search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
media: Update MediaCodecBridge to use the new log.
[chromium-blink-merge.git] / google_apis / gaia / gaia_auth_fetcher.cc
blobb19e5f495e8c6d0629b99be4f39218ba85d66ef8
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "google_apis/gaia/gaia_auth_fetcher.h"
6
7 #include <string>
8 #include <utility>
9 #include <vector>
10
11 #include "base/json/json_reader.h"
12 #include "base/json/json_writer.h"
13 #include "base/profiler/scoped_tracker.h"
14 #include "base/strings/string_split.h"
15 #include "base/strings/string_util.h"
16 #include "base/strings/stringprintf.h"
17 #include "base/values.h"
18 #include "google_apis/gaia/gaia_auth_consumer.h"
19 #include "google_apis/gaia/gaia_constants.h"
20 #include "google_apis/gaia/gaia_urls.h"
21 #include "google_apis/gaia/google_service_auth_error.h"
22 #include "net/base/escape.h"
23 #include "net/base/load_flags.h"
24 #include "net/http/http_response_headers.h"
25 #include "net/http/http_status_code.h"
26 #include "net/url_request/url_fetcher.h"
27 #include "net/url_request/url_request_context_getter.h"
28 #include "net/url_request/url_request_status.h"
29
30 namespace {
31 const int kLoadFlagsIgnoreCookies = net::LOAD_DO_NOT_SEND_COOKIES |
32 net::LOAD_DO_NOT_SAVE_COOKIES;
33
34 static bool CookiePartsContains(const std::vector<std::string>& parts,
35 const char* part) {
36 for (std::vector<std::string>::const_iterator it = parts.begin();
37 it != parts.end(); ++it) {
38 if (LowerCaseEqualsASCII(*it, part))
39 return true;
40 }
41 return false;
42 }
43
44 // From the JSON string |data|, extract the |access_token| and |expires_in_secs|
45 // both of which must exist. If the |refresh_token| is non-NULL, then it also
46 // must exist and is extraced; if it's NULL, then no extraction is attempted.
47 bool ExtractOAuth2TokenPairResponse(const std::string& data,
48 std::string* refresh_token,
49 std::string* access_token,
50 int* expires_in_secs) {
51 DCHECK(access_token);
52 DCHECK(expires_in_secs);
53
54 scoped_ptr<base::Value> value(base::JSONReader::Read(data));
55 if (!value.get() || value->GetType() != base::Value::TYPE_DICTIONARY)
56 return false;
57
58 base::DictionaryValue* dict =
59 static_cast<base::DictionaryValue*>(value.get());
60
61 if (!dict->GetStringWithoutPathExpansion("access_token", access_token) ||
62 !dict->GetIntegerWithoutPathExpansion("expires_in", expires_in_secs)) {
63 return false;
64 }
65
66 // Refresh token may not be required.
67 if (refresh_token) {
68 if (!dict->GetStringWithoutPathExpansion("refresh_token", refresh_token))
69 return false;
70 }
71 return true;
72 }
73
74 const char kListIdpServiceRequested[] = "list_idp";
75 const char kGetTokenResponseRequested[] = "get_token";
76
77 } // namespace
78
79 // TODO(chron): Add sourceless version of this formatter.
80 // static
81 const char GaiaAuthFetcher::kClientLoginFormat[] =
82 "Email=%s&"
83 "Passwd=%s&"
84 "PersistentCookie=%s&"
85 "accountType=%s&"
86 "source=%s&"
87 "service=%s";
88 // static
89 const char GaiaAuthFetcher::kClientLoginCaptchaFormat[] =
90 "Email=%s&"
91 "Passwd=%s&"
92 "PersistentCookie=%s&"
93 "accountType=%s&"
94 "source=%s&"
95 "service=%s&"
96 "logintoken=%s&"
97 "logincaptcha=%s";
98 // static
99 const char GaiaAuthFetcher::kIssueAuthTokenFormat[] =
100 "SID=%s&"
101 "LSID=%s&"
102 "service=%s&"
103 "Session=%s";
104 // static
105 const char GaiaAuthFetcher::kClientLoginToOAuth2BodyFormat[] =
106 "scope=%s&client_id=%s";
107 // static
108 const char GaiaAuthFetcher::kClientLoginToOAuth2WithDeviceTypeBodyFormat[] =
109 "scope=%s&client_id=%s&device_type=chrome";
110 // static
111 const char GaiaAuthFetcher::kOAuth2CodeToTokenPairBodyFormat[] =
112 "scope=%s&"
113 "grant_type=authorization_code&"
114 "client_id=%s&"
115 "client_secret=%s&"
116 "code=%s";
117 // static
118 const char GaiaAuthFetcher::kOAuth2CodeToTokenPairDeviceIdParam[] =
119 "device_id=%s&device_type=chrome";
120 // static
121 const char GaiaAuthFetcher::kOAuth2RevokeTokenBodyFormat[] =
122 "token=%s";
123 // static
124 const char GaiaAuthFetcher::kGetUserInfoFormat[] =
125 "LSID=%s";
126 // static
127 const char GaiaAuthFetcher::kMergeSessionFormat[] =
128 "uberauth=%s&"
129 "continue=%s&"
130 "source=%s";
131 // static
132 const char GaiaAuthFetcher::kUberAuthTokenURLFormat[] =
133 "?source=%s&"
134 "issueuberauth=1";
135
136 const char GaiaAuthFetcher::kOAuthLoginFormat[] = "service=%s&source=%s";
137
138 // static
139 const char GaiaAuthFetcher::kAccountDeletedError[] = "AccountDeleted";
140 // static
141 const char GaiaAuthFetcher::kAccountDisabledError[] = "AccountDisabled";
142 // static
143 const char GaiaAuthFetcher::kBadAuthenticationError[] = "BadAuthentication";
144 // static
145 const char GaiaAuthFetcher::kCaptchaError[] = "CaptchaRequired";
146 // static
147 const char GaiaAuthFetcher::kServiceUnavailableError[] =
148 "ServiceUnavailable";
149 // static
150 const char GaiaAuthFetcher::kErrorParam[] = "Error";
151 // static
152 const char GaiaAuthFetcher::kErrorUrlParam[] = "Url";
153 // static
154 const char GaiaAuthFetcher::kCaptchaUrlParam[] = "CaptchaUrl";
155 // static
156 const char GaiaAuthFetcher::kCaptchaTokenParam[] = "CaptchaToken";
157
158 // static
159 const char GaiaAuthFetcher::kCookiePersistence[] = "true";
160 // static
161 // TODO(johnnyg): When hosted accounts are supported by sync,
162 // we can always use "HOSTED_OR_GOOGLE"
163 const char GaiaAuthFetcher::kAccountTypeHostedOrGoogle[] =
164 "HOSTED_OR_GOOGLE";
165 const char GaiaAuthFetcher::kAccountTypeGoogle[] =
166 "GOOGLE";
167
168 // static
169 const char GaiaAuthFetcher::kSecondFactor[] = "Info=InvalidSecondFactor";
170 // static
171 const char GaiaAuthFetcher::kWebLoginRequired[] = "Info=WebLoginRequired";
172
173 // static
174 const char GaiaAuthFetcher::kAuthHeaderFormat[] =
175 "Authorization: GoogleLogin auth=%s";
176 // static
177 const char GaiaAuthFetcher::kOAuthHeaderFormat[] = "Authorization: OAuth %s";
178 // static
179 const char GaiaAuthFetcher::kOAuth2BearerHeaderFormat[] =
180 "Authorization: Bearer %s";
181 // static
182 const char GaiaAuthFetcher::kDeviceIdHeaderFormat[] = "X-Device-ID: %s";
183 // static
184 const char GaiaAuthFetcher::kClientLoginToOAuth2CookiePartSecure[] = "secure";
185 // static
186 const char GaiaAuthFetcher::kClientLoginToOAuth2CookiePartHttpOnly[] =
187 "httponly";
188 // static
189 const char GaiaAuthFetcher::kClientLoginToOAuth2CookiePartCodePrefix[] =
190 "oauth_code=";
191 // static
192 const int GaiaAuthFetcher::kClientLoginToOAuth2CookiePartCodePrefixLength =
193 arraysize(GaiaAuthFetcher::kClientLoginToOAuth2CookiePartCodePrefix) - 1;
194
195 GaiaAuthFetcher::GaiaAuthFetcher(GaiaAuthConsumer* consumer,
196 const std::string& source,
197 net::URLRequestContextGetter* getter)
198 : consumer_(consumer),
199 getter_(getter),
200 source_(source),
201 client_login_gurl_(GaiaUrls::GetInstance()->client_login_url()),
202 issue_auth_token_gurl_(GaiaUrls::GetInstance()->issue_auth_token_url()),
203 oauth2_token_gurl_(GaiaUrls::GetInstance()->oauth2_token_url()),
204 oauth2_revoke_gurl_(GaiaUrls::GetInstance()->oauth2_revoke_url()),
205 get_user_info_gurl_(GaiaUrls::GetInstance()->get_user_info_url()),
206 merge_session_gurl_(GaiaUrls::GetInstance()->merge_session_url()),
207 uberauth_token_gurl_(GaiaUrls::GetInstance()->oauth1_login_url().Resolve(
208 base::StringPrintf(kUberAuthTokenURLFormat, source.c_str()))),
209 oauth_login_gurl_(GaiaUrls::GetInstance()->oauth1_login_url()),
210 list_accounts_gurl_(
211 GaiaUrls::GetInstance()->ListAccountsURLWithSource(source)),
212 get_check_connection_info_url_(
213 GaiaUrls::GetInstance()->GetCheckConnectionInfoURLWithSource(source)),
214 oauth2_iframe_url_(GaiaUrls::GetInstance()->oauth2_iframe_url()),
215 client_login_to_oauth2_gurl_(
216 GaiaUrls::GetInstance()->client_login_to_oauth2_url()),
217 fetch_pending_(false) {}
218
219 GaiaAuthFetcher::~GaiaAuthFetcher() {}
220
221 bool GaiaAuthFetcher::HasPendingFetch() {
222 return fetch_pending_;
223 }
224
225 void GaiaAuthFetcher::CancelRequest() {
226 fetcher_.reset();
227 fetch_pending_ = false;
228 }
229
230 // static
231 scoped_ptr<net::URLFetcher> GaiaAuthFetcher::CreateGaiaFetcher(
232 net::URLRequestContextGetter* getter,
233 const std::string& body,
234 const std::string& headers,
235 const GURL& gaia_gurl,
236 int load_flags,
237 net::URLFetcherDelegate* delegate) {
238 scoped_ptr<net::URLFetcher> to_return = net::URLFetcher::Create(
239 0, gaia_gurl, body.empty() ? net::URLFetcher::GET : net::URLFetcher::POST,
240 delegate);
241 to_return->SetRequestContext(getter);
242 to_return->SetUploadData("application/x-www-form-urlencoded", body);
243
244 DVLOG(2) << "Gaia fetcher URL: " << gaia_gurl.spec();
245 DVLOG(2) << "Gaia fetcher headers: " << headers;
246 DVLOG(2) << "Gaia fetcher body: " << body;
247
248 // The Gaia token exchange requests do not require any cookie-based
249 // identification as part of requests. We suppress sending any cookies to
250 // maintain a separation between the user's browsing and Chrome's internal
251 // services. Where such mixing is desired (MergeSession or OAuthLogin), it
252 // will be done explicitly.
253 to_return->SetLoadFlags(load_flags);
254
255 // Fetchers are sometimes cancelled because a network change was detected,
256 // especially at startup and after sign-in on ChromeOS. Retrying once should
257 // be enough in those cases; let the fetcher retry up to 3 times just in case.
258 // http://crbug.com/163710
259 to_return->SetAutomaticallyRetryOnNetworkChanges(3);
260
261 if (!headers.empty())
262 to_return->SetExtraRequestHeaders(headers);
263
264 return to_return;
265 }
266
267 // static
268 std::string GaiaAuthFetcher::MakeClientLoginBody(
269 const std::string& username,
270 const std::string& password,
271 const std::string& source,
272 const char* service,
273 const std::string& login_token,
274 const std::string& login_captcha,
275 HostedAccountsSetting allow_hosted_accounts) {
276 std::string encoded_username = net::EscapeUrlEncodedData(username, true);
277 std::string encoded_password = net::EscapeUrlEncodedData(password, true);
278 std::string encoded_login_token = net::EscapeUrlEncodedData(login_token,
279 true);
280 std::string encoded_login_captcha = net::EscapeUrlEncodedData(login_captcha,
281 true);
282
283 const char* account_type = allow_hosted_accounts == HostedAccountsAllowed ?
284 kAccountTypeHostedOrGoogle :
285 kAccountTypeGoogle;
286
287 if (login_token.empty() || login_captcha.empty()) {
288 return base::StringPrintf(kClientLoginFormat,
289 encoded_username.c_str(),
290 encoded_password.c_str(),
291 kCookiePersistence,
292 account_type,
293 source.c_str(),
294 service);
295 }
296
297 return base::StringPrintf(kClientLoginCaptchaFormat,
298 encoded_username.c_str(),
299 encoded_password.c_str(),
300 kCookiePersistence,
301 account_type,
302 source.c_str(),
303 service,
304 encoded_login_token.c_str(),
305 encoded_login_captcha.c_str());
306 }
307
308 // static
309 std::string GaiaAuthFetcher::MakeIssueAuthTokenBody(
310 const std::string& sid,
311 const std::string& lsid,
312 const char* const service) {
313 std::string encoded_sid = net::EscapeUrlEncodedData(sid, true);
314 std::string encoded_lsid = net::EscapeUrlEncodedData(lsid, true);
315
316 // All tokens should be session tokens except the gaia auth token.
317 bool session = true;
318 if (!strcmp(service, GaiaConstants::kGaiaService))
319 session = false;
320
321 return base::StringPrintf(kIssueAuthTokenFormat,
322 encoded_sid.c_str(),
323 encoded_lsid.c_str(),
324 service,
325 session ? "true" : "false");
326 }
327
328 // static
329 std::string GaiaAuthFetcher::MakeGetAuthCodeBody(bool include_device_type) {
330 std::string encoded_scope = net::EscapeUrlEncodedData(
331 GaiaConstants::kOAuth1LoginScope, true);
332 std::string encoded_client_id = net::EscapeUrlEncodedData(
333 GaiaUrls::GetInstance()->oauth2_chrome_client_id(), true);
334 if (include_device_type) {
335 return base::StringPrintf(kClientLoginToOAuth2WithDeviceTypeBodyFormat,
336 encoded_scope.c_str(),
337 encoded_client_id.c_str());
338 } else {
339 return base::StringPrintf(kClientLoginToOAuth2BodyFormat,
340 encoded_scope.c_str(),
341 encoded_client_id.c_str());
342 }
343 }
344
345 // static
346 std::string GaiaAuthFetcher::MakeGetTokenPairBody(
347 const std::string& auth_code,
348 const std::string& device_id) {
349 std::string encoded_scope = net::EscapeUrlEncodedData(
350 GaiaConstants::kOAuth1LoginScope, true);
351 std::string encoded_client_id = net::EscapeUrlEncodedData(
352 GaiaUrls::GetInstance()->oauth2_chrome_client_id(), true);
353 std::string encoded_client_secret = net::EscapeUrlEncodedData(
354 GaiaUrls::GetInstance()->oauth2_chrome_client_secret(), true);
355 std::string encoded_auth_code = net::EscapeUrlEncodedData(auth_code, true);
356 std::string body = base::StringPrintf(
357 kOAuth2CodeToTokenPairBodyFormat, encoded_scope.c_str(),
358 encoded_client_id.c_str(), encoded_client_secret.c_str(),
359 encoded_auth_code.c_str());
360 if (!device_id.empty()) {
361 body += "&" + base::StringPrintf(kOAuth2CodeToTokenPairDeviceIdParam,
362 device_id.c_str());
363 }
364 return body;
365 }
366
367 // static
368 std::string GaiaAuthFetcher::MakeRevokeTokenBody(
369 const std::string& auth_token) {
370 return base::StringPrintf(kOAuth2RevokeTokenBodyFormat, auth_token.c_str());
371 }
372
373 // static
374 std::string GaiaAuthFetcher::MakeGetUserInfoBody(const std::string& lsid) {
375 std::string encoded_lsid = net::EscapeUrlEncodedData(lsid, true);
376 return base::StringPrintf(kGetUserInfoFormat, encoded_lsid.c_str());
377 }
378
379 // static
380 std::string GaiaAuthFetcher::MakeMergeSessionBody(
381 const std::string& auth_token,
382 const std::string& external_cc_result,
383 const std::string& continue_url,
384 const std::string& source) {
385 std::string encoded_auth_token = net::EscapeUrlEncodedData(auth_token, true);
386 std::string encoded_continue_url = net::EscapeUrlEncodedData(continue_url,
387 true);
388 std::string encoded_source = net::EscapeUrlEncodedData(source, true);
389 std::string result = base::StringPrintf(kMergeSessionFormat,
390 encoded_auth_token.c_str(),
391 encoded_continue_url.c_str(),
392 encoded_source.c_str());
393 if (!external_cc_result.empty()) {
394 base::StringAppendF(&result, "&externalCcResult=%s",
395 net::EscapeUrlEncodedData(
396 external_cc_result, true).c_str());
397 }
398
399 return result;
400 }
401
402 // static
403 std::string GaiaAuthFetcher::MakeGetAuthCodeHeader(
404 const std::string& auth_token) {
405 return base::StringPrintf(kAuthHeaderFormat, auth_token.c_str());
406 }
407
408 // Helper method that extracts tokens from a successful reply.
409 // static
410 void GaiaAuthFetcher::ParseClientLoginResponse(const std::string& data,
411 std::string* sid,
412 std::string* lsid,
413 std::string* token) {
414 using std::vector;
415 using std::pair;
416 using std::string;
417 sid->clear();
418 lsid->clear();
419 token->clear();
420 base::StringPairs tokens;
421 base::SplitStringIntoKeyValuePairs(data, '=', '\n', &tokens);
422 for (base::StringPairs::iterator i = tokens.begin();
423 i != tokens.end(); ++i) {
424 if (i->first == "SID") {
425 sid->assign(i->second);
426 } else if (i->first == "LSID") {
427 lsid->assign(i->second);
428 } else if (i->first == "Auth") {
429 token->assign(i->second);
430 }
431 }
432 // If this was a request for uberauth token, then that's all we've got in
433 // data.
434 if (sid->empty() && lsid->empty() && token->empty())
435 token->assign(data);
436 }
437
438 // static
439 std::string GaiaAuthFetcher::MakeOAuthLoginBody(const std::string& service,
440 const std::string& source) {
441 std::string encoded_service = net::EscapeUrlEncodedData(service, true);
442 std::string encoded_source = net::EscapeUrlEncodedData(source, true);
443 return base::StringPrintf(kOAuthLoginFormat,
444 encoded_service.c_str(),
445 encoded_source.c_str());
446 }
447
448 // static
449 std::string GaiaAuthFetcher::MakeListIDPSessionsBody(
450 const std::string& scopes,
451 const std::string& domain) {
452 static const char getTokenResponseBodyFormat[] =
453 "action=listSessions&"
454 "client_id=%s&"
455 "origin=%s&"
456 "scope=%s";
457 std::string encoded_client_id = net::EscapeUrlEncodedData(
458 GaiaUrls::GetInstance()->oauth2_chrome_client_id(), true);
459 return base::StringPrintf(getTokenResponseBodyFormat,
460 encoded_client_id.c_str(),
461 domain.c_str(),
462 scopes.c_str());
463 }
464
465 std::string GaiaAuthFetcher::MakeGetTokenResponseBody(
466 const std::string& scopes,
467 const std::string& domain,
468 const std::string& login_hint) {
469 static const char getTokenResponseBodyFormat[] =
470 "action=issueToken&"
471 "client_id=%s&"
472 "login_hint=%s&"
473 "origin=%s&"
474 "response_type=token&"
475 "scope=%s";
476 std::string encoded_client_id = net::EscapeUrlEncodedData(
477 GaiaUrls::GetInstance()->oauth2_chrome_client_id(), true);
478 return base::StringPrintf(getTokenResponseBodyFormat,
479 encoded_client_id.c_str(),
480 login_hint.c_str(),
481 domain.c_str(),
482 scopes.c_str());
483 }
484
485 // static
486 void GaiaAuthFetcher::ParseClientLoginFailure(const std::string& data,
487 std::string* error,
488 std::string* error_url,
489 std::string* captcha_url,
490 std::string* captcha_token) {
491 using std::vector;
492 using std::pair;
493 using std::string;
494
495 base::StringPairs tokens;
496 base::SplitStringIntoKeyValuePairs(data, '=', '\n', &tokens);
497 for (base::StringPairs::iterator i = tokens.begin();
498 i != tokens.end(); ++i) {
499 if (i->first == kErrorParam) {
500 error->assign(i->second);
501 } else if (i->first == kErrorUrlParam) {
502 error_url->assign(i->second);
503 } else if (i->first == kCaptchaUrlParam) {
504 captcha_url->assign(i->second);
505 } else if (i->first == kCaptchaTokenParam) {
506 captcha_token->assign(i->second);
507 }
508 }
509 }
510
511 // static
512 bool GaiaAuthFetcher::ParseClientLoginToOAuth2Response(
513 const net::ResponseCookies& cookies,
514 std::string* auth_code) {
515 DCHECK(auth_code);
516 net::ResponseCookies::const_iterator iter;
517 for (iter = cookies.begin(); iter != cookies.end(); ++iter) {
518 if (ParseClientLoginToOAuth2Cookie(*iter, auth_code))
519 return true;
520 }
521 return false;
522 }
523
524 // static
525 bool GaiaAuthFetcher::ParseClientLoginToOAuth2Cookie(const std::string& cookie,
526 std::string* auth_code) {
527 std::vector<std::string> parts;
528 base::SplitString(cookie, ';', &parts);
529 // Per documentation, the cookie should have Secure and HttpOnly.
530 if (!CookiePartsContains(parts, kClientLoginToOAuth2CookiePartSecure) ||
531 !CookiePartsContains(parts, kClientLoginToOAuth2CookiePartHttpOnly)) {
532 return false;
533 }
534
535 std::vector<std::string>::const_iterator iter;
536 for (iter = parts.begin(); iter != parts.end(); ++iter) {
537 const std::string& part = *iter;
538 if (StartsWithASCII(
539 part, kClientLoginToOAuth2CookiePartCodePrefix, false)) {
540 auth_code->assign(part.substr(
541 kClientLoginToOAuth2CookiePartCodePrefixLength));
542 return true;
543 }
544 }
545 return false;
546 }
547
548 // static
549 bool GaiaAuthFetcher::ParseListIdpSessionsResponse(const std::string& data,
550 std::string* login_hint) {
551 DCHECK(login_hint);
552
553 scoped_ptr<base::Value> value(base::JSONReader::Read(data));
554 if (!value.get() || value->GetType() != base::Value::TYPE_DICTIONARY)
555 return false;
556
557 base::DictionaryValue* dict =
558 static_cast<base::DictionaryValue*>(value.get());
559
560 base::ListValue* sessionsList;
561 if (!dict->GetList("sessions", &sessionsList))
562 return false;
563
564 // Find the first login_hint present in any session.
565 for (base::ListValue::iterator iter = sessionsList->begin();
566 iter != sessionsList->end();
567 iter++) {
568 base::DictionaryValue* sessionDictionary;
569 if (!(*iter)->GetAsDictionary(&sessionDictionary))
570 continue;
571
572 if (sessionDictionary->GetString("login_hint", login_hint))
573 break;
574 }
575
576 if (login_hint->empty())
577 return false;
578 return true;
579 }
580
581 void GaiaAuthFetcher::StartClientLogin(
582 const std::string& username,
583 const std::string& password,
584 const char* const service,
585 const std::string& login_token,
586 const std::string& login_captcha,
587 HostedAccountsSetting allow_hosted_accounts) {
588
589 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
590
591 // This class is thread agnostic, so be sure to call this only on the
592 // same thread each time.
593 DVLOG(1) << "Starting new ClientLogin fetch for:" << username;
594
595 // Must outlive fetcher_.
596 request_body_ = MakeClientLoginBody(username,
597 password,
598 source_,
599 service,
600 login_token,
601 login_captcha,
602 allow_hosted_accounts);
603 fetcher_ =
604 CreateGaiaFetcher(getter_, request_body_, std::string(),
605 client_login_gurl_, kLoadFlagsIgnoreCookies, this);
606 fetch_pending_ = true;
607 fetcher_->Start();
608 }
609
610 void GaiaAuthFetcher::StartIssueAuthToken(const std::string& sid,
611 const std::string& lsid,
612 const char* const service) {
613 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
614
615 DVLOG(1) << "Starting IssueAuthToken for: " << service;
616 requested_service_ = service;
617 request_body_ = MakeIssueAuthTokenBody(sid, lsid, service);
618 fetcher_ =
619 CreateGaiaFetcher(getter_, request_body_, std::string(),
620 issue_auth_token_gurl_, kLoadFlagsIgnoreCookies, this);
621 fetch_pending_ = true;
622 fetcher_->Start();
623 }
624
625 void GaiaAuthFetcher::StartLsoForOAuthLoginTokenExchange(
626 const std::string& auth_token) {
627 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
628
629 DVLOG(1) << "Starting OAuth login token exchange with auth_token";
630 request_body_ = MakeGetAuthCodeBody(false);
631 client_login_to_oauth2_gurl_ =
632 GaiaUrls::GetInstance()->client_login_to_oauth2_url();
633
634 fetcher_ = CreateGaiaFetcher(
635 getter_, request_body_, MakeGetAuthCodeHeader(auth_token),
636 client_login_to_oauth2_gurl_, kLoadFlagsIgnoreCookies, this);
637 fetch_pending_ = true;
638 fetcher_->Start();
639 }
640
641 void GaiaAuthFetcher::StartRevokeOAuth2Token(const std::string& auth_token) {
642 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
643
644 DVLOG(1) << "Starting OAuth2 token revocation";
645 request_body_ = MakeRevokeTokenBody(auth_token);
646 fetcher_ =
647 CreateGaiaFetcher(getter_, request_body_, std::string(),
648 oauth2_revoke_gurl_, kLoadFlagsIgnoreCookies, this);
649 fetch_pending_ = true;
650 fetcher_->Start();
651 }
652
653 void GaiaAuthFetcher::StartCookieForOAuthLoginTokenExchange(
654 const std::string& session_index) {
655 StartCookieForOAuthLoginTokenExchangeWithDeviceId(session_index,
656 std::string());
657 }
658
659 void GaiaAuthFetcher::StartCookieForOAuthLoginTokenExchangeWithDeviceId(
660 const std::string& session_index,
661 const std::string& device_id) {
662 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
663
664 DVLOG(1) << "Starting OAuth login token fetch with cookie jar";
665 request_body_ = MakeGetAuthCodeBody(!device_id.empty());
666
667 client_login_to_oauth2_gurl_ =
668 GaiaUrls::GetInstance()->client_login_to_oauth2_url();
669 if (!session_index.empty()) {
670 client_login_to_oauth2_gurl_ =
671 client_login_to_oauth2_gurl_.Resolve("?authuser=" + session_index);
672 }
673
674 std::string device_id_header;
675 if (!device_id.empty()) {
676 device_id_header =
677 base::StringPrintf(kDeviceIdHeaderFormat, device_id.c_str());
678 }
679
680 fetcher_ =
681 CreateGaiaFetcher(getter_, request_body_, device_id_header,
682 client_login_to_oauth2_gurl_, net::LOAD_NORMAL, this);
683 fetch_pending_ = true;
684 fetcher_->Start();
685 }
686
687 void GaiaAuthFetcher::StartAuthCodeForOAuth2TokenExchange(
688 const std::string& auth_code) {
689 StartAuthCodeForOAuth2TokenExchangeWithDeviceId(auth_code, std::string());
690 }
691
692 void GaiaAuthFetcher::StartAuthCodeForOAuth2TokenExchangeWithDeviceId(
693 const std::string& auth_code,
694 const std::string& device_id) {
695 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
696
697 DVLOG(1) << "Starting OAuth token pair fetch";
698 request_body_ = MakeGetTokenPairBody(auth_code, device_id);
699 fetcher_ =
700 CreateGaiaFetcher(getter_, request_body_, std::string(),
701 oauth2_token_gurl_, kLoadFlagsIgnoreCookies, this);
702 fetch_pending_ = true;
703 fetcher_->Start();
704 }
705
706 void GaiaAuthFetcher::StartGetUserInfo(const std::string& lsid) {
707 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
708
709 DVLOG(1) << "Starting GetUserInfo for lsid=" << lsid;
710 request_body_ = MakeGetUserInfoBody(lsid);
711 fetcher_ =
712 CreateGaiaFetcher(getter_, request_body_, std::string(),
713 get_user_info_gurl_, kLoadFlagsIgnoreCookies, this);
714 fetch_pending_ = true;
715 fetcher_->Start();
716 }
717
718 void GaiaAuthFetcher::StartMergeSession(const std::string& uber_token,
719 const std::string& external_cc_result) {
720 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
721
722 DVLOG(1) << "Starting MergeSession with uber_token=" << uber_token;
723
724 // The continue URL is a required parameter of the MergeSession API, but in
725 // this case we don't actually need or want to navigate to it. Setting it to
726 // an arbitrary Google URL.
727 //
728 // In order for the new session to be merged correctly, the server needs to
729 // know what sessions already exist in the browser. The fetcher needs to be
730 // created such that it sends the cookies with the request, which is
731 // different from all other requests the fetcher can make.
732 std::string continue_url("http://www.google.com");
733 request_body_ = MakeMergeSessionBody(uber_token, external_cc_result,
734 continue_url, source_);
735 fetcher_ = CreateGaiaFetcher(getter_, request_body_, std::string(),
736 merge_session_gurl_, net::LOAD_NORMAL, this);
737 fetch_pending_ = true;
738 fetcher_->Start();
739 }
740
741 void GaiaAuthFetcher::StartTokenFetchForUberAuthExchange(
742 const std::string& access_token) {
743 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
744
745 DVLOG(1) << "Starting StartTokenFetchForUberAuthExchange with access_token="
746 << access_token;
747 std::string authentication_header =
748 base::StringPrintf(kOAuthHeaderFormat, access_token.c_str());
749 fetcher_ = CreateGaiaFetcher(getter_, std::string(), authentication_header,
750 uberauth_token_gurl_, net::LOAD_NORMAL, this);
751 fetch_pending_ = true;
752 fetcher_->Start();
753 }
754
755 void GaiaAuthFetcher::StartOAuthLogin(const std::string& access_token,
756 const std::string& service) {
757 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
758
759 request_body_ = MakeOAuthLoginBody(service, source_);
760 std::string authentication_header =
761 base::StringPrintf(kOAuth2BearerHeaderFormat, access_token.c_str());
762 fetcher_ = CreateGaiaFetcher(getter_, request_body_, authentication_header,
763 oauth_login_gurl_, net::LOAD_NORMAL, this);
764 fetch_pending_ = true;
765 fetcher_->Start();
766 }
767
768 void GaiaAuthFetcher::StartListAccounts() {
769 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
770
771 fetcher_ = CreateGaiaFetcher(getter_,
772 " ", // To force an HTTP POST.
773 "Origin: https://www.google.com",
774 list_accounts_gurl_, net::LOAD_NORMAL, this);
775 fetch_pending_ = true;
776 fetcher_->Start();
777 }
778
779 void GaiaAuthFetcher::StartGetCheckConnectionInfo() {
780 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
781
782 fetcher_ = CreateGaiaFetcher(getter_, std::string(), std::string(),
783 get_check_connection_info_url_,
784 kLoadFlagsIgnoreCookies, this);
785 fetch_pending_ = true;
786 fetcher_->Start();
787 }
788
789 void GaiaAuthFetcher::StartListIDPSessions(const std::string& scopes,
790 const std::string& domain) {
791 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
792
793 request_body_ = MakeListIDPSessionsBody(scopes, domain);
794 fetcher_ = CreateGaiaFetcher(getter_, request_body_, std::string(),
795 oauth2_iframe_url_, net::LOAD_NORMAL, this);
796 requested_service_ = kListIdpServiceRequested;
797 fetch_pending_ = true;
798 fetcher_->Start();
799 }
800
801 void GaiaAuthFetcher::StartGetTokenResponse(const std::string& scopes,
802 const std::string& domain,
803 const std::string& login_hint) {
804 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
805
806 request_body_ = MakeGetTokenResponseBody(scopes, domain, login_hint);
807 fetcher_ = CreateGaiaFetcher(getter_, request_body_, std::string(),
808 oauth2_iframe_url_, net::LOAD_NORMAL, this);
809
810 requested_service_ = kGetTokenResponseRequested;
811 fetch_pending_ = true;
812 fetcher_->Start();
813 }
814
815 // static
816 GoogleServiceAuthError GaiaAuthFetcher::GenerateAuthError(
817 const std::string& data,
818 const net::URLRequestStatus& status) {
819 if (!status.is_success()) {
820 if (status.status() == net::URLRequestStatus::CANCELED) {
821 return GoogleServiceAuthError(GoogleServiceAuthError::REQUEST_CANCELED);
822 }
823 DLOG(WARNING) << "Could not reach Google Accounts servers: errno "
824 << status.error();
825 return GoogleServiceAuthError::FromConnectionError(status.error());
826 }
827
828 if (IsSecondFactorSuccess(data))
829 return GoogleServiceAuthError(GoogleServiceAuthError::TWO_FACTOR);
830
831 if (IsWebLoginRequiredSuccess(data))
832 return GoogleServiceAuthError(GoogleServiceAuthError::WEB_LOGIN_REQUIRED);
833
834 std::string error;
835 std::string url;
836 std::string captcha_url;
837 std::string captcha_token;
838 ParseClientLoginFailure(data, &error, &url, &captcha_url, &captcha_token);
839 DLOG(WARNING) << "ClientLogin failed with " << error;
840
841 if (error == kCaptchaError) {
842 return GoogleServiceAuthError::FromClientLoginCaptchaChallenge(
843 captcha_token,
844 GURL(GaiaUrls::GetInstance()->captcha_base_url().Resolve(captcha_url)),
845 GURL(url));
846 }
847 if (error == kAccountDeletedError)
848 return GoogleServiceAuthError(GoogleServiceAuthError::ACCOUNT_DELETED);
849 if (error == kAccountDisabledError)
850 return GoogleServiceAuthError(GoogleServiceAuthError::ACCOUNT_DISABLED);
851 if (error == kBadAuthenticationError) {
852 return GoogleServiceAuthError(
853 GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);
854 }
855 if (error == kServiceUnavailableError) {
856 return GoogleServiceAuthError(
857 GoogleServiceAuthError::SERVICE_UNAVAILABLE);
858 }
859
860 DLOG(WARNING) << "Incomprehensible response from Google Accounts servers.";
861 return GoogleServiceAuthError(GoogleServiceAuthError::SERVICE_UNAVAILABLE);
862 }
863
864 void GaiaAuthFetcher::OnClientLoginFetched(const std::string& data,
865 const net::URLRequestStatus& status,
866 int response_code) {
867 if (status.is_success() && response_code == net::HTTP_OK) {
868 DVLOG(1) << "ClientLogin successful!";
869 std::string sid;
870 std::string lsid;
871 std::string token;
872 ParseClientLoginResponse(data, &sid, &lsid, &token);
873 consumer_->OnClientLoginSuccess(
874 GaiaAuthConsumer::ClientLoginResult(sid, lsid, token, data));
875 } else {
876 consumer_->OnClientLoginFailure(GenerateAuthError(data, status));
877 }
878 }
879
880 void GaiaAuthFetcher::OnIssueAuthTokenFetched(
881 const std::string& data,
882 const net::URLRequestStatus& status,
883 int response_code) {
884 if (status.is_success() && response_code == net::HTTP_OK) {
885 // Only the bare token is returned in the body of this Gaia call
886 // without any padding.
887 consumer_->OnIssueAuthTokenSuccess(requested_service_, data);
888 } else {
889 consumer_->OnIssueAuthTokenFailure(requested_service_,
890 GenerateAuthError(data, status));
891 }
892 }
893
894 void GaiaAuthFetcher::OnClientLoginToOAuth2Fetched(
895 const std::string& data,
896 const net::ResponseCookies& cookies,
897 const net::URLRequestStatus& status,
898 int response_code) {
899 if (status.is_success() && response_code == net::HTTP_OK) {
900 std::string auth_code;
901 if (ParseClientLoginToOAuth2Response(cookies, &auth_code)) {
902 StartAuthCodeForOAuth2TokenExchange(auth_code);
903 } else {
904 GoogleServiceAuthError auth_error(
905 GoogleServiceAuthError::FromUnexpectedServiceResponse(
906 "ClientLogin response cookies didn't contain an auth code"));
907 consumer_->OnClientOAuthFailure(auth_error);
908 }
909 } else {
910 GoogleServiceAuthError auth_error(GenerateAuthError(data, status));
911 consumer_->OnClientOAuthFailure(auth_error);
912 }
913 }
914
915 void GaiaAuthFetcher::OnOAuth2TokenPairFetched(
916 const std::string& data,
917 const net::URLRequestStatus& status,
918 int response_code) {
919 std::string refresh_token;
920 std::string access_token;
921 int expires_in_secs = 0;
922
923 bool success = false;
924 if (status.is_success() && response_code == net::HTTP_OK) {
925 success = ExtractOAuth2TokenPairResponse(data, &refresh_token,
926 &access_token, &expires_in_secs);
927 }
928
929 if (success) {
930 consumer_->OnClientOAuthSuccess(
931 GaiaAuthConsumer::ClientOAuthResult(refresh_token, access_token,
932 expires_in_secs));
933 } else {
934 consumer_->OnClientOAuthFailure(GenerateAuthError(data, status));
935 }
936 }
937
938 void GaiaAuthFetcher::OnOAuth2RevokeTokenFetched(
939 const std::string& data,
940 const net::URLRequestStatus& status,
941 int response_code) {
942 consumer_->OnOAuth2RevokeTokenCompleted();
943 }
944
945 void GaiaAuthFetcher::OnListAccountsFetched(const std::string& data,
946 const net::URLRequestStatus& status,
947 int response_code) {
948 if (status.is_success() && response_code == net::HTTP_OK) {
949 consumer_->OnListAccountsSuccess(data);
950 } else {
951 consumer_->OnListAccountsFailure(GenerateAuthError(data, status));
952 }
953 }
954
955 void GaiaAuthFetcher::OnGetUserInfoFetched(
956 const std::string& data,
957 const net::URLRequestStatus& status,
958 int response_code) {
959 if (status.is_success() && response_code == net::HTTP_OK) {
960 base::StringPairs tokens;
961 UserInfoMap matches;
962 base::SplitStringIntoKeyValuePairs(data, '=', '\n', &tokens);
963 base::StringPairs::iterator i;
964 for (i = tokens.begin(); i != tokens.end(); ++i) {
965 matches[i->first] = i->second;
966 }
967 consumer_->OnGetUserInfoSuccess(matches);
968 } else {
969 consumer_->OnGetUserInfoFailure(GenerateAuthError(data, status));
970 }
971 }
972
973 void GaiaAuthFetcher::OnMergeSessionFetched(const std::string& data,
974 const net::URLRequestStatus& status,
975 int response_code) {
976 if (status.is_success() && response_code == net::HTTP_OK) {
977 consumer_->OnMergeSessionSuccess(data);
978 } else {
979 consumer_->OnMergeSessionFailure(GenerateAuthError(data, status));
980 }
981 }
982
983 void GaiaAuthFetcher::OnUberAuthTokenFetch(const std::string& data,
984 const net::URLRequestStatus& status,
985 int response_code) {
986 if (status.is_success() && response_code == net::HTTP_OK) {
987 consumer_->OnUberAuthTokenSuccess(data);
988 } else {
989 consumer_->OnUberAuthTokenFailure(GenerateAuthError(data, status));
990 }
991 }
992
993 void GaiaAuthFetcher::OnOAuthLoginFetched(const std::string& data,
994 const net::URLRequestStatus& status,
995 int response_code) {
996 if (status.is_success() && response_code == net::HTTP_OK) {
997 DVLOG(1) << "ClientLogin successful!";
998 std::string sid;
999 std::string lsid;
1000 std::string token;
1001 ParseClientLoginResponse(data, &sid, &lsid, &token);
1002 consumer_->OnClientLoginSuccess(
1003 GaiaAuthConsumer::ClientLoginResult(sid, lsid, token, data));
1004 } else {
1005 consumer_->OnClientLoginFailure(GenerateAuthError(data, status));
1006 }
1007 }
1008
1009 void GaiaAuthFetcher::OnGetCheckConnectionInfoFetched(
1010 const std::string& data,
1011 const net::URLRequestStatus& status,
1012 int response_code) {
1013 if (status.is_success() && response_code == net::HTTP_OK) {
1014 consumer_->OnGetCheckConnectionInfoSuccess(data);
1015 } else {
1016 consumer_->OnGetCheckConnectionInfoError(GenerateAuthError(data, status));
1017 }
1018 }
1019
1020 void GaiaAuthFetcher::OnListIdpSessionsFetched(
1021 const std::string& data,
1022 const net::URLRequestStatus& status,
1023 int response_code) {
1024 if (status.is_success() && response_code == net::HTTP_OK) {
1025 DVLOG(1) << "ListIdpSessions successful!";
1026 std::string login_hint;
1027 if (ParseListIdpSessionsResponse(data, &login_hint)) {
1028 consumer_->OnListIdpSessionsSuccess(login_hint);
1029 } else {
1030 GoogleServiceAuthError auth_error(
1031 GoogleServiceAuthError::FromUnexpectedServiceResponse(
1032 "List Sessions response didn't contain a login_hint."));
1033 consumer_->OnListIdpSessionsError(auth_error);
1034 }
1035 } else {
1036 consumer_->OnListIdpSessionsError(GenerateAuthError(data, status));
1037 }
1038 }
1039
1040 void GaiaAuthFetcher::OnGetTokenResponseFetched(
1041 const std::string& data,
1042 const net::URLRequestStatus& status,
1043 int response_code) {
1044 std::string access_token;
1045 int expires_in_secs = 0;
1046 bool success = false;
1047 if (status.is_success() && response_code == net::HTTP_OK) {
1048 DVLOG(1) << "GetTokenResponse successful!";
1049 success = ExtractOAuth2TokenPairResponse(data, NULL,
1050 &access_token, &expires_in_secs);
1051 }
1052
1053 if (success) {
1054 consumer_->OnGetTokenResponseSuccess(
1055 GaiaAuthConsumer::ClientOAuthResult(std::string(), access_token,
1056 expires_in_secs));
1057 } else {
1058 consumer_->OnGetTokenResponseError(GenerateAuthError(data, status));
1059 }
1060 }
1061
1062 void GaiaAuthFetcher::OnURLFetchComplete(const net::URLFetcher* source) {
1063 fetch_pending_ = false;
1064 // Some of the GAIA requests perform redirects, which results in the final
1065 // URL of the fetcher not being the original URL requested. Therefore use
1066 // the original URL when determining which OnXXX function to call.
1067 const GURL& url = source->GetOriginalURL();
1068 const net::URLRequestStatus& status = source->GetStatus();
1069 int response_code = source->GetResponseCode();
1070 std::string data;
1071 source->GetResponseAsString(&data);
1072 #ifndef NDEBUG
1073 std::string headers;
1074 if (source->GetResponseHeaders())
1075 source->GetResponseHeaders()->GetNormalizedHeaders(&headers);
1076 DVLOG(2) << "Response " << url.spec() << ", code = " << response_code << "\n"
1077 << headers << "\n";
1078 DVLOG(2) << "data: " << data << "\n";
1079 #endif
1080 // Retrieve the response headers from the request. Must only be called after
1081 // the OnURLFetchComplete callback has run.
1082 if (url == client_login_gurl_) {
1083 OnClientLoginFetched(data, status, response_code);
1084 } else if (url == issue_auth_token_gurl_) {
1085 OnIssueAuthTokenFetched(data, status, response_code);
1086 } else if (url == client_login_to_oauth2_gurl_) {
1087 OnClientLoginToOAuth2Fetched(
1088 data, source->GetCookies(), status, response_code);
1089 } else if (url == oauth2_token_gurl_) {
1090 OnOAuth2TokenPairFetched(data, status, response_code);
1091 } else if (url == get_user_info_gurl_) {
1092 OnGetUserInfoFetched(data, status, response_code);
1093 } else if (url == merge_session_gurl_) {
1094 OnMergeSessionFetched(data, status, response_code);
1095 } else if (url == uberauth_token_gurl_) {
1096 OnUberAuthTokenFetch(data, status, response_code);
1097 } else if (url == oauth_login_gurl_) {
1098 OnOAuthLoginFetched(data, status, response_code);
1099 } else if (url == oauth2_revoke_gurl_) {
1100 OnOAuth2RevokeTokenFetched(data, status, response_code);
1101 } else if (url == list_accounts_gurl_) {
1102 OnListAccountsFetched(data, status, response_code);
1103 } else if (url == get_check_connection_info_url_) {
1104 OnGetCheckConnectionInfoFetched(data, status, response_code);
1105 } else if (url == oauth2_iframe_url_) {
1106 if (requested_service_ == kListIdpServiceRequested)
1107 OnListIdpSessionsFetched(data, status, response_code);
1108 else if (requested_service_ == kGetTokenResponseRequested)
1109 OnGetTokenResponseFetched(data, status, response_code);
1110 else
1111 NOTREACHED();
1112 } else {
1113 NOTREACHED();
1114 }
1115 }
1116
1117 // static
1118 bool GaiaAuthFetcher::IsSecondFactorSuccess(
1119 const std::string& alleged_error) {
1120 return alleged_error.find(kSecondFactor) !=
1121 std::string::npos;
1122 }
1123
1124 // static
1125 bool GaiaAuthFetcher::IsWebLoginRequiredSuccess(
1126 const std::string& alleged_error) {
1127 return alleged_error.find(kWebLoginRequired) !=
1128 std::string::npos;
1129 }