Implement the calls to GAIA for the IDP IFrame protocol.

google_apis/gaia/gaia_auth_fetcher.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "google_apis/gaia/gaia_auth_fetcher.h"
 
 #include <string>
 #include <utility>
 #include <vector>
 
@@ skipping 23 matching lines @@
 static bool CookiePartsContains(const std::vector<std::string>& parts,
                                 const char* part) {
   for (std::vector<std::string>::const_iterator it = parts.begin();
        it != parts.end(); ++it) {
     if (LowerCaseEqualsASCII(*it, part))
       return true;
   }
   return false;
 }
 
-bool ExtractOAuth2TokenPairResponse(base::DictionaryValue* dict,
+// From the JSON string |data|, extract the |access_token| and |expires_in_secs|
+// both of which must exist. If the |refresh_token| is non-NULL, then it also
+// must exist and is extraced; if it's NULL, then no extraction is attempted.
+bool ExtractOAuth2TokenPairResponse(const std::string& data,
                                     std::string* refresh_token,
                                     std::string* access_token,
                                     int* expires_in_secs) {
-  DCHECK(refresh_token);
   DCHECK(access_token);
   DCHECK(expires_in_secs);
 
-  if (!dict->GetStringWithoutPathExpansion("refresh_token", refresh_token) ||
-      !dict->GetStringWithoutPathExpansion("access_token", access_token) ||
+  scoped_ptr<base::Value> value(base::JSONReader::Read(data));
+  if (!value.get() || value->GetType() != base::Value::TYPE_DICTIONARY)
+    return false;
+
+  base::DictionaryValue* dict =
+        static_cast<base::DictionaryValue*>(value.get());
+
+  if (!dict->GetStringWithoutPathExpansion("access_token", access_token) ||
       !dict->GetIntegerWithoutPathExpansion("expires_in", expires_in_secs)) {
     return false;
   }
 
+  // Refresh token may not be required.
+  if (refresh_token) {
+    if (!dict->GetStringWithoutPathExpansion("refresh_token", refresh_token))
+      return false;
+  }
   return true;
 }
 
+const char* kListIdpServiceRequested = "list_idp";
+const char* kGetTokenResponseRequested = "get_token";
+
 }  // namespace
 
 // TODO(chron): Add sourceless version of this formatter.
 // static
 const char GaiaAuthFetcher::kClientLoginFormat[] =
     "Email=%s&"
     "Passwd=%s&"
     "PersistentCookie=%s&"
     "accountType=%s&"
     "source=%s&"
@@ skipping 116 matching lines @@
       merge_session_gurl_(GaiaUrls::GetInstance()->merge_session_url()),
       uberauth_token_gurl_(GaiaUrls::GetInstance()->oauth1_login_url().Resolve(
           base::StringPrintf(kUberAuthTokenURLFormat, source.c_str()))),
       oauth_login_gurl_(GaiaUrls::GetInstance()->oauth1_login_url()),
       list_accounts_gurl_(
           GaiaUrls::GetInstance()->ListAccountsURLWithSource(source)),
       get_check_connection_info_url_(
           GaiaUrls::GetInstance()->GetCheckConnectionInfoURLWithSource(source)),
       client_login_to_oauth2_gurl_(
           GaiaUrls::GetInstance()->client_login_to_oauth2_url()),
+      oauth2_iframe_url_(GaiaUrls::GetInstance()->oauth2_iframe_url()),
       fetch_pending_(false) {}
 
 GaiaAuthFetcher::~GaiaAuthFetcher() {}
 
 bool GaiaAuthFetcher::HasPendingFetch() {
   return fetch_pending_;
 }
 
 void GaiaAuthFetcher::CancelRequest() {
   fetcher_.reset();
@@ skipping 208 matching lines @@
 std::string GaiaAuthFetcher::MakeOAuthLoginBody(const std::string& service,
                                                 const std::string& source) {
   std::string encoded_service = net::EscapeUrlEncodedData(service, true);
   std::string encoded_source = net::EscapeUrlEncodedData(source, true);
   return base::StringPrintf(kOAuthLoginFormat,
                             encoded_service.c_str(),
                             encoded_source.c_str());
 }
 
 // static
+std::string GaiaAuthFetcher::MakeListIDPSessionsBody(
+    const std::string& scopes,
+    const std::string& domain) {
+  static const char getTokenResponseBodyFormat[] =
+    "action=listSessions&"
+    "client_id=%s&"
+    "e=3100087&"               // temporarily enable the experiment.
+    "ss_domain=%s&"

[guibinkong, 2015/03/09 18:26:50]

remove ss_domain, since ss_domain is same as origin, in which case, ss_domain
isn't required.

[Mike Lerman, 2015/03/09 18:59:56]

Done.

+    "origin=%s&"
+    "scope=%s";
+  std::string encoded_client_id = net::EscapeUrlEncodedData(
+      GaiaUrls::GetInstance()->oauth2_chrome_client_id(), true);
+  return base::StringPrintf(getTokenResponseBodyFormat,
+                            encoded_client_id.c_str(),
+                            domain.c_str(),
+                            domain.c_str(),
+                            scopes.c_str());
+}
+
+std::string GaiaAuthFetcher::MakeGetTokenResponseBody(
+    const std::string& scopes,
+    const std::string& domain,
+    const std::string& login_hint) {
+  static const char getTokenResponseBodyFormat[] =
+    "action=issueToken&"
+    "client_id=%s&"
+    "login_hint=%s&"
+    "origin=%s&"
+    "e=3100087&"               // temporarily enable the experiment.
+    "response_type=token+id_token&"

[guibinkong, 2015/03/09 18:26:50]

remove '+id_token', since you don't need the ID Token .

[Mike Lerman, 2015/03/09 18:59:56]

Done.

+    "scope=%s";
+  std::string encoded_client_id = net::EscapeUrlEncodedData(
+      GaiaUrls::GetInstance()->oauth2_chrome_client_id(), true);
+  return base::StringPrintf(getTokenResponseBodyFormat,
+                            encoded_client_id.c_str(),
+                            login_hint.c_str(),
+                            domain.c_str(),
+                            scopes.c_str());
+}
+
+// static
 void GaiaAuthFetcher::ParseClientLoginFailure(const std::string& data,
                                               std::string* error,
                                               std::string* error_url,
                                               std::string* captcha_url,
                                               std::string* captcha_token) {
   using std::vector;
   using std::pair;
   using std::string;
 
   vector<pair<string, string> > tokens;
@@ skipping 42 matching lines @@
     if (StartsWithASCII(
         part, kClientLoginToOAuth2CookiePartCodePrefix, false)) {
       auth_code->assign(part.substr(
           kClientLoginToOAuth2CookiePartCodePrefixLength));
       return true;
     }
   }
   return false;
 }
 
+// static
+bool GaiaAuthFetcher::ParseListIdpSessionsResponse(const std::string& data,
+                                                   std::string* login_hint) {
+  DCHECK(login_hint);
+
+  scoped_ptr<base::Value> value(base::JSONReader::Read(data));
+  if (!value.get() || value->GetType() != base::Value::TYPE_DICTIONARY)
+    return false;
+
+  base::DictionaryValue* dict =
+        static_cast<base::DictionaryValue*>(value.get());
+
+  base::ListValue* sessionsList;
+  if (!dict->GetList("sessions", &sessionsList))
+    return false;
+
+  // Find the first login_hint present in any session.
+  for (base::ListValue::iterator iter = sessionsList->begin();
+       iter != sessionsList->end();
+       iter++) {
+    base::DictionaryValue* sessionDictionary;
+    if (!(*iter)->GetAsDictionary(&sessionDictionary))
+      continue;
+
+    if (sessionDictionary->GetString("login_hint", login_hint))
+      break;
+  }
+
+  if (login_hint->empty())
+    return false;
+  return true;
+}
+
 void GaiaAuthFetcher::StartClientLogin(
     const std::string& username,
     const std::string& password,
     const char* const service,
     const std::string& login_token,
     const std::string& login_captcha,
     HostedAccountsSetting allow_hosted_accounts) {
 
   DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
 
@@ skipping 220 matching lines @@
   fetcher_.reset(CreateGaiaFetcher(getter_,
                                    std::string(),
                                    std::string(),
                                    get_check_connection_info_url_,
                                    kLoadFlagsIgnoreCookies,
                                    this));
   fetch_pending_ = true;
   fetcher_->Start();
 }
 
+void GaiaAuthFetcher::StartListIDPSessions(const std::string& scopes,
+                                           const std::string& domain) {
+  DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
+
+  request_body_ = MakeListIDPSessionsBody(scopes, domain);
+  fetcher_.reset(CreateGaiaFetcher(getter_,
+                                   request_body_,
+                                   std::string(),
+                                   oauth2_iframe_url_,
+                                   net::LOAD_NORMAL,
+                                   this));
+  requested_service_ = kListIdpServiceRequested;
+  fetch_pending_ = true;
+  fetcher_->Start();
+}
+
+void GaiaAuthFetcher::StartGetTokenResponse(const std::string& scopes,
+                                            const std::string& domain,
+                                            const std::string& login_hint) {
+  DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
+
+  request_body_ = MakeGetTokenResponseBody(scopes, domain, login_hint);
+  fetcher_.reset(CreateGaiaFetcher(getter_,
+                                   request_body_,
+                                   std::string(),
+                                   oauth2_iframe_url_,
+                                   net::LOAD_NORMAL,
+                                   this));
+
+  requested_service_ = kGetTokenResponseRequested;
+  fetch_pending_ = true;
+  fetcher_->Start();
+}
+
 // static
 GoogleServiceAuthError GaiaAuthFetcher::GenerateAuthError(
     const std::string& data,
     const net::URLRequestStatus& status) {
   if (!status.is_success()) {
     if (status.status() == net::URLRequestStatus::CANCELED) {
       return GoogleServiceAuthError(GoogleServiceAuthError::REQUEST_CANCELED);
     }
     DLOG(WARNING) << "Could not reach Google Accounts servers: errno "
                   << status.error();
@@ skipping 90 matching lines @@
 void GaiaAuthFetcher::OnOAuth2TokenPairFetched(
     const std::string& data,
     const net::URLRequestStatus& status,
     int response_code) {
   std::string refresh_token;
   std::string access_token;
   int expires_in_secs = 0;
 
   bool success = false;
   if (status.is_success() && response_code == net::HTTP_OK) {
-    scoped_ptr<base::Value> value(base::JSONReader::Read(data));
-    if (value.get() && value->GetType() == base::Value::TYPE_DICTIONARY) {
-      base::DictionaryValue* dict =
-          static_cast<base::DictionaryValue*>(value.get());
-      success = ExtractOAuth2TokenPairResponse(dict, &refresh_token,
+      success = ExtractOAuth2TokenPairResponse(data, &refresh_token,
                                                &access_token, &expires_in_secs);
-    }
   }
 
   if (success) {
     consumer_->OnClientOAuthSuccess(
         GaiaAuthConsumer::ClientOAuthResult(refresh_token, access_token,
                                             expires_in_secs));
   } else {
     consumer_->OnClientOAuthFailure(GenerateAuthError(data, status));
   }
 }
@@ skipping 73 matching lines @@
     const std::string& data,
     const net::URLRequestStatus& status,
     int response_code) {
   if (status.is_success() && response_code == net::HTTP_OK) {
     consumer_->OnGetCheckConnectionInfoSuccess(data);
   } else {
     consumer_->OnGetCheckConnectionInfoError(GenerateAuthError(data, status));
   }
 }
 
+void GaiaAuthFetcher::OnListIdpSessionsFetched(
+    const std::string& data,
+    const net::URLRequestStatus& status,
+    int response_code) {
+  if (status.is_success() && response_code == net::HTTP_OK) {
+    DVLOG(1) << "ListIdpSessions successful!";
+    std::string login_hint;
+    ParseListIdpSessionsResponse(data, &login_hint);
+    consumer_->OnListIdpSessionsSuccess(login_hint);
+  } else {
+    consumer_->OnListIdpSessionsError(GenerateAuthError(data, status));
+  }
+}
+
+void GaiaAuthFetcher::OnGetTokenResponseFetched(
+    const std::string& data,
+    const net::URLRequestStatus& status,
+    int response_code) {
+  std::string access_token;
+  int expires_in_secs = 0;
+  bool success = false;
+  if (status.is_success() && response_code == net::HTTP_OK) {
+    DVLOG(1) << "GetTokenResponse successful!";
+    success = ExtractOAuth2TokenPairResponse(data, NULL,
+                                             &access_token, &expires_in_secs);
+  }
+
+  if (success) {
+    consumer_->OnGetTokenResponseSuccess(
+        GaiaAuthConsumer::ClientOAuthResult(std::string(), access_token,
+                                            expires_in_secs));
+  } else {
+    consumer_->OnGetTokenResponseError(GenerateAuthError(data, status));
+  }
+}
+
 void GaiaAuthFetcher::OnURLFetchComplete(const net::URLFetcher* source) {
   fetch_pending_ = false;
   // Some of the GAIA requests perform redirects, which results in the final
   // URL of the fetcher not being the original URL requested.  Therefore use
   // the original URL when determining which OnXXX function to call.
   const GURL& url = source->GetOriginalURL();
   const net::URLRequestStatus& status = source->GetStatus();
   int response_code = source->GetResponseCode();
   std::string data;
   source->GetResponseAsString(&data);
@@ skipping 23 matching lines @@
   } else if (url == uberauth_token_gurl_) {
     OnUberAuthTokenFetch(data, status, response_code);
   } else if (url == oauth_login_gurl_) {
     OnOAuthLoginFetched(data, status, response_code);
   } else if (url == oauth2_revoke_gurl_) {
     OnOAuth2RevokeTokenFetched(data, status, response_code);
   } else if (url == list_accounts_gurl_) {
     OnListAccountsFetched(data, status, response_code);
   } else if (url == get_check_connection_info_url_) {
     OnGetCheckConnectionInfoFetched(data, status, response_code);
+  } else if (url == oauth2_iframe_url_) {
+    if (requested_service_ == kListIdpServiceRequested)
+      OnListIdpSessionsFetched(data, status, response_code);
+    else if (requested_service_ == kGetTokenResponseRequested)
+      OnGetTokenResponseFetched(data, status, response_code);
+    else
+      NOTREACHED();
   } else {
     NOTREACHED();
   }
 }
 
 // static
 bool GaiaAuthFetcher::IsSecondFactorSuccess(
     const std::string& alleged_error) {
   return alleged_error.find(kSecondFactor) !=
       std::string::npos;
 }
 
 // static
 bool GaiaAuthFetcher::IsWebLoginRequiredSuccess(
     const std::string& alleged_error) {
   return alleged_error.find(kWebLoginRequired) !=
       std::string::npos;
 }