ChromeOS: Add support for loading GAIA API v2

chrome/browser/resources/gaia_auth_host/authenticator.js

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // <include src="saml_handler.js">
 
 /**
  * @fileoverview An UI component to authenciate to Chrome. The component hosts
  * IdP web pages in a webview. A client who is interested in monitoring
  * authentication events should pass a listener object of type
@@ skipping 13 matching lines @@
       'chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/success.html';
   var SIGN_IN_HEADER = 'google-accounts-signin';
   var EMBEDDED_FORM_HEADER = 'google-accounts-embedded';
   var LOCATION_HEADER = 'location';
   var COOKIE_HEADER = 'cookie';
   var SET_COOKIE_HEADER = 'set-cookie';
   var OAUTH_CODE_COOKIE = 'oauth_code';
   var GAPS_COOKIE = 'GAPS';
   var SERVICE_ID = 'chromeoslogin';
   var EMBEDDED_SETUP_CHROMEOS_ENDPOINT = 'embedded/setup/chromeos';
+  var EMBEDDED_SETUP_CHROMEOS_ENDPOINT_V2 = 'embedded/setup/v2/chromeos';
   var SAML_REDIRECTION_PATH = 'samlredirect';
   var BLANK_PAGE_URL = 'about:blank';
 
   /**
    * The source URL parameter for the constrained signin flow.
    */
   var CONSTRAINED_FLOW_SOURCE = 'chrome';
 
   /**
    * Enum for the authorization mode, must match AuthMode defined in
@@ skipping 25 matching lines @@
                      // gaiaUrl.
     'constrained',   // Whether the extension is loaded in a constrained
                      // window.
     'clientId',      // Chrome client id.
     'useEafe',       // Whether to use EAFE.
     'needPassword',  // Whether the host is interested in getting a password.
                      // If this set to |false|, |confirmPasswordCallback| is
                      // not called before dispatching |authCopleted|.
                      // Default is |true|.
     'flow',          // One of 'default', 'enterprise', or 'theftprotection'.
-    'enterpriseDomain',  // Domain in which hosting device is (or should be)
-                         // enrolled.
-    'emailDomain',       // Value used to prefill domain for email.
-    'chromeType',        // Type of Chrome OS device, e.g. "chromebox".
-    'clientVersion',     // Version of the Chrome build.
-    'platformVersion',   // Version of the OS build.
-    'releaseChannel',    // Installation channel.
-    'endpointGen',       // Current endpoint generation.
-    'gapsCookie',        // GAPS cookie
+    'enterpriseDomain',    // Domain in which hosting device is (or should be)
+                           // enrolled.
+    'emailDomain',         // Value used to prefill domain for email.
+    'chromeType',          // Type of Chrome OS device, e.g. "chromebox".
+    'clientVersion',       // Version of the Chrome build.
+    'platformVersion',     // Version of the OS build.
+    'releaseChannel',      // Installation channel.
+    'endpointGen',         // Current endpoint generation.
+    'gapsCookie',          // GAPS cookie
+    'chromeOSApiVersion',  // GAIA Chrome OS API version
 
     // The email fields allow for the following possibilities:
     //
     // 1/ If 'email' is not supplied, then the email text field is blank and the
     // user must type an email to proceed.
     //
     // 2/ If 'email' is supplied, and 'readOnlyEmail' is truthy, then the email
     // is hardcoded and the user cannot change it.  The user is asked for
     // password.  This is useful for re-auth scenarios, where chrome needs the
     // user to authenticate for a specific account and only that account.
@@ skipping 126 matching lines @@
         this.continueUrl_.substring(0, this.continueUrl_.indexOf('?')) ||
         this.continueUrl_;
     this.isConstrainedWindow_ = data.constrained == '1';
     this.isNewGaiaFlow = data.isNewGaiaFlow;
     this.useEafe_ = data.useEafe || false;
     this.clientId_ = data.clientId;
     this.gapsCookie_ = data.gapsCookie;
     this.gapsCookieSent_ = false;
     this.newGapsCookie_ = null;
     this.dontResizeNonEmbeddedPages = data.dontResizeNonEmbeddedPages;
+    this.chromeOSApiVersion_ = data.chromeOSApiVersion;
 
     this.initialFrameUrl_ = this.constructInitialFrameUrl_(data);
     this.reloadUrl_ = data.frameUrl || this.initialFrameUrl_;
     // Don't block insecure content for desktop flow because it lands on
     // http. Otherwise, block insecure content as long as gaia is https.
     this.samlHandler_.blockInsecureContent =
         authMode != AuthMode.DESKTOP && this.idpOrigin_.startsWith('https://');
     this.needPassword = !('needPassword' in data) || data.needPassword;
 
     if (this.isNewGaiaFlow) {
       this.webview_.contextMenus.onShow.addListener(function(e) {
         e.preventDefault();
       });
 
       if (!this.onBeforeSetHeadersSet_) {
         this.onBeforeSetHeadersSet_ = true;
-        var filterPrefix = this.idpOrigin_ + EMBEDDED_SETUP_CHROMEOS_ENDPOINT;
+        var filterPrefix = this.constructChromeOSAPIUrl_();
         // This depends on gaiaUrl parameter, that is why it is here.
         this.webview_.request.onBeforeSendHeaders.addListener(
             this.onBeforeSendHeaders_.bind(this),
             {urls: [filterPrefix + '?*', filterPrefix + '/*']},
             ['requestHeaders', 'blocking']);
       }
     }
 
     this.webview_.src = this.reloadUrl_;
     this.isLoaded_ = true;
   };
 
+  Authenticator.prototype.constructChromeOSAPIUrl_ = function() {
+    if (this.chromeOSApiVersion_ && this.chromeOSApiVersion_ == 2)
+      return this.idpOrigin_ + EMBEDDED_SETUP_CHROMEOS_ENDPOINT_V2;
+
+    return this.idpOrigin_ + EMBEDDED_SETUP_CHROMEOS_ENDPOINT;
+  };
+
   /**
    * Reloads the authenticator component.
    */
   Authenticator.prototype.reload = function() {
     this.resetStates();
     this.webview_.src = this.reloadUrl_;
     this.isLoaded_ = true;
   };
 
   Authenticator.prototype.constructInitialFrameUrl_ = function(data) {
     if (data.doSamlRedirect) {
       var url = this.idpOrigin_ + SAML_REDIRECTION_PATH;
       url = appendParam(url, 'domain', data.enterpriseDomain);
       url = appendParam(
           url, 'continue',
           data.gaiaUrl + 'o/oauth2/programmatic_auth?hl=' + data.hl +
               '&scope=https%3A%2F%2Fwww.google.com%2Faccounts%2FOAuthLogin&' +
               'client_id=' + encodeURIComponent(data.clientId) +
               '&access_type=offline');
 
       return url;
     }
 
-    var path = data.gaiaPath;
-    if (!path && this.isNewGaiaFlow)
-      path = EMBEDDED_SETUP_CHROMEOS_ENDPOINT;
-    if (!path)
-      path = IDP_PATH;
-    var url = this.idpOrigin_ + path;
+    var url;
+    if (data.gaiaPath)
+      url = this.idpOrigin_ + data.gaiaPath;
+    else if (this.isNewGaiaFlow)
+      url = this.constructChromeOSAPIUrl_();
+    else
+      url = this.idpOrigin_ + IDP_PATH;
 
     if (this.isNewGaiaFlow) {
       if (data.chromeType)
         url = appendParam(url, 'chrometype', data.chromeType);
       if (data.clientId)
         url = appendParam(url, 'client_id', data.clientId);
       if (data.enterpriseDomain)
         url = appendParam(url, 'manageddomain', data.enterpriseDomain);
       if (data.clientVersion)
         url = appendParam(url, 'client_version', data.clientVersion);
@@ skipping 571 matching lines @@
   Authenticator.AuthMode = AuthMode;
   Authenticator.SUPPORTED_PARAMS = SUPPORTED_PARAMS;
 
   return {
     // TODO(guohui, xiyuan): Rename GaiaAuthHost to Authenticator once the old
     // iframe-based flow is deprecated.
     GaiaAuthHost: Authenticator,
     Authenticator: Authenticator
   };
 });