1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
6 * @fileoverview An UI component to host gaia auth extension in an iframe.
7 * After the component binds with an iframe, call its {@code load} to start the
8 * authentication flow. There are two events would be raised after this point:
9 * a 'ready' event when the authentication UI is ready to use and a 'completed'
10 * event when the authentication is completed successfully. If caller is
11 * interested in the user credentials, he may supply a success callback with
12 * {@code load} call. The callback will be invoked when the authentication is
13 * completed successfully and with the available credential data.
16 cr.define('cr.login', function() {
20 * Base URL of gaia auth extension.
23 var AUTH_URL_BASE = 'chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik';
26 * Auth URL to use for online flow.
29 var AUTH_URL = AUTH_URL_BASE + '/main.html';
32 * Auth URL to use for offline flow.
35 var OFFLINE_AUTH_URL = AUTH_URL_BASE + '/offline.html';
38 * Origin of the gaia sign in page.
41 var GAIA_ORIGIN = 'https://accounts.google.com';
44 * Supported params of auth extension. For a complete list, check out the
45 * auth extension's main.js.
46 * @type {!Array.<string>}
49 var SUPPORTED_PARAMS = [
50 'gaiaUrl', // Gaia url to use;
51 'gaiaPath', // Gaia path to use without a leading slash;
52 'hl', // Language code for the user interface;
53 'email', // Pre-fill the email field in Gaia UI;
54 'service', // Name of Gaia service;
55 'continueUrl', // Continue url to use;
56 'frameUrl', // Initial frame URL to use. If empty defaults to gaiaUrl.
57 'constrained' // Whether the extension is loaded in a constrained window;
61 * Supported localized strings. For a complete list, check out the auth
62 * extension's offline.js
63 * @type {!Array.<string>}
66 var LOCALIZED_STRING_PARAMS = [
71 'stringEmptyPassword',
76 * Enum for the authorization mode, must match AuthMode defined in
77 * chrome/browser/ui/webui/inline_login_ui.cc.
87 * Enum for the auth flow.
96 * Creates a new gaia auth extension host.
97 * @param {HTMLIFrameElement|string} container The iframe element or its id
98 * to host the auth extension.
100 * @extends {cr.EventTarget}
102 function GaiaAuthHost(container) {
103 this.frame_ = typeof container == 'string' ? $(container) : container;
105 window.addEventListener('message',
106 this.onMessage_.bind(this), false);
109 GaiaAuthHost.prototype = {
110 __proto__: cr.EventTarget.prototype,
113 * An url to use with {@code reload}.
120 * The domain name of the current auth page.
126 * Invoked when authentication is completed successfully with credential
127 * data. A credential data object looks like this:
131 * email: 'xx@gmail.com',
132 * password: 'xxxx', // May not present
133 * authCode: 'x/xx', // May not present
134 * authMode: 'x', // Authorization mode, default/offline/desktop.
138 * @type {function(Object)}
141 successCallback_: null,
144 * Invoked when the auth flow needs a user to confirm his/her passwords.
145 * This could happen when there are more than one passwords scraped during
146 * SAML flow. The embedder of GaiaAuthHost should show an UI to collect a
147 * password from user then call GaiaAuthHost.verifyConfirmedPassword to
148 * verify. If the password is good, the auth flow continues with success
149 * path. Otherwise, confirmPasswordCallback_ is invoked again.
152 confirmPasswordCallback_: null,
155 * Similar to confirmPasswordCallback_ but is used when there is no
156 * password scraped after a success authentication. The authenticated user
157 * account is passed to the callback. The embedder should take over the
158 * flow and decide what to do next.
159 * @type {function(string)}
161 noPasswordCallback_: null,
164 * Invoked when the authentication flow had to be aborted because content
165 * served over an unencrypted connection was detected.
167 insecureContentBlockedCallback_: null,
170 * Invoked to display an error message to the user when a GAIA error occurs
171 * during authentication.
174 missingGaiaInfoCallback_: null,
177 * Invoked to record that the credentials passing API was used.
180 samlApiUsedCallback_: null,
183 * The iframe container.
184 * @type {HTMLIFrameElement}
191 * Sets confirmPasswordCallback_.
194 set confirmPasswordCallback(callback) {
195 this.confirmPasswordCallback_ = callback;
199 * Sets noPasswordCallback_.
202 set noPasswordCallback(callback) {
203 this.noPasswordCallback_ = callback;
207 * Sets insecureContentBlockedCallback_.
208 * @type {function(string)}
210 set insecureContentBlockedCallback(callback) {
211 this.insecureContentBlockedCallback_ = callback;
215 * Sets missingGaiaInfoCallback_.
218 set missingGaiaInfoCallback(callback) {
219 this.missingGaiaInfoCallback_ = callback;
223 * Sets samlApiUsedCallback_.
226 set samlApiUsedCallback(callback) {
227 this.samlApiUsedCallback_ = callback;
231 * Loads the auth extension.
232 * @param {AuthMode} authMode Authorization mode.
233 * @param {Object} data Parameters for the auth extension. See the auth
234 * extension's main.js for all supported params and their defaults.
235 * @param {function(Object)} successCallback A function to be called when
236 * the authentication is completed successfully. The callback is
237 * invoked with a credential object.
239 load: function(authMode, data, successCallback) {
242 var populateParams = function(nameList, values) {
246 for (var i in nameList) {
247 var name = nameList[i];
249 params.push(name + '=' + encodeURIComponent(values[name]));
253 populateParams(SUPPORTED_PARAMS, data);
254 populateParams(LOCALIZED_STRING_PARAMS, data.localizedStrings);
255 params.push('parentPage=' + encodeURIComponent(window.location.origin));
259 case AuthMode.OFFLINE:
260 url = OFFLINE_AUTH_URL;
262 case AuthMode.DESKTOP:
264 params.push('desktopMode=1');
269 url += '?' + params.join('&');
271 this.frame_.src = url;
272 this.reloadUrl_ = url;
273 this.successCallback_ = successCallback;
274 this.authFlow = AuthFlow.GAIA;
278 * Reloads the auth extension.
281 this.frame_.src = this.reloadUrl_;
282 this.authFlow = AuthFlow.GAIA;
286 * Verifies the supplied password by sending it to the auth extension,
287 * which will then check if it matches the scraped passwords.
288 * @param {string} password The confirmed password that needs verification.
290 verifyConfirmedPassword: function(password) {
292 method: 'verifyConfirmedPassword',
295 this.frame_.contentWindow.postMessage(msg, AUTH_URL_BASE);
299 * Invoked to process authentication success.
300 * @param {Object} credentials Credential object to pass to success
304 onAuthSuccess_: function(credentials) {
305 if (this.successCallback_)
306 this.successCallback_(credentials);
307 cr.dispatchSimpleEvent(this, 'completed');
311 * Checks if message comes from the loaded authentication extension.
312 * @param {Object} e Payload of the received HTML5 message.
315 isAuthExtMessage_: function(e) {
316 return this.frame_.src &&
317 this.frame_.src.indexOf(e.origin) == 0 &&
318 e.source == this.frame_.contentWindow;
322 * Event handler that is invoked when HTML5 message is received.
323 * @param {object} e Payload of the received HTML5 message.
325 onMessage_: function(e) {
328 if (!this.isAuthExtMessage_(e))
331 if (msg.method == 'loginUILoaded') {
332 cr.dispatchSimpleEvent(this, 'ready');
336 if (/^complete(Login|Authentication)$|^offlineLogin$/.test(msg.method)) {
337 if (!msg.email && !this.email_ && !msg.skipForNow) {
338 var msg = {method: 'redirectToSignin'};
339 this.frame_.contentWindow.postMessage(msg, AUTH_URL_BASE);
342 this.onAuthSuccess_({email: msg.email,
343 password: msg.password,
345 useOffline: msg.method == 'offlineLogin',
346 usingSAML: msg.usingSAML || false,
347 chooseWhatToSync: msg.chooseWhatToSync,
348 skipForNow: msg.skipForNow || false,
349 sessionIndex: msg.sessionIndex || ''});
353 if (msg.method == 'confirmPassword') {
354 if (this.confirmPasswordCallback_)
355 this.confirmPasswordCallback_(msg.passwordCount);
357 console.error('GaiaAuthHost: Invalid confirmPasswordCallback_.');
361 if (msg.method == 'noPassword') {
362 if (this.noPasswordCallback_)
363 this.noPasswordCallback_(msg.email);
365 console.error('GaiaAuthHost: Invalid noPasswordCallback_.');
369 if (msg.method == 'authPageLoaded') {
370 this.authDomain = msg.domain;
371 this.authFlow = msg.isSAML ? AuthFlow.SAML : AuthFlow.GAIA;
375 if (msg.method == 'insecureContentBlocked') {
376 if (this.insecureContentBlockedCallback_) {
377 this.insecureContentBlockedCallback_(msg.url);
380 'GaiaAuthHost: Invalid insecureContentBlockedCallback_.');
385 if (msg.method == 'switchToFullTab') {
386 chrome.send('switchToFullTab', [msg.url]);
390 if (msg.method == 'missingGaiaInfo') {
391 if (this.missingGaiaInfoCallback_) {
392 this.missingGaiaInfoCallback_();
394 console.error('GaiaAuthHost: Invalid missingGaiaInfoCallback_.');
399 if (msg.method == 'samlApiUsed') {
400 if (this.samlApiUsedCallback_) {
401 this.samlApiUsedCallback_();
403 console.error('GaiaAuthHost: Invalid samlApiUsedCallback_.');
408 console.error('Unknown message method=' + msg.method);
413 * The current auth flow of the hosted gaia_auth extension.
416 cr.defineProperty(GaiaAuthHost, 'authFlow');
418 GaiaAuthHost.SUPPORTED_PARAMS = SUPPORTED_PARAMS;
419 GaiaAuthHost.LOCALIZED_STRING_PARAMS = LOCALIZED_STRING_PARAMS;
420 GaiaAuthHost.AuthMode = AuthMode;
421 GaiaAuthHost.AuthFlow = AuthFlow;
424 GaiaAuthHost: GaiaAuthHost