Chromium Code Reviews Chromium Code Reviews
Issue 2872253002:
Network traffic annotation added to gaia_auth_fetcher. (Closed)
| Index: google_apis/gaia/gaia_auth_fetcher.cc |
| diff --git a/google_apis/gaia/gaia_auth_fetcher.cc b/google_apis/gaia/gaia_auth_fetcher.cc |
| index dcc6eb4e2aefe6c59eff45c4d6791dfe39476ccd..a0de76536c78e1f258620a6892273ecc696fa333 100644 |
| --- a/google_apis/gaia/gaia_auth_fetcher.cc |
| +++ b/google_apis/gaia/gaia_auth_fetcher.cc |
| @@ -219,14 +219,16 @@ void GaiaAuthFetcher::CancelRequest() { |
| fetch_pending_ = false; |
| } |
| -void GaiaAuthFetcher::CreateAndStartGaiaFetcher(const std::string& body, |
| - const std::string& headers, |
| - const GURL& gaia_gurl, |
| - int load_flags) { |
| +void GaiaAuthFetcher::CreateAndStartGaiaFetcher( |
| + const std::string& body, |
| + const std::string& headers, |
| + const GURL& gaia_gurl, |
| + int load_flags, |
| + const net::NetworkTrafficAnnotationTag& traffic_annotation) { |
| DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
| fetcher_ = net::URLFetcher::Create( |
| 0, gaia_gurl, body.empty() ? net::URLFetcher::GET : net::URLFetcher::POST, |
| - this); |
| + this, traffic_annotation); |
| fetcher_->SetRequestContext(getter_); |
| fetcher_->SetUploadData("application/x-www-form-urlencoded", body); |
| gaia::MarkURLFetcherAsGaia(fetcher_.get()); |
| @@ -511,25 +513,37 @@ bool GaiaAuthFetcher::ParseListIdpSessionsResponse(const std::string& data, |
| return true; |
| } |
| -void GaiaAuthFetcher::StartIssueAuthToken(const std::string& sid, |
| - const std::string& lsid, |
| - const char* const service) { |
| - DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
| - |
| - VLOG(1) << "Starting IssueAuthToken for: " << service; |
| - requested_service_ = service; |
| - request_body_ = MakeIssueAuthTokenBody(sid, lsid, service); |
| - CreateAndStartGaiaFetcher(request_body_, std::string(), |
| - issue_auth_token_gurl_, kLoadFlagsIgnoreCookies); |
| -} |
| void GaiaAuthFetcher::StartRevokeOAuth2Token(const std::string& auth_token) { |
| DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
| VLOG(1) << "Starting OAuth2 token revocation"; |
| request_body_ = MakeRevokeTokenBody(auth_token); |
| + net::NetworkTrafficAnnotationTag traffic_annotation = |
| + net::DefineNetworkTrafficAnnotation("gaia_auth_revoke_token", R"( |
| + semantics { |
| + sender: "Chrome - Google authentication API" |
| + description: "This request revokes an OAuth2 refresh token." |
| + trigger: |
| + "This request is part of Gaia Auth API, and is triggered whenever " |
|
msarda
2017/05/22 09:43:07
an OAuth 2.0 refresh token needs to be revoked.
Ramin Halavati
2017/05/22 10:00:52
Done.
|
| + "..." |
| + data: "The OAuth2 refresh token that should be revoked." |
| + destination: GOOGLE_OWNED_SERVICE |
| + } |
| + policy { |
| + cookies_allowed: false |
| + setting: |
| + "This feature cannot be disabled in settings, but if user signs " |
| + "out of Chrome, this request would not be made." |
| + chrome_policy { |
| + SigninAllowed { |
| + policy_options {mode: MANDATORY} |
| + SigninAllowed: false |
| + } |
| + } |
| + })"); |
| CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_revoke_gurl_, |
| - kLoadFlagsIgnoreCookies); |
| + kLoadFlagsIgnoreCookies, traffic_annotation); |
| } |
| void GaiaAuthFetcher::StartCookieForOAuthLoginTokenExchange( |
| @@ -575,9 +589,38 @@ void GaiaAuthFetcher::StartCookieForOAuthLoginTokenExchange( |
| } |
| fetch_token_from_auth_code_ = fetch_token_from_auth_code; |
| + net::NetworkTrafficAnnotationTag traffic_annotation = |
| + net::DefineNetworkTrafficAnnotation("gaia_auth_exchange_cookies", R"( |
| + semantics { |
| + sender: "Chrome - Google authentication API" |
| + description: |
| + "This request exchanges the cookies of a Google signed-in user " |
| + "session for an OAuth2 refresh token." |
| + trigger: |
| + "This request is part of Gaia Auth API, and is triggered whenever " |
| + "..." |
|
msarda
2017/05/22 09:43:07
and may be triggered at the end of the Chrome sign
Ramin Halavati
2017/05/22 10:00:52
Done.
|
| + data: |
| + "The Google console client ID of the Chrome application, the ID of " |
| + "the device, and the index of the session in the Google " |
| + "authentication cookies." |
| + destination: GOOGLE_OWNED_SERVICE |
| + } |
| + policy { |
| + cookies_allowed: true |
| + cookies_store: "user" |
| + setting: |
| + "This feature cannot be disabled in settings, but if user signs " |
| + "out of Chrome, this request would not be made." |
| + chrome_policy { |
| + SigninAllowed { |
| + policy_options {mode: MANDATORY} |
| + SigninAllowed: false |
| + } |
| + } |
| + })"); |
| CreateAndStartGaiaFetcher(std::string(), device_id_header, |
| client_login_to_oauth2_gurl_.Resolve(query_string), |
| - net::LOAD_NORMAL); |
| + net::LOAD_NORMAL, traffic_annotation); |
| } |
| void GaiaAuthFetcher::StartAuthCodeForOAuth2TokenExchange( |
| @@ -592,8 +635,36 @@ void GaiaAuthFetcher::StartAuthCodeForOAuth2TokenExchangeWithDeviceId( |
| VLOG(1) << "Starting OAuth token pair fetch"; |
| request_body_ = MakeGetTokenPairBody(auth_code, device_id); |
| + net::NetworkTrafficAnnotationTag traffic_annotation = |
| + net::DefineNetworkTrafficAnnotation("gaia_auth_exchange_device_id", R"( |
| + semantics { |
| + sender: "Chrome - Google authentication API" |
| + description: |
| + "This request exchanges an authorization code for an Oauth 2.0 " |
| + "refresh token." |
| + trigger: |
| + "This request is part of Gaia Auth API, and is triggered whenever " |
|
msarda
2017/05/22 09:43:07
and may be triggered at the end of the Chrome sign
Ramin Halavati
2017/05/22 10:00:52
Done.
|
| + "..." |
| + data: |
| + "The Google console client ID and client secret of the Chrome " |
| + "application, the OAuth 2.0 authorization code, and the ID of the " |
| + "device." |
| + destination: GOOGLE_OWNED_SERVICE |
| + } |
| + policy { |
| + cookies_allowed: false |
| + setting: |
| + "This feature cannot be disabled in settings, but if user signs " |
| + "out of Chrome, this request would not be made." |
| + chrome_policy { |
| + SigninAllowed { |
| + policy_options {mode: MANDATORY} |
| + SigninAllowed: false |
| + } |
| + } |
| + })"); |
| CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_token_gurl_, |
| - kLoadFlagsIgnoreCookies); |
| + kLoadFlagsIgnoreCookies, traffic_annotation); |
| } |
| void GaiaAuthFetcher::StartGetUserInfo(const std::string& lsid) { |
| @@ -601,8 +672,31 @@ void GaiaAuthFetcher::StartGetUserInfo(const std::string& lsid) { |
| VLOG(1) << "Starting GetUserInfo for lsid=" << lsid; |
| request_body_ = MakeGetUserInfoBody(lsid); |
| + net::NetworkTrafficAnnotationTag traffic_annotation = |
| + net::DefineNetworkTrafficAnnotation("gaia_auth_get_user_info", R"( |
| + semantics { |
| + sender: "Chrome - Google authentication API" |
| + description: |
| + "This request fetches user information of a Google account." |
| + trigger: |
| + "This fetcher is only used after signing in with a child account." |
| + data: "The value of the Google authentication LSID cookie." |
| + destination: GOOGLE_OWNED_SERVICE |
| + } |
| + policy { |
| + cookies_allowed: false |
| + setting: |
| + "This feature cannot be disabled in settings, but if user signs " |
| + "out of Chrome, this request would not be made." |
| + chrome_policy { |
| + SigninAllowed { |
| + policy_options {mode: MANDATORY} |
| + SigninAllowed: false |
| + } |
| + } |
| + })"); |
| CreateAndStartGaiaFetcher(request_body_, std::string(), get_user_info_gurl_, |
| - kLoadFlagsIgnoreCookies); |
| + kLoadFlagsIgnoreCookies, traffic_annotation); |
| } |
| void GaiaAuthFetcher::StartMergeSession(const std::string& uber_token, |
| @@ -622,9 +716,37 @@ void GaiaAuthFetcher::StartMergeSession(const std::string& uber_token, |
| std::string continue_url("http://www.google.com"); |
| std::string query = MakeMergeSessionQuery(uber_token, external_cc_result, |
| continue_url, source_); |
| + net::NetworkTrafficAnnotationTag traffic_annotation = |
| + net::DefineNetworkTrafficAnnotation("gaia_auth_merge_sessions", R"( |
| + semantics { |
| + sender: "Chrome - Google authentication API" |
| + description: |
| + "This request adds an account to the Google authentication cookies." |
| + trigger: |
| + "This request is part of Gaia Auth API, and is triggered whenever " |
| + "a new Google account is added to the browser. |
| + data: |
| + "This request includes the user-auth token and sometimes a string " |
| + "containing the result of connection checks for various Google web " |
| + "properties." |
| + destination: GOOGLE_OWNED_SERVICE |
| + } |
| + policy { |
| + cookies_allowed: true |
| + cookies_store: "user" |
| + setting: |
| + "This feature cannot be disabled in settings, but if user signs " |
| + "out of Chrome, this request would not be made." |
| + chrome_policy { |
| + SigninAllowed { |
| + policy_options {mode: MANDATORY} |
| + SigninAllowed: false |
| + } |
| + } |
| + })"); |
| CreateAndStartGaiaFetcher(std::string(), std::string(), |
| merge_session_gurl_.Resolve(query), |
| - net::LOAD_NORMAL); |
| + net::LOAD_NORMAL, traffic_annotation); |
| } |
| void GaiaAuthFetcher::StartTokenFetchForUberAuthExchange( |
| @@ -638,8 +760,36 @@ void GaiaAuthFetcher::StartTokenFetchForUberAuthExchange( |
| base::StringPrintf(kOAuthHeaderFormat, access_token.c_str()); |
| int load_flags = |
| is_bound_to_channel_id ? net::LOAD_NORMAL : kLoadFlagsIgnoreCookies; |
| + net::NetworkTrafficAnnotationTag traffic_annotation = |
| + net::DefineNetworkTrafficAnnotation("gaia_auth_fetch_for_uber", R"( |
| + semantics { |
| + sender: "Chrome - Google authentication API" |
| + description: |
| + "This request exchanges an Oauth2 access token for an uber-auth " |
| + "token that. This token may be used to add an account to the " |
| + "Google authentication cookies." |
| + trigger: |
| + "This request is part of Gaia Auth API, and is triggered whenever " |
| + "..." |
|
msarda
2017/05/22 09:43:07
a new Google account is added to the browser.
Ramin Halavati
2017/05/22 10:00:52
Done.
|
| + data: "This request contains an OAuth2 access token. " |
| + destination: GOOGLE_OWNED_SERVICE |
| + } |
| + policy { |
| + cookies_allowed: true |
| + cookies_store: "user" |
| + setting: |
| + "This feature cannot be disabled in settings, but if user signs " |
| + "out of Chrome, this request would not be made." |
| + chrome_policy { |
| + SigninAllowed { |
| + policy_options {mode: MANDATORY} |
| + SigninAllowed: false |
| + } |
| + } |
| + })"); |
| CreateAndStartGaiaFetcher(std::string(), authentication_header, |
| - uberauth_token_gurl_, load_flags); |
| + uberauth_token_gurl_, load_flags, |
| + traffic_annotation); |
| } |
| void GaiaAuthFetcher::StartOAuthLogin(const std::string& access_token, |
| @@ -649,53 +799,144 @@ void GaiaAuthFetcher::StartOAuthLogin(const std::string& access_token, |
| request_body_ = MakeOAuthLoginBody(service, source_); |
| std::string authentication_header = |
| base::StringPrintf(kOAuth2BearerHeaderFormat, access_token.c_str()); |
| + net::NetworkTrafficAnnotationTag traffic_annotation = |
| + net::DefineNetworkTrafficAnnotation("gaia_auth_login", R"( |
| + semantics { |
| + sender: "Chrome - Google authentication API" |
| + description: |
| + "This request exchanges an OAuthLogin-scoped oauth2 access token " |
| + "for a ClientLogin-style service tokens. The response to this " |
| + "request is the same as the response to a ClientLogin request, " |
| + "except that captcha challenges are never issued." |
| + trigger: |
| + "This request is part of Gaia Auth API, and is triggered whenever " |
| + "..." |
|
msarda
2017/05/22 09:43:07
after signing in with a child account.
Ramin Halavati
2017/05/22 10:00:52
Done.
|
| + data: |
| + "This request contains an OAuth2 access token and the service for " |
| + "which a ClientLogin-style should be delivered." |
| + destination: GOOGLE_OWNED_SERVICE |
| + } |
| + policy { |
| + cookies_allowed: true |
| + cookies_store: "user" |
| + setting: |
| + "This feature cannot be disabled in settings, but if user signs " |
| + "out of Chrome, this request would not be made." |
| + chrome_policy { |
| + SigninAllowed { |
| + policy_options {mode: MANDATORY} |
| + SigninAllowed: false |
| + } |
| + } |
| + })"); |
| CreateAndStartGaiaFetcher(request_body_, authentication_header, |
| - oauth_login_gurl_, net::LOAD_NORMAL); |
| + oauth_login_gurl_, net::LOAD_NORMAL, |
| + traffic_annotation); |
| } |
| void GaiaAuthFetcher::StartListAccounts() { |
| DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
| + net::NetworkTrafficAnnotationTag traffic_annotation = |
| + net::DefineNetworkTrafficAnnotation("gaia_auth_list_accounts", R"( |
| + semantics { |
| + sender: "Chrome - Google authentication API" |
| + description: |
| + "This request is used to list the accounts in the Google " |
| + "authentication cookies.." |
|
msarda
2017/05/22 09:43:07
Remove "." (no need for 2 ".." here).
Ramin Halavati
2017/05/22 10:00:52
Done.
|
| + trigger: |
| + "This request is part of Gaia Auth API, and is triggered whenever " |
| + "the list of all available Google accounts on the browser are " |
|
msarda
2017/05/22 09:43:07
all available accounts in the Google authenticatio
Ramin Halavati
2017/05/22 10:00:52
Done.
|
| + "required. " |
| + data: "None." |
| + destination: GOOGLE_OWNED_SERVICE |
| + } |
| + policy { |
| + cookies_allowed: true |
| + cookies_store: "user" |
| + setting: |
| + "This feature cannot be disabled in settings, but if user signs " |
| + "out of Chrome, this request would not be made." |
| + chrome_policy { |
| + SigninAllowed { |
| + policy_options {mode: MANDATORY} |
| + SigninAllowed: false |
| + } |
| + } |
| + })"); |
| CreateAndStartGaiaFetcher(" ", // To force an HTTP POST. |
| "Origin: https://www.google.com", |
| - list_accounts_gurl_, net::LOAD_NORMAL); |
| + list_accounts_gurl_, net::LOAD_NORMAL, |
| + traffic_annotation); |
| } |
| void GaiaAuthFetcher::StartLogOut() { |
| DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
| + net::NetworkTrafficAnnotationTag traffic_annotation = |
| + net::DefineNetworkTrafficAnnotation("gaia_auth_log_out", R"( |
| + semantics { |
| + sender: "Chrome - Google authentication API" |
| + description: |
| + "This request is part of the Chrome - Google authentication API " |
| + "and allows its callers to sign out all Google accounts from the " |
| + "content area." |
| + trigger: |
| + "This request is part of Gaia Auth API, and is triggered whenever " |
| + "signing out of all Google accounts is required." |
| + data: "None." |
| + destination: GOOGLE_OWNED_SERVICE |
| + } |
| + policy { |
| + cookies_allowed: true |
| + cookies_store: "user" |
| + setting: |
| + "This feature cannot be disabled in settings, but if user signs " |
| + "out of Chrome, this request would not be made." |
| + chrome_policy { |
| + SigninAllowed { |
| + policy_options {mode: MANDATORY} |
| + SigninAllowed: false |
| + } |
| + } |
| + })"); |
| CreateAndStartGaiaFetcher(std::string(), logout_headers_, logout_gurl_, |
| - net::LOAD_NORMAL); |
| + net::LOAD_NORMAL, traffic_annotation); |
| } |
| void GaiaAuthFetcher::StartGetCheckConnectionInfo() { |
| DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
| + net::NetworkTrafficAnnotationTag traffic_annotation = |
| + net::DefineNetworkTrafficAnnotation("gaia_auth_check_connection_info", R"( |
| + semantics { |
| + sender: "Chrome - Google authentication API" |
| + description: |
| + "This request is used to fetch from the Google authentication " |
| + "server the the list of URLs to check its connection info." |
| + trigger: |
| + "This request is part of Gaia Auth API, and is triggered whenever " |
| + "..." |
|
msarda
2017/05/22 09:43:07
Remove "whenever" and add "once after a Google acc
Ramin Halavati
2017/05/22 10:00:52
Done.
|
| + data: "None." |
| + destination: GOOGLE_OWNED_SERVICE |
| + } |
| + policy { |
| + cookies_allowed: false |
| + setting: |
| + "This feature cannot be disabled in settings, but if user signs " |
| + "out of Chrome, this request would not be made." |
| + chrome_policy { |
| + SigninAllowed { |
| + policy_options {mode: MANDATORY} |
| + SigninAllowed: false |
| + } |
| + } |
| + })"); |
| CreateAndStartGaiaFetcher(std::string(), std::string(), |
| get_check_connection_info_url_, |
| - kLoadFlagsIgnoreCookies); |
| -} |
| - |
| -void GaiaAuthFetcher::StartListIDPSessions(const std::string& scopes, |
| - const std::string& domain) { |
| - DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
| - |
| - request_body_ = MakeListIDPSessionsBody(scopes, domain); |
| - requested_service_ = kListIdpServiceRequested; |
| - CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_iframe_url_, |
| - net::LOAD_NORMAL); |
| + kLoadFlagsIgnoreCookies, traffic_annotation); |
| } |
| -void GaiaAuthFetcher::StartGetTokenResponse(const std::string& scopes, |
| - const std::string& domain, |
| - const std::string& login_hint) { |
| - DCHECK(!fetch_pending_) << "Tried to fetch two things at once!"; |
| - |
| - request_body_ = MakeGetTokenResponseBody(scopes, domain, login_hint); |
| - requested_service_ = kGetTokenResponseRequested; |
| - CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_iframe_url_, |
| - net::LOAD_NORMAL); |
| -} |
| // static |
| GoogleServiceAuthError GaiaAuthFetcher::GenerateAuthError( |
