chrome/browser/resources/gaia_auth_host/gaia_auth_host.js - platform/external/chromium_org - Git at Google

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 /**
  * @fileoverview An UI component to host gaia auth extension in an iframe.
  * After the component binds with an iframe, call its {@code load} to start the
  * authentication flow. There are two events would be raised after this point:
  * a 'ready' event when the authentication UI is ready to use and a 'completed'
  * event when the authentication is completed successfully. If caller is
  * interested in the user credentials, he may supply a success callback with
  * {@code load} call. The callback will be invoked when the authentication is
  * completed successfully and with the available credential data.
  */

 cr.define('cr.login', function() {
   'use strict';

   /**
    * Base URL of gaia auth extension.
    * @const
    */
   var AUTH_URL_BASE = 'chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik';

   /**
    * Auth URL to use for online flow.
    * @const
    */
   var AUTH_URL = AUTH_URL_BASE + '/main.html';

   /**
    * Auth URL to use for offline flow.
    * @const
    */
   var OFFLINE_AUTH_URL = AUTH_URL_BASE + '/offline.html';

   /**
    * Origin of the gaia sign in page.
    * @const
    */
   var GAIA_ORIGIN = 'https://accounts.google.com';

   /**
    * Supported params of auth extension. For a complete list, check out the
    * auth extension's main.js.
    * @type {!Array.<string>}
    * @const
    */
   var SUPPORTED_PARAMS = [
     'gaiaUrl',       // Gaia url to use;
     'gaiaPath',      // Gaia path to use without a leading slash;
     'hl',            // Language code for the user interface;
     'email',         // Pre-fill the email field in Gaia UI;
     'service',       // Name of Gaia service;
     'continueUrl',   // Continue url to use;
     'frameUrl',      // Initial frame URL to use. If empty defaults to gaiaUrl.
     'constrained'    // Whether the extension is loaded in a constrained window;
   ];

   /**
    * Supported localized strings. For a complete list, check out the auth
    * extension's offline.js
    * @type {!Array.<string>}
    * @const
    */
   var LOCALIZED_STRING_PARAMS = [
       'stringSignIn',
       'stringEmail',
       'stringPassword',
       'stringEmptyEmail',
       'stringEmptyPassword',
       'stringError'
   ];

   /**
    * Enum for the authorization mode, must match AuthMode defined in
    * chrome/browser/ui/webui/inline_login_ui.cc.
    * @enum {number}
    */
   var AuthMode = {
     DEFAULT: 0,
     OFFLINE: 1,
     DESKTOP: 2
   };

   /**
    * Enum for the auth flow.
    * @enum {number}
    */
   var AuthFlow = {
     GAIA: 0,
     SAML: 1
   };

   /**
    * Creates a new gaia auth extension host.
    * @param {HTMLIFrameElement|string} container The iframe element or its id
    *     to host the auth extension.
    * @constructor
    * @extends {cr.EventTarget}
    */
   function GaiaAuthHost(container) {
     this.frame_ = typeof container == 'string' ? $(container) : container;
     assert(this.frame_);
     window.addEventListener('message',
                             this.onMessage_.bind(this), false);
   }

   GaiaAuthHost.prototype = {
     __proto__: cr.EventTarget.prototype,

     /**
      * An url to use with {@code reload}.
      * @type {?string}
      * @private
      */
     reloadUrl_: null,

     /**
      * The domain name of the current auth page.
      * @type {string}
      */
     authDomain: '',

     /**
      * Invoked when authentication is completed successfully with credential
      * data. A credential data object looks like this:
      * <pre>
      * {@code
      * {
      *   email: 'xx@gmail.com',
      *   password: 'xxxx',  // May not present
      *   authCode: 'x/xx',  // May not present
      *   authMode: 'x',     // Authorization mode, default/offline/desktop.
      * }
      * }
      * </pre>
      * @type {function(Object)}
      * @private
      */
     successCallback_: null,

     /**
      * Invoked when the auth flow needs a user to confirm his/her passwords.
      * This could happen when there are more than one passwords scraped during
      * SAML flow. The embedder of GaiaAuthHost should show an UI to collect a
      * password from user then call GaiaAuthHost.verifyConfirmedPassword to
      * verify. If the password is good, the auth flow continues with success
      * path. Otherwise, confirmPasswordCallback_ is invoked again.
      * @type {function()}
      */
     confirmPasswordCallback_: null,

     /**
      * Similar to confirmPasswordCallback_ but is used when there is no
      * password scraped after a success authentication. The authenticated user
      * account is passed to the callback. The embedder should take over the
      * flow and decide what to do next.
      * @type {function(string)}
      */
     noPasswordCallback_: null,

     /**
      * Invoked when the authentication flow had to be aborted because content
      * served over an unencrypted connection was detected.
      */
     insecureContentBlockedCallback_: null,

     /**
      * Invoked to display an error message to the user when a GAIA error occurs
      * during authentication.
      * @type {function()}
      */
     missingGaiaInfoCallback_: null,

     /**
      * Invoked to record that the credentials passing API was used.
      * @type {function()}
      */
     samlApiUsedCallback_: null,

     /**
      * The iframe container.
      * @type {HTMLIFrameElement}
      */
     get frame() {
       return this.frame_;
     },

     /**
      * Sets confirmPasswordCallback_.
      * @type {function()}
      */
     set confirmPasswordCallback(callback) {
       this.confirmPasswordCallback_ = callback;
     },

     /**
      * Sets noPasswordCallback_.
      * @type {function()}
      */
     set noPasswordCallback(callback) {
       this.noPasswordCallback_ = callback;
     },

     /**
      * Sets insecureContentBlockedCallback_.
      * @type {function(string)}
      */
     set insecureContentBlockedCallback(callback) {
       this.insecureContentBlockedCallback_ = callback;
     },

     /**
      * Sets missingGaiaInfoCallback_.
      * @type {function()}
      */
     set missingGaiaInfoCallback(callback) {
       this.missingGaiaInfoCallback_ = callback;
     },

     /**
      * Sets samlApiUsedCallback_.
      * @type {function()}
      */
     set samlApiUsedCallback(callback) {
       this.samlApiUsedCallback_ = callback;
     },

     /**
      * Loads the auth extension.
      * @param {AuthMode} authMode Authorization mode.
      * @param {Object} data Parameters for the auth extension. See the auth
      *     extension's main.js for all supported params and their defaults.
      * @param {function(Object)} successCallback A function to be called when
      *     the authentication is completed successfully. The callback is
      *     invoked with a credential object.
      */
     load: function(authMode, data, successCallback) {
       var params = [];

       var populateParams = function(nameList, values) {
         if (!values)
           return;

         for (var i in nameList) {
           var name = nameList[i];
           if (values[name])
             params.push(name + '=' + encodeURIComponent(values[name]));
         }
       };

       populateParams(SUPPORTED_PARAMS, data);
       populateParams(LOCALIZED_STRING_PARAMS, data.localizedStrings);
       params.push('parentPage=' + encodeURIComponent(window.location.origin));
       params.push('needPassword=1');

       var url;
       switch (authMode) {
         case AuthMode.OFFLINE:
           url = OFFLINE_AUTH_URL;
           break;
         case AuthMode.DESKTOP:
           url = AUTH_URL;
           params.push('desktopMode=1');
           break;
         default:
           url = AUTH_URL;
       }
       url += '?' + params.join('&');

       this.frame_.src = url;
       this.reloadUrl_ = url;
       this.successCallback_ = successCallback;
       this.authFlow = AuthFlow.GAIA;
     },

     /**
      * Reloads the auth extension.
      */
     reload: function() {
       this.frame_.src = this.reloadUrl_;
       this.authFlow = AuthFlow.GAIA;
     },

     /**
      * Verifies the supplied password by sending it to the auth extension,
      * which will then check if it matches the scraped passwords.
      * @param {string} password The confirmed password that needs verification.
      */
     verifyConfirmedPassword: function(password) {
       var msg = {
         method: 'verifyConfirmedPassword',
         password: password
       };
       this.frame_.contentWindow.postMessage(msg, AUTH_URL_BASE);
     },

     /**
      * Invoked to process authentication success.
      * @param {Object} credentials Credential object to pass to success
      *     callback.
      * @private
      */
     onAuthSuccess_: function(credentials) {
       if (this.successCallback_)
         this.successCallback_(credentials);
       cr.dispatchSimpleEvent(this, 'completed');
     },

     /**
      * Checks if message comes from the loaded authentication extension.
      * @param {Object} e Payload of the received HTML5 message.
      * @type {boolean}
      */
     isAuthExtMessage_: function(e) {
       return this.frame_.src &&
           this.frame_.src.indexOf(e.origin) == 0 &&
           e.source == this.frame_.contentWindow;
     },

     /**
      * Event handler that is invoked when HTML5 message is received.
      * @param {object} e Payload of the received HTML5 message.
      */
     onMessage_: function(e) {
       var msg = e.data;

       if (!this.isAuthExtMessage_(e))
         return;

       if (msg.method == 'loginUILoaded') {
         cr.dispatchSimpleEvent(this, 'ready');
         return;
       }

       if (/^complete(Login|Authentication)$|^offlineLogin$/.test(msg.method)) {
         if (!msg.email && !this.email_ && !msg.skipForNow) {
           var msg = {method: 'redirectToSignin'};
           this.frame_.contentWindow.postMessage(msg, AUTH_URL_BASE);
           return;
         }
         this.onAuthSuccess_({email: msg.email,
                              password: msg.password,
                              gaiaId: msg.gaiaId,
                              useOffline: msg.method == 'offlineLogin',
                              usingSAML: msg.usingSAML || false,
                              chooseWhatToSync: msg.chooseWhatToSync,
                              skipForNow: msg.skipForNow || false,
                              sessionIndex: msg.sessionIndex || ''});
         return;
       }

       if (msg.method == 'confirmPassword') {
         if (this.confirmPasswordCallback_)
           this.confirmPasswordCallback_(msg.passwordCount);
         else
           console.error('GaiaAuthHost: Invalid confirmPasswordCallback_.');
         return;
       }

       if (msg.method == 'noPassword') {
         if (this.noPasswordCallback_)
           this.noPasswordCallback_(msg.email);
         else
           console.error('GaiaAuthHost: Invalid noPasswordCallback_.');
         return;
       }

       if (msg.method == 'authPageLoaded') {
         this.authDomain = msg.domain;
         this.authFlow = msg.isSAML ? AuthFlow.SAML : AuthFlow.GAIA;
         return;
       }

       if (msg.method == 'insecureContentBlocked') {
         if (this.insecureContentBlockedCallback_) {
           this.insecureContentBlockedCallback_(msg.url);
         } else {
           console.error(
               'GaiaAuthHost: Invalid insecureContentBlockedCallback_.');
         }
         return;
       }

       if (msg.method == 'switchToFullTab') {
         chrome.send('switchToFullTab', [msg.url]);
         return;
       }

       if (msg.method == 'missingGaiaInfo') {
         if (this.missingGaiaInfoCallback_) {
           this.missingGaiaInfoCallback_();
         } else {
           console.error('GaiaAuthHost: Invalid missingGaiaInfoCallback_.');
         }
         return;
       }

       if (msg.method == 'samlApiUsed') {
         if (this.samlApiUsedCallback_) {
           this.samlApiUsedCallback_();
         } else {
           console.error('GaiaAuthHost: Invalid samlApiUsedCallback_.');
         }
         return;
       }

       console.error('Unknown message method=' + msg.method);
     }
   };

   /**
    * The current auth flow of the hosted gaia_auth extension.
    * @type {AuthFlow}
    */
   cr.defineProperty(GaiaAuthHost, 'authFlow');

   GaiaAuthHost.SUPPORTED_PARAMS = SUPPORTED_PARAMS;
   GaiaAuthHost.LOCALIZED_STRING_PARAMS = LOCALIZED_STRING_PARAMS;
   GaiaAuthHost.AuthMode = AuthMode;
   GaiaAuthHost.AuthFlow = AuthFlow;

   return {
     GaiaAuthHost: GaiaAuthHost
   };
 });
	// Copyright 2013 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	/**
	* @fileoverview An UI component to host gaia auth extension in an iframe.
	* After the component binds with an iframe, call its {@code load} to start the
	* authentication flow. There are two events would be raised after this point:
	* a 'ready' event when the authentication UI is ready to use and a 'completed'
	* event when the authentication is completed successfully. If caller is
	* interested in the user credentials, he may supply a success callback with
	* {@code load} call. The callback will be invoked when the authentication is
	* completed successfully and with the available credential data.
	*/

	cr.define('cr.login', function() {
	'use strict';

	/**
	* Base URL of gaia auth extension.
	* @const
	*/
	var AUTH_URL_BASE = 'chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik';

	/**
	* Auth URL to use for online flow.
	* @const
	*/
	var AUTH_URL = AUTH_URL_BASE + '/main.html';

	/**
	* Auth URL to use for offline flow.
	* @const
	*/
	var OFFLINE_AUTH_URL = AUTH_URL_BASE + '/offline.html';

	/**
	* Origin of the gaia sign in page.
	* @const
	*/
	var GAIA_ORIGIN = 'https://accounts.google.com';

	/**
	* Supported params of auth extension. For a complete list, check out the
	* auth extension's main.js.
	* @type {!Array.<string>}
	* @const
	*/
	var SUPPORTED_PARAMS = [
	'gaiaUrl', // Gaia url to use;
	'gaiaPath', // Gaia path to use without a leading slash;
	'hl', // Language code for the user interface;
	'email', // Pre-fill the email field in Gaia UI;
	'service', // Name of Gaia service;
	'continueUrl', // Continue url to use;
	'frameUrl', // Initial frame URL to use. If empty defaults to gaiaUrl.
	'constrained' // Whether the extension is loaded in a constrained window;
	];

	/**
	* Supported localized strings. For a complete list, check out the auth
	* extension's offline.js
	* @type {!Array.<string>}
	* @const
	*/
	var LOCALIZED_STRING_PARAMS = [
	'stringSignIn',
	'stringEmail',
	'stringPassword',
	'stringEmptyEmail',
	'stringEmptyPassword',
	'stringError'
	];

	/**
	* Enum for the authorization mode, must match AuthMode defined in
	* chrome/browser/ui/webui/inline_login_ui.cc.
	* @enum {number}
	*/
	var AuthMode = {
	DEFAULT: 0,
	OFFLINE: 1,
	DESKTOP: 2
	};

	/**
	* Enum for the auth flow.
	* @enum {number}
	*/
	var AuthFlow = {
	GAIA: 0,
	SAML: 1
	};

	/**
	* Creates a new gaia auth extension host.
	* @param {HTMLIFrameElement\|string} container The iframe element or its id
	* to host the auth extension.
	* @constructor
	* @extends {cr.EventTarget}
	*/
	function GaiaAuthHost(container) {
	this.frame_ = typeof container == 'string' ? $(container) : container;
	assert(this.frame_);
	window.addEventListener('message',
	this.onMessage_.bind(this), false);
	}

	GaiaAuthHost.prototype = {
	__proto__: cr.EventTarget.prototype,

	/**
	* An url to use with {@code reload}.
	* @type {?string}
	* @private
	*/
	reloadUrl_: null,

	/**
	* The domain name of the current auth page.
	* @type {string}
	*/
	authDomain: '',

	/**
	* Invoked when authentication is completed successfully with credential
	* data. A credential data object looks like this:
	* <pre>
	* {@code
	* {
	* email: 'xx@gmail.com',
	* password: 'xxxx', // May not present
	* authCode: 'x/xx', // May not present
	* authMode: 'x', // Authorization mode, default/offline/desktop.
	* }
	* }
	* </pre>
	* @type {function(Object)}
	* @private
	*/
	successCallback_: null,

	/**
	* Invoked when the auth flow needs a user to confirm his/her passwords.
	* This could happen when there are more than one passwords scraped during
	* SAML flow. The embedder of GaiaAuthHost should show an UI to collect a
	* password from user then call GaiaAuthHost.verifyConfirmedPassword to
	* verify. If the password is good, the auth flow continues with success
	* path. Otherwise, confirmPasswordCallback_ is invoked again.
	* @type {function()}
	*/
	confirmPasswordCallback_: null,

	/**
	* Similar to confirmPasswordCallback_ but is used when there is no
	* password scraped after a success authentication. The authenticated user
	* account is passed to the callback. The embedder should take over the
	* flow and decide what to do next.
	* @type {function(string)}
	*/
	noPasswordCallback_: null,

	/**
	* Invoked when the authentication flow had to be aborted because content
	* served over an unencrypted connection was detected.
	*/
	insecureContentBlockedCallback_: null,

	/**
	* Invoked to display an error message to the user when a GAIA error occurs
	* during authentication.
	* @type {function()}
	*/
	missingGaiaInfoCallback_: null,

	/**
	* Invoked to record that the credentials passing API was used.
	* @type {function()}
	*/
	samlApiUsedCallback_: null,

	/**
	* The iframe container.
	* @type {HTMLIFrameElement}
	*/
	get frame() {
	return this.frame_;
	},

	/**
	* Sets confirmPasswordCallback_.
	* @type {function()}
	*/
	set confirmPasswordCallback(callback) {
	this.confirmPasswordCallback_ = callback;
	},

	/**
	* Sets noPasswordCallback_.
	* @type {function()}
	*/
	set noPasswordCallback(callback) {
	this.noPasswordCallback_ = callback;
	},

	/**
	* Sets insecureContentBlockedCallback_.
	* @type {function(string)}
	*/
	set insecureContentBlockedCallback(callback) {
	this.insecureContentBlockedCallback_ = callback;
	},

	/**
	* Sets missingGaiaInfoCallback_.
	* @type {function()}
	*/
	set missingGaiaInfoCallback(callback) {
	this.missingGaiaInfoCallback_ = callback;
	},

	/**
	* Sets samlApiUsedCallback_.
	* @type {function()}
	*/
	set samlApiUsedCallback(callback) {
	this.samlApiUsedCallback_ = callback;
	},

	/**
	* Loads the auth extension.
	* @param {AuthMode} authMode Authorization mode.
	* @param {Object} data Parameters for the auth extension. See the auth
	* extension's main.js for all supported params and their defaults.
	* @param {function(Object)} successCallback A function to be called when
	* the authentication is completed successfully. The callback is
	* invoked with a credential object.
	*/
	load: function(authMode, data, successCallback) {
	var params = [];

	var populateParams = function(nameList, values) {
	if (!values)
	return;

	for (var i in nameList) {
	var name = nameList[i];
	if (values[name])
	params.push(name + '=' + encodeURIComponent(values[name]));
	}
	};

	populateParams(SUPPORTED_PARAMS, data);
	populateParams(LOCALIZED_STRING_PARAMS, data.localizedStrings);
	params.push('parentPage=' + encodeURIComponent(window.location.origin));
	params.push('needPassword=1');

	var url;
	switch (authMode) {
	case AuthMode.OFFLINE:
	url = OFFLINE_AUTH_URL;
	break;
	case AuthMode.DESKTOP:
	url = AUTH_URL;
	params.push('desktopMode=1');
	break;
	default:
	url = AUTH_URL;
	}
	url += '?' + params.join('&');

	this.frame_.src = url;
	this.reloadUrl_ = url;
	this.successCallback_ = successCallback;
	this.authFlow = AuthFlow.GAIA;
	},

	/**
	* Reloads the auth extension.
	*/
	reload: function() {
	this.frame_.src = this.reloadUrl_;
	this.authFlow = AuthFlow.GAIA;
	},

	/**
	* Verifies the supplied password by sending it to the auth extension,
	* which will then check if it matches the scraped passwords.
	* @param {string} password The confirmed password that needs verification.
	*/
	verifyConfirmedPassword: function(password) {
	var msg = {
	method: 'verifyConfirmedPassword',
	password: password
	};
	this.frame_.contentWindow.postMessage(msg, AUTH_URL_BASE);
	},

	/**
	* Invoked to process authentication success.
	* @param {Object} credentials Credential object to pass to success
	* callback.
	* @private
	*/
	onAuthSuccess_: function(credentials) {
	if (this.successCallback_)
	this.successCallback_(credentials);
	cr.dispatchSimpleEvent(this, 'completed');
	},

	/**
	* Checks if message comes from the loaded authentication extension.
	* @param {Object} e Payload of the received HTML5 message.
	* @type {boolean}
	*/
	isAuthExtMessage_: function(e) {
	return this.frame_.src &&
	this.frame_.src.indexOf(e.origin) == 0 &&
	e.source == this.frame_.contentWindow;
	},

	/**
	* Event handler that is invoked when HTML5 message is received.
	* @param {object} e Payload of the received HTML5 message.
	*/
	onMessage_: function(e) {
	var msg = e.data;

	if (!this.isAuthExtMessage_(e))
	return;

	if (msg.method == 'loginUILoaded') {
	cr.dispatchSimpleEvent(this, 'ready');
	return;
	}

	if (/^complete(Login\|Authentication)$\|^offlineLogin$/.test(msg.method)) {
	if (!msg.email && !this.email_ && !msg.skipForNow) {
	var msg = {method: 'redirectToSignin'};
	this.frame_.contentWindow.postMessage(msg, AUTH_URL_BASE);
	return;
	}
	this.onAuthSuccess_({email: msg.email,
	password: msg.password,
	gaiaId: msg.gaiaId,
	useOffline: msg.method == 'offlineLogin',
	usingSAML: msg.usingSAML \|\| false,
	chooseWhatToSync: msg.chooseWhatToSync,
	skipForNow: msg.skipForNow \|\| false,
	sessionIndex: msg.sessionIndex \|\| ''});
	return;
	}

	if (msg.method == 'confirmPassword') {
	if (this.confirmPasswordCallback_)
	this.confirmPasswordCallback_(msg.passwordCount);
	else
	console.error('GaiaAuthHost: Invalid confirmPasswordCallback_.');
	return;
	}

	if (msg.method == 'noPassword') {
	if (this.noPasswordCallback_)
	this.noPasswordCallback_(msg.email);
	else
	console.error('GaiaAuthHost: Invalid noPasswordCallback_.');
	return;
	}

	if (msg.method == 'authPageLoaded') {
	this.authDomain = msg.domain;
	this.authFlow = msg.isSAML ? AuthFlow.SAML : AuthFlow.GAIA;
	return;
	}

	if (msg.method == 'insecureContentBlocked') {
	if (this.insecureContentBlockedCallback_) {
	this.insecureContentBlockedCallback_(msg.url);
	} else {
	console.error(
	'GaiaAuthHost: Invalid insecureContentBlockedCallback_.');
	}
	return;
	}

	if (msg.method == 'switchToFullTab') {
	chrome.send('switchToFullTab', [msg.url]);
	return;
	}

	if (msg.method == 'missingGaiaInfo') {
	if (this.missingGaiaInfoCallback_) {
	this.missingGaiaInfoCallback_();
	} else {
	console.error('GaiaAuthHost: Invalid missingGaiaInfoCallback_.');
	}
	return;
	}

	if (msg.method == 'samlApiUsed') {
	if (this.samlApiUsedCallback_) {
	this.samlApiUsedCallback_();
	} else {
	console.error('GaiaAuthHost: Invalid samlApiUsedCallback_.');
	}
	return;
	}

	console.error('Unknown message method=' + msg.method);
	}
	};

	/**
	* The current auth flow of the hosted gaia_auth extension.
	* @type {AuthFlow}
	*/
	cr.defineProperty(GaiaAuthHost, 'authFlow');

	GaiaAuthHost.SUPPORTED_PARAMS = SUPPORTED_PARAMS;
	GaiaAuthHost.LOCALIZED_STRING_PARAMS = LOCALIZED_STRING_PARAMS;
	GaiaAuthHost.AuthMode = AuthMode;
	GaiaAuthHost.AuthFlow = AuthFlow;

	return {
	GaiaAuthHost: GaiaAuthHost
	};
	});