Chromium Code Reviews Chromium Code Reviews
Issue 2923733003:
[signin] Add DICe flow for account consistency requests. (Closed)
| Index: components/signin/core/browser/signin_header_helper.cc |
| diff --git a/components/signin/core/browser/signin_header_helper.cc b/components/signin/core/browser/signin_header_helper.cc |
| index 8fdfcd682ac6cd6215f1aa14f9ea3bc45834b84c..db13e943d38fcb83802bd3ad3cc4bdfc2a214f95 100644 |
| --- a/components/signin/core/browser/signin_header_helper.cc |
| +++ b/components/signin/core/browser/signin_header_helper.cc |
| @@ -5,24 +5,27 @@ |
| #include "components/signin/core/browser/signin_header_helper.h" |
| #include <stddef.h> |
| +#include <map> |
| +#include "base/logging.h" |
| #include "base/macros.h" |
| -#include "base/strings/string_number_conversions.h" |
| #include "base/strings/string_split.h" |
| -#include "base/strings/string_util.h" |
| -#include "base/strings/stringprintf.h" |
| #include "build/build_config.h" |
| #include "components/content_settings/core/browser/cookie_settings.h" |
| #include "components/google/core/browser/google_util.h" |
| +#include "components/signin/core/browser/chrome_connected_header_helper.h" |
| #include "components/signin/core/common/profile_management_switches.h" |
| #include "google_apis/gaia/gaia_auth_util.h" |
| #include "google_apis/gaia/gaia_urls.h" |
| #include "net/base/escape.h" |
| -#include "net/base/registry_controlled_domains/registry_controlled_domain.h" |
| #include "net/http/http_response_headers.h" |
| #include "net/url_request/url_request.h" |
| #include "url/gurl.h" |
| +#if !defined(OS_IOS) && !defined(OS_ANDROID) |
| +#include "components/signin/core/browser/dice_header_helper.h" |
| +#endif |
| + |
| namespace signin { |
| namespace { |
| @@ -33,39 +36,10 @@ typedef std::map<std::string, std::string> MirrorResponseHeaderDictionary; |
| const char kChromeManageAccountsHeader[] = "X-Chrome-Manage-Accounts"; |
| const char kContinueUrlAttrName[] = "continue_url"; |
| const char kEmailAttrName[] = "email"; |
| -const char kEnableAccountConsistencyAttrName[] = "enable_account_consistency"; |
| -const char kGaiaIdAttrName[] = "id"; |
| -const char kProfileModeAttrName[] = "mode"; |
| const char kIsSameTabAttrName[] = "is_same_tab"; |
| const char kIsSamlAttrName[] = "is_saml"; |
| const char kServiceTypeAttrName[] = "action"; |
| -bool IsDriveOrigin(const GURL& url) { |
| - if (!url.SchemeIsCryptographic()) |
| - return false; |
| - |
| - const GURL kGoogleDriveURL("https://drive.google.com"); |
| - const GURL kGoogleDocsURL("https://docs.google.com"); |
| - return url == kGoogleDriveURL || url == kGoogleDocsURL; |
| -} |
| - |
| -bool IsUrlEligibleToIncludeGaiaId(const GURL& url, bool is_header_request) { |
| - if (is_header_request) { |
| - // GAIA Id is only necessary for Drive. Don't set it otherwise. |
| - return IsDriveOrigin(url.GetOrigin()); |
| - } |
| - |
| - // Cookie requests don't have the granularity to only include the GAIA Id for |
| - // Drive origin. Set it on all google.com instead. |
| - if (!url.SchemeIsCryptographic()) |
| - return false; |
| - |
| - const std::string kGoogleDomain = "google.com"; |
| - std::string domain = net::registry_controlled_domains::GetDomainAndRegistry( |
| - url, net::registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES); |
| - return domain == kGoogleDomain; |
| -} |
| - |
| // Determines the service type that has been passed from GAIA in the header. |
| GAIAServiceType GetGAIAServiceTypeFromHeader(const std::string& header_value) { |
| if (header_value == "SIGNOUT") |
| @@ -105,80 +79,8 @@ MirrorResponseHeaderDictionary ParseMirrorResponseHeader( |
| return dictionary; |
| } |
| -// Checks if the url has the required properties to have a X-Chrome-Connected |
| -// header. |
| -bool IsUrlEligibleForXChromeConnectedHeader(const GURL& url) { |
| - // Only set the header for Drive and Gaia always, and other Google properties |
| - // if account consistency is enabled. |
| - // Vasquette, which is integrated with most Google properties, needs the |
| - // header to redirect certain user actions to Chrome native UI. Drive and Gaia |
| - // need the header to tell if the current user is connected. The drive path is |
| - // a temporary workaround until the more generic chrome.principals API is |
| - // available. |
| - |
| - // Consider the account id sensitive and limit it to secure domains. |
| - if (!url.SchemeIsCryptographic()) |
| - return false; |
| - |
| - GURL origin(url.GetOrigin()); |
| - bool is_enable_account_consistency = |
| - switches::IsAccountConsistencyMirrorEnabled(); |
| - bool is_google_url = is_enable_account_consistency && |
| - (google_util::IsGoogleDomainUrl( |
| - url, google_util::ALLOW_SUBDOMAIN, |
| - google_util::DISALLOW_NON_STANDARD_PORTS) || |
| - google_util::IsYoutubeDomainUrl( |
| - url, google_util::ALLOW_SUBDOMAIN, |
| - google_util::DISALLOW_NON_STANDARD_PORTS)); |
| - return is_google_url || IsDriveOrigin(origin) || |
| - gaia::IsGaiaSignonRealm(origin); |
| -} |
| - |
| -// Checks if the url has the required properties to have an account consistency |
| -// header. |
| -bool IsUrlEligibleForAccountConsistencyRequestHeader(const GURL& url) { |
| - // TODO(droger): Support X-Chrome-ID-Consistency-Request. |
| - return IsUrlEligibleForXChromeConnectedHeader(url); |
| -} |
| - |
| -std::string BuildMirrorRequestIfPossible( |
| - bool is_header_request, |
| - const GURL& url, |
| - const std::string& account_id, |
| - const content_settings::CookieSettings* cookie_settings, |
| - int profile_mode_mask) { |
| - if (account_id.empty()) |
| - return std::string(); |
| - |
| - // If signin cookies are not allowed, don't add the header. |
| - if (!SettingsAllowSigninCookies(cookie_settings)) { |
| - return std::string(); |
| - } |
| - |
| - // Check if url is elligible for the header. |
| - if (!IsUrlEligibleForXChromeConnectedHeader(url)) |
| - return std::string(); |
| - |
| - std::vector<std::string> parts; |
| - if (IsUrlEligibleToIncludeGaiaId(url, is_header_request)) { |
| - // Only set the GAIA Id on domains that actually requires it. |
| - parts.push_back( |
| - base::StringPrintf("%s=%s", kGaiaIdAttrName, account_id.c_str())); |
| - } |
| - parts.push_back( |
| - base::StringPrintf("%s=%s", kProfileModeAttrName, |
| - base::IntToString(profile_mode_mask).c_str())); |
| - parts.push_back(base::StringPrintf( |
| - "%s=%s", kEnableAccountConsistencyAttrName, |
| - switches::IsAccountConsistencyMirrorEnabled() ? "true" : "false")); |
| - |
| - return base::JoinString(parts, is_header_request ? "," : ":"); |
| -} |
| - |
| } // namespace |
| -extern const char kChromeConnectedHeader[] = "X-Chrome-Connected"; |
| - |
| ManageAccountsParams::ManageAccountsParams() |
| : service_type(GAIA_SERVICE_TYPE_NONE), |
| email(""), |
| @@ -203,38 +105,26 @@ bool SettingsAllowSigninCookies( |
| cookie_settings->IsCookieAccessAllowed(google_url, google_url); |
| } |
| -std::string BuildMirrorRequestCookieIfPossible( |
| - const GURL& url, |
| - const std::string& account_id, |
| - const content_settings::CookieSettings* cookie_settings, |
| - int profile_mode_mask) { |
| - return BuildMirrorRequestIfPossible(false /* is_header_request */, url, |
| - account_id, cookie_settings, |
| - profile_mode_mask); |
| -} |
| - |
| -bool AppendOrRemoveAccountConsistentyRequestHeader( |
| +bool SigninHeaderHelper::AppendOrRemoveRequestHeader( |
| net::URLRequest* request, |
| + const char* header_name, |
| const GURL& redirect_url, |
| const std::string& account_id, |
| const content_settings::CookieSettings* cookie_settings, |
| int profile_mode_mask) { |
| const GURL& url = redirect_url.is_empty() ? request->url() : redirect_url; |
| - |
| - // TODO(droger): Support X-Chrome-ID-Consistency-Request. |
| - std::string header_name = kChromeConnectedHeader; |
| - std::string header_value = BuildMirrorRequestIfPossible( |
| + std::string header_value = BuildRequestHeaderIfPossible( |
| true /* is_header_request */, url, account_id, cookie_settings, |
| profile_mode_mask); |
| - if (!header_name.empty() && header_value.empty()) { |
| + if (header_value.empty()) { |
| // If the request is being redirected, and it has the account consistency |
| // header, and current url is a Google URL, and the redirected one is not, |
| // remove the header. |
| if (!redirect_url.is_empty() && |
| request->extra_request_headers().HasHeader(header_name) && |
| - IsUrlEligibleForAccountConsistencyRequestHeader(request->url()) && |
| - !IsUrlEligibleForAccountConsistencyRequestHeader(redirect_url)) { |
| + IsUrlEligibleForRequestHeader(request->url()) && |
| + !IsUrlEligibleForRequestHeader(redirect_url)) { |
| request->RemoveRequestHeaderByName(header_name); |
| } |
| return false; |
| @@ -243,6 +133,44 @@ bool AppendOrRemoveAccountConsistentyRequestHeader( |
| return true; |
| } |
| +std::string SigninHeaderHelper::BuildRequestHeaderIfPossible( |
| + bool is_header_request, |
| + const GURL& url, |
| + const std::string& account_id, |
| + const content_settings::CookieSettings* cookie_settings, |
| + int profile_mode_mask) { |
| + // If signin cookies are not allowed, don't add the header. |
| + if (!SettingsAllowSigninCookies(cookie_settings)) |
| + return std::string(); |
| + |
| + // Check if url is eligible for the header. |
| + if (!IsUrlEligibleForRequestHeader(url)) |
| + return std::string(); |
| + |
| + return BuildRequestHeader(is_header_request, url, account_id, |
| + profile_mode_mask); |
| +} |
| + |
| +void AppendOrRemoveAccountConsistentyRequestHeader( |
| + net::URLRequest* request, |
| + const GURL& redirect_url, |
| + const std::string& account_id, |
| + const content_settings::CookieSettings* cookie_settings, |
| + int profile_mode_mask) { |
| +// Dice is not enabled on mobile. |
|
msarda
2017/06/08 23:43:05
Indent
droger
2017/06/09 09:52:24
Not done. Indentation is correct.
|
| +#if !defined(OS_IOS) && !defined(OS_ANDROID) |
| + DiceHeaderHelper dice_helper; |
| + dice_helper.AppendOrRemoveRequestHeader(request, kDiceRequestHeader, |
| + redirect_url, account_id, |
| + cookie_settings, profile_mode_mask); |
| +#endif |
| + |
| + ChromeConnectedHeaderHelper chrome_connected_helper; |
| + chrome_connected_helper.AppendOrRemoveRequestHeader( |
| + request, kChromeConnectedHeader, redirect_url, account_id, |
| + cookie_settings, profile_mode_mask); |
| +} |
| + |
| ManageAccountsParams BuildManageAccountsParams( |
| const std::string& header_value) { |
| ManageAccountsParams params; |
