Home | History | Annotate | Download | only in gaia 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef GOOGLE_APIS_GAIA_GAIA_AUTH_FETCHER_H_
      6 #define GOOGLE_APIS_GAIA_GAIA_AUTH_FETCHER_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 #include "base/gtest_prod_util.h"
     12 #include "base/memory/scoped_ptr.h"
     13 #include "google_apis/gaia/gaia_auth_consumer.h"
     14 #include "google_apis/gaia/google_service_auth_error.h"
     15 #include "net/url_request/url_fetcher_delegate.h"
     16 #include "url/gurl.h"
     17 
     18 // Authenticate a user against the Google Accounts ClientLogin API
     19 // with various capabilities and return results to a GaiaAuthConsumer.
     20 //
     21 // In the future, we will also issue auth tokens from this class.
     22 // This class should be used on a single thread, but it can be whichever thread
     23 // that you like.
     24 //
     25 // This class can handle one request at a time on any thread. To parallelize
     26 // requests, create multiple GaiaAuthFetcher's.
     27 
     28 class GaiaAuthFetcherTest;
     29 
     30 namespace net {
     31 class URLFetcher;
     32 class URLRequestContextGetter;
     33 class URLRequestStatus;
     34 }
     35 
     36 class GaiaAuthFetcher : public net::URLFetcherDelegate {
     37  public:
     38   enum HostedAccountsSetting {
     39     HostedAccountsAllowed,
     40     HostedAccountsNotAllowed
     41   };
     42 
     43   // Magic string indicating that, while a second factor is still
     44   // needed to complete authentication, the user provided the right password.
     45   static const char kSecondFactor[];
     46 
     47   // This will later be hidden behind an auth service which caches
     48   // tokens.
     49   GaiaAuthFetcher(GaiaAuthConsumer* consumer,
     50                   const std::string& source,
     51                   net::URLRequestContextGetter* getter);
     52   virtual ~GaiaAuthFetcher();
     53 
     54   // Start a request to obtain the SID and LSID cookies for the the account
     55   // identified by |username| and |password|.  If |service| is not null or
     56   // empty, then also obtains a service token for specified service.
     57   //
     58   // If this is a second call because of captcha challenge, then the
     59   // |login_token| and |login_captcha| arugment should correspond to the
     60   // solution of the challenge.
     61   //
     62   // Either OnClientLoginSuccess or OnClientLoginFailure will be
     63   // called on the consumer on the original thread.
     64   void StartClientLogin(const std::string& username,
     65                         const std::string& password,
     66                         const char* const service,
     67                         const std::string& login_token,
     68                         const std::string& login_captcha,
     69                         HostedAccountsSetting allow_hosted_accounts);
     70 
     71   // Start a request to obtain service token for the the account identified by
     72   // |sid| and |lsid| and the |service|.
     73   //
     74   // Either OnIssueAuthTokenSuccess or OnIssueAuthTokenFailure will be
     75   // called on the consumer on the original thread.
     76   void StartIssueAuthToken(const std::string& sid,
     77                            const std::string& lsid,
     78                            const char* const service);
     79 
     80   // Start a request to obtain |service| token for the the account identified by
     81   // |uber_token|.
     82   //
     83   // Either OnIssueAuthTokenSuccess or OnIssueAuthTokenFailure will be
     84   // called on the consumer on the original thread.
     85   void StartTokenAuth(const std::string& uber_token,
     86                       const char* const service);
     87 
     88   // Start a request to obtain service token for the the account identified by
     89   // |oauth2_access_token| and the |service|.
     90   //
     91   // Either OnIssueAuthTokenSuccess or OnIssueAuthTokenFailure will be
     92   // called on the consumer on the original thread.
     93   void StartIssueAuthTokenForOAuth2(const std::string& oauth2_access_token,
     94                                     const char* const service);
     95 
     96   // Start a request to exchange an "lso" service token given by |auth_token|
     97   // for an OAuthLogin-scoped oauth2 token.
     98   //
     99   // Either OnClientOAuthSuccess or OnClientOAuthFailure will be
    100   // called on the consumer on the original thread.
    101   void StartLsoForOAuthLoginTokenExchange(const std::string& auth_token);
    102 
    103   // Start a request to revoke |auth_token|.
    104   //
    105   // OnOAuth2RevokeTokenCompleted will be called on the consumer on the original
    106   // thread.
    107   void StartRevokeOAuth2Token(const std::string& auth_token);
    108 
    109   // Start a request to exchange the cookies of a signed-in user session
    110   // for an OAuthLogin-scoped oauth2 token.  In the case of a session with
    111   // multiple accounts signed in, |session_index| indicate the which of accounts
    112   // within the session.
    113   //
    114   // Either OnClientOAuthSuccess or OnClientOAuthFailure will be
    115   // called on the consumer on the original thread.
    116   void StartCookieForOAuthLoginTokenExchange(const std::string& session_index);
    117 
    118   // Start a request to exchange the authorization code for an OAuthLogin-scoped
    119   // oauth2 token.
    120   //
    121   // Either OnClientOAuthSuccess or OnClientOAuthFailure will be
    122   // called on the consumer on the original thread.
    123   void StartAuthCodeForOAuth2TokenExchange(const std::string& auth_code);
    124 
    125   // Start a request to get user info for the account identified by |lsid|.
    126   //
    127   // Either OnGetUserInfoSuccess or OnGetUserInfoFailure will be
    128   // called on the consumer on the original thread.
    129   void StartGetUserInfo(const std::string& lsid);
    130 
    131   // Start a MergeSession request to pre-login the user with the given
    132   // credentials.
    133   //
    134   // Start a MergeSession request to fill the browsing cookie jar with
    135   // credentials represented by the account whose uber-auth token is
    136   // |uber_token|.  This method will modify the cookies of the current profile.
    137   //
    138   // Either OnMergeSessionSuccess or OnMergeSessionFailure will be
    139   // called on the consumer on the original thread.
    140   void StartMergeSession(const std::string& uber_token);
    141 
    142   // Start a request to exchange an OAuthLogin-scoped oauth2 access token for an
    143   // uber-auth token.  The returned token can be used with the method
    144   // StartMergeSession().
    145   //
    146   // Either OnUberAuthTokenSuccess or OnUberAuthTokenFailure will be
    147   // called on the consumer on the original thread.
    148   void StartTokenFetchForUberAuthExchange(const std::string& access_token);
    149 
    150   // Start a request to exchange an OAuthLogin-scoped oauth2 access token for a
    151   // ClientLogin-style service tokens.  The response to this request is the
    152   // same as the response to a ClientLogin request, except that captcha
    153   // challenges are never issued.
    154   //
    155   // Either OnClientLoginSuccess or OnClientLoginFailure will be
    156   // called on the consumer on the original thread. If |service| is empty,
    157   // the call will attempt to fetch uber auth token.
    158   void StartOAuthLogin(const std::string& access_token,
    159                        const std::string& service);
    160 
    161   // Starts a request to list the accounts in the GAIA cookie.
    162   void StartListAccounts();
    163 
    164   // Implementation of net::URLFetcherDelegate
    165   virtual void OnURLFetchComplete(const net::URLFetcher* source) OVERRIDE;
    166 
    167   // StartClientLogin been called && results not back yet?
    168   bool HasPendingFetch();
    169 
    170   // Stop any URL fetches in progress.
    171   void CancelRequest();
    172 
    173   // From a URLFetcher result, generate an appropriate error.
    174   // From the API documentation, both IssueAuthToken and ClientLogin have
    175   // the same error returns.
    176   static GoogleServiceAuthError GenerateOAuthLoginError(
    177       const std::string& data,
    178       const net::URLRequestStatus& status);
    179 
    180  private:
    181   // ClientLogin body constants that don't change
    182   static const char kCookiePersistence[];
    183   static const char kAccountTypeHostedOrGoogle[];
    184   static const char kAccountTypeGoogle[];
    185 
    186   // The format of the POST body for ClientLogin.
    187   static const char kClientLoginFormat[];
    188   // The format of said POST body when CAPTCHA token & answer are specified.
    189   static const char kClientLoginCaptchaFormat[];
    190   // The format of the POST body for IssueAuthToken.
    191   static const char kIssueAuthTokenFormat[];
    192   // The format of the POST body to get OAuth2 auth code from auth token.
    193   static const char kClientLoginToOAuth2BodyFormat[];
    194   // The format of the POST body to get OAuth2 token pair from auth code.
    195   static const char kOAuth2CodeToTokenPairBodyFormat[];
    196   // The format of the POST body to revoke an OAuth2 token.
    197   static const char kOAuth2RevokeTokenBodyFormat[];
    198   // The format of the POST body for GetUserInfo.
    199   static const char kGetUserInfoFormat[];
    200   // The format of the POST body for MergeSession.
    201   static const char kMergeSessionFormat[];
    202   // The format of the URL for UberAuthToken.
    203   static const char kUberAuthTokenURLFormat[];
    204   // The format of the body for OAuthLogin.
    205   static const char kOAuthLoginFormat[];
    206 
    207   // Constants for parsing ClientLogin errors.
    208   static const char kAccountDeletedError[];
    209   static const char kAccountDeletedErrorCode[];
    210   static const char kAccountDisabledError[];
    211   static const char kAccountDisabledErrorCode[];
    212   static const char kBadAuthenticationError[];
    213   static const char kBadAuthenticationErrorCode[];
    214   static const char kCaptchaError[];
    215   static const char kCaptchaErrorCode[];
    216   static const char kServiceUnavailableError[];
    217   static const char kServiceUnavailableErrorCode[];
    218   static const char kErrorParam[];
    219   static const char kErrorUrlParam[];
    220   static const char kCaptchaUrlParam[];
    221   static const char kCaptchaTokenParam[];
    222 
    223   // Constants for parsing ClientOAuth errors.
    224   static const char kNeedsAdditional[];
    225   static const char kCaptcha[];
    226   static const char kTwoFactor[];
    227 
    228   // Constants for request/response for OAuth2 requests.
    229   static const char kAuthHeaderFormat[];
    230   static const char kOAuthHeaderFormat[];
    231   static const char kOAuth2BearerHeaderFormat[];
    232   static const char kClientLoginToOAuth2CookiePartSecure[];
    233   static const char kClientLoginToOAuth2CookiePartHttpOnly[];
    234   static const char kClientLoginToOAuth2CookiePartCodePrefix[];
    235   static const int kClientLoginToOAuth2CookiePartCodePrefixLength;
    236 
    237   // Process the results of a ClientLogin fetch.
    238   void OnClientLoginFetched(const std::string& data,
    239                             const net::URLRequestStatus& status,
    240                             int response_code);
    241 
    242   void OnIssueAuthTokenFetched(const std::string& data,
    243                                const net::URLRequestStatus& status,
    244                                int response_code);
    245 
    246   void OnClientLoginToOAuth2Fetched(const std::string& data,
    247                                     const net::ResponseCookies& cookies,
    248                                     const net::URLRequestStatus& status,
    249                                     int response_code);
    250 
    251   void OnOAuth2TokenPairFetched(const std::string& data,
    252                                 const net::URLRequestStatus& status,
    253                                 int response_code);
    254 
    255   void OnOAuth2RevokeTokenFetched(const std::string& data,
    256                                   const net::URLRequestStatus& status,
    257                                   int response_code);
    258 
    259   void OnListAccountsFetched(const std::string& data,
    260                              const net::URLRequestStatus& status,
    261                              int response_code);
    262 
    263   void OnGetUserInfoFetched(const std::string& data,
    264                             const net::URLRequestStatus& status,
    265                             int response_code);
    266 
    267   void OnMergeSessionFetched(const std::string& data,
    268                              const net::URLRequestStatus& status,
    269                              int response_code);
    270 
    271   void OnUberAuthTokenFetch(const std::string& data,
    272                             const net::URLRequestStatus& status,
    273                             int response_code);
    274 
    275   void OnOAuthLoginFetched(const std::string& data,
    276                            const net::URLRequestStatus& status,
    277                            int response_code);
    278 
    279   // Tokenize the results of a ClientLogin fetch.
    280   static void ParseClientLoginResponse(const std::string& data,
    281                                        std::string* sid,
    282                                        std::string* lsid,
    283                                        std::string* token);
    284 
    285   static void ParseClientLoginFailure(const std::string& data,
    286                                       std::string* error,
    287                                       std::string* error_url,
    288                                       std::string* captcha_url,
    289                                       std::string* captcha_token);
    290 
    291   // Parse ClientLogin to OAuth2 response.
    292   static bool ParseClientLoginToOAuth2Response(
    293       const net::ResponseCookies& cookies,
    294       std::string* auth_code);
    295 
    296   static bool ParseClientLoginToOAuth2Cookie(const std::string& cookie,
    297                                              std::string* auth_code);
    298 
    299   // Is this a special case Gaia error for TwoFactor auth?
    300   static bool IsSecondFactorSuccess(const std::string& alleged_error);
    301 
    302   // Given parameters, create a ClientLogin request body.
    303   static std::string MakeClientLoginBody(
    304       const std::string& username,
    305       const std::string& password,
    306       const std::string& source,
    307       const char* const service,
    308       const std::string& login_token,
    309       const std::string& login_captcha,
    310       HostedAccountsSetting allow_hosted_accounts);
    311   // Supply the sid / lsid returned from ClientLogin in order to
    312   // request a long lived auth token for a service.
    313   static std::string MakeIssueAuthTokenBody(const std::string& sid,
    314                                             const std::string& lsid,
    315                                             const char* const service);
    316   // Create body to get OAuth2 auth code.
    317   static std::string MakeGetAuthCodeBody();
    318   // Given auth code, create body to get OAuth2 token pair.
    319   static std::string MakeGetTokenPairBody(const std::string& auth_code);
    320   // Given an OAuth2 token, create body to revoke the token.
    321   std::string MakeRevokeTokenBody(const std::string& auth_token);
    322   // Supply the lsid returned from ClientLogin in order to fetch
    323   // user information.
    324   static std::string MakeGetUserInfoBody(const std::string& lsid);
    325 
    326   // Supply the authentication token returned from StartIssueAuthToken.
    327   static std::string MakeMergeSessionBody(const std::string& auth_token,
    328                                        const std::string& continue_url,
    329                                        const std::string& source);
    330 
    331   static std::string MakeGetAuthCodeHeader(const std::string& auth_token);
    332 
    333   static std::string MakeOAuthLoginBody(const std::string& service,
    334                                         const std::string& source);
    335 
    336   // Create a fetcher usable for making any Gaia request.  |body| is used
    337   // as the body of the POST request sent to GAIA.  Any strings listed in
    338   // |headers| are added as extra HTTP headers in the request.
    339   //
    340   // |load_flags| are passed to directly to net::URLFetcher::Create() when
    341   // creating the URL fetcher.
    342   static net::URLFetcher* CreateGaiaFetcher(
    343       net::URLRequestContextGetter* getter,
    344       const std::string& body,
    345       const std::string& headers,
    346       const GURL& gaia_gurl,
    347       int load_flags,
    348       net::URLFetcherDelegate* delegate);
    349 
    350   // From a URLFetcher result, generate an appropriate error.
    351   // From the API documentation, both IssueAuthToken and ClientLogin have
    352   // the same error returns.
    353   static GoogleServiceAuthError GenerateAuthError(
    354       const std::string& data,
    355       const net::URLRequestStatus& status);
    356 
    357   // These fields are common to GaiaAuthFetcher, same every request
    358   GaiaAuthConsumer* const consumer_;
    359   net::URLRequestContextGetter* const getter_;
    360   std::string source_;
    361   const GURL client_login_gurl_;
    362   const GURL issue_auth_token_gurl_;
    363   const GURL oauth2_token_gurl_;
    364   const GURL oauth2_revoke_gurl_;
    365   const GURL get_user_info_gurl_;
    366   const GURL merge_session_gurl_;
    367   const GURL uberauth_token_gurl_;
    368   const GURL oauth_login_gurl_;
    369   const GURL list_accounts_gurl_;
    370 
    371   // While a fetch is going on:
    372   scoped_ptr<net::URLFetcher> fetcher_;
    373   GURL client_login_to_oauth2_gurl_;
    374   std::string request_body_;
    375   std::string requested_service_; // Currently tracked for IssueAuthToken only.
    376   bool fetch_pending_;
    377 
    378   friend class GaiaAuthFetcherTest;
    379   FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, CaptchaParse);
    380   FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, AccountDeletedError);
    381   FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, AccountDisabledError);
    382   FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, BadAuthenticationError);
    383   FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, IncomprehensibleError);
    384   FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, ServiceUnavailableError);
    385   FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, CheckNormalErrorCode);
    386   FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, CheckTwoFactorResponse);
    387   FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, LoginNetFailure);
    388   FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest,
    389       ParseClientLoginToOAuth2Response);
    390   FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, ParseOAuth2TokenPairResponse);
    391   FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, ClientOAuthSuccess);
    392   FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, ClientOAuthWithQuote);
    393   FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, ClientOAuthChallengeSuccess);
    394   FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, ClientOAuthChallengeQuote);
    395 
    396   DISALLOW_COPY_AND_ASSIGN(GaiaAuthFetcher);
    397 };
    398 
    399 #endif  // GOOGLE_APIS_GAIA_GAIA_AUTH_FETCHER_H_
    400