[cleanup] SAML is always enabled.

Removed "disable-saml-signin" flag and non-SAML auth extension manifest.
Now SAML is always enabled for both desktop and Chrome OS.
Plus:
* Prevented potential races during extension initialization.
* Made "manifest_keyboard.json" up to date with "manifest.json".

BUG=394342
TEST=none
TBR=jochen (c/b/browser_resources.grd)

Review URL: https://codereview.chromium.org/384003002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@284120 0039d316-1c4b-4281-b951-d872f2087c98

chrome/app/generated_resources.grd

@@ -6103,12 +6103,6 @@ Keep your key file in a safe place. You will need it to create new versions of y
         <message name="IDS_FLAGS_DISABLE_BOOT_ANIMATION_DESCRIPTION" desc="Description for the flag to disable wallpaper boot animation (except for OOBE).">
           Disables wallpaper boot animation (except for OOBE case).
         </message>
-        <message name="IDS_FLAGS_DISABLE_SAML_SIGNIN_NAME" desc="Name for the flag to disable SAML sign-in support.">
-          Disable SAML sign-in.
-        </message>
-        <message name="IDS_FLAGS_DISABLE_SAML_SIGNIN_DESCRIPTION" desc="Description for the flag to disables SAML sign-in support.">
-          Disables SAML sign-in support for Chrome OS sign-in.
-        </message>
       </if>
       <message name="IDS_FLAGS_DISABLE_ACCELERATED_VIDEO_DECODE_NAME" desc="Name of the flag to disable accelerated video decode where available.">
         Disable hardware-accelerated video decode.

chrome/browser/about_flags.cc

@@ -1032,13 +1032,6 @@ const Experiment kExperiments[] = {
     kOsCrOS,
     SINGLE_VALUE_TYPE(chromeos::switches::kDisableOfficeEditingComponentApp),
   },
-  {
-    "disable-saml-signin",
-    IDS_FLAGS_DISABLE_SAML_SIGNIN_NAME,
-    IDS_FLAGS_DISABLE_SAML_SIGNIN_DESCRIPTION,
-    kOsCrOS,
-    SINGLE_VALUE_TYPE(chromeos::switches::kDisableSamlSignin),
-  },
   {
     "disable-display-color-calibration",
     IDS_FLAGS_DISABLE_DISPLAY_COLOR_CALIBRATION_NAME,

chrome/browser/browser_resources.grd

@@ -303,7 +303,6 @@
       <include name="IDR_CRYPTOTOKEN_MANIFEST" file="resources\cryptotoken\manifest.json" type="BINDATA" />
       <include name="IDR_GAIA_AUTH_MANIFEST" file="resources\gaia_auth\manifest.json" type="BINDATA" />
       <include name="IDR_GAIA_AUTH_KEYBOARD_MANIFEST" file="resources\gaia_auth\manifest_keyboard.json" type="BINDATA" />
-      <include name="IDR_GAIA_AUTH_SAML_MANIFEST" file="resources\gaia_auth\manifest_saml.json" type="BINDATA" />
       <if expr="chromeos">
         <include name="IDR_CHOOSE_MOBILE_NETWORK_HTML" file="resources\chromeos\choose_mobile_network.html" flattenhtml="true" allowexternalscript="true" type="BINDATA" />
         <include name="IDR_CHOOSE_MOBILE_NETWORK_JS" file="resources\chromeos\choose_mobile_network.js" type="BINDATA" />

chrome/browser/extensions/signin/gaia_auth_extension_loader.cc

@@ -20,12 +20,7 @@
 #include "grit/browser_resources.h"
 
 #if defined(OS_CHROMEOS)
-#include "base/file_util.h"
-#include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/chromeos/system/input_device_settings.h"
-#include "chromeos/chromeos_constants.h"
-#include "chromeos/chromeos_switches.h"
-#include "components/signin/core/common/profile_management_switches.h"
 #endif
 
 using content::BrowserContext;
@@ -52,19 +47,13 @@ void LoadGaiaAuthExtension(BrowserContext* context) {
     return;
   }
 
-#if defined(OS_CHROMEOS)
   int manifest_resource_id = IDR_GAIA_AUTH_MANIFEST;
+
+#if defined(OS_CHROMEOS)
   if (chromeos::system::InputDeviceSettings::Get()
           ->ForceKeyboardDrivenUINavigation()) {
     manifest_resource_id = IDR_GAIA_AUTH_KEYBOARD_MANIFEST;
-  } else if (!command_line->HasSwitch(chromeos::switches::kDisableSamlSignin) ||
-             (switches::IsNewProfileManagement() &&
-              context->GetPath() !=
-                  chromeos::ProfileHelper::GetSigninProfileDir())) {
-    manifest_resource_id = IDR_GAIA_AUTH_SAML_MANIFEST;
   }
-#else
-  int manifest_resource_id = IDR_GAIA_AUTH_SAML_MANIFEST;
 #endif
 
   component_loader->Add(manifest_resource_id,

chrome/browser/resources/gaia_auth/main.js

@@ -63,7 +63,7 @@ Authenticator.prototype = {
   intputEmail_: undefined,
 
   isSAMLFlow_: false,
-  isSAMLEnabled_: false,
+  gaiaLoaded_: false,
   supportChannel_: null,
 
   GAIA_URL: 'https://accounts.google.com/',
@@ -87,12 +87,15 @@ Authenticator.prototype = {
     this.initialFrameUrl_ = params.frameUrl || this.constructInitialFrameUrl_();
     this.initialFrameUrlWithoutParams_ = stripParams(this.initialFrameUrl_);
 
+    // For CrOS 'ServiceLogin' we assume that Gaia is loaded if we recieved
+    // 'clearOldAttempts' message. For other scenarios Gaia doesn't send this
+    // message so we have to rely on 'load' event.
+    // TODO(dzhioev): Do not rely on 'load' event after b/16313327 is fixed.
+    this.assumeLoadedOnLoadEvent_ =
+        this.gaiaPath_.indexOf('ServiceLogin') !== 0 ||
+        this.service_ !== 'chromeoslogin';
+
     document.addEventListener('DOMContentLoaded', this.onPageLoad_.bind(this));
-    if (!this.desktopMode_) {
-      // SAML is always enabled in desktop mode, thus no need to listen for
-      // enableSAML event.
-      document.addEventListener('enableSAML', this.onEnableSAML_.bind(this));
-    }
   },
 
   isGaiaMessage_: function(msg) {
@@ -125,56 +128,67 @@ Authenticator.prototype = {
 
   onPageLoad_: function() {
     window.addEventListener('message', this.onMessage.bind(this), false);
+    this.initSupportChannel_();
 
     var gaiaFrame = $('gaia-frame');
     gaiaFrame.src = this.initialFrameUrl_;
 
-    if (this.desktopMode_) {
+    if (this.assumeLoadedOnLoadEvent_) {
       var handler = function() {
-        this.onLoginUILoaded_();
         gaiaFrame.removeEventListener('load', handler);
-
-        this.initDesktopChannel_();
+        if (!this.gaiaLoaded_) {
+          this.gaiaLoaded_ = true;
+          this.maybeInitialized_();
+        }
       }.bind(this);
       gaiaFrame.addEventListener('load', handler);
     }
   },
 
-  initDesktopChannel_: function() {
-    this.supportChannel_ = new Channel();
-    this.supportChannel_.connect('authMain');
-
-    var channelConnected = false;
-    this.supportChannel_.registerMessage('channelConnected', function() {
-      channelConnected = true;
+  initSupportChannel_: function() {
+    var supportChannel = new Channel();
+    supportChannel.connect('authMain');
 
-      this.supportChannel_.send({
-        name: 'initDesktopFlow',
-        gaiaUrl: this.gaiaUrl_,
-        continueUrl: stripParams(this.continueUrl_),
-        isConstrainedWindow: this.isConstrainedWindow_
-      });
-      this.supportChannel_.registerMessage(
-          'switchToFullTab', this.switchToFullTab_.bind(this));
-      this.supportChannel_.registerMessage(
-          'completeLogin', this.completeLogin_.bind(this));
-
-      this.onEnableSAML_();
+    supportChannel.registerMessage('channelConnected', function() {
+      if (this.supportChannel_) {
+        console.error('Support channel is already initialized.');
+        return;
+      }
+      this.supportChannel_ = supportChannel;
+
+      if (this.desktopMode_) {
+        this.supportChannel_.send({
+          name: 'initDesktopFlow',
+          gaiaUrl: this.gaiaUrl_,
+          continueUrl: stripParams(this.continueUrl_),
+          isConstrainedWindow: this.isConstrainedWindow_
+        });
+        this.supportChannel_.registerMessage(
+            'switchToFullTab', this.switchToFullTab_.bind(this));
+        this.supportChannel_.registerMessage(
+            'completeLogin', this.completeLogin_.bind(this));
+      }
+      this.initSAML_();
+      this.maybeInitialized_();
     }.bind(this));
 
     window.setTimeout(function() {
-      if (!channelConnected) {
+      if (!this.supportChannel_) {
         // Re-initialize the channel if it is not connected properly, e.g.
         // connect may be called before background script started running.
-        this.initDesktopChannel_();
+        this.initSupportChannel_();
       }
     }.bind(this), 200);
   },
 
   /**
-   * Invoked when the login UI is initialized or reset.
+   * Called when one of the initialization stages has finished. If all the
+   * needed parts are initialized, notifies parent about successfull
+   * initialization.
    */
-  onLoginUILoaded_: function() {
+  maybeInitialized_: function() {
+    if (!this.gaiaLoaded_ || !this.supportChannel_)
+      return;
     var msg = {
       'method': 'loginUILoaded'
     };
@@ -210,23 +224,15 @@ Authenticator.prototype = {
       'sessionIndex': opt_extraMsg && opt_extraMsg.sessionIndex
     };
     window.parent.postMessage(msg, this.parentPage_);
-    if (this.isSAMLEnabled_)
-      this.supportChannel_.send({name: 'resetAuth'});
+    this.supportChannel_.send({name: 'resetAuth'});
   },
 
   /**
-   * Invoked when 'enableSAML' event is received to initialize SAML support on
-   * Chrome OS, or when initDesktopChannel_ is called on desktop.
+   * Invoked when support channel is connected.
    */
-  onEnableSAML_: function() {
-    this.isSAMLEnabled_ = true;
+  initSAML_: function() {
     this.isSAMLFlow_ = false;
 
-    if (!this.supportChannel_) {
-      this.supportChannel_ = new Channel();
-      this.supportChannel_.connect('authMain');
-    }
-
     this.supportChannel_.registerMessage(
         'onAuthPageLoaded', this.onAuthPageLoaded_.bind(this));
     this.supportChannel_.registerMessage(
@@ -400,15 +406,20 @@ Authenticator.prototype = {
       this.attemptToken_ = msg.attemptToken;
       this.chooseWhatToSync_ = msg.chooseWhatToSync;
       this.isSAMLFlow_ = false;
-      if (this.isSAMLEnabled_)
+      if (this.supportChannel_)
         this.supportChannel_.send({name: 'startAuth'});
+      else
+        console.error('Support channel is not initialized.');
     } else if (msg.method == 'clearOldAttempts' && this.isGaiaMessage_(e)) {
+      if (!this.gaiaLoaded_) {
+        this.gaiaLoaded_ = true;
+        this.maybeInitialized_();
+      }
       this.email_ = null;
       this.passwordBytes_ = null;
       this.attemptToken_ = null;
       this.isSAMLFlow_ = false;
-      this.onLoginUILoaded_();
-      if (this.isSAMLEnabled_)
+      if (this.supportChannel_)
         this.supportChannel_.send({name: 'resetAuth'});
     } else if (msg.method == 'setAuthenticatedUserEmail' &&
                this.isParentMessage_(e)) {

chrome/browser/resources/gaia_auth/manifest.json

@@ -4,6 +4,18 @@
   "name": "GaiaAuthExtension",
   "version": "0.0.1",
   "manifest_version": 2,
+  "background" : {
+    "scripts": ["background.js", "channel.js"]
+  },
+  "content_scripts": [
+    {
+      "matches": [
+        "<all_urls>"
+      ],
+      "js": ["channel.js", "saml_injected.js"],
+      "all_frames": true
+    }
+  ],
   "content_security_policy": "default-src 'self'; script-src 'self'; frame-src *; style-src 'self' 'unsafe-inline'",
   "description": "GAIA Component Extension",
   "web_accessible_resources": [
@@ -17,12 +29,9 @@
     "success.js",
     "util.js"
   ],
-  // cookies for getting hash passed back from GAIA on login success
-  // tabs for calling current webui's login. This might not be needed once
-  //     we have extension API
   "permissions": [
-      "cookies",
-      "tabs",
-      "chrome://oobe/"
+    "<all_urls>",
+    "webRequest",
+    "webRequestBlocking"
   ]
 }

chrome/browser/resources/gaia_auth/manifest_keyboard.json

@@ -4,7 +4,17 @@
   "name": "GaiaAuthExtension",
   "version": "0.0.1",
   "manifest_version": 2,
+  "background" : {
+    "scripts": ["background.js", "channel.js"]
+  },
   "content_scripts": [
+    {
+      "matches": [
+        "<all_urls>"
+      ],
+      "js": ["channel.js", "saml_injected.js"],
+      "all_frames": true
+    },
     {
       "matches": [
           "https://www.google.com/accounts/*",
@@ -27,14 +37,9 @@
     "success.js",
     "util.js"
   ],
-  // cookies for getting hash passed back from GAIA on login success
-  // tabs for calling current webui's login. This might not be needed once
-  //     we have extension API
   "permissions": [
-      "cookies",
-      "tabs",
-      "chrome://oobe/",
-      "https://www.google.com/accounts/*",
-      "https://accounts.google.com/*"
+    "<all_urls>",
+    "webRequest",
+    "webRequestBlocking"
   ]
 }

chrome/browser/resources/gaia_auth/manifest_saml.json

-{
-  // chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/
-  "key": "MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC4L17nAfeTd6Xhtx96WhQ6DSr8KdHeQmfzgCkieKLCgUkWdwB9G1DCuh0EPMDn1MdtSwUAT7xE36APEzi0X/UpKjOVyX8tCC3aQcLoRAE0aJAvCcGwK7qIaQaczHmHKvPC2lrRdzSoMMTC5esvHX+ZqIBMi123FOL0dGW6OPKzIwIBIw==",
-  "name": "GaiaAuthExtension",
-  "version": "0.0.1",
-  "manifest_version": 2,
-  "background" : {
-    "scripts": ["background.js", "channel.js"]
-  },
-  "content_scripts": [
-    {
-      "matches": [
-        "<all_urls>"
-      ],
-      "js": ["channel.js", "saml_injected.js"],
-      "all_frames": true
-    }
-  ],
-  "content_security_policy": "default-src 'self'; script-src 'self'; frame-src *; style-src 'self' 'unsafe-inline'",
-  "description": "GAIA Component Extension",
-  "web_accessible_resources": [
-    "main.css",
-    "main.html",
-    "main.js",
-    "offline.css",
-    "offline.html",
-    "offline.js",
-    "success.html",
-    "success.js",
-    "util.js"
-  ],
-  "permissions": [
-    "<all_urls>",
-    "webRequest",
-    "webRequestBlocking"
-  ]
-}

chrome/browser/resources/gaia_auth/saml_injected.js

@@ -133,14 +133,6 @@
     }
   };
 
-  /**
-   * Returns true if the script is injected into auth main page.
-   */
-  function isAuthMainPage() {
-    return window.location.href.indexOf(
-        'chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/main.html') == 0;
-  }
-
   /**
    * Heuristic test whether the current page is a relevant SAML page.
    * Current implementation checks if it is a http or https page and has
@@ -155,26 +147,17 @@
     return document.body.scrollWidth > 50 && document.body.scrollHeight > 50;
   }
 
-  if (isAuthMainPage()) {
-    // Use an event to signal the auth main to enable SAML support.
-    var e = document.createEvent('Event');
-    e.initEvent('enableSAML', false, false);
-    document.dispatchEvent(e);
-  } else {
-    var channel;
-    var passwordScraper;
-    if (isSAMLPage()) {
-      var pageURL = window.location.href;
-
-      channel = new Channel();
-      channel.connect('injected');
-      channel.send({name: 'pageLoaded', url: pageURL});
-
-      apiCallForwarder = new APICallForwarder();
-      apiCallForwarder.init(channel);
-
-      passwordScraper = new PasswordInputScraper();
-      passwordScraper.init(channel, pageURL, document.documentElement);
-    }
+  if (isSAMLPage()) {
+    var pageURL = window.location.href;
+
+    var channel = new Channel();
+    channel.connect('injected');
+    channel.send({name: 'pageLoaded', url: pageURL});
+
+    var apiCallForwarder = new APICallForwarder();
+    apiCallForwarder.init(channel);
+
+    var passwordScraper = new PasswordInputScraper();
+    passwordScraper.init(channel, pageURL, document.documentElement);
   }
 })();

chromeos/chromeos_switches.cc

@@ -230,9 +230,6 @@ const char kSmsTestMessages[] = "sms-test-messages";
 // This option is for testing the chromeos build of chrome on the desktop only.
 const char kStubCrosSettings[] = "stub-cros-settings";
 
-// Disables SAML sigin support.
-const char kDisableSamlSignin[] = "disable-saml-signin";
-
 // Enables animated transitions during first-run tutorial.
 const char kEnableFirstRunUITransitions[] = "enable-first-run-ui-transitions";
 

chromeos/chromeos_switches.h

@@ -38,7 +38,6 @@ CHROMEOS_EXPORT extern const char kDisableNewChannelSwitcherUI[];
 CHROMEOS_EXPORT extern const char kDisableNewKioskUI[];
 CHROMEOS_EXPORT extern const char kDisableOfficeEditingComponentApp[];
 CHROMEOS_EXPORT extern const char kDisableRollbackOption[];
-CHROMEOS_EXPORT extern const char kDisableSamlSignin[];
 CHROMEOS_EXPORT extern const char kDisableVolumeAdjustSound[];
 CHROMEOS_EXPORT extern const char kEnableCarrierSwitching[];
 CHROMEOS_EXPORT extern const char kEnableChromeVoxNext[];