1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef GOOGLE_APIS_GAIA_GAIA_AUTH_FETCHER_H_ 6 #define GOOGLE_APIS_GAIA_GAIA_AUTH_FETCHER_H_ 7 8 #include <string> 9 #include <vector> 10 11 #include "base/gtest_prod_util.h" 12 #include "base/memory/scoped_ptr.h" 13 #include "google_apis/gaia/gaia_auth_consumer.h" 14 #include "google_apis/gaia/google_service_auth_error.h" 15 #include "net/url_request/url_fetcher_delegate.h" 16 #include "url/gurl.h" 17 18 // Authenticate a user against the Google Accounts ClientLogin API 19 // with various capabilities and return results to a GaiaAuthConsumer. 20 // 21 // In the future, we will also issue auth tokens from this class. 22 // This class should be used on a single thread, but it can be whichever thread 23 // that you like. 24 // 25 // This class can handle one request at a time on any thread. To parallelize 26 // requests, create multiple GaiaAuthFetcher's. 27 28 class GaiaAuthFetcherTest; 29 30 namespace net { 31 class URLFetcher; 32 class URLRequestContextGetter; 33 class URLRequestStatus; 34 } 35 36 class GaiaAuthFetcher : public net::URLFetcherDelegate { 37 public: 38 enum HostedAccountsSetting { 39 HostedAccountsAllowed, 40 HostedAccountsNotAllowed 41 }; 42 43 // Magic string indicating that, while a second factor is still 44 // needed to complete authentication, the user provided the right password. 45 static const char kSecondFactor[]; 46 47 // This will later be hidden behind an auth service which caches 48 // tokens. 49 GaiaAuthFetcher(GaiaAuthConsumer* consumer, 50 const std::string& source, 51 net::URLRequestContextGetter* getter); 52 virtual ~GaiaAuthFetcher(); 53 54 // Start a request to obtain the SID and LSID cookies for the the account 55 // identified by |username| and |password|. If |service| is not null or 56 // empty, then also obtains a service token for specified service. 57 // 58 // If this is a second call because of captcha challenge, then the 59 // |login_token| and |login_captcha| arugment should correspond to the 60 // solution of the challenge. 61 // 62 // Either OnClientLoginSuccess or OnClientLoginFailure will be 63 // called on the consumer on the original thread. 64 void StartClientLogin(const std::string& username, 65 const std::string& password, 66 const char* const service, 67 const std::string& login_token, 68 const std::string& login_captcha, 69 HostedAccountsSetting allow_hosted_accounts); 70 71 // Start a request to obtain service token for the the account identified by 72 // |sid| and |lsid| and the |service|. 73 // 74 // Either OnIssueAuthTokenSuccess or OnIssueAuthTokenFailure will be 75 // called on the consumer on the original thread. 76 void StartIssueAuthToken(const std::string& sid, 77 const std::string& lsid, 78 const char* const service); 79 80 // Start a request to obtain |service| token for the the account identified by 81 // |uber_token|. 82 // 83 // Either OnIssueAuthTokenSuccess or OnIssueAuthTokenFailure will be 84 // called on the consumer on the original thread. 85 void StartTokenAuth(const std::string& uber_token, 86 const char* const service); 87 88 // Start a request to obtain service token for the the account identified by 89 // |oauth2_access_token| and the |service|. 90 // 91 // Either OnIssueAuthTokenSuccess or OnIssueAuthTokenFailure will be 92 // called on the consumer on the original thread. 93 void StartIssueAuthTokenForOAuth2(const std::string& oauth2_access_token, 94 const char* const service); 95 96 // Start a request to exchange an "lso" service token given by |auth_token| 97 // for an OAuthLogin-scoped oauth2 token. 98 // 99 // Either OnClientOAuthSuccess or OnClientOAuthFailure will be 100 // called on the consumer on the original thread. 101 void StartLsoForOAuthLoginTokenExchange(const std::string& auth_token); 102 103 // Start a request to revoke |auth_token|. 104 // 105 // OnOAuth2RevokeTokenCompleted will be called on the consumer on the original 106 // thread. 107 void StartRevokeOAuth2Token(const std::string& auth_token); 108 109 // Start a request to exchange the cookies of a signed-in user session 110 // for an OAuthLogin-scoped oauth2 token. In the case of a session with 111 // multiple accounts signed in, |session_index| indicate the which of accounts 112 // within the session. 113 // 114 // Either OnClientOAuthSuccess or OnClientOAuthFailure will be 115 // called on the consumer on the original thread. 116 void StartCookieForOAuthLoginTokenExchange(const std::string& session_index); 117 118 // Start a request to exchange the authorization code for an OAuthLogin-scoped 119 // oauth2 token. 120 // 121 // Either OnClientOAuthSuccess or OnClientOAuthFailure will be 122 // called on the consumer on the original thread. 123 void StartAuthCodeForOAuth2TokenExchange(const std::string& auth_code); 124 125 // Start a request to get user info for the account identified by |lsid|. 126 // 127 // Either OnGetUserInfoSuccess or OnGetUserInfoFailure will be 128 // called on the consumer on the original thread. 129 void StartGetUserInfo(const std::string& lsid); 130 131 // Start a MergeSession request to pre-login the user with the given 132 // credentials. 133 // 134 // Start a MergeSession request to fill the browsing cookie jar with 135 // credentials represented by the account whose uber-auth token is 136 // |uber_token|. This method will modify the cookies of the current profile. 137 // 138 // Either OnMergeSessionSuccess or OnMergeSessionFailure will be 139 // called on the consumer on the original thread. 140 void StartMergeSession(const std::string& uber_token); 141 142 // Start a request to exchange an OAuthLogin-scoped oauth2 access token for an 143 // uber-auth token. The returned token can be used with the method 144 // StartMergeSession(). 145 // 146 // Either OnUberAuthTokenSuccess or OnUberAuthTokenFailure will be 147 // called on the consumer on the original thread. 148 void StartTokenFetchForUberAuthExchange(const std::string& access_token); 149 150 // Start a request to exchange an OAuthLogin-scoped oauth2 access token for a 151 // ClientLogin-style service tokens. The response to this request is the 152 // same as the response to a ClientLogin request, except that captcha 153 // challenges are never issued. 154 // 155 // Either OnClientLoginSuccess or OnClientLoginFailure will be 156 // called on the consumer on the original thread. If |service| is empty, 157 // the call will attempt to fetch uber auth token. 158 void StartOAuthLogin(const std::string& access_token, 159 const std::string& service); 160 161 // Starts a request to list the accounts in the GAIA cookie. 162 void StartListAccounts(); 163 164 // Implementation of net::URLFetcherDelegate 165 virtual void OnURLFetchComplete(const net::URLFetcher* source) OVERRIDE; 166 167 // StartClientLogin been called && results not back yet? 168 bool HasPendingFetch(); 169 170 // Stop any URL fetches in progress. 171 void CancelRequest(); 172 173 // From a URLFetcher result, generate an appropriate error. 174 // From the API documentation, both IssueAuthToken and ClientLogin have 175 // the same error returns. 176 static GoogleServiceAuthError GenerateOAuthLoginError( 177 const std::string& data, 178 const net::URLRequestStatus& status); 179 180 private: 181 // ClientLogin body constants that don't change 182 static const char kCookiePersistence[]; 183 static const char kAccountTypeHostedOrGoogle[]; 184 static const char kAccountTypeGoogle[]; 185 186 // The format of the POST body for ClientLogin. 187 static const char kClientLoginFormat[]; 188 // The format of said POST body when CAPTCHA token & answer are specified. 189 static const char kClientLoginCaptchaFormat[]; 190 // The format of the POST body for IssueAuthToken. 191 static const char kIssueAuthTokenFormat[]; 192 // The format of the POST body to get OAuth2 auth code from auth token. 193 static const char kClientLoginToOAuth2BodyFormat[]; 194 // The format of the POST body to get OAuth2 token pair from auth code. 195 static const char kOAuth2CodeToTokenPairBodyFormat[]; 196 // The format of the POST body to revoke an OAuth2 token. 197 static const char kOAuth2RevokeTokenBodyFormat[]; 198 // The format of the POST body for GetUserInfo. 199 static const char kGetUserInfoFormat[]; 200 // The format of the POST body for MergeSession. 201 static const char kMergeSessionFormat[]; 202 // The format of the URL for UberAuthToken. 203 static const char kUberAuthTokenURLFormat[]; 204 // The format of the body for OAuthLogin. 205 static const char kOAuthLoginFormat[]; 206 207 // Constants for parsing ClientLogin errors. 208 static const char kAccountDeletedError[]; 209 static const char kAccountDeletedErrorCode[]; 210 static const char kAccountDisabledError[]; 211 static const char kAccountDisabledErrorCode[]; 212 static const char kBadAuthenticationError[]; 213 static const char kBadAuthenticationErrorCode[]; 214 static const char kCaptchaError[]; 215 static const char kCaptchaErrorCode[]; 216 static const char kServiceUnavailableError[]; 217 static const char kServiceUnavailableErrorCode[]; 218 static const char kErrorParam[]; 219 static const char kErrorUrlParam[]; 220 static const char kCaptchaUrlParam[]; 221 static const char kCaptchaTokenParam[]; 222 223 // Constants for parsing ClientOAuth errors. 224 static const char kNeedsAdditional[]; 225 static const char kCaptcha[]; 226 static const char kTwoFactor[]; 227 228 // Constants for request/response for OAuth2 requests. 229 static const char kAuthHeaderFormat[]; 230 static const char kOAuthHeaderFormat[]; 231 static const char kOAuth2BearerHeaderFormat[]; 232 static const char kClientLoginToOAuth2CookiePartSecure[]; 233 static const char kClientLoginToOAuth2CookiePartHttpOnly[]; 234 static const char kClientLoginToOAuth2CookiePartCodePrefix[]; 235 static const int kClientLoginToOAuth2CookiePartCodePrefixLength; 236 237 // Process the results of a ClientLogin fetch. 238 void OnClientLoginFetched(const std::string& data, 239 const net::URLRequestStatus& status, 240 int response_code); 241 242 void OnIssueAuthTokenFetched(const std::string& data, 243 const net::URLRequestStatus& status, 244 int response_code); 245 246 void OnClientLoginToOAuth2Fetched(const std::string& data, 247 const net::ResponseCookies& cookies, 248 const net::URLRequestStatus& status, 249 int response_code); 250 251 void OnOAuth2TokenPairFetched(const std::string& data, 252 const net::URLRequestStatus& status, 253 int response_code); 254 255 void OnOAuth2RevokeTokenFetched(const std::string& data, 256 const net::URLRequestStatus& status, 257 int response_code); 258 259 void OnListAccountsFetched(const std::string& data, 260 const net::URLRequestStatus& status, 261 int response_code); 262 263 void OnGetUserInfoFetched(const std::string& data, 264 const net::URLRequestStatus& status, 265 int response_code); 266 267 void OnMergeSessionFetched(const std::string& data, 268 const net::URLRequestStatus& status, 269 int response_code); 270 271 void OnUberAuthTokenFetch(const std::string& data, 272 const net::URLRequestStatus& status, 273 int response_code); 274 275 void OnOAuthLoginFetched(const std::string& data, 276 const net::URLRequestStatus& status, 277 int response_code); 278 279 // Tokenize the results of a ClientLogin fetch. 280 static void ParseClientLoginResponse(const std::string& data, 281 std::string* sid, 282 std::string* lsid, 283 std::string* token); 284 285 static void ParseClientLoginFailure(const std::string& data, 286 std::string* error, 287 std::string* error_url, 288 std::string* captcha_url, 289 std::string* captcha_token); 290 291 // Parse ClientLogin to OAuth2 response. 292 static bool ParseClientLoginToOAuth2Response( 293 const net::ResponseCookies& cookies, 294 std::string* auth_code); 295 296 static bool ParseClientLoginToOAuth2Cookie(const std::string& cookie, 297 std::string* auth_code); 298 299 // Is this a special case Gaia error for TwoFactor auth? 300 static bool IsSecondFactorSuccess(const std::string& alleged_error); 301 302 // Given parameters, create a ClientLogin request body. 303 static std::string MakeClientLoginBody( 304 const std::string& username, 305 const std::string& password, 306 const std::string& source, 307 const char* const service, 308 const std::string& login_token, 309 const std::string& login_captcha, 310 HostedAccountsSetting allow_hosted_accounts); 311 // Supply the sid / lsid returned from ClientLogin in order to 312 // request a long lived auth token for a service. 313 static std::string MakeIssueAuthTokenBody(const std::string& sid, 314 const std::string& lsid, 315 const char* const service); 316 // Create body to get OAuth2 auth code. 317 static std::string MakeGetAuthCodeBody(); 318 // Given auth code, create body to get OAuth2 token pair. 319 static std::string MakeGetTokenPairBody(const std::string& auth_code); 320 // Given an OAuth2 token, create body to revoke the token. 321 std::string MakeRevokeTokenBody(const std::string& auth_token); 322 // Supply the lsid returned from ClientLogin in order to fetch 323 // user information. 324 static std::string MakeGetUserInfoBody(const std::string& lsid); 325 326 // Supply the authentication token returned from StartIssueAuthToken. 327 static std::string MakeMergeSessionBody(const std::string& auth_token, 328 const std::string& continue_url, 329 const std::string& source); 330 331 static std::string MakeGetAuthCodeHeader(const std::string& auth_token); 332 333 static std::string MakeOAuthLoginBody(const std::string& service, 334 const std::string& source); 335 336 // Create a fetcher usable for making any Gaia request. |body| is used 337 // as the body of the POST request sent to GAIA. Any strings listed in 338 // |headers| are added as extra HTTP headers in the request. 339 // 340 // |load_flags| are passed to directly to net::URLFetcher::Create() when 341 // creating the URL fetcher. 342 static net::URLFetcher* CreateGaiaFetcher( 343 net::URLRequestContextGetter* getter, 344 const std::string& body, 345 const std::string& headers, 346 const GURL& gaia_gurl, 347 int load_flags, 348 net::URLFetcherDelegate* delegate); 349 350 // From a URLFetcher result, generate an appropriate error. 351 // From the API documentation, both IssueAuthToken and ClientLogin have 352 // the same error returns. 353 static GoogleServiceAuthError GenerateAuthError( 354 const std::string& data, 355 const net::URLRequestStatus& status); 356 357 // These fields are common to GaiaAuthFetcher, same every request 358 GaiaAuthConsumer* const consumer_; 359 net::URLRequestContextGetter* const getter_; 360 std::string source_; 361 const GURL client_login_gurl_; 362 const GURL issue_auth_token_gurl_; 363 const GURL oauth2_token_gurl_; 364 const GURL oauth2_revoke_gurl_; 365 const GURL get_user_info_gurl_; 366 const GURL merge_session_gurl_; 367 const GURL uberauth_token_gurl_; 368 const GURL oauth_login_gurl_; 369 const GURL list_accounts_gurl_; 370 371 // While a fetch is going on: 372 scoped_ptr<net::URLFetcher> fetcher_; 373 GURL client_login_to_oauth2_gurl_; 374 std::string request_body_; 375 std::string requested_service_; // Currently tracked for IssueAuthToken only. 376 bool fetch_pending_; 377 378 friend class GaiaAuthFetcherTest; 379 FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, CaptchaParse); 380 FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, AccountDeletedError); 381 FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, AccountDisabledError); 382 FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, BadAuthenticationError); 383 FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, IncomprehensibleError); 384 FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, ServiceUnavailableError); 385 FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, CheckNormalErrorCode); 386 FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, CheckTwoFactorResponse); 387 FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, LoginNetFailure); 388 FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, 389 ParseClientLoginToOAuth2Response); 390 FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, ParseOAuth2TokenPairResponse); 391 FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, ClientOAuthSuccess); 392 FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, ClientOAuthWithQuote); 393 FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, ClientOAuthChallengeSuccess); 394 FRIEND_TEST_ALL_PREFIXES(GaiaAuthFetcherTest, ClientOAuthChallengeQuote); 395 396 DISALLOW_COPY_AND_ASSIGN(GaiaAuthFetcher); 397 }; 398 399 #endif // GOOGLE_APIS_GAIA_GAIA_AUTH_FETCHER_H_ 400