Added OAuth support to TokenService

chrome/browser/net/gaia/token_service.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/net/gaia/token_service.h"
 
 #include "base/command_line.h"
 #include "base/string_util.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/common/chrome_notification_types.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/net/gaia/gaia_auth_fetcher.h"
 #include "chrome/common/net/gaia/gaia_constants.h"
 #include "content/browser/browser_thread.h"
 #include "content/common/notification_service.h"
 #include "content/common/notification_source.h"
 #include "net/url_request/url_request_context_getter.h"
 
 // Unfortunately kNumServices must be defined in the .h.
 // TODO(chron): Sync doesn't use the TalkToken anymore so we can stop
 //              requesting it.
 const char* TokenService::kServices[] = {
   GaiaConstants::kGaiaService,
   GaiaConstants::kSyncService,
   GaiaConstants::kTalkService,
   GaiaConstants::kDeviceManagementService
 };
 
+const char* kUnusedServiceScope = "unused-service-scope";
+
+// Unfortunately kNumOAuthServices must be defined in the .h.
+// For OAuth, Chrome uses the OAuth2 service scope as the service name.
+const char* TokenService::kOAuthServices[] = {
+  GaiaConstants::kSyncServiceOAuth,
+};
+
 TokenService::TokenService()
-    : token_loading_query_(0) {
+    : profile_(NULL),
+      token_loading_query_(0) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
 }
 
 TokenService::~TokenService() {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   ResetCredentialsInMemory();
 }
 
 void TokenService::Initialize(const char* const source,
                               Profile* profile) {
 
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   if (!source_.empty()) {
     // Already initialized.
     return;
   }
+  DCHECK(!profile_);
+  profile_ = profile;
   getter_ = profile->GetRequestContext();

[Mattias Nissler (ping if slow), 2011/08/04 13:39:57]

It doesn't make much sense to keep around both the profile and the fetcher in
member variables, since you can always get the latter from the former.

[Rick Campbell, 2011/08/04 17:24:42]

I might be misunderstanding here.  The current dependency was introduced so that
the TokenService can use the profile when creating new GaiaOAuthFetchers, and
the fetchers need the profile in order to listen for cookie notifications.

Since fetcher's have a profile_ member, I could expose that and then use an
existing fetcher to obtain the profile when I need it (former from the latter?),
however, I'm more hesitant to explore inferring the active set of fetchers
through the Profile object (latter from the former?) since there might be
fetchers associated with the Profile that should be independent of the
TokenService.

As I mentioned in the header-file comment, my current thinking is to leave
things as they are for now, then revisit the fetcher first, and then reconsider
whether TokenService could also lose the profile data member.

   // Since the user can create a bookmark in incognito, sync may be running.
   // Thus we have to go for explicit access.
   web_data_service_ = profile->GetWebDataService(Profile::EXPLICIT_ACCESS);
   source_ = std::string(source);
 
 #ifndef NDEBUG
   CommandLine* cmd_line = CommandLine::ForCurrentProcess();
   // Allow the token service to be cleared from the command line.
   if (cmd_line->HasSwitch(switches::kClearTokenService))
     EraseTokensFromDB();
@@ skipping 11 matching lines @@
 
   registrar_.Add(this,
                  chrome::NOTIFICATION_TOKEN_UPDATED,
                  Source<Profile>(profile));
 }
 
 void TokenService::ResetCredentialsInMemory() {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
 
   // Terminate any running fetchers. Callbacks will not return.
-  for (int i = 0; i < kNumServices; i++) {
+  for (int i = 0; i < kNumServices; ++i) {
     fetchers_[i].reset();
   }
+  for (int i = 0; i < kNumOAuthServices; ++i) {
+    oauth_fetchers_[i].reset();
+  }
 
   // Cancel pending loads. Callbacks will not return.
   if (token_loading_query_) {
     web_data_service_->CancelRequest(token_loading_query_);
     token_loading_query_ = 0;
   }
 
   token_map_.clear();
   credentials_ = GaiaAuthConsumer::ClientLoginResult();
+  oauth_token_.clear();
+  oauth_secret_.clear();
 }
 
 void TokenService::UpdateCredentials(
     const GaiaAuthConsumer::ClientLoginResult& credentials) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   credentials_ = credentials;
 
   SaveAuthTokenToDB(GaiaConstants::kGaiaLsid, credentials.lsid);
   SaveAuthTokenToDB(GaiaConstants::kGaiaSid, credentials.sid);
 
   // Cancels any currently running requests.
   for (int i = 0; i < kNumServices; i++) {
     fetchers_[i].reset(new GaiaAuthFetcher(this, source_, getter_));
   }
 }
 
+void TokenService::UpdateOAuthCredentials(
+    const std::string& oauth_token,
+    const std::string& oauth_secret) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+  oauth_token_ = oauth_token;
+  oauth_secret_ = oauth_secret;
+
+  SaveAuthTokenToDB(GaiaConstants::kGaiaOAuthToken, oauth_token);
+  SaveAuthTokenToDB(GaiaConstants::kGaiaOAuthSecret, oauth_secret);
+
+  // Cancels any currently running requests.
+  for (int i = 0; i < kNumOAuthServices; i++) {
+    oauth_fetchers_[i].reset(
+        new GaiaOAuthFetcher(this, getter_, profile_, kUnusedServiceScope));
+  }
+}
+
 void TokenService::LoadTokensFromDB() {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   if (web_data_service_.get())
     token_loading_query_ = web_data_service_->GetAllTokens(this);
 }
 
 void TokenService::SaveAuthTokenToDB(const std::string& service,
                                      const std::string& auth_token) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   if (web_data_service_.get())
     web_data_service_->SetTokenForService(service, auth_token);
 }
 
 void TokenService::EraseTokensFromDB() {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   if (web_data_service_.get())
     web_data_service_->RemoveAllTokens();
 }
 
 bool TokenService::AreCredentialsValid() const {
   return !credentials_.lsid.empty() && !credentials_.sid.empty();
 }
 
+bool TokenService::AreOAuthCredentialsValid() const {
+  return !oauth_token_.empty() && !oauth_secret_.empty();
+}
+
 bool TokenService::HasLsid() const {
   return !credentials_.lsid.empty();
 }
 
 const std::string& TokenService::GetLsid() const {
   return credentials_.lsid;
 }
 
 void TokenService::StartFetchingTokens() {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   DCHECK(AreCredentialsValid());
   for (int i = 0; i < kNumServices; i++) {
     fetchers_[i]->StartIssueAuthToken(credentials_.sid,
                                       credentials_.lsid,
                                       kServices[i]);
   }
 }
 
+void TokenService::StartFetchingOAuthTokens() {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+  DCHECK(AreOAuthCredentialsValid());
+  for (int i = 0; i < kNumOAuthServices; i++) {
+    oauth_fetchers_[i]->StartOAuthWrapBridge(oauth_token_,
+                                             oauth_secret_,
+                                             GaiaConstants::kGaiaOAuthDuration,
+                                             kOAuthServices[i]);
+  }
+}
+
 // Services dependent on a token will check if a token is available.
 // If it isn't, they'll go to sleep until they get a token event.
 bool TokenService::HasTokenForService(const char* const service) const {
   return token_map_.count(service) > 0;
 }
 
 const std::string& TokenService::GetTokenForService(
     const char* const service) const {
 
   if (token_map_.count(service) > 0) {
@@ skipping 45 matching lines @@
   SaveAuthTokenToDB(service, auth_token);
 }
 
 void TokenService::OnIssueAuthTokenFailure(const std::string& service,
     const GoogleServiceAuthError& error) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   LOG(WARNING) << "Auth token issuing failed for service:" << service;
   FireTokenRequestFailedNotification(service, error);
 }
 
+void TokenService::OnOAuthGetAccessTokenSuccess(const std::string& token,
+                                                const std::string& secret) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+  VLOG(1) << "TokenService::OnOAuthGetAccessTokenSuccess";
+  SaveAuthTokenToDB(GaiaConstants::kGaiaOAuthToken, token);
+  SaveAuthTokenToDB(GaiaConstants::kGaiaOAuthSecret, secret);
+  UpdateOAuthCredentials(token, secret);
+}
+
+void TokenService::OnOAuthGetAccessTokenFailure(
+    const GoogleServiceAuthError& error) {
+  VLOG(1) << "TokenService::OnOAuthGetAccessTokenFailure";
+}
+
+void TokenService::OnOAuthWrapBridgeSuccess(const std::string& service_scope,
+                                            const std::string& token,
+                                            const std::string& expires_in) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+  VLOG(1) << "Got an access token for " << service_scope;
+  token_map_[service_scope] = token;
+  FireTokenAvailableNotification(service_scope, token);
+  SaveAuthTokenToDB(service_scope, token);
+}
+
+void TokenService::OnOAuthWrapBridgeFailure(
+    const std::string& service_scope,
+    const GoogleServiceAuthError& error) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+  LOG(WARNING) << "Auth token issuing failed for service:" << service_scope;
+  FireTokenRequestFailedNotification(service_scope, error);
+

[Mattias Nissler (ping if slow), 2011/08/04 13:39:57]

remove blank line

[Rick Campbell, 2011/08/04 17:24:42]

Done.

+}
+
 void TokenService::OnWebDataServiceRequestDone(WebDataService::Handle h,
                                                const WDTypedResult* result) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   DCHECK(token_loading_query_);
   token_loading_query_ = 0;
 
   // If the fetch failed, there will be no result. In that case, we just don't
   // load any tokens at all from the DB.
   if (result) {
     DCHECK(result->GetType() == TOKEN_RESULT);
@@ skipping 47 matching lines @@
     if (db_tokens.count(GaiaConstants::kGaiaSid) > 0)
       sid = db_tokens.find(GaiaConstants::kGaiaSid)->second;
 
     if (!lsid.empty() && !sid.empty()) {
       UpdateCredentials(GaiaAuthConsumer::ClientLoginResult(sid,
                                                             lsid,
                                                             std::string(),
                                                             std::string()));
     }
   }
+
+  for (int i = 0; i < kNumOAuthServices; i++) {
+    // OnIssueAuthTokenSuccess should come from the same thread.
+    // If a token is already present in the map, it could only have
+    // come from a DB read or from IssueAuthToken. Since we should never
+    // fetch from the DB twice in a browser session, it must be from
+    // OnIssueAuthTokenSuccess, which is a live fetcher.
+    //
+    // Network fetched tokens take priority over DB tokens, so exclude tokens
+    // which have already been loaded by the fetcher.
+    if (!in_memory_tokens->count(kOAuthServices[i]) &&
+        db_tokens.count(kOAuthServices[i])) {
+      std::string db_token = db_tokens.find(kOAuthServices[i])->second;
+      if (!db_token.empty()) {
+        VLOG(1) << "Loading " << kOAuthServices[i] << "token from DB: "
+                << db_token;
+        (*in_memory_tokens)[kOAuthServices[i]] = db_token;
+        FireTokenAvailableNotification(kOAuthServices[i], db_token);
+        // Failures are only for network errors.
+      }
+    }
+  }
+
+  if (oauth_token_.empty() && oauth_secret_.empty()) {
+    // Look for GAIA OAuth1 access token and secret.  If we have both, and the
+    // current crendentials are empty, update the credentials.
+    std::string oauth_token;
+    std::string oauth_secret;
+
+    if (db_tokens.count(GaiaConstants::kGaiaOAuthToken) > 0)
+      oauth_token = db_tokens.find(GaiaConstants::kGaiaOAuthToken)->second;
+
+    if (db_tokens.count(GaiaConstants::kGaiaOAuthSecret) > 0)
+      oauth_secret = db_tokens.find(GaiaConstants::kGaiaOAuthSecret)->second;
+
+    if (!oauth_token.empty() && !oauth_secret.empty()) {
+      UpdateOAuthCredentials(oauth_token, oauth_secret);
+    }
+  }
 }
 
 void TokenService::Observe(int type,
                            const NotificationSource& source,
                            const NotificationDetails& details) {
   DCHECK_EQ(type, chrome::NOTIFICATION_TOKEN_UPDATED);
   TokenAvailableDetails* tok_details =
       Details<TokenAvailableDetails>(details).ptr();
   OnIssueAuthTokenSuccess(tok_details->service(), tok_details->token());
 }