1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "google_apis/gaia/gaia_auth_fetcher.h"
11 #include "base/json/json_reader.h"
12 #include "base/json/json_writer.h"
13 #include "base/strings/string_split.h"
14 #include "base/strings/string_util.h"
15 #include "base/strings/stringprintf.h"
16 #include "base/values.h"
17 #include "google_apis/gaia/gaia_auth_consumer.h"
18 #include "google_apis/gaia/gaia_constants.h"
19 #include "google_apis/gaia/gaia_urls.h"
20 #include "google_apis/gaia/google_service_auth_error.h"
21 #include "net/base/escape.h"
22 #include "net/base/load_flags.h"
23 #include "net/http/http_response_headers.h"
24 #include "net/http/http_status_code.h"
25 #include "net/url_request/url_fetcher.h"
26 #include "net/url_request/url_request_context_getter.h"
27 #include "net/url_request/url_request_status.h"
30 const int kLoadFlagsIgnoreCookies = net::LOAD_DO_NOT_SEND_COOKIES |
31 net::LOAD_DO_NOT_SAVE_COOKIES;
33 static bool CookiePartsContains(const std::vector<std::string>& parts,
35 for (std::vector<std::string>::const_iterator it = parts.begin();
36 it != parts.end(); ++it) {
37 if (LowerCaseEqualsASCII(*it, part))
43 bool ExtractOAuth2TokenPairResponse(base::DictionaryValue* dict,
44 std::string* refresh_token,
45 std::string* access_token,
46 int* expires_in_secs) {
47 DCHECK(refresh_token);
49 DCHECK(expires_in_secs);
51 if (!dict->GetStringWithoutPathExpansion("refresh_token", refresh_token) ||
52 !dict->GetStringWithoutPathExpansion("access_token", access_token) ||
53 !dict->GetIntegerWithoutPathExpansion("expires_in", expires_in_secs)) {
62 // TODO(chron): Add sourceless version of this formatter.
64 const char GaiaAuthFetcher::kClientLoginFormat[] =
67 "PersistentCookie=%s&"
72 const char GaiaAuthFetcher::kClientLoginCaptchaFormat[] =
75 "PersistentCookie=%s&"
82 const char GaiaAuthFetcher::kIssueAuthTokenFormat[] =
88 const char GaiaAuthFetcher::kClientLoginToOAuth2BodyFormat[] =
89 "scope=%s&client_id=%s";
91 const char GaiaAuthFetcher::kOAuth2CodeToTokenPairBodyFormat[] =
93 "grant_type=authorization_code&"
98 const char GaiaAuthFetcher::kOAuth2RevokeTokenBodyFormat[] =
101 const char GaiaAuthFetcher::kGetUserInfoFormat[] =
104 const char GaiaAuthFetcher::kMergeSessionFormat[] =
109 const char GaiaAuthFetcher::kUberAuthTokenURLFormat[] =
113 const char GaiaAuthFetcher::kOAuthLoginFormat[] = "service=%s&source=%s";
116 const char GaiaAuthFetcher::kAccountDeletedError[] = "AccountDeleted";
117 const char GaiaAuthFetcher::kAccountDeletedErrorCode[] = "adel";
119 const char GaiaAuthFetcher::kAccountDisabledError[] = "AccountDisabled";
120 const char GaiaAuthFetcher::kAccountDisabledErrorCode[] = "adis";
122 const char GaiaAuthFetcher::kBadAuthenticationError[] = "BadAuthentication";
123 const char GaiaAuthFetcher::kBadAuthenticationErrorCode[] = "badauth";
125 const char GaiaAuthFetcher::kCaptchaError[] = "CaptchaRequired";
126 const char GaiaAuthFetcher::kCaptchaErrorCode[] = "cr";
128 const char GaiaAuthFetcher::kServiceUnavailableError[] =
129 "ServiceUnavailable";
130 const char GaiaAuthFetcher::kServiceUnavailableErrorCode[] =
133 const char GaiaAuthFetcher::kErrorParam[] = "Error";
135 const char GaiaAuthFetcher::kErrorUrlParam[] = "Url";
137 const char GaiaAuthFetcher::kCaptchaUrlParam[] = "CaptchaUrl";
139 const char GaiaAuthFetcher::kCaptchaTokenParam[] = "CaptchaToken";
142 const char GaiaAuthFetcher::kCookiePersistence[] = "true";
144 // TODO(johnnyg): When hosted accounts are supported by sync,
145 // we can always use "HOSTED_OR_GOOGLE"
146 const char GaiaAuthFetcher::kAccountTypeHostedOrGoogle[] =
148 const char GaiaAuthFetcher::kAccountTypeGoogle[] =
152 const char GaiaAuthFetcher::kSecondFactor[] = "Info=InvalidSecondFactor";
155 const char GaiaAuthFetcher::kAuthHeaderFormat[] =
156 "Authorization: GoogleLogin auth=%s";
158 const char GaiaAuthFetcher::kOAuthHeaderFormat[] = "Authorization: OAuth %s";
160 const char GaiaAuthFetcher::kOAuth2BearerHeaderFormat[] =
161 "Authorization: Bearer %s";
163 const char GaiaAuthFetcher::kClientLoginToOAuth2CookiePartSecure[] = "secure";
165 const char GaiaAuthFetcher::kClientLoginToOAuth2CookiePartHttpOnly[] =
168 const char GaiaAuthFetcher::kClientLoginToOAuth2CookiePartCodePrefix[] =
171 const int GaiaAuthFetcher::kClientLoginToOAuth2CookiePartCodePrefixLength =
172 arraysize(GaiaAuthFetcher::kClientLoginToOAuth2CookiePartCodePrefix) - 1;
174 GaiaAuthFetcher::GaiaAuthFetcher(GaiaAuthConsumer* consumer,
175 const std::string& source,
176 net::URLRequestContextGetter* getter)
177 : consumer_(consumer),
180 client_login_gurl_(GaiaUrls::GetInstance()->client_login_url()),
181 issue_auth_token_gurl_(GaiaUrls::GetInstance()->issue_auth_token_url()),
182 oauth2_token_gurl_(GaiaUrls::GetInstance()->oauth2_token_url()),
183 oauth2_revoke_gurl_(GaiaUrls::GetInstance()->oauth2_revoke_url()),
184 get_user_info_gurl_(GaiaUrls::GetInstance()->get_user_info_url()),
185 merge_session_gurl_(GaiaUrls::GetInstance()->merge_session_url()),
186 uberauth_token_gurl_(GaiaUrls::GetInstance()->oauth1_login_url().Resolve(
187 base::StringPrintf(kUberAuthTokenURLFormat, source.c_str()))),
188 oauth_login_gurl_(GaiaUrls::GetInstance()->oauth1_login_url()),
189 list_accounts_gurl_(GaiaUrls::GetInstance()->list_accounts_url()),
190 client_login_to_oauth2_gurl_(
191 GaiaUrls::GetInstance()->client_login_to_oauth2_url()),
192 fetch_pending_(false),
193 fetch_code_only_(false) {}
195 GaiaAuthFetcher::~GaiaAuthFetcher() {}
197 bool GaiaAuthFetcher::HasPendingFetch() {
198 return fetch_pending_;
201 void GaiaAuthFetcher::CancelRequest() {
203 fetch_pending_ = false;
207 net::URLFetcher* GaiaAuthFetcher::CreateGaiaFetcher(
208 net::URLRequestContextGetter* getter,
209 const std::string& body,
210 const std::string& headers,
211 const GURL& gaia_gurl,
213 net::URLFetcherDelegate* delegate) {
214 net::URLFetcher* to_return = net::URLFetcher::Create(
216 body == "" ? net::URLFetcher::GET : net::URLFetcher::POST,
218 to_return->SetRequestContext(getter);
219 to_return->SetUploadData("application/x-www-form-urlencoded", body);
221 DVLOG(2) << "Gaia fetcher URL: " << gaia_gurl.spec();
222 DVLOG(2) << "Gaia fetcher headers: " << headers;
223 DVLOG(2) << "Gaia fetcher body: " << body;
225 // The Gaia token exchange requests do not require any cookie-based
226 // identification as part of requests. We suppress sending any cookies to
227 // maintain a separation between the user's browsing and Chrome's internal
228 // services. Where such mixing is desired (MergeSession or OAuthLogin), it
229 // will be done explicitly.
230 to_return->SetLoadFlags(load_flags);
232 // Fetchers are sometimes cancelled because a network change was detected,
233 // especially at startup and after sign-in on ChromeOS. Retrying once should
234 // be enough in those cases; let the fetcher retry up to 3 times just in case.
235 // http://crbug.com/163710
236 to_return->SetAutomaticallyRetryOnNetworkChanges(3);
238 if (!headers.empty())
239 to_return->SetExtraRequestHeaders(headers);
245 std::string GaiaAuthFetcher::MakeClientLoginBody(
246 const std::string& username,
247 const std::string& password,
248 const std::string& source,
250 const std::string& login_token,
251 const std::string& login_captcha,
252 HostedAccountsSetting allow_hosted_accounts) {
253 std::string encoded_username = net::EscapeUrlEncodedData(username, true);
254 std::string encoded_password = net::EscapeUrlEncodedData(password, true);
255 std::string encoded_login_token = net::EscapeUrlEncodedData(login_token,
257 std::string encoded_login_captcha = net::EscapeUrlEncodedData(login_captcha,
260 const char* account_type = allow_hosted_accounts == HostedAccountsAllowed ?
261 kAccountTypeHostedOrGoogle :
264 if (login_token.empty() || login_captcha.empty()) {
265 return base::StringPrintf(kClientLoginFormat,
266 encoded_username.c_str(),
267 encoded_password.c_str(),
274 return base::StringPrintf(kClientLoginCaptchaFormat,
275 encoded_username.c_str(),
276 encoded_password.c_str(),
281 encoded_login_token.c_str(),
282 encoded_login_captcha.c_str());
286 std::string GaiaAuthFetcher::MakeIssueAuthTokenBody(
287 const std::string& sid,
288 const std::string& lsid,
289 const char* const service) {
290 std::string encoded_sid = net::EscapeUrlEncodedData(sid, true);
291 std::string encoded_lsid = net::EscapeUrlEncodedData(lsid, true);
293 // All tokens should be session tokens except the gaia auth token.
295 if (!strcmp(service, GaiaConstants::kGaiaService))
298 return base::StringPrintf(kIssueAuthTokenFormat,
300 encoded_lsid.c_str(),
302 session ? "true" : "false");
306 std::string GaiaAuthFetcher::MakeGetAuthCodeBody() {
307 std::string encoded_scope = net::EscapeUrlEncodedData(
308 GaiaUrls::GetInstance()->oauth1_login_scope(), true);
309 std::string encoded_client_id = net::EscapeUrlEncodedData(
310 GaiaUrls::GetInstance()->oauth2_chrome_client_id(), true);
311 return base::StringPrintf(kClientLoginToOAuth2BodyFormat,
312 encoded_scope.c_str(),
313 encoded_client_id.c_str());
317 std::string GaiaAuthFetcher::MakeGetTokenPairBody(
318 const std::string& auth_code) {
319 std::string encoded_scope = net::EscapeUrlEncodedData(
320 GaiaUrls::GetInstance()->oauth1_login_scope(), true);
321 std::string encoded_client_id = net::EscapeUrlEncodedData(
322 GaiaUrls::GetInstance()->oauth2_chrome_client_id(), true);
323 std::string encoded_client_secret = net::EscapeUrlEncodedData(
324 GaiaUrls::GetInstance()->oauth2_chrome_client_secret(), true);
325 std::string encoded_auth_code = net::EscapeUrlEncodedData(auth_code, true);
326 return base::StringPrintf(kOAuth2CodeToTokenPairBodyFormat,
327 encoded_scope.c_str(),
328 encoded_client_id.c_str(),
329 encoded_client_secret.c_str(),
330 encoded_auth_code.c_str());
334 std::string GaiaAuthFetcher::MakeRevokeTokenBody(
335 const std::string& auth_token) {
336 return base::StringPrintf(kOAuth2RevokeTokenBodyFormat, auth_token.c_str());
340 std::string GaiaAuthFetcher::MakeGetUserInfoBody(const std::string& lsid) {
341 std::string encoded_lsid = net::EscapeUrlEncodedData(lsid, true);
342 return base::StringPrintf(kGetUserInfoFormat, encoded_lsid.c_str());
346 std::string GaiaAuthFetcher::MakeMergeSessionBody(
347 const std::string& auth_token,
348 const std::string& continue_url,
349 const std::string& source) {
350 std::string encoded_auth_token = net::EscapeUrlEncodedData(auth_token, true);
351 std::string encoded_continue_url = net::EscapeUrlEncodedData(continue_url,
353 std::string encoded_source = net::EscapeUrlEncodedData(source, true);
354 return base::StringPrintf(kMergeSessionFormat,
355 encoded_auth_token.c_str(),
356 encoded_continue_url.c_str(),
357 encoded_source.c_str());
361 std::string GaiaAuthFetcher::MakeGetAuthCodeHeader(
362 const std::string& auth_token) {
363 return base::StringPrintf(kAuthHeaderFormat, auth_token.c_str());
366 // Helper method that extracts tokens from a successful reply.
368 void GaiaAuthFetcher::ParseClientLoginResponse(const std::string& data,
371 std::string* token) {
378 vector<pair<string, string> > tokens;
379 base::SplitStringIntoKeyValuePairs(data, '=', '\n', &tokens);
380 for (vector<pair<string, string> >::iterator i = tokens.begin();
381 i != tokens.end(); ++i) {
382 if (i->first == "SID") {
383 sid->assign(i->second);
384 } else if (i->first == "LSID") {
385 lsid->assign(i->second);
386 } else if (i->first == "Auth") {
387 token->assign(i->second);
390 // If this was a request for uberauth token, then that's all we've got in
392 if (sid->empty() && lsid->empty() && token->empty())
397 std::string GaiaAuthFetcher::MakeOAuthLoginBody(const std::string& service,
398 const std::string& source) {
399 std::string encoded_service = net::EscapeUrlEncodedData(service, true);
400 std::string encoded_source = net::EscapeUrlEncodedData(source, true);
401 return base::StringPrintf(kOAuthLoginFormat,
402 encoded_service.c_str(),
403 encoded_source.c_str());
407 void GaiaAuthFetcher::ParseClientLoginFailure(const std::string& data,
409 std::string* error_url,
410 std::string* captcha_url,
411 std::string* captcha_token) {
416 vector<pair<string, string> > tokens;
417 base::SplitStringIntoKeyValuePairs(data, '=', '\n', &tokens);
418 for (vector<pair<string, string> >::iterator i = tokens.begin();
419 i != tokens.end(); ++i) {
420 if (i->first == kErrorParam) {
421 error->assign(i->second);
422 } else if (i->first == kErrorUrlParam) {
423 error_url->assign(i->second);
424 } else if (i->first == kCaptchaUrlParam) {
425 captcha_url->assign(i->second);
426 } else if (i->first == kCaptchaTokenParam) {
427 captcha_token->assign(i->second);
433 bool GaiaAuthFetcher::ParseClientLoginToOAuth2Response(
434 const net::ResponseCookies& cookies,
435 std::string* auth_code) {
437 net::ResponseCookies::const_iterator iter;
438 for (iter = cookies.begin(); iter != cookies.end(); ++iter) {
439 if (ParseClientLoginToOAuth2Cookie(*iter, auth_code))
446 bool GaiaAuthFetcher::ParseClientLoginToOAuth2Cookie(const std::string& cookie,
447 std::string* auth_code) {
448 std::vector<std::string> parts;
449 base::SplitString(cookie, ';', &parts);
450 // Per documentation, the cookie should have Secure and HttpOnly.
451 if (!CookiePartsContains(parts, kClientLoginToOAuth2CookiePartSecure) ||
452 !CookiePartsContains(parts, kClientLoginToOAuth2CookiePartHttpOnly)) {
456 std::vector<std::string>::const_iterator iter;
457 for (iter = parts.begin(); iter != parts.end(); ++iter) {
458 const std::string& part = *iter;
460 part, kClientLoginToOAuth2CookiePartCodePrefix, false)) {
461 auth_code->assign(part.substr(
462 kClientLoginToOAuth2CookiePartCodePrefixLength));
469 void GaiaAuthFetcher::StartClientLogin(
470 const std::string& username,
471 const std::string& password,
472 const char* const service,
473 const std::string& login_token,
474 const std::string& login_captcha,
475 HostedAccountsSetting allow_hosted_accounts) {
477 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
479 // This class is thread agnostic, so be sure to call this only on the
480 // same thread each time.
481 DVLOG(1) << "Starting new ClientLogin fetch for:" << username;
483 // Must outlive fetcher_.
484 request_body_ = MakeClientLoginBody(username,
490 allow_hosted_accounts);
491 fetcher_.reset(CreateGaiaFetcher(getter_,
495 kLoadFlagsIgnoreCookies,
497 fetch_pending_ = true;
501 void GaiaAuthFetcher::StartIssueAuthToken(const std::string& sid,
502 const std::string& lsid,
503 const char* const service) {
504 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
506 DVLOG(1) << "Starting IssueAuthToken for: " << service;
507 requested_service_ = service;
508 request_body_ = MakeIssueAuthTokenBody(sid, lsid, service);
509 fetcher_.reset(CreateGaiaFetcher(getter_,
512 issue_auth_token_gurl_,
513 kLoadFlagsIgnoreCookies,
515 fetch_pending_ = true;
519 void GaiaAuthFetcher::StartLsoForOAuthLoginTokenExchange(
520 const std::string& auth_token) {
521 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
523 DVLOG(1) << "Starting OAuth login token exchange with auth_token";
524 request_body_ = MakeGetAuthCodeBody();
525 client_login_to_oauth2_gurl_ =
526 GaiaUrls::GetInstance()->client_login_to_oauth2_url();
528 fetcher_.reset(CreateGaiaFetcher(getter_,
530 MakeGetAuthCodeHeader(auth_token),
531 client_login_to_oauth2_gurl_,
532 kLoadFlagsIgnoreCookies,
534 fetch_pending_ = true;
538 void GaiaAuthFetcher::StartRevokeOAuth2Token(const std::string& auth_token) {
539 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
541 DVLOG(1) << "Starting OAuth2 token revocation";
542 request_body_ = MakeRevokeTokenBody(auth_token);
543 fetcher_.reset(CreateGaiaFetcher(getter_,
547 kLoadFlagsIgnoreCookies,
549 fetch_pending_ = true;
553 void GaiaAuthFetcher::StartCookieForOAuthCodeExchange(
554 const std::string& session_index) {
555 // Same as the first step of StartCookieForOAuthLoginTokenExchange;
556 StartCookieForOAuthLoginTokenExchange(session_index);
557 fetch_code_only_ = true;
560 void GaiaAuthFetcher::StartCookieForOAuthLoginTokenExchange(
561 const std::string& session_index) {
562 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
564 DVLOG(1) << "Starting OAuth login token fetch with cookie jar";
565 request_body_ = MakeGetAuthCodeBody();
567 client_login_to_oauth2_gurl_ =
568 GaiaUrls::GetInstance()->client_login_to_oauth2_url();
569 if (!session_index.empty()) {
570 client_login_to_oauth2_gurl_ =
571 client_login_to_oauth2_gurl_.Resolve("?authuser=" + session_index);
574 fetcher_.reset(CreateGaiaFetcher(getter_,
577 client_login_to_oauth2_gurl_,
580 fetch_pending_ = true;
581 fetch_code_only_ = false;
585 void GaiaAuthFetcher::StartAuthCodeForOAuth2TokenExchange(
586 const std::string& auth_code) {
587 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
589 DVLOG(1) << "Starting OAuth token pair fetch";
590 request_body_ = MakeGetTokenPairBody(auth_code);
591 fetcher_.reset(CreateGaiaFetcher(getter_,
595 kLoadFlagsIgnoreCookies,
597 fetch_pending_ = true;
601 void GaiaAuthFetcher::StartGetUserInfo(const std::string& lsid) {
602 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
604 DVLOG(1) << "Starting GetUserInfo for lsid=" << lsid;
605 request_body_ = MakeGetUserInfoBody(lsid);
606 fetcher_.reset(CreateGaiaFetcher(getter_,
610 kLoadFlagsIgnoreCookies,
612 fetch_pending_ = true;
616 void GaiaAuthFetcher::StartMergeSession(const std::string& uber_token) {
617 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
619 DVLOG(1) << "Starting MergeSession with uber_token=" << uber_token;
621 // The continue URL is a required parameter of the MergeSession API, but in
622 // this case we don't actually need or want to navigate to it. Setting it to
623 // an arbitrary Google URL.
625 // In order for the new session to be merged correctly, the server needs to
626 // know what sessions already exist in the browser. The fetcher needs to be
627 // created such that it sends the cookies with the request, which is
628 // different from all other requests the fetcher can make.
629 std::string continue_url("http://www.google.com");
630 request_body_ = MakeMergeSessionBody(uber_token, continue_url, source_);
631 fetcher_.reset(CreateGaiaFetcher(getter_,
637 fetch_pending_ = true;
641 void GaiaAuthFetcher::StartTokenFetchForUberAuthExchange(
642 const std::string& access_token) {
643 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
645 DVLOG(1) << "Starting StartTokenFetchForUberAuthExchange with access_token="
647 std::string authentication_header =
648 base::StringPrintf(kOAuthHeaderFormat, access_token.c_str());
649 fetcher_.reset(CreateGaiaFetcher(getter_,
651 authentication_header,
652 uberauth_token_gurl_,
655 fetch_pending_ = true;
659 void GaiaAuthFetcher::StartOAuthLogin(const std::string& access_token,
660 const std::string& service) {
661 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
663 request_body_ = MakeOAuthLoginBody(service, source_);
664 std::string authentication_header =
665 base::StringPrintf(kOAuth2BearerHeaderFormat, access_token.c_str());
666 fetcher_.reset(CreateGaiaFetcher(getter_,
668 authentication_header,
672 fetch_pending_ = true;
676 void GaiaAuthFetcher::StartListAccounts() {
677 DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
679 fetcher_.reset(CreateGaiaFetcher(getter_,
680 " ", // To force an HTTP POST.
681 "Origin: https://www.google.com",
685 fetch_pending_ = true;
690 GoogleServiceAuthError GaiaAuthFetcher::GenerateAuthError(
691 const std::string& data,
692 const net::URLRequestStatus& status) {
693 if (!status.is_success()) {
694 if (status.status() == net::URLRequestStatus::CANCELED) {
695 return GoogleServiceAuthError(GoogleServiceAuthError::REQUEST_CANCELED);
697 DLOG(WARNING) << "Could not reach Google Accounts servers: errno "
699 return GoogleServiceAuthError::FromConnectionError(status.error());
702 if (IsSecondFactorSuccess(data)) {
703 return GoogleServiceAuthError(GoogleServiceAuthError::TWO_FACTOR);
708 std::string captcha_url;
709 std::string captcha_token;
710 ParseClientLoginFailure(data, &error, &url, &captcha_url, &captcha_token);
711 DLOG(WARNING) << "ClientLogin failed with " << error;
713 if (error == kCaptchaError) {
715 GaiaUrls::GetInstance()->captcha_base_url().Resolve(captcha_url));
716 GURL unlock_url(url);
717 return GoogleServiceAuthError::FromClientLoginCaptchaChallenge(
718 captcha_token, image_url, unlock_url);
720 if (error == kAccountDeletedError)
721 return GoogleServiceAuthError(GoogleServiceAuthError::ACCOUNT_DELETED);
722 if (error == kAccountDisabledError)
723 return GoogleServiceAuthError(GoogleServiceAuthError::ACCOUNT_DISABLED);
724 if (error == kBadAuthenticationError) {
725 return GoogleServiceAuthError(
726 GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);
728 if (error == kServiceUnavailableError) {
729 return GoogleServiceAuthError(
730 GoogleServiceAuthError::SERVICE_UNAVAILABLE);
733 DLOG(WARNING) << "Incomprehensible response from Google Accounts servers.";
734 return GoogleServiceAuthError(
735 GoogleServiceAuthError::SERVICE_UNAVAILABLE);
739 return GoogleServiceAuthError(GoogleServiceAuthError::SERVICE_UNAVAILABLE);
743 GoogleServiceAuthError GaiaAuthFetcher::GenerateOAuthLoginError(
744 const std::string& data,
745 const net::URLRequestStatus& status) {
746 if (!status.is_success()) {
747 if (status.status() == net::URLRequestStatus::CANCELED) {
748 return GoogleServiceAuthError(GoogleServiceAuthError::REQUEST_CANCELED);
750 DLOG(WARNING) << "Could not reach Google Accounts servers: errno "
752 return GoogleServiceAuthError::FromConnectionError(status.error());
755 if (IsSecondFactorSuccess(data)) {
756 return GoogleServiceAuthError(GoogleServiceAuthError::TWO_FACTOR);
761 std::string captcha_url;
762 std::string captcha_token;
763 ParseClientLoginFailure(data, &error, &url, &captcha_url, &captcha_token);
764 LOG(WARNING) << "OAuthLogin failed with " << error;
766 if (error == kCaptchaErrorCode) {
768 GaiaUrls::GetInstance()->captcha_base_url().Resolve(captcha_url));
769 GURL unlock_url(url);
770 return GoogleServiceAuthError::FromClientLoginCaptchaChallenge(
771 captcha_token, image_url, unlock_url);
773 if (error == kAccountDeletedErrorCode)
774 return GoogleServiceAuthError(GoogleServiceAuthError::ACCOUNT_DELETED);
775 if (error == kAccountDisabledErrorCode)
776 return GoogleServiceAuthError(GoogleServiceAuthError::ACCOUNT_DISABLED);
777 if (error == kBadAuthenticationErrorCode) {
778 return GoogleServiceAuthError(
779 GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);
781 if (error == kServiceUnavailableErrorCode) {
782 return GoogleServiceAuthError(
783 GoogleServiceAuthError::SERVICE_UNAVAILABLE);
786 DLOG(WARNING) << "Incomprehensible response from Google Accounts servers.";
787 return GoogleServiceAuthError(
788 GoogleServiceAuthError::SERVICE_UNAVAILABLE);
792 return GoogleServiceAuthError(GoogleServiceAuthError::SERVICE_UNAVAILABLE);
795 void GaiaAuthFetcher::OnClientLoginFetched(const std::string& data,
796 const net::URLRequestStatus& status,
798 if (status.is_success() && response_code == net::HTTP_OK) {
799 DVLOG(1) << "ClientLogin successful!";
803 ParseClientLoginResponse(data, &sid, &lsid, &token);
804 consumer_->OnClientLoginSuccess(
805 GaiaAuthConsumer::ClientLoginResult(sid, lsid, token, data));
807 consumer_->OnClientLoginFailure(GenerateAuthError(data, status));
811 void GaiaAuthFetcher::OnIssueAuthTokenFetched(
812 const std::string& data,
813 const net::URLRequestStatus& status,
815 if (status.is_success() && response_code == net::HTTP_OK) {
816 // Only the bare token is returned in the body of this Gaia call
817 // without any padding.
818 consumer_->OnIssueAuthTokenSuccess(requested_service_, data);
820 consumer_->OnIssueAuthTokenFailure(requested_service_,
821 GenerateAuthError(data, status));
825 void GaiaAuthFetcher::OnClientLoginToOAuth2Fetched(
826 const std::string& data,
827 const net::ResponseCookies& cookies,
828 const net::URLRequestStatus& status,
830 if (status.is_success() && response_code == net::HTTP_OK) {
831 std::string auth_code;
832 ParseClientLoginToOAuth2Response(cookies, &auth_code);
833 if (fetch_code_only_)
834 consumer_->OnClientOAuthCodeSuccess(auth_code);
836 StartAuthCodeForOAuth2TokenExchange(auth_code);
838 GoogleServiceAuthError auth_error(GenerateAuthError(data, status));
839 if (fetch_code_only_)
840 consumer_->OnClientOAuthCodeFailure(auth_error);
842 consumer_->OnClientOAuthFailure(auth_error);
846 void GaiaAuthFetcher::OnOAuth2TokenPairFetched(
847 const std::string& data,
848 const net::URLRequestStatus& status,
850 std::string refresh_token;
851 std::string access_token;
852 int expires_in_secs = 0;
854 bool success = false;
855 if (status.is_success() && response_code == net::HTTP_OK) {
856 scoped_ptr<base::Value> value(base::JSONReader::Read(data));
857 if (value.get() && value->GetType() == base::Value::TYPE_DICTIONARY) {
858 base::DictionaryValue* dict =
859 static_cast<base::DictionaryValue*>(value.get());
860 success = ExtractOAuth2TokenPairResponse(dict, &refresh_token,
861 &access_token, &expires_in_secs);
866 consumer_->OnClientOAuthSuccess(
867 GaiaAuthConsumer::ClientOAuthResult(refresh_token, access_token,
870 consumer_->OnClientOAuthFailure(GenerateAuthError(data, status));
874 void GaiaAuthFetcher::OnOAuth2RevokeTokenFetched(
875 const std::string& data,
876 const net::URLRequestStatus& status,
878 consumer_->OnOAuth2RevokeTokenCompleted();
881 void GaiaAuthFetcher::OnListAccountsFetched(const std::string& data,
882 const net::URLRequestStatus& status,
884 if (status.is_success() && response_code == net::HTTP_OK) {
885 consumer_->OnListAccountsSuccess(data);
887 consumer_->OnListAccountsFailure(GenerateAuthError(data, status));
891 void GaiaAuthFetcher::OnGetUserInfoFetched(
892 const std::string& data,
893 const net::URLRequestStatus& status,
895 if (status.is_success() && response_code == net::HTTP_OK) {
896 std::vector<std::pair<std::string, std::string> > tokens;
898 base::SplitStringIntoKeyValuePairs(data, '=', '\n', &tokens);
899 std::vector<std::pair<std::string, std::string> >::iterator i;
900 for (i = tokens.begin(); i != tokens.end(); ++i) {
901 matches[i->first] = i->second;
903 consumer_->OnGetUserInfoSuccess(matches);
905 consumer_->OnGetUserInfoFailure(GenerateAuthError(data, status));
909 void GaiaAuthFetcher::OnMergeSessionFetched(const std::string& data,
910 const net::URLRequestStatus& status,
912 if (status.is_success() && response_code == net::HTTP_OK) {
913 consumer_->OnMergeSessionSuccess(data);
915 consumer_->OnMergeSessionFailure(GenerateAuthError(data, status));
919 void GaiaAuthFetcher::OnUberAuthTokenFetch(const std::string& data,
920 const net::URLRequestStatus& status,
922 if (status.is_success() && response_code == net::HTTP_OK) {
923 consumer_->OnUberAuthTokenSuccess(data);
925 consumer_->OnUberAuthTokenFailure(GenerateAuthError(data, status));
929 void GaiaAuthFetcher::OnOAuthLoginFetched(const std::string& data,
930 const net::URLRequestStatus& status,
932 if (status.is_success() && response_code == net::HTTP_OK) {
933 DVLOG(1) << "ClientLogin successful!";
937 ParseClientLoginResponse(data, &sid, &lsid, &token);
938 consumer_->OnClientLoginSuccess(
939 GaiaAuthConsumer::ClientLoginResult(sid, lsid, token, data));
941 consumer_->OnClientLoginFailure(GenerateAuthError(data, status));
945 void GaiaAuthFetcher::OnURLFetchComplete(const net::URLFetcher* source) {
946 fetch_pending_ = false;
947 // Some of the GAIA requests perform redirects, which results in the final
948 // URL of the fetcher not being the original URL requested. Therefore use
949 // the original URL when determining which OnXXX function to call.
950 const GURL& url = source->GetOriginalURL();
951 const net::URLRequestStatus& status = source->GetStatus();
952 int response_code = source->GetResponseCode();
954 source->GetResponseAsString(&data);
957 if (source->GetResponseHeaders())
958 source->GetResponseHeaders()->GetNormalizedHeaders(&headers);
959 DVLOG(2) << "Response " << url.spec() << ", code = " << response_code << "\n"
961 DVLOG(2) << "data: " << data << "\n";
963 // Retrieve the response headers from the request. Must only be called after
964 // the OnURLFetchComplete callback has run.
965 if (url == client_login_gurl_) {
966 OnClientLoginFetched(data, status, response_code);
967 } else if (url == issue_auth_token_gurl_) {
968 OnIssueAuthTokenFetched(data, status, response_code);
969 } else if (url == client_login_to_oauth2_gurl_) {
970 OnClientLoginToOAuth2Fetched(
971 data, source->GetCookies(), status, response_code);
972 } else if (url == oauth2_token_gurl_) {
973 OnOAuth2TokenPairFetched(data, status, response_code);
974 } else if (url == get_user_info_gurl_) {
975 OnGetUserInfoFetched(data, status, response_code);
976 } else if (url == merge_session_gurl_) {
977 OnMergeSessionFetched(data, status, response_code);
978 } else if (url == uberauth_token_gurl_) {
979 OnUberAuthTokenFetch(data, status, response_code);
980 } else if (url == oauth_login_gurl_) {
981 OnOAuthLoginFetched(data, status, response_code);
982 } else if (url == oauth2_revoke_gurl_) {
983 OnOAuth2RevokeTokenFetched(data, status, response_code);
984 } else if (url == list_accounts_gurl_) {
985 OnListAccountsFetched(data, status, response_code);
992 bool GaiaAuthFetcher::IsSecondFactorSuccess(
993 const std::string& alleged_error) {
994 return alleged_error.find(kSecondFactor) !=