From 6c9e09b1edfbfff221b17eda6c617a2591284682 Mon Sep 17 00:00:00 2001
From: atwilson <atwilson@chromium.org>
Date: Fri, 21 Nov 2014 06:24:15 -0800
Subject: [PATCH] Revert "policy: Pass oauth token in Authorization header"

Reverting this CL because it breaks device enrollment (DMServer responds with
a 400 error to these requests).

This reverts commit c10acdfce5a67f215a361b8890c884b74f64f36c.

BUG=chromium:431828

Review URL: https://codereview.chromium.org/753533002

Cr-Commit-Position: refs/heads/master@{#305213}
---
 chrome/browser/policy/test/policy_testserver.py    | 66 ++++++----------------
 .../core/common/cloud/cloud_policy_constants.cc    |  1 +
 .../core/common/cloud/cloud_policy_constants.h     |  1 +
 .../core/common/cloud/device_management_service.cc |  5 +-
 .../core/common/cloud/device_management_service.h  |  1 -
 .../common/cloud/mock_device_management_service.cc |  2 +-
 6 files changed, 21 insertions(+), 55 deletions(-)

diff --git a/chrome/browser/policy/test/policy_testserver.py b/chrome/browser/policy/test/policy_testserver.py
index bfd854119504..a08eac10b016 100644
--- a/chrome/browser/policy/test/policy_testserver.py
+++ b/chrome/browser/policy/test/policy_testserver.py
@@ -58,7 +58,6 @@ import base64
 import BaseHTTPServer
 import cgi
 import glob
-import google.protobuf.message
 import google.protobuf.text_format
 import hashlib
 import logging
@@ -222,26 +221,6 @@ class PolicyRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
       return param_list[0]
     return None
 
-  def GetAuthorizationHeader(self, auth_type):
-    """Gets an authorization header of the appropriate type.
-
-    Args:
-      auth_type: Name of the authorization type.
-    Returns:
-      The payload found in the authorization header, i.e. the data following
-      after the authorization type.
-    """
-    for line in self.headers.getallmatchingheaders('Authorization'):
-      try:
-        header_value = line.split(':', 1)[1].strip()
-        if header_value.startswith(auth_type):
-          return header_value[len(auth_type):].strip()
-      except ValueError, IndexError:
-        # Failed to parse the header.
-        pass
-
-    return None
-
   def do_GET(self):
     """Handles GET requests.
 
@@ -296,11 +275,8 @@ class PolicyRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
     rmsg.ParseFromString(self.rfile.read(length))
 
     logging.debug('gaia auth token -> ' +
-                  str(self.GetAuthorizationHeader('GoogleLogin auth=')))
-    logging.debug('oauth token -> ' +
-                  str(self.GetAuthorizationHeader('Bearer')))
-    logging.debug('dm token -> ' +
-                  str(self.GetAuthorizationHeader('GoogleDMToken token=')))
+                  self.headers.getheader('Authorization', ''))
+    logging.debug('oauth token -> ' + str(self.GetUniqueParam('oauth_token')))
     logging.debug('deviceid -> ' + str(self.GetUniqueParam('deviceid')))
     self.DumpMessage('Request', rmsg)
 
@@ -327,15 +303,8 @@ class PolicyRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
     else:
       return (400, 'Invalid request parameter')
 
-    if isinstance(response[1], basestring):
-      body = response[1]
-    elif isinstance(response[1], google.protobuf.message.Message):
-      self.DumpMessage('Response', response[1])
-      body = response[1].SerializeToString()
-    else:
-      body = ''
-
-    return (response[0], body)
+    self.DumpMessage('Response', response[1])
+    return (response[0], response[1].SerializeToString())
 
   def CreatePolicyForExternalPolicyData(self, policy_key):
     """Returns an ExternalPolicyData protobuf for policy_key.
@@ -359,24 +328,19 @@ class PolicyRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
     return settings.SerializeToString()
 
   def CheckGoogleLogin(self):
-    """Extracts the auth token from the request and returns it. The token is
-    passed via an Authorization header and may either be a GoogleLogin token or
-    an OAuth V2 token. Returns None if no token is present.
+    """Extracts the auth token from the request and returns it. The token may
+    either be a GoogleLogin token from an Authorization header, or an OAuth V2
+    token from the oauth_token query parameter. Returns None if no token is
+    present.
     """
-    oauth_token = self.GetAuthorizationHeader('Bearer')
-    if oauth_token:
-      return oauth_token
-
-    # Previous versions of Chrome passed the access token in the oauth_token
-    # query parameter. The test server still accepts this so things don't break
-    # in case of version mismatch, for example when bisecting.
     oauth_token = self.GetUniqueParam('oauth_token')
     if oauth_token:
       return oauth_token
 
-    google_login_token = self.GetAuthorizationHeader('GoogleLogin auth=')
-    if google_login_token:
-      return google_login_token
+    match = re.match('GoogleLogin auth=(\\w+)',
+                     self.headers.getheader('Authorization', ''))
+    if match:
+      return match.group(1)
 
     return None
 
@@ -869,8 +833,12 @@ class PolicyRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
       returned by LookupToken().
     """
     error = 500
+    dmtoken = None
     request_device_id = self.GetUniqueParam('deviceid')
-    dmtoken = self.GetAuthorizationHeader('GoogleDMToken token=')
+    match = re.match('GoogleDMToken token=(\\w+)',
+                     self.headers.getheader('Authorization', ''))
+    if match:
+      dmtoken = match.group(1)
     if not dmtoken:
       error = 401
     else:
diff --git a/components/policy/core/common/cloud/cloud_policy_constants.cc b/components/policy/core/common/cloud/cloud_policy_constants.cc
index ce129dfa2ff5..892deaa3ab61 100644
--- a/components/policy/core/common/cloud/cloud_policy_constants.cc
+++ b/components/policy/core/common/cloud/cloud_policy_constants.cc
@@ -18,6 +18,7 @@ const char kParamAgent[] = "agent";
 const char kParamAppType[] = "apptype";
 const char kParamDeviceID[] = "deviceid";
 const char kParamDeviceType[] = "devicetype";
+const char kParamOAuthToken[] = "oauth_token";
 const char kParamPlatform[] = "platform";
 const char kParamRequest[] = "request";
 const char kParamUserAffiliation[] = "user_affiliation";
diff --git a/components/policy/core/common/cloud/cloud_policy_constants.h b/components/policy/core/common/cloud/cloud_policy_constants.h
index 4168e84b3a3e..b43d6bcf35cf 100644
--- a/components/policy/core/common/cloud/cloud_policy_constants.h
+++ b/components/policy/core/common/cloud/cloud_policy_constants.h
@@ -20,6 +20,7 @@ POLICY_EXPORT extern const char kParamAgent[];
 POLICY_EXPORT extern const char kParamAppType[];
 POLICY_EXPORT extern const char kParamDeviceID[];
 POLICY_EXPORT extern const char kParamDeviceType[];
+POLICY_EXPORT extern const char kParamOAuthToken[];
 POLICY_EXPORT extern const char kParamPlatform[];
 POLICY_EXPORT extern const char kParamRequest[];
 POLICY_EXPORT extern const char kParamUserAffiliation[];
diff --git a/components/policy/core/common/cloud/device_management_service.cc b/components/policy/core/common/cloud/device_management_service.cc
index 8e08693940c9..4e88ccd7a9f5 100644
--- a/components/policy/core/common/cloud/device_management_service.cc
+++ b/components/policy/core/common/cloud/device_management_service.cc
@@ -27,7 +27,6 @@ namespace {
 
 const char kPostContentType[] = "application/protobuf";
 
-const char kOAuthTokenAuthHeader[] = "Authorization: Bearer ";
 const char kServiceTokenAuthHeader[] = "Authorization: GoogleLogin auth=";
 const char kDMTokenAuthHeader[] = "Authorization: GoogleDMToken token=";
 
@@ -312,8 +311,6 @@ void DeviceManagementRequestJobImpl::ConfigureRequest(
   CHECK(request_.SerializeToString(&payload));
   fetcher->SetUploadData(kPostContentType, payload);
   std::string extra_headers;
-  if (!oauth_token_.empty())
-    extra_headers += kOAuthTokenAuthHeader + oauth_token_ + "\n";
   if (!gaia_token_.empty())
     extra_headers += kServiceTokenAuthHeader + gaia_token_ + "\n";
   if (!dm_token_.empty())
@@ -362,7 +359,7 @@ void DeviceManagementRequestJob::SetGaiaToken(const std::string& gaia_token) {
 }
 
 void DeviceManagementRequestJob::SetOAuthToken(const std::string& oauth_token) {
-  oauth_token_ = oauth_token;
+  AddParameter(dm_protocol::kParamOAuthToken, oauth_token);
 }
 
 void DeviceManagementRequestJob::SetUserAffiliation(
diff --git a/components/policy/core/common/cloud/device_management_service.h b/components/policy/core/common/cloud/device_management_service.h
index 0f8d8ab7c3af..16cd6ccd6a9d 100644
--- a/components/policy/core/common/cloud/device_management_service.h
+++ b/components/policy/core/common/cloud/device_management_service.h
@@ -89,7 +89,6 @@ class POLICY_EXPORT DeviceManagementRequestJob {
 
   ParameterMap query_params_;
   std::string gaia_token_;
-  std::string oauth_token_;
   std::string dm_token_;
   enterprise_management::DeviceManagementRequest request_;
   RetryCallback retry_callback_;
diff --git a/components/policy/core/common/cloud/mock_device_management_service.cc b/components/policy/core/common/cloud/mock_device_management_service.cc
index 61e15ca2f9cf..970dd01bf7c4 100644
--- a/components/policy/core/common/cloud/mock_device_management_service.cc
+++ b/components/policy/core/common/cloud/mock_device_management_service.cc
@@ -32,7 +32,7 @@ class MockRequestJobBase : public DeviceManagementRequestJob {
   void Run() override {
     service_->StartJob(ExtractParameter(dm_protocol::kParamRequest),
                        gaia_token_,
-                       oauth_token_,
+                       ExtractParameter(dm_protocol::kParamOAuthToken),
                        dm_token_,
                        ExtractParameter(dm_protocol::kParamUserAffiliation),
                        ExtractParameter(dm_protocol::kParamDeviceID),
-- 
2.11.4.GIT