Shaving parallel authenticator yak to remove unnecessary dependency on this class from OAuth spec...

chrome/browser/chromeos/login/login_utils.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/login_utils.h"
 
 #include <vector>
 
 #include "base/command_line.h"
 #include "base/compiler_specific.h"
 #include "base/file_path.h"
 #include "base/file_util.h"
 #include "base/location.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/memory/singleton.h"
 #include "base/path_service.h"
 #include "base/string_util.h"
 #include "base/stringprintf.h"
 #include "base/synchronization/lock.h"
 #include "base/threading/thread_restrictions.h"
 #include "base/time.h"
 #include "base/utf_string_conversions.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/browser_shutdown.h"
 #include "chrome/browser/chromeos/boot_times_loader.h"
 #include "chrome/browser/chromeos/cros/network_library.h"
+#include "chrome/browser/chromeos/cros/cert_library.h"

[Nikita (slow), 2011/12/01 14:34:13]

nit: Move one line up.

[zel, 2011/12/02 02:35:23]

Done.

 #include "chrome/browser/chromeos/dbus/dbus_thread_manager.h"
 #include "chrome/browser/chromeos/dbus/session_manager_client.h"
 #include "chrome/browser/chromeos/input_method/input_method_manager.h"
 #include "chrome/browser/chromeos/input_method/input_method_util.h"
 #include "chrome/browser/chromeos/login/background_view.h"
 #include "chrome/browser/chromeos/login/cookie_fetcher.h"
 #include "chrome/browser/chromeos/login/language_switch_menu.h"
 #include "chrome/browser/chromeos/login/login_display_host.h"
 #include "chrome/browser/chromeos/login/ownership_service.h"
 #include "chrome/browser/chromeos/login/parallel_authenticator.h"
@@ skipping 59 matching lines @@
 
 // The service scope of the OAuth v2 token that ChromeOS login will be
 // requesting.
 // TODO(zelidrag): Figure out if we need to add more services here.
 const char kServiceScopeChromeOS[] =
     "https://www.googleapis.com/auth/chromesync";
 
 const char kServiceScopeChromeOSDeviceManagement[] =
     "https://www.googleapis.com/auth/chromeosdevicemanagement";
 
+const char kServiceScopeChromeOSDocuments[] =
+    "https://docs.google.com/feeds/ "
+    "https://spreadsheets.google.com/feeds/ "
+    "https://docs.googleusercontent.com/";
+
 class InitializeCookieMonsterHelper {
  public:
   explicit InitializeCookieMonsterHelper(
       net::URLRequestContextGetter* new_context)
           : ALLOW_THIS_IN_INITIALIZER_LIST(callback_(base::Bind(
               &InitializeCookieMonsterHelper::InitializeCookieMonster,
               base::Unretained(this)))),
             new_context_(new_context) {
   }
 
@@ skipping 53 matching lines @@
   class Delegate {
    public:
     virtual ~Delegate() {}
     virtual void OnOAuthVerificationSucceeded(const std::string& user_name,
                                               const std::string& sid,
                                               const std::string& lsid,
                                               const std::string& auth) {}
     virtual void OnOAuthVerificationFailed(const std::string& user_name) {}
     virtual void OnUserCookiesFetchSucceeded(const std::string& user_name) {}
     virtual void OnUserCookiesFetchFailed(const std::string& user_name) {}
+    virtual void OnDocumentsTokenFetchSucceeded(const std::string& username,
+        const std::string& oauth2_token) {}
+    virtual void OnDocumentsTokenFetchFailed(const std::string& username) {}
   };
 
   OAuthLoginVerifier(OAuthLoginVerifier::Delegate* delegate,
                      Profile* user_profile,
                      const std::string& oauth1_token,
                      const std::string& oauth1_secret,
                      const std::string& username)
       : delegate_(delegate),
         oauth_fetcher_(this,
             user_profile->GetOffTheRecordProfile()->GetRequestContext(),
@@ skipping 75 matching lines @@
     VERIFICATION_STEP_FAILED,
   } VerificationStep;
 
   // Kicks off GAIA session cookie retreival process.
   void StartCookiesRetreival() {
     DCHECK(!sid_.empty());
     DCHECK(!lsid_.empty());
     gaia_fetcher_.StartIssueAuthToken(sid_, lsid_, GaiaConstants::kGaiaService);
   }
 
+  void StartDocsTokenRetreival() {
+    DCHECK(!oauth1_token_.empty());
+    DCHECK(!oauth1_secret_.empty());
+    oauth_fetcher_.SetAutoFetchLimit(
+        GaiaOAuthFetcher::OAUTH2_SERVICE_ACCESS_TOKEN);
+    oauth_fetcher_.StartOAuthWrapBridge(
+        oauth1_token_, oauth1_secret_, GaiaConstants::kGaiaOAuthDuration,
+        std::string(kServiceScopeChromeOSDocuments));
+  }
+
   // Decides how to proceed on GAIA response and other errors. It can schedule
   // to rerun the verification process if detects transient network or service
   // errors.
   bool RetryOnError(const GoogleServiceAuthError& error) {
     // If we can't connect to GAIA due to network or service related reasons,
     // we should attempt OAuth token verification again.
     if (error.state() == GoogleServiceAuthError::CONNECTION_FAILED ||
         error.state() == GoogleServiceAuthError::SERVICE_UNAVAILABLE) {
       if (verification_count_ < kMaxOAuthTokenVerificationAttemptCount) {
         BrowserThread::PostDelayedTask(BrowserThread::UI, FROM_HERE,
             base::Bind(&OAuthLoginVerifier::ContinueVerification, AsWeakPtr()),
             kOAuthVerificationRestartDelay);
         return true;
       }
     }
     step_ = VERIFICATION_STEP_FAILED;
     return false;
   }
 
   // GaiaOAuthConsumer implementation:
   virtual void OnOAuthLoginSuccess(const std::string& sid,
                                    const std::string& lsid,
                                    const std::string& auth) OVERRIDE {
     DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
     step_ = VERIFICATION_STEP_OAUTH_VERIFIED;
     verification_count_ = 0;
     sid_ = sid;
     lsid_ = lsid;
     delegate_->OnOAuthVerificationSucceeded(username_, sid, lsid, auth);
+    StartDocsTokenRetreival();

[Nikita (slow), 2011/12/01 14:34:13]

Could this be initiated from FetchSecondaryTokens()?
So that if we'll need to add another services, they'll be added there too.

[zel, 2011/12/02 02:35:23]

All docs token retrieval related changes in this class have been removed. This
will be migrated into TokenService instead. 

     StartCookiesRetreival();
   }
 
   virtual void OnOAuthLoginFailure(
       const GoogleServiceAuthError& error) OVERRIDE {
     DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
     LOG(WARNING) << "Failed to verify OAuth1 access tokens,"
                  << " error.state=" << error.state();
     if (!RetryOnError(error))
       delegate_->OnOAuthVerificationFailed(username_);
@@ skipping 25 matching lines @@
     delegate_->OnUserCookiesFetchSucceeded(username_);
   }
 
   virtual void OnMergeSessionFailure(
       const GoogleServiceAuthError& error) OVERRIDE {
     DVLOG(1) << "Failed MergeSession request,"
              << " error.state=" << error.state();
     OnCookueFetchFailed(error);
   }
 
+  virtual void OnOAuthWrapBridgeSuccess(
+      const std::string& service_name,
+      const std::string& token,
+      const std::string& expires_in) OVERRIDE {
+    VLOG(1) << "Got OAuth access token for " << service_name;
+    delegate_->OnDocumentsTokenFetchSucceeded(username_, token);
+  }
+
+  virtual void OnOAuthWrapBridgeFailure(
+      const std::string& service_name,
+      const GoogleServiceAuthError& error) OVERRIDE {
+    LOG(WARNING) << "Failed to get OAuth access token for " << service_name
+                 << ", error: " << error.state();
+    if (!RetryOnError(error))
+      delegate_->OnDocumentsTokenFetchFailed(username_);
+  }
+
   OAuthLoginVerifier::Delegate* delegate_;
   GaiaOAuthFetcher oauth_fetcher_;
   GaiaAuthFetcher gaia_fetcher_;
   std::string oauth1_token_;
   std::string oauth1_secret_;
   std::string sid_;
   std::string lsid_;
   std::string username_;
   Profile* user_profile_;
   int verification_count_;
@@ skipping 745 matching lines @@
   }
 }
 
 void LoginUtilsImpl::RestoreAuthenticationSession(const std::string& username,
                                                   Profile* user_profile) {
   username_ = username;
   KickStartAuthentication(user_profile);
 }
 
 void LoginUtilsImpl::KickStartAuthentication(Profile* user_profile) {
-  if (!authenticator_.get())
-    CreateAuthenticator(NULL);
   std::string oauth1_token;
   std::string oauth1_secret;
   if (ReadOAuth1AccessToken(user_profile, &oauth1_token, &oauth1_secret))
     VerifyOAuth1AccessToken(user_profile, oauth1_token, oauth1_secret);
-
-  authenticator_ = NULL;
 }
 
 void LoginUtilsImpl::SetBackgroundView(BackgroundView* background_view) {
   background_view_ = background_view;
 }
 
 BackgroundView* LoginUtilsImpl::GetBackgroundView() {
   return background_view_;
 }
 
@@ skipping 59 matching lines @@
       User::OAUTH_TOKEN_STATUS_VALID) {
     return false;
   }
 
   PrefService* pref_service = user_profile->GetPrefs();
   std::string encoded_token = pref_service->GetString(prefs::kOAuth1Token);
   std::string encoded_secret = pref_service->GetString(prefs::kOAuth1Secret);
   if (!encoded_token.length() || !encoded_secret.length())
     return false;
 
-  DCHECK(authenticator_.get());
-  std::string decoded_token = authenticator_->DecryptToken(encoded_token);
-  std::string decoded_secret = authenticator_->DecryptToken(encoded_secret);
+  std::string decoded_token =
+      CrosLibrary::Get()->GetCertLibrary()->DecryptToken(encoded_token);
+  std::string decoded_secret =
+      CrosLibrary::Get()->GetCertLibrary()->DecryptToken(encoded_secret);
   if (!decoded_token.length() || !decoded_secret.length())
     return false;
 
   *token = decoded_token;
   *secret = decoded_secret;
   return true;
 }
 
 void LoginUtilsImpl::StoreOAuth1AccessToken(Profile* user_profile,
                                             const std::string& token,
                                             const std::string& secret) {
   // First store OAuth1 token + service for the current user profile...
   PrefService* pref_service = user_profile->GetPrefs();
   pref_service->SetString(prefs::kOAuth1Token,
-                          authenticator_->EncryptToken(token));
+      CrosLibrary::Get()->GetCertLibrary()->EncryptToken(token));
   pref_service->SetString(prefs::kOAuth1Secret,
-                          authenticator_->EncryptToken(secret));
+      CrosLibrary::Get()->GetCertLibrary()->EncryptToken(secret));
 
   // ...then record the presence of valid OAuth token for this account in local
   // state as well.
   UserManager::Get()->SaveUserOAuthStatus(username_,
                                           User::OAUTH_TOKEN_STATUS_VALID);
 }
 
 void LoginUtilsImpl::VerifyOAuth1AccessToken(Profile* user_profile,
                                              const std::string& token,
                                              const std::string& secret) {
@@ skipping 96 matching lines @@
   // Mark login host for deletion after browser starts.  This
   // guarantees that the message loop will be referenced by the
   // browser before it is dereferenced by the login host.
   if (login_host) {
     login_host->OnSessionStart();
     login_host = NULL;
   }
 }
 
 }  // namespace chromeos