Show confirmation dialog for unsecure signin

chrome/browser/ui/webui/signin/inline_login_handler_impl.cc

Index: chrome/browser/ui/webui/signin/inline_login_handler_impl.cc
diff --git a/chrome/browser/ui/webui/signin/inline_login_handler_impl.cc b/chrome/browser/ui/webui/signin/inline_login_handler_impl.cc
index a3d600e474a264d2e4b073d581ca1afeaad22ad5..8691e7037dac0a98ed6eb314dccb9479ce03a637 100644
--- a/chrome/browser/ui/webui/signin/inline_login_handler_impl.cc
+++ b/chrome/browser/ui/webui/signin/inline_login_handler_impl.cc
@@ -47,7 +47,8 @@ class InlineSigninHelper : public SigninOAuthHelper,
       const std::string& email,
       const std::string& password,
       const std::string& session_index,
-      bool choose_what_to_sync);
+      bool choose_what_to_sync,
+      bool confirm_untrusted_signin);
 
  private:
   // Overriden from SigninOAuthHelper::Consumer.
@@ -65,6 +66,7 @@ class InlineSigninHelper : public SigninOAuthHelper,
   std::string password_;
   std::string session_index_;
   bool choose_what_to_sync_;
+  bool confirm_untrusted_signin_;
 
   DISALLOW_COPY_AND_ASSIGN(InlineSigninHelper);
 };
@@ -77,7 +79,8 @@ InlineSigninHelper::InlineSigninHelper(
     const std::string& email,
     const std::string& password,
     const std::string& session_index,
-    bool choose_what_to_sync)
+    bool choose_what_to_sync,
+    bool confirm_untrusted_signin)
     : SigninOAuthHelper(getter, session_index, this),
       handler_(handler),
       profile_(profile),
@@ -85,7 +88,8 @@ InlineSigninHelper::InlineSigninHelper(
       email_(email),
       password_(password),
       session_index_(session_index),
-      choose_what_to_sync_(choose_what_to_sync) {
+      choose_what_to_sync_(choose_what_to_sync),
+      confirm_untrusted_signin_(confirm_untrusted_signin) {
   DCHECK(profile_);
   DCHECK(!email_.empty());
   DCHECK(!session_index_.empty());
@@ -133,12 +137,19 @@ void InlineSigninHelper::OnSigninOAuthInformationAvailable(
                 OneClickSigninSyncStarter::SHOW_SETTINGS_WITHOUT_CONFIGURE :
                 OneClickSigninSyncStarter::CONFIGURE_SYNC_FIRST :
                 OneClickSigninSyncStarter::SYNC_WITH_DEFAULT_SETTINGS;
-    OneClickSigninSyncStarter::ConfirmationRequired confirmation_required =
-        source == signin::SOURCE_SETTINGS ||
-        source == signin::SOURCE_WEBSTORE_INSTALL ||
-        choose_what_to_sync_ ?
-            OneClickSigninSyncStarter::NO_CONFIRMATION :
-            OneClickSigninSyncStarter::CONFIRM_AFTER_SIGNIN;
+
+    OneClickSigninSyncStarter::ConfirmationRequired confirmation_required;
+    if (confirm_untrusted_signin_) {
+      confirmation_required =
+          OneClickSigninSyncStarter::CONFIRM_UNTRUSTED_SIGNIN;
+    } else {
+      confirmation_required =
+          source == signin::SOURCE_SETTINGS ||
+          source == signin::SOURCE_WEBSTORE_INSTALL ||
+          choose_what_to_sync_ ?
+              OneClickSigninSyncStarter::NO_CONFIRMATION :
+              OneClickSigninSyncStarter::CONFIRM_AFTER_SIGNIN;
+    }
 
     bool start_signin =
         !OneClickSigninHelper::HandleCrossAccountError(
@@ -179,10 +190,7 @@ void InlineSigninHelper::OnSigninOAuthInformationFailure(
 
 }  // namespace
 
-InlineLoginHandlerImpl::InlineLoginHandlerImpl()
-      : weak_factory_(this),
-        choose_what_to_sync_(false) {
-}
+InlineLoginHandlerImpl::InlineLoginHandlerImpl() : weak_factory_(this) {}
 
 InlineLoginHandlerImpl::~InlineLoginHandlerImpl() {}
 
@@ -210,13 +218,14 @@ void InlineLoginHandlerImpl::CompleteLogin(const base::ListValue* args) {
     return;
   }
 
-  base::string16 email;
-  dict->GetString("email", &email);
-  DCHECK(!email.empty());
-  email_ = base::UTF16ToASCII(email);
-  base::string16 password;
-  dict->GetString("password", &password);
-  password_ = base::UTF16ToASCII(password);
+  base::string16 email_string16;
+  dict->GetString("email", &email_string16);
+  DCHECK(!email_string16.empty());
+  std::string email(base::UTF16ToASCII(email_string16));
+
+  base::string16 password_string16;
+  dict->GetString("password", &password_string16);
+  std::string password(base::UTF16ToASCII(password_string16));
 
   // When doing a SAML sign in, this email check may result in a false
   // positive.  This happens when the user types one email address in the
@@ -228,23 +237,27 @@ void InlineLoginHandlerImpl::CompleteLogin(const base::ListValue* args) {
       net::GetValueForKeyInQuery(current_url, "validateEmail",
                                  &validate_email) &&
       validate_email == "1") {
-    if (!gaia::AreEmailsSame(email_, default_email)) {
+    if (!gaia::AreEmailsSame(email, default_email)) {
       SyncStarterCallback(OneClickSigninSyncStarter::SYNC_SETUP_FAILURE);
       return;
     }
   }
 
-  base::string16 session_index;
-  dict->GetString("sessionIndex", &session_index);
-  session_index_ = base::UTF16ToASCII(session_index);
-  DCHECK(!session_index_.empty());
-  dict->GetBoolean("chooseWhatToSync", &choose_what_to_sync_);
+  base::string16 session_index_string16;
+  dict->GetString("sessionIndex", &session_index_string16);
+  std::string session_index = base::UTF16ToASCII(session_index_string16);
+  DCHECK(!session_index.empty());
+
+  bool choose_what_to_sync = false;
+  dict->GetBoolean("chooseWhatToSync", &choose_what_to_sync);
+  bool confirm_untrusted_signin = false;
+  dict->GetBoolean("confirmUntrustedSignin", &confirm_untrusted_signin);

[nasko, 2014/06/10 16:29:41]

Does this value come from the renderer? If yes, then a compromised renderer can
lie. Considering we are trying to guard against HTTP, plaintext document can
trivially deliver an exploit document and completely bypass this protection. 

 
   signin::Source source = signin::GetSourceForPromoURL(current_url);
   OneClickSigninHelper::LogHistogramValue(
       source, one_click_signin::HISTOGRAM_ACCEPTED);
   bool switch_to_advanced =
-      choose_what_to_sync_ && (source != signin::SOURCE_SETTINGS);
+      choose_what_to_sync && (source != signin::SOURCE_SETTINGS);
   OneClickSigninHelper::LogHistogramValue(
       source,
       switch_to_advanced ? one_click_signin::HISTOGRAM_WITH_ADVANCED :
@@ -271,7 +284,7 @@ void InlineLoginHandlerImpl::CompleteLogin(const base::ListValue* args) {
 
   std::string error_msg;
   bool can_offer = OneClickSigninHelper::CanOffer(
-      contents, can_offer_for, email_, &error_msg);
+      contents, can_offer_for, email, &error_msg);
   if (!can_offer) {
     HandleLoginError(error_msg);
     return;
@@ -290,12 +303,9 @@ void InlineLoginHandlerImpl::CompleteLogin(const base::ListValue* args) {
   // InlineSigninHelper will delete itself.
   new InlineSigninHelper(GetWeakPtr(), partition->GetURLRequestContext(),
                          Profile::FromWebUI(web_ui()), current_url,
-                         email_, password_, session_index_,
-                         choose_what_to_sync_);
+                         email, password, session_index,
+                         choose_what_to_sync, confirm_untrusted_signin);
 
-  email_.clear();
-  password_.clear();
-  session_index_.clear();
   web_ui()->CallJavascriptFunction("inline.login.closeDialog");
 }
 
@@ -308,10 +318,6 @@ void InlineLoginHandlerImpl::HandleLoginError(const std::string& error_msg) {
             << error_msg;
     OneClickSigninHelper::ShowSigninErrorBubble(browser, error_msg);
   }
-
-  email_.clear();
-  password_.clear();
-  session_index_.clear();
 }
 
 Browser* InlineLoginHandlerImpl::GetDesktopBrowser() {