| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 /** | 5 /** |
| 6 * Authenticator class wraps the communications between Gaia and its host. | 6 * Authenticator class wraps the communications between Gaia and its host. |
| 7 */ | 7 */ |
| 8 function Authenticator() { | 8 function Authenticator() { |
| 9 } | 9 } |
| 10 | 10 |
| (...skipping 30 matching lines...) Expand all Loading... |
| 41 */ | 41 */ |
| 42 Authenticator.getInstance = function() { | 42 Authenticator.getInstance = function() { |
| 43 if (!Authenticator.instance_) { | 43 if (!Authenticator.instance_) { |
| 44 Authenticator.instance_ = new Authenticator(); | 44 Authenticator.instance_ = new Authenticator(); |
| 45 } | 45 } |
| 46 return Authenticator.instance_; | 46 return Authenticator.instance_; |
| 47 }; | 47 }; |
| 48 | 48 |
| 49 Authenticator.prototype = { | 49 Authenticator.prototype = { |
| 50 email_: null, | 50 email_: null, |
| 51 gaiaId_: null, |
| 51 | 52 |
| 52 // Depending on the key type chosen, this will contain the plain text password | 53 // Depending on the key type chosen, this will contain the plain text password |
| 53 // or a credential derived from it along with the information required to | 54 // or a credential derived from it along with the information required to |
| 54 // repeat the derivation, such as a salt. The information will be encoded so | 55 // repeat the derivation, such as a salt. The information will be encoded so |
| 55 // that it contains printable ASCII characters only. The exact encoding is TBD | 56 // that it contains printable ASCII characters only. The exact encoding is TBD |
| 56 // when support for key types other than plain text password is added. | 57 // when support for key types other than plain text password is added. |
| 57 passwordBytes_: null, | 58 passwordBytes_: null, |
| 58 | 59 |
| 60 chooseWhatToSync_: false, |
| 61 skipForNow_: false, |
| 62 sessionIndex_: null, |
| 63 |
| 59 attemptToken_: null, | 64 attemptToken_: null, |
| 60 | 65 |
| 61 // Input params from extension initialization URL. | 66 // Input params from extension initialization URL. |
| 62 inputLang_: undefined, | 67 inputLang_: undefined, |
| 63 intputEmail_: undefined, | 68 intputEmail_: undefined, |
| 64 | 69 |
| 65 isSAMLFlow_: false, | 70 isSAMLFlow_: false, |
| 66 gaiaLoaded_: false, | 71 gaiaLoaded_: false, |
| 67 supportChannel_: null, | 72 supportChannel_: null, |
| 68 | 73 |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 158 | 163 |
| 159 if (this.desktopMode_) { | 164 if (this.desktopMode_) { |
| 160 this.supportChannel_.send({ | 165 this.supportChannel_.send({ |
| 161 name: 'initDesktopFlow', | 166 name: 'initDesktopFlow', |
| 162 gaiaUrl: this.gaiaUrl_, | 167 gaiaUrl: this.gaiaUrl_, |
| 163 continueUrl: stripParams(this.continueUrl_), | 168 continueUrl: stripParams(this.continueUrl_), |
| 164 isConstrainedWindow: this.isConstrainedWindow_ | 169 isConstrainedWindow: this.isConstrainedWindow_ |
| 165 }); | 170 }); |
| 166 this.supportChannel_.registerMessage( | 171 this.supportChannel_.registerMessage( |
| 167 'switchToFullTab', this.switchToFullTab_.bind(this)); | 172 'switchToFullTab', this.switchToFullTab_.bind(this)); |
| 168 this.supportChannel_.registerMessage( | |
| 169 'completeLogin', this.completeLogin_.bind(this)); | |
| 170 } | 173 } |
| 174 this.supportChannel_.registerMessage( |
| 175 'completeLogin', this.onCompleteLogin_.bind(this)); |
| 171 this.initSAML_(); | 176 this.initSAML_(); |
| 172 this.maybeInitialized_(); | 177 this.maybeInitialized_(); |
| 173 }.bind(this)); | 178 }.bind(this)); |
| 174 | 179 |
| 175 window.setTimeout(function() { | 180 window.setTimeout(function() { |
| 176 if (!this.supportChannel_) { | 181 if (!this.supportChannel_) { |
| 177 // Re-initialize the channel if it is not connected properly, e.g. | 182 // Re-initialize the channel if it is not connected properly, e.g. |
| 178 // connect may be called before background script started running. | 183 // connect may be called before background script started running. |
| 179 this.initSupportChannel_(); | 184 this.initSupportChannel_(); |
| 180 } | 185 } |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 213 * @param {Object=} opt_extraMsg Optional extra info to send. | 218 * @param {Object=} opt_extraMsg Optional extra info to send. |
| 214 */ | 219 */ |
| 215 completeLogin_: function(opt_extraMsg) { | 220 completeLogin_: function(opt_extraMsg) { |
| 216 var msg = { | 221 var msg = { |
| 217 'method': 'completeLogin', | 222 'method': 'completeLogin', |
| 218 'email': (opt_extraMsg && opt_extraMsg.email) || this.email_, | 223 'email': (opt_extraMsg && opt_extraMsg.email) || this.email_, |
| 219 'password': (opt_extraMsg && opt_extraMsg.password) || | 224 'password': (opt_extraMsg && opt_extraMsg.password) || |
| 220 this.passwordBytes_, | 225 this.passwordBytes_, |
| 221 'usingSAML': this.isSAMLFlow_, | 226 'usingSAML': this.isSAMLFlow_, |
| 222 'chooseWhatToSync': this.chooseWhatToSync_ || false, | 227 'chooseWhatToSync': this.chooseWhatToSync_ || false, |
| 223 'skipForNow': opt_extraMsg && opt_extraMsg.skipForNow, | 228 'skipForNow': (opt_extraMsg && opt_extraMsg.skipForNow) || |
| 224 'sessionIndex': opt_extraMsg && opt_extraMsg.sessionIndex | 229 this.skipForNow_, |
| 230 'sessionIndex': (opt_extraMsg && opt_extraMsg.sessionIndex) || |
| 231 this.sessionIndex_, |
| 232 'gaiaId': (opt_extraMsg && opt_extraMsg.gaiaId) || this.gaiaId_ |
| 225 }; | 233 }; |
| 226 window.parent.postMessage(msg, this.parentPage_); | 234 window.parent.postMessage(msg, this.parentPage_); |
| 227 this.supportChannel_.send({name: 'resetAuth'}); | 235 this.supportChannel_.send({name: 'resetAuth'}); |
| 228 }, | 236 }, |
| 229 | 237 |
| 230 /** | 238 /** |
| 231 * Invoked when support channel is connected. | 239 * Invoked when support channel is connected. |
| 232 */ | 240 */ |
| 233 initSAML_: function() { | 241 initSAML_: function() { |
| 234 this.isSAMLFlow_ = false; | 242 this.isSAMLFlow_ = false; |
| (...skipping 26 matching lines...) Expand all Loading... |
| 261 */ | 269 */ |
| 262 onAuthPageLoaded_: function(msg) { | 270 onAuthPageLoaded_: function(msg) { |
| 263 var isSAMLPage = msg.url.indexOf(this.gaiaUrl_) != 0; | 271 var isSAMLPage = msg.url.indexOf(this.gaiaUrl_) != 0; |
| 264 | 272 |
| 265 if (isSAMLPage && !this.isSAMLFlow_) { | 273 if (isSAMLPage && !this.isSAMLFlow_) { |
| 266 // GAIA redirected to a SAML login page. The credentials provided to this | 274 // GAIA redirected to a SAML login page. The credentials provided to this |
| 267 // page will determine what user gets logged in. The credentials obtained | 275 // page will determine what user gets logged in. The credentials obtained |
| 268 // from the GAIA login form are no longer relevant and can be discarded. | 276 // from the GAIA login form are no longer relevant and can be discarded. |
| 269 this.isSAMLFlow_ = true; | 277 this.isSAMLFlow_ = true; |
| 270 this.email_ = null; | 278 this.email_ = null; |
| 279 this.gaiaId_ = null; |
| 271 this.passwordBytes_ = null; | 280 this.passwordBytes_ = null; |
| 272 } | 281 } |
| 273 | 282 |
| 274 window.parent.postMessage({ | 283 window.parent.postMessage({ |
| 275 'method': 'authPageLoaded', | 284 'method': 'authPageLoaded', |
| 276 'isSAML': this.isSAMLFlow_, | 285 'isSAML': this.isSAMLFlow_, |
| 277 'domain': extractDomain(msg.url) | 286 'domain': extractDomain(msg.url) |
| 278 }, this.parentPage_); | 287 }, this.parentPage_); |
| 279 }, | 288 }, |
| 280 | 289 |
| (...skipping 30 matching lines...) Expand all Loading... |
| 311 return; | 320 return; |
| 312 } | 321 } |
| 313 | 322 |
| 314 if (call.method == 'add') { | 323 if (call.method == 'add') { |
| 315 if (Authenticator.API_KEY_TYPES.indexOf(call.keyType) == -1) { | 324 if (Authenticator.API_KEY_TYPES.indexOf(call.keyType) == -1) { |
| 316 console.error('Authenticator.onAPICall_: unsupported key type'); | 325 console.error('Authenticator.onAPICall_: unsupported key type'); |
| 317 return; | 326 return; |
| 318 } | 327 } |
| 319 this.apiToken_ = call.token; | 328 this.apiToken_ = call.token; |
| 320 this.email_ = call.user; | 329 this.email_ = call.user; |
| 330 this.gaiaId_ = null; // TODO(rogerta): no idea what to do here. |
| 321 this.passwordBytes_ = call.passwordBytes; | 331 this.passwordBytes_ = call.passwordBytes; |
| 322 } else if (call.method == 'confirm') { | 332 } else if (call.method == 'confirm') { |
| 323 if (call.token != this.apiToken_) | 333 if (call.token != this.apiToken_) |
| 324 console.error('Authenticator.onAPICall_: token mismatch'); | 334 console.error('Authenticator.onAPICall_: token mismatch'); |
| 325 } else { | 335 } else { |
| 326 console.error('Authenticator.onAPICall_: unknown message'); | 336 console.error('Authenticator.onAPICall_: unknown message'); |
| 327 } | 337 } |
| 328 }, | 338 }, |
| 329 | 339 |
| 330 sendInitializationSuccess_: function() { | 340 sendInitializationSuccess_: function() { |
| 331 this.supportChannel_.send({name: 'apiResponse', response: { | 341 this.supportChannel_.send({name: 'apiResponse', response: { |
| 332 result: 'initialized', | 342 result: 'initialized', |
| 333 version: this.apiVersion_, | 343 version: this.apiVersion_, |
| 334 keyTypes: Authenticator.API_KEY_TYPES | 344 keyTypes: Authenticator.API_KEY_TYPES |
| 335 }}); | 345 }}); |
| 336 }, | 346 }, |
| 337 | 347 |
| 338 sendInitializationFailure_: function() { | 348 sendInitializationFailure_: function() { |
| 339 this.supportChannel_.send({ | 349 this.supportChannel_.send({ |
| 340 name: 'apiResponse', | 350 name: 'apiResponse', |
| 341 response: {result: 'initialization_failed'} | 351 response: {result: 'initialization_failed'} |
| 342 }); | 352 }); |
| 343 }, | 353 }, |
| 344 | 354 |
| 345 onConfirmLogin_: function() { | 355 /** |
| 346 if (!this.isSAMLFlow_) { | 356 * Callback invoked for 'completeLogin' message. |
| 347 this.completeLogin_(); | 357 */ |
| 358 onCompleteLogin_: function(opt_extraMsg) { |
| 359 // Skip SAML extra steps for desktop flow and non-SAML flow. |
| 360 if (!this.isSAMLFlow_ || this.desktopMode_) { |
| 361 this.completeLogin_(opt_extraMsg); |
| 348 return; | 362 return; |
| 349 } | 363 } |
| 350 | 364 |
| 365 if (opt_extraMsg) { |
| 366 this.email_ = opt_extraMsg.email; |
| 367 this.gaiaId_ = opt_extraMsg.gaiaId; |
| 368 // Password from |opt_extraMsg| is not used because ChromeOS SAML flow |
| 369 // gets password by asking user for confirm. |
| 370 this.skipForNow_ = opt_extraMsg.skipForNow; |
| 371 this.sessionIndex_ = opt_extraMsg.sessionIndex; |
| 372 } |
| 373 |
| 351 var apiUsed = !!this.passwordBytes_; | 374 var apiUsed = !!this.passwordBytes_; |
| 352 | 375 |
| 353 // Retrieve the e-mail address of the user who just authenticated from GAIA. | 376 // Retrieve the e-mail address of the user who just authenticated from GAIA. |
| 354 window.parent.postMessage({method: 'retrieveAuthenticatedUserEmail', | 377 window.parent.postMessage({method: 'retrieveAuthenticatedUserEmail', |
| 355 attemptToken: this.attemptToken_, | 378 attemptToken: this.attemptToken_, |
| 356 apiUsed: apiUsed}, | 379 apiUsed: apiUsed}, |
| 357 this.parentPage_); | 380 this.parentPage_); |
| 358 | 381 |
| 359 if (!apiUsed) { | 382 if (!apiUsed) { |
| 360 this.supportChannel_.sendWithCallback( | 383 this.supportChannel_.sendWithCallback( |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 394 } | 417 } |
| 395 window.parent.postMessage( | 418 window.parent.postMessage( |
| 396 {method: 'confirmPassword', email: this.email_}, | 419 {method: 'confirmPassword', email: this.email_}, |
| 397 this.parentPage_); | 420 this.parentPage_); |
| 398 }.bind(this)); | 421 }.bind(this)); |
| 399 }, | 422 }, |
| 400 | 423 |
| 401 onMessage: function(e) { | 424 onMessage: function(e) { |
| 402 var msg = e.data; | 425 var msg = e.data; |
| 403 if (msg.method == 'attemptLogin' && this.isGaiaMessage_(e)) { | 426 if (msg.method == 'attemptLogin' && this.isGaiaMessage_(e)) { |
| 427 // At this point GAIA does not yet know the gaiaId, so its not set here. |
| 404 this.email_ = msg.email; | 428 this.email_ = msg.email; |
| 405 this.passwordBytes_ = msg.password; | 429 this.passwordBytes_ = msg.password; |
| 406 this.attemptToken_ = msg.attemptToken; | 430 this.attemptToken_ = msg.attemptToken; |
| 407 this.chooseWhatToSync_ = msg.chooseWhatToSync; | 431 this.chooseWhatToSync_ = msg.chooseWhatToSync; |
| 408 this.isSAMLFlow_ = false; | 432 this.isSAMLFlow_ = false; |
| 409 if (this.supportChannel_) | 433 if (this.supportChannel_) |
| 410 this.supportChannel_.send({name: 'startAuth'}); | 434 this.supportChannel_.send({name: 'startAuth'}); |
| 411 else | 435 else |
| 412 console.error('Support channel is not initialized.'); | 436 console.error('Support channel is not initialized.'); |
| 413 } else if (msg.method == 'clearOldAttempts' && this.isGaiaMessage_(e)) { | 437 } else if (msg.method == 'clearOldAttempts' && this.isGaiaMessage_(e)) { |
| 414 if (!this.gaiaLoaded_) { | 438 if (!this.gaiaLoaded_) { |
| 415 this.gaiaLoaded_ = true; | 439 this.gaiaLoaded_ = true; |
| 416 this.maybeInitialized_(); | 440 this.maybeInitialized_(); |
| 417 } | 441 } |
| 418 this.email_ = null; | 442 this.email_ = null; |
| 443 this.gaiaId_ = null; |
| 419 this.passwordBytes_ = null; | 444 this.passwordBytes_ = null; |
| 420 this.attemptToken_ = null; | 445 this.attemptToken_ = null; |
| 421 this.isSAMLFlow_ = false; | 446 this.isSAMLFlow_ = false; |
| 422 if (this.supportChannel_) | 447 if (this.supportChannel_) |
| 423 this.supportChannel_.send({name: 'resetAuth'}); | 448 this.supportChannel_.send({name: 'resetAuth'}); |
| 424 } else if (msg.method == 'setAuthenticatedUserEmail' && | 449 } else if (msg.method == 'setAuthenticatedUserEmail' && |
| 425 this.isParentMessage_(e)) { | 450 this.isParentMessage_(e)) { |
| 426 if (this.attemptToken_ == msg.attemptToken) { | 451 if (this.attemptToken_ == msg.attemptToken) { |
| 427 this.email_ = msg.email; | 452 this.email_ = msg.email; |
| 428 this.maybeCompleteSAMLLogin_(); | 453 this.maybeCompleteSAMLLogin_(); |
| 429 } | 454 } |
| 430 } else if (msg.method == 'confirmLogin' && this.isInternalMessage_(e)) { | |
| 431 // In the desktop mode, Chrome needs to wait for extra info such as | |
| 432 // session index from the background JS. | |
| 433 if (this.desktopMode_) | |
| 434 return; | |
| 435 | |
| 436 if (this.attemptToken_ == msg.attemptToken) | |
| 437 this.onConfirmLogin_(); | |
| 438 else | |
| 439 console.error('Authenticator.onMessage: unexpected attemptToken!?'); | |
| 440 } else if (msg.method == 'verifyConfirmedPassword' && | 455 } else if (msg.method == 'verifyConfirmedPassword' && |
| 441 this.isParentMessage_(e)) { | 456 this.isParentMessage_(e)) { |
| 442 this.onVerifyConfirmedPassword_(msg.password); | 457 this.onVerifyConfirmedPassword_(msg.password); |
| 443 } else if (msg.method == 'redirectToSignin' && | 458 } else if (msg.method == 'redirectToSignin' && |
| 444 this.isParentMessage_(e)) { | 459 this.isParentMessage_(e)) { |
| 445 $('gaia-frame').src = this.constructInitialFrameUrl_(); | 460 $('gaia-frame').src = this.constructInitialFrameUrl_(); |
| 446 } else { | 461 } else { |
| 447 console.error('Authenticator.onMessage: unknown message + origin!?'); | 462 console.error('Authenticator.onMessage: unknown message + origin!?'); |
| 448 } | 463 } |
| 449 } | 464 } |
| 450 }; | 465 }; |
| 451 | 466 |
| 452 Authenticator.getInstance().initialize(); | 467 Authenticator.getInstance().initialize(); |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 606083002:
patch from issue 473153002 (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master