Refactor AO2TS to make it easier to componentize.

chrome/browser/chromeos/settings/device_oauth2_token_service_delegate.cc

-// Copyright 2013 The Chromium Authors. All rights reserved.
+// Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "chrome/browser/chromeos/settings/device_oauth2_token_service.h"
+#include "chrome/browser/chromeos/settings/device_oauth2_token_service_delegate.h"
 
 #include <string>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/memory/weak_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/prefs/pref_registry_simple.h"
 #include "base/prefs/pref_service.h"
 #include "base/values.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chromeos/settings/token_encryptor.h"
 #include "chrome/common/pref_names.h"
 #include "chromeos/cryptohome/system_salt_getter.h"
 #include "chromeos/settings/cros_settings_names.h"
 #include "google_apis/gaia/gaia_constants.h"
 #include "google_apis/gaia/gaia_urls.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "google_apis/gaia/oauth2_access_token_fetcher_impl.h"
 #include "policy/proto/device_management_backend.pb.h"
 
 namespace chromeos {
 
-struct DeviceOAuth2TokenService::PendingRequest {
-  PendingRequest(const base::WeakPtr<RequestImpl>& request,
-                 const std::string& client_id,
-                 const std::string& client_secret,
-                 const ScopeSet& scopes)
-      : request(request),
-        client_id(client_id),
-        client_secret(client_secret),
-        scopes(scopes) {}
-
-  const base::WeakPtr<RequestImpl> request;
-  const std::string client_id;
-  const std::string client_secret;
-  const ScopeSet scopes;
-};
-
-void DeviceOAuth2TokenService::OnServiceAccountIdentityChanged() {
+void DeviceOAuth2TokenServiceDelegate::OnServiceAccountIdentityChanged() {
   if (!GetRobotAccountId().empty() && !refresh_token_.empty())
     FireRefreshTokenAvailable(GetRobotAccountId());
 }
 
-DeviceOAuth2TokenService::DeviceOAuth2TokenService(
+DeviceOAuth2TokenServiceDelegate::DeviceOAuth2TokenServiceDelegate(
     net::URLRequestContextGetter* getter,
     PrefService* local_state)
     : url_request_context_getter_(getter),
       local_state_(local_state),
       state_(STATE_LOADING),
       max_refresh_token_validation_retries_(3),
+      has_pending_requests_(false),
+      service_error_status_observer_(nullptr),
       service_account_identity_subscription_(
-          CrosSettings::Get()->AddSettingsObserver(
-              kServiceAccountIdentity,
-              base::Bind(
-                  &DeviceOAuth2TokenService::OnServiceAccountIdentityChanged,
-                  base::Unretained(this))).Pass()),
+          CrosSettings::Get()
+              ->AddSettingsObserver(
+                    kServiceAccountIdentity,
+                    base::Bind(&DeviceOAuth2TokenServiceDelegate::
+                                   OnServiceAccountIdentityChanged,
+                               base::Unretained(this)))
+              .Pass()),
       weak_ptr_factory_(this) {
   // Pull in the system salt.
   SystemSaltGetter::Get()->GetSystemSalt(
-      base::Bind(&DeviceOAuth2TokenService::DidGetSystemSalt,
+      base::Bind(&DeviceOAuth2TokenServiceDelegate::DidGetSystemSalt,
                  weak_ptr_factory_.GetWeakPtr()));
 }
 
-DeviceOAuth2TokenService::~DeviceOAuth2TokenService() {
-  FlushPendingRequests(false, GoogleServiceAuthError::REQUEST_CANCELED);
+DeviceOAuth2TokenServiceDelegate::~DeviceOAuth2TokenServiceDelegate() {
+  if (service_error_status_observer_)
+    service_error_status_observer_->OnServiceError(
+        GoogleServiceAuthError::REQUEST_CANCELED);
   FlushTokenSaveCallbacks(false);
 }
 
-// static
-void DeviceOAuth2TokenService::RegisterPrefs(PrefRegistrySimple* registry) {
-  registry->RegisterStringPref(prefs::kDeviceRobotAnyApiRefreshToken,
-                               std::string());
-}
-
-void DeviceOAuth2TokenService::SetAndSaveRefreshToken(
+void DeviceOAuth2TokenServiceDelegate::SetAndSaveRefreshToken(
     const std::string& refresh_token,
     const StatusCallback& result_callback) {
-  FlushPendingRequests(false, GoogleServiceAuthError::REQUEST_CANCELED);
+  if (service_error_status_observer_)

[Mattias Nissler (ping if slow), 2015/07/01 12:34:13]

nit: add curly braces for multi-line conditional statement.

[gogerald1, 2015/07/01 17:58:42]

Done.

+    service_error_status_observer_->OnServiceError(
+        GoogleServiceAuthError::REQUEST_CANCELED);
 
   bool waiting_for_salt = state_ == STATE_LOADING;
   refresh_token_ = refresh_token;
   state_ = STATE_VALIDATION_PENDING;
 
   // If the robot account ID is not available yet, do not announce the token. It
   // will be done from OnServiceAccountIdentityChanged() once the robot account
   // ID becomes available as well.
   if (!GetRobotAccountId().empty())
     FireRefreshTokenAvailable(GetRobotAccountId());
 
   token_save_callbacks_.push_back(result_callback);
   if (!waiting_for_salt) {
     if (system_salt_.empty())
       FlushTokenSaveCallbacks(false);
     else
       EncryptAndSaveToken();
   }
 }
 
-bool DeviceOAuth2TokenService::RefreshTokenIsAvailable(
+bool DeviceOAuth2TokenServiceDelegate::RefreshTokenIsAvailable(
     const std::string& account_id) const {
   switch (state_) {
     case STATE_NO_TOKEN:
     case STATE_TOKEN_INVALID:
       return false;
     case STATE_LOADING:
     case STATE_VALIDATION_PENDING:
     case STATE_VALIDATION_STARTED:
     case STATE_TOKEN_VALID:
       return account_id == GetRobotAccountId();
   }
 
   NOTREACHED() << "Unhandled state " << state_;
   return false;
 }
 
-std::string DeviceOAuth2TokenService::GetRobotAccountId() const {
+std::string DeviceOAuth2TokenServiceDelegate::GetRobotAccountId() const {
   std::string result;
   CrosSettings::Get()->GetString(kServiceAccountIdentity, &result);
   return result;
 }
 
-void DeviceOAuth2TokenService::OnRefreshTokenResponse(
+void DeviceOAuth2TokenServiceDelegate::OnRefreshTokenResponse(
     const std::string& access_token,
     int expires_in_seconds) {
-  gaia_oauth_client_->GetTokenInfo(
-      access_token,
-      max_refresh_token_validation_retries_,
-      this);
+  gaia_oauth_client_->GetTokenInfo(access_token,
+                                   max_refresh_token_validation_retries_, this);
 }
 
-void DeviceOAuth2TokenService::OnGetTokenInfoResponse(
+void DeviceOAuth2TokenServiceDelegate::OnGetTokenInfoResponse(
     scoped_ptr<base::DictionaryValue> token_info) {
   std::string gaia_robot_id;
   token_info->GetString("email", &gaia_robot_id);
   gaia_oauth_client_.reset();
 
   CheckRobotAccountId(gaia_robot_id);
 }
 
-void DeviceOAuth2TokenService::OnOAuthError() {
+void DeviceOAuth2TokenServiceDelegate::OnOAuthError() {
   gaia_oauth_client_.reset();
   state_ = STATE_TOKEN_INVALID;
-  FlushPendingRequests(false, GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);
+  if (service_error_status_observer_)

[Mattias Nissler (ping if slow), 2015/07/01 12:34:13]

nit: braces

[gogerald1, 2015/07/01 17:58:41]

Done.

+    service_error_status_observer_->OnServiceError(
+        GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);
 }
 
-void DeviceOAuth2TokenService::OnNetworkError(int response_code) {
+void DeviceOAuth2TokenServiceDelegate::OnNetworkError(int response_code) {
   gaia_oauth_client_.reset();
 
   // Go back to pending validation state. That'll allow a retry on subsequent
   // token minting requests.
   state_ = STATE_VALIDATION_PENDING;
-  FlushPendingRequests(false, GoogleServiceAuthError::CONNECTION_FAILED);
+  if (service_error_status_observer_)

[Mattias Nissler (ping if slow), 2015/07/01 12:34:13]

nit: braces

[gogerald1, 2015/07/01 17:58:41]

Done.

+    service_error_status_observer_->OnServiceError(
+        GoogleServiceAuthError::CONNECTION_FAILED);
 }
 
-std::string DeviceOAuth2TokenService::GetRefreshToken(
+std::string DeviceOAuth2TokenServiceDelegate::GetRefreshToken(
     const std::string& account_id) const {
   switch (state_) {
     case STATE_LOADING:
     case STATE_NO_TOKEN:
     case STATE_TOKEN_INVALID:
       // This shouldn't happen: GetRefreshToken() is only called for actual
       // token minting operations. In above states, requests are either queued
       // or short-circuited to signal error immediately, so no actual token
       // minting via OAuth2TokenService::FetchOAuth2Token should be triggered.
       NOTREACHED();
       return std::string();
     case STATE_VALIDATION_PENDING:
     case STATE_VALIDATION_STARTED:
     case STATE_TOKEN_VALID:
       return refresh_token_;
   }
 
   NOTREACHED() << "Unhandled state " << state_;
   return std::string();
 }
 
-net::URLRequestContextGetter* DeviceOAuth2TokenService::GetRequestContext() {
+net::URLRequestContextGetter*
+DeviceOAuth2TokenServiceDelegate::GetRequestContext() const {
   return url_request_context_getter_.get();
 }
 
-void DeviceOAuth2TokenService::FetchOAuth2Token(
-    RequestImpl* request,
-    const std::string& account_id,
-    net::URLRequestContextGetter* getter,
-    const std::string& client_id,
-    const std::string& client_secret,
-    const ScopeSet& scopes) {
-  switch (state_) {
-    case STATE_VALIDATION_PENDING:
-      // If this is the first request for a token, start validation.
-      StartValidation();
-      // fall through.
-    case STATE_LOADING:
-    case STATE_VALIDATION_STARTED:
-      // Add a pending request that will be satisfied once validation completes.
-      pending_requests_.push_back(new PendingRequest(
-          request->AsWeakPtr(), client_id, client_secret, scopes));
-      return;
-    case STATE_NO_TOKEN:
-      FailRequest(request, GoogleServiceAuthError::USER_NOT_SIGNED_UP);
-      return;
-    case STATE_TOKEN_INVALID:
-      FailRequest(request, GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);
-      return;
-    case STATE_TOKEN_VALID:
-      // Pass through to OAuth2TokenService to satisfy the request.
-      OAuth2TokenService::FetchOAuth2Token(
-          request, account_id, getter, client_id, client_secret, scopes);
-      return;
-  }
-
-  NOTREACHED() << "Unexpected state " << state_;
-}
-
-OAuth2AccessTokenFetcher* DeviceOAuth2TokenService::CreateAccessTokenFetcher(
+OAuth2AccessTokenFetcher*
+DeviceOAuth2TokenServiceDelegate::CreateAccessTokenFetcher(
     const std::string& account_id,
     net::URLRequestContextGetter* getter,
     OAuth2AccessTokenConsumer* consumer) {
   std::string refresh_token = GetRefreshToken(account_id);
   DCHECK(!refresh_token.empty());
   return new OAuth2AccessTokenFetcherImpl(consumer, getter, refresh_token);
 }
 
-
-void DeviceOAuth2TokenService::DidGetSystemSalt(
+void DeviceOAuth2TokenServiceDelegate::DidGetSystemSalt(
     const std::string& system_salt) {
   system_salt_ = system_salt;
 
   // Bail out if system salt is not available.
   if (system_salt_.empty()) {
     LOG(ERROR) << "Failed to get system salt.";
     FlushTokenSaveCallbacks(false);
     state_ = STATE_NO_TOKEN;
     FireRefreshTokensLoaded();
     return;
@@ skipping 16 matching lines @@
       LOG(ERROR) << "Failed to decrypt refresh token.";
       state_ = STATE_NO_TOKEN;
       FireRefreshTokensLoaded();
       return;
     }
   }
 
   state_ = STATE_VALIDATION_PENDING;
 
   // If there are pending requests, start a validation.
-  if (!pending_requests_.empty())
+  if (has_pending_requests_)
     StartValidation();
 
   // Announce the token.
   FireRefreshTokenAvailable(GetRobotAccountId());
   FireRefreshTokensLoaded();
 }
 
-void DeviceOAuth2TokenService::CheckRobotAccountId(
+void DeviceOAuth2TokenServiceDelegate::CheckRobotAccountId(
     const std::string& gaia_robot_id) {
   // Make sure the value returned by GetRobotAccountId has been validated
   // against current device settings.
-  switch (CrosSettings::Get()->PrepareTrustedValues(base::Bind(
-              &DeviceOAuth2TokenService::CheckRobotAccountId,
-              weak_ptr_factory_.GetWeakPtr(),
-              gaia_robot_id))) {
+  switch (CrosSettings::Get()->PrepareTrustedValues(
+      base::Bind(&DeviceOAuth2TokenServiceDelegate::CheckRobotAccountId,
+                 weak_ptr_factory_.GetWeakPtr(), gaia_robot_id))) {
     case CrosSettingsProvider::TRUSTED:
       // All good, compare account ids below.
       break;
     case CrosSettingsProvider::TEMPORARILY_UNTRUSTED:
       // The callback passed to PrepareTrustedValues above will trigger a
       // re-check eventually.
       return;
     case CrosSettingsProvider::PERMANENTLY_UNTRUSTED:
       // There's no trusted account id, which is equivalent to no token present.
       LOG(WARNING) << "Device settings permanently untrusted.";
       state_ = STATE_NO_TOKEN;
-      FlushPendingRequests(false, GoogleServiceAuthError::USER_NOT_SIGNED_UP);
+      if (service_error_status_observer_)

[Mattias Nissler (ping if slow), 2015/07/01 12:34:13]

nit: braces

[gogerald1, 2015/07/01 17:58:42]

Done.

+        service_error_status_observer_->OnServiceError(
+            GoogleServiceAuthError::USER_NOT_SIGNED_UP);
       return;
   }
 
   std::string policy_robot_id = GetRobotAccountId();
   if (policy_robot_id == gaia_robot_id) {
     state_ = STATE_TOKEN_VALID;
-    FlushPendingRequests(true, GoogleServiceAuthError::NONE);
+    if (service_error_status_observer_)

[Mattias Nissler (ping if slow), 2015/07/01 12:34:13]

nit: braces

[gogerald1, 2015/07/01 17:58:41]

Done.

+      service_error_status_observer_->OnServiceError(
+          GoogleServiceAuthError::NONE);
   } else {
     if (gaia_robot_id.empty()) {
       LOG(WARNING) << "Device service account owner in policy is empty.";
     } else {
       LOG(WARNING) << "Device service account owner in policy does not match "
                    << "refresh token owner \"" << gaia_robot_id << "\".";
     }
     state_ = STATE_TOKEN_INVALID;
-    FlushPendingRequests(false,
-                         GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);
+    if (service_error_status_observer_)

[Mattias Nissler (ping if slow), 2015/07/01 12:34:13]

nit: braces

Given the frequency of this code block, it might be a good idea to introduce a
helper:

void DeviceOAuthTokenServiceDelegate::ReportServiceError(GoogleAuthServiceError
error) {
 if (service_error_status_observer_)
   service_error_status_observer_->OnServiceError(error);
}

[gogerald1, 2015/07/01 17:58:41]

Acknowledged. might be more efficient to inline short code.

[Mattias Nissler (ping if slow), 2015/07/01 18:50:04]

I don't think efficiency is of any concern in this particular case. Given that,
readability is key here IMHO.

+      service_error_status_observer_->OnServiceError(
+          GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);
   }
 }
 
-void DeviceOAuth2TokenService::EncryptAndSaveToken() {
+void DeviceOAuth2TokenServiceDelegate::EncryptAndSaveToken() {
   DCHECK_NE(state_, STATE_LOADING);
 
   CryptohomeTokenEncryptor encryptor(system_salt_);
   std::string encrypted_refresh_token =
       encryptor.EncryptWithSystemSalt(refresh_token_);
   bool result = true;
   if (encrypted_refresh_token.empty()) {
     LOG(ERROR) << "Failed to encrypt refresh token; save aborted.";
     result = false;
   } else {
     local_state_->SetString(prefs::kDeviceRobotAnyApiRefreshToken,
                             encrypted_refresh_token);
   }
 
   FlushTokenSaveCallbacks(result);
 }
 
-void DeviceOAuth2TokenService::StartValidation() {
+void DeviceOAuth2TokenServiceDelegate::StartValidation() {
   DCHECK_EQ(state_, STATE_VALIDATION_PENDING);
   DCHECK(!gaia_oauth_client_);
 
   state_ = STATE_VALIDATION_STARTED;
 
-  gaia_oauth_client_.reset(new gaia::GaiaOAuthClient(
-      g_browser_process->system_request_context()));
+  gaia_oauth_client_.reset(
+      new gaia::GaiaOAuthClient(g_browser_process->system_request_context()));
 
   GaiaUrls* gaia_urls = GaiaUrls::GetInstance();
   gaia::OAuthClientInfo client_info;
   client_info.client_id = gaia_urls->oauth2_chrome_client_id();
   client_info.client_secret = gaia_urls->oauth2_chrome_client_secret();
 
   gaia_oauth_client_->RefreshToken(
-      client_info,
-      refresh_token_,
+      client_info, refresh_token_,
       std::vector<std::string>(1, GaiaConstants::kOAuthWrapBridgeUserInfoScope),
-      max_refresh_token_validation_retries_,
-      this);
+      max_refresh_token_validation_retries_, this);
 }
 
-void DeviceOAuth2TokenService::FlushPendingRequests(
-    bool token_is_valid,
-    GoogleServiceAuthError::State error) {
-  std::vector<PendingRequest*> requests;
-  requests.swap(pending_requests_);
-  for (std::vector<PendingRequest*>::iterator request(requests.begin());
-       request != requests.end();
-       ++request) {
-    scoped_ptr<PendingRequest> scoped_request(*request);
-    if (!scoped_request->request)
-      continue;
-
-    if (token_is_valid) {
-      OAuth2TokenService::FetchOAuth2Token(
-          scoped_request->request.get(),
-          scoped_request->request->GetAccountId(),
-          GetRequestContext(),
-          scoped_request->client_id,
-          scoped_request->client_secret,
-          scoped_request->scopes);
-    } else {
-      FailRequest(scoped_request->request.get(), error);
-    }
-  }
-}
-
-void DeviceOAuth2TokenService::FlushTokenSaveCallbacks(bool result) {
+void DeviceOAuth2TokenServiceDelegate::FlushTokenSaveCallbacks(bool result) {
   std::vector<StatusCallback> callbacks;
   callbacks.swap(token_save_callbacks_);
   for (std::vector<StatusCallback>::iterator callback(callbacks.begin());
-       callback != callbacks.end();
-       ++callback) {
+       callback != callbacks.end(); ++callback) {
     if (!callback->is_null())
       callback->Run(result);
   }
 }
 
-void DeviceOAuth2TokenService::FailRequest(
-    RequestImpl* request,
-    GoogleServiceAuthError::State error) {
-  GoogleServiceAuthError auth_error(error);
-  base::MessageLoop::current()->PostTask(FROM_HERE, base::Bind(
-      &RequestImpl::InformConsumer,
-      request->AsWeakPtr(),
-      auth_error,
-      std::string(),
-      base::Time()));
+void DeviceOAuth2TokenServiceDelegate::HasPendingRequests(bool has) {

[Mattias Nissler (ping if slow), 2015/07/01 12:34:13]

nit: This should be RequestValidation() and should just set
|validation_requested_| (which replaces |has_pending_requests_|) to true.
There's no good reason to ever switch back to false.

[gogerald1, 2015/07/01 17:58:42]

Done.

+  has_pending_requests_ = has;
 }
 
 }  // namespace chromeos