| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "components/signin/core/browser/chrome_connected_header_helper.h" |
| 6 |
| 7 #include <vector> |
| 8 |
| 9 #include "base/strings/string_number_conversions.h" |
| 10 #include "base/strings/string_util.h" |
| 11 #include "base/strings/stringprintf.h" |
| 12 #include "components/google/core/browser/google_util.h" |
| 13 #include "components/signin/core/common/profile_management_switches.h" |
| 14 #include "google_apis/gaia/gaia_auth_util.h" |
| 15 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" |
| 16 #include "url/gurl.h" |
| 17 |
| 18 namespace signin { |
| 19 |
| 20 namespace { |
| 21 |
| 22 const char kEnableAccountConsistencyAttrName[] = "enable_account_consistency"; |
| 23 const char kGaiaIdAttrName[] = "id"; |
| 24 const char kProfileModeAttrName[] = "mode"; |
| 25 |
| 26 } // namespace |
| 27 |
| 28 // static |
| 29 std::string ChromeConnectedHeaderHelper::BuildRequestCookieIfPossible( |
| 30 const GURL& url, |
| 31 const std::string& account_id, |
| 32 const content_settings::CookieSettings* cookie_settings, |
| 33 int profile_mode_mask) { |
| 34 ChromeConnectedHeaderHelper chrome_connected_helper; |
| 35 return chrome_connected_helper.BuildRequestHeaderIfPossible( |
| 36 false /* is_header_request */, url, account_id, cookie_settings, |
| 37 profile_mode_mask); |
| 38 } |
| 39 |
| 40 bool ChromeConnectedHeaderHelper::IsUrlEligibleToIncludeGaiaId( |
| 41 const GURL& url, |
| 42 bool is_header_request) { |
| 43 if (is_header_request) { |
| 44 // Gaia ID is only necessary for Drive. Don't set it otherwise. |
| 45 return IsDriveOrigin(url.GetOrigin()); |
| 46 } |
| 47 |
| 48 // Cookie requests don't have the granularity to only include the Gaia ID for |
| 49 // Drive origin. Set it on all google.com instead. |
| 50 if (!url.SchemeIsCryptographic()) |
| 51 return false; |
| 52 |
| 53 const std::string kGoogleDomain = "google.com"; |
| 54 std::string domain = net::registry_controlled_domains::GetDomainAndRegistry( |
| 55 url, net::registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES); |
| 56 return domain == kGoogleDomain; |
| 57 } |
| 58 |
| 59 bool ChromeConnectedHeaderHelper::IsDriveOrigin(const GURL& url) { |
| 60 if (!url.SchemeIsCryptographic()) |
| 61 return false; |
| 62 |
| 63 const GURL kGoogleDriveURL("https://drive.google.com"); |
| 64 const GURL kGoogleDocsURL("https://docs.google.com"); |
| 65 return url == kGoogleDriveURL || url == kGoogleDocsURL; |
| 66 } |
| 67 |
| 68 bool ChromeConnectedHeaderHelper::IsUrlEligibleForRequestHeader( |
| 69 const GURL& url) { |
| 70 // Only set the header for Drive and Gaia always, and other Google properties |
| 71 // if account consistency is enabled. Vasquette, which is integrated with most |
| 72 // Google properties, needs the header to redirect certain user actions to |
| 73 // Chrome native UI. Drive and Gaia need the header to tell if the current |
| 74 // user is connected. |
| 75 |
| 76 // Consider the account ID sensitive and limit it to secure domains. |
| 77 if (!url.SchemeIsCryptographic()) |
| 78 return false; |
| 79 |
| 80 GURL origin(url.GetOrigin()); |
| 81 bool is_enable_account_consistency = |
| 82 switches::IsAccountConsistencyMirrorEnabled(); |
| 83 bool is_google_url = is_enable_account_consistency && |
| 84 (google_util::IsGoogleDomainUrl( |
| 85 url, google_util::ALLOW_SUBDOMAIN, |
| 86 google_util::DISALLOW_NON_STANDARD_PORTS) || |
| 87 google_util::IsYoutubeDomainUrl( |
| 88 url, google_util::ALLOW_SUBDOMAIN, |
| 89 google_util::DISALLOW_NON_STANDARD_PORTS)); |
| 90 return is_google_url || IsDriveOrigin(origin) || |
| 91 gaia::IsGaiaSignonRealm(origin); |
| 92 } |
| 93 |
| 94 std::string ChromeConnectedHeaderHelper::BuildRequestHeader( |
| 95 bool is_header_request, |
| 96 const GURL& url, |
| 97 const std::string& account_id, |
| 98 int profile_mode_mask) { |
| 99 if (account_id.empty()) |
| 100 return std::string(); |
| 101 |
| 102 std::vector<std::string> parts; |
| 103 if (IsUrlEligibleToIncludeGaiaId(url, is_header_request)) { |
| 104 // Only set the Gaia ID on domains that actually requires it. |
| 105 parts.push_back( |
| 106 base::StringPrintf("%s=%s", kGaiaIdAttrName, account_id.c_str())); |
| 107 } |
| 108 parts.push_back( |
| 109 base::StringPrintf("%s=%s", kProfileModeAttrName, |
| 110 base::IntToString(profile_mode_mask).c_str())); |
| 111 parts.push_back(base::StringPrintf( |
| 112 "%s=%s", kEnableAccountConsistencyAttrName, |
| 113 switches::IsAccountConsistencyMirrorEnabled() ? "true" : "false")); |
| 114 |
| 115 return base::JoinString(parts, is_header_request ? "," : ":"); |
| 116 } |
| 117 |
| 118 } // namespace signin |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2923733003:
[signin] Add DICe flow for account consistency requests. (Closed)
