Add credential passing API for Chrome OS SAML login

chrome/browser/resources/gaia_auth/saml_injected.js

Index: chrome/browser/resources/gaia_auth/saml_injected.js
diff --git a/chrome/browser/resources/gaia_auth/saml_injected.js b/chrome/browser/resources/gaia_auth/saml_injected.js
index 2e871c9bcb053f1159dd3354fedd9f4a5c25dc13..f872d5ec73f945423eee64086371533fe65663ef 100644
--- a/chrome/browser/resources/gaia_auth/saml_injected.js
+++ b/chrome/browser/resources/gaia_auth/saml_injected.js
@@ -4,15 +4,53 @@
 
 /**
  * @fileoverview
- * Script to be injected into SAML provider pages that do not support the
- * auth service provider postMessage API. It serves two main purposes:
+ * Script to be injected into SAML provider pages, serving three main purposes:
  * 1. Signal hosting extension that an external page is loaded so that the
- *    UI around it could be changed accordingly;
- * 2. Scrape password and send it back to be used for encrypt user data and
- *    use for offline login;
+ *    UI around it should be changed accordingly;
+ * 2. Provide an API via which the SAML provider can pass user credentials to
+ *    Chrome OS, allowing the password to be used for encrypting user data and
+ *    offline login.
+ * 3. Scrape password fields, making the password available to Chrome OS even if
+ *    the SAML provider does not support the credential passing API.
  */
 
 (function() {
+  function APICallForwarder() {
+  }
+
+  /**
+   * The credential passing API is used by sending messages to the SAML page's
+   * |window| object. This class forwards the calls to a background script via a
+   * |Channel|.
+   */
+  APICallForwarder.prototype = {
+    // Channel to which API calls are forwarded.
+    channel_: null,
+
+    /**
+     * Initialize the API call forwarder.
+     * @param {!Object} channel Channel to which API calls should be forwarded.
+     */
+    init: function(channel) {
+      this.channel_ = channel;
+      window.addEventListener('message', this.onMessage_.bind(this));
+    },
+
+    onMessage_: function(event) {
+      if (event.source != window || event.data.type != 'gaia_saml_api')

[xiyuan, 2014/01/14 21:21:30]

nit: I might be a bit paranoid but would put more check before accessing
event.data.type just in case saml idp page uses postMessage to itself as well.

Something like
if (event.source != window ||
    typeof event.data != 'object' ||
    !event.data.hasOwnProperty('type') ||
    event.data.type != 'gaia_saml_api')
...

[bartfab (slow), 2014/01/15 11:00:29]

You are not paranoid at all. I agree that a conflict with messages used
internally by the SAML provider is a danger. I picked the signature
'gaia_saml_api' in the hopes that it will not clash with anything SAML providers
are likely to use. I am wondering whether a message signature with 'google' in
it would be even better, as third-party companies are unlikely to use our
company name in their implementation.

And the extra checks you suggested make very good sense as well of course. Done.

+        return;
+      if (event.data.call.method == 'initialize') {
+        // Respond to the |initialize| call directly.
+        event.source.postMessage({
+            type: 'gaia_saml_api_reply',
+            response: {result: 'initialized', version: 1}}, '/');
+      } else {
+        // Forward all other calls.
+        this.channel_.send({name: 'apiCall', call: event.data.call});
+      }
+    }
+  };
+
   /**
    * A class to scrape password from type=password input elements under a given
    * docRoot and send them back via a Channel.
@@ -125,6 +163,9 @@
       channel.connect('injected');
       channel.send({name: 'pageLoaded', url: pageURL});
 
+      apiCallForwarder = new APICallForwarder();
+      apiCallForwarder.init(channel);
+
       passwordScraper = new PasswordInputScraper();
       passwordScraper.init(channel, pageURL, document.documentElement);
     }