OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "google_apis/gaia/gaia_auth_fetcher.h" | 5 #include "google_apis/gaia/gaia_auth_fetcher.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 #include <utility> | 8 #include <utility> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
212 | 212 |
213 void GaiaAuthFetcher::SetLogoutHeaders(const std::string& headers) { | 213 void GaiaAuthFetcher::SetLogoutHeaders(const std::string& headers) { |
214 logout_headers_ = headers; | 214 logout_headers_ = headers; |
215 } | 215 } |
216 | 216 |
217 void GaiaAuthFetcher::CancelRequest() { | 217 void GaiaAuthFetcher::CancelRequest() { |
218 fetcher_.reset(); | 218 fetcher_.reset(); |
219 fetch_pending_ = false; | 219 fetch_pending_ = false; |
220 } | 220 } |
221 | 221 |
222 void GaiaAuthFetcher::CreateAndStartGaiaFetcher(const std::string& body, | 222 void GaiaAuthFetcher::CreateAndStartGaiaFetcher( |
223 const std::string& headers, | 223 const std::string& body, |
224 const GURL& gaia_gurl, | 224 const std::string& headers, |
225 int load_flags) { | 225 const GURL& gaia_gurl, |
| 226 int load_flags, |
| 227 const net::NetworkTrafficAnnotationTag& traffic_annotation) { |
226 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | 228 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
227 fetcher_ = net::URLFetcher::Create( | 229 fetcher_ = net::URLFetcher::Create( |
228 0, gaia_gurl, body.empty() ? net::URLFetcher::GET : net::URLFetcher::POST, | 230 0, gaia_gurl, body.empty() ? net::URLFetcher::GET : net::URLFetcher::POST, |
229 this); | 231 this, traffic_annotation); |
230 fetcher_->SetRequestContext(getter_); | 232 fetcher_->SetRequestContext(getter_); |
231 fetcher_->SetUploadData("application/x-www-form-urlencoded", body); | 233 fetcher_->SetUploadData("application/x-www-form-urlencoded", body); |
232 gaia::MarkURLFetcherAsGaia(fetcher_.get()); | 234 gaia::MarkURLFetcherAsGaia(fetcher_.get()); |
233 | 235 |
234 VLOG(2) << "Gaia fetcher URL: " << gaia_gurl.spec(); | 236 VLOG(2) << "Gaia fetcher URL: " << gaia_gurl.spec(); |
235 VLOG(2) << "Gaia fetcher headers: " << headers; | 237 VLOG(2) << "Gaia fetcher headers: " << headers; |
236 VLOG(2) << "Gaia fetcher body: " << body; | 238 VLOG(2) << "Gaia fetcher body: " << body; |
237 | 239 |
238 // The Gaia token exchange requests do not require any cookie-based | 240 // The Gaia token exchange requests do not require any cookie-based |
239 // identification as part of requests. We suppress sending any cookies to | 241 // identification as part of requests. We suppress sending any cookies to |
(...skipping 264 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
504 | 506 |
505 if (sessionDictionary->GetString("login_hint", login_hint)) | 507 if (sessionDictionary->GetString("login_hint", login_hint)) |
506 break; | 508 break; |
507 } | 509 } |
508 | 510 |
509 if (login_hint->empty()) | 511 if (login_hint->empty()) |
510 return false; | 512 return false; |
511 return true; | 513 return true; |
512 } | 514 } |
513 | 515 |
514 void GaiaAuthFetcher::StartIssueAuthToken(const std::string& sid, | |
515 const std::string& lsid, | |
516 const char* const service) { | |
517 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | |
518 | |
519 VLOG(1) << "Starting IssueAuthToken for: " << service; | |
520 requested_service_ = service; | |
521 request_body_ = MakeIssueAuthTokenBody(sid, lsid, service); | |
522 CreateAndStartGaiaFetcher(request_body_, std::string(), | |
523 issue_auth_token_gurl_, kLoadFlagsIgnoreCookies); | |
524 } | |
525 | 516 |
526 void GaiaAuthFetcher::StartRevokeOAuth2Token(const std::string& auth_token) { | 517 void GaiaAuthFetcher::StartRevokeOAuth2Token(const std::string& auth_token) { |
527 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | 518 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
528 | 519 |
529 VLOG(1) << "Starting OAuth2 token revocation"; | 520 VLOG(1) << "Starting OAuth2 token revocation"; |
530 request_body_ = MakeRevokeTokenBody(auth_token); | 521 request_body_ = MakeRevokeTokenBody(auth_token); |
| 522 net::NetworkTrafficAnnotationTag traffic_annotation = |
| 523 net::DefineNetworkTrafficAnnotation("gaia_auth_revoke_token", R"( |
| 524 semantics { |
| 525 sender: "Chrome - Google authentication API" |
| 526 description: "This request revokes an OAuth 2.0 refresh token." |
| 527 trigger: |
| 528 "This request is part of Gaia Auth API, and is triggered whenever " |
| 529 "an OAuth 2.0 refresh token needs to be revoked." |
| 530 data: "The OAuth 2.0 refresh token that should be revoked." |
| 531 destination: GOOGLE_OWNED_SERVICE |
| 532 } |
| 533 policy { |
| 534 cookies_allowed: false |
| 535 setting: |
| 536 "This feature cannot be disabled in settings, but if the user " |
| 537 "signs out of Chrome, this request would not be made." |
| 538 chrome_policy { |
| 539 SigninAllowed { |
| 540 policy_options {mode: MANDATORY} |
| 541 SigninAllowed: false |
| 542 } |
| 543 } |
| 544 })"); |
531 CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_revoke_gurl_, | 545 CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_revoke_gurl_, |
532 kLoadFlagsIgnoreCookies); | 546 kLoadFlagsIgnoreCookies, traffic_annotation); |
533 } | 547 } |
534 | 548 |
535 void GaiaAuthFetcher::StartCookieForOAuthLoginTokenExchange( | 549 void GaiaAuthFetcher::StartCookieForOAuthLoginTokenExchange( |
536 const std::string& session_index) { | 550 const std::string& session_index) { |
537 StartCookieForOAuthLoginTokenExchangeWithDeviceId(session_index, | 551 StartCookieForOAuthLoginTokenExchangeWithDeviceId(session_index, |
538 std::string()); | 552 std::string()); |
539 } | 553 } |
540 | 554 |
541 void GaiaAuthFetcher::StartCookieForOAuthLoginTokenExchangeWithDeviceId( | 555 void GaiaAuthFetcher::StartCookieForOAuthLoginTokenExchangeWithDeviceId( |
542 const std::string& session_index, | 556 const std::string& session_index, |
(...skipping 25 matching lines...) Expand all Loading... |
568 if (!session_index.empty()) | 582 if (!session_index.empty()) |
569 query_string += "&authuser=" + session_index; | 583 query_string += "&authuser=" + session_index; |
570 | 584 |
571 std::string device_id_header; | 585 std::string device_id_header; |
572 if (!device_id.empty()) { | 586 if (!device_id.empty()) { |
573 device_id_header = | 587 device_id_header = |
574 base::StringPrintf(kDeviceIdHeaderFormat, device_id.c_str()); | 588 base::StringPrintf(kDeviceIdHeaderFormat, device_id.c_str()); |
575 } | 589 } |
576 | 590 |
577 fetch_token_from_auth_code_ = fetch_token_from_auth_code; | 591 fetch_token_from_auth_code_ = fetch_token_from_auth_code; |
| 592 net::NetworkTrafficAnnotationTag traffic_annotation = |
| 593 net::DefineNetworkTrafficAnnotation("gaia_auth_exchange_cookies", R"( |
| 594 semantics { |
| 595 sender: "Chrome - Google authentication API" |
| 596 description: |
| 597 "This request exchanges the cookies of a Google signed-in user " |
| 598 "session for an OAuth 2.0 refresh token." |
| 599 trigger: |
| 600 "This request is part of Gaia Auth API, and may be triggered at " |
| 601 "the end of the Chrome sign-in flow." |
| 602 data: |
| 603 "The Google console client ID of the Chrome application, the ID of " |
| 604 "the device, and the index of the session in the Google " |
| 605 "authentication cookies." |
| 606 destination: GOOGLE_OWNED_SERVICE |
| 607 } |
| 608 policy { |
| 609 cookies_allowed: true |
| 610 cookies_store: "user" |
| 611 setting: |
| 612 "This feature cannot be disabled in settings, but if the user " |
| 613 "signs out of Chrome, this request would not be made." |
| 614 chrome_policy { |
| 615 SigninAllowed { |
| 616 policy_options {mode: MANDATORY} |
| 617 SigninAllowed: false |
| 618 } |
| 619 } |
| 620 })"); |
578 CreateAndStartGaiaFetcher(std::string(), device_id_header, | 621 CreateAndStartGaiaFetcher(std::string(), device_id_header, |
579 client_login_to_oauth2_gurl_.Resolve(query_string), | 622 client_login_to_oauth2_gurl_.Resolve(query_string), |
580 net::LOAD_NORMAL); | 623 net::LOAD_NORMAL, traffic_annotation); |
581 } | 624 } |
582 | 625 |
583 void GaiaAuthFetcher::StartAuthCodeForOAuth2TokenExchange( | 626 void GaiaAuthFetcher::StartAuthCodeForOAuth2TokenExchange( |
584 const std::string& auth_code) { | 627 const std::string& auth_code) { |
585 StartAuthCodeForOAuth2TokenExchangeWithDeviceId(auth_code, std::string()); | 628 StartAuthCodeForOAuth2TokenExchangeWithDeviceId(auth_code, std::string()); |
586 } | 629 } |
587 | 630 |
588 void GaiaAuthFetcher::StartAuthCodeForOAuth2TokenExchangeWithDeviceId( | 631 void GaiaAuthFetcher::StartAuthCodeForOAuth2TokenExchangeWithDeviceId( |
589 const std::string& auth_code, | 632 const std::string& auth_code, |
590 const std::string& device_id) { | 633 const std::string& device_id) { |
591 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | 634 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
592 | 635 |
593 VLOG(1) << "Starting OAuth token pair fetch"; | 636 VLOG(1) << "Starting OAuth token pair fetch"; |
594 request_body_ = MakeGetTokenPairBody(auth_code, device_id); | 637 request_body_ = MakeGetTokenPairBody(auth_code, device_id); |
| 638 net::NetworkTrafficAnnotationTag traffic_annotation = |
| 639 net::DefineNetworkTrafficAnnotation("gaia_auth_exchange_device_id", R"( |
| 640 semantics { |
| 641 sender: "Chrome - Google authentication API" |
| 642 description: |
| 643 "This request exchanges an authorization code for an OAuth 2.0 " |
| 644 "refresh token." |
| 645 trigger: |
| 646 "This request is part of Gaia Auth API, and may be triggered at " |
| 647 "the end of the Chrome sign-in flow." |
| 648 data: |
| 649 "The Google console client ID and client secret of the Chrome " |
| 650 "application, the OAuth 2.0 authorization code, and the ID of the " |
| 651 "device." |
| 652 destination: GOOGLE_OWNED_SERVICE |
| 653 } |
| 654 policy { |
| 655 cookies_allowed: false |
| 656 setting: |
| 657 "This feature cannot be disabled in settings, but if the user " |
| 658 "signs out of Chrome, this request would not be made." |
| 659 chrome_policy { |
| 660 SigninAllowed { |
| 661 policy_options {mode: MANDATORY} |
| 662 SigninAllowed: false |
| 663 } |
| 664 } |
| 665 })"); |
595 CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_token_gurl_, | 666 CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_token_gurl_, |
596 kLoadFlagsIgnoreCookies); | 667 kLoadFlagsIgnoreCookies, traffic_annotation); |
597 } | 668 } |
598 | 669 |
599 void GaiaAuthFetcher::StartGetUserInfo(const std::string& lsid) { | 670 void GaiaAuthFetcher::StartGetUserInfo(const std::string& lsid) { |
600 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | 671 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
601 | 672 |
602 VLOG(1) << "Starting GetUserInfo for lsid=" << lsid; | 673 VLOG(1) << "Starting GetUserInfo for lsid=" << lsid; |
603 request_body_ = MakeGetUserInfoBody(lsid); | 674 request_body_ = MakeGetUserInfoBody(lsid); |
| 675 net::NetworkTrafficAnnotationTag traffic_annotation = |
| 676 net::DefineNetworkTrafficAnnotation("gaia_auth_get_user_info", R"( |
| 677 semantics { |
| 678 sender: "Chrome - Google authentication API" |
| 679 description: |
| 680 "This request fetches user information of a Google account." |
| 681 trigger: |
| 682 "This fetcher is only used after signing in with a child account." |
| 683 data: "The value of the Google authentication LSID cookie." |
| 684 destination: GOOGLE_OWNED_SERVICE |
| 685 } |
| 686 policy { |
| 687 cookies_allowed: false |
| 688 setting: |
| 689 "This feature cannot be disabled in settings, but if the user " |
| 690 "signs out of Chrome, this request would not be made." |
| 691 chrome_policy { |
| 692 SigninAllowed { |
| 693 policy_options {mode: MANDATORY} |
| 694 SigninAllowed: false |
| 695 } |
| 696 } |
| 697 })"); |
604 CreateAndStartGaiaFetcher(request_body_, std::string(), get_user_info_gurl_, | 698 CreateAndStartGaiaFetcher(request_body_, std::string(), get_user_info_gurl_, |
605 kLoadFlagsIgnoreCookies); | 699 kLoadFlagsIgnoreCookies, traffic_annotation); |
606 } | 700 } |
607 | 701 |
608 void GaiaAuthFetcher::StartMergeSession(const std::string& uber_token, | 702 void GaiaAuthFetcher::StartMergeSession(const std::string& uber_token, |
609 const std::string& external_cc_result) { | 703 const std::string& external_cc_result) { |
610 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | 704 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
611 | 705 |
612 VLOG(1) << "Starting MergeSession with uber_token=" << uber_token; | 706 VLOG(1) << "Starting MergeSession with uber_token=" << uber_token; |
613 | 707 |
614 // The continue URL is a required parameter of the MergeSession API, but in | 708 // The continue URL is a required parameter of the MergeSession API, but in |
615 // this case we don't actually need or want to navigate to it. Setting it to | 709 // this case we don't actually need or want to navigate to it. Setting it to |
616 // an arbitrary Google URL. | 710 // an arbitrary Google URL. |
617 // | 711 // |
618 // In order for the new session to be merged correctly, the server needs to | 712 // In order for the new session to be merged correctly, the server needs to |
619 // know what sessions already exist in the browser. The fetcher needs to be | 713 // know what sessions already exist in the browser. The fetcher needs to be |
620 // created such that it sends the cookies with the request, which is | 714 // created such that it sends the cookies with the request, which is |
621 // different from all other requests the fetcher can make. | 715 // different from all other requests the fetcher can make. |
622 std::string continue_url("http://www.google.com"); | 716 std::string continue_url("http://www.google.com"); |
623 std::string query = MakeMergeSessionQuery(uber_token, external_cc_result, | 717 std::string query = MakeMergeSessionQuery(uber_token, external_cc_result, |
624 continue_url, source_); | 718 continue_url, source_); |
| 719 net::NetworkTrafficAnnotationTag traffic_annotation = |
| 720 net::DefineNetworkTrafficAnnotation("gaia_auth_merge_sessions", R"( |
| 721 semantics { |
| 722 sender: "Chrome - Google authentication API" |
| 723 description: |
| 724 "This request adds an account to the Google authentication cookies." |
| 725 trigger: |
| 726 "This request is part of Gaia Auth API, and is triggered whenever " |
| 727 "a new Google account is added to the browser." |
| 728 data: |
| 729 "This request includes the user-auth token and sometimes a string " |
| 730 "containing the result of connection checks for various Google web " |
| 731 "properties." |
| 732 destination: GOOGLE_OWNED_SERVICE |
| 733 } |
| 734 policy { |
| 735 cookies_allowed: true |
| 736 cookies_store: "user" |
| 737 setting: |
| 738 "This feature cannot be disabled in settings, but if the user " |
| 739 "signs out of Chrome, this request would not be made." |
| 740 chrome_policy { |
| 741 SigninAllowed { |
| 742 policy_options {mode: MANDATORY} |
| 743 SigninAllowed: false |
| 744 } |
| 745 } |
| 746 })"); |
625 CreateAndStartGaiaFetcher(std::string(), std::string(), | 747 CreateAndStartGaiaFetcher(std::string(), std::string(), |
626 merge_session_gurl_.Resolve(query), | 748 merge_session_gurl_.Resolve(query), |
627 net::LOAD_NORMAL); | 749 net::LOAD_NORMAL, traffic_annotation); |
628 } | 750 } |
629 | 751 |
630 void GaiaAuthFetcher::StartTokenFetchForUberAuthExchange( | 752 void GaiaAuthFetcher::StartTokenFetchForUberAuthExchange( |
631 const std::string& access_token, | 753 const std::string& access_token, |
632 bool is_bound_to_channel_id) { | 754 bool is_bound_to_channel_id) { |
633 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | 755 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
634 | 756 |
635 VLOG(1) << "Starting StartTokenFetchForUberAuthExchange with access_token=" | 757 VLOG(1) << "Starting StartTokenFetchForUberAuthExchange with access_token=" |
636 << access_token; | 758 << access_token; |
637 std::string authentication_header = | 759 std::string authentication_header = |
638 base::StringPrintf(kOAuthHeaderFormat, access_token.c_str()); | 760 base::StringPrintf(kOAuthHeaderFormat, access_token.c_str()); |
639 int load_flags = | 761 int load_flags = |
640 is_bound_to_channel_id ? net::LOAD_NORMAL : kLoadFlagsIgnoreCookies; | 762 is_bound_to_channel_id ? net::LOAD_NORMAL : kLoadFlagsIgnoreCookies; |
| 763 net::NetworkTrafficAnnotationTag traffic_annotation = |
| 764 net::DefineNetworkTrafficAnnotation("gaia_auth_fetch_for_uber", R"( |
| 765 semantics { |
| 766 sender: "Chrome - Google authentication API" |
| 767 description: |
| 768 "This request exchanges an Oauth2 access token for an uber-auth " |
| 769 "token. This token may be used to add an account to the Google " |
| 770 "authentication cookies." |
| 771 trigger: |
| 772 "This request is part of Gaia Auth API, and is triggered whenever " |
| 773 "a new Google account is added to the browser." |
| 774 data: "This request contains an OAuth 2.0 access token. " |
| 775 destination: GOOGLE_OWNED_SERVICE |
| 776 } |
| 777 policy { |
| 778 cookies_allowed: true |
| 779 cookies_store: "user" |
| 780 setting: |
| 781 "This feature cannot be disabled in settings, but if the user " |
| 782 "signs out of Chrome, this request would not be made." |
| 783 chrome_policy { |
| 784 SigninAllowed { |
| 785 policy_options {mode: MANDATORY} |
| 786 SigninAllowed: false |
| 787 } |
| 788 } |
| 789 })"); |
641 CreateAndStartGaiaFetcher(std::string(), authentication_header, | 790 CreateAndStartGaiaFetcher(std::string(), authentication_header, |
642 uberauth_token_gurl_, load_flags); | 791 uberauth_token_gurl_, load_flags, |
| 792 traffic_annotation); |
643 } | 793 } |
644 | 794 |
645 void GaiaAuthFetcher::StartOAuthLogin(const std::string& access_token, | 795 void GaiaAuthFetcher::StartOAuthLogin(const std::string& access_token, |
646 const std::string& service) { | 796 const std::string& service) { |
647 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | 797 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
648 | 798 |
649 request_body_ = MakeOAuthLoginBody(service, source_); | 799 request_body_ = MakeOAuthLoginBody(service, source_); |
650 std::string authentication_header = | 800 std::string authentication_header = |
651 base::StringPrintf(kOAuth2BearerHeaderFormat, access_token.c_str()); | 801 base::StringPrintf(kOAuth2BearerHeaderFormat, access_token.c_str()); |
| 802 net::NetworkTrafficAnnotationTag traffic_annotation = |
| 803 net::DefineNetworkTrafficAnnotation("gaia_auth_login", R"( |
| 804 semantics { |
| 805 sender: "Chrome - Google authentication API" |
| 806 description: |
| 807 "This request exchanges an OAuthLogin-scoped OAuth 2.0 access " |
| 808 "token for a ClientLogin-style service tokens. The response to " |
| 809 "this request is the same as the response to a ClientLogin " |
| 810 "request, except that captcha challenges are never issued." |
| 811 trigger: |
| 812 "This request is part of Gaia Auth API, and is triggered after " |
| 813 "signing in with a child account." |
| 814 data: |
| 815 "This request contains an OAuth 2.0 access token and the service " |
| 816 "for which a ClientLogin-style should be delivered." |
| 817 destination: GOOGLE_OWNED_SERVICE |
| 818 } |
| 819 policy { |
| 820 cookies_allowed: true |
| 821 cookies_store: "user" |
| 822 setting: |
| 823 "This feature cannot be disabled in settings, but if the user " |
| 824 "signs out of Chrome, this request would not be made." |
| 825 chrome_policy { |
| 826 SigninAllowed { |
| 827 policy_options {mode: MANDATORY} |
| 828 SigninAllowed: false |
| 829 } |
| 830 } |
| 831 })"); |
652 CreateAndStartGaiaFetcher(request_body_, authentication_header, | 832 CreateAndStartGaiaFetcher(request_body_, authentication_header, |
653 oauth_login_gurl_, net::LOAD_NORMAL); | 833 oauth_login_gurl_, net::LOAD_NORMAL, |
| 834 traffic_annotation); |
654 } | 835 } |
655 | 836 |
656 void GaiaAuthFetcher::StartListAccounts() { | 837 void GaiaAuthFetcher::StartListAccounts() { |
657 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | 838 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
658 | 839 |
| 840 net::NetworkTrafficAnnotationTag traffic_annotation = |
| 841 net::DefineNetworkTrafficAnnotation("gaia_auth_list_accounts", R"( |
| 842 semantics { |
| 843 sender: "Chrome - Google authentication API" |
| 844 description: |
| 845 "This request is used to list the accounts in the Google " |
| 846 "authentication cookies." |
| 847 trigger: |
| 848 "This request is part of Gaia Auth API, and is triggered whenever " |
| 849 "the list of all available accounts in the Google authentication " |
| 850 "cookies is required." |
| 851 data: "None." |
| 852 destination: GOOGLE_OWNED_SERVICE |
| 853 } |
| 854 policy { |
| 855 cookies_allowed: true |
| 856 cookies_store: "user" |
| 857 setting: |
| 858 "This feature cannot be disabled in settings, but if the user " |
| 859 "signs out of Chrome, this request would not be made." |
| 860 chrome_policy { |
| 861 SigninAllowed { |
| 862 policy_options {mode: MANDATORY} |
| 863 SigninAllowed: false |
| 864 } |
| 865 } |
| 866 })"); |
659 CreateAndStartGaiaFetcher(" ", // To force an HTTP POST. | 867 CreateAndStartGaiaFetcher(" ", // To force an HTTP POST. |
660 "Origin: https://www.google.com", | 868 "Origin: https://www.google.com", |
661 list_accounts_gurl_, net::LOAD_NORMAL); | 869 list_accounts_gurl_, net::LOAD_NORMAL, |
| 870 traffic_annotation); |
662 } | 871 } |
663 | 872 |
664 void GaiaAuthFetcher::StartLogOut() { | 873 void GaiaAuthFetcher::StartLogOut() { |
665 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | 874 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
666 | 875 |
| 876 net::NetworkTrafficAnnotationTag traffic_annotation = |
| 877 net::DefineNetworkTrafficAnnotation("gaia_auth_log_out", R"( |
| 878 semantics { |
| 879 sender: "Chrome - Google authentication API" |
| 880 description: |
| 881 "This request is part of the Chrome - Google authentication API " |
| 882 "and allows its callers to sign out all Google accounts from the " |
| 883 "content area." |
| 884 trigger: |
| 885 "This request is part of Gaia Auth API, and is triggered whenever " |
| 886 "signing out of all Google accounts is required." |
| 887 data: "None." |
| 888 destination: GOOGLE_OWNED_SERVICE |
| 889 } |
| 890 policy { |
| 891 cookies_allowed: true |
| 892 cookies_store: "user" |
| 893 setting: |
| 894 "This feature cannot be disabled in settings, but if the user " |
| 895 "signs out of Chrome, this request would not be made." |
| 896 chrome_policy { |
| 897 SigninAllowed { |
| 898 policy_options {mode: MANDATORY} |
| 899 SigninAllowed: false |
| 900 } |
| 901 } |
| 902 })"); |
667 CreateAndStartGaiaFetcher(std::string(), logout_headers_, logout_gurl_, | 903 CreateAndStartGaiaFetcher(std::string(), logout_headers_, logout_gurl_, |
668 net::LOAD_NORMAL); | 904 net::LOAD_NORMAL, traffic_annotation); |
669 } | 905 } |
670 | 906 |
671 void GaiaAuthFetcher::StartGetCheckConnectionInfo() { | 907 void GaiaAuthFetcher::StartGetCheckConnectionInfo() { |
672 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | 908 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
673 | 909 |
| 910 net::NetworkTrafficAnnotationTag traffic_annotation = |
| 911 net::DefineNetworkTrafficAnnotation("gaia_auth_check_connection_info", R"( |
| 912 semantics { |
| 913 sender: "Chrome - Google authentication API" |
| 914 description: |
| 915 "This request is used to fetch from the Google authentication " |
| 916 "server the the list of URLs to check its connection info." |
| 917 trigger: |
| 918 "This request is part of Gaia Auth API, and is triggered once " |
| 919 "after a Google account is added to the browser." |
| 920 data: "None." |
| 921 destination: GOOGLE_OWNED_SERVICE |
| 922 } |
| 923 policy { |
| 924 cookies_allowed: false |
| 925 setting: |
| 926 "This feature cannot be disabled in settings, but if the user " |
| 927 "signs out of Chrome, this request would not be made." |
| 928 chrome_policy { |
| 929 SigninAllowed { |
| 930 policy_options {mode: MANDATORY} |
| 931 SigninAllowed: false |
| 932 } |
| 933 } |
| 934 })"); |
674 CreateAndStartGaiaFetcher(std::string(), std::string(), | 935 CreateAndStartGaiaFetcher(std::string(), std::string(), |
675 get_check_connection_info_url_, | 936 get_check_connection_info_url_, |
676 kLoadFlagsIgnoreCookies); | 937 kLoadFlagsIgnoreCookies, traffic_annotation); |
677 } | 938 } |
678 | 939 |
679 void GaiaAuthFetcher::StartListIDPSessions(const std::string& scopes, | |
680 const std::string& domain) { | |
681 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | |
682 | |
683 request_body_ = MakeListIDPSessionsBody(scopes, domain); | |
684 requested_service_ = kListIdpServiceRequested; | |
685 CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_iframe_url_, | |
686 net::LOAD_NORMAL); | |
687 } | |
688 | |
689 void GaiaAuthFetcher::StartGetTokenResponse(const std::string& scopes, | |
690 const std::string& domain, | |
691 const std::string& login_hint) { | |
692 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; | |
693 | |
694 request_body_ = MakeGetTokenResponseBody(scopes, domain, login_hint); | |
695 requested_service_ = kGetTokenResponseRequested; | |
696 CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_iframe_url_, | |
697 net::LOAD_NORMAL); | |
698 } | |
699 | 940 |
700 // static | 941 // static |
701 GoogleServiceAuthError GaiaAuthFetcher::GenerateAuthError( | 942 GoogleServiceAuthError GaiaAuthFetcher::GenerateAuthError( |
702 const std::string& data, | 943 const std::string& data, |
703 const net::URLRequestStatus& status) { | 944 const net::URLRequestStatus& status) { |
704 if (!status.is_success()) { | 945 if (!status.is_success()) { |
705 if (status.status() == net::URLRequestStatus::CANCELED) { | 946 if (status.status() == net::URLRequestStatus::CANCELED) { |
706 return GoogleServiceAuthError(GoogleServiceAuthError::REQUEST_CANCELED); | 947 return GoogleServiceAuthError(GoogleServiceAuthError::REQUEST_CANCELED); |
707 } | 948 } |
708 DLOG(WARNING) << "Could not reach Google Accounts servers: errno " | 949 DLOG(WARNING) << "Could not reach Google Accounts servers: errno " |
(...skipping 309 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1018 return alleged_error.find(kSecondFactor) != | 1259 return alleged_error.find(kSecondFactor) != |
1019 std::string::npos; | 1260 std::string::npos; |
1020 } | 1261 } |
1021 | 1262 |
1022 // static | 1263 // static |
1023 bool GaiaAuthFetcher::IsWebLoginRequiredSuccess( | 1264 bool GaiaAuthFetcher::IsWebLoginRequiredSuccess( |
1024 const std::string& alleged_error) { | 1265 const std::string& alleged_error) { |
1025 return alleged_error.find(kWebLoginRequired) != | 1266 return alleged_error.find(kWebLoginRequired) != |
1026 std::string::npos; | 1267 std::string::npos; |
1027 } | 1268 } |
OLD | NEW |