Retrieve the authenticated user's e-mail from GAIA during SAML login

chrome/browser/resources/gaia_auth/main.js

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 /**
  * Authenticator class wraps the communications between Gaia and its host.
  */
 function Authenticator() {
 }
 
@@ skipping 196 matching lines @@
     });
   },
 
   /**
    * Invoked when the background page sends 'onHostedPageLoaded' message.
    * @param {!Object} msg Details sent with the message.
    */
   onAuthPageLoaded_: function(msg) {
     var isSAMLPage = msg.url.indexOf(this.gaiaUrl_) != 0;
 
-    // Set isSAMLFlow_ flag when a SAML page is loaded. The flag is sticky.
-    if (isSAMLPage)
+    if (isSAMLPage && !this.isSAMLFlow_) {
+      // GAIA redirected to a SAML login page. The credentials provided to this
+      // page will determine what user gets logged in. The credentials obtained
+      // from the GAIA login from are no longer relevant and can be discarded.
       this.isSAMLFlow_ = true;
+      this.email_ = null;
+      this.password_ = null;
+    }
 
     window.parent.postMessage({
       'method': 'authPageLoaded',
       'isSAML': this.isSAMLFlow_,
       'domain': extractDomain(msg.url)
     }, this.parentPage_);
   },
 
   onLoginUILoaded: function() {
     var msg = {
@@ skipping 11 matching lines @@
     }
     this.loaded_ = true;
   },
 
   onConfirmLogin_: function() {
     if (!this.isSAMLFlow_) {
       this.completeLogin(this.email_, this.password_);
       return;
     }
 
+    // Retrieve the e-mail address of the user who just authenticated from GAIA.
+    window.parent.postMessage({method: 'retrieveAuthenticatedUserEmail',
+                               attemptToken: this.attemptToken_},
+                              this.parentPage_);
+
     this.samlSupportChannel_.sendWithCallback(
         {name: 'getScrapedPasswords'},
         function(passwords) {
           if (passwords.length == 0) {
             window.parent.postMessage(
                 {method: 'noPassword', email: this.email_},
                 this.parentPage_);
           } else {
             window.parent.postMessage(
                 {method: 'confirmPassword', email: this.email_},
                 this.parentPage_);
           }
         }.bind(this));
   },
 
+  maybeCompleteSAMLLogin_: function() {
+    // SAML login is complete when the user's e-mail address has been retrieved
+    // from GAIA and the user has successfully confirmed the password.
+    if (this.email_ !== null && this.password_ !== null)
+      this.completeLogin(this.email_, this.password_);
+  },
+
   onVerifyConfirmedPassword_: function(password) {
     this.samlSupportChannel_.sendWithCallback(
         {name: 'getScrapedPasswords'},
         function(passwords) {
           for (var i = 0; i < passwords.length; ++i) {
             if (passwords[i] == password) {
-              this.completeLogin(this.email_, passwords[i]);
+              this.password_ = passwords[i];
+              this.maybeCompleteSAMLLogin_();
               return;
             }
           }
           window.parent.postMessage(
               {method: 'confirmPassword', email: this.email_},
               this.parentPage_);
         }.bind(this));
   },
 
   onMessage: function(e) {
     var msg = e.data;
     if (msg.method == 'attemptLogin' && this.isGaiaMessage_(e)) {
       this.email_ = msg.email;
       this.password_ = msg.password;
       this.attemptToken_ = msg.attemptToken;
       this.isSAMLFlow_ = false;
       if (this.samlSupportChannel_)
         this.samlSupportChannel_.send({name: 'startAuth'});
     } else if (msg.method == 'clearOldAttempts' && this.isGaiaMessage_(e)) {
       this.email_ = null;
       this.password_ = null;
       this.attemptToken_ = null;
       this.isSAMLFlow_ = false;
       this.onLoginUILoaded();
       if (this.samlSupportChannel_)
         this.samlSupportChannel_.send({name: 'resetAuth'});
+    } else if (msg.method == 'setAuthenticatedUserEmail' &&
+               this.isParentMessage_(e)) {
+      if (this.attemptToken_ == msg.attemptToken) {
+        this.email_ = msg.email;
+        this.maybeCompleteSAMLLogin_();
+      }
     } else if (msg.method == 'confirmLogin' && this.isInternalMessage_(e)) {
       if (this.attemptToken_ == msg.attemptToken)
         this.onConfirmLogin_();
       else
         console.error('Authenticator.onMessage: unexpected attemptToken!?');
     } else if (msg.method == 'verifyConfirmedPassword' &&
                this.isParentMessage_(e)) {
       this.onVerifyConfirmedPassword_(msg.password);
     } else if (msg.method == 'navigate' &&
                this.isParentMessage_(e)) {
       $('gaia-frame').src = msg.src;
     } else if (msg.method == 'redirectToSignin' &&
                this.isParentMessage_(e)) {
       $('gaia-frame').src = this.constructInitialFrameUrl_();
     } else {
        console.error('Authenticator.onMessage: unknown message + origin!?');
     }
   }
 };
 
 Authenticator.getInstance().initialize();