Inline sign in extracts gaia id from HTTP header and seeds account tracker

chrome/browser/resources/gaia_auth/main.js

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 /**
  * Authenticator class wraps the communications between Gaia and its host.
  */
 function Authenticator() {
 }
 
@@ skipping 30 matching lines @@
  */
 Authenticator.getInstance = function() {
   if (!Authenticator.instance_) {
     Authenticator.instance_ = new Authenticator();
   }
   return Authenticator.instance_;
 };
 
 Authenticator.prototype = {
   email_: null,
+  gaiaId_: null,
 
   // Depending on the key type chosen, this will contain the plain text password
   // or a credential derived from it along with the information required to
   // repeat the derivation, such as a salt. The information will be encoded so
   // that it contains printable ASCII characters only. The exact encoding is TBD
   // when support for key types other than plain text password is added.
   passwordBytes_: null,
 
+  chooseWhatToSync_: false,
+  skipForNow_: false,
+  sessionIndex_: null,
   attemptToken_: null,
 
   // Input params from extension initialization URL.
   inputLang_: undefined,
   intputEmail_: undefined,
 
   isSAMLFlow_: false,
   gaiaLoaded_: false,
   supportChannel_: null,
 
@@ skipping 28 matching lines @@
 
     document.addEventListener('DOMContentLoaded', this.onPageLoad_.bind(this));
   },
 
   isGaiaMessage_: function(msg) {
     // Not quite right, but good enough.
     return this.gaiaUrl_.indexOf(msg.origin) == 0 ||
            this.GAIA_URL.indexOf(msg.origin) == 0;
   },
 
-  isInternalMessage_: function(msg) {
-    return msg.origin == Authenticator.THIS_EXTENSION_ORIGIN;
-  },
-
   isParentMessage_: function(msg) {
     return msg.origin == this.parentPage_;
   },
 
   constructInitialFrameUrl_: function() {
     var url = this.gaiaUrl_ + this.gaiaPath_;
 
     url = appendParam(url, 'service', this.service_);
     url = appendParam(url, 'continue', this.continueUrl_);
     if (this.inputLang_)
@@ skipping 37 matching lines @@
 
       if (this.desktopMode_) {
         this.supportChannel_.send({
           name: 'initDesktopFlow',
           gaiaUrl: this.gaiaUrl_,
           continueUrl: stripParams(this.continueUrl_),
           isConstrainedWindow: this.isConstrainedWindow_
         });
         this.supportChannel_.registerMessage(
             'switchToFullTab', this.switchToFullTab_.bind(this));
-        this.supportChannel_.registerMessage(
-            'completeLogin', this.completeLogin_.bind(this));
       }
+      this.supportChannel_.registerMessage(
+          'completeLogin', this.onCompleteLogin_.bind(this));
       this.initSAML_();
       this.maybeInitialized_();
     }.bind(this));
 
     window.setTimeout(function() {
       if (!this.supportChannel_) {
         // Re-initialize the channel if it is not connected properly, e.g.
         // connect may be called before background script started running.
         this.initSupportChannel_();
       }
@@ skipping 32 matching lines @@
    * @param {Object=} opt_extraMsg Optional extra info to send.
    */
   completeLogin_: function(opt_extraMsg) {
     var msg = {
       'method': 'completeLogin',
       'email': (opt_extraMsg && opt_extraMsg.email) || this.email_,
       'password': (opt_extraMsg && opt_extraMsg.password) ||
                   this.passwordBytes_,
       'usingSAML': this.isSAMLFlow_,
       'chooseWhatToSync': this.chooseWhatToSync_ || false,
-      'skipForNow': opt_extraMsg && opt_extraMsg.skipForNow,
-      'sessionIndex': opt_extraMsg && opt_extraMsg.sessionIndex
+      'skipForNow': (opt_extraMsg && opt_extraMsg.skipForNow) ||
+                    this.skipForNow_,
+      'sessionIndex': (opt_extraMsg && opt_extraMsg.sessionIndex) ||
+                      this.sessionIndex_,
+      'gaiaId': (opt_extraMsg && opt_extraMsg.gaiaId) || this.gaiaId_
     };
     window.parent.postMessage(msg, this.parentPage_);
     this.supportChannel_.send({name: 'resetAuth'});
   },
 
   /**
    * Invoked when support channel is connected.
    */
   initSAML_: function() {
     this.isSAMLFlow_ = false;
@@ skipping 26 matching lines @@
    */
   onAuthPageLoaded_: function(msg) {
     var isSAMLPage = msg.url.indexOf(this.gaiaUrl_) != 0;
 
     if (isSAMLPage && !this.isSAMLFlow_) {
       // GAIA redirected to a SAML login page. The credentials provided to this
       // page will determine what user gets logged in. The credentials obtained
       // from the GAIA login form are no longer relevant and can be discarded.
       this.isSAMLFlow_ = true;
       this.email_ = null;
+      this.gaiaId_ = null;
       this.passwordBytes_ = null;
     }
 
     window.parent.postMessage({
       'method': 'authPageLoaded',
       'isSAML': this.isSAMLFlow_,
       'domain': extractDomain(msg.url)
     }, this.parentPage_);
   },
 
@@ skipping 28 matching lines @@
       this.initialized_ = true;
       this.sendInitializationSuccess_();
       return;
     }
 
     if (call.method == 'add') {
       if (Authenticator.API_KEY_TYPES.indexOf(call.keyType) == -1) {
         console.error('Authenticator.onAPICall_: unsupported key type');
         return;
       }
+      // Not setting |email_| and |gaiaId_| because this API call will
+      // eventually be followed by onCompleteLogin_() which does set it.
       this.apiToken_ = call.token;
-      this.email_ = call.user;
       this.passwordBytes_ = call.passwordBytes;
     } else if (call.method == 'confirm') {
       if (call.token != this.apiToken_)
         console.error('Authenticator.onAPICall_: token mismatch');
     } else {
       console.error('Authenticator.onAPICall_: unknown message');
     }
   },
 
   sendInitializationSuccess_: function() {
     this.supportChannel_.send({name: 'apiResponse', response: {
       result: 'initialized',
       version: this.apiVersion_,
       keyTypes: Authenticator.API_KEY_TYPES
     }});
   },
 
   sendInitializationFailure_: function() {
     this.supportChannel_.send({
       name: 'apiResponse',
       response: {result: 'initialization_failed'}
     });
   },
 
-  onConfirmLogin_: function() {
-    if (!this.isSAMLFlow_) {
-      this.completeLogin_();
+  /**
+   * Callback invoked for 'completeLogin' message.
+   */
+  onCompleteLogin_: function(extraMsg) {

[bartfab (slow), 2014/10/17 09:54:56]

Nit 1: Anecdotal evidence shows that the naming seems to be |opt_extraMsg| for
optional, extra data and simply |msg| for non-optional data.
Nit 2: Document the type of |extraMsg|.

[Roger Tawa OOO till Jul 10th, 2014/10/20 16:04:00]

Done.

+    if (!extraMsg.email || !extraMsg.gaiaId || !extraMsg.sessionIndex) {
+      console.error('Missing fields to complete login.');
+      window.parent.postMessage(
+          {method: 'showFatalAuthError',
+           message: 'foo'},

[bartfab (slow), 2014/10/17 09:54:55]

I think the correct solution here would be analogous to the "no password" case:
Instead of a generic |showFatalAuthError| message, better add a |noGaiaID|
message that will do the right thing without us having to pass in a message.

[Roger Tawa OOO till Jul 10th, 2014/10/20 16:04:00]

Done.

+          this.parentPage_);
       return;
     }
 
-    var apiUsed = !!this.passwordBytes_;
+    // Skip SAML extra steps for desktop flow and non-SAML flow.
+    if (!this.isSAMLFlow_ || this.desktopMode_) {
+      this.completeLogin_(extraMsg);
+      return;
+    }
 
-    // Retrieve the e-mail address of the user who just authenticated from GAIA.
-    window.parent.postMessage({method: 'retrieveAuthenticatedUserEmail',
-                               attemptToken: this.attemptToken_,
-                               apiUsed: apiUsed},
-                              this.parentPage_);
+    this.email_ = extraMsg.email;
+    this.gaiaId_ = extraMsg.gaiaId;
+    // Password from |extraMsg| is not used because ChromeOS SAML flow
+    // gets password by asking user to confirm.
+    this.skipForNow_ = extraMsg.skipForNow;
+    this.sessionIndex_ = extraMsg.sessionIndex;
 
-    if (!apiUsed) {
+    if (this.passwordBytes_) {
+      this.completeLogin_(extraMsg);
+    } else {
       this.supportChannel_.sendWithCallback(
           {name: 'getScrapedPasswords'},
           function(passwords) {
             if (passwords.length == 0) {
               window.parent.postMessage(
                   {method: 'noPassword', email: this.email_},
                   this.parentPage_);
             } else {
               window.parent.postMessage({method: 'confirmPassword',
                                          email: this.email_,
                                          passwordCount: passwords.length},
                                         this.parentPage_);
             }
           }.bind(this));
     }
   },
 
-  maybeCompleteSAMLLogin_: function() {
-    // SAML login is complete when the user's e-mail address has been retrieved
-    // from GAIA and the user has successfully confirmed the password.
-    if (this.email_ !== null && this.passwordBytes_ !== null)
-      this.completeLogin_();
-  },
-
   onVerifyConfirmedPassword_: function(password) {
     this.supportChannel_.sendWithCallback(
         {name: 'getScrapedPasswords'},
         function(passwords) {
           for (var i = 0; i < passwords.length; ++i) {
             if (passwords[i] == password) {
               this.passwordBytes_ = passwords[i];
-              this.maybeCompleteSAMLLogin_();
+              // SAML login is complete when the user's e-mail address has

[bartfab (slow), 2014/10/17 09:54:56]

Nit: Remove the part of the comment about e-mail retrieval, since we no longer
need to initiate and wait for that.

[Roger Tawa OOO till Jul 10th, 2014/10/20 16:04:00]

Done.

+              // been retrieved from GAIA and the user has successfully
+              // confirmed the password.
+              if (this.email_ !== null && this.passwordBytes_ !== null)

[bartfab (slow), 2014/10/17 09:54:56]

Nit: We no longer need this condition. |email_ != null| is guaranteed by
onCompleteLogin_(), which runs before us. |this.passwordBytes_ != null| is
guaranteed because we set it a couple of lines above.

The moment we find that |password| matches one of the scraped values, we set
|this.passwordBytes_ = password| and call |this.completeLogin_()|. There is no
longer the need to check anything else.

[Roger Tawa OOO till Jul 10th, 2014/10/20 16:04:00]

Done.

+                this.completeLogin_();
               return;
             }
           }
           window.parent.postMessage(
               {method: 'confirmPassword', email: this.email_},
               this.parentPage_);
         }.bind(this));
   },
 
   onMessage: function(e) {
     var msg = e.data;
     if (msg.method == 'attemptLogin' && this.isGaiaMessage_(e)) {
+      // At this point GAIA does not yet know the gaiaId, so its not set here.
       this.email_ = msg.email;
       this.passwordBytes_ = msg.password;
       this.attemptToken_ = msg.attemptToken;
       this.chooseWhatToSync_ = msg.chooseWhatToSync;
       this.isSAMLFlow_ = false;
       if (this.supportChannel_)
         this.supportChannel_.send({name: 'startAuth'});
       else
         console.error('Support channel is not initialized.');
     } else if (msg.method == 'clearOldAttempts' && this.isGaiaMessage_(e)) {
       if (!this.gaiaLoaded_) {
         this.gaiaLoaded_ = true;
         this.maybeInitialized_();
       }
       this.email_ = null;
+      this.gaiaId_ = null;

[bartfab (slow), 2014/10/17 09:54:55]

My question from patchset 32 still stands:

Should |chooseWhatToSync_|, |skipForNow_| and |sessionIndex_| not be reset here
as well?

[Roger Tawa OOO till Jul 10th, 2014/10/20 16:04:00]

Done.

       this.passwordBytes_ = null;
       this.attemptToken_ = null;
       this.isSAMLFlow_ = false;
       if (this.supportChannel_)
         this.supportChannel_.send({name: 'resetAuth'});
-    } else if (msg.method == 'setAuthenticatedUserEmail' &&
-               this.isParentMessage_(e)) {
-      if (this.attemptToken_ == msg.attemptToken) {
-        this.email_ = msg.email;
-        this.maybeCompleteSAMLLogin_();
-      }
-    } else if (msg.method == 'confirmLogin' && this.isInternalMessage_(e)) {
-      // In the desktop mode, Chrome needs to wait for extra info such as
-      // session index from the background JS.
-      if (this.desktopMode_)
-        return;
-
-      if (this.attemptToken_ == msg.attemptToken)
-        this.onConfirmLogin_();
-      else
-        console.error('Authenticator.onMessage: unexpected attemptToken!?');
     } else if (msg.method == 'verifyConfirmedPassword' &&
                this.isParentMessage_(e)) {
       this.onVerifyConfirmedPassword_(msg.password);
     } else if (msg.method == 'redirectToSignin' &&
                this.isParentMessage_(e)) {
       $('gaia-frame').src = this.constructInitialFrameUrl_();
     } else {
        console.error('Authenticator.onMessage: unknown message + origin!?');
     }
   }
 };
 
 Authenticator.getInstance().initialize();