signin: force web signin flow initiated visits to accounts.google.com to their own process.

chrome/browser/signin/signin_manager.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/signin_manager.h"
 
 #include <string>
 #include <vector>
 
 #include "base/callback_helpers.h"
@@ skipping 20 matching lines @@
 #include "chrome/browser/sync/sync_prefs.h"
 #include "chrome/browser/ui/global_error/global_error_service.h"
 #include "chrome/browser/ui/global_error/global_error_service_factory.h"
 #include "chrome/browser/ui/host_desktop.h"
 #include "chrome/browser/ui/webui/signin/profile_signin_confirmation_dialog.h"
 #include "chrome/common/chrome_notification_types.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/notification_service.h"
+#include "content/public/browser/render_process_host.h"
 #include "google_apis/gaia/gaia_auth_fetcher.h"
 #include "google_apis/gaia/gaia_auth_util.h"
 #include "google_apis/gaia/gaia_constants.h"
 #include "google_apis/gaia/gaia_urls.h"
 #include "net/cookies/cookie_monster.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_context_getter.h"
 #include "third_party/icu/public/i18n/unicode/regex.h"
 
 #if defined(ENABLE_CONFIGURATION_POLICY) && !defined(OS_CHROMEOS)
 #include "chrome/browser/policy/user_policy_signin_service.h"
 #include "chrome/browser/policy/user_policy_signin_service_factory.h"
 #endif
 
 using namespace signin_internals_util;
 
 using content::BrowserThread;
 
 namespace {
 
 const char kGetInfoDisplayEmailKey[] = "displayEmail";
 const char kGetInfoEmailKey[] = "email";
 
 const char kGoogleAccountsUrl[] = "https://accounts.google.com";
 
+const int kInvalidProcessId = -1;
+
 }  // namespace
 
 // This class fetches GAIA cookie on IO thread on behalf of SigninManager which
 // only lives on the UI thread.
 class SigninManagerCookieHelper
     : public base::RefCountedThreadSafe<SigninManagerCookieHelper> {
  public:
   explicit SigninManagerCookieHelper(
       net::URLRequestContextGetter* request_context_getter);
 
@@ skipping 65 matching lines @@
       BrowserThread::UI, FROM_HERE,
       base::Bind(&SigninManagerCookieHelper::NotifyOnUIThread, this, cookies));
 }
 
 void SigninManagerCookieHelper::NotifyOnUIThread(
     const net::CookieList& cookies) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   base::ResetAndReturn(&completion_callback_).Run(cookies);
 }
 
+// Under the covers, we use a dummy chrome-extension ID to serve the purposes
+// outlined in the .h file comment for this string.
+const char* SigninManager::kChromeSigninEffectiveSite =
+    "chrome-extension://acfccoigjajmmgbhpfbjnpckhjjegnih";
+
+// static
+bool SigninManager::IsWebBasedSigninFlowURL(const GURL& url) {
+  GURL effective(kChromeSigninEffectiveSite);
+  if (url.SchemeIs(effective.scheme().c_str()) &&
+      url.host() == effective.host()) {
+    return true;
+  }
+
+  GURL service_login(GaiaUrls::GetInstance()->service_login_url());
+  if (url.GetOrigin() != service_login.GetOrigin())
+    return false;
+
+  return url.path() == service_login.path();
+}
+
 // static
 bool SigninManager::AreSigninCookiesAllowed(Profile* profile) {
   CookieSettings* cookie_settings =
       CookieSettings::Factory::GetForProfile(profile);
   return AreSigninCookiesAllowed(cookie_settings);
 }
 
 // static
 bool SigninManager::AreSigninCookiesAllowed(CookieSettings* cookie_settings) {
   return cookie_settings &&
@@ skipping 32 matching lines @@
   UBool match = matcher.matches(status);
   DCHECK(U_SUCCESS(status));
   return !!match;  // !! == convert from UBool to bool.
 }
 
 SigninManager::SigninManager()
     : profile_(NULL),
       prohibit_signout_(false),
       had_two_factor_error_(false),
       type_(SIGNIN_TYPE_NONE),
-      weak_pointer_factory_(this) {
+      weak_pointer_factory_(this),
+      signin_process_id_(kInvalidProcessId) {
+}
+
+void SigninManager::SetSigninProcess(int process_id) {
+  if (process_id == signin_process_id_)
+    return;
+  DLOG_IF(WARNING, signin_process_id_ != kInvalidProcessId) <<
+      "Replacing in-use signin process.";
+  signin_process_id_ = process_id;
+  const content::RenderProcessHost* process =
+      content::RenderProcessHost::FromID(process_id);
+  DCHECK(process);
+  registrar_.Add(this,
+                 content::NOTIFICATION_RENDERER_PROCESS_TERMINATED,
+                 content::Source<content::RenderProcessHost>(process));
+}
+
+bool SigninManager::IsSigninProcess(int process_id) const {
+  return process_id == signin_process_id_;
+}
+
+bool SigninManager::HasSigninProcess() const {
+  return signin_process_id_ != kInvalidProcessId;
 }
 
 SigninManager::~SigninManager() {
   DCHECK(!signin_global_error_.get()) <<
       "SigninManager::Initialize called but not SigninManager::Shutdown";
 }
 
 void SigninManager::Initialize(Profile* profile) {
   // Should never call Initialize() twice.
   DCHECK(!IsInitialized());
@@ skipping 678 matching lines @@
       if (tok_details->service() ==
           GaiaConstants::kGaiaOAuth2LoginRefreshToken) {
         ubertoken_fetcher_.reset(new UbertokenFetcher(profile_, this));
         ubertoken_fetcher_->StartFetchingToken();
 
         // We only want to do this once per sign-in.
         CleanupNotificationRegistration();
       }
       break;
     }
+    case content::NOTIFICATION_RENDERER_PROCESS_TERMINATED: {
+      // It's possible we're listening to a "stale" renderer because it was
+      // replaced with a new process by process-per-site. In either case,
+      // stop listening to it, but only reset signin_process_id_ tracking
+      // if this was from the current signin process.
+      registrar_.Remove(this,
+                        content::NOTIFICATION_RENDERER_PROCESS_TERMINATED,
+                        source);
+      if (signin_process_id_ ==
+          content::Source<content::RenderProcessHost>(source)->GetID()) {
+        signin_process_id_ = kInvalidProcessId;
+      }
+      break;
+    }
 #endif
     default:
       NOTREACHED();
   }
 }
 
 void SigninManager::Shutdown() {
   if (signin_global_error_.get()) {
     GlobalErrorServiceFactory::GetForProfile(profile_)->RemoveGlobalError(
         signin_global_error_.get());
@@ skipping 41 matching lines @@
                     NotifySigninValueChanged(field, value));
 }
 
 void SigninManager::NotifyDiagnosticsObservers(
     const TimedSigninStatusField& field,
     const std::string& value) {
   FOR_EACH_OBSERVER(SigninDiagnosticsObserver,
                     signin_diagnostics_observers_,
                     NotifySigninValueChanged(field, value));
 }