#include "base/values.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/signin/about_signin_internals_factory.h"
+#include "chrome/browser/signin/chrome_signin_client_factory.h"
#include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
#include "chrome/browser/signin/signin_manager_factory.h"
#include "chrome/browser/sync/profile_sync_service.h"
#include "chrome/browser/ui/sync/one_click_signin_helper.h"
#include "chrome/browser/ui/sync/one_click_signin_histogram.h"
#include "chrome/browser/ui/tabs/tab_strip_model.h"
+#include "chrome/browser/ui/webui/signin/inline_login_ui.h"
+#include "chrome/browser/ui/webui/signin/login_ui_service.h"
+#include "chrome/browser/ui/webui/signin/login_ui_service_factory.h"
#include "chrome/common/url_constants.h"
#include "components/signin/core/browser/about_signin_internals.h"
#include "components/signin/core/browser/profile_oauth2_token_service.h"
#include "components/signin/core/browser/signin_error_controller.h"
#include "components/signin/core/browser/signin_oauth_helper.h"
+#include "components/signin/core/common/profile_management_switches.h"
#include "content/public/browser/storage_partition.h"
#include "content/public/browser/web_ui.h"
#include "google_apis/gaia/gaia_auth_fetcher.h"
namespace {
-class InlineSigninHelper : public SigninOAuthHelper,
- public SigninOAuthHelper::Consumer {
+class InlineSigninHelper : public SigninOAuthHelper::Consumer {
public:
InlineSigninHelper(
base::WeakPtr<InlineLoginHandlerImpl> handler,
const std::string& email,
const std::string& password,
const std::string& session_index,
- bool choose_what_to_sync);
+ const std::string& signin_scoped_device_id,
+ bool choose_what_to_sync,
+ bool confirm_untrusted_signin);
private:
// Overriden from SigninOAuthHelper::Consumer.
virtual void OnSigninOAuthInformationFailure(
const GoogleServiceAuthError& error) OVERRIDE;
+ SigninOAuthHelper signin_oauth_helper_;
base::WeakPtr<InlineLoginHandlerImpl> handler_;
Profile* profile_;
GURL current_url_;
std::string password_;
std::string session_index_;
bool choose_what_to_sync_;
+ bool confirm_untrusted_signin_;
DISALLOW_COPY_AND_ASSIGN(InlineSigninHelper);
};
const std::string& email,
const std::string& password,
const std::string& session_index,
- bool choose_what_to_sync)
- : SigninOAuthHelper(getter, session_index, this),
+ const std::string& signin_scoped_device_id,
+ bool choose_what_to_sync,
+ bool confirm_untrusted_signin)
+ : signin_oauth_helper_(getter, session_index, signin_scoped_device_id,
+ this),
handler_(handler),
profile_(profile),
current_url_(current_url),
email_(email),
password_(password),
session_index_(session_index),
- choose_what_to_sync_(choose_what_to_sync) {
+ choose_what_to_sync_(choose_what_to_sync),
+ confirm_untrusted_signin_(confirm_untrusted_signin) {
DCHECK(profile_);
DCHECK(!email_.empty());
- DCHECK(!session_index_.empty());
}
void InlineSigninHelper::OnSigninOAuthInformationAvailable(
SigninErrorController* error_controller =
ProfileOAuth2TokenServiceFactory::GetForProfile(profile_)->
signin_error_controller();
- OneClickSigninSyncStarter::StartSyncMode start_mode =
- source == signin::SOURCE_SETTINGS || choose_what_to_sync_ ?
- (error_controller->HasError() &&
- sync_service && sync_service->HasSyncSetupCompleted()) ?
- OneClickSigninSyncStarter::SHOW_SETTINGS_WITHOUT_CONFIGURE :
- OneClickSigninSyncStarter::CONFIGURE_SYNC_FIRST :
- OneClickSigninSyncStarter::SYNC_WITH_DEFAULT_SETTINGS;
- OneClickSigninSyncStarter::ConfirmationRequired confirmation_required =
- source == signin::SOURCE_SETTINGS ||
- source == signin::SOURCE_WEBSTORE_INSTALL ||
- choose_what_to_sync_ ?
- OneClickSigninSyncStarter::NO_CONFIRMATION :
- OneClickSigninSyncStarter::CONFIRM_AFTER_SIGNIN;
+
+ bool is_new_avatar_menu = switches::IsNewAvatarMenu();
+
+ OneClickSigninSyncStarter::StartSyncMode start_mode;
+ if (source == signin::SOURCE_SETTINGS || choose_what_to_sync_) {
+ bool show_settings_without_configure =
+ error_controller->HasError() &&
+ sync_service &&
+ sync_service->HasSyncSetupCompleted();
+ start_mode = show_settings_without_configure ?
+ OneClickSigninSyncStarter::SHOW_SETTINGS_WITHOUT_CONFIGURE :
+ OneClickSigninSyncStarter::CONFIGURE_SYNC_FIRST;
+ } else {
+ start_mode = is_new_avatar_menu ?
+ OneClickSigninSyncStarter::CONFIRM_SYNC_SETTINGS_FIRST :
+ OneClickSigninSyncStarter::SYNC_WITH_DEFAULT_SETTINGS;
+ }
+
+ OneClickSigninSyncStarter::ConfirmationRequired confirmation_required;
+ if (confirm_untrusted_signin_) {
+ confirmation_required =
+ OneClickSigninSyncStarter::CONFIRM_UNTRUSTED_SIGNIN;
+ } else if (is_new_avatar_menu) {
+ confirmation_required = OneClickSigninSyncStarter::CONFIRM_AFTER_SIGNIN;
+ } else {
+ confirmation_required =
+ source == signin::SOURCE_SETTINGS ||
+ source == signin::SOURCE_WEBSTORE_INSTALL ||
+ choose_what_to_sync_ ?
+ OneClickSigninSyncStarter::NO_CONFIRMATION :
+ OneClickSigninSyncStarter::CONFIRM_AFTER_SIGNIN;
+ }
bool start_signin =
!OneClickSigninHelper::HandleCrossAccountError(
- contents, "",
+ profile_, "",
email, password_, refresh_token,
OneClickSigninHelper::AUTO_ACCEPT_EXPLICIT,
source, start_mode,
InlineLoginHandlerImpl::InlineLoginHandlerImpl()
: weak_factory_(this),
- choose_what_to_sync_(false) {
+ confirm_untrusted_signin_(false) {
}
InlineLoginHandlerImpl::~InlineLoginHandlerImpl() {}
#endif
}
+void InlineLoginHandlerImpl::DidCommitProvisionalLoadForFrame(
+ content::RenderFrameHost* render_frame_host,
+ const GURL& url,
+ content::PageTransition transition_type) {
+ if (!web_contents())
+ return;
+
+ // Returns early if this is not a gaia iframe navigation.
+ const GURL kGaiaExtOrigin(
+ "chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/");
+ content::RenderFrameHost* gaia_iframe = InlineLoginUI::GetAuthIframe(
+ web_contents(), kGaiaExtOrigin, "signin-frame");
+ if (render_frame_host != gaia_iframe)
+ return;
+
+ // Loading any untrusted (e.g., HTTP) URLs in the privileged sign-in process
+ // will require confirmation before the sign in takes effect.
+ if (!url.is_empty() &&
+ url.spec() != url::kAboutBlankURL &&
+ !gaia::IsGaiaSignonRealm(url.GetOrigin()) &&
+ !signin::IsContinueUrlForWebBasedSigninFlow(url)) {
+ confirm_untrusted_signin_ = true;
+ }
+}
+
void InlineLoginHandlerImpl::SetExtraInitParams(base::DictionaryValue& params) {
params.SetString("service", "chromiumsync");
if (is_constrained == "1")
contents->SetDelegate(this);
+ content::WebContentsObserver::Observe(contents);
+
signin::Source source = signin::GetSourceForPromoURL(current_url);
OneClickSigninHelper::LogHistogramValue(
source, one_click_signin::HISTOGRAM_SHOWN);
return;
}
- base::string16 email;
- dict->GetString("email", &email);
- DCHECK(!email.empty());
- email_ = base::UTF16ToASCII(email);
- base::string16 password;
- dict->GetString("password", &password);
- password_ = base::UTF16ToASCII(password);
+ base::string16 email_string16;
+ dict->GetString("email", &email_string16);
+ DCHECK(!email_string16.empty());
+ std::string email(base::UTF16ToASCII(email_string16));
+
+ base::string16 password_string16;
+ dict->GetString("password", &password_string16);
+ std::string password(base::UTF16ToASCII(password_string16));
// When doing a SAML sign in, this email check may result in a false
// positive. This happens when the user types one email address in the
net::GetValueForKeyInQuery(current_url, "validateEmail",
&validate_email) &&
validate_email == "1") {
- if (!gaia::AreEmailsSame(email_, default_email)) {
+ if (!gaia::AreEmailsSame(email, default_email)) {
SyncStarterCallback(OneClickSigninSyncStarter::SYNC_SETUP_FAILURE);
return;
}
}
- base::string16 session_index;
- dict->GetString("sessionIndex", &session_index);
- session_index_ = base::UTF16ToASCII(session_index);
- DCHECK(!session_index_.empty());
- dict->GetBoolean("chooseWhatToSync", &choose_what_to_sync_);
+ base::string16 session_index_string16;
+ dict->GetString("sessionIndex", &session_index_string16);
+ std::string session_index = base::UTF16ToASCII(session_index_string16);
+ DCHECK(!session_index.empty());
+
+ bool choose_what_to_sync = false;
+ dict->GetBoolean("chooseWhatToSync", &choose_what_to_sync);
signin::Source source = signin::GetSourceForPromoURL(current_url);
OneClickSigninHelper::LogHistogramValue(
source, one_click_signin::HISTOGRAM_ACCEPTED);
bool switch_to_advanced =
- choose_what_to_sync_ && (source != signin::SOURCE_SETTINGS);
+ choose_what_to_sync && (source != signin::SOURCE_SETTINGS);
OneClickSigninHelper::LogHistogramValue(
source,
switch_to_advanced ? one_click_signin::HISTOGRAM_WITH_ADVANCED :
std::string error_msg;
bool can_offer = OneClickSigninHelper::CanOffer(
- contents, can_offer_for, email_, &error_msg);
+ contents, can_offer_for, email, &error_msg);
if (!can_offer) {
HandleLoginError(error_msg);
return;
contents->GetBrowserContext(),
GURL(chrome::kChromeUIChromeSigninURL));
+ SigninClient* signin_client =
+ ChromeSigninClientFactory::GetForProfile(Profile::FromWebUI(web_ui()));
+ std::string signin_scoped_device_id =
+ signin_client->GetSigninScopedDeviceId();
// InlineSigninHelper will delete itself.
new InlineSigninHelper(GetWeakPtr(), partition->GetURLRequestContext(),
Profile::FromWebUI(web_ui()), current_url,
- email_, password_, session_index_,
- choose_what_to_sync_);
+ email, password, session_index,
+ signin_scoped_device_id, choose_what_to_sync,
+ confirm_untrusted_signin_);
- email_.clear();
- password_.clear();
- session_index_.clear();
web_ui()->CallJavascriptFunction("inline.login.closeDialog");
}
Browser* browser = GetDesktopBrowser();
if (browser && !error_msg.empty()) {
- VLOG(1) << "InlineLoginHandlerImpl::HandleLoginError shows error message: "
- << error_msg;
- OneClickSigninHelper::ShowSigninErrorBubble(browser, error_msg);
+ LoginUIServiceFactory::GetForProfile(Profile::FromWebUI(web_ui()))->
+ DisplayLoginResult(browser, base::UTF8ToUTF16(error_msg));
}
-
- email_.clear();
- password_.clear();
- session_index_.clear();
}
Browser* InlineLoginHandlerImpl::GetDesktopBrowser() {