Changes to the sign in manager in preparation for one-click sign in. This CL

chrome/browser/signin/signin_manager.cc

Index: chrome/browser/signin/signin_manager.cc
===================================================================
--- chrome/browser/signin/signin_manager.cc	(revision 123466)
+++ chrome/browser/signin/signin_manager.cc	(working copy)
@@ -19,6 +19,7 @@
 #include "chrome/common/net/gaia/gaia_constants.h"
 #include "chrome/common/pref_names.h"
 #include "content/public/browser/notification_service.h"
+#include "net/base/cookie_monster.h"
 
 const char kGetInfoEmailKey[] = "email";
 const char kGetInfoServicesKey[] = "allServices";
@@ -142,6 +143,33 @@
                                   GaiaAuthFetcher::HostedAccountsNotAllowed);
 }
 
+void SigninManager::StartSignInWithCredentials(const std::string& username,
+                                               const std::string& password) {
+  DCHECK(authenticated_username_.empty());
+  PrepareForSignin();
+  possibly_invalid_username_.assign(username);
+  password_.assign(password);
+
+  client_login_.reset(new GaiaAuthFetcher(this,
+                                          GaiaConstants::kChromeSource,
+                                          profile_->GetRequestContext()));
+
+  // This function starts with the current state of the web session's cookie
+  // jar and mints a new ClientLogin-style SID/LSID pair.  This involves going
+  // throug the follow process or requests to GAIA and LSO:
+  //
+  // - call /o/oauth2/programmatic_auth with the returned token to get oauth2
+  //   access and refresh tokens
+  // - call /accounts/OAuthLogin with the oauth2 access token and get an uber
+  //   auth token
+  // - call /TokenAuth with the uber auth token to get a SID/LSID pair for use
+  //   by the token service
+  //
+  // The resulting SID/LSID can then be used just as if
+  // client_login_->StartClientLogin() had completed successfully.
+  client_login_->StartOAuthLoginTokenFetch("");
+}
+
 void SigninManager::ClearTransientSigninData() {
   DCHECK(IsInitialized());
 
@@ -178,12 +206,63 @@
   return !possibly_invalid_username_.empty();
 }
 
+void SigninManager::OnGetUserInfoKeyNotFound(const std::string& key) {
+  DCHECK(key == kGetInfoEmailKey);
+  LOG(ERROR) << "Account is not associated with a valid email address. "
+             << "Login failed.";
+  OnClientLoginFailure(GoogleServiceAuthError(
+      GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS));
+}
+
 void SigninManager::OnClientLoginSuccess(const ClientLoginResult& result) {
   last_result_ = result;
   // Make a request for the canonical email address and services.
   client_login_->StartGetUserInfo(result.lsid);
 }
 
+void SigninManager::OnClientLoginFailure(const GoogleServiceAuthError& error) {

[Andrew T Wilson (Slow), 2012/02/27 19:00:10]

nit: my preference is not to move functions around in existing files as it makes
it harder to review. If we want to enforce alphabetic ordering, I'd rather drive
that as a separate CL where you explicitly state you're just moving routines
around, but as a reviewer it's not easy to see whether you changed this
implementation or just moved it. It's fine to leave this change in this CL
though.

[Roger Tawa OOO till Jul 10th, 2012/02/29 21:02:54]

OK Drew, will do that net time.  I moved them around to adhere to chrome's style
guide which states that functions in the cc file should appear in the same order
as in the h file.

+  // If we got a bad ASP, prompt for an ASP again by forcing another TWO_FACTOR
+  // error.
+  bool invalid_gaia = error.state() ==
+      GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS;
+  last_login_auth_error_ = (invalid_gaia && had_two_factor_error_) ?
+      GoogleServiceAuthError(GoogleServiceAuthError::TWO_FACTOR) : error;
+  content::NotificationService::current()->Notify(
+      chrome::NOTIFICATION_GOOGLE_SIGNIN_FAILED,
+      content::Source<Profile>(profile_),
+      content::Details<const GoogleServiceAuthError>(&last_login_auth_error_));
+
+  // We don't sign-out if the password was valid and we're just dealing with
+  // a second factor error, and we don't sign out if we're dealing with
+  // an invalid access code (again, because the password was valid).
+  if (last_login_auth_error_.state() == GoogleServiceAuthError::TWO_FACTOR) {
+    had_two_factor_error_ = true;
+    return;
+  }
+
+  ClearTransientSigninData();
+}
+
+void SigninManager::OnOAuthLoginTokenSuccess(const std::string& refresh_token,
+                                             const std::string& access_token,
+                                             int expires_in_secs) {
+  DVLOG(1) << "SigninManager::OnOAuthLoginTokenSuccess access_token="
+           << access_token;
+  client_login_->StartUberAuthTokenFetch(access_token);
+}
+
+void SigninManager::OnOAuthLoginTokenFailure(
+    const GoogleServiceAuthError& error) {
+  LOG(WARNING) << "SigninManager::OnOAuthLoginTokenFailure";
+  last_login_auth_error_ = error;
+  content::NotificationService::current()->Notify(
+      chrome::NOTIFICATION_GOOGLE_SIGNIN_FAILED,
+      content::Source<Profile>(profile_),
+      content::Details<const GoogleServiceAuthError>(&last_login_auth_error_));
+
+  ClearTransientSigninData();
+}
+
 void SigninManager::OnGetUserInfoSuccess(const UserInfoMap& data) {
   UserInfoMap::const_iterator email_iter = data.find(kGetInfoEmailKey);
   if (email_iter == data.end()) {
@@ -225,46 +304,57 @@
   profile_->GetTokenService()->StartFetchingTokens();
 }
 
-void SigninManager::OnGetUserInfoKeyNotFound(const std::string& key) {
-  DCHECK(key == kGetInfoEmailKey);
-  LOG(ERROR) << "Account is not associated with a valid email address. "
-             << "Login failed.";
-  OnClientLoginFailure(GoogleServiceAuthError(
-      GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS));
-}
-
 void SigninManager::OnGetUserInfoFailure(const GoogleServiceAuthError& error) {
   LOG(ERROR) << "Unable to retreive the canonical email address. Login failed.";
   OnClientLoginFailure(error);
 }
 
+void SigninManager::OnTokenAuthSuccess(const net::ResponseCookies& cookies,
+                                       const std::string& data) {
+  DVLOG(1) << "SigninManager::OnTokenAuthSuccess";
+
+  // The SID and LSID from this request is equivalent the pair returned by
+  // ClientLogin.
+  std::string sid;
+  std::string lsid;
+  for (net::ResponseCookies::const_iterator i = cookies.begin();
+       i != cookies.end(); ++i) {
+    net::CookieMonster::ParsedCookie parsed(*i);
+    if (parsed.Name() == "SID") {
+      sid = parsed.Value();
+    } else if (parsed.Name() == "LSID") {
+      lsid = parsed.Value();
+    }
+  }
+
+  if (!sid.empty() && !lsid.empty()) {
+    OnClientLoginSuccess(
+        GaiaAuthConsumer::ClientLoginResult(sid, lsid, "", data));
+  } else {
+    OnTokenAuthFailure(
+        GoogleServiceAuthError(GoogleServiceAuthError::SERVICE_UNAVAILABLE));
+  }
+}
+
 void SigninManager::OnTokenAuthFailure(const GoogleServiceAuthError& error) {
-#if !defined(OS_CHROMEOS)

[Andrew T Wilson (Slow), 2012/02/27 19:00:10]

Is it OK to remove this #ifdef?

[Roger Tawa OOO till Jul 10th, 2012/02/29 21:02:54]

This was dead code that was not used.  When I first implemented pre-login, I
used the TokenAuth api.  However, this caused problems with multi-login, so I
changed to using MergeSession instead and never removed this code.

However, now I do need to use TokenAuth, but it should not call
CleanupNotificationRegistration().  Good catch.  I created a new function so as
to not duplicate too much error handling code.

   DVLOG(1) << "Unable to retrieve the token auth.";
   CleanupNotificationRegistration();
-#endif
 }
 
-void SigninManager::OnClientLoginFailure(const GoogleServiceAuthError& error) {
-  // If we got a bad ASP, prompt for an ASP again by forcing another TWO_FACTOR
-  // error.
-  bool invalid_gaia = error.state() ==
-      GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS;
-  last_login_auth_error_ = (invalid_gaia && had_two_factor_error_) ?
-      GoogleServiceAuthError(GoogleServiceAuthError::TWO_FACTOR) : error;
+void SigninManager::OnUberAuthTokenSuccess(const std::string& token) {
+  DVLOG(1) << "SigninManager::OnUberAuthTokenSuccess token=" << token;
+  client_login_->StartTokenAuth(token);
+}
+
+void SigninManager::OnUberAuthTokenFailure(
+    const GoogleServiceAuthError& error) {
+  LOG(WARNING) << "SigninManager::OnUberAuthTokenFailure";
+  last_login_auth_error_ = error;
   content::NotificationService::current()->Notify(
       chrome::NOTIFICATION_GOOGLE_SIGNIN_FAILED,
       content::Source<Profile>(profile_),
       content::Details<const GoogleServiceAuthError>(&last_login_auth_error_));
 
-  // We don't sign-out if the password was valid and we're just dealing with
-  // a second factor error, and we don't sign out if we're dealing with
-  // an invalid access code (again, because the password was valid).
-  if (last_login_auth_error_.state() == GoogleServiceAuthError::TWO_FACTOR) {
-    had_two_factor_error_ = true;
-    return;
-  }
-
   ClearTransientSigninData();
 }