Chromium Code Reviews Chromium Code Reviews
Issue 1143323005:
Refactor AO2TS to make it easier to componentize. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_DELEGATE_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ | 6 #define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_DELEGATE_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
| 12 #include "base/callback.h" | 12 #include "base/callback.h" |
| 13 #include "base/gtest_prod_util.h" | 13 #include "base/gtest_prod_util.h" |
| 14 #include "base/memory/scoped_ptr.h" | 14 #include "base/memory/scoped_ptr.h" |
| 15 #include "base/memory/weak_ptr.h" | 15 #include "base/memory/weak_ptr.h" |
| 16 #include "base/stl_util.h" | 16 #include "base/stl_util.h" |
| 17 #include "base/time/time.h" | |
| 18 #include "chrome/browser/chromeos/settings/cros_settings.h" | 17 #include "chrome/browser/chromeos/settings/cros_settings.h" |
| 19 #include "google_apis/gaia/gaia_oauth_client.h" | 18 #include "google_apis/gaia/gaia_oauth_client.h" |
| 20 #include "google_apis/gaia/oauth2_token_service.h" | 19 #include "google_apis/gaia/oauth2_token_service_delegate.h" |
| 21 #include "net/url_request/url_request_context_getter.h" | 20 #include "net/url_request/url_request_context_getter.h" |
| 22 | 21 |
| 23 namespace gaia { | 22 namespace gaia { |
| 24 class GaiaOAuthClient; | 23 class GaiaOAuthClient; |
| 25 } | 24 } |
| 26 | 25 |
| 27 namespace net { | 26 namespace net { |
| 28 class URLRequestContextGetter; | 27 class URLRequestContextGetter; |
| 29 } | 28 } |
| 30 | 29 |
| 31 class PrefRegistrySimple; | |
| 32 class PrefService; | 30 class PrefService; |
| 33 | 31 |
| 34 namespace chromeos { | 32 namespace chromeos { |
| 35 | 33 |
| 36 // DeviceOAuth2TokenService retrieves OAuth2 access tokens for a given | 34 class DeviceOAuth2TokenServiceDelegate |
| 37 // set of scopes using the device-level OAuth2 any-api refresh token | 35 : public OAuth2TokenServiceDelegate, |
| 38 // obtained during enterprise device enrollment. | 36 public gaia::GaiaOAuthClient::Delegate { |
| 39 // | |
| 40 // See |OAuth2TokenService| for usage details. | |
| 41 // | |
| 42 // When using DeviceOAuth2TokenService, a value of |GetRobotAccountId| should | |
| 43 // be used in places where API expects |account_id|. | |
| 44 // | |
| 45 // Note that requests must be made from the UI thread. | |
| 46 class DeviceOAuth2TokenService : public OAuth2TokenService, | |
| 47 public gaia::GaiaOAuthClient::Delegate { | |
| 48 public: | 37 public: |
| 38 DeviceOAuth2TokenServiceDelegate(net::URLRequestContextGetter* getter, | |
| 39 PrefService* local_state); | |
| 40 ~DeviceOAuth2TokenServiceDelegate() override; | |
| 41 | |
| 49 typedef base::Callback<void(bool)> StatusCallback; | 42 typedef base::Callback<void(bool)> StatusCallback; |
| 50 | |
| 51 // Persist the given refresh token on the device. Overwrites any previous | 43 // Persist the given refresh token on the device. Overwrites any previous |
| 52 // value. Should only be called during initial device setup. Signals | 44 // value. Should only be called during initial device setup. Signals |
| 53 // completion via the given callback, passing true if the operation succeeded. | 45 // completion via the given callback, passing true if the operation succeeded. |
| 54 void SetAndSaveRefreshToken(const std::string& refresh_token, | 46 void SetAndSaveRefreshToken(const std::string& refresh_token, |
| 55 const StatusCallback& callback); | 47 const StatusCallback& callback); |
|
Mattias Nissler (ping if slow)
2015/07/01 12:34:13
nit: blank line before comment
gogerald1
2015/07/01 17:58:42
Done.
| |
| 48 // Pull the robot account ID from device policy. | |
| 49 std::string GetRobotAccountId() const; | |
| 56 | 50 |
| 57 static void RegisterPrefs(PrefRegistrySimple* registry); | 51 // Implementation of OAuth2TokenServiceDelegate. |
| 58 | |
| 59 // Implementation of OAuth2TokenService. | |
| 60 bool RefreshTokenIsAvailable(const std::string& account_id) const override; | 52 bool RefreshTokenIsAvailable(const std::string& account_id) const override; |
| 61 | 53 |
| 62 // Pull the robot account ID from device policy. | 54 net::URLRequestContextGetter* GetRequestContext() const override; |
| 63 virtual std::string GetRobotAccountId() const; | 55 |
| 56 OAuth2AccessTokenFetcher* CreateAccessTokenFetcher( | |
| 57 const std::string& account_id, | |
| 58 net::URLRequestContextGetter* getter, | |
| 59 OAuth2AccessTokenConsumer* consumer) override; | |
| 64 | 60 |
| 65 // gaia::GaiaOAuthClient::Delegate implementation. | 61 // gaia::GaiaOAuthClient::Delegate implementation. |
| 66 void OnRefreshTokenResponse(const std::string& access_token, | 62 void OnRefreshTokenResponse(const std::string& access_token, |
| 67 int expires_in_seconds) override; | 63 int expires_in_seconds) override; |
| 68 void OnGetTokenInfoResponse( | 64 void OnGetTokenInfoResponse( |
| 69 scoped_ptr<base::DictionaryValue> token_info) override; | 65 scoped_ptr<base::DictionaryValue> token_info) override; |
| 70 void OnOAuthError() override; | 66 void OnOAuthError() override; |
| 71 void OnNetworkError(int response_code) override; | 67 void OnNetworkError(int response_code) override; |
| 72 | 68 |
| 73 protected: | 69 private: |
| 74 // Implementation of OAuth2TokenService. | 70 friend class DeviceOAuth2TokenService; |
| 75 net::URLRequestContextGetter* GetRequestContext() override; | 71 friend class DeviceOAuth2TokenServiceTest; |
| 76 void FetchOAuth2Token(RequestImpl* request, | |
| 77 const std::string& account_id, | |
| 78 net::URLRequestContextGetter* getter, | |
| 79 const std::string& client_id, | |
| 80 const std::string& client_secret, | |
| 81 const ScopeSet& scopes) override; | |
| 82 OAuth2AccessTokenFetcher* CreateAccessTokenFetcher( | |
| 83 const std::string& account_id, | |
| 84 net::URLRequestContextGetter* getter, | |
| 85 OAuth2AccessTokenConsumer* consumer) override; | |
| 86 | 72 |
| 87 private: | 73 class ServiceErrorStatusObserver { |
|
Mattias Nissler (ping if slow)
2015/07/01 12:34:14
This should be renamed to ValidationStatusDelegate
gogerald1
2015/07/01 17:58:42
Done.
| |
| 88 struct PendingRequest; | 74 public: |
| 89 friend class DeviceOAuth2TokenServiceFactory; | 75 virtual void OnServiceError(GoogleServiceAuthError::State error) {} |
|
Mattias Nissler (ping if slow)
2015/07/01 12:34:14
And this to OnValidationCompleted
gogerald1
2015/07/01 17:58:42
Done.
| |
| 90 friend class DeviceOAuth2TokenServiceTest; | 76 }; |
| 91 | 77 |
| 92 // Describes the operational state of this object. | 78 // Describes the operational state of this object. |
| 93 enum State { | 79 enum State { |
| 94 // Pending system salt / refresh token load. | 80 // Pending system salt / refresh token load. |
| 95 STATE_LOADING, | 81 STATE_LOADING, |
| 96 // No token available. | 82 // No token available. |
| 97 STATE_NO_TOKEN, | 83 STATE_NO_TOKEN, |
| 98 // System salt loaded, validation not started yet. | 84 // System salt loaded, validation not started yet. |
| 99 STATE_VALIDATION_PENDING, | 85 STATE_VALIDATION_PENDING, |
| 100 // Refresh token validation underway. | 86 // Refresh token validation underway. |
| 101 STATE_VALIDATION_STARTED, | 87 STATE_VALIDATION_STARTED, |
| 102 // Token validation failed. | 88 // Token validation failed. |
| 103 STATE_TOKEN_INVALID, | 89 STATE_TOKEN_INVALID, |
| 104 // Refresh token is valid. | 90 // Refresh token is valid. |
| 105 STATE_TOKEN_VALID, | 91 STATE_TOKEN_VALID, |
| 106 }; | 92 }; |
| 107 | 93 |
| 108 // Invoked by CrosSettings when the robot account ID becomes available. | 94 // Invoked by CrosSettings when the robot account ID becomes available. |
| 109 void OnServiceAccountIdentityChanged(); | 95 void OnServiceAccountIdentityChanged(); |
| 110 | 96 |
| 111 // Use DeviceOAuth2TokenServiceFactory to get an instance of this class. | |
| 112 // Ownership of |token_encryptor| will be taken. | |
| 113 explicit DeviceOAuth2TokenService(net::URLRequestContextGetter* getter, | |
| 114 PrefService* local_state); | |
| 115 ~DeviceOAuth2TokenService() override; | |
| 116 | |
| 117 // Returns the refresh token for account_id. | 97 // Returns the refresh token for account_id. |
| 118 std::string GetRefreshToken(const std::string& account_id) const; | 98 std::string GetRefreshToken(const std::string& account_id) const; |
| 119 | 99 |
| 120 // Handles completion of the system salt input. | 100 // Handles completion of the system salt input. |
| 121 void DidGetSystemSalt(const std::string& system_salt); | 101 void DidGetSystemSalt(const std::string& system_salt); |
| 122 | 102 |
| 123 // Checks whether |gaia_robot_id| matches the expected account ID indicated in | 103 // Checks whether |gaia_robot_id| matches the expected account ID indicated in |
| 124 // device settings. | 104 // device settings. |
| 125 void CheckRobotAccountId(const std::string& gaia_robot_id); | 105 void CheckRobotAccountId(const std::string& gaia_robot_id); |
| 126 | 106 |
| 127 // Encrypts and saves the refresh token. Should only be called when the system | 107 // Encrypts and saves the refresh token. Should only be called when the system |
| 128 // salt is available. | 108 // salt is available. |
| 129 void EncryptAndSaveToken(); | 109 void EncryptAndSaveToken(); |
| 130 | 110 |
| 131 // Starts the token validation flow, i.e. token info fetch. | 111 // Starts the token validation flow, i.e. token info fetch. |
| 132 void StartValidation(); | 112 void StartValidation(); |
| 133 | 113 |
| 134 // Flushes |pending_requests_|, indicating the specified result. | |
| 135 void FlushPendingRequests(bool token_is_valid, | |
| 136 GoogleServiceAuthError::State error); | |
| 137 | |
| 138 // Flushes |token_save_callbacks_|, indicating the specified result. | 114 // Flushes |token_save_callbacks_|, indicating the specified result. |
| 139 void FlushTokenSaveCallbacks(bool result); | 115 void FlushTokenSaveCallbacks(bool result); |
| 140 | 116 |
| 141 // Signals failure on the specified request, passing |error| as the reason. | 117 void HasPendingRequests(bool has); |
| 142 void FailRequest(RequestImpl* request, GoogleServiceAuthError::State error); | |
| 143 | 118 |
| 144 // Dependencies. | 119 // Dependencies. |
| 145 scoped_refptr<net::URLRequestContextGetter> url_request_context_getter_; | 120 scoped_refptr<net::URLRequestContextGetter> url_request_context_getter_; |
| 146 PrefService* local_state_; | 121 PrefService* local_state_; |
| 147 | 122 |
| 148 // Current operational state. | 123 // Current operational state. |
| 149 State state_; | 124 State state_; |
| 150 | 125 |
| 151 // Token save callbacks waiting to be completed. | 126 // Token save callbacks waiting to be completed. |
| 152 std::vector<StatusCallback> token_save_callbacks_; | 127 std::vector<StatusCallback> token_save_callbacks_; |
| 153 | 128 |
| 154 // Currently open requests that are waiting while loading the system salt or | |
| 155 // validating the token. | |
| 156 std::vector<PendingRequest*> pending_requests_; | |
| 157 | |
| 158 // The system salt for encrypting and decrypting the refresh token. | 129 // The system salt for encrypting and decrypting the refresh token. |
| 159 std::string system_salt_; | 130 std::string system_salt_; |
| 160 | 131 |
| 161 int max_refresh_token_validation_retries_; | 132 int max_refresh_token_validation_retries_; |
| 162 | 133 |
| 134 // Flag to indicate whether there are pending requests. | |
| 135 bool has_pending_requests_; | |
| 136 | |
| 137 // Service error status observer | |
| 138 ServiceErrorStatusObserver* service_error_status_observer_; | |
| 139 | |
| 163 // Cache the decrypted refresh token, so we only decrypt once. | 140 // Cache the decrypted refresh token, so we only decrypt once. |
| 164 std::string refresh_token_; | 141 std::string refresh_token_; |
| 165 | 142 |
| 166 scoped_ptr<gaia::GaiaOAuthClient> gaia_oauth_client_; | 143 scoped_ptr<gaia::GaiaOAuthClient> gaia_oauth_client_; |
| 167 | 144 |
| 168 scoped_ptr<CrosSettings::ObserverSubscription> | 145 scoped_ptr<CrosSettings::ObserverSubscription> |
| 169 service_account_identity_subscription_; | 146 service_account_identity_subscription_; |
| 170 | 147 |
| 171 base::WeakPtrFactory<DeviceOAuth2TokenService> weak_ptr_factory_; | 148 base::WeakPtrFactory<DeviceOAuth2TokenServiceDelegate> weak_ptr_factory_; |
| 172 | 149 |
| 173 DISALLOW_COPY_AND_ASSIGN(DeviceOAuth2TokenService); | 150 DISALLOW_COPY_AND_ASSIGN(DeviceOAuth2TokenServiceDelegate); |
| 174 }; | 151 }; |
| 175 | 152 |
| 176 } // namespace chromeos | 153 } // namespace chromeos |
| 177 | 154 |
| 178 #endif // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ | 155 #endif // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_DELEGATE _H_ |
| OLD | NEW |
