Retrieve the authenticated user's e-mail from GAIA during SAML login

chrome/browser/resources/gaia_auth_host/gaia_auth_host.js

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 /**
  * @fileoverview An UI component to host gaia auth extension in an iframe.
  * After the component binds with an iframe, call its {@code load} to start the
  * authentication flow. There are two events would be raised after this point:
  * a 'ready' event when the authentication UI is ready to use and a 'completed'
  * event when the authentication is completed successfully. If caller is
@@ skipping 132 matching lines @@
      *   authMode: 'x',     // Authorization mode, default/inline/offline.
      * }
      * }
      * </pre>
      * @type {function(Object)}
      * @private
      */
     successCallback_: null,
 
     /**
+     * Invoked when GAIA indicates login success and SAML was used. At this
+     * point, GAIA cookies are present but the identity of the authenticated
+     * user is not known. The embedder of GaiaAuthHost should extract the GAIA
+     * cookies from the cookie jar, query GAIA for the authenticated user's
+     * e-mail address and invoke GaiaAuthHost.setAuthenticatedUserEmail with the
+     * result. The argument is an opaque token that should be passed back to
+     * GaiaAuthHost.setAuthenticatedUserEmail.
+     * @type {function(number)}
+     */
+    retrieveAuthenticatedUserEmailCallback_: null,
+
+    /**
      * Invoked when the auth flow needs a user to confirm his/her passwords.
      * This could happen when there are more than one passwords scraped during
      * SAML flow. The embedder of GaiaAuthHost should show an UI to collect a
      * password from user then call GaiaAuthHost.verifyConfirmedPassword to
      * verify. If the password is good, the auth flow continues with success
      * path. Otherwise, confirmPasswordCallback_ is invoked again.
      * @type {function()}
      */
     confirmPasswordCallback_: null,
 
     /**
      * Similar to confirmPasswordCallback_ but is used when there is no
      * password scraped after a success authentication. The authenticated user
      * account is passed to the callback. The embedder should take over the
      * flow and decide what to do next.
      * @type {function(string)}
      */
     noPasswordCallback_: null,
 
     /**
      * The iframe container.
      * @type {HTMLIFrameElement}
      */
     get frame() {
       return this.frame_;
     },
 
     /**
+     * Sets retrieveAuthenticatedUserEmailCallback_.
+     * @type {function()}
+     */
+    set retrieveAuthenticatedUserEmailCallback(callback) {
+      this.retrieveAuthenticatedUserEmailCallback_ = callback;
+    },
+
+    /**
      * Sets confirmPasswordCallback_.
      * @type {function()}
      */
     set confirmPasswordCallback(callback) {
       this.confirmPasswordCallback_ = callback;
     },
 
     /**
      * Sets noPasswordCallback_.
      * @type {function()}
@@ skipping 64 matching lines @@
      */
     verifyConfirmedPassword: function(password) {
       var msg = {
         method: 'verifyConfirmedPassword',
         password: password
       };
       this.frame_.contentWindow.postMessage(msg, AUTH_URL_BASE);
     },
 
     /**
+     * Sends the authenticated user's e-mail address to the auth extension.
+     * @param {number} attemptToken The opaque token provided to the
+     *     retrieveAuthenticatedUserEmailCallback_.
+     * @param {string} email The authenticated user's e-mail address.
+     */
+    setAuthenticatedUserEmail: function(attemptToken, email) {
+      var msg = {
+        method: 'setAuthenticatedUserEmail',
+        attemptToken: attemptToken,
+        email: email
+      };
+      this.frame_.contentWindow.postMessage(msg, AUTH_URL_BASE);
+    },
+
+    /**
      * Invoked to process authentication success.
      * @param {Object} credentials Credential object to pass to success
      *     callback.
      * @private
      */
     onAuthSuccess_: function(credentials) {
       if (this.successCallback_)
         this.successCallback_(credentials);
       cr.dispatchSimpleEvent(this, 'completed');
     },
@@ skipping 43 matching lines @@
         }
         this.onAuthSuccess_({email: msg.email || this.email_,
                              password: msg.password || this.password_,
                              authCode: msg.authCode,
                              useOffline: msg.method == 'offlineLogin',
                              chooseWhatToSync: this.chooseWhatToSync_,
                              skipForNow: msg.skipForNow || false });
         return;
       }
 
+      if (msg.method == 'retrieveAuthenticatedUserEmail') {
+        if (this.retrieveAuthenticatedUserEmailCallback_) {
+          this.retrieveAuthenticatedUserEmailCallback_(msg.attemptToken);
+        } else {
+          console.error(
+              'GaiaAuthHost: Invalid retrieveAuthenticatedUserEmailCallback_.');
+        }
+        return;
+      }
+
       if (msg.method == 'confirmPassword') {
         if (this.confirmPasswordCallback_)
           this.confirmPasswordCallback_();
         else
           console.error('GaiaAuthHost: Invalid confirmPasswordCallback_.');
         return;
       }
 
       if (msg.method == 'noPassword') {
         if (this.noPasswordCallback_)
@@ skipping 53 matching lines @@
 
   GaiaAuthHost.SUPPORTED_PARAMS = SUPPORTED_PARAMS;
   GaiaAuthHost.LOCALIZED_STRING_PARAMS = LOCALIZED_STRING_PARAMS;
   GaiaAuthHost.AuthMode = AuthMode;
   GaiaAuthHost.AuthFlow = AuthFlow;
 
   return {
     GaiaAuthHost: GaiaAuthHost
   };
 });