| Index: components/signin/core/browser/signin_header_helper.cc
|
| diff --git a/components/signin/core/browser/signin_header_helper.cc b/components/signin/core/browser/signin_header_helper.cc
|
| index 8fdfcd682ac6cd6215f1aa14f9ea3bc45834b84c..28dd54e16f7519ca2b001a3b95bf0b24358152e1 100644
|
| --- a/components/signin/core/browser/signin_header_helper.cc
|
| +++ b/components/signin/core/browser/signin_header_helper.cc
|
| @@ -5,24 +5,27 @@
|
| #include "components/signin/core/browser/signin_header_helper.h"
|
|
|
| #include <stddef.h>
|
| +#include <map>
|
|
|
| +#include "base/logging.h"
|
| #include "base/macros.h"
|
| -#include "base/strings/string_number_conversions.h"
|
| #include "base/strings/string_split.h"
|
| -#include "base/strings/string_util.h"
|
| -#include "base/strings/stringprintf.h"
|
| #include "build/build_config.h"
|
| #include "components/content_settings/core/browser/cookie_settings.h"
|
| #include "components/google/core/browser/google_util.h"
|
| +#include "components/signin/core/browser/chrome_connected_header_helper.h"
|
| #include "components/signin/core/common/profile_management_switches.h"
|
| #include "google_apis/gaia/gaia_auth_util.h"
|
| #include "google_apis/gaia/gaia_urls.h"
|
| #include "net/base/escape.h"
|
| -#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
|
| #include "net/http/http_response_headers.h"
|
| #include "net/url_request/url_request.h"
|
| #include "url/gurl.h"
|
|
|
| +#if !defined(OS_IOS) && !defined(OS_ANDROID)
|
| +#include "components/signin/core/browser/dice_header_helper.h"
|
| +#endif
|
| +
|
| namespace signin {
|
|
|
| namespace {
|
| @@ -33,40 +36,11 @@ typedef std::map<std::string, std::string> MirrorResponseHeaderDictionary;
|
| const char kChromeManageAccountsHeader[] = "X-Chrome-Manage-Accounts";
|
| const char kContinueUrlAttrName[] = "continue_url";
|
| const char kEmailAttrName[] = "email";
|
| -const char kEnableAccountConsistencyAttrName[] = "enable_account_consistency";
|
| -const char kGaiaIdAttrName[] = "id";
|
| -const char kProfileModeAttrName[] = "mode";
|
| const char kIsSameTabAttrName[] = "is_same_tab";
|
| const char kIsSamlAttrName[] = "is_saml";
|
| const char kServiceTypeAttrName[] = "action";
|
|
|
| -bool IsDriveOrigin(const GURL& url) {
|
| - if (!url.SchemeIsCryptographic())
|
| - return false;
|
| -
|
| - const GURL kGoogleDriveURL("https://drive.google.com");
|
| - const GURL kGoogleDocsURL("https://docs.google.com");
|
| - return url == kGoogleDriveURL || url == kGoogleDocsURL;
|
| -}
|
| -
|
| -bool IsUrlEligibleToIncludeGaiaId(const GURL& url, bool is_header_request) {
|
| - if (is_header_request) {
|
| - // GAIA Id is only necessary for Drive. Don't set it otherwise.
|
| - return IsDriveOrigin(url.GetOrigin());
|
| - }
|
| -
|
| - // Cookie requests don't have the granularity to only include the GAIA Id for
|
| - // Drive origin. Set it on all google.com instead.
|
| - if (!url.SchemeIsCryptographic())
|
| - return false;
|
| -
|
| - const std::string kGoogleDomain = "google.com";
|
| - std::string domain = net::registry_controlled_domains::GetDomainAndRegistry(
|
| - url, net::registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES);
|
| - return domain == kGoogleDomain;
|
| -}
|
| -
|
| -// Determines the service type that has been passed from GAIA in the header.
|
| +// Determines the service type that has been passed from Gaia in the header.
|
| GAIAServiceType GetGAIAServiceTypeFromHeader(const std::string& header_value) {
|
| if (header_value == "SIGNOUT")
|
| return GAIA_SERVICE_TYPE_SIGNOUT;
|
| @@ -94,7 +68,7 @@ MirrorResponseHeaderDictionary ParseMirrorResponseHeader(
|
| base::SPLIT_WANT_NONEMPTY)) {
|
| size_t delim = field.find_first_of('=');
|
| if (delim == std::string::npos) {
|
| - DLOG(WARNING) << "Unexpected GAIA header field '" << field << "'.";
|
| + DLOG(WARNING) << "Unexpected Gaia header field '" << field << "'.";
|
| continue;
|
| }
|
| dictionary[field.substr(0, delim).as_string()] = net::UnescapeURLComponent(
|
| @@ -105,79 +79,10 @@ MirrorResponseHeaderDictionary ParseMirrorResponseHeader(
|
| return dictionary;
|
| }
|
|
|
| -// Checks if the url has the required properties to have a X-Chrome-Connected
|
| -// header.
|
| -bool IsUrlEligibleForXChromeConnectedHeader(const GURL& url) {
|
| - // Only set the header for Drive and Gaia always, and other Google properties
|
| - // if account consistency is enabled.
|
| - // Vasquette, which is integrated with most Google properties, needs the
|
| - // header to redirect certain user actions to Chrome native UI. Drive and Gaia
|
| - // need the header to tell if the current user is connected. The drive path is
|
| - // a temporary workaround until the more generic chrome.principals API is
|
| - // available.
|
| -
|
| - // Consider the account id sensitive and limit it to secure domains.
|
| - if (!url.SchemeIsCryptographic())
|
| - return false;
|
| -
|
| - GURL origin(url.GetOrigin());
|
| - bool is_enable_account_consistency =
|
| - switches::IsAccountConsistencyMirrorEnabled();
|
| - bool is_google_url = is_enable_account_consistency &&
|
| - (google_util::IsGoogleDomainUrl(
|
| - url, google_util::ALLOW_SUBDOMAIN,
|
| - google_util::DISALLOW_NON_STANDARD_PORTS) ||
|
| - google_util::IsYoutubeDomainUrl(
|
| - url, google_util::ALLOW_SUBDOMAIN,
|
| - google_util::DISALLOW_NON_STANDARD_PORTS));
|
| - return is_google_url || IsDriveOrigin(origin) ||
|
| - gaia::IsGaiaSignonRealm(origin);
|
| -}
|
| -
|
| -// Checks if the url has the required properties to have an account consistency
|
| -// header.
|
| -bool IsUrlEligibleForAccountConsistencyRequestHeader(const GURL& url) {
|
| - // TODO(droger): Support X-Chrome-ID-Consistency-Request.
|
| - return IsUrlEligibleForXChromeConnectedHeader(url);
|
| -}
|
| -
|
| -std::string BuildMirrorRequestIfPossible(
|
| - bool is_header_request,
|
| - const GURL& url,
|
| - const std::string& account_id,
|
| - const content_settings::CookieSettings* cookie_settings,
|
| - int profile_mode_mask) {
|
| - if (account_id.empty())
|
| - return std::string();
|
| -
|
| - // If signin cookies are not allowed, don't add the header.
|
| - if (!SettingsAllowSigninCookies(cookie_settings)) {
|
| - return std::string();
|
| - }
|
| -
|
| - // Check if url is elligible for the header.
|
| - if (!IsUrlEligibleForXChromeConnectedHeader(url))
|
| - return std::string();
|
| -
|
| - std::vector<std::string> parts;
|
| - if (IsUrlEligibleToIncludeGaiaId(url, is_header_request)) {
|
| - // Only set the GAIA Id on domains that actually requires it.
|
| - parts.push_back(
|
| - base::StringPrintf("%s=%s", kGaiaIdAttrName, account_id.c_str()));
|
| - }
|
| - parts.push_back(
|
| - base::StringPrintf("%s=%s", kProfileModeAttrName,
|
| - base::IntToString(profile_mode_mask).c_str()));
|
| - parts.push_back(base::StringPrintf(
|
| - "%s=%s", kEnableAccountConsistencyAttrName,
|
| - switches::IsAccountConsistencyMirrorEnabled() ? "true" : "false"));
|
| -
|
| - return base::JoinString(parts, is_header_request ? "," : ":");
|
| -}
|
| -
|
| } // namespace
|
|
|
| extern const char kChromeConnectedHeader[] = "X-Chrome-Connected";
|
| +extern const char kDiceRequestHeader[] = "X-Chrome-ID-Consistency-Request";
|
|
|
| ManageAccountsParams::ManageAccountsParams()
|
| : service_type(GAIA_SERVICE_TYPE_NONE),
|
| @@ -208,33 +113,30 @@ std::string BuildMirrorRequestCookieIfPossible(
|
| const std::string& account_id,
|
| const content_settings::CookieSettings* cookie_settings,
|
| int profile_mode_mask) {
|
| - return BuildMirrorRequestIfPossible(false /* is_header_request */, url,
|
| - account_id, cookie_settings,
|
| - profile_mode_mask);
|
| + return signin::ChromeConnectedHeaderHelper::BuildRequestCookieIfPossible(
|
| + url, account_id, cookie_settings, profile_mode_mask);
|
| }
|
|
|
| -bool AppendOrRemoveAccountConsistentyRequestHeader(
|
| +bool SigninHeaderHelper::AppendOrRemoveRequestHeader(
|
| net::URLRequest* request,
|
| + const char* header_name,
|
| const GURL& redirect_url,
|
| const std::string& account_id,
|
| const content_settings::CookieSettings* cookie_settings,
|
| int profile_mode_mask) {
|
| const GURL& url = redirect_url.is_empty() ? request->url() : redirect_url;
|
| -
|
| - // TODO(droger): Support X-Chrome-ID-Consistency-Request.
|
| - std::string header_name = kChromeConnectedHeader;
|
| - std::string header_value = BuildMirrorRequestIfPossible(
|
| + std::string header_value = BuildRequestHeaderIfPossible(
|
| true /* is_header_request */, url, account_id, cookie_settings,
|
| profile_mode_mask);
|
|
|
| - if (!header_name.empty() && header_value.empty()) {
|
| + if (header_value.empty()) {
|
| // If the request is being redirected, and it has the account consistency
|
| // header, and current url is a Google URL, and the redirected one is not,
|
| // remove the header.
|
| if (!redirect_url.is_empty() &&
|
| request->extra_request_headers().HasHeader(header_name) &&
|
| - IsUrlEligibleForAccountConsistencyRequestHeader(request->url()) &&
|
| - !IsUrlEligibleForAccountConsistencyRequestHeader(redirect_url)) {
|
| + IsUrlEligibleForRequestHeader(request->url()) &&
|
| + !IsUrlEligibleForRequestHeader(redirect_url)) {
|
| request->RemoveRequestHeaderByName(header_name);
|
| }
|
| return false;
|
| @@ -243,6 +145,44 @@ bool AppendOrRemoveAccountConsistentyRequestHeader(
|
| return true;
|
| }
|
|
|
| +std::string SigninHeaderHelper::BuildRequestHeaderIfPossible(
|
| + bool is_header_request,
|
| + const GURL& url,
|
| + const std::string& account_id,
|
| + const content_settings::CookieSettings* cookie_settings,
|
| + int profile_mode_mask) {
|
| + // If signin cookies are not allowed, don't add the header.
|
| + if (!SettingsAllowSigninCookies(cookie_settings))
|
| + return std::string();
|
| +
|
| + // Check if url is eligible for the header.
|
| + if (!IsUrlEligibleForRequestHeader(url))
|
| + return std::string();
|
| +
|
| + return BuildRequestHeader(is_header_request, url, account_id,
|
| + profile_mode_mask);
|
| +}
|
| +
|
| +void AppendOrRemoveAccountConsistentyRequestHeader(
|
| + net::URLRequest* request,
|
| + const GURL& redirect_url,
|
| + const std::string& account_id,
|
| + const content_settings::CookieSettings* cookie_settings,
|
| + int profile_mode_mask) {
|
| +// Dice is not enabled on mobile.
|
| +#if !defined(OS_IOS) && !defined(OS_ANDROID)
|
| + DiceHeaderHelper dice_helper;
|
| + dice_helper.AppendOrRemoveRequestHeader(request, kDiceRequestHeader,
|
| + redirect_url, account_id,
|
| + cookie_settings, profile_mode_mask);
|
| +#endif
|
| +
|
| + ChromeConnectedHeaderHelper chrome_connected_helper;
|
| + chrome_connected_helper.AppendOrRemoveRequestHeader(
|
| + request, kChromeConnectedHeader, redirect_url, account_id,
|
| + cookie_settings, profile_mode_mask);
|
| +}
|
| +
|
| ManageAccountsParams BuildManageAccountsParams(
|
| const std::string& header_value) {
|
| ManageAccountsParams params;
|
| @@ -263,7 +203,7 @@ ManageAccountsParams BuildManageAccountsParams(
|
| } else if (key_name == kIsSameTabAttrName) {
|
| params.is_same_tab = header_dictionary[kIsSameTabAttrName] == "true";
|
| } else {
|
| - DLOG(WARNING) << "Unexpected GAIA header attribute '" << key_name << "'.";
|
| + DLOG(WARNING) << "Unexpected Gaia header attribute '" << key_name << "'.";
|
| }
|
| }
|
| return params;
|
|
|
Chromium Code Reviews
Issue 2923733003:
[signin] Add DICe flow for account consistency requests. (Closed)
