticator.prototype.isWebviewEvent_ = function(e) {
     // Note: <webview> prints error message to console if |contentWindow| is not
     // defined.
     // TODO(dzhioev): remove the message. http://crbug.com/469522
@@ skipping 17 matching lines @@
   Authenticator.AuthMode = AuthMode;
   Authenticator.SUPPORTED_PARAMS = SUPPORTED_PARAMS;
 
   return {
     // TODO(guohui, xiyuan): Rename GaiaAuthHost to Authenticator once the old
     // iframe-based flow is deprecated.
     GaiaAuthHost: Authenticator,
     Authenticator: Authenticator
   };
 });