search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Include all dupe types (event when value is zero) in scan stats.
[chromium-blink-merge.git] / google_apis / gaia / gaia_auth_fetcher.cc
blob42134bb5d4c475dec8b8b3c548d5c1d716fb48ec
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "google_apis/gaia/gaia_auth_fetcher.h"
6
7 #include <string>
8 #include <utility>
9 #include <vector>
10
11 #include "base/json/json_reader.h"
12 #include "base/json/json_writer.h"
13 #include "base/profiler/scoped_tracker.h"
14 #include "base/strings/string_split.h"
15 #include "base/strings/string_util.h"
16 #include "base/strings/stringprintf.h"
17 #include "base/values.h"
18 #include "google_apis/gaia/gaia_auth_consumer.h"
19 #include "google_apis/gaia/gaia_constants.h"
20 #include "google_apis/gaia/gaia_urls.h"
21 #include "google_apis/gaia/google_service_auth_error.h"
22 #include "net/base/escape.h"
23 #include "net/base/load_flags.h"
24 #include "net/http/http_response_headers.h"
25 #include "net/http/http_status_code.h"
26 #include "net/url_request/url_fetcher.h"
27 #include "net/url_request/url_request_context_getter.h"
28 #include "net/url_request/url_request_status.h"
29
30 namespace {
31 const int kLoadFlagsIgnoreCookies = net::LOAD_DO_NOT_SEND_COOKIES |
32 net::LOAD_DO_NOT_SAVE_COOKIES;
33
34 static bool CookiePartsContains(const std::vector<std::string>& parts,
35 const char* part) {
36 for (std::vector<std::string>::const_iterator it = parts.begin();
37 it != parts.end(); ++it) {
38 if (LowerCaseEqualsASCII(*it, part))
39 return true;
40 }
41 return false;
42 }
43
44 // From the JSON string |data|, extract the |access_token| and |expires_in_secs|
45 // both of which must exist. If the |refresh_token| is non-NULL, then it also
46 // must exist and is extraced; if it's NULL, then no extraction is attempted.
47 bool ExtractOAuth2TokenPairResponse(const std::string& data,
48 std::string* refresh_token,
49 std::string* access_token,
50 int* expires_in_secs) {
51 DCHECK(access_token);
52 DCHECK(expires_in_secs);
53
54 scoped_ptr<base::Value> value = base::JSONReader::Read(data);
55 if (!value.get() || value->GetType() != base::Value::TYPE_DICTIONARY)
56 return false;
57
58 base::DictionaryValue* dict =
59 static_cast<base::DictionaryValue*>(value.get());
60
61 if (!dict->GetStringWithoutPathExpansion("access_token", access_token) ||
62 !dict->GetIntegerWithoutPathExpansion("expires_in", expires_in_secs)) {
63 return false;
64 }
65
66 // Refresh token may not be required.
67 if (refresh_token) {
68 if (!dict->GetStringWithoutPathExpansion("refresh_token", refresh_token))
69 return false;
70 }
71 return true;
72 }
73
74 const char kListIdpServiceRequested[] = "list_idp";
75 const char kGetTokenResponseRequested[] = "get_token";
76
77 } // namespace
78
79 // TODO(chron): Add sourceless version of this formatter.
80 // static
81 const char GaiaAuthFetcher::kClientLoginFormat[] =
82 "Email=%s&"
83 "Passwd=%s&"
84 "PersistentCookie=%s&"
85 "accountType=%s&"
86 "source=%s&"
87 "service=%s";
88 // static
89 const char GaiaAuthFetcher::kClientLoginCaptchaFormat[] =
90 "Email=%s&"
91 "Passwd=%s&"
92 "PersistentCookie=%s&"
93 "accountType=%s&"
94 "source=%s&"
95 "service=%s&"
96 "logintoken=%s&"
97 "logincaptcha=%s";
98 // static
99 const char GaiaAuthFetcher::kIssueAuthTokenFormat[] =
100 "SID=%s&"
101 "LSID=%s&"
102 "service=%s&"
103 "Session=%s";
104 // static
105 const char GaiaAuthFetcher::kClientLoginToOAuth2BodyFormat[] =
106 "scope=%s&client_id=%s";
107 // static
108 const char GaiaAuthFetcher::kClientLoginToOAuth2WithDeviceTypeBodyFormat[] =
109 "scope=%s&client_id=%s&device_type=chrome";
110 // static
111 const char GaiaAuthFetcher::kOAuth2CodeToTokenPairBodyFormat[] =
112 "scope=%s&"
113 "grant_type=authorization_code&"
114 "client_id=%s&"
115 "client_secret=%s&"
116 "code=%s";
117 // static
118 const char GaiaAuthFetcher::kOAuth2CodeToTokenPairDeviceIdParam[] =
119 "device_id=%s&device_type=chrome";
120 // static
121 const char GaiaAuthFetcher::kOAuth2RevokeTokenBodyFormat[] =
122 "token=%s";
123 // static
124 const char GaiaAuthFetcher::kGetUserInfoFormat[] =
125 "LSID=%s";
126 // static
127 const char GaiaAuthFetcher::kMergeSessionFormat[] =
128 "uberauth=%s&"
129 "continue=%s&"
130 "source=%s";
131 // static
132 const char GaiaAuthFetcher::kUberAuthTokenURLFormat[] =
133 "?source=%s&"
134 "issueuberauth=1";
135
136 const char GaiaAuthFetcher::kOAuthLoginFormat[] = "service=%s&source=%s";
137
138 // static
139 const char GaiaAuthFetcher::kAccountDeletedError[] = "AccountDeleted";
140 // static
141 const char GaiaAuthFetcher::kAccountDisabledError[] = "AccountDisabled";
142 // static
143 const char GaiaAuthFetcher::kBadAuthenticationError[] = "BadAuthentication";
144 // static
145 const char GaiaAuthFetcher::kCaptchaError[] = "CaptchaRequired";
146 // static
147 const char GaiaAuthFetcher::kServiceUnavailableError[] =
148 "ServiceUnavailable";
149 // static
150 const char GaiaAuthFetcher::kErrorParam[] = "Error";
151 // static
152 const char GaiaAuthFetcher::kErrorUrlParam[] = "Url";
153 // static
154 const char GaiaAuthFetcher::kCaptchaUrlParam[] = "CaptchaUrl";
155 // static
156 const char GaiaAuthFetcher::kCaptchaTokenParam[] = "CaptchaToken";
157
158 // static
159 const char GaiaAuthFetcher::kCookiePersistence[] = "true";
160 // static
161 // TODO(johnnyg): When hosted accounts are supported by sync,
162 // we can always use "HOSTED_OR_GOOGLE"
163 const char GaiaAuthFetcher::kAccountTypeHostedOrGoogle[] =
164 "HOSTED_OR_GOOGLE";
165 const char GaiaAuthFetcher::kAccountTypeGoogle[] =
166 "GOOGLE";
167
168 // static
169 const char GaiaAuthFetcher::kSecondFactor[] = "Info=InvalidSecondFactor";
170 // static
171 const char GaiaAuthFetcher::kWebLoginRequired[] = "Info=WebLoginRequired";
172
173 // static
174 const char GaiaAuthFetcher::kAuthHeaderFormat[] =
175 "Authorization: GoogleLogin auth=%s";
176 // static
177 const char GaiaAuthFetcher::kOAuthHeaderFormat[] = "Authorization: OAuth %s";
178 // static
179 const char GaiaAuthFetcher::kOAuth2BearerHeaderFormat[] =
180 "Authorization: Bearer %s";
181 // static
182 const char GaiaAuthFetcher::kDeviceIdHeaderFormat[] = "X-Device-ID: %s";
183 // static
184 const char GaiaAuthFetcher::kClientLoginToOAuth2CookiePartSecure[] = "secure";
185 // static
186 const char GaiaAuthFetcher::kClientLoginToOAuth2CookiePartHttpOnly[] =
187 "httponly";
188 // static
189 const char GaiaAuthFetcher::kClientLoginToOAuth2CookiePartCodePrefix[] =
190 "oauth_code=";
191 // static
192 const int GaiaAuthFetcher::kClientLoginToOAuth2CookiePartCodePrefixLength =
193 arraysize(GaiaAuthFetcher::kClientLoginToOAuth2CookiePartCodePrefix) - 1;
194
195 GaiaAuthFetcher::GaiaAuthFetcher(GaiaAuthConsumer* consumer,
196 const std::string& source,
197 net::URLRequestContextGetter* getter)
198 : consumer_(consumer),
199 getter_(getter),
200 source_(source),
201 client_login_gurl_(GaiaUrls::GetInstance()->client_login_url()),
202 issue_auth_token_gurl_(GaiaUrls::GetInstance()->issue_auth_token_url()),
203 oauth2_token_gurl_(GaiaUrls::GetInstance()->oauth2_token_url()),
204 oauth2_revoke_gurl_(GaiaUrls::GetInstance()->oauth2_revoke_url()),
205 get_user_info_gurl_(GaiaUrls::GetInstance()->get_user_info_url()),
206 merge_session_gurl_(GaiaUrls::GetInstance()->merge_session_url()),
207 uberauth_token_gurl_(GaiaUrls::GetInstance()->oauth1_login_url().Resolve(
208 base::StringPrintf(kUberAuthTokenURLFormat, source.c_str()))),
209 oauth_login_gurl_(GaiaUrls::GetInstance()->oauth1_login_url()),
210 list_accounts_gurl_(
211 GaiaUrls::GetInstance()->ListAccountsURLWithSource(source)),
212 logout_gurl_(GaiaUrls::GetInstance()->LogOutURLWithSource(source)),
213 get_check_connection_info_url_(
214 GaiaUrls::GetInstance()->GetCheckConnectionInfoURLWithSource(source)),
215 oauth2_iframe_url_(GaiaUrls::GetInstance()->oauth2_iframe_url()),
216 client_login_to_oauth2_gurl_(
217 GaiaUrls::GetInstance()->client_login_to_oauth2_url()),
218 fetch_pending_(false) {
219 }
220
221 GaiaAuthFetcher::~GaiaAuthFetcher() {}
222
223 bool GaiaAuthFetcher::HasPendingFetch() {
224 return fetch_pending_;
225 }
226
227 void GaiaAuthFetcher::CancelRequest() {
228 fetcher_.reset();
229 fetch_pending_ = false;
230 }
231
232 void GaiaAuthFetcher::CreateAndStartGaiaFetcher(const std::string& body,
233 const std::string& headers,
234 const GURL& gaia_gurl,
235 int load_flags) {
236 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
237 fetcher_ = net::URLFetcher::Create(
238 0, gaia_gurl, body.empty() ? net::URLFetcher::GET : net::URLFetcher::POST,
239 this);
240 fetcher_->SetRequestContext(getter_);
241 fetcher_->SetUploadData("application/x-www-form-urlencoded", body);
242
243 DVLOG(2) << "Gaia fetcher URL: " << gaia_gurl.spec();
244 DVLOG(2) << "Gaia fetcher headers: " << headers;
245 DVLOG(2) << "Gaia fetcher body: " << body;
246
247 // The Gaia token exchange requests do not require any cookie-based
248 // identification as part of requests. We suppress sending any cookies to
249 // maintain a separation between the user's browsing and Chrome's internal
250 // services. Where such mixing is desired (MergeSession or OAuthLogin), it
251 // will be done explicitly.
252 fetcher_->SetLoadFlags(load_flags);
253
254 // Fetchers are sometimes cancelled because a network change was detected,
255 // especially at startup and after sign-in on ChromeOS. Retrying once should
256 // be enough in those cases; let the fetcher retry up to 3 times just in case.
257 // http://crbug.com/163710
258 fetcher_->SetAutomaticallyRetryOnNetworkChanges(3);
259
260 if (!headers.empty())
261 fetcher_->SetExtraRequestHeaders(headers);
262
263 fetch_pending_ = true;
264 fetcher_->Start();
265 }
266
267 // static
268 std::string GaiaAuthFetcher::MakeClientLoginBody(
269 const std::string& username,
270 const std::string& password,
271 const std::string& source,
272 const char* service,
273 const std::string& login_token,
274 const std::string& login_captcha,
275 HostedAccountsSetting allow_hosted_accounts) {
276 std::string encoded_username = net::EscapeUrlEncodedData(username, true);
277 std::string encoded_password = net::EscapeUrlEncodedData(password, true);
278 std::string encoded_login_token = net::EscapeUrlEncodedData(login_token,
279 true);
280 std::string encoded_login_captcha = net::EscapeUrlEncodedData(login_captcha,
281 true);
282
283 const char* account_type = allow_hosted_accounts == HostedAccountsAllowed ?
284 kAccountTypeHostedOrGoogle :
285 kAccountTypeGoogle;
286
287 if (login_token.empty() || login_captcha.empty()) {
288 return base::StringPrintf(kClientLoginFormat,
289 encoded_username.c_str(),
290 encoded_password.c_str(),
291 kCookiePersistence,
292 account_type,
293 source.c_str(),
294 service);
295 }
296
297 return base::StringPrintf(kClientLoginCaptchaFormat,
298 encoded_username.c_str(),
299 encoded_password.c_str(),
300 kCookiePersistence,
301 account_type,
302 source.c_str(),
303 service,
304 encoded_login_token.c_str(),
305 encoded_login_captcha.c_str());
306 }
307
308 // static
309 std::string GaiaAuthFetcher::MakeIssueAuthTokenBody(
310 const std::string& sid,
311 const std::string& lsid,
312 const char* const service) {
313 std::string encoded_sid = net::EscapeUrlEncodedData(sid, true);
314 std::string encoded_lsid = net::EscapeUrlEncodedData(lsid, true);
315
316 // All tokens should be session tokens except the gaia auth token.
317 bool session = true;
318 if (!strcmp(service, GaiaConstants::kGaiaService))
319 session = false;
320
321 return base::StringPrintf(kIssueAuthTokenFormat,
322 encoded_sid.c_str(),
323 encoded_lsid.c_str(),
324 service,
325 session ? "true" : "false");
326 }
327
328 // static
329 std::string GaiaAuthFetcher::MakeGetAuthCodeBody(bool include_device_type) {
330 std::string encoded_scope = net::EscapeUrlEncodedData(
331 GaiaConstants::kOAuth1LoginScope, true);
332 std::string encoded_client_id = net::EscapeUrlEncodedData(
333 GaiaUrls::GetInstance()->oauth2_chrome_client_id(), true);
334 if (include_device_type) {
335 return base::StringPrintf(kClientLoginToOAuth2WithDeviceTypeBodyFormat,
336 encoded_scope.c_str(),
337 encoded_client_id.c_str());
338 } else {
339 return base::StringPrintf(kClientLoginToOAuth2BodyFormat,
340 encoded_scope.c_str(),
341 encoded_client_id.c_str());
342 }
343 }
344
345 // static
346 std::string GaiaAuthFetcher::MakeGetTokenPairBody(
347 const std::string& auth_code,
348 const std::string& device_id) {
349 std::string encoded_scope = net::EscapeUrlEncodedData(
350 GaiaConstants::kOAuth1LoginScope, true);
351 std::string encoded_client_id = net::EscapeUrlEncodedData(
352 GaiaUrls::GetInstance()->oauth2_chrome_client_id(), true);
353 std::string encoded_client_secret = net::EscapeUrlEncodedData(
354 GaiaUrls::GetInstance()->oauth2_chrome_client_secret(), true);
355 std::string encoded_auth_code = net::EscapeUrlEncodedData(auth_code, true);
356 std::string body = base::StringPrintf(
357 kOAuth2CodeToTokenPairBodyFormat, encoded_scope.c_str(),
358 encoded_client_id.c_str(), encoded_client_secret.c_str(),
359 encoded_auth_code.c_str());
360 if (!device_id.empty()) {
361 body += "&" + base::StringPrintf(kOAuth2CodeToTokenPairDeviceIdParam,
362 device_id.c_str());
363 }
364 return body;
365 }
366
367 // static
368 std::string GaiaAuthFetcher::MakeRevokeTokenBody(
369 const std::string& auth_token) {
370 return base::StringPrintf(kOAuth2RevokeTokenBodyFormat, auth_token.c_str());
371 }
372
373 // static
374 std::string GaiaAuthFetcher::MakeGetUserInfoBody(const std::string& lsid) {
375 std::string encoded_lsid = net::EscapeUrlEncodedData(lsid, true);
376 return base::StringPrintf(kGetUserInfoFormat, encoded_lsid.c_str());
377 }
378
379 // static
380 std::string GaiaAuthFetcher::MakeMergeSessionBody(
381 const std::string& auth_token,
382 const std::string& external_cc_result,
383 const std::string& continue_url,
384 const std::string& source) {
385 std::string encoded_auth_token = net::EscapeUrlEncodedData(auth_token, true);
386 std::string encoded_continue_url = net::EscapeUrlEncodedData(continue_url,
387 true);
388 std::string encoded_source = net::EscapeUrlEncodedData(source, true);
389 std::string result = base::StringPrintf(kMergeSessionFormat,
390 encoded_auth_token.c_str(),
391 encoded_continue_url.c_str(),
392 encoded_source.c_str());
393 if (!external_cc_result.empty()) {
394 base::StringAppendF(&result, "&externalCcResult=%s",
395 net::EscapeUrlEncodedData(
396 external_cc_result, true).c_str());
397 }
398
399 return result;
400 }
401
402 // static
403 std::string GaiaAuthFetcher::MakeGetAuthCodeHeader(
404 const std::string& auth_token) {
405 return base::StringPrintf(kAuthHeaderFormat, auth_token.c_str());
406 }
407
408 // Helper method that extracts tokens from a successful reply.
409 // static
410 void GaiaAuthFetcher::ParseClientLoginResponse(const std::string& data,
411 std::string* sid,
412 std::string* lsid,
413 std::string* token) {
414 using std::vector;
415 using std::pair;
416 using std::string;
417 sid->clear();
418 lsid->clear();
419 token->clear();
420 base::StringPairs tokens;
421 base::SplitStringIntoKeyValuePairs(data, '=', '\n', &tokens);
422 for (base::StringPairs::iterator i = tokens.begin();
423 i != tokens.end(); ++i) {
424 if (i->first == "SID") {
425 sid->assign(i->second);
426 } else if (i->first == "LSID") {
427 lsid->assign(i->second);
428 } else if (i->first == "Auth") {
429 token->assign(i->second);
430 }
431 }
432 // If this was a request for uberauth token, then that's all we've got in
433 // data.
434 if (sid->empty() && lsid->empty() && token->empty())
435 token->assign(data);
436 }
437
438 // static
439 std::string GaiaAuthFetcher::MakeOAuthLoginBody(const std::string& service,
440 const std::string& source) {
441 std::string encoded_service = net::EscapeUrlEncodedData(service, true);
442 std::string encoded_source = net::EscapeUrlEncodedData(source, true);
443 return base::StringPrintf(kOAuthLoginFormat,
444 encoded_service.c_str(),
445 encoded_source.c_str());
446 }
447
448 // static
449 std::string GaiaAuthFetcher::MakeListIDPSessionsBody(
450 const std::string& scopes,
451 const std::string& domain) {
452 static const char getTokenResponseBodyFormat[] =
453 "action=listSessions&"
454 "client_id=%s&"
455 "origin=%s&"
456 "scope=%s";
457 std::string encoded_client_id = net::EscapeUrlEncodedData(
458 GaiaUrls::GetInstance()->oauth2_chrome_client_id(), true);
459 return base::StringPrintf(getTokenResponseBodyFormat,
460 encoded_client_id.c_str(),
461 domain.c_str(),
462 scopes.c_str());
463 }
464
465 std::string GaiaAuthFetcher::MakeGetTokenResponseBody(
466 const std::string& scopes,
467 const std::string& domain,
468 const std::string& login_hint) {
469 static const char getTokenResponseBodyFormat[] =
470 "action=issueToken&"
471 "client_id=%s&"
472 "login_hint=%s&"
473 "origin=%s&"
474 "response_type=token&"
475 "scope=%s";
476 std::string encoded_client_id = net::EscapeUrlEncodedData(
477 GaiaUrls::GetInstance()->oauth2_chrome_client_id(), true);
478 return base::StringPrintf(getTokenResponseBodyFormat,
479 encoded_client_id.c_str(),
480 login_hint.c_str(),
481 domain.c_str(),
482 scopes.c_str());
483 }
484
485 // static
486 void GaiaAuthFetcher::ParseClientLoginFailure(const std::string& data,
487 std::string* error,
488 std::string* error_url,
489 std::string* captcha_url,
490 std::string* captcha_token) {
491 using std::vector;
492 using std::pair;
493 using std::string;
494
495 base::StringPairs tokens;
496 base::SplitStringIntoKeyValuePairs(data, '=', '\n', &tokens);
497 for (base::StringPairs::iterator i = tokens.begin();
498 i != tokens.end(); ++i) {
499 if (i->first == kErrorParam) {
500 error->assign(i->second);
501 } else if (i->first == kErrorUrlParam) {
502 error_url->assign(i->second);
503 } else if (i->first == kCaptchaUrlParam) {
504 captcha_url->assign(i->second);
505 } else if (i->first == kCaptchaTokenParam) {
506 captcha_token->assign(i->second);
507 }
508 }
509 }
510
511 // static
512 bool GaiaAuthFetcher::ParseClientLoginToOAuth2Response(
513 const net::ResponseCookies& cookies,
514 std::string* auth_code) {
515 DCHECK(auth_code);
516 net::ResponseCookies::const_iterator iter;
517 for (iter = cookies.begin(); iter != cookies.end(); ++iter) {
518 if (ParseClientLoginToOAuth2Cookie(*iter, auth_code))
519 return true;
520 }
521 return false;
522 }
523
524 // static
525 bool GaiaAuthFetcher::ParseClientLoginToOAuth2Cookie(const std::string& cookie,
526 std::string* auth_code) {
527 std::vector<std::string> parts;
528 base::SplitString(cookie, ';', &parts);
529 // Per documentation, the cookie should have Secure and HttpOnly.
530 if (!CookiePartsContains(parts, kClientLoginToOAuth2CookiePartSecure) ||
531 !CookiePartsContains(parts, kClientLoginToOAuth2CookiePartHttpOnly)) {
532 return false;
533 }
534
535 std::vector<std::string>::const_iterator iter;
536 for (iter = parts.begin(); iter != parts.end(); ++iter) {
537 const std::string& part = *iter;
538 if (StartsWithASCII(
539 part, kClientLoginToOAuth2CookiePartCodePrefix, false)) {
540 auth_code->assign(part.substr(
541 kClientLoginToOAuth2CookiePartCodePrefixLength));
542 return true;
543 }
544 }
545 return false;
546 }
547
548 // static
549 bool GaiaAuthFetcher::ParseListIdpSessionsResponse(const std::string& data,
550 std::string* login_hint) {
551 DCHECK(login_hint);
552
553 scoped_ptr<base::Value> value = base::JSONReader::Read(data);
554 if (!value.get() || value->GetType() != base::Value::TYPE_DICTIONARY)
555 return false;
556
557 base::DictionaryValue* dict =
558 static_cast<base::DictionaryValue*>(value.get());
559
560 base::ListValue* sessionsList;
561 if (!dict->GetList("sessions", &sessionsList))
562 return false;
563
564 // Find the first login_hint present in any session.
565 for (base::ListValue::iterator iter = sessionsList->begin();
566 iter != sessionsList->end();
567 iter++) {
568 base::DictionaryValue* sessionDictionary;
569 if (!(*iter)->GetAsDictionary(&sessionDictionary))
570 continue;
571
572 if (sessionDictionary->GetString("login_hint", login_hint))
573 break;
574 }
575
576 if (login_hint->empty())
577 return false;
578 return true;
579 }
580
581 void GaiaAuthFetcher::StartClientLogin(
582 const std::string& username,
583 const std::string& password,
584 const char* const service,
585 const std::string& login_token,
586 const std::string& login_captcha,
587 HostedAccountsSetting allow_hosted_accounts) {
588
589 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
590
591 // This class is thread agnostic, so be sure to call this only on the
592 // same thread each time.
593 DVLOG(1) << "Starting new ClientLogin fetch for:" << username;
594
595 // Must outlive fetcher_.
596 request_body_ = MakeClientLoginBody(username,
597 password,
598 source_,
599 service,
600 login_token,
601 login_captcha,
602 allow_hosted_accounts);
603 CreateAndStartGaiaFetcher(request_body_, std::string(), client_login_gurl_,
604 kLoadFlagsIgnoreCookies);
605 }
606
607 void GaiaAuthFetcher::StartIssueAuthToken(const std::string& sid,
608 const std::string& lsid,
609 const char* const service) {
610 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
611
612 DVLOG(1) << "Starting IssueAuthToken for: " << service;
613 requested_service_ = service;
614 request_body_ = MakeIssueAuthTokenBody(sid, lsid, service);
615 CreateAndStartGaiaFetcher(request_body_, std::string(),
616 issue_auth_token_gurl_, kLoadFlagsIgnoreCookies);
617 }
618
619 void GaiaAuthFetcher::StartLsoForOAuthLoginTokenExchange(
620 const std::string& auth_token) {
621 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
622
623 DVLOG(1) << "Starting OAuth login token exchange with auth_token";
624 request_body_ = MakeGetAuthCodeBody(false);
625 client_login_to_oauth2_gurl_ =
626 GaiaUrls::GetInstance()->client_login_to_oauth2_url();
627
628 CreateAndStartGaiaFetcher(request_body_, MakeGetAuthCodeHeader(auth_token),
629 client_login_to_oauth2_gurl_,
630 kLoadFlagsIgnoreCookies);
631 }
632
633 void GaiaAuthFetcher::StartRevokeOAuth2Token(const std::string& auth_token) {
634 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
635
636 DVLOG(1) << "Starting OAuth2 token revocation";
637 request_body_ = MakeRevokeTokenBody(auth_token);
638 CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_revoke_gurl_,
639 kLoadFlagsIgnoreCookies);
640 }
641
642 void GaiaAuthFetcher::StartCookieForOAuthLoginTokenExchange(
643 const std::string& session_index) {
644 StartCookieForOAuthLoginTokenExchangeWithDeviceId(session_index,
645 std::string());
646 }
647
648 void GaiaAuthFetcher::StartCookieForOAuthLoginTokenExchangeWithDeviceId(
649 const std::string& session_index,
650 const std::string& device_id) {
651 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
652
653 DVLOG(1) << "Starting OAuth login token fetch with cookie jar";
654 request_body_ = MakeGetAuthCodeBody(!device_id.empty());
655
656 client_login_to_oauth2_gurl_ =
657 GaiaUrls::GetInstance()->client_login_to_oauth2_url();
658 if (!session_index.empty()) {
659 client_login_to_oauth2_gurl_ =
660 client_login_to_oauth2_gurl_.Resolve("?authuser=" + session_index);
661 }
662
663 std::string device_id_header;
664 if (!device_id.empty()) {
665 device_id_header =
666 base::StringPrintf(kDeviceIdHeaderFormat, device_id.c_str());
667 }
668
669 CreateAndStartGaiaFetcher(request_body_, device_id_header,
670 client_login_to_oauth2_gurl_, net::LOAD_NORMAL);
671 }
672
673 void GaiaAuthFetcher::StartAuthCodeForOAuth2TokenExchange(
674 const std::string& auth_code) {
675 StartAuthCodeForOAuth2TokenExchangeWithDeviceId(auth_code, std::string());
676 }
677
678 void GaiaAuthFetcher::StartAuthCodeForOAuth2TokenExchangeWithDeviceId(
679 const std::string& auth_code,
680 const std::string& device_id) {
681 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
682
683 DVLOG(1) << "Starting OAuth token pair fetch";
684 request_body_ = MakeGetTokenPairBody(auth_code, device_id);
685 CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_token_gurl_,
686 kLoadFlagsIgnoreCookies);
687 }
688
689 void GaiaAuthFetcher::StartGetUserInfo(const std::string& lsid) {
690 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
691
692 DVLOG(1) << "Starting GetUserInfo for lsid=" << lsid;
693 request_body_ = MakeGetUserInfoBody(lsid);
694 CreateAndStartGaiaFetcher(request_body_, std::string(), get_user_info_gurl_,
695 kLoadFlagsIgnoreCookies);
696 }
697
698 void GaiaAuthFetcher::StartMergeSession(const std::string& uber_token,
699 const std::string& external_cc_result) {
700 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
701
702 DVLOG(1) << "Starting MergeSession with uber_token=" << uber_token;
703
704 // The continue URL is a required parameter of the MergeSession API, but in
705 // this case we don't actually need or want to navigate to it. Setting it to
706 // an arbitrary Google URL.
707 //
708 // In order for the new session to be merged correctly, the server needs to
709 // know what sessions already exist in the browser. The fetcher needs to be
710 // created such that it sends the cookies with the request, which is
711 // different from all other requests the fetcher can make.
712 std::string continue_url("http://www.google.com");
713 request_body_ = MakeMergeSessionBody(uber_token, external_cc_result,
714 continue_url, source_);
715 CreateAndStartGaiaFetcher(request_body_, std::string(), merge_session_gurl_,
716 net::LOAD_NORMAL);
717 }
718
719 void GaiaAuthFetcher::StartTokenFetchForUberAuthExchange(
720 const std::string& access_token) {
721 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
722
723 DVLOG(1) << "Starting StartTokenFetchForUberAuthExchange with access_token="
724 << access_token;
725 std::string authentication_header =
726 base::StringPrintf(kOAuthHeaderFormat, access_token.c_str());
727 CreateAndStartGaiaFetcher(std::string(), authentication_header,
728 uberauth_token_gurl_, net::LOAD_NORMAL);
729 }
730
731 void GaiaAuthFetcher::StartOAuthLogin(const std::string& access_token,
732 const std::string& service) {
733 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
734
735 request_body_ = MakeOAuthLoginBody(service, source_);
736 std::string authentication_header =
737 base::StringPrintf(kOAuth2BearerHeaderFormat, access_token.c_str());
738 CreateAndStartGaiaFetcher(request_body_, authentication_header,
739 oauth_login_gurl_, net::LOAD_NORMAL);
740 }
741
742 void GaiaAuthFetcher::StartListAccounts() {
743 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
744
745 CreateAndStartGaiaFetcher(" ", // To force an HTTP POST.
746 "Origin: https://www.google.com",
747 list_accounts_gurl_, net::LOAD_NORMAL);
748 }
749
750 void GaiaAuthFetcher::StartLogOut() {
751 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
752
753 CreateAndStartGaiaFetcher(std::string(), std::string(), logout_gurl_,
754 net::LOAD_NORMAL);
755 }
756
757 void GaiaAuthFetcher::StartGetCheckConnectionInfo() {
758 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
759
760 CreateAndStartGaiaFetcher(std::string(), std::string(),
761 get_check_connection_info_url_,
762 kLoadFlagsIgnoreCookies);
763 }
764
765 void GaiaAuthFetcher::StartListIDPSessions(const std::string& scopes,
766 const std::string& domain) {
767 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
768
769 request_body_ = MakeListIDPSessionsBody(scopes, domain);
770 requested_service_ = kListIdpServiceRequested;
771 CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_iframe_url_,
772 net::LOAD_NORMAL);
773 }
774
775 void GaiaAuthFetcher::StartGetTokenResponse(const std::string& scopes,
776 const std::string& domain,
777 const std::string& login_hint) {
778 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
779
780 request_body_ = MakeGetTokenResponseBody(scopes, domain, login_hint);
781 requested_service_ = kGetTokenResponseRequested;
782 CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_iframe_url_,
783 net::LOAD_NORMAL);
784 }
785
786 // static
787 GoogleServiceAuthError GaiaAuthFetcher::GenerateAuthError(
788 const std::string& data,
789 const net::URLRequestStatus& status) {
790 if (!status.is_success()) {
791 if (status.status() == net::URLRequestStatus::CANCELED) {
792 return GoogleServiceAuthError(GoogleServiceAuthError::REQUEST_CANCELED);
793 }
794 DLOG(WARNING) << "Could not reach Google Accounts servers: errno "
795 << status.error();
796 return GoogleServiceAuthError::FromConnectionError(status.error());
797 }
798
799 if (IsSecondFactorSuccess(data))
800 return GoogleServiceAuthError(GoogleServiceAuthError::TWO_FACTOR);
801
802 if (IsWebLoginRequiredSuccess(data))
803 return GoogleServiceAuthError(GoogleServiceAuthError::WEB_LOGIN_REQUIRED);
804
805 std::string error;
806 std::string url;
807 std::string captcha_url;
808 std::string captcha_token;
809 ParseClientLoginFailure(data, &error, &url, &captcha_url, &captcha_token);
810 DLOG(WARNING) << "ClientLogin failed with " << error;
811
812 if (error == kCaptchaError) {
813 return GoogleServiceAuthError::FromClientLoginCaptchaChallenge(
814 captcha_token,
815 GURL(GaiaUrls::GetInstance()->captcha_base_url().Resolve(captcha_url)),
816 GURL(url));
817 }
818 if (error == kAccountDeletedError)
819 return GoogleServiceAuthError(GoogleServiceAuthError::ACCOUNT_DELETED);
820 if (error == kAccountDisabledError)
821 return GoogleServiceAuthError(GoogleServiceAuthError::ACCOUNT_DISABLED);
822 if (error == kBadAuthenticationError) {
823 return GoogleServiceAuthError(
824 GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);
825 }
826 if (error == kServiceUnavailableError) {
827 return GoogleServiceAuthError(
828 GoogleServiceAuthError::SERVICE_UNAVAILABLE);
829 }
830
831 DLOG(WARNING) << "Incomprehensible response from Google Accounts servers.";
832 return GoogleServiceAuthError(GoogleServiceAuthError::SERVICE_UNAVAILABLE);
833 }
834
835 void GaiaAuthFetcher::OnClientLoginFetched(const std::string& data,
836 const net::URLRequestStatus& status,
837 int response_code) {
838 if (status.is_success() && response_code == net::HTTP_OK) {
839 DVLOG(1) << "ClientLogin successful!";
840 std::string sid;
841 std::string lsid;
842 std::string token;
843 ParseClientLoginResponse(data, &sid, &lsid, &token);
844 consumer_->OnClientLoginSuccess(
845 GaiaAuthConsumer::ClientLoginResult(sid, lsid, token, data));
846 } else {
847 consumer_->OnClientLoginFailure(GenerateAuthError(data, status));
848 }
849 }
850
851 void GaiaAuthFetcher::OnIssueAuthTokenFetched(
852 const std::string& data,
853 const net::URLRequestStatus& status,
854 int response_code) {
855 if (status.is_success() && response_code == net::HTTP_OK) {
856 // Only the bare token is returned in the body of this Gaia call
857 // without any padding.
858 consumer_->OnIssueAuthTokenSuccess(requested_service_, data);
859 } else {
860 consumer_->OnIssueAuthTokenFailure(requested_service_,
861 GenerateAuthError(data, status));
862 }
863 }
864
865 void GaiaAuthFetcher::OnClientLoginToOAuth2Fetched(
866 const std::string& data,
867 const net::ResponseCookies& cookies,
868 const net::URLRequestStatus& status,
869 int response_code) {
870 if (status.is_success() && response_code == net::HTTP_OK) {
871 std::string auth_code;
872 if (ParseClientLoginToOAuth2Response(cookies, &auth_code)) {
873 StartAuthCodeForOAuth2TokenExchange(auth_code);
874 } else {
875 GoogleServiceAuthError auth_error(
876 GoogleServiceAuthError::FromUnexpectedServiceResponse(
877 "ClientLogin response cookies didn't contain an auth code"));
878 consumer_->OnClientOAuthFailure(auth_error);
879 }
880 } else {
881 GoogleServiceAuthError auth_error(GenerateAuthError(data, status));
882 consumer_->OnClientOAuthFailure(auth_error);
883 }
884 }
885
886 void GaiaAuthFetcher::OnOAuth2TokenPairFetched(
887 const std::string& data,
888 const net::URLRequestStatus& status,
889 int response_code) {
890 std::string refresh_token;
891 std::string access_token;
892 int expires_in_secs = 0;
893
894 bool success = false;
895 if (status.is_success() && response_code == net::HTTP_OK) {
896 success = ExtractOAuth2TokenPairResponse(data, &refresh_token,
897 &access_token, &expires_in_secs);
898 }
899
900 if (success) {
901 consumer_->OnClientOAuthSuccess(
902 GaiaAuthConsumer::ClientOAuthResult(refresh_token, access_token,
903 expires_in_secs));
904 } else {
905 consumer_->OnClientOAuthFailure(GenerateAuthError(data, status));
906 }
907 }
908
909 void GaiaAuthFetcher::OnOAuth2RevokeTokenFetched(
910 const std::string& data,
911 const net::URLRequestStatus& status,
912 int response_code) {
913 consumer_->OnOAuth2RevokeTokenCompleted();
914 }
915
916 void GaiaAuthFetcher::OnListAccountsFetched(const std::string& data,
917 const net::URLRequestStatus& status,
918 int response_code) {
919 if (status.is_success() && response_code == net::HTTP_OK) {
920 consumer_->OnListAccountsSuccess(data);
921 } else {
922 consumer_->OnListAccountsFailure(GenerateAuthError(data, status));
923 }
924 }
925
926 void GaiaAuthFetcher::OnLogOutFetched(const std::string& data,
927 const net::URLRequestStatus& status,
928 int response_code) {
929 if (status.is_success() && response_code == net::HTTP_OK) {
930 consumer_->OnLogOutSuccess();
931 } else {
932 consumer_->OnLogOutFailure(GenerateAuthError(data, status));
933 }
934 }
935
936 void GaiaAuthFetcher::OnGetUserInfoFetched(
937 const std::string& data,
938 const net::URLRequestStatus& status,
939 int response_code) {
940 if (status.is_success() && response_code == net::HTTP_OK) {
941 base::StringPairs tokens;
942 UserInfoMap matches;
943 base::SplitStringIntoKeyValuePairs(data, '=', '\n', &tokens);
944 base::StringPairs::iterator i;
945 for (i = tokens.begin(); i != tokens.end(); ++i) {
946 matches[i->first] = i->second;
947 }
948 consumer_->OnGetUserInfoSuccess(matches);
949 } else {
950 consumer_->OnGetUserInfoFailure(GenerateAuthError(data, status));
951 }
952 }
953
954 void GaiaAuthFetcher::OnMergeSessionFetched(const std::string& data,
955 const net::URLRequestStatus& status,
956 int response_code) {
957 if (status.is_success() && response_code == net::HTTP_OK) {
958 consumer_->OnMergeSessionSuccess(data);
959 } else {
960 consumer_->OnMergeSessionFailure(GenerateAuthError(data, status));
961 }
962 }
963
964 void GaiaAuthFetcher::OnUberAuthTokenFetch(const std::string& data,
965 const net::URLRequestStatus& status,
966 int response_code) {
967 if (status.is_success() && response_code == net::HTTP_OK) {
968 consumer_->OnUberAuthTokenSuccess(data);
969 } else {
970 consumer_->OnUberAuthTokenFailure(GenerateAuthError(data, status));
971 }
972 }
973
974 void GaiaAuthFetcher::OnOAuthLoginFetched(const std::string& data,
975 const net::URLRequestStatus& status,
976 int response_code) {
977 if (status.is_success() && response_code == net::HTTP_OK) {
978 DVLOG(1) << "ClientLogin successful!";
979 std::string sid;
980 std::string lsid;
981 std::string token;
982 ParseClientLoginResponse(data, &sid, &lsid, &token);
983 consumer_->OnClientLoginSuccess(
984 GaiaAuthConsumer::ClientLoginResult(sid, lsid, token, data));
985 } else {
986 consumer_->OnClientLoginFailure(GenerateAuthError(data, status));
987 }
988 }
989
990 void GaiaAuthFetcher::OnGetCheckConnectionInfoFetched(
991 const std::string& data,
992 const net::URLRequestStatus& status,
993 int response_code) {
994 if (status.is_success() && response_code == net::HTTP_OK) {
995 consumer_->OnGetCheckConnectionInfoSuccess(data);
996 } else {
997 consumer_->OnGetCheckConnectionInfoError(GenerateAuthError(data, status));
998 }
999 }
1000
1001 void GaiaAuthFetcher::OnListIdpSessionsFetched(
1002 const std::string& data,
1003 const net::URLRequestStatus& status,
1004 int response_code) {
1005 if (status.is_success() && response_code == net::HTTP_OK) {
1006 DVLOG(1) << "ListIdpSessions successful!";
1007 std::string login_hint;
1008 if (ParseListIdpSessionsResponse(data, &login_hint)) {
1009 consumer_->OnListIdpSessionsSuccess(login_hint);
1010 } else {
1011 GoogleServiceAuthError auth_error(
1012 GoogleServiceAuthError::FromUnexpectedServiceResponse(
1013 "List Sessions response didn't contain a login_hint."));
1014 consumer_->OnListIdpSessionsError(auth_error);
1015 }
1016 } else {
1017 consumer_->OnListIdpSessionsError(GenerateAuthError(data, status));
1018 }
1019 }
1020
1021 void GaiaAuthFetcher::OnGetTokenResponseFetched(
1022 const std::string& data,
1023 const net::URLRequestStatus& status,
1024 int response_code) {
1025 std::string access_token;
1026 int expires_in_secs = 0;
1027 bool success = false;
1028 if (status.is_success() && response_code == net::HTTP_OK) {
1029 DVLOG(1) << "GetTokenResponse successful!";
1030 success = ExtractOAuth2TokenPairResponse(data, NULL,
1031 &access_token, &expires_in_secs);
1032 }
1033
1034 if (success) {
1035 consumer_->OnGetTokenResponseSuccess(
1036 GaiaAuthConsumer::ClientOAuthResult(std::string(), access_token,
1037 expires_in_secs));
1038 } else {
1039 consumer_->OnGetTokenResponseError(GenerateAuthError(data, status));
1040 }
1041 }
1042
1043 void GaiaAuthFetcher::OnURLFetchComplete(const net::URLFetcher* source) {
1044 fetch_pending_ = false;
1045 // Some of the GAIA requests perform redirects, which results in the final
1046 // URL of the fetcher not being the original URL requested. Therefore use
1047 // the original URL when determining which OnXXX function to call.
1048 const GURL& url = source->GetOriginalURL();
1049 const net::URLRequestStatus& status = source->GetStatus();
1050 int response_code = source->GetResponseCode();
1051 std::string data;
1052 source->GetResponseAsString(&data);
1053
1054 // Retrieve the response headers from the request. Must only be called after
1055 // the OnURLFetchComplete callback has run.
1056 #ifndef NDEBUG
1057 std::string headers;
1058 if (source->GetResponseHeaders())
1059 source->GetResponseHeaders()->GetNormalizedHeaders(&headers);
1060 DVLOG(2) << "Response " << url.spec() << ", code = " << response_code << "\n"
1061 << headers << "\n";
1062 DVLOG(2) << "data: " << data << "\n";
1063 #endif
1064
1065 DispatchFetchedRequest(url, data, source->GetCookies(), status,
1066 response_code);
1067 }
1068
1069 void GaiaAuthFetcher::DispatchFetchedRequest(
1070 const GURL& url,
1071 const std::string& data,
1072 const net::ResponseCookies& cookies,
1073 const net::URLRequestStatus& status,
1074 int response_code) {
1075 if (url == client_login_gurl_) {
1076 OnClientLoginFetched(data, status, response_code);
1077 } else if (url == issue_auth_token_gurl_) {
1078 OnIssueAuthTokenFetched(data, status, response_code);
1079 } else if (url == client_login_to_oauth2_gurl_) {
1080 OnClientLoginToOAuth2Fetched(data, cookies, status, response_code);
1081 } else if (url == oauth2_token_gurl_) {
1082 OnOAuth2TokenPairFetched(data, status, response_code);
1083 } else if (url == get_user_info_gurl_) {
1084 OnGetUserInfoFetched(data, status, response_code);
1085 } else if (url == merge_session_gurl_) {
1086 OnMergeSessionFetched(data, status, response_code);
1087 } else if (url == uberauth_token_gurl_) {
1088 OnUberAuthTokenFetch(data, status, response_code);
1089 } else if (url == oauth_login_gurl_) {
1090 OnOAuthLoginFetched(data, status, response_code);
1091 } else if (url == oauth2_revoke_gurl_) {
1092 OnOAuth2RevokeTokenFetched(data, status, response_code);
1093 } else if (url == list_accounts_gurl_) {
1094 OnListAccountsFetched(data, status, response_code);
1095 } else if (url == logout_gurl_) {
1096 OnLogOutFetched(data, status, response_code);
1097 } else if (url == get_check_connection_info_url_) {
1098 OnGetCheckConnectionInfoFetched(data, status, response_code);
1099 } else if (url == oauth2_iframe_url_) {
1100 if (requested_service_ == kListIdpServiceRequested)
1101 OnListIdpSessionsFetched(data, status, response_code);
1102 else if (requested_service_ == kGetTokenResponseRequested)
1103 OnGetTokenResponseFetched(data, status, response_code);
1104 else
1105 NOTREACHED();
1106 } else {
1107 NOTREACHED();
1108 }
1109 }
1110
1111 // static
1112 bool GaiaAuthFetcher::IsSecondFactorSuccess(
1113 const std::string& alleged_error) {
1114 return alleged_error.find(kSecondFactor) !=
1115 std::string::npos;
1116 }
1117
1118 // static
1119 bool GaiaAuthFetcher::IsWebLoginRequiredSuccess(
1120 const std::string& alleged_error) {
1121 return alleged_error.find(kWebLoginRequired) !=
1122 std::string::npos;
1123 }