Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 <include src="saml_handler.js"> | 5 <include src="saml_handler.js"> |
| 6 | 6 |
| 7 /** | 7 /** |
| 8 * @fileoverview An UI component to authenciate to Chrome. The component hosts | 8 * @fileoverview An UI component to authenciate to Chrome. The component hosts |
| 9 * IdP web pages in a webview. A client who is interested in monitoring | 9 * IdP web pages in a webview. A client who is interested in monitoring |
| 10 * authentication events should pass a listener object of type | 10 * authentication events should pass a listener object of type |
| (...skipping 13 matching lines...) Expand all Loading... | |
| 24 'chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/success.html'; | 24 'chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/success.html'; |
| 25 var SIGN_IN_HEADER = 'google-accounts-signin'; | 25 var SIGN_IN_HEADER = 'google-accounts-signin'; |
| 26 var EMBEDDED_FORM_HEADER = 'google-accounts-embedded'; | 26 var EMBEDDED_FORM_HEADER = 'google-accounts-embedded'; |
| 27 var LOCATION_HEADER = 'location'; | 27 var LOCATION_HEADER = 'location'; |
| 28 var COOKIE_HEADER = 'cookie'; | 28 var COOKIE_HEADER = 'cookie'; |
| 29 var SET_COOKIE_HEADER = 'set-cookie'; | 29 var SET_COOKIE_HEADER = 'set-cookie'; |
| 30 var OAUTH_CODE_COOKIE = 'oauth_code'; | 30 var OAUTH_CODE_COOKIE = 'oauth_code'; |
| 31 var GAPS_COOKIE = 'GAPS'; | 31 var GAPS_COOKIE = 'GAPS'; |
| 32 var SERVICE_ID = 'chromeoslogin'; | 32 var SERVICE_ID = 'chromeoslogin'; |
| 33 var EMBEDDED_SETUP_CHROMEOS_ENDPOINT = 'embedded/setup/chromeos'; | 33 var EMBEDDED_SETUP_CHROMEOS_ENDPOINT = 'embedded/setup/chromeos'; |
| 34 var SAML_REDIRECTION_PATH = 'samlredirect'; | |
| 34 | 35 |
| 35 /** | 36 /** |
| 36 * The source URL parameter for the constrained signin flow. | 37 * The source URL parameter for the constrained signin flow. |
| 37 */ | 38 */ |
| 38 var CONSTRAINED_FLOW_SOURCE = 'chrome'; | 39 var CONSTRAINED_FLOW_SOURCE = 'chrome'; |
| 39 | 40 |
| 40 /** | 41 /** |
| 41 * Enum for the authorization mode, must match AuthMode defined in | 42 * Enum for the authorization mode, must match AuthMode defined in |
| 42 * chrome/browser/ui/webui/inline_login_ui.cc. | 43 * chrome/browser/ui/webui/inline_login_ui.cc. |
| 43 * @enum {number} | 44 * @enum {number} |
| (...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 131 this.idpOrigin_ = null; | 132 this.idpOrigin_ = null; |
| 132 this.continueUrl_ = null; | 133 this.continueUrl_ = null; |
| 133 this.continueUrlWithoutParams_ = null; | 134 this.continueUrlWithoutParams_ = null; |
| 134 this.initialFrameUrl_ = null; | 135 this.initialFrameUrl_ = null; |
| 135 this.reloadUrl_ = null; | 136 this.reloadUrl_ = null; |
| 136 this.trusted_ = true; | 137 this.trusted_ = true; |
| 137 this.oauthCode_ = null; | 138 this.oauthCode_ = null; |
| 138 this.gapsCookie_ = null; | 139 this.gapsCookie_ = null; |
| 139 this.gapsCookieSent_ = false; | 140 this.gapsCookieSent_ = false; |
| 140 this.newGapsCookie_ = null; | 141 this.newGapsCookie_ = null; |
| 142 this.readyFired_ = false; | |
| 141 | 143 |
| 142 this.useEafe_ = false; | 144 this.useEafe_ = false; |
| 143 this.clientId_ = null; | 145 this.clientId_ = null; |
| 144 | 146 |
| 145 this.samlHandler_ = new cr.login.SamlHandler(this.webview_); | 147 this.samlHandler_ = new cr.login.SamlHandler(this.webview_); |
| 146 this.confirmPasswordCallback = null; | 148 this.confirmPasswordCallback = null; |
| 147 this.noPasswordCallback = null; | 149 this.noPasswordCallback = null; |
| 148 this.insecureContentBlockedCallback = null; | 150 this.insecureContentBlockedCallback = null; |
| 149 this.samlApiUsedCallback = null; | 151 this.samlApiUsedCallback = null; |
| 150 this.missingGaiaInfoCallback = null; | 152 this.missingGaiaInfoCallback = null; |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 257 | 259 |
| 258 /** | 260 /** |
| 259 * Reloads the authenticator component. | 261 * Reloads the authenticator component. |
| 260 */ | 262 */ |
| 261 Authenticator.prototype.reload = function() { | 263 Authenticator.prototype.reload = function() { |
| 262 this.clearCredentials_(); | 264 this.clearCredentials_(); |
| 263 this.webview_.src = this.reloadUrl_; | 265 this.webview_.src = this.reloadUrl_; |
| 264 }; | 266 }; |
| 265 | 267 |
| 266 Authenticator.prototype.constructInitialFrameUrl_ = function(data) { | 268 Authenticator.prototype.constructInitialFrameUrl_ = function(data) { |
| 269 if (data.doSamlRedirect) { | |
| 270 var url = this.idpOrigin_ + SAML_REDIRECTION_PATH; | |
| 271 url = appendParam(url, 'domain', data.enterpriseDomain); | |
| 272 url = appendParam(url, 'continue', data.gaiaUrl + | |
| 273 'o/oauth2/programmatic_auth?hl=' + data.hl + | |
| 274 '&scope=https%3A%2F%2Fwww.google.com%2Faccounts%2FOAuthLogin&' + | |
| 275 'client_id=' + encodeURIComponent(data.clientId) + | |
| 276 '&access_type=offline'); | |
| 277 | |
| 278 return url; | |
| 279 } | |
| 280 | |
| 267 var path = data.gaiaPath; | 281 var path = data.gaiaPath; |
| 268 if (!path && this.isNewGaiaFlow) | 282 if (!path && this.isNewGaiaFlow) |
| 269 path = EMBEDDED_SETUP_CHROMEOS_ENDPOINT; | 283 path = EMBEDDED_SETUP_CHROMEOS_ENDPOINT; |
| 270 if (!path) | 284 if (!path) |
| 271 path = IDP_PATH; | 285 path = IDP_PATH; |
| 272 var url = this.idpOrigin_ + path; | 286 var url = this.idpOrigin_ + path; |
| 273 | 287 |
| 274 if (this.isNewGaiaFlow) { | 288 if (this.isNewGaiaFlow) { |
| 275 if (data.chromeType) | 289 if (data.chromeType) |
| 276 url = appendParam(url, 'chrometype', data.chromeType); | 290 url = appendParam(url, 'chrometype', data.chromeType); |
| (...skipping 400 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 677 /** | 691 /** |
| 678 * Invoked when |samlHandler_| fires 'authPageLoaded' event. | 692 * Invoked when |samlHandler_| fires 'authPageLoaded' event. |
| 679 * @private | 693 * @private |
| 680 */ | 694 */ |
| 681 Authenticator.prototype.onAuthPageLoaded_ = function(e) { | 695 Authenticator.prototype.onAuthPageLoaded_ = function(e) { |
| 682 if (!e.detail.isSAMLPage) | 696 if (!e.detail.isSAMLPage) |
| 683 return; | 697 return; |
| 684 | 698 |
| 685 this.authDomain = this.samlHandler_.authDomain; | 699 this.authDomain = this.samlHandler_.authDomain; |
| 686 this.authFlow = AuthFlow.SAML; | 700 this.authFlow = AuthFlow.SAML; |
| 701 | |
| 702 if (!this.readyFired_) { | |
| 703 this.dispatchEvent(new Event('ready')); | |
| 704 this.readyFired_ = true; | |
| 705 } | |
|
xiyuan
2016/03/29 02:10:49
nit: Can we make this a method, e.g. fireReadyEven
afakhry
2016/03/29 03:12:02
Done.
| |
| 687 }; | 706 }; |
| 688 | 707 |
| 689 /** | 708 /** |
| 690 * Invoked when a link is dropped on the webview. | 709 * Invoked when a link is dropped on the webview. |
| 691 * @private | 710 * @private |
| 692 */ | 711 */ |
| 693 Authenticator.prototype.onDropLink_ = function(e) { | 712 Authenticator.prototype.onDropLink_ = function(e) { |
| 694 this.dispatchEvent(new CustomEvent('dropLink', {detail: e.url})); | 713 this.dispatchEvent(new CustomEvent('dropLink', {detail: e.url})); |
| 695 }; | 714 }; |
| 696 | 715 |
| (...skipping 21 matching lines...) Expand all Loading... | |
| 718 // Posts a message to IdP pages to initiate communication. | 737 // Posts a message to IdP pages to initiate communication. |
| 719 var currentUrl = this.webview_.src; | 738 var currentUrl = this.webview_.src; |
| 720 if (currentUrl.lastIndexOf(this.idpOrigin_) == 0) { | 739 if (currentUrl.lastIndexOf(this.idpOrigin_) == 0) { |
| 721 var msg = { | 740 var msg = { |
| 722 'method': 'handshake', | 741 'method': 'handshake', |
| 723 }; | 742 }; |
| 724 | 743 |
| 725 this.webview_.contentWindow.postMessage(msg, currentUrl); | 744 this.webview_.contentWindow.postMessage(msg, currentUrl); |
| 726 | 745 |
| 727 this.dispatchEvent(new Event('ready')); | 746 this.dispatchEvent(new Event('ready')); |
| 747 this.readyFired_ = true; | |
| 728 // Focus webview after dispatching event when webview is already visible. | 748 // Focus webview after dispatching event when webview is already visible. |
| 729 this.webview_.focus(); | 749 this.webview_.focus(); |
| 730 } | 750 } |
| 731 }; | 751 }; |
| 732 | 752 |
| 733 /** | 753 /** |
| 734 * Invoked when the webview fails loading a page. | 754 * Invoked when the webview fails loading a page. |
| 735 * @private | 755 * @private |
| 736 */ | 756 */ |
| 737 Authenticator.prototype.onLoadAbort_ = function(e) { | 757 Authenticator.prototype.onLoadAbort_ = function(e) { |
| (...skipping 21 matching lines...) Expand all Loading... | |
| 759 this.webview_.contentWindow.postMessage(msg, this.idpOrigin_); | 779 this.webview_.contentWindow.postMessage(msg, this.idpOrigin_); |
| 760 }).bind(this), EAFE_INITIAL_MESSAGE_DELAY_IN_MS); | 780 }).bind(this), EAFE_INITIAL_MESSAGE_DELAY_IN_MS); |
| 761 } | 781 } |
| 762 }; | 782 }; |
| 763 | 783 |
| 764 /** | 784 /** |
| 765 * Invoked when the webview navigates withing the current document. | 785 * Invoked when the webview navigates withing the current document. |
| 766 * @private | 786 * @private |
| 767 */ | 787 */ |
| 768 Authenticator.prototype.onLoadCommit_ = function(e) { | 788 Authenticator.prototype.onLoadCommit_ = function(e) { |
| 789 if (e.isTopLevel) | |
| 790 this.readyFired_ = false; | |
|
xiyuan
2016/03/29 02:10:49
Good catch. Move this to clearCredentials_, which
afakhry
2016/03/29 03:12:02
Done. But just to make sure, you meant to remove i
| |
| 791 | |
| 769 if (this.oauthCode_) | 792 if (this.oauthCode_) |
| 770 this.maybeCompleteAuth_(); | 793 this.maybeCompleteAuth_(); |
| 771 }; | 794 }; |
| 772 | 795 |
| 773 /** | 796 /** |
| 774 * Returns |true| if event |e| was sent from the hosted webview. | 797 * Returns |true| if event |e| was sent from the hosted webview. |
| 775 * @private | 798 * @private |
| 776 */ | 799 */ |
| 777 Authenticator.prototype.isWebviewEvent_ = function(e) { | 800 Authenticator.prototype.isWebviewEvent_ = function(e) { |
| 778 // Note: <webview> prints error message to console if |contentWindow| is not | 801 // Note: <webview> prints error message to console if |contentWindow| is not |
| (...skipping 19 matching lines...) Expand all Loading... | |
| 798 Authenticator.AuthMode = AuthMode; | 821 Authenticator.AuthMode = AuthMode; |
| 799 Authenticator.SUPPORTED_PARAMS = SUPPORTED_PARAMS; | 822 Authenticator.SUPPORTED_PARAMS = SUPPORTED_PARAMS; |
| 800 | 823 |
| 801 return { | 824 return { |
| 802 // TODO(guohui, xiyuan): Rename GaiaAuthHost to Authenticator once the old | 825 // TODO(guohui, xiyuan): Rename GaiaAuthHost to Authenticator once the old |
| 803 // iframe-based flow is deprecated. | 826 // iframe-based flow is deprecated. |
| 804 GaiaAuthHost: Authenticator, | 827 GaiaAuthHost: Authenticator, |
| 805 Authenticator: Authenticator | 828 Authenticator: Authenticator |
| 806 }; | 829 }; |
| 807 }); | 830 }); |
| OLD | NEW |