Changes to the sign in manager in preparation for one-click sign in. This CL

chrome/browser/signin/signin_manager.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/signin_manager.h"
 
 #include <string>
 #include <vector>
 
 #include "base/command_line.h"
 #include "base/string_split.h"
 #include "base/string_util.h"
 #include "chrome/browser/prefs/pref_service.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/signin/token_service.h"
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/common/chrome_notification_types.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/net/gaia/gaia_constants.h"
 #include "chrome/common/pref_names.h"
 #include "content/public/browser/notification_service.h"
+#include "net/base/cookie_monster.h"
 
 const char kGetInfoEmailKey[] = "email";
 const char kGetInfoServicesKey[] = "allServices";
 const char kGooglePlusServiceKey[] = "googleme";
 
 SigninManager::SigninManager()
     : profile_(NULL),
       had_two_factor_error_(false),
       last_login_auth_error_(GoogleServiceAuthError::None()) {
 }
@@ skipping 103 matching lines @@
                                           GaiaConstants::kChromeSource,
                                           profile_->GetRequestContext()));
   client_login_->StartClientLogin(possibly_invalid_username_,
                                   access_code,
                                   "",
                                   std::string(),
                                   std::string(),
                                   GaiaAuthFetcher::HostedAccountsNotAllowed);
 }
 
+void SigninManager::StartSignInWithCredentials(const std::string& username,
+                                               const std::string& password) {
+  DCHECK(authenticated_username_.empty());
+  PrepareForSignin();
+  possibly_invalid_username_.assign(username);
+  password_.assign(password);
+
+  client_login_.reset(new GaiaAuthFetcher(this,
+                                          GaiaConstants::kChromeSource,
+                                          profile_->GetRequestContext()));
+
+  // This function starts with the current state of the web session's cookie
+  // jar and mints a new ClientLogin-style SID/LSID pair.  This involves going
+  // throug the follow process or requests to GAIA and LSO:
+  //
+  // - call /o/oauth2/programmatic_auth with the returned token to get oauth2
+  //   access and refresh tokens
+  // - call /accounts/OAuthLogin with the oauth2 access token and get an uber
+  //   auth token
+  // - call /TokenAuth with the uber auth token to get a SID/LSID pair for use
+  //   by the token service
+  //
+  // The resulting SID/LSID can then be used just as if
+  // client_login_->StartClientLogin() had completed successfully.
+  client_login_->StartOAuthLoginTokenFetch("");
+}
+
 void SigninManager::ClearTransientSigninData() {
   DCHECK(IsInitialized());
 
   CleanupNotificationRegistration();
   client_login_.reset();
   last_result_ = ClientLoginResult();
   possibly_invalid_username_.clear();
   password_.clear();
   had_two_factor_error_ = false;
 }
@@ skipping 16 matching lines @@
 }
 
 const GoogleServiceAuthError& SigninManager::GetLoginAuthError() const {
   return last_login_auth_error_;
 }
 
 bool SigninManager::AuthInProgress() const {
   return !possibly_invalid_username_.empty();
 }
 
+void SigninManager::OnGetUserInfoKeyNotFound(const std::string& key) {
+  DCHECK(key == kGetInfoEmailKey);
+  LOG(ERROR) << "Account is not associated with a valid email address. "
+             << "Login failed.";
+  OnClientLoginFailure(GoogleServiceAuthError(
+      GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS));
+}
+
 void SigninManager::OnClientLoginSuccess(const ClientLoginResult& result) {
   last_result_ = result;
   // Make a request for the canonical email address and services.
   client_login_->StartGetUserInfo(result.lsid);
 }
 
+void SigninManager::OnClientLoginFailure(const GoogleServiceAuthError& error) {

[Andrew T Wilson (Slow), 2012/02/27 19:00:10]

nit: my preference is not to move functions around in existing files as it makes
it harder to review. If we want to enforce alphabetic ordering, I'd rather drive
that as a separate CL where you explicitly state you're just moving routines
around, but as a reviewer it's not easy to see whether you changed this
implementation or just moved it. It's fine to leave this change in this CL
though.

[Roger Tawa OOO till Jul 10th, 2012/02/29 21:02:54]

OK Drew, will do that net time.  I moved them around to adhere to chrome's style
guide which states that functions in the cc file should appear in the same order
as in the h file.

+  // If we got a bad ASP, prompt for an ASP again by forcing another TWO_FACTOR
+  // error.
+  bool invalid_gaia = error.state() ==
+      GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS;
+  last_login_auth_error_ = (invalid_gaia && had_two_factor_error_) ?
+      GoogleServiceAuthError(GoogleServiceAuthError::TWO_FACTOR) : error;
+  content::NotificationService::current()->Notify(
+      chrome::NOTIFICATION_GOOGLE_SIGNIN_FAILED,
+      content::Source<Profile>(profile_),
+      content::Details<const GoogleServiceAuthError>(&last_login_auth_error_));
+
+  // We don't sign-out if the password was valid and we're just dealing with
+  // a second factor error, and we don't sign out if we're dealing with
+  // an invalid access code (again, because the password was valid).
+  if (last_login_auth_error_.state() == GoogleServiceAuthError::TWO_FACTOR) {
+    had_two_factor_error_ = true;
+    return;
+  }
+
+  ClearTransientSigninData();
+}
+
+void SigninManager::OnOAuthLoginTokenSuccess(const std::string& refresh_token,
+                                             const std::string& access_token,
+                                             int expires_in_secs) {
+  DVLOG(1) << "SigninManager::OnOAuthLoginTokenSuccess access_token="
+           << access_token;
+  client_login_->StartUberAuthTokenFetch(access_token);
+}
+
+void SigninManager::OnOAuthLoginTokenFailure(
+    const GoogleServiceAuthError& error) {
+  LOG(WARNING) << "SigninManager::OnOAuthLoginTokenFailure";
+  last_login_auth_error_ = error;
+  content::NotificationService::current()->Notify(
+      chrome::NOTIFICATION_GOOGLE_SIGNIN_FAILED,
+      content::Source<Profile>(profile_),
+      content::Details<const GoogleServiceAuthError>(&last_login_auth_error_));
+
+  ClearTransientSigninData();
+}
+
 void SigninManager::OnGetUserInfoSuccess(const UserInfoMap& data) {
   UserInfoMap::const_iterator email_iter = data.find(kGetInfoEmailKey);
   if (email_iter == data.end()) {
     OnGetUserInfoKeyNotFound(kGetInfoEmailKey);
     return;
   } else {
     DCHECK(email_iter->first == kGetInfoEmailKey);
     last_login_auth_error_ = GoogleServiceAuthError::None();
     SetAuthenticatedUsername(email_iter->second);
     possibly_invalid_username_.clear();
@@ skipping 21 matching lines @@
       content::Source<Profile>(profile_),
       content::Details<const GoogleServiceSigninSuccessDetails>(&details));
 
   password_.clear();  // Don't need it anymore.
 
   profile_->GetTokenService()->UpdateCredentials(last_result_);
   DCHECK(profile_->GetTokenService()->AreCredentialsValid());
   profile_->GetTokenService()->StartFetchingTokens();
 }
 
-void SigninManager::OnGetUserInfoKeyNotFound(const std::string& key) {
-  DCHECK(key == kGetInfoEmailKey);
-  LOG(ERROR) << "Account is not associated with a valid email address. "
-             << "Login failed.";
-  OnClientLoginFailure(GoogleServiceAuthError(
-      GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS));
-}
-
 void SigninManager::OnGetUserInfoFailure(const GoogleServiceAuthError& error) {
   LOG(ERROR) << "Unable to retreive the canonical email address. Login failed.";
   OnClientLoginFailure(error);
 }
 
+void SigninManager::OnTokenAuthSuccess(const net::ResponseCookies& cookies,
+                                       const std::string& data) {
+  DVLOG(1) << "SigninManager::OnTokenAuthSuccess";
+
+  // The SID and LSID from this request is equivalent the pair returned by
+  // ClientLogin.
+  std::string sid;
+  std::string lsid;
+  for (net::ResponseCookies::const_iterator i = cookies.begin();
+       i != cookies.end(); ++i) {
+    net::CookieMonster::ParsedCookie parsed(*i);
+    if (parsed.Name() == "SID") {
+      sid = parsed.Value();
+    } else if (parsed.Name() == "LSID") {
+      lsid = parsed.Value();
+    }
+  }
+
+  if (!sid.empty() && !lsid.empty()) {
+    OnClientLoginSuccess(
+        GaiaAuthConsumer::ClientLoginResult(sid, lsid, "", data));
+  } else {
+    OnTokenAuthFailure(
+        GoogleServiceAuthError(GoogleServiceAuthError::SERVICE_UNAVAILABLE));
+  }
+}
+
 void SigninManager::OnTokenAuthFailure(const GoogleServiceAuthError& error) {
-#if !defined(OS_CHROMEOS)

[Andrew T Wilson (Slow), 2012/02/27 19:00:10]

Is it OK to remove this #ifdef?

[Roger Tawa OOO till Jul 10th, 2012/02/29 21:02:54]

This was dead code that was not used.  When I first implemented pre-login, I
used the TokenAuth api.  However, this caused problems with multi-login, so I
changed to using MergeSession instead and never removed this code.

However, now I do need to use TokenAuth, but it should not call
CleanupNotificationRegistration().  Good catch.  I created a new function so as
to not duplicate too much error handling code.

   DVLOG(1) << "Unable to retrieve the token auth.";
   CleanupNotificationRegistration();
-#endif
 }
 
-void SigninManager::OnClientLoginFailure(const GoogleServiceAuthError& error) {
-  // If we got a bad ASP, prompt for an ASP again by forcing another TWO_FACTOR
-  // error.
-  bool invalid_gaia = error.state() ==
-      GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS;
-  last_login_auth_error_ = (invalid_gaia && had_two_factor_error_) ?
-      GoogleServiceAuthError(GoogleServiceAuthError::TWO_FACTOR) : error;
+void SigninManager::OnUberAuthTokenSuccess(const std::string& token) {
+  DVLOG(1) << "SigninManager::OnUberAuthTokenSuccess token=" << token;
+  client_login_->StartTokenAuth(token);
+}
+
+void SigninManager::OnUberAuthTokenFailure(
+    const GoogleServiceAuthError& error) {
+  LOG(WARNING) << "SigninManager::OnUberAuthTokenFailure";
+  last_login_auth_error_ = error;
   content::NotificationService::current()->Notify(
       chrome::NOTIFICATION_GOOGLE_SIGNIN_FAILED,
       content::Source<Profile>(profile_),
       content::Details<const GoogleServiceAuthError>(&last_login_auth_error_));
 
-  // We don't sign-out if the password was valid and we're just dealing with
-  // a second factor error, and we don't sign out if we're dealing with
-  // an invalid access code (again, because the password was valid).
-  if (last_login_auth_error_.state() == GoogleServiceAuthError::TWO_FACTOR) {
-    had_two_factor_error_ = true;
-    return;
-  }
-
   ClearTransientSigninData();
 }
 
 void SigninManager::Observe(int type,
                             const content::NotificationSource& source,
                             const content::NotificationDetails& details) {
 #if !defined(OS_CHROMEOS)
   DCHECK(type == chrome::NOTIFICATION_TOKEN_AVAILABLE);
   TokenService::TokenAvailableDetails* tok_details =
       content::Details<TokenService::TokenAvailableDetails>(details).ptr();
 
   // If a GAIA service token has become available, use it to pre-login the
   // user to other services that depend on GAIA credentials.
   if (tok_details->service() == GaiaConstants::kGaiaService) {
     if (client_login_.get() == NULL) {
       client_login_.reset(new GaiaAuthFetcher(this,
                                               GaiaConstants::kChromeSource,
                                               profile_->GetRequestContext()));
     }
 
     client_login_->StartMergeSession(tok_details->token());
 
     // We only want to do this once per sign-in.
     CleanupNotificationRegistration();
   }
 #endif
 }