OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "google_apis/gaia/gaia_auth_fetcher.h" | 5 #include "google_apis/gaia/gaia_auth_fetcher.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 #include <utility> | 8 #include <utility> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
212 | 212 |
213 void GaiaAuthFetcher::SetLogoutHeaders(const std::string& headers) { | 213 void GaiaAuthFetcher::SetLogoutHeaders(const std::string& headers) { |
214 logout_headers_ = headers; | 214 logout_headers_ = headers; |
215 } | 215 } |
216 | 216 |
217 void GaiaAuthFetcher::CancelRequest() { | 217 void GaiaAuthFetcher::CancelRequest() { |
218 fetcher_.reset(); | 218 fetcher_.reset(); |
219 fetch_pending_ = false; | 219 fetch_pending_ = false; |
220 } | 220 } |
221 | 221 |
222 void GaiaAuthFetcher::CreateAndStartGaiaFetcher(const std::string& body, | 222 void GaiaAuthFetcher::CreateAndStartGaiaFetcher( |
223 const std::string& headers, | 223 const std::string& body, |
224 const GURL& gaia_gurl, | 224 const std::string& headers, |
225 int load_flags) { | 225 const GURL& gaia_gurl, |
226 int load_flags, | |
227 const net::NetworkTrafficAnnotationTag& traffic_annotation) { | |
226 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | 228 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
227 fetcher_ = net::URLFetcher::Create( | 229 fetcher_ = net::URLFetcher::Create( |
228 0, gaia_gurl, body.empty() ? net::URLFetcher::GET : net::URLFetcher::POST, | 230 0, gaia_gurl, body.empty() ? net::URLFetcher::GET : net::URLFetcher::POST, |
229 this); | 231 this, traffic_annotation); |
230 fetcher_->SetRequestContext(getter_); | 232 fetcher_->SetRequestContext(getter_); |
231 fetcher_->SetUploadData("application/x-www-form-urlencoded", body); | 233 fetcher_->SetUploadData("application/x-www-form-urlencoded", body); |
232 gaia::MarkURLFetcherAsGaia(fetcher_.get()); | 234 gaia::MarkURLFetcherAsGaia(fetcher_.get()); |
233 | 235 |
234 VLOG(2) << "Gaia fetcher URL: " << gaia_gurl.spec(); | 236 VLOG(2) << "Gaia fetcher URL: " << gaia_gurl.spec(); |
235 VLOG(2) << "Gaia fetcher headers: " << headers; | 237 VLOG(2) << "Gaia fetcher headers: " << headers; |
236 VLOG(2) << "Gaia fetcher body: " << body; | 238 VLOG(2) << "Gaia fetcher body: " << body; |
237 | 239 |
238 // The Gaia token exchange requests do not require any cookie-based | 240 // The Gaia token exchange requests do not require any cookie-based |
239 // identification as part of requests. We suppress sending any cookies to | 241 // identification as part of requests. We suppress sending any cookies to |
(...skipping 264 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
504 | 506 |
505 if (sessionDictionary->GetString("login_hint", login_hint)) | 507 if (sessionDictionary->GetString("login_hint", login_hint)) |
506 break; | 508 break; |
507 } | 509 } |
508 | 510 |
509 if (login_hint->empty()) | 511 if (login_hint->empty()) |
510 return false; | 512 return false; |
511 return true; | 513 return true; |
512 } | 514 } |
513 | 515 |
514 void GaiaAuthFetcher::StartIssueAuthToken(const std::string& sid, | |
515 const std::string& lsid, | |
516 const char* const service) { | |
517 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | |
518 | |
519 VLOG(1) << "Starting IssueAuthToken for: " << service; | |
520 requested_service_ = service; | |
521 request_body_ = MakeIssueAuthTokenBody(sid, lsid, service); | |
522 CreateAndStartGaiaFetcher(request_body_, std::string(), | |
523 issue_auth_token_gurl_, kLoadFlagsIgnoreCookies); | |
524 } | |
525 | 516 |
526 void GaiaAuthFetcher::StartRevokeOAuth2Token(const std::string& auth_token) { | 517 void GaiaAuthFetcher::StartRevokeOAuth2Token(const std::string& auth_token) { |
527 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | 518 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
528 | 519 |
529 VLOG(1) << "Starting OAuth2 token revocation"; | 520 VLOG(1) << "Starting OAuth2 token revocation"; |
530 request_body_ = MakeRevokeTokenBody(auth_token); | 521 request_body_ = MakeRevokeTokenBody(auth_token); |
522 net::NetworkTrafficAnnotationTag traffic_annotation = | |
523 net::DefineNetworkTrafficAnnotation("gaia_auth_revoke_token", R"( | |
524 semantics { | |
525 sender: "Chrome - Google authentication API" | |
526 description: "This request revokes an OAuth 2.0 refresh token." | |
527 trigger: | |
528 "This request is part of Gaia Auth API, and is triggered whenever " | |
529 "an OAuth 2.0 refresh token needs to be revoked." | |
530 data: "The OAuth 2.0 refresh token that should be revoked." | |
531 destination: GOOGLE_OWNED_SERVICE | |
532 } | |
533 policy { | |
534 cookies_allowed: false | |
535 setting: | |
536 "This feature cannot be disabled in settings, but if user signs " | |
msramek
2017/05/26 12:24:52
nit: Not a native speaker, but should this be "the
Ramin Halavati
2017/05/29 08:00:49
Done.
| |
537 "out of Chrome, this request would not be made." | |
538 chrome_policy { | |
539 SigninAllowed { | |
540 policy_options {mode: MANDATORY} | |
541 SigninAllowed: false | |
542 } | |
543 } | |
544 })"); | |
531 CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_revoke_gurl_, | 545 CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_revoke_gurl_, |
532 kLoadFlagsIgnoreCookies); | 546 kLoadFlagsIgnoreCookies, traffic_annotation); |
533 } | 547 } |
534 | 548 |
535 void GaiaAuthFetcher::StartCookieForOAuthLoginTokenExchange( | 549 void GaiaAuthFetcher::StartCookieForOAuthLoginTokenExchange( |
536 const std::string& session_index) { | 550 const std::string& session_index) { |
537 StartCookieForOAuthLoginTokenExchangeWithDeviceId(session_index, | 551 StartCookieForOAuthLoginTokenExchangeWithDeviceId(session_index, |
538 std::string()); | 552 std::string()); |
539 } | 553 } |
540 | 554 |
541 void GaiaAuthFetcher::StartCookieForOAuthLoginTokenExchangeWithDeviceId( | 555 void GaiaAuthFetcher::StartCookieForOAuthLoginTokenExchangeWithDeviceId( |
542 const std::string& session_index, | 556 const std::string& session_index, |
(...skipping 25 matching lines...) Expand all Loading... | |
568 if (!session_index.empty()) | 582 if (!session_index.empty()) |
569 query_string += "&authuser=" + session_index; | 583 query_string += "&authuser=" + session_index; |
570 | 584 |
571 std::string device_id_header; | 585 std::string device_id_header; |
572 if (!device_id.empty()) { | 586 if (!device_id.empty()) { |
573 device_id_header = | 587 device_id_header = |
574 base::StringPrintf(kDeviceIdHeaderFormat, device_id.c_str()); | 588 base::StringPrintf(kDeviceIdHeaderFormat, device_id.c_str()); |
575 } | 589 } |
576 | 590 |
577 fetch_token_from_auth_code_ = fetch_token_from_auth_code; | 591 fetch_token_from_auth_code_ = fetch_token_from_auth_code; |
592 net::NetworkTrafficAnnotationTag traffic_annotation = | |
593 net::DefineNetworkTrafficAnnotation("gaia_auth_exchange_cookies", R"( | |
594 semantics { | |
595 sender: "Chrome - Google authentication API" | |
596 description: | |
597 "This request exchanges the cookies of a Google signed-in user " | |
598 "session for an OAuth 2.0 refresh token." | |
599 trigger: | |
600 "This request is part of Gaia Auth API, and may be triggered at " | |
601 "the end of the Chrome sign-in flow." | |
602 data: | |
603 "The Google console client ID of the Chrome application, the ID of " | |
604 "the device, and the index of the session in the Google " | |
605 "authentication cookies." | |
606 destination: GOOGLE_OWNED_SERVICE | |
607 } | |
608 policy { | |
609 cookies_allowed: true | |
610 cookies_store: "user" | |
611 setting: | |
612 "This feature cannot be disabled in settings, but if user signs " | |
613 "out of Chrome, this request would not be made." | |
614 chrome_policy { | |
615 SigninAllowed { | |
616 policy_options {mode: MANDATORY} | |
617 SigninAllowed: false | |
618 } | |
619 } | |
620 })"); | |
578 CreateAndStartGaiaFetcher(std::string(), device_id_header, | 621 CreateAndStartGaiaFetcher(std::string(), device_id_header, |
579 client_login_to_oauth2_gurl_.Resolve(query_string), | 622 client_login_to_oauth2_gurl_.Resolve(query_string), |
580 net::LOAD_NORMAL); | 623 net::LOAD_NORMAL, traffic_annotation); |
581 } | 624 } |
582 | 625 |
583 void GaiaAuthFetcher::StartAuthCodeForOAuth2TokenExchange( | 626 void GaiaAuthFetcher::StartAuthCodeForOAuth2TokenExchange( |
584 const std::string& auth_code) { | 627 const std::string& auth_code) { |
585 StartAuthCodeForOAuth2TokenExchangeWithDeviceId(auth_code, std::string()); | 628 StartAuthCodeForOAuth2TokenExchangeWithDeviceId(auth_code, std::string()); |
586 } | 629 } |
587 | 630 |
588 void GaiaAuthFetcher::StartAuthCodeForOAuth2TokenExchangeWithDeviceId( | 631 void GaiaAuthFetcher::StartAuthCodeForOAuth2TokenExchangeWithDeviceId( |
589 const std::string& auth_code, | 632 const std::string& auth_code, |
590 const std::string& device_id) { | 633 const std::string& device_id) { |
591 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | 634 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
592 | 635 |
593 VLOG(1) << "Starting OAuth token pair fetch"; | 636 VLOG(1) << "Starting OAuth token pair fetch"; |
594 request_body_ = MakeGetTokenPairBody(auth_code, device_id); | 637 request_body_ = MakeGetTokenPairBody(auth_code, device_id); |
638 net::NetworkTrafficAnnotationTag traffic_annotation = | |
639 net::DefineNetworkTrafficAnnotation("gaia_auth_exchange_device_id", R"( | |
640 semantics { | |
641 sender: "Chrome - Google authentication API" | |
642 description: | |
643 "This request exchanges an authorization code for an OAuth 2.0 " | |
644 "refresh token." | |
645 trigger: | |
646 "This request is part of Gaia Auth API, and may be triggered at " | |
647 "the end of the Chrome sign-in flow." | |
648 data: | |
649 "The Google console client ID and client secret of the Chrome " | |
650 "application, the OAuth 2.0 authorization code, and the ID of the " | |
651 "device." | |
652 destination: GOOGLE_OWNED_SERVICE | |
653 } | |
654 policy { | |
655 cookies_allowed: false | |
656 setting: | |
657 "This feature cannot be disabled in settings, but if user signs " | |
658 "out of Chrome, this request would not be made." | |
659 chrome_policy { | |
660 SigninAllowed { | |
661 policy_options {mode: MANDATORY} | |
662 SigninAllowed: false | |
663 } | |
664 } | |
665 })"); | |
595 CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_token_gurl_, | 666 CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_token_gurl_, |
596 kLoadFlagsIgnoreCookies); | 667 kLoadFlagsIgnoreCookies, traffic_annotation); |
597 } | 668 } |
598 | 669 |
599 void GaiaAuthFetcher::StartGetUserInfo(const std::string& lsid) { | 670 void GaiaAuthFetcher::StartGetUserInfo(const std::string& lsid) { |
600 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | 671 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
601 | 672 |
602 VLOG(1) << "Starting GetUserInfo for lsid=" << lsid; | 673 VLOG(1) << "Starting GetUserInfo for lsid=" << lsid; |
603 request_body_ = MakeGetUserInfoBody(lsid); | 674 request_body_ = MakeGetUserInfoBody(lsid); |
675 net::NetworkTrafficAnnotationTag traffic_annotation = | |
676 net::DefineNetworkTrafficAnnotation("gaia_auth_get_user_info", R"( | |
677 semantics { | |
678 sender: "Chrome - Google authentication API" | |
679 description: | |
680 "This request fetches user information of a Google account." | |
681 trigger: | |
682 "This fetcher is only used after signing in with a child account." | |
683 data: "The value of the Google authentication LSID cookie." | |
684 destination: GOOGLE_OWNED_SERVICE | |
685 } | |
686 policy { | |
687 cookies_allowed: false | |
688 setting: | |
689 "This feature cannot be disabled in settings, but if user signs " | |
690 "out of Chrome, this request would not be made." | |
691 chrome_policy { | |
692 SigninAllowed { | |
693 policy_options {mode: MANDATORY} | |
694 SigninAllowed: false | |
695 } | |
696 } | |
697 })"); | |
604 CreateAndStartGaiaFetcher(request_body_, std::string(), get_user_info_gurl_, | 698 CreateAndStartGaiaFetcher(request_body_, std::string(), get_user_info_gurl_, |
605 kLoadFlagsIgnoreCookies); | 699 kLoadFlagsIgnoreCookies, traffic_annotation); |
606 } | 700 } |
607 | 701 |
608 void GaiaAuthFetcher::StartMergeSession(const std::string& uber_token, | 702 void GaiaAuthFetcher::StartMergeSession(const std::string& uber_token, |
609 const std::string& external_cc_result) { | 703 const std::string& external_cc_result) { |
610 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | 704 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
611 | 705 |
612 VLOG(1) << "Starting MergeSession with uber_token=" << uber_token; | 706 VLOG(1) << "Starting MergeSession with uber_token=" << uber_token; |
613 | 707 |
614 // The continue URL is a required parameter of the MergeSession API, but in | 708 // The continue URL is a required parameter of the MergeSession API, but in |
615 // this case we don't actually need or want to navigate to it. Setting it to | 709 // this case we don't actually need or want to navigate to it. Setting it to |
616 // an arbitrary Google URL. | 710 // an arbitrary Google URL. |
617 // | 711 // |
618 // In order for the new session to be merged correctly, the server needs to | 712 // In order for the new session to be merged correctly, the server needs to |
619 // know what sessions already exist in the browser. The fetcher needs to be | 713 // know what sessions already exist in the browser. The fetcher needs to be |
620 // created such that it sends the cookies with the request, which is | 714 // created such that it sends the cookies with the request, which is |
621 // different from all other requests the fetcher can make. | 715 // different from all other requests the fetcher can make. |
622 std::string continue_url("http://www.google.com"); | 716 std::string continue_url("http://www.google.com"); |
623 std::string query = MakeMergeSessionQuery(uber_token, external_cc_result, | 717 std::string query = MakeMergeSessionQuery(uber_token, external_cc_result, |
624 continue_url, source_); | 718 continue_url, source_); |
719 net::NetworkTrafficAnnotationTag traffic_annotation = | |
720 net::DefineNetworkTrafficAnnotation("gaia_auth_merge_sessions", R"( | |
721 semantics { | |
722 sender: "Chrome - Google authentication API" | |
723 description: | |
724 "This request adds an account to the Google authentication cookies." | |
725 trigger: | |
726 "This request is part of Gaia Auth API, and is triggered whenever " | |
727 "a new Google account is added to the browser." | |
728 data: | |
729 "This request includes the user-auth token and sometimes a string " | |
730 "containing the result of connection checks for various Google web " | |
731 "properties." | |
732 destination: GOOGLE_OWNED_SERVICE | |
733 } | |
734 policy { | |
735 cookies_allowed: true | |
736 cookies_store: "user" | |
737 setting: | |
738 "This feature cannot be disabled in settings, but if user signs " | |
739 "out of Chrome, this request would not be made." | |
740 chrome_policy { | |
741 SigninAllowed { | |
742 policy_options {mode: MANDATORY} | |
743 SigninAllowed: false | |
744 } | |
745 } | |
746 })"); | |
625 CreateAndStartGaiaFetcher(std::string(), std::string(), | 747 CreateAndStartGaiaFetcher(std::string(), std::string(), |
626 merge_session_gurl_.Resolve(query), | 748 merge_session_gurl_.Resolve(query), |
627 net::LOAD_NORMAL); | 749 net::LOAD_NORMAL, traffic_annotation); |
628 } | 750 } |
629 | 751 |
630 void GaiaAuthFetcher::StartTokenFetchForUberAuthExchange( | 752 void GaiaAuthFetcher::StartTokenFetchForUberAuthExchange( |
631 const std::string& access_token, | 753 const std::string& access_token, |
632 bool is_bound_to_channel_id) { | 754 bool is_bound_to_channel_id) { |
633 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | 755 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
634 | 756 |
635 VLOG(1) << "Starting StartTokenFetchForUberAuthExchange with access_token=" | 757 VLOG(1) << "Starting StartTokenFetchForUberAuthExchange with access_token=" |
636 << access_token; | 758 << access_token; |
637 std::string authentication_header = | 759 std::string authentication_header = |
638 base::StringPrintf(kOAuthHeaderFormat, access_token.c_str()); | 760 base::StringPrintf(kOAuthHeaderFormat, access_token.c_str()); |
639 int load_flags = | 761 int load_flags = |
640 is_bound_to_channel_id ? net::LOAD_NORMAL : kLoadFlagsIgnoreCookies; | 762 is_bound_to_channel_id ? net::LOAD_NORMAL : kLoadFlagsIgnoreCookies; |
763 net::NetworkTrafficAnnotationTag traffic_annotation = | |
764 net::DefineNetworkTrafficAnnotation("gaia_auth_fetch_for_uber", R"( | |
765 semantics { | |
766 sender: "Chrome - Google authentication API" | |
767 description: | |
768 "This request exchanges an Oauth2 access token for an uber-auth " | |
769 "token. This token may be used to add an account to the Google " | |
770 "authentication cookies." | |
771 trigger: | |
772 "This request is part of Gaia Auth API, and is triggered whenever " | |
773 "a new Google account is added to the browser." | |
774 data: "This request contains an OAuth 2.0 access token. " | |
775 destination: GOOGLE_OWNED_SERVICE | |
776 } | |
777 policy { | |
778 cookies_allowed: true | |
779 cookies_store: "user" | |
780 setting: | |
781 "This feature cannot be disabled in settings, but if user signs " | |
782 "out of Chrome, this request would not be made." | |
783 chrome_policy { | |
784 SigninAllowed { | |
785 policy_options {mode: MANDATORY} | |
786 SigninAllowed: false | |
787 } | |
788 } | |
789 })"); | |
641 CreateAndStartGaiaFetcher(std::string(), authentication_header, | 790 CreateAndStartGaiaFetcher(std::string(), authentication_header, |
642 uberauth_token_gurl_, load_flags); | 791 uberauth_token_gurl_, load_flags, |
792 traffic_annotation); | |
643 } | 793 } |
644 | 794 |
645 void GaiaAuthFetcher::StartOAuthLogin(const std::string& access_token, | 795 void GaiaAuthFetcher::StartOAuthLogin(const std::string& access_token, |
646 const std::string& service) { | 796 const std::string& service) { |
647 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | 797 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
648 | 798 |
649 request_body_ = MakeOAuthLoginBody(service, source_); | 799 request_body_ = MakeOAuthLoginBody(service, source_); |
650 std::string authentication_header = | 800 std::string authentication_header = |
651 base::StringPrintf(kOAuth2BearerHeaderFormat, access_token.c_str()); | 801 base::StringPrintf(kOAuth2BearerHeaderFormat, access_token.c_str()); |
802 net::NetworkTrafficAnnotationTag traffic_annotation = | |
803 net::DefineNetworkTrafficAnnotation("gaia_auth_login", R"( | |
804 semantics { | |
805 sender: "Chrome - Google authentication API" | |
806 description: | |
807 "This request exchanges an OAuthLogin-scoped oauth2 access token " | |
808 "for a ClientLogin-style service tokens. The response to this " | |
msramek
2017/05/26 12:24:52
What is ClientLogin? Does this refer to the Client
msarda
2017/05/29 11:34:13
This is not part of an OAuth 2.0 process - it exch
msramek
2017/05/29 13:39:31
Ah, I guess I misunderstood originally. If we're s
Ramin Halavati
2017/05/29 13:52:51
Acknowledged.
| |
809 "request is the same as the response to a ClientLogin request, " | |
810 "except that captcha challenges are never issued." | |
811 trigger: | |
812 "This request is part of Gaia Auth API, and is triggered after " | |
813 "signing in with a child account." | |
814 data: | |
815 "This request contains an OAuth 2.0 access token and the service " | |
816 "for which a ClientLogin-style should be delivered." | |
817 destination: GOOGLE_OWNED_SERVICE | |
818 } | |
819 policy { | |
820 cookies_allowed: true | |
821 cookies_store: "user" | |
822 setting: | |
823 "This feature cannot be disabled in settings, but if user signs " | |
824 "out of Chrome, this request would not be made." | |
825 chrome_policy { | |
826 SigninAllowed { | |
827 policy_options {mode: MANDATORY} | |
828 SigninAllowed: false | |
829 } | |
830 } | |
831 })"); | |
652 CreateAndStartGaiaFetcher(request_body_, authentication_header, | 832 CreateAndStartGaiaFetcher(request_body_, authentication_header, |
653 oauth_login_gurl_, net::LOAD_NORMAL); | 833 oauth_login_gurl_, net::LOAD_NORMAL, |
834 traffic_annotation); | |
654 } | 835 } |
655 | 836 |
656 void GaiaAuthFetcher::StartListAccounts() { | 837 void GaiaAuthFetcher::StartListAccounts() { |
657 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | 838 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
658 | 839 |
840 net::NetworkTrafficAnnotationTag traffic_annotation = | |
841 net::DefineNetworkTrafficAnnotation("gaia_auth_list_accounts", R"( | |
842 semantics { | |
843 sender: "Chrome - Google authentication API" | |
844 description: | |
845 "This request is used to list the accounts in the Google " | |
846 "authentication cookies." | |
847 trigger: | |
848 "This request is part of Gaia Auth API, and is triggered whenever " | |
849 "the list of all available accounts in the Google authentication " | |
850 "cookies is required." | |
851 data: "None." | |
852 destination: GOOGLE_OWNED_SERVICE | |
853 } | |
854 policy { | |
855 cookies_allowed: true | |
856 cookies_store: "user" | |
857 setting: | |
858 "This feature cannot be disabled in settings, but if user signs " | |
859 "out of Chrome, this request would not be made." | |
860 chrome_policy { | |
861 SigninAllowed { | |
862 policy_options {mode: MANDATORY} | |
863 SigninAllowed: false | |
864 } | |
865 } | |
866 })"); | |
659 CreateAndStartGaiaFetcher(" ", // To force an HTTP POST. | 867 CreateAndStartGaiaFetcher(" ", // To force an HTTP POST. |
660 "Origin: https://www.google.com", | 868 "Origin: https://www.google.com", |
661 list_accounts_gurl_, net::LOAD_NORMAL); | 869 list_accounts_gurl_, net::LOAD_NORMAL, |
870 traffic_annotation); | |
662 } | 871 } |
663 | 872 |
664 void GaiaAuthFetcher::StartLogOut() { | 873 void GaiaAuthFetcher::StartLogOut() { |
665 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | 874 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
666 | 875 |
876 net::NetworkTrafficAnnotationTag traffic_annotation = | |
877 net::DefineNetworkTrafficAnnotation("gaia_auth_log_out", R"( | |
878 semantics { | |
879 sender: "Chrome - Google authentication API" | |
880 description: | |
881 "This request is part of the Chrome - Google authentication API " | |
882 "and allows its callers to sign out all Google accounts from the " | |
883 "content area." | |
884 trigger: | |
885 "This request is part of Gaia Auth API, and is triggered whenever " | |
886 "signing out of all Google accounts is required." | |
887 data: "None." | |
888 destination: GOOGLE_OWNED_SERVICE | |
889 } | |
890 policy { | |
891 cookies_allowed: true | |
892 cookies_store: "user" | |
893 setting: | |
894 "This feature cannot be disabled in settings, but if user signs " | |
895 "out of Chrome, this request would not be made." | |
896 chrome_policy { | |
897 SigninAllowed { | |
898 policy_options {mode: MANDATORY} | |
899 SigninAllowed: false | |
900 } | |
901 } | |
902 })"); | |
667 CreateAndStartGaiaFetcher(std::string(), logout_headers_, logout_gurl_, | 903 CreateAndStartGaiaFetcher(std::string(), logout_headers_, logout_gurl_, |
668 net::LOAD_NORMAL); | 904 net::LOAD_NORMAL, traffic_annotation); |
669 } | 905 } |
670 | 906 |
671 void GaiaAuthFetcher::StartGetCheckConnectionInfo() { | 907 void GaiaAuthFetcher::StartGetCheckConnectionInfo() { |
672 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | 908 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
673 | 909 |
910 net::NetworkTrafficAnnotationTag traffic_annotation = | |
911 net::DefineNetworkTrafficAnnotation("gaia_auth_check_connection_info", R"( | |
912 semantics { | |
913 sender: "Chrome - Google authentication API" | |
914 description: | |
915 "This request is used to fetch from the Google authentication " | |
916 "server the the list of URLs to check its connection info." | |
917 trigger: | |
918 "This request is part of Gaia Auth API, and is triggered once " | |
919 "after a Google account is added to the browser." | |
920 data: "None." | |
921 destination: GOOGLE_OWNED_SERVICE | |
922 } | |
923 policy { | |
924 cookies_allowed: false | |
925 setting: | |
926 "This feature cannot be disabled in settings, but if user signs " | |
927 "out of Chrome, this request would not be made." | |
928 chrome_policy { | |
929 SigninAllowed { | |
930 policy_options {mode: MANDATORY} | |
931 SigninAllowed: false | |
932 } | |
933 } | |
934 })"); | |
674 CreateAndStartGaiaFetcher(std::string(), std::string(), | 935 CreateAndStartGaiaFetcher(std::string(), std::string(), |
675 get_check_connection_info_url_, | 936 get_check_connection_info_url_, |
676 kLoadFlagsIgnoreCookies); | 937 kLoadFlagsIgnoreCookies, traffic_annotation); |
677 } | 938 } |
678 | 939 |
679 void GaiaAuthFetcher::StartListIDPSessions(const std::string& scopes, | |
680 const std::string& domain) { | |
681 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | |
682 | |
683 request_body_ = MakeListIDPSessionsBody(scopes, domain); | |
684 requested_service_ = kListIdpServiceRequested; | |
685 CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_iframe_url_, | |
686 net::LOAD_NORMAL); | |
687 } | |
688 | |
689 void GaiaAuthFetcher::StartGetTokenResponse(const std::string& scopes, | |
690 const std::string& domain, | |
691 const std::string& login_hint) { | |
692 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | |
693 | |
694 request_body_ = MakeGetTokenResponseBody(scopes, domain, login_hint); | |
695 requested_service_ = kGetTokenResponseRequested; | |
696 CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_iframe_url_, | |
697 net::LOAD_NORMAL); | |
698 } | |
699 | 940 |
700 // static | 941 // static |
701 GoogleServiceAuthError GaiaAuthFetcher::GenerateAuthError( | 942 GoogleServiceAuthError GaiaAuthFetcher::GenerateAuthError( |
702 const std::string& data, | 943 const std::string& data, |
703 const net::URLRequestStatus& status) { | 944 const net::URLRequestStatus& status) { |
704 if (!status.is_success()) { | 945 if (!status.is_success()) { |
705 if (status.status() == net::URLRequestStatus::CANCELED) { | 946 if (status.status() == net::URLRequestStatus::CANCELED) { |
706 return GoogleServiceAuthError(GoogleServiceAuthError::REQUEST_CANCELED); | 947 return GoogleServiceAuthError(GoogleServiceAuthError::REQUEST_CANCELED); |
707 } | 948 } |
708 DLOG(WARNING) << "Could not reach Google Accounts servers: errno " | 949 DLOG(WARNING) << "Could not reach Google Accounts servers: errno " |
(...skipping 309 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1018 return alleged_error.find(kSecondFactor) != | 1259 return alleged_error.find(kSecondFactor) != |
1019 std::string::npos; | 1260 std::string::npos; |
1020 } | 1261 } |
1021 | 1262 |
1022 // static | 1263 // static |
1023 bool GaiaAuthFetcher::IsWebLoginRequiredSuccess( | 1264 bool GaiaAuthFetcher::IsWebLoginRequiredSuccess( |
1024 const std::string& alleged_error) { | 1265 const std::string& alleged_error) { |
1025 return alleged_error.find(kWebLoginRequired) != | 1266 return alleged_error.find(kWebLoginRequired) != |
1026 std::string::npos; | 1267 std::string::npos; |
1027 } | 1268 } |
OLD | NEW |