Chromium Code Reviews Chromium Code Reviews
Issue 317093002:
Show confirmation dialog for unsecure signin (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 /** | 5 /** |
| 6 * @fileoverview | 6 * @fileoverview |
| 7 * A background script of the auth extension that bridges the communication | 7 * A background script of the auth extension that bridges the communication |
| 8 * between the main and injected scripts. | 8 * between the main and injected scripts. |
| 9 * | 9 * |
| 10 * Here is an overview of the communication flow when SAML is being used: | 10 * Here is an overview of the communication flow when SAML is being used: |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 117 isConstrainedWindow_: null, | 117 isConstrainedWindow_: null, |
| 118 | 118 |
| 119 // Email of the newly authenticated user based on the gaia response header | 119 // Email of the newly authenticated user based on the gaia response header |
| 120 // 'google-accounts-signin'. | 120 // 'google-accounts-signin'. |
| 121 email_: null, | 121 email_: null, |
| 122 | 122 |
| 123 // Session index of the newly authenticated user based on the gaia response | 123 // Session index of the newly authenticated user based on the gaia response |
| 124 // header 'google-accounts-signin'. | 124 // header 'google-accounts-signin'. |
| 125 sessionIndex_: null, | 125 sessionIndex_: null, |
| 126 | 126 |
| 127 // Whether the user needs to confirm signin because of insecure content. | |
| 128 confirmUntrustedSignin_: false, | |
| 129 | |
| 127 // Gaia URL base that is set from main auth script. | 130 // Gaia URL base that is set from main auth script. |
| 128 gaiaUrl_: null, | 131 gaiaUrl_: null, |
| 129 | 132 |
| 130 // Whether to abort the authentication flow and show an error messagen when | 133 // Whether to abort the authentication flow and show an error messagen when |
| 131 // content served over an unencrypted connection is detected. | 134 // content served over an unencrypted connection is detected. |
| 132 blockInsecureContent_: false, | 135 blockInsecureContent_: false, |
| 133 | 136 |
| 134 // Whether auth flow has started. It is used as a signal of whether the | 137 // Whether auth flow has started. It is used as a signal of whether the |
| 135 // injected script should scrape passwords. | 138 // injected script should scrape passwords. |
| 136 authStarted_: false, | 139 authStarted_: false, |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 209 if (!this.isDesktopFlow_ || details.parentFrameId <= 0) | 212 if (!this.isDesktopFlow_ || details.parentFrameId <= 0) |
| 210 return; | 213 return; |
| 211 | 214 |
| 212 var msg = null; | 215 var msg = null; |
| 213 if (this.continueUrl_ && | 216 if (this.continueUrl_ && |
| 214 details.url.lastIndexOf(this.continueUrl_, 0) == 0) { | 217 details.url.lastIndexOf(this.continueUrl_, 0) == 0) { |
| 215 var skipForNow = false; | 218 var skipForNow = false; |
| 216 if (details.url.indexOf('ntp=1') >= 0) | 219 if (details.url.indexOf('ntp=1') >= 0) |
| 217 skipForNow = true; | 220 skipForNow = true; |
| 218 | 221 |
| 219 // TOOD(guohui): Show password confirmation UI. | 222 // TOOD(guohui): Show password confirmation UI. |
|
Roger Tawa OOO till Jul 10th
2014/06/08 03:01:56
Is this todo done now? Remove/fix comment?
guohui
2014/06/09 19:23:29
nope, this is not done yet, for more details pleas
| |
| 220 var passwords = this.onGetScrapedPasswords_(); | 223 var passwords = this.onGetScrapedPasswords_(); |
| 221 msg = { | 224 msg = { |
| 222 'name': 'completeLogin', | 225 'name': 'completeLogin', |
| 223 'email': this.email_, | 226 'email': this.email_, |
| 224 'password': passwords[0], | 227 'password': passwords[0], |
| 225 'sessionIndex': this.sessionIndex_, | 228 'sessionIndex': this.sessionIndex_, |
| 226 'skipForNow': skipForNow | 229 'skipForNow': skipForNow, |
| 230 'confirmUntrustedSignin': this.confirmUntrustedSignin_ | |
| 227 }; | 231 }; |
| 228 this.channelMain_.send(msg); | 232 this.channelMain_.send(msg); |
| 229 } else if (this.isConstrainedWindow_) { | 233 } else if (this.isConstrainedWindow_) { |
| 230 // The header google-accounts-embedded is only set on gaia domain. | 234 // The header google-accounts-embedded is only set on gaia domain. |
| 231 if (this.gaiaUrl_ && details.url.lastIndexOf(this.gaiaUrl_) == 0) { | 235 if (this.gaiaUrl_ && details.url.lastIndexOf(this.gaiaUrl_) == 0) { |
| 232 var headers = details.responseHeaders; | 236 var headers = details.responseHeaders; |
| 233 for (var i = 0; headers && i < headers.length; ++i) { | 237 for (var i = 0; headers && i < headers.length; ++i) { |
| 234 if (headers[i].name.toLowerCase() == 'google-accounts-embedded') | 238 if (headers[i].name.toLowerCase() == 'google-accounts-embedded') |
| 235 return; | 239 return; |
| 236 } | 240 } |
| 237 } | 241 } |
| 238 msg = { | 242 msg = { |
| 239 'name': 'switchToFullTab', | 243 'name': 'switchToFullTab', |
| 240 'url': details.url | 244 'url': details.url |
| 241 }; | 245 }; |
| 242 this.channelMain_.send(msg); | 246 this.channelMain_.send(msg); |
| 243 } | 247 } |
| 244 }, | 248 }, |
| 245 | 249 |
| 246 /** | 250 /** |
| 247 * Handler for webRequest.onBeforeRequest, invoked when content served over an | 251 * Handler for webRequest.onBeforeRequest, invoked when content served over an |
| 248 * unencrypted connection is detected. Determines whether the request should | 252 * unencrypted connection is detected. Determines whether the request should |
| 249 * be blocked and if so, signals that an error message needs to be shown. | 253 * be blocked and if so, signals that an error message needs to be shown. |
| 250 * @param {string} url The URL that was blocked. | 254 * @param {string} url The URL that was blocked. |
| 251 * @return {!Object} Decision whether to block the request. | 255 * @return {!Object} Decision whether to block the request. |
| 252 */ | 256 */ |
| 253 onInsecureRequest: function(url) { | 257 onInsecureRequest: function(url) { |
| 254 if (!this.blockInsecureContent_) | 258 if (!this.blockInsecureContent_) { |
| 259 this.confirmUntrustedSignin_ = true; | |
| 255 return {}; | 260 return {}; |
| 261 } | |
| 256 this.channelMain_.send({name: 'onInsecureContentBlocked', url: url}); | 262 this.channelMain_.send({name: 'onInsecureContentBlocked', url: url}); |
| 257 return {cancel: true}; | 263 return {cancel: true}; |
| 258 }, | 264 }, |
| 259 | 265 |
| 260 /** | 266 /** |
| 261 * Handler or webRequest.onHeadersReceived. It reads the authenticated user | 267 * Handler or webRequest.onHeadersReceived. It reads the authenticated user |
| 262 * email from google-accounts-signin-header. | 268 * email from google-accounts-signin-header. |
| 263 */ | 269 */ |
| 264 onHeadersReceived: function(details) { | 270 onHeadersReceived: function(details) { |
| 265 if (!this.isDesktopFlow_ || | 271 if (!this.isDesktopFlow_ || |
| (...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 364 }, | 370 }, |
| 365 | 371 |
| 366 onPageLoaded_: function(msg) { | 372 onPageLoaded_: function(msg) { |
| 367 if (this.channelMain_) | 373 if (this.channelMain_) |
| 368 this.channelMain_.send({name: 'onAuthPageLoaded', url: msg.url}); | 374 this.channelMain_.send({name: 'onAuthPageLoaded', url: msg.url}); |
| 369 } | 375 } |
| 370 }; | 376 }; |
| 371 | 377 |
| 372 var backgroundBridgeManager = new BackgroundBridgeManager(); | 378 var backgroundBridgeManager = new BackgroundBridgeManager(); |
| 373 backgroundBridgeManager.run(); | 379 backgroundBridgeManager.run(); |
| OLD | NEW |
