New authorization framework for sync. ...

chrome/browser/sync/engine/syncapi.h

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file defines the "sync API", an interface to the syncer
 // backend that exposes (1) the core functionality of maintaining a consistent
 // local snapshot of a hierarchical object set; (2) a means to transactionally
 // access and modify those objects; (3) a means to control client/server
 // synchronization tasks, namely: pushing local object modifications to a
 // server, pulling nonlocal object modifications from a server to this client,
@@ skipping 89 matching lines @@
 
 // A UserShare encapsulates the syncable pieces that represent an authenticated
 // user and their data (share).
 // This encompasses all pieces required to build transaction objects on the
 // syncable share.
 struct UserShare {
   // The DirectoryManager itself, which is the parent of Transactions and can
   // be shared across multiple threads (unlike Directory).
   scoped_ptr<syncable::DirectoryManager> dir_manager;
 
-  // The username of the sync user. This is empty until we have performed at
-  // least one successful GAIA authentication with this username, which means
-  // on first-run it is empty until an AUTH_SUCCEEDED event and on future runs
-  // it is set as soon as the client instructs us to authenticate for the last
-  // known valid user (AuthenticateForLastKnownUser()).
-  std::string authenticated_name;
+  // The username of the sync user.
+  std::string name;
+};
+
+// Contains everything needed to talk to and identify a user account.
+struct SyncCredentials {
+  std::string email;
+  std::string sync_token;
 };
 
 // A valid BaseNode will never have an ID of zero.
 static const int64 kInvalidId = 0;
 
 // BaseNode wraps syncable::Entry, and corresponds to a single object's state.
 // This, like syncable::Entry, is intended for use on the stack.  A valid
 // transaction is necessary to create a BaseNode or any of its children.
 // Unlike syncable::Entry, a sync API BaseNode is identified primarily by its
 // int64 metahandle, which we call an ID here.
@@ skipping 536 matching lines @@
                                   int change_count) = 0;
 
     // A round-trip sync-cycle took place and the syncer has resolved any
     // conflicts that may have arisen.
     virtual void OnSyncCycleCompleted(
         const browser_sync::sessions::SyncSessionSnapshot* snapshot) = 0;
 
     // Called when user interaction may be required due to an auth problem.
     virtual void OnAuthError(const GoogleServiceAuthError& auth_error) = 0;
 
+    // Called when a new auth token is provided by the sync server.
+    virtual void OnUpdatedToken(const std::string& token) = 0;
+
     // Called when user interaction is required to obtain a valid passphrase.
     virtual void OnPassphraseRequired() = 0;
 
     // Called when the passphrase provided by the user has been accepted and is
     // now used to encrypt sync data.  |bootstrap_token| is an opaque base64
     // encoded representation of the key generated by the accepted passphrase,
     // and is provided to the observer for persistence purposes and use in a
     // future initialization of sync (e.g. after restart).
     virtual void OnPassphraseAccepted(const std::string& bootstrap_token) = 0;
 
@@ skipping 26 matching lines @@
   SyncManager();
   virtual ~SyncManager();
 
   // Initialize the sync manager.  |database_location| specifies the path of
   // the directory in which to locate a sqlite repository storing the syncer
   // backend state. Initialization will open the database, or create it if it
   // does not already exist. Returns false on failure.
   // |sync_server_and_path| and |sync_server_port| represent the Chrome sync
   // server to use, and |use_ssl| specifies whether to communicate securely;
   // the default is false.
-  // |gaia_service_id| is the service id used for GAIA authentication. If it's
-  // null then default will be used.
   // |post_factory| will be owned internally and used to create
   // instances of an HttpPostProvider.
-  // |auth_post_factory| will be owned internally and used to create
-  // instances of an HttpPostProvider for communicating with GAIA.
-  // TODO(timsteele): It seems like one factory should suffice, but for now to
-  // avoid having to deal with threading issues since the auth code and syncer
-  // code live on separate threads that run simultaneously, we just dedicate
-  // one to each component. Long term we may want to reconsider the HttpBridge
-  // API to take all the params in one chunk in a threadsafe manner.. which is
-  // still suboptimal as there will be high contention between the two threads
-  // on startup; so maybe what we have now is the best solution- it does mirror
-  // the CURL implementation as each thread creates their own internet handle.
-  // Investigate.
   // |model_safe_worker| ownership is given to the SyncManager.
   // |user_agent| is a 7-bit ASCII string suitable for use as the User-Agent
   // HTTP header. Used internally when collecting stats to classify clients.
-  // As a fallback when no cached auth information is available, try to
-  // bootstrap authentication using |lsid|, if it isn't empty.
-  //
-  // |invalidate_last_user_auth_token| makes it so that any auth token
-  // read from user settings is invalidated.  This is used for testing
-  // code paths related to authentication failures.
-  //
-  // |invalidate_xmpp_auth_token| makes it so that any auth token
-  // used to log into XMPP is invalidated.  This is used for testing
-  // code paths related to authentication failures for XMPP only.
-  //
   // |try_ssltcp_first| indicates that the SSLTCP port (443) is tried before the
   // the XMPP port (5222) during login. It is used by the sync tests that are
   // run on the chromium builders because port 5222 is blocked.
   bool Init(const FilePath& database_location,
             const char* sync_server_and_path,
             int sync_server_port,
-            const char* gaia_service_id,
-            const char* gaia_source,
             bool use_ssl,
             HttpPostProviderFactory* post_factory,
-            HttpPostProviderFactory* auth_post_factory,
             browser_sync::ModelSafeWorkerRegistrar* registrar,
-            bool attempt_last_user_authentication,
-            bool invalidate_last_user_auth_token,
-            bool invalidate_xmpp_auth_token,
             const char* user_agent,
-            const char* lsid,
+            const SyncCredentials& credentials,
             bool use_chrome_async_socket,
             bool try_ssltcp_first,
             browser_sync::NotificationMethod notification_method,
             const std::string& restored_key_for_bootstrapping);
 
   // Returns the username last used for a successful authentication.
   // Returns empty if there is no such username.
   const std::string& GetAuthenticatedUsername();
 
   // Check if the database has been populated with a full "initial" download of
   // sync items for each data type currently present in the routing info.
   // Prerequisite for calling this is that OnInitializationComplete has been
   // called.
   bool InitialSyncEndedForAllEnabledTypes();
 
-  // Submit credentials to GAIA for verification. On success, both |username|
-  // and the obtained auth token are persisted on disk for future re-use.
-  // If authentication fails, OnAuthProblem is called on our Observer.
-  // The Observer may, in turn, decide to try again with new
-  // credentials. Calling this method again is the appropriate course of action
-  // to "retry".
-  // |username|, |password|, and |captcha| are owned by the caller.
-  void Authenticate(const char* username, const char* password,
-                    const char* captcha);
+  // Migrate tokens from user settings DB to the token service.
+  void MigrateTokens();
+
+  // Update tokens that we're using in Sync. Email must stay the same.
+  void UpdateCredentials(const SyncCredentials& credentials);
 
   // Start the SyncerThread.
   void StartSyncing();
 
   // Attempt to set the passphrase. If the passphrase is valid,
   // OnPassphraseAccepted will be fired to notify the ProfileSyncService and the
   // syncer will be nudged so that any update that was waiting for this
   // passphrase gets applied as soon as possible.
   // If the passphrase in invalid, OnPassphraseRequired will be fired.
   // Calling this metdod again is the appropriate course of action to "retry"
@@ skipping 131 matching lines @@
   // This allows actual HttpPostProvider subclass implementations to be
   // reference counted, which is useful if a particular implementation uses
   // multiple threads to serve network requests.
   virtual void Destroy(HttpPostProviderInterface* http) = 0;
   virtual ~HttpPostProviderFactory() { }
 };
 
 }  // namespace sync_api
 
 #endif  // CHROME_BROWSER_SYNC_ENGINE_SYNCAPI_H_