| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 /** | 5 /** |
| 6 * @fileoverview | 6 * @fileoverview |
| 7 * Script to be injected into SAML provider pages, serving three main purposes: | 7 * Script to be injected into SAML provider pages, serving three main purposes: |
| 8 * 1. Signal hosting extension that an external page is loaded so that the | 8 * 1. Signal hosting extension that an external page is loaded so that the |
| 9 * UI around it should be changed accordingly; | 9 * UI around it should be changed accordingly; |
| 10 * 2. Provide an API via which the SAML provider can pass user credentials to | 10 * 2. Provide an API via which the SAML provider can pass user credentials to |
| 11 * Chrome OS, allowing the password to be used for encrypting user data and | 11 * Chrome OS, allowing the password to be used for encrypting user data and |
| 12 * offline login. | 12 * offline login. |
| 13 * 3. Scrape password fields, making the password available to Chrome OS even if | 13 * 3. Scrape password fields, making the password available to Chrome OS even if |
| 14 * the SAML provider does not support the credential passing API. | 14 * the SAML provider does not support the credential passing API. |
| 15 */ | 15 */ |
| 16 | 16 |
| 17 (function() { | 17 (function() { |
| 18 function APICallForwarder() { | 18 function APICallForwarder() { |
| 19 } | 19 } |
| 20 | 20 |
| 21 /** | 21 /** |
| 22 * The credential passing API is used by sending messages to the SAML page's | 22 * The credential passing API is used by sending messages to the SAML page's |
| 23 * |window| object. This class forwards the calls to a background script via a | 23 * |window| object. This class forwards API calls from the SAML page to a |
| 24 * |Channel|. | 24 * background script and API responses from the background script to the SAML |
| 25 * page. Communication with the background script occurs via a |Channel|. |
| 25 */ | 26 */ |
| 26 APICallForwarder.prototype = { | 27 APICallForwarder.prototype = { |
| 27 // Channel to which API calls are forwarded. | 28 // Channel to which API calls are forwarded. |
| 28 channel_: null, | 29 channel_: null, |
| 29 | 30 |
| 30 /** | 31 /** |
| 31 * Initialize the API call forwarder. | 32 * Initialize the API call forwarder. |
| 32 * @param {!Object} channel Channel to which API calls should be forwarded. | 33 * @param {!Object} channel Channel to which API calls should be forwarded. |
| 33 */ | 34 */ |
| 34 init: function(channel) { | 35 init: function(channel) { |
| 35 this.channel_ = channel; | 36 this.channel_ = channel; |
| 37 this.channel_.registerMessage('apiResponse', |
| 38 this.onAPIResponse_.bind(this)); |
| 39 |
| 36 window.addEventListener('message', this.onMessage_.bind(this)); | 40 window.addEventListener('message', this.onMessage_.bind(this)); |
| 37 }, | 41 }, |
| 38 | 42 |
| 39 onMessage_: function(event) { | 43 onMessage_: function(event) { |
| 40 if (event.source != window || | 44 if (event.source != window || |
| 41 typeof event.data != 'object' || | 45 typeof event.data != 'object' || |
| 42 !event.data.hasOwnProperty('type') || | 46 !event.data.hasOwnProperty('type') || |
| 43 event.data.type != 'gaia_saml_api') { | 47 event.data.type != 'gaia_saml_api') { |
| 44 return; | 48 return; |
| 45 } | 49 } |
| 46 if (event.data.call.method == 'initialize') { | 50 // Forward API calls to the background script. |
| 47 // Respond to the |initialize| call directly. | 51 this.channel_.send({name: 'apiCall', call: event.data.call}); |
| 48 event.source.postMessage({ | 52 }, |
| 49 type: 'gaia_saml_api_reply', | 53 |
| 50 response: {result: 'initialized', version: 1}}, '/'); | 54 onAPIResponse_: function(msg) { |
| 51 } else { | 55 // Forward API responses to the SAML page. |
| 52 // Forward all other calls. | 56 window.postMessage({type: 'gaia_saml_api_reply', response: msg.response}, |
| 53 this.channel_.send({name: 'apiCall', call: event.data.call}); | 57 '/'); |
| 54 } | |
| 55 } | 58 } |
| 56 }; | 59 }; |
| 57 | 60 |
| 58 /** | 61 /** |
| 59 * A class to scrape password from type=password input elements under a given | 62 * A class to scrape password from type=password input elements under a given |
| 60 * docRoot and send them back via a Channel. | 63 * docRoot and send them back via a Channel. |
| 61 */ | 64 */ |
| 62 function PasswordInputScraper() { | 65 function PasswordInputScraper() { |
| 63 } | 66 } |
| 64 | 67 |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 168 channel.send({name: 'pageLoaded', url: pageURL}); | 171 channel.send({name: 'pageLoaded', url: pageURL}); |
| 169 | 172 |
| 170 apiCallForwarder = new APICallForwarder(); | 173 apiCallForwarder = new APICallForwarder(); |
| 171 apiCallForwarder.init(channel); | 174 apiCallForwarder.init(channel); |
| 172 | 175 |
| 173 passwordScraper = new PasswordInputScraper(); | 176 passwordScraper = new PasswordInputScraper(); |
| 174 passwordScraper.init(channel, pageURL, document.documentElement); | 177 passwordScraper.init(channel, pageURL, document.documentElement); |
| 175 } | 178 } |
| 176 } | 179 } |
| 177 })(); | 180 })(); |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 258123002:
Implement a second version of the credentials passing API (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src