Show confirmation dialog for unsecure signin

chrome/browser/ui/webui/signin/inline_login_handler_impl.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/webui/signin/inline_login_handler_impl.h"
 
 #include <string>
 
 #include "base/bind.h"
 #include "base/strings/string_number_conversions.h"
@@ skipping 29 matching lines @@
                            public SigninOAuthHelper::Consumer {
  public:
   InlineSigninHelper(
       base::WeakPtr<InlineLoginHandlerImpl> handler,
       net::URLRequestContextGetter* getter,
       Profile* profile,
       const GURL& current_url,
       const std::string& email,
       const std::string& password,
       const std::string& session_index,
-      bool choose_what_to_sync);
+      bool choose_what_to_sync,
+      bool confirm_untrusted_signin);
 
  private:
   // Overriden from SigninOAuthHelper::Consumer.
   virtual void OnSigninOAuthInformationAvailable(
       const std::string& email,
       const std::string& display_email,
       const std::string& refresh_token) OVERRIDE;
   virtual void OnSigninOAuthInformationFailure(
       const GoogleServiceAuthError& error) OVERRIDE;
 
   base::WeakPtr<InlineLoginHandlerImpl> handler_;
   Profile* profile_;
   GURL current_url_;
   std::string email_;
   std::string password_;
   std::string session_index_;
   bool choose_what_to_sync_;
+  bool confirm_untrusted_signin_;
 
   DISALLOW_COPY_AND_ASSIGN(InlineSigninHelper);
 };
 
 InlineSigninHelper::InlineSigninHelper(
     base::WeakPtr<InlineLoginHandlerImpl> handler,
     net::URLRequestContextGetter* getter,
     Profile* profile,
     const GURL& current_url,
     const std::string& email,
     const std::string& password,
     const std::string& session_index,
-    bool choose_what_to_sync)
+    bool choose_what_to_sync,
+    bool confirm_untrusted_signin)
     : SigninOAuthHelper(getter, session_index, this),
       handler_(handler),
       profile_(profile),
       current_url_(current_url),
       email_(email),
       password_(password),
       session_index_(session_index),
-      choose_what_to_sync_(choose_what_to_sync) {
+      choose_what_to_sync_(choose_what_to_sync),
+      confirm_untrusted_signin_(confirm_untrusted_signin) {
   DCHECK(profile_);
   DCHECK(!email_.empty());
   DCHECK(!session_index_.empty());
 }
 
 void InlineSigninHelper::OnSigninOAuthInformationAvailable(
     const std::string& email,
     const std::string& display_email,
     const std::string& refresh_token) {
   content::WebContents* contents = NULL;
@@ skipping 27 matching lines @@
     SigninErrorController* error_controller =
         ProfileOAuth2TokenServiceFactory::GetForProfile(profile_)->
             signin_error_controller();
     OneClickSigninSyncStarter::StartSyncMode start_mode =
         source == signin::SOURCE_SETTINGS || choose_what_to_sync_ ?
             (error_controller->HasError() &&
               sync_service && sync_service->HasSyncSetupCompleted()) ?
                 OneClickSigninSyncStarter::SHOW_SETTINGS_WITHOUT_CONFIGURE :
                 OneClickSigninSyncStarter::CONFIGURE_SYNC_FIRST :
                 OneClickSigninSyncStarter::SYNC_WITH_DEFAULT_SETTINGS;
-    OneClickSigninSyncStarter::ConfirmationRequired confirmation_required =
-        source == signin::SOURCE_SETTINGS ||
-        source == signin::SOURCE_WEBSTORE_INSTALL ||
-        choose_what_to_sync_ ?
-            OneClickSigninSyncStarter::NO_CONFIRMATION :
-            OneClickSigninSyncStarter::CONFIRM_AFTER_SIGNIN;
+
+    OneClickSigninSyncStarter::ConfirmationRequired confirmation_required;
+    if (confirm_untrusted_signin_) {
+      confirmation_required =
+          OneClickSigninSyncStarter::CONFIRM_UNTRUSTED_SIGNIN;
+    } else {
+      confirmation_required =
+          source == signin::SOURCE_SETTINGS ||
+          source == signin::SOURCE_WEBSTORE_INSTALL ||
+          choose_what_to_sync_ ?
+              OneClickSigninSyncStarter::NO_CONFIRMATION :
+              OneClickSigninSyncStarter::CONFIRM_AFTER_SIGNIN;
+    }
 
     bool start_signin =
         !OneClickSigninHelper::HandleCrossAccountError(
             contents, "",
             email, password_, refresh_token,
             OneClickSigninHelper::AUTO_ACCEPT_EXPLICIT,
             source, start_mode,
             base::Bind(&InlineLoginHandlerImpl::SyncStarterCallback,
                        handler_));
     if (start_signin) {
@@ skipping 20 matching lines @@
 
   AboutSigninInternals* about_signin_internals =
     AboutSigninInternalsFactory::GetForProfile(profile_);
   about_signin_internals->OnRefreshTokenReceived("Failure");
 
   base::MessageLoop::current()->DeleteSoon(FROM_HERE, this);
 }
 
 }  // namespace
 
-InlineLoginHandlerImpl::InlineLoginHandlerImpl()
-      : weak_factory_(this),
-        choose_what_to_sync_(false) {
-}
+InlineLoginHandlerImpl::InlineLoginHandlerImpl() : weak_factory_(this) {}
 
 InlineLoginHandlerImpl::~InlineLoginHandlerImpl() {}
 
 void InlineLoginHandlerImpl::SetExtraInitParams(base::DictionaryValue& params) {
   params.SetString("service", "chromiumsync");
 
   signin::Source source =
       signin::GetSourceForPromoURL(web_ui()->GetWebContents()->GetURL());
   OneClickSigninHelper::LogHistogramValue(
       source, one_click_signin::HISTOGRAM_SHOWN);
 }
 
 void InlineLoginHandlerImpl::CompleteLogin(const base::ListValue* args) {
   content::WebContents* contents = web_ui()->GetWebContents();
   const GURL& current_url = contents->GetURL();
 
   const base::DictionaryValue* dict = NULL;
   args->GetDictionary(0, &dict);
 
   bool skip_for_now = false;
   dict->GetBoolean("skipForNow", &skip_for_now);
   if (skip_for_now) {
     signin::SetUserSkippedPromo(Profile::FromWebUI(web_ui()));
     SyncStarterCallback(OneClickSigninSyncStarter::SYNC_SETUP_FAILURE);
     return;
   }
 
-  base::string16 email;
-  dict->GetString("email", &email);
-  DCHECK(!email.empty());
-  email_ = base::UTF16ToASCII(email);
-  base::string16 password;
-  dict->GetString("password", &password);
-  password_ = base::UTF16ToASCII(password);
+  base::string16 email_string16;
+  dict->GetString("email", &email_string16);
+  DCHECK(!email_string16.empty());
+  std::string email(base::UTF16ToASCII(email_string16));
+
+  base::string16 password_string16;
+  dict->GetString("password", &password_string16);
+  std::string password(base::UTF16ToASCII(password_string16));
 
   // When doing a SAML sign in, this email check may result in a false
   // positive.  This happens when the user types one email address in the
   // gaia sign in page, but signs in to a different account in the SAML sign in
   // page.
   std::string default_email;
   std::string validate_email;
   if (net::GetValueForKeyInQuery(current_url, "email", &default_email) &&
       net::GetValueForKeyInQuery(current_url, "validateEmail",
                                  &validate_email) &&
       validate_email == "1") {
-    if (!gaia::AreEmailsSame(email_, default_email)) {
+    if (!gaia::AreEmailsSame(email, default_email)) {
       SyncStarterCallback(OneClickSigninSyncStarter::SYNC_SETUP_FAILURE);
       return;
     }
   }
 
-  base::string16 session_index;
-  dict->GetString("sessionIndex", &session_index);
-  session_index_ = base::UTF16ToASCII(session_index);
-  DCHECK(!session_index_.empty());
-  dict->GetBoolean("chooseWhatToSync", &choose_what_to_sync_);
+  base::string16 session_index_string16;
+  dict->GetString("sessionIndex", &session_index_string16);
+  std::string session_index = base::UTF16ToASCII(session_index_string16);
+  DCHECK(!session_index.empty());
+
+  bool choose_what_to_sync = false;
+  dict->GetBoolean("chooseWhatToSync", &choose_what_to_sync);
+  bool confirm_untrusted_signin = false;
+  dict->GetBoolean("confirmUntrustedSignin", &confirm_untrusted_signin);

[nasko, 2014/06/10 16:29:41]

Does this value come from the renderer? If yes, then a compromised renderer can
lie. Considering we are trying to guard against HTTP, plaintext document can
trivially deliver an exploit document and completely bypass this protection. 

 
   signin::Source source = signin::GetSourceForPromoURL(current_url);
   OneClickSigninHelper::LogHistogramValue(
       source, one_click_signin::HISTOGRAM_ACCEPTED);
   bool switch_to_advanced =
-      choose_what_to_sync_ && (source != signin::SOURCE_SETTINGS);
+      choose_what_to_sync && (source != signin::SOURCE_SETTINGS);
   OneClickSigninHelper::LogHistogramValue(
       source,
       switch_to_advanced ? one_click_signin::HISTOGRAM_WITH_ADVANCED :
                            one_click_signin::HISTOGRAM_WITH_DEFAULTS);
 
   OneClickSigninHelper::CanOfferFor can_offer_for =
       OneClickSigninHelper::CAN_OFFER_FOR_ALL;
   switch (source) {
     case signin::SOURCE_AVATAR_BUBBLE_ADD_ACCOUNT:
       can_offer_for = OneClickSigninHelper::CAN_OFFER_FOR_SECONDARY_ACCOUNT;
       break;
     case signin::SOURCE_REAUTH: {
       std::string primary_username =
           SigninManagerFactory::GetForProfile(
               Profile::FromWebUI(web_ui()))->GetAuthenticatedUsername();
       if (!gaia::AreEmailsSame(default_email, primary_username))
         can_offer_for = OneClickSigninHelper::CAN_OFFER_FOR_SECONDARY_ACCOUNT;
       break;
     }
     default:
       // No need to change |can_offer_for|.
       break;
   }
 
   std::string error_msg;
   bool can_offer = OneClickSigninHelper::CanOffer(
-      contents, can_offer_for, email_, &error_msg);
+      contents, can_offer_for, email, &error_msg);
   if (!can_offer) {
     HandleLoginError(error_msg);
     return;
   }
 
   AboutSigninInternals* about_signin_internals =
       AboutSigninInternalsFactory::GetForProfile(Profile::FromWebUI(web_ui()));
   about_signin_internals->OnAuthenticationResultReceived(
       "GAIA Auth Successful");
 
   content::StoragePartition* partition =
       content::BrowserContext::GetStoragePartitionForSite(
           contents->GetBrowserContext(),
           GURL(chrome::kChromeUIChromeSigninURL));
 
   // InlineSigninHelper will delete itself.
   new InlineSigninHelper(GetWeakPtr(), partition->GetURLRequestContext(),
                          Profile::FromWebUI(web_ui()), current_url,
-                         email_, password_, session_index_,
-                         choose_what_to_sync_);
+                         email, password, session_index,
+                         choose_what_to_sync, confirm_untrusted_signin);
 
-  email_.clear();
-  password_.clear();
-  session_index_.clear();
   web_ui()->CallJavascriptFunction("inline.login.closeDialog");
 }
 
 void InlineLoginHandlerImpl::HandleLoginError(const std::string& error_msg) {
   SyncStarterCallback(OneClickSigninSyncStarter::SYNC_SETUP_FAILURE);
 
   Browser* browser = GetDesktopBrowser();
   if (browser && !error_msg.empty()) {
     VLOG(1) << "InlineLoginHandlerImpl::HandleLoginError shows error message: "
             << error_msg;
     OneClickSigninHelper::ShowSigninErrorBubble(browser, error_msg);
   }
-
-  email_.clear();
-  password_.clear();
-  session_index_.clear();
 }
 
 Browser* InlineLoginHandlerImpl::GetDesktopBrowser() {
   Browser* browser = chrome::FindBrowserWithWebContents(
       web_ui()->GetWebContents());
   if (!browser) {
     browser = chrome::FindLastActiveWithProfile(
         Profile::FromWebUI(web_ui()), chrome::GetActiveDesktop());
   }
   return browser;
@@ skipping 33 matching lines @@
     TabStripModel* tab_strip_model = browser->tab_strip_model();
     if (tab_strip_model) {
       int index = tab_strip_model->GetIndexOfWebContents(tab);
       if (index != TabStripModel::kNoTab) {
         tab_strip_model->ExecuteContextMenuCommand(
             index, TabStripModel::CommandCloseTab);
       }
     }
   }
 }