Fetch OAuth2 tokens prior to profile creation.

chrome/browser/chromeos/login/session/user_session_manager.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/session/user_session_manager.h"
 
 #include <string>
 
 #include "base/base_paths.h"
 #include "base/bind.h"
@@ skipping 384 matching lines @@
     } else {
       authenticator_ = new ChromeCryptohomeAuthenticator(consumer);
     }
   } else {
     // TODO(nkostylev): Fix this hack by improving Authenticator dependencies.
     authenticator_->SetConsumer(consumer);
   }
   return authenticator_;
 }
 
+void UserSessionManager::FetchOAuth2Tokens(
+    const UserContext& user_context,
+    const FetchOAuth2TokensCallback& callback) {
+  DCHECK(!user_context.GetAuthCode().empty());
+  login_callback_ = callback;
+  user_context_ = user_context;
+  oauth2_token_fetcher_.reset(new OAuth2TokenFetcher(
+      this, g_browser_process->system_request_context()));
+  oauth2_token_fetcher_->StartExchangeFromAuthCode(user_context.GetAuthCode());
+}
+
+void UserSessionManager::OnOAuth2TokensAvailable(
+    const GaiaAuthConsumer::ClientOAuthResult& oauth2_tokens) {
+  VLOG(1) << "OAuth2 tokens fetched";
+
+  refresh_token_ = oauth2_tokens.refresh_token;
+  oauthlogin_access_token_ = oauth2_tokens.access_token;
+  login_callback_.Run(user_context_, LoginPerformer::AUTH_MODE_EXTENSION);
+}
+
+void UserSessionManager::OnOAuth2TokensFetchFailed() {
+  LOG(WARNING) << "UserSessionManager::OnOAuth2TokensFetchFailed";

[xiyuan, 2015/04/20 22:02:41]

Should we still call login_callback_.Run()? Otherwise, we stuck because
ExistingUserController's flow is not resumed.

[achuithb, 2015/04/21 07:10:21]

Done.

+}
+
 void UserSessionManager::StartSession(
     const UserContext& user_context,
     StartSessionType start_session_type,
     bool has_auth_cookies,
     bool has_active_session,
     UserSessionManagerDelegate* delegate) {
   delegate_ = delegate;
   start_session_type_ = start_session_type;
 
   VLOG(1) << "Starting session for " << user_context.GetUserID();
@@ skipping 380 matching lines @@
 void UserSessionManager::StopChildStatusObserving() {
   if (!waiting_for_child_account_status_) {
     InitializeStartUrls();
     waiting_for_child_account_status_ = false;
   }
 }
 
 void UserSessionManager::CreateUserSession(const UserContext& user_context,
                                            bool has_auth_cookies) {
   user_context_ = user_context;
+
+  // If we have already fetched OAuth2 tokens, set them here.
+  if (!refresh_token_.empty())
+    user_context_.SetRefreshToken(refresh_token_);
+  if (!oauthlogin_access_token_.empty())
+    user_context_.SetAuthCode(std::string());

[xiyuan, 2015/04/20 22:02:41]

Move 831-834 to OnOAuth2TokensAvailable.

[achuithb, 2015/04/21 07:10:21]

Done.

+
   has_auth_cookies_ = has_auth_cookies;
   InitSessionRestoreStrategy();
   StoreUserContextDataBeforeProfileIsCreated();
 }
 
 void UserSessionManager::PreStartSession() {
   // Switch log file as soon as possible.
   if (base::SysInfo::IsRunningOnChromeOS())
     logging::RedirectChromeLogging(*(base::CommandLine::ForCurrentProcess()));
 }
@@ skipping 392 matching lines @@
     if (command_line->HasSwitch(::switches::kAppModeAuthCode)) {
       user_context_.SetAuthCode(command_line->GetSwitchValueASCII(
           ::switches::kAppModeAuthCode));
     }
 
     DCHECK(!has_auth_cookies_);
   }
 
   if (has_auth_cookies_) {
     session_restore_strategy_ = OAuth2LoginManager::RESTORE_FROM_COOKIE_JAR;
-  } else if (!user_context_.GetAuthCode().empty()) {
-    session_restore_strategy_ = OAuth2LoginManager::RESTORE_FROM_AUTH_CODE;
+  } else if (!oauthlogin_access_token_.empty()) {
+    session_restore_strategy_ =
+        OAuth2LoginManager::RESTORE_FROM_PASSED_OAUTH2_ACCESS_TOKEN;

[xiyuan, 2015/04/20 22:02:41]

We probably don't need a new strategy. After we get refresh token, it can fold
into RESTORE_FROM_PASSED_OAUTH2_REFRESH_TOKEN.

[achuithb, 2015/04/21 07:10:21]

So RESTORE_FROM_PASSED_OAUTH2_REFRESH_TOKEN doesn't create TokenHandleUtil and
call GetTokenHandle - should it? 

Also, currently the code paths for RESTORE_FROM_AUTH_CODE and
RESTORE_FROM_PASSED_OAUTH2_REFRESH_TOKEN are quite different. Are you sure this
is safe?

RestoreSessionFromSavedTokens does a bunch of stuff that we were not doing
before with the auth-code restore.

[xiyuan, 2015/04/22 00:37:17]

Yes, it should as long as refresh token is involved. It is needed to figure out
when the refresh token is revoked.
It should be safe. Since we do auth code -> O2RT now, the auth code restore flow
essentially becomes the refresh token restore flow. The should be the same.
RestoreSessionFromSavedTokens should not be executed for O2RT restore flow
either.

[achuithb, 2015/04/22 22:58:14]

Done.

   } else if (!user_context_.GetRefreshToken().empty()) {
     session_restore_strategy_ =
         OAuth2LoginManager::RESTORE_FROM_PASSED_OAUTH2_REFRESH_TOKEN;
   } else {
     session_restore_strategy_ =
         OAuth2LoginManager::RESTORE_FROM_SAVED_OAUTH2_REFRESH_TOKEN;
   }
 }
 
 void UserSessionManager::RestoreAuthSessionImpl(
@@ skipping 21 matching lines @@
 
   // Authentication request context may not be available if user was not
   // signing in with GAIA webview (i.e. webview instance hasn't been
   // initialized at all). Use fallback request context.
   if (!auth_request_context) {
     auth_request_context =
         authenticator_->authentication_context()->GetRequestContext();
   }
   login_manager->RestoreSession(auth_request_context, session_restore_strategy_,
                                 user_context_.GetRefreshToken(),
-                                user_context_.GetAuthCode());
+                                oauthlogin_access_token_);
 }
 
 void UserSessionManager::InitRlzImpl(Profile* profile, bool disabled) {
 #if defined(ENABLE_RLZ)
   PrefService* local_state = g_browser_process->local_state();
   if (disabled) {
     // Empty brand code means an organic install (no RLZ pings are sent).
     google_brand::chromeos::ClearBrandForCurrentSession();
   }
   if (disabled != local_state->GetBoolean(prefs::kRLZDisabled)) {
@@ skipping 378 matching lines @@
     if (is_enterprise_managed)
       display = USER_PODS_DISPLAY_DISABLED_MANAGED;
     else
       display = USER_PODS_DISPLAY_DISABLED_REGULAR;
   }
   UMA_HISTOGRAM_ENUMERATION("UserSessionManager.UserPodsDisplay", display,
                             NUM_USER_PODS_DISPLAY);
 }
 
 }  // namespace chromeos