Chromium Code Reviews Chromium Code Reviews
Issue 11649055:
OAuth2 sign-in flow for ChromeOS (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_OAUTH_LOGIN_MANAGER_H_ | |
| 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_OAUTH_LOGIN_MANAGER_H_ | |
| 7 | |
| 8 #include <string> | |
| 9 | |
| 10 #include "base/memory/ref_counted.h" | |
| 11 #include "base/memory/scoped_ptr.h" | |
| 12 #include "chrome/browser/chromeos/cros/cert_library.h" | |
| 13 #include "chrome/browser/chromeos/cros/cros_library.h" | |
| 14 #include "chrome/browser/chromeos/login/oauth1_login_verifier.h" | |
| 15 #include "chrome/browser/chromeos/login/oauth1_token_fetcher.h" | |
| 16 #include "chrome/browser/chromeos/login/oauth2_login_verifier.h" | |
| 17 #include "chrome/browser/chromeos/login/oauth2_policy_fetcher.h" | |
| 18 #include "chrome/browser/chromeos/login/oauth2_token_fetcher.h" | |
| 19 #include "chrome/browser/chromeos/login/policy_oauth_fetcher.h" | |
| 20 #include "content/public/browser/notification_observer.h" | |
| 21 #include "content/public/browser/notification_registrar.h" | |
| 22 #include "net/url_request/url_request_context_getter.h" | |
| 23 | |
| 24 class GoogleServiceAuthError; | |
| 25 class Profile; | |
| 26 class TokenService; | |
| 27 | |
| 28 namespace chromeos { | |
| 29 | |
| 30 // This class is responsible for restoring authenticated web sessions out of | |
| 31 // OAuth tokens or vice versa. | |
| 32 class OAuthLoginManager { | |
| 33 public: | |
| 34 enum SessionRestoreState { | |
| 35 // Session restore is not started. | |
| 36 SESSION_RESTORE_NOT_STARTED, | |
| 37 // Session restore is in progress. We are currently issuing calls to verify | |
| 38 // stored OAuth tokens and populate cookie jar with GAIA credentials. | |
| 39 SESSION_RESTORE_IN_PROGRESS, | |
| 40 // Session restore is completed. | |
| 41 SESSION_RESTORE_DONE, | |
| 42 }; | |
| 43 | |
| 44 class Delegate { | |
| 45 public: | |
| 46 virtual ~Delegate() {} | |
| 47 // Raised when cookie jar authentication is successfully completed. | |
|
Nikita (slow)
2013/01/11 22:57:39
nit: Makes sense to add empty line before comments
zel
2013/01/12 02:07:37
Done.
| |
| 48 virtual void OnCompletedAuthentication(Profile* user_profile) = 0; | |
| 49 // Raised when stored OAuth(1|2) tokens are found and authentication | |
| 50 // profile is no longer needed. | |
| 51 virtual void OnFoundStoredTokens() = 0; | |
| 52 // Raised when policy tokens are retrieved. | |
| 53 virtual void OnRestoredPolicyTokens() {} | |
| 54 }; | |
| 55 | |
| 56 // Factory method. | |
| 57 static OAuthLoginManager* Create(OAuthLoginManager::Delegate* delegate); | |
| 58 | |
| 59 explicit OAuthLoginManager(OAuthLoginManager::Delegate* delegate); | |
| 60 virtual ~OAuthLoginManager() {} | |
| 61 // Starts the process of retrieving policy tokens. | |
| 62 virtual void RestorePolicyTokens( | |
| 63 net::URLRequestContextGetter* auth_request_context) = 0; | |
| 64 // Restores and verifies OAuth tokens either from TokenService or previously | |
| 65 // authenticated cookie jar. | |
| 66 virtual void RestoreSession( | |
| 67 Profile* user_profile, | |
| 68 net::URLRequestContextGetter* auth_request_context, | |
| 69 bool restore_from_auth_cookies) = 0; | |
| 70 // Continues session restore after transient network errors. | |
| 71 virtual void ContinueSessionRestore() = 0; | |
| 72 // Stops all background authentication requests. | |
| 73 virtual void Stop() = 0; | |
| 74 | |
| 75 // Returns session restore state. | |
| 76 SessionRestoreState state() { return state_; } | |
| 77 | |
| 78 protected: | |
| 79 // Signals delegate that authentication is completed, kicks off token fetching | |
| 80 // process in TokenService. | |
| 81 void CompleteAuthentication(); | |
| 82 | |
| 83 OAuthLoginManager::Delegate* delegate_; | |
| 84 Profile* user_profile_; | |
| 85 scoped_refptr<net::URLRequestContextGetter> auth_request_context_; | |
| 86 bool restore_from_auth_cookies_; | |
| 87 SessionRestoreState state_; | |
| 88 | |
| 89 DISALLOW_COPY_AND_ASSIGN(OAuthLoginManager); | |
| 90 }; | |
| 91 | |
| 92 // OAuth2 specialization of OAuthLoginManager. | |
| 93 class OAuth2LoginManager : public OAuthLoginManager, | |
|
Nikita (slow)
2013/01/11 22:57:39
nit: What do you think about splitting OAuth2Login
zel
2013/01/12 02:07:37
Done.
| |
| 94 public content::NotificationObserver, | |
| 95 public OAuth2LoginVerifier::Delegate, | |
| 96 public OAuth2TokenFetcher::Delegate { | |
| 97 public: | |
| 98 explicit OAuth2LoginManager(OAuthLoginManager::Delegate* delegate); | |
| 99 | |
| 100 // OAuthLoginManager overrides. | |
| 101 virtual void RestorePolicyTokens( | |
| 102 net::URLRequestContextGetter* auth_request_context) OVERRIDE; | |
| 103 virtual void RestoreSession( | |
| 104 Profile* user_profile, | |
| 105 net::URLRequestContextGetter* auth_request_context, | |
| 106 bool restore_from_auth_cookies) OVERRIDE; | |
| 107 virtual void ContinueSessionRestore() OVERRIDE; | |
| 108 virtual void Stop() OVERRIDE; | |
| 109 | |
| 110 private: | |
| 111 // content::NotificationObserver overrides. | |
| 112 void Observe(int type, | |
| 113 const content::NotificationSource& source, | |
| 114 const content::NotificationDetails& details) OVERRIDE; | |
| 115 | |
| 116 // OAuth2LoginVerifier::Delegate overrides. | |
| 117 virtual void OnOAuth2LoginVerifierSuccess(const std::string& sid, | |
| 118 const std::string& lsid, | |
| 119 const std::string& auth) OVERRIDE; | |
| 120 virtual void OnOAuth2LoginVerifierFailure() OVERRIDE; | |
| 121 | |
| 122 // OAuth2TokenFetcher::Delegate overrides. | |
| 123 virtual void OnOAuth2TokenAvailable( | |
| 124 const GaiaAuthConsumer::ClientOAuthResult& oauth2_tokens) OVERRIDE; | |
| 125 virtual void OnOAuth2TokenFetchFailed() OVERRIDE; | |
| 126 | |
| 127 // Retrieves TokenService for |user_profile_| and sets up notification | |
| 128 // observer events. | |
| 129 TokenService* SetupTokenService(); | |
| 130 // Removes legacy tokens form OAuth1 flow. | |
| 131 void RemoveLegacyTokens(); | |
| 132 // Loads previously stored OAuth2 tokens and kicks off its validation. | |
| 133 void LoadAndVerifyOAuth2Tokens(); | |
| 134 // Attempts to fetch OAuth2 tokens by using pre-authenticated cookie jar from | |
| 135 // provided |auth_profile|. | |
| 136 void FetchOAuth2Tokens(); | |
| 137 // Reports when all tokens are loaded. | |
| 138 void ReportOAuth2TokensLoaded(); | |
| 139 // Issue GAIA cookie recovery (MergeSession) from |refresh_token_|. | |
| 140 void RestoreSessionCookies(); | |
| 141 // Fetches device policy OAuth2 access tokens if have not attempted or | |
| 142 // failed that step previously. | |
| 143 void FetchPolicyTokens(); | |
| 144 // Checks GAIA error and figures out whether the request should be | |
| 145 // re-attempted. | |
| 146 bool RetryOnError(const GoogleServiceAuthError& error); | |
| 147 | |
| 148 // Keeps the track if we have already reported OAuth2 token being loaded | |
| 149 // by TokenService. | |
| 150 bool loading_reported_; | |
| 151 content::NotificationRegistrar registrar_; | |
| 152 scoped_ptr<OAuth2TokenFetcher> oauth2_token_fetcher_; | |
| 153 scoped_ptr<OAuth2LoginVerifier> login_verifier_; | |
| 154 scoped_ptr<OAuth2PolicyFetcher> oauth2_policy_fetcher_; | |
| 155 std::string refresh_token_; | |
| 156 | |
| 157 DISALLOW_COPY_AND_ASSIGN(OAuth2LoginManager); | |
| 158 }; | |
| 159 | |
| 160 | |
| 161 // OAuth1 specialization of OAuthLoginManager. | |
| 162 // TODO(zelidrag): Get rid of this one once we move everything to OAuth2. | |
| 163 class OAuth1LoginManager : public OAuthLoginManager, | |
| 164 public OAuth1TokenFetcher::Delegate, | |
| 165 public OAuth1LoginVerifier::Delegate { | |
| 166 public: | |
| 167 explicit OAuth1LoginManager(OAuthLoginManager::Delegate* delegate); | |
| 168 | |
| 169 // OAuthLoginManager overrides. | |
| 170 virtual void RestorePolicyTokens( | |
| 171 net::URLRequestContextGetter* auth_request_context) OVERRIDE; | |
| 172 virtual void RestoreSession( | |
| 173 Profile* user_profile, | |
| 174 net::URLRequestContextGetter* auth_request_context, | |
| 175 bool restore_from_auth_cookies) OVERRIDE; | |
| 176 virtual void ContinueSessionRestore() OVERRIDE; | |
| 177 virtual void Stop() OVERRIDE; | |
| 178 | |
| 179 private: | |
| 180 // OAuth1TokenFetcher::Delegate overrides. | |
| 181 void OnOAuth1AccessTokenAvailable(const std::string& token, | |
| 182 const std::string& secret) OVERRIDE; | |
| 183 void OnOAuth1AccessTokenFetchFailed() OVERRIDE; | |
| 184 | |
| 185 // OAuth1LoginVerifier::Delegate overrides. | |
| 186 virtual void OnOAuth1VerificationSucceeded(const std::string& user_name, | |
| 187 const std::string& sid, | |
| 188 const std::string& lsid, | |
| 189 const std::string& auth) OVERRIDE; | |
| 190 virtual void OnOAuth1VerificationFailed( | |
| 191 const std::string& user_name) OVERRIDE; | |
| 192 | |
| 193 // Reads OAuth1 token from user profile's prefs. | |
| 194 bool ReadOAuth1Tokens(); | |
| 195 // Stores OAuth1 token + secret in profile's prefs. | |
| 196 void StoreOAuth1Tokens(); | |
| 197 // Fetch user credentials (sid/lsid) from |oauth1_token_| and | |
| 198 // |oauth1_secret_|. | |
| 199 void FetchCredentialsWithOAuth1(); | |
| 200 // Verifies OAuth1 token by performing OAuthLogin and fetching credentials. | |
| 201 void VerifyOAuth1AccessToken(); | |
| 202 // Starts fetching device policy tokens. | |
| 203 void FetchPolicyTokens(); | |
| 204 | |
| 205 scoped_ptr<OAuth1TokenFetcher> oauth1_token_fetcher_; | |
| 206 scoped_ptr<OAuth1LoginVerifier> oauth1_login_verifier_; | |
| 207 scoped_ptr<PolicyOAuthFetcher> policy_oauth_fetcher_; | |
| 208 std::string oauth1_token_; | |
| 209 std::string oauth1_secret_; | |
| 210 | |
| 211 DISALLOW_COPY_AND_ASSIGN(OAuth1LoginManager); | |
| 212 }; | |
| 213 | |
| 214 } // namespace chromeos | |
| 215 | |
| 216 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_OAUTH_LOGIN_MANAGER_H_ | |
| OLD | NEW |
