Chromium Code Reviews Chromium Code Reviews
Issue 11649055:
OAuth2 sign-in flow for ChromeOS (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/chromeos/login/oauth_login_manager.h" | |
| 6 | |
| 7 #include "base/metrics/histogram.h" | |
| 8 #include "chrome/browser/browser_process.h" | |
| 9 #include "chrome/browser/chromeos/login/user_manager.h" | |
| 10 #include "chrome/browser/profiles/profile.h" | |
| 11 #include "chrome/browser/signin/token_service.h" | |
| 12 #include "chrome/browser/signin/token_service_factory.h" | |
| 13 #include "chrome/common/chrome_notification_types.h" | |
| 14 #include "content/public/browser/notification_observer.h" | |
| 15 #include "content/public/browser/notification_service.h" | |
| 16 #include "google_apis/gaia/gaia_auth_fetcher.h" | |
| 17 #include "google_apis/gaia/gaia_constants.h" | |
| 18 | |
| 19 using content::BrowserThread; | |
| 20 | |
| 21 namespace { | |
| 22 | |
| 23 // OAuth token verification max retry count. | |
| 24 const int kMaxCookieRecoveryAttemptCount = 5; | |
| 25 // OAuth token verification retry delay in milliseconds. | |
| 26 const int kCookieRecoveryRestartDelay = 10000; | |
| 27 | |
| 28 } // namespace | |
| 29 | |
| 30 | |
| 31 namespace chromeos { | |
| 32 | |
| 33 OAuthLoginManager::OAuthLoginManager(Delegate* delegate, | |
| 34 Profile* user_profile, | |
| 35 Profile* auth_profile, | |
| 36 bool has_web_auth_cookies) | |
| 37 : delegate_(delegate), | |
| 38 user_profile_(user_profile), | |
| 39 auth_profile_(auth_profile), | |
| 40 has_web_auth_cookies_(has_web_auth_cookies), | |
| 41 loading_reported_(false), | |
| 42 restore_attempt_count_(0) { | |
| 43 } | |
| 44 | |
| 45 | |
| 46 void OAuthLoginManager::RestoreOAuth2Tokens() { | |
| 47 if (has_web_auth_cookies_) { | |
| 48 FetchOAuth2Tokens(); | |
| 49 return; | |
| 50 } | |
| 51 LoadAndVerifyOAuth2Tokens(); | |
| 52 } | |
| 53 | |
| 54 TokenService* OAuthLoginManager::SetupTokenService() { | |
|
xiyuan
2013/01/08 17:41:43
Could SetupTokenService be called multiple times d
zel
2013/01/11 02:42:59
Done.
| |
| 55 TokenService* token_service = | |
| 56 TokenServiceFactory::GetForProfile(user_profile_); | |
| 57 registrar_.Add(this, | |
| 58 chrome::NOTIFICATION_TOKEN_LOADING_FINISHED, | |
| 59 content::Source<TokenService>(token_service)); | |
| 60 registrar_.Add(this, | |
| 61 chrome::NOTIFICATION_TOKEN_AVAILABLE, | |
| 62 content::Source<TokenService>(token_service)); | |
| 63 registrar_.Add(this, | |
| 64 chrome::NOTIFICATION_TOKEN_REQUEST_FAILED, | |
| 65 content::Source<TokenService>(token_service)); | |
| 66 return token_service; | |
| 67 } | |
| 68 | |
| 69 void OAuthLoginManager::LoadAndVerifyOAuth2Tokens() { | |
| 70 // If we have no cookies, try to load saved OAuth2 token from TokenService. | |
| 71 TokenService* token_service = SetupTokenService(); | |
| 72 token_service->Initialize(GaiaConstants::kChromeSource, user_profile_); | |
| 73 token_service->LoadTokensFromDB(); | |
| 74 } | |
| 75 | |
| 76 void OAuthLoginManager::FetchOAuth2Tokens() { | |
| 77 // If we have authenticated cookie jar, get OAuth1 token first, then fetch | |
| 78 // SID/LSID cookies through OAuthLogin call. | |
| 79 oauth2_token_fetcher_.reset(new OAuth2TokenFetcher(this, auth_profile_)); | |
| 80 oauth2_token_fetcher_->Start(); | |
| 81 } | |
| 82 | |
| 83 void OAuthLoginManager::OnOAuth2TokenAvailable( | |
| 84 const GaiaAuthConsumer::ClientLoginResult& gaia_credentials, | |
| 85 const GaiaAuthConsumer::ClientOAuthResult& oauth2_tokens) { | |
| 86 TokenService* token_service = SetupTokenService(); | |
| 87 token_service->UpdateCredentialsWithOAuth2(oauth2_tokens); | |
| 88 token_service->UpdateCredentials(gaia_credentials); | |
| 89 delegate_->OnCompletedAuthentication(user_profile_); | |
| 90 } | |
| 91 | |
| 92 void OAuthLoginManager::OnOAuth2TokenFetchFailed() { | |
| 93 UserManager::Get()->SaveUserOAuthStatus( | |
| 94 UserManager::Get()->GetLoggedInUser()->email(), | |
| 95 User::OAUTH2_TOKEN_STATUS_INVALID); | |
| 96 } | |
| 97 | |
| 98 void OAuthLoginManager::Observe( | |
| 99 int type, | |
| 100 const content::NotificationSource& source, | |
| 101 const content::NotificationDetails& details) OVERRIDE { | |
| 102 TokenService* token_service = | |
| 103 TokenServiceFactory::GetForProfile(user_profile_); | |
| 104 switch (type) { | |
| 105 case chrome::NOTIFICATION_TOKEN_LOADING_FINISHED: { | |
| 106 refresh_token_ = token_service->GetOAuth2LoginRefreshToken(); | |
| 107 ReportTokenLoaded(); | |
| 108 // Have we started restoring GAIA auth cookies yet? | |
| 109 if (!refresh_token_.empty() && !login_verifier_.get()) | |
| 110 RestoreSessionCookies(); | |
| 111 | |
| 112 break; | |
| 113 } | |
| 114 case chrome::NOTIFICATION_TOKEN_REQUEST_FAILED: { | |
| 115 // TODO(zelidrag): Figure out how to recover from transient errors with | |
| 116 // TokenService class - similar to what we do in RetryOnError() here. | |
| 117 TokenService::TokenAvailableDetails* token_details = | |
| 118 content::Details<TokenService::TokenAvailableDetails>( | |
| 119 details).ptr(); | |
| 120 if (token_details->service() == | |
| 121 GaiaConstants::kGaiaOAuth2LoginRefreshToken) { | |
| 122 UserManager::Get()->SaveUserOAuthStatus( | |
| 123 UserManager::Get()->GetLoggedInUser()->email(), | |
| 124 User::OAUTH2_TOKEN_STATUS_INVALID); | |
| 125 } | |
| 126 break; | |
| 127 } | |
| 128 case chrome::NOTIFICATION_TOKEN_AVAILABLE: { | |
| 129 TokenService::TokenAvailableDetails* token_details = | |
| 130 content::Details<TokenService::TokenAvailableDetails>( | |
| 131 details).ptr(); | |
| 132 if (token_details->service() == | |
| 133 GaiaConstants::kGaiaOAuth2LoginRefreshToken) { | |
| 134 DCHECK(!login_verifier_.get()); | |
| 135 refresh_token_ = token_details->token(); | |
| 136 RestoreSessionCookies(); | |
| 137 } | |
| 138 | |
| 139 break; | |
| 140 } | |
| 141 default: | |
| 142 NOTREACHED(); | |
| 143 break; | |
| 144 } | |
| 145 } | |
| 146 | |
| 147 void OAuthLoginManager::RestoreSessionCookies() { | |
| 148 VLOG(1) << "Fetched refresh token!"; | |
| 149 DCHECK(!refresh_token_.empty()); | |
| 150 if (!login_verifier_.get()) { | |
| 151 login_verifier_.reset( | |
| 152 new OAuth2LoginVerifier(this, | |
| 153 g_browser_process->system_request_context(), | |
| 154 user_profile_)); | |
| 155 } | |
| 156 login_verifier_->VerifyRefreshToken(refresh_token_); | |
| 157 } | |
| 158 | |
| 159 void OAuthLoginManager::OnOAuth2LoginVerifierSuccess(const std::string& sid, | |
| 160 const std::string& lsid, | |
| 161 const std::string& auth) { | |
| 162 UserManager::Get()->SaveUserOAuthStatus( | |
| 163 UserManager::Get()->GetLoggedInUser()->email(), | |
| 164 User::OAUTH2_TOKEN_STATUS_VALID); | |
| 165 } | |
| 166 | |
| 167 void OAuthLoginManager::OnOAuth2LoginVerifierFaulure() { | |
| 168 UserManager::Get()->SaveUserOAuthStatus( | |
| 169 UserManager::Get()->GetLoggedInUser()->email(), | |
| 170 User::OAUTH2_TOKEN_STATUS_INVALID); | |
| 171 } | |
| 172 | |
| 173 void OAuthLoginManager::ReportTokenLoaded() { | |
| 174 VLOG(1) << "Got OAuth2 refresh token!"; | |
| 175 DCHECK(!loading_reported_); | |
| 176 loading_reported_ = true; | |
| 177 if (refresh_token_.empty()) { | |
| 178 UserManager::Get()->SaveUserOAuthStatus( | |
| 179 UserManager::Get()->GetLoggedInUser()->email(), | |
| 180 User::OAUTH2_TOKEN_STATUS_INVALID); | |
| 181 } | |
| 182 } | |
| 183 | |
| 184 } // namespace chromeos | |
| OLD | NEW |
