Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 /** | 5 /** |
| 6 * @fileoverview | 6 * @fileoverview |
| 7 * Script to be injected into SAML provider pages that do not support the | 7 * Script to be injected into SAML provider pages, serving three main purposes: |
| 8 * auth service provider postMessage API. It serves two main purposes: | |
| 9 * 1. Signal hosting extension that an external page is loaded so that the | 8 * 1. Signal hosting extension that an external page is loaded so that the |
| 10 * UI around it could be changed accordingly; | 9 * UI around it should be changed accordingly; |
| 11 * 2. Scrape password and send it back to be used for encrypt user data and | 10 * 2. Provide an API via which the SAML provider can pass user credentials to |
| 12 * use for offline login; | 11 * Chrome OS, allowing the password to be used for encrypting user data and |
| 12 * offline login. | |
| 13 * 3. Scrape password fields, making the password available to Chrome OS even if | |
| 14 * the SAML provider does not support the credential passing API. | |
| 13 */ | 15 */ |
| 14 | 16 |
| 15 (function() { | 17 (function() { |
| 18 function APICallForwarder() { | |
| 19 } | |
| 20 | |
| 21 /** | |
| 22 * The credential passing API is used by sending messages to the SAML page's | |
| 23 * |window| object. This class forwards the calls to a background script via a | |
| 24 * |Channel|. | |
| 25 */ | |
| 26 APICallForwarder.prototype = { | |
| 27 // Channel to which API calls are forwarded. | |
| 28 channel_: null, | |
| 29 | |
| 30 /** | |
| 31 * Initialize the API call forwarder. | |
| 32 * @param {!Object} channel Channel to which API calls should be forwarded. | |
| 33 */ | |
| 34 init: function(channel) { | |
| 35 this.channel_ = channel; | |
| 36 window.addEventListener('message', this.onMessage_.bind(this)); | |
| 37 }, | |
| 38 | |
| 39 onMessage_: function(event) { | |
| 40 if (event.source != window || event.data.type != 'gaia_saml_api') | |
|
xiyuan
2014/01/14 21:21:30
nit: I might be a bit paranoid but would put more
bartfab (slow)
2014/01/15 11:00:29
You are not paranoid at all. I agree that a confli
| |
| 41 return; | |
| 42 if (event.data.call.method == 'initialize') { | |
| 43 // Respond to the |initialize| call directly. | |
| 44 event.source.postMessage({ | |
| 45 type: 'gaia_saml_api_reply', | |
| 46 response: {result: 'initialized', version: 1}}, '/'); | |
| 47 } else { | |
| 48 // Forward all other calls. | |
| 49 this.channel_.send({name: 'apiCall', call: event.data.call}); | |
| 50 } | |
| 51 } | |
| 52 }; | |
| 53 | |
| 16 /** | 54 /** |
| 17 * A class to scrape password from type=password input elements under a given | 55 * A class to scrape password from type=password input elements under a given |
| 18 * docRoot and send them back via a Channel. | 56 * docRoot and send them back via a Channel. |
| 19 */ | 57 */ |
| 20 function PasswordInputScraper() { | 58 function PasswordInputScraper() { |
| 21 } | 59 } |
| 22 | 60 |
| 23 PasswordInputScraper.prototype = { | 61 PasswordInputScraper.prototype = { |
| 24 // URL of the page. | 62 // URL of the page. |
| 25 pageURL_: null, | 63 pageURL_: null, |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 118 } else { | 156 } else { |
| 119 var channel; | 157 var channel; |
| 120 var passwordScraper; | 158 var passwordScraper; |
| 121 if (isSAMLPage()) { | 159 if (isSAMLPage()) { |
| 122 var pageURL = window.location.href; | 160 var pageURL = window.location.href; |
| 123 | 161 |
| 124 channel = new Channel(); | 162 channel = new Channel(); |
| 125 channel.connect('injected'); | 163 channel.connect('injected'); |
| 126 channel.send({name: 'pageLoaded', url: pageURL}); | 164 channel.send({name: 'pageLoaded', url: pageURL}); |
| 127 | 165 |
| 166 apiCallForwarder = new APICallForwarder(); | |
| 167 apiCallForwarder.init(channel); | |
| 168 | |
| 128 passwordScraper = new PasswordInputScraper(); | 169 passwordScraper = new PasswordInputScraper(); |
| 129 passwordScraper.init(channel, pageURL, document.documentElement); | 170 passwordScraper.init(channel, pageURL, document.documentElement); |
| 130 } | 171 } |
| 131 } | 172 } |
| 132 })(); | 173 })(); |
| OLD | NEW |