Migrate callers to new and safer API to verify Gaia origin
No behavioral changes: gaia::IsGaiaSignonRealm() is deprecated and can be replaced with gaia::HasGaiaSchemeHostPort(), with the advantage that the caller doesn't need to invoke GURL::DeprecatedGetOriginAsURL(). Change-Id: I5b35cfe9d91e5cdf968e8df404132978de1ddc7f Bug: 1313496 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3627502 Reviewed-by: Maxim Kolosovskiy <kolos@chromium.org> Reviewed-by: David Roger <droger@chromium.org> Reviewed-by: John Abd-El-Malek <jam@chromium.org> Commit-Queue: Mikel Astiz <mastiz@chromium.org> Cr-Commit-Position: refs/heads/main@{#1002250}
This commit is contained in:
Mikel Astiz
committed by
Chromium LUCI CQ
Chromium LUCI CQ
parent
f85438ee2a
commit
171071a3d7
chrome/browser
password_manager
signin
ui
views
components
password_manager
signin
core
ios
weblayer/browser
@@ -80,7 +80,7 @@ void PasswordManagerSigninInterceptTestHelper::NavigateToGaiaSigninPage(
|
||||
std::string path = "/password/password_form.html";
|
||||
GURL https_url(https_test_server_->GetURL(path));
|
||||
DCHECK(https_url.SchemeIs(url::kHttpsScheme));
|
||||
DCHECK(gaia::IsGaiaSignonRealm(https_url.DeprecatedGetOriginAsURL()));
|
||||
DCHECK(gaia::HasGaiaSchemeHostPort(https_url));
|
||||
|
||||
PasswordsNavigationObserver navigation_observer(contents);
|
||||
ASSERT_TRUE(ui_test_utils::NavigateToURL(
|
||||
|
||||
@@ -159,8 +159,7 @@ bool ShouldBlockReconcilorForRequest(ChromeRequestAdapter* request) {
|
||||
}
|
||||
|
||||
return request->IsFetchLikeAPI() &&
|
||||
gaia::IsGaiaSignonRealm(
|
||||
request->GetReferrer().DeprecatedGetOriginAsURL());
|
||||
gaia::HasGaiaSchemeHostPort(request->GetReferrer());
|
||||
}
|
||||
|
||||
#endif // BUILDFLAG(ENABLE_DICE_SUPPORT)
|
||||
@@ -453,7 +452,7 @@ void ProcessDiceHeader(
|
||||
// child/route id. Must be called on IO thread.
|
||||
void ProcessMirrorResponseHeaderIfExists(ResponseAdapter* response,
|
||||
bool is_off_the_record) {
|
||||
CHECK(gaia::IsGaiaSignonRealm(response->GetURL().DeprecatedGetOriginAsURL()));
|
||||
CHECK(gaia::HasGaiaSchemeHostPort(response->GetURL()));
|
||||
|
||||
if (!response->IsOutermostMainFrame())
|
||||
return;
|
||||
@@ -503,7 +502,7 @@ void ProcessMirrorResponseHeaderIfExists(ResponseAdapter* response,
|
||||
#if BUILDFLAG(ENABLE_DICE_SUPPORT)
|
||||
void ProcessDiceResponseHeaderIfExists(ResponseAdapter* response,
|
||||
bool is_off_the_record) {
|
||||
CHECK(gaia::IsGaiaSignonRealm(response->GetURL().DeprecatedGetOriginAsURL()));
|
||||
CHECK(gaia::HasGaiaSchemeHostPort(response->GetURL()));
|
||||
|
||||
if (is_off_the_record)
|
||||
return;
|
||||
@@ -564,7 +563,7 @@ std::string ParseGaiaIdFromRemoveLocalAccountResponseHeader(
|
||||
|
||||
void ProcessRemoveLocalAccountResponseHeaderIfExists(ResponseAdapter* response,
|
||||
bool is_off_the_record) {
|
||||
CHECK(gaia::IsGaiaSignonRealm(response->GetURL().DeprecatedGetOriginAsURL()));
|
||||
CHECK(gaia::HasGaiaSchemeHostPort(response->GetURL()));
|
||||
|
||||
if (is_off_the_record)
|
||||
return;
|
||||
@@ -679,7 +678,7 @@ void FixAccountConsistencyRequestHeader(
|
||||
void ProcessAccountConsistencyResponseHeaders(ResponseAdapter* response,
|
||||
const GURL& redirect_url,
|
||||
bool is_off_the_record) {
|
||||
if (!gaia::IsGaiaSignonRealm(response->GetURL().DeprecatedGetOriginAsURL()))
|
||||
if (!gaia::HasGaiaSchemeHostPort(response->GetURL()))
|
||||
return;
|
||||
|
||||
#if BUILDFLAG(ENABLE_MIRROR)
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
#include "content/public/browser/navigation_controller.h"
|
||||
#include "content/public/browser/navigation_entry.h"
|
||||
#include "content/public/browser/navigation_handle.h"
|
||||
#include "google_apis/gaia/gaia_urls.h"
|
||||
#include "google_apis/gaia/gaia_auth_util.h"
|
||||
|
||||
DiceTabHelper::DiceTabHelper(content::WebContents* web_contents)
|
||||
: content::WebContentsUserData<DiceTabHelper>(*web_contents),
|
||||
@@ -110,8 +110,7 @@ bool DiceTabHelper::IsSigninPageNavigation(
|
||||
content::NavigationHandle* navigation_handle) const {
|
||||
return !navigation_handle->IsErrorPage() &&
|
||||
navigation_handle->GetRedirectChain()[0] == signin_url_ &&
|
||||
navigation_handle->GetURL().DeprecatedGetOriginAsURL() ==
|
||||
GaiaUrls::GetInstance()->gaia_url();
|
||||
gaia::HasGaiaSchemeHostPort(navigation_handle->GetURL());
|
||||
}
|
||||
|
||||
WEB_CONTENTS_USER_DATA_KEY_IMPL(DiceTabHelper);
|
||||
|
||||
@@ -47,7 +47,7 @@ bool IsExternalURL(const GURL& url) {
|
||||
// sign-in succeeds.
|
||||
if (url.is_empty() || url == GURL(url::kAboutBlankURL))
|
||||
return false;
|
||||
if (gaia::IsGaiaSignonRealm(url.DeprecatedGetOriginAsURL()))
|
||||
if (gaia::HasGaiaSchemeHostPort(url))
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -19,7 +19,7 @@
|
||||
#include "components/signin/public/identity_manager/account_info.h"
|
||||
#include "components/sync/driver/sync_service.h"
|
||||
#include "components/sync/driver/sync_user_settings.h"
|
||||
#include "google_apis/gaia/gaia_urls.h"
|
||||
#include "google_apis/gaia/gaia_auth_util.h"
|
||||
|
||||
using autofill::GaiaIdHash;
|
||||
using password_manager::metrics_util::PasswordAccountStorageUsageLevel;
|
||||
@@ -224,8 +224,7 @@ bool ShouldShowAccountStorageReSignin(const PrefService* pref_service,
|
||||
return false;
|
||||
}
|
||||
|
||||
if (current_page_url.DeprecatedGetOriginAsURL() ==
|
||||
GaiaUrls::GetInstance()->gaia_url().DeprecatedGetOriginAsURL()) {
|
||||
if (gaia::HasGaiaSchemeHostPort(current_page_url)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@@ -17,10 +17,6 @@
|
||||
#include "components/password_manager/core/browser/psl_matching_helper.h"
|
||||
#include "components/safe_browsing/core/common/safe_browsing_prefs.h"
|
||||
#include "google_apis/gaia/gaia_auth_util.h"
|
||||
#include "google_apis/gaia/gaia_urls.h"
|
||||
#include "url/origin.h"
|
||||
|
||||
using url::Origin;
|
||||
|
||||
namespace password_manager {
|
||||
|
||||
@@ -195,9 +191,7 @@ absl::optional<PasswordHashData> PasswordReuseDetector::CheckGaiaPasswordReuse(
|
||||
}
|
||||
|
||||
// Skips password reuse check if |domain| matches Gaia origin.
|
||||
const Origin gaia_origin = Origin::Create(
|
||||
GaiaUrls::GetInstance()->gaia_url().DeprecatedGetOriginAsURL());
|
||||
if (Origin::Create(GURL(domain)).IsSameOriginWith(gaia_origin))
|
||||
if (gaia::HasGaiaSchemeHostPort(GURL(domain)))
|
||||
return absl::nullopt;
|
||||
|
||||
return FindPasswordReuse(input, gaia_password_hash_data_list_.value());
|
||||
|
||||
@@ -182,7 +182,7 @@ bool ChromeConnectedHeaderHelper::IsUrlEligibleForRequestHeader(
|
||||
google_util::IsYoutubeDomainUrl(
|
||||
url, google_util::ALLOW_SUBDOMAIN,
|
||||
google_util::DISALLOW_NON_STANDARD_PORTS) ||
|
||||
gaia::IsGaiaSignonRealm(url.DeprecatedGetOriginAsURL());
|
||||
gaia::HasGaiaSchemeHostPort(url);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -213,7 +213,7 @@ std::string ChromeConnectedHeaderHelper::BuildRequestHeader(
|
||||
|
||||
if (!force_account_consistency && gaia_id.empty()) {
|
||||
#if BUILDFLAG(IS_ANDROID)
|
||||
if (gaia::IsGaiaSignonRealm(url.DeprecatedGetOriginAsURL())) {
|
||||
if (gaia::HasGaiaSchemeHostPort(url)) {
|
||||
parts.push_back(
|
||||
base::StringPrintf("%s=%s", kEligibleForConsistency, "true"));
|
||||
return base::JoinString(parts, is_header_request ? "," : ":");
|
||||
|
||||
@@ -204,7 +204,7 @@ bool DiceHeaderHelper::IsUrlEligibleForRequestHeader(const GURL& url) {
|
||||
if (account_consistency_ != AccountConsistencyMethod::kDice)
|
||||
return false;
|
||||
|
||||
return gaia::IsGaiaSignonRealm(url.DeprecatedGetOriginAsURL());
|
||||
return gaia::HasGaiaSchemeHostPort(url);
|
||||
}
|
||||
|
||||
std::string DiceHeaderHelper::BuildRequestHeader(
|
||||
|
||||
@@ -52,7 +52,7 @@ const char* kGaiaDomain = "accounts.google.com";
|
||||
// Returns the registered, organization-identifying host, but no subdomains,
|
||||
// from the given GURL. Returns an empty string if the GURL is invalid.
|
||||
static std::string GetDomainFromUrl(const GURL& url) {
|
||||
if (gaia::IsGaiaSignonRealm(url.DeprecatedGetOriginAsURL())) {
|
||||
if (gaia::HasGaiaSchemeHostPort(url)) {
|
||||
return kGaiaDomain;
|
||||
}
|
||||
return net::registry_controlled_domains::GetDomainAndRegistry(
|
||||
@@ -202,7 +202,7 @@ void AccountConsistencyService::AccountConsistencyHandler::ShouldAllowResponse(
|
||||
{url, GURL(kGoogleUrl)});
|
||||
}
|
||||
|
||||
if (!gaia::IsGaiaSignonRealm(url.DeprecatedGetOriginAsURL())) {
|
||||
if (!gaia::HasGaiaSchemeHostPort(url)) {
|
||||
std::move(callback).Run(PolicyDecision::Allow());
|
||||
return;
|
||||
}
|
||||
@@ -309,7 +309,7 @@ void AccountConsistencyService::AccountConsistencyHandler::PageLoaded(
|
||||
}
|
||||
|
||||
if (delegate_ && show_consistency_web_signin_ &&
|
||||
gaia::IsGaiaSignonRealm(url.DeprecatedGetOriginAsURL())) {
|
||||
gaia::HasGaiaSchemeHostPort(url)) {
|
||||
delegate_->OnShowConsistencyPromo(url, web_state);
|
||||
}
|
||||
show_consistency_web_signin_ = false;
|
||||
|
||||
@@ -50,8 +50,7 @@ void ProcessMirrorHeader(content::WebContents::Getter web_contents_getter,
|
||||
void MaybeAddQueryParams(GURL* url) {
|
||||
// Add manage=true to query parameters for sign out URLs to make sure we
|
||||
// receive the Mirror response headers instead of the normal sign out page.
|
||||
if (gaia::IsGaiaSignonRealm(url->DeprecatedGetOriginAsURL()) &&
|
||||
url->path_piece() == kSignOutPath) {
|
||||
if (gaia::HasGaiaSchemeHostPort(*url) && url->path_piece() == kSignOutPath) {
|
||||
*url = net::AppendOrReplaceQueryParameter(*url, "manage", "true");
|
||||
}
|
||||
}
|
||||
@@ -163,8 +162,8 @@ void SigninURLLoaderThrottle::ProcessRequest(
|
||||
|
||||
void SigninURLLoaderThrottle::ProcessResponse(
|
||||
const net::HttpResponseHeaders* headers) {
|
||||
if (!gaia::IsGaiaSignonRealm(request_url_.DeprecatedGetOriginAsURL()) ||
|
||||
!is_main_frame_ || !headers) {
|
||||
if (!gaia::HasGaiaSchemeHostPort(request_url_) || !is_main_frame_ ||
|
||||
!headers) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user