| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 /** | 5 /** |
| 6 * @fileoverview | 6 * @fileoverview |
| 7 * A background script of the auth extension that bridges the communication | 7 * A background script of the auth extension that bridges the communication |
| 8 * between the main and injected scripts. | 8 * between the main and injected scripts. |
| 9 * | 9 * |
| 10 * Here is an overview of the communication flow when SAML is being used: | 10 * Here is an overview of the communication flow when SAML is being used: |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 112 isDesktopFlow_: false, | 112 isDesktopFlow_: false, |
| 113 | 113 |
| 114 // Whether the extension is loaded in a constrained window. | 114 // Whether the extension is loaded in a constrained window. |
| 115 // Set from main auth script. | 115 // Set from main auth script. |
| 116 isConstrainedWindow_: null, | 116 isConstrainedWindow_: null, |
| 117 | 117 |
| 118 // Email of the newly authenticated user based on the gaia response header | 118 // Email of the newly authenticated user based on the gaia response header |
| 119 // 'google-accounts-signin'. | 119 // 'google-accounts-signin'. |
| 120 email_: null, | 120 email_: null, |
| 121 | 121 |
| 122 // Gaia Id of the newly authenticated user based on the gaia response |
| 123 // header 'google-accounts-signin'. |
| 124 gaiaId_: null, |
| 125 |
| 122 // Session index of the newly authenticated user based on the gaia response | 126 // Session index of the newly authenticated user based on the gaia response |
| 123 // header 'google-accounts-signin'. | 127 // header 'google-accounts-signin'. |
| 124 sessionIndex_: null, | 128 sessionIndex_: null, |
| 125 | 129 |
| 126 // Gaia URL base that is set from main auth script. | 130 // Gaia URL base that is set from main auth script. |
| 127 gaiaUrl_: null, | 131 gaiaUrl_: null, |
| 128 | 132 |
| 129 // Whether to abort the authentication flow and show an error messagen when | 133 // Whether to abort the authentication flow and show an error messagen when |
| 130 // content served over an unencrypted connection is detected. | 134 // content served over an unencrypted connection is detected. |
| 131 blockInsecureContent_: false, | 135 blockInsecureContent_: false, |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 197 | 201 |
| 198 /** | 202 /** |
| 199 * Handler for webRequest.onCompleted. It 1) detects loading of continue URL | 203 * Handler for webRequest.onCompleted. It 1) detects loading of continue URL |
| 200 * and notifies the main script of signin completion; 2) detects if the | 204 * and notifies the main script of signin completion; 2) detects if the |
| 201 * current page could be loaded in a constrained window and signals the main | 205 * current page could be loaded in a constrained window and signals the main |
| 202 * script of switching to full tab if necessary. | 206 * script of switching to full tab if necessary. |
| 203 */ | 207 */ |
| 204 onCompleted: function(details) { | 208 onCompleted: function(details) { |
| 205 // Only monitors requests in the gaia frame whose parent frame ID must be | 209 // Only monitors requests in the gaia frame whose parent frame ID must be |
| 206 // positive. | 210 // positive. |
| 207 if (!this.isDesktopFlow_ || details.parentFrameId <= 0) | 211 if (details.parentFrameId <= 0) |
| 208 return; | 212 return; |
| 209 | 213 |
| 210 if (details.url.lastIndexOf(backgroundBridgeManager.CONTINUE_URL_BASE, 0) == | 214 if (details.url.lastIndexOf(backgroundBridgeManager.CONTINUE_URL_BASE, 0) == |
| 211 0) { | 215 0) { |
| 212 var skipForNow = false; | 216 var skipForNow = false; |
| 213 if (details.url.indexOf('ntp=1') >= 0) | 217 if (details.url.indexOf('ntp=1') >= 0) |
| 214 skipForNow = true; | 218 skipForNow = true; |
| 215 | 219 |
| 216 // TOOD(guohui): Show password confirmation UI. | 220 // TOOD(guohui): For desktop SAML flow, show password confirmation UI. |
| 217 var passwords = this.onGetScrapedPasswords_(); | 221 var passwords = this.onGetScrapedPasswords_(); |
| 218 var msg = { | 222 var msg = { |
| 219 'name': 'completeLogin', | 223 'name': 'completeLogin', |
| 220 'email': this.email_, | 224 'email': this.email_, |
| 225 'gaiaId': this.gaiaId_, |
| 221 'password': passwords[0], | 226 'password': passwords[0], |
| 222 'sessionIndex': this.sessionIndex_, | 227 'sessionIndex': this.sessionIndex_, |
| 223 'skipForNow': skipForNow | 228 'skipForNow': skipForNow |
| 224 }; | 229 }; |
| 225 this.channelMain_.send(msg); | 230 this.channelMain_.send(msg); |
| 226 } else if (this.isConstrainedWindow_) { | 231 } else if (this.isConstrainedWindow_) { |
| 227 // The header google-accounts-embedded is only set on gaia domain. | 232 // The header google-accounts-embedded is only set on gaia domain. |
| 228 if (this.gaiaUrl_ && details.url.lastIndexOf(this.gaiaUrl_) == 0) { | 233 if (this.gaiaUrl_ && details.url.lastIndexOf(this.gaiaUrl_) == 0) { |
| 229 var headers = details.responseHeaders; | 234 var headers = details.responseHeaders; |
| 230 for (var i = 0; headers && i < headers.length; ++i) { | 235 for (var i = 0; headers && i < headers.length; ++i) { |
| (...skipping 24 matching lines...) Expand all Loading... |
| 255 }, | 260 }, |
| 256 | 261 |
| 257 /** | 262 /** |
| 258 * Handler or webRequest.onHeadersReceived. It reads the authenticated user | 263 * Handler or webRequest.onHeadersReceived. It reads the authenticated user |
| 259 * email from google-accounts-signin-header. | 264 * email from google-accounts-signin-header. |
| 260 * @return {!Object} Modified request headers. | 265 * @return {!Object} Modified request headers. |
| 261 */ | 266 */ |
| 262 onHeadersReceived: function(details) { | 267 onHeadersReceived: function(details) { |
| 263 var headers = details.responseHeaders; | 268 var headers = details.responseHeaders; |
| 264 | 269 |
| 265 if (this.isDesktopFlow_ && | 270 if (this.gaiaUrl_ && details.url.lastIndexOf(this.gaiaUrl_) == 0) { |
| 266 this.gaiaUrl_ && | |
| 267 details.url.lastIndexOf(this.gaiaUrl_) == 0) { | |
| 268 // TODO(xiyuan, guohui): CrOS should reuse the logic below for reading the | |
| 269 // email for SAML users and cut off the /ListAccount call. | |
| 270 for (var i = 0; headers && i < headers.length; ++i) { | 271 for (var i = 0; headers && i < headers.length; ++i) { |
| 271 if (headers[i].name.toLowerCase() == 'google-accounts-signin') { | 272 if (headers[i].name.toLowerCase() == 'google-accounts-signin') { |
| 272 var headerValues = headers[i].value.toLowerCase().split(','); | 273 var headerValues = headers[i].value.toLowerCase().split(','); |
| 273 var signinDetails = {}; | 274 var signinDetails = {}; |
| 274 headerValues.forEach(function(e) { | 275 headerValues.forEach(function(e) { |
| 275 var pair = e.split('='); | 276 var pair = e.split('='); |
| 276 signinDetails[pair[0].trim()] = pair[1].trim(); | 277 signinDetails[pair[0].trim()] = pair[1].trim(); |
| 277 }); | 278 }); |
| 278 // Remove "" around. | 279 // Remove "" around. |
| 279 this.email_ = signinDetails['email'].slice(1, -1); | 280 this.email_ = signinDetails['email'].slice(1, -1); |
| 281 this.gaiaId_ = signinDetails['obfuscatedid'].slice(1, -1); |
| 280 this.sessionIndex_ = signinDetails['sessionindex']; | 282 this.sessionIndex_ = signinDetails['sessionindex']; |
| 281 break; | 283 break; |
| 282 } | 284 } |
| 283 } | 285 } |
| 284 } | 286 } |
| 285 | 287 |
| 286 if (!this.isDesktopFlow_) { | 288 if (!this.isDesktopFlow_) { |
| 287 // Check whether GAIA headers indicating the start or end of a SAML | 289 // Check whether GAIA headers indicating the start or end of a SAML |
| 288 // redirect are present. If so, synthesize cookies to mark these points. | 290 // redirect are present. If so, synthesize cookies to mark these points. |
| 289 for (var i = 0; headers && i < headers.length; ++i) { | 291 for (var i = 0; headers && i < headers.length; ++i) { |
| (...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 416 }, | 418 }, |
| 417 | 419 |
| 418 onPageLoaded_: function(msg) { | 420 onPageLoaded_: function(msg) { |
| 419 if (this.channelMain_) | 421 if (this.channelMain_) |
| 420 this.channelMain_.send({name: 'onAuthPageLoaded', url: msg.url}); | 422 this.channelMain_.send({name: 'onAuthPageLoaded', url: msg.url}); |
| 421 } | 423 } |
| 422 }; | 424 }; |
| 423 | 425 |
| 424 var backgroundBridgeManager = new BackgroundBridgeManager(); | 426 var backgroundBridgeManager = new BackgroundBridgeManager(); |
| 425 backgroundBridgeManager.run(); | 427 backgroundBridgeManager.run(); |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 473153002:
Inline sign in extracts gaia id from HTTP header and seeds account tracker (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src