Chromium Code Reviews Chromium Code Reviews
Issue 2946023002:
ChromeOS: Add support for loading GAIA API v2 (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // <include src="saml_handler.js"> | 5 // <include src="saml_handler.js"> |
| 6 | 6 |
| 7 /** | 7 /** |
| 8 * @fileoverview An UI component to authenciate to Chrome. The component hosts | 8 * @fileoverview An UI component to authenciate to Chrome. The component hosts |
| 9 * IdP web pages in a webview. A client who is interested in monitoring | 9 * IdP web pages in a webview. A client who is interested in monitoring |
| 10 * authentication events should pass a listener object of type | 10 * authentication events should pass a listener object of type |
| (...skipping 13 matching lines...) Expand all Loading... | |
| 24 'chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/success.html'; | 24 'chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/success.html'; |
| 25 var SIGN_IN_HEADER = 'google-accounts-signin'; | 25 var SIGN_IN_HEADER = 'google-accounts-signin'; |
| 26 var EMBEDDED_FORM_HEADER = 'google-accounts-embedded'; | 26 var EMBEDDED_FORM_HEADER = 'google-accounts-embedded'; |
| 27 var LOCATION_HEADER = 'location'; | 27 var LOCATION_HEADER = 'location'; |
| 28 var COOKIE_HEADER = 'cookie'; | 28 var COOKIE_HEADER = 'cookie'; |
| 29 var SET_COOKIE_HEADER = 'set-cookie'; | 29 var SET_COOKIE_HEADER = 'set-cookie'; |
| 30 var OAUTH_CODE_COOKIE = 'oauth_code'; | 30 var OAUTH_CODE_COOKIE = 'oauth_code'; |
| 31 var GAPS_COOKIE = 'GAPS'; | 31 var GAPS_COOKIE = 'GAPS'; |
| 32 var SERVICE_ID = 'chromeoslogin'; | 32 var SERVICE_ID = 'chromeoslogin'; |
| 33 var EMBEDDED_SETUP_CHROMEOS_ENDPOINT = 'embedded/setup/chromeos'; | 33 var EMBEDDED_SETUP_CHROMEOS_ENDPOINT = 'embedded/setup/chromeos'; |
| 34 var EMBEDDED_SETUP_CHROMEOS_ENDPOINT_V2 = 'embedded/setup/v2/chromeos'; | |
| 34 var SAML_REDIRECTION_PATH = 'samlredirect'; | 35 var SAML_REDIRECTION_PATH = 'samlredirect'; |
| 35 var BLANK_PAGE_URL = 'about:blank'; | 36 var BLANK_PAGE_URL = 'about:blank'; |
| 36 | 37 |
| 37 /** | 38 /** |
| 38 * The source URL parameter for the constrained signin flow. | 39 * The source URL parameter for the constrained signin flow. |
| 39 */ | 40 */ |
| 40 var CONSTRAINED_FLOW_SOURCE = 'chrome'; | 41 var CONSTRAINED_FLOW_SOURCE = 'chrome'; |
| 41 | 42 |
| 42 /** | 43 /** |
| 43 * Enum for the authorization mode, must match AuthMode defined in | 44 * Enum for the authorization mode, must match AuthMode defined in |
| (...skipping 25 matching lines...) Expand all Loading... | |
| 69 // gaiaUrl. | 70 // gaiaUrl. |
| 70 'constrained', // Whether the extension is loaded in a constrained | 71 'constrained', // Whether the extension is loaded in a constrained |
| 71 // window. | 72 // window. |
| 72 'clientId', // Chrome client id. | 73 'clientId', // Chrome client id. |
| 73 'useEafe', // Whether to use EAFE. | 74 'useEafe', // Whether to use EAFE. |
| 74 'needPassword', // Whether the host is interested in getting a password. | 75 'needPassword', // Whether the host is interested in getting a password. |
| 75 // If this set to |false|, |confirmPasswordCallback| is | 76 // If this set to |false|, |confirmPasswordCallback| is |
| 76 // not called before dispatching |authCopleted|. | 77 // not called before dispatching |authCopleted|. |
| 77 // Default is |true|. | 78 // Default is |true|. |
| 78 'flow', // One of 'default', 'enterprise', or 'theftprotection'. | 79 'flow', // One of 'default', 'enterprise', or 'theftprotection'. |
| 79 'enterpriseDomain', // Domain in which hosting device is (or should be) | 80 'enterpriseDomain', // Domain in which hosting device is (or should be) |
| 80 // enrolled. | 81 // enrolled. |
| 81 'emailDomain', // Value used to prefill domain for email. | 82 'emailDomain', // Value used to prefill domain for email. |
| 82 'chromeType', // Type of Chrome OS device, e.g. "chromebox". | 83 'chromeType', // Type of Chrome OS device, e.g. "chromebox". |
| 83 'clientVersion', // Version of the Chrome build. | 84 'clientVersion', // Version of the Chrome build. |
| 84 'platformVersion', // Version of the OS build. | 85 'platformVersion', // Version of the OS build. |
| 85 'releaseChannel', // Installation channel. | 86 'releaseChannel', // Installation channel. |
| 86 'endpointGen', // Current endpoint generation. | 87 'endpointGen', // Current endpoint generation. |
| 87 'gapsCookie', // GAPS cookie | 88 'gapsCookie', // GAPS cookie |
| 89 'chromeOSApiVersion', // GAIA Chrome OS API version | |
| 88 | 90 |
| 89 // The email fields allow for the following possibilities: | 91 // The email fields allow for the following possibilities: |
| 90 // | 92 // |
| 91 // 1/ If 'email' is not supplied, then the email text field is blank and the | 93 // 1/ If 'email' is not supplied, then the email text field is blank and the |
| 92 // user must type an email to proceed. | 94 // user must type an email to proceed. |
| 93 // | 95 // |
| 94 // 2/ If 'email' is supplied, and 'readOnlyEmail' is truthy, then the email | 96 // 2/ If 'email' is supplied, and 'readOnlyEmail' is truthy, then the email |
| 95 // is hardcoded and the user cannot change it. The user is asked for | 97 // is hardcoded and the user cannot change it. The user is asked for |
| 96 // password. This is useful for re-auth scenarios, where chrome needs the | 98 // password. This is useful for re-auth scenarios, where chrome needs the |
| 97 // user to authenticate for a specific account and only that account. | 99 // user to authenticate for a specific account and only that account. |
| (...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 224 this.continueUrl_.substring(0, this.continueUrl_.indexOf('?')) || | 226 this.continueUrl_.substring(0, this.continueUrl_.indexOf('?')) || |
| 225 this.continueUrl_; | 227 this.continueUrl_; |
| 226 this.isConstrainedWindow_ = data.constrained == '1'; | 228 this.isConstrainedWindow_ = data.constrained == '1'; |
| 227 this.isNewGaiaFlow = data.isNewGaiaFlow; | 229 this.isNewGaiaFlow = data.isNewGaiaFlow; |
| 228 this.useEafe_ = data.useEafe || false; | 230 this.useEafe_ = data.useEafe || false; |
| 229 this.clientId_ = data.clientId; | 231 this.clientId_ = data.clientId; |
| 230 this.gapsCookie_ = data.gapsCookie; | 232 this.gapsCookie_ = data.gapsCookie; |
| 231 this.gapsCookieSent_ = false; | 233 this.gapsCookieSent_ = false; |
| 232 this.newGapsCookie_ = null; | 234 this.newGapsCookie_ = null; |
| 233 this.dontResizeNonEmbeddedPages = data.dontResizeNonEmbeddedPages; | 235 this.dontResizeNonEmbeddedPages = data.dontResizeNonEmbeddedPages; |
| 236 this.chromeOSApiVersion_ = data.chromeOSApiVersion; | |
| 234 | 237 |
| 235 this.initialFrameUrl_ = this.constructInitialFrameUrl_(data); | 238 this.initialFrameUrl_ = this.constructInitialFrameUrl_(data); |
| 236 this.reloadUrl_ = data.frameUrl || this.initialFrameUrl_; | 239 this.reloadUrl_ = data.frameUrl || this.initialFrameUrl_; |
| 237 // Don't block insecure content for desktop flow because it lands on | 240 // Don't block insecure content for desktop flow because it lands on |
| 238 // http. Otherwise, block insecure content as long as gaia is https. | 241 // http. Otherwise, block insecure content as long as gaia is https. |
| 239 this.samlHandler_.blockInsecureContent = | 242 this.samlHandler_.blockInsecureContent = |
| 240 authMode != AuthMode.DESKTOP && this.idpOrigin_.startsWith('https://'); | 243 authMode != AuthMode.DESKTOP && this.idpOrigin_.startsWith('https://'); |
| 241 this.needPassword = !('needPassword' in data) || data.needPassword; | 244 this.needPassword = !('needPassword' in data) || data.needPassword; |
| 242 | 245 |
| 243 if (this.isNewGaiaFlow) { | 246 if (this.isNewGaiaFlow) { |
| 244 this.webview_.contextMenus.onShow.addListener(function(e) { | 247 this.webview_.contextMenus.onShow.addListener(function(e) { |
| 245 e.preventDefault(); | 248 e.preventDefault(); |
| 246 }); | 249 }); |
| 247 | 250 |
| 248 if (!this.onBeforeSetHeadersSet_) { | 251 if (!this.onBeforeSetHeadersSet_) { |
| 249 this.onBeforeSetHeadersSet_ = true; | 252 this.onBeforeSetHeadersSet_ = true; |
| 250 var filterPrefix = this.idpOrigin_ + EMBEDDED_SETUP_CHROMEOS_ENDPOINT; | 253 var filterPrefix = this.constructChromeOSAPIUrl_(); |
| 251 // This depends on gaiaUrl parameter, that is why it is here. | 254 // This depends on gaiaUrl parameter, that is why it is here. |
| 252 this.webview_.request.onBeforeSendHeaders.addListener( | 255 this.webview_.request.onBeforeSendHeaders.addListener( |
| 253 this.onBeforeSendHeaders_.bind(this), | 256 this.onBeforeSendHeaders_.bind(this), |
| 254 {urls: [filterPrefix + '?*', filterPrefix + '/*']}, | 257 {urls: [filterPrefix + '?*', filterPrefix + '/*']}, |
| 255 ['requestHeaders', 'blocking']); | 258 ['requestHeaders', 'blocking']); |
| 256 } | 259 } |
| 257 } | 260 } |
| 258 | 261 |
| 259 this.webview_.src = this.reloadUrl_; | 262 this.webview_.src = this.reloadUrl_; |
| 260 this.isLoaded_ = true; | 263 this.isLoaded_ = true; |
| 261 }; | 264 }; |
| 262 | 265 |
| 266 Authenticator.prototype.constructChromeOSAPIUrl_ = function() { | |
| 267 if (this.chromeOSApiVersion_ && this.chromeOSApiVersion_ == 2) { | |
|
achuithb
2017/06/21 18:33:12
Can drop {}
Alexander Alekseev
2017/06/21 20:05:34
Done.
| |
| 268 return this.idpOrigin_ + EMBEDDED_SETUP_CHROMEOS_ENDPOINT_V2; | |
| 269 } | |
| 270 return this.idpOrigin_ + EMBEDDED_SETUP_CHROMEOS_ENDPOINT; | |
| 271 }; | |
| 272 | |
| 263 /** | 273 /** |
| 264 * Reloads the authenticator component. | 274 * Reloads the authenticator component. |
| 265 */ | 275 */ |
| 266 Authenticator.prototype.reload = function() { | 276 Authenticator.prototype.reload = function() { |
| 267 this.resetStates(); | 277 this.resetStates(); |
| 268 this.webview_.src = this.reloadUrl_; | 278 this.webview_.src = this.reloadUrl_; |
| 269 this.isLoaded_ = true; | 279 this.isLoaded_ = true; |
| 270 }; | 280 }; |
| 271 | 281 |
| 272 Authenticator.prototype.constructInitialFrameUrl_ = function(data) { | 282 Authenticator.prototype.constructInitialFrameUrl_ = function(data) { |
| 273 if (data.doSamlRedirect) { | 283 if (data.doSamlRedirect) { |
| 274 var url = this.idpOrigin_ + SAML_REDIRECTION_PATH; | 284 var url = this.idpOrigin_ + SAML_REDIRECTION_PATH; |
| 275 url = appendParam(url, 'domain', data.enterpriseDomain); | 285 url = appendParam(url, 'domain', data.enterpriseDomain); |
| 276 url = appendParam( | 286 url = appendParam( |
| 277 url, 'continue', | 287 url, 'continue', |
| 278 data.gaiaUrl + 'o/oauth2/programmatic_auth?hl=' + data.hl + | 288 data.gaiaUrl + 'o/oauth2/programmatic_auth?hl=' + data.hl + |
| 279 '&scope=https%3A%2F%2Fwww.google.com%2Faccounts%2FOAuthLogin&' + | 289 '&scope=https%3A%2F%2Fwww.google.com%2Faccounts%2FOAuthLogin&' + |
| 280 'client_id=' + encodeURIComponent(data.clientId) + | 290 'client_id=' + encodeURIComponent(data.clientId) + |
| 281 '&access_type=offline'); | 291 '&access_type=offline'); |
| 282 | 292 |
| 283 return url; | 293 return url; |
| 284 } | 294 } |
| 285 | 295 |
| 286 var path = data.gaiaPath; | 296 var url; |
| 287 if (!path && this.isNewGaiaFlow) | 297 if (data.gaiaPath) { |
|
achuithb
2017/06/21 18:33:12
can drop {}
Alexander Alekseev
2017/06/21 20:05:34
Done.
| |
| 288 path = EMBEDDED_SETUP_CHROMEOS_ENDPOINT; | 298 url = this.idpOrigin_ + data.gaiaPath; |
| 289 if (!path) | 299 } else if (this.isNewGaiaFlow) { |
|
achuithb
2017/06/21 18:33:12
This is always true, right? Should we deprecate th
Alexander Alekseev
2017/06/21 20:05:34
isNewGaiaFlow should be either removed or renamed
| |
| 290 path = IDP_PATH; | 300 url = this.constructChromeOSAPIUrl_(); |
| 291 var url = this.idpOrigin_ + path; | 301 } else { |
| 302 url = this.idpOrigin_ + IDP_PATH; | |
| 303 } | |
| 292 | 304 |
| 293 if (this.isNewGaiaFlow) { | 305 if (this.isNewGaiaFlow) { |
| 294 if (data.chromeType) | 306 if (data.chromeType) |
| 295 url = appendParam(url, 'chrometype', data.chromeType); | 307 url = appendParam(url, 'chrometype', data.chromeType); |
| 296 if (data.clientId) | 308 if (data.clientId) |
| 297 url = appendParam(url, 'client_id', data.clientId); | 309 url = appendParam(url, 'client_id', data.clientId); |
| 298 if (data.enterpriseDomain) | 310 if (data.enterpriseDomain) |
| 299 url = appendParam(url, 'manageddomain', data.enterpriseDomain); | 311 url = appendParam(url, 'manageddomain', data.enterpriseDomain); |
| 300 if (data.clientVersion) | 312 if (data.clientVersion) |
| 301 url = appendParam(url, 'client_version', data.clientVersion); | 313 url = appendParam(url, 'client_version', data.clientVersion); |
| (...skipping 571 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 873 Authenticator.AuthMode = AuthMode; | 885 Authenticator.AuthMode = AuthMode; |
| 874 Authenticator.SUPPORTED_PARAMS = SUPPORTED_PARAMS; | 886 Authenticator.SUPPORTED_PARAMS = SUPPORTED_PARAMS; |
| 875 | 887 |
| 876 return { | 888 return { |
| 877 // TODO(guohui, xiyuan): Rename GaiaAuthHost to Authenticator once the old | 889 // TODO(guohui, xiyuan): Rename GaiaAuthHost to Authenticator once the old |
| 878 // iframe-based flow is deprecated. | 890 // iframe-based flow is deprecated. |
| 879 GaiaAuthHost: Authenticator, | 891 GaiaAuthHost: Authenticator, |
| 880 Authenticator: Authenticator | 892 Authenticator: Authenticator |
| 881 }; | 893 }; |
| 882 }); | 894 }); |
| OLD | NEW |
