1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
6 * @fileoverview An UI component to host gaia auth extension in an iframe.
7 * After the component binds with an iframe, call its {@code load} to start the
8 * authentication flow. There are two events would be raised after this point:
9 * a 'ready' event when the authentication UI is ready to use and a 'completed'
10 * event when the authentication is completed successfully. If caller is
11 * interested in the user credentials, he may supply a success callback with
12 * {@code load} call. The callback will be invoked when the authentication is
13 * completed successfully and with the available credential data.
16 cr.define('cr.login', function() {
20 * Base URL of gaia auth extension.
23 var AUTH_URL_BASE = 'chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik';
26 * Auth URL to use for online flow.
29 var AUTH_URL = AUTH_URL_BASE + '/main.html';
32 * Auth URL to use for offline flow.
35 var OFFLINE_AUTH_URL = AUTH_URL_BASE + '/offline.html';
38 * Origin of the gaia sign in page.
41 var GAIA_ORIGIN = 'https://accounts.google.com';
44 * Supported params of auth extension. For a complete list, check out the
45 * auth extension's main.js.
46 * @type {!Array.<string>}
49 var SUPPORTED_PARAMS = [
50 'gaiaUrl', // Gaia url to use;
51 'gaiaPath', // Gaia path to use without a leading slash;
52 'hl', // Language code for the user interface;
53 'email', // Pre-fill the email field in Gaia UI;
54 'service', // Name of Gaia service;
55 'continueUrl', // Continue url to use;
56 'frameUrl', // Initial frame URL to use. If empty defaults to gaiaUrl.
57 'constrained' // Whether the extension is loaded in a constrained window;
61 * Supported localized strings. For a complete list, check out the auth
62 * extension's offline.js
63 * @type {!Array.<string>}
66 var LOCALIZED_STRING_PARAMS = [
71 'stringEmptyPassword',
76 * Enum for the authorization mode, must match AuthMode defined in
77 * chrome/browser/ui/webui/inline_login_ui.cc.
87 * Enum for the auth flow.
96 * Creates a new gaia auth extension host.
97 * @param {HTMLIFrameElement|string} container The iframe element or its id
98 * to host the auth extension.
100 * @extends {cr.EventTarget}
102 function GaiaAuthHost(container) {
103 this.frame_ = typeof container == 'string' ? $(container) : container;
105 window.addEventListener('message',
106 this.onMessage_.bind(this), false);
109 GaiaAuthHost.prototype = {
110 __proto__: cr.EventTarget.prototype,
113 * An url to use with {@code reload}.
120 * The domain name of the current auth page.
126 * Invoked when authentication is completed successfully with credential
127 * data. A credential data object looks like this:
131 * email: 'xx@gmail.com',
132 * password: 'xxxx', // May not present
133 * authCode: 'x/xx', // May not present
134 * authMode: 'x', // Authorization mode, default/offline/desktop.
138 * @type {function(Object)}
141 successCallback_: null,
144 * Invoked when GAIA indicates login success and SAML was used. At this
145 * point, GAIA cookies are present but the identity of the authenticated
146 * user is not known. The embedder of GaiaAuthHost should extract the GAIA
147 * cookies from the cookie jar, query GAIA for the authenticated user's
148 * e-mail address and invoke GaiaAuthHost.setAuthenticatedUserEmail with the
149 * result. The argument is an opaque token that should be passed back to
150 * GaiaAuthHost.setAuthenticatedUserEmail.
151 * @type {function(number)}
153 retrieveAuthenticatedUserEmailCallback_: null,
156 * Invoked when the auth flow needs a user to confirm his/her passwords.
157 * This could happen when there are more than one passwords scraped during
158 * SAML flow. The embedder of GaiaAuthHost should show an UI to collect a
159 * password from user then call GaiaAuthHost.verifyConfirmedPassword to
160 * verify. If the password is good, the auth flow continues with success
161 * path. Otherwise, confirmPasswordCallback_ is invoked again.
164 confirmPasswordCallback_: null,
167 * Similar to confirmPasswordCallback_ but is used when there is no
168 * password scraped after a success authentication. The authenticated user
169 * account is passed to the callback. The embedder should take over the
170 * flow and decide what to do next.
171 * @type {function(string)}
173 noPasswordCallback_: null,
176 * Invoked when the authentication flow had to be aborted because content
177 * served over an unencrypted connection was detected.
178 insecureContentBlockedCallback_: null,
181 * The iframe container.
182 * @type {HTMLIFrameElement}
189 * Sets retrieveAuthenticatedUserEmailCallback_.
192 set retrieveAuthenticatedUserEmailCallback(callback) {
193 this.retrieveAuthenticatedUserEmailCallback_ = callback;
197 * Sets confirmPasswordCallback_.
200 set confirmPasswordCallback(callback) {
201 this.confirmPasswordCallback_ = callback;
205 * Sets noPasswordCallback_.
208 set noPasswordCallback(callback) {
209 this.noPasswordCallback_ = callback;
213 * Sets insecureContentBlockedCallback_.
214 * @type {function(string)}
216 set insecureContentBlockedCallback(callback) {
217 this.insecureContentBlockedCallback_ = callback;
221 * Loads the auth extension.
222 * @param {AuthMode} authMode Authorization mode.
223 * @param {Object} data Parameters for the auth extension. See the auth
224 * extension's main.js for all supported params and their defaults.
225 * @param {function(Object)} successCallback A function to be called when
226 * the authentication is completed successfully. The callback is
227 * invoked with a credential object.
229 load: function(authMode, data, successCallback) {
232 var populateParams = function(nameList, values) {
236 for (var i in nameList) {
237 var name = nameList[i];
239 params.push(name + '=' + encodeURIComponent(values[name]));
243 populateParams(SUPPORTED_PARAMS, data);
244 populateParams(LOCALIZED_STRING_PARAMS, data.localizedStrings);
245 params.push('parentPage=' + encodeURIComponent(window.location.origin));
249 case AuthMode.OFFLINE:
250 url = OFFLINE_AUTH_URL;
252 case AuthMode.DESKTOP:
254 params.push('desktopMode=1');
259 url += '?' + params.join('&');
261 this.frame_.src = url;
262 this.reloadUrl_ = url;
263 this.successCallback_ = successCallback;
264 this.authFlow = AuthFlow.GAIA;
268 * Reloads the auth extension.
271 this.frame_.src = this.reloadUrl_;
272 this.authFlow = AuthFlow.GAIA;
276 * Verifies the supplied password by sending it to the auth extension,
277 * which will then check if it matches the scraped passwords.
278 * @param {string} password The confirmed password that needs verification.
280 verifyConfirmedPassword: function(password) {
282 method: 'verifyConfirmedPassword',
285 this.frame_.contentWindow.postMessage(msg, AUTH_URL_BASE);
289 * Sends the authenticated user's e-mail address to the auth extension.
290 * @param {number} attemptToken The opaque token provided to the
291 * retrieveAuthenticatedUserEmailCallback_.
292 * @param {string} email The authenticated user's e-mail address.
294 setAuthenticatedUserEmail: function(attemptToken, email) {
296 method: 'setAuthenticatedUserEmail',
297 attemptToken: attemptToken,
300 this.frame_.contentWindow.postMessage(msg, AUTH_URL_BASE);
304 * Invoked to process authentication success.
305 * @param {Object} credentials Credential object to pass to success
309 onAuthSuccess_: function(credentials) {
310 if (this.successCallback_)
311 this.successCallback_(credentials);
312 cr.dispatchSimpleEvent(this, 'completed');
316 * Checks if message comes from the loaded authentication extension.
317 * @param {Object} e Payload of the received HTML5 message.
320 isAuthExtMessage_: function(e) {
321 return this.frame_.src &&
322 this.frame_.src.indexOf(e.origin) == 0 &&
323 e.source == this.frame_.contentWindow;
327 * Event handler that is invoked when HTML5 message is received.
328 * @param {object} e Payload of the received HTML5 message.
330 onMessage_: function(e) {
333 if (!this.isAuthExtMessage_(e))
336 if (msg.method == 'loginUILoaded') {
337 cr.dispatchSimpleEvent(this, 'ready');
341 if (/^complete(Login|Authentication)$|^offlineLogin$/.test(msg.method)) {
342 if (!msg.email && !this.email_ && !msg.skipForNow) {
343 var msg = {method: 'redirectToSignin'};
344 this.frame_.contentWindow.postMessage(msg, AUTH_URL_BASE);
347 this.onAuthSuccess_({email: msg.email,
348 password: msg.password,
349 useOffline: msg.method == 'offlineLogin',
350 usingSAML: msg.usingSAML || false,
351 chooseWhatToSync: msg.chooseWhatToSync,
352 skipForNow: msg.skipForNow || false,
353 sessionIndex: msg.sessionIndex || ''});
357 if (msg.method == 'retrieveAuthenticatedUserEmail') {
358 if (this.retrieveAuthenticatedUserEmailCallback_) {
359 this.retrieveAuthenticatedUserEmailCallback_(msg.attemptToken,
363 'GaiaAuthHost: Invalid retrieveAuthenticatedUserEmailCallback_.');
368 if (msg.method == 'confirmPassword') {
369 if (this.confirmPasswordCallback_)
370 this.confirmPasswordCallback_(msg.passwordCount);
372 console.error('GaiaAuthHost: Invalid confirmPasswordCallback_.');
376 if (msg.method == 'noPassword') {
377 if (this.noPasswordCallback_)
378 this.noPasswordCallback_(msg.email);
380 console.error('GaiaAuthHost: Invalid noPasswordCallback_.');
384 if (msg.method == 'authPageLoaded') {
385 this.authDomain = msg.domain;
386 this.authFlow = msg.isSAML ? AuthFlow.SAML : AuthFlow.GAIA;
390 if (msg.method == 'insecureContentBlocked') {
391 if (this.insecureContentBlockedCallback_) {
392 this.insecureContentBlockedCallback_(msg.url);
395 'GaiaAuthHost: Invalid insecureContentBlockedCallback_.');
400 if (msg.method == 'switchToFullTab') {
401 chrome.send('switchToFullTab', [msg.url]);
405 console.error('Unknown message method=' + msg.method);
410 * The current auth flow of the hosted gaia_auth extension.
413 cr.defineProperty(GaiaAuthHost, 'authFlow');
415 GaiaAuthHost.SUPPORTED_PARAMS = SUPPORTED_PARAMS;
416 GaiaAuthHost.LOCALIZED_STRING_PARAMS = LOCALIZED_STRING_PARAMS;
417 GaiaAuthHost.AuthMode = AuthMode;
418 GaiaAuthHost.AuthFlow = AuthFlow;
421 GaiaAuthHost: GaiaAuthHost