OAuth2 sign-in flow for ChromeOS

chrome/browser/chromeos/login/oauth_login_manager.h

Index: chrome/browser/chromeos/login/oauth_login_manager.h
diff --git a/chrome/browser/chromeos/login/oauth_login_manager.h b/chrome/browser/chromeos/login/oauth_login_manager.h
new file mode 100644
index 0000000000000000000000000000000000000000..b06cdca5619d153cc58aee7f53318cf67b9fd354
--- /dev/null
+++ b/chrome/browser/chromeos/login/oauth_login_manager.h
@@ -0,0 +1,216 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_OAUTH_LOGIN_MANAGER_H_
+#define CHROME_BROWSER_CHROMEOS_LOGIN_OAUTH_LOGIN_MANAGER_H_
+
+#include <string>
+
+#include "base/memory/ref_counted.h"
+#include "base/memory/scoped_ptr.h"
+#include "chrome/browser/chromeos/cros/cert_library.h"
+#include "chrome/browser/chromeos/cros/cros_library.h"
+#include "chrome/browser/chromeos/login/oauth1_login_verifier.h"
+#include "chrome/browser/chromeos/login/oauth1_token_fetcher.h"
+#include "chrome/browser/chromeos/login/oauth2_login_verifier.h"
+#include "chrome/browser/chromeos/login/oauth2_policy_fetcher.h"
+#include "chrome/browser/chromeos/login/oauth2_token_fetcher.h"
+#include "chrome/browser/chromeos/login/policy_oauth_fetcher.h"
+#include "content/public/browser/notification_observer.h"
+#include "content/public/browser/notification_registrar.h"
+#include "net/url_request/url_request_context_getter.h"
+
+class GoogleServiceAuthError;
+class Profile;
+class TokenService;
+
+namespace chromeos {
+
+// This class is responsible for restoring authenticated web sessions out of
+// OAuth tokens or vice versa.
+class OAuthLoginManager {
+ public:
+  enum SessionRestoreState {
+    // Session restore is not started.
+    SESSION_RESTORE_NOT_STARTED,
+    // Session restore is in progress. We are currently issuing calls to verify
+    // stored OAuth tokens and populate cookie jar with GAIA credentials.
+    SESSION_RESTORE_IN_PROGRESS,
+    // Session restore is completed.
+    SESSION_RESTORE_DONE,
+  };
+
+  class Delegate {
+   public:
+    virtual ~Delegate() {}
+    // Raised when cookie jar authentication is successfully completed.

[Nikita (slow), 2013/01/11 22:57:39]

nit: Makes sense to add empty line before comments as we usually do in codebase
to improve readability.

This applies to whole CL.

[zel, 2013/01/12 02:07:37]

Done.

+    virtual void OnCompletedAuthentication(Profile* user_profile) = 0;
+    // Raised when stored OAuth(1|2) tokens are found and authentication
+    // profile is no longer needed.
+    virtual void OnFoundStoredTokens() = 0;
+    // Raised when policy tokens are retrieved.
+    virtual void OnRestoredPolicyTokens() {}
+  };
+
+  // Factory method.
+  static OAuthLoginManager* Create(OAuthLoginManager::Delegate* delegate);
+
+  explicit OAuthLoginManager(OAuthLoginManager::Delegate* delegate);
+  virtual ~OAuthLoginManager() {}
+  // Starts the process of retrieving policy tokens.
+  virtual void RestorePolicyTokens(
+      net::URLRequestContextGetter* auth_request_context) = 0;
+  // Restores and verifies OAuth tokens either from TokenService or previously
+  // authenticated cookie jar.
+  virtual void RestoreSession(
+      Profile* user_profile,
+      net::URLRequestContextGetter* auth_request_context,
+      bool restore_from_auth_cookies) = 0;
+  // Continues session restore after transient network errors.
+  virtual void ContinueSessionRestore() = 0;
+  // Stops all background authentication requests.
+  virtual void Stop() = 0;
+
+  // Returns session restore state.
+  SessionRestoreState state() { return state_; }
+
+ protected:
+  // Signals delegate that authentication is completed, kicks off token fetching
+  // process in TokenService.
+  void CompleteAuthentication();
+
+  OAuthLoginManager::Delegate* delegate_;
+  Profile* user_profile_;
+  scoped_refptr<net::URLRequestContextGetter> auth_request_context_;
+  bool restore_from_auth_cookies_;
+  SessionRestoreState state_;
+
+  DISALLOW_COPY_AND_ASSIGN(OAuthLoginManager);
+};
+
+// OAuth2 specialization of OAuthLoginManager.
+class OAuth2LoginManager : public OAuthLoginManager,

[Nikita (slow), 2013/01/11 22:57:39]

nit: What do you think about splitting OAuth2LoginManager / OAuth1LoginManager 
into a separate file?

[zel, 2013/01/12 02:07:37]

Done.

+                           public content::NotificationObserver,
+                           public OAuth2LoginVerifier::Delegate,
+                           public OAuth2TokenFetcher::Delegate {
+ public:
+  explicit OAuth2LoginManager(OAuthLoginManager::Delegate* delegate);
+
+  // OAuthLoginManager overrides.
+  virtual void RestorePolicyTokens(
+      net::URLRequestContextGetter* auth_request_context) OVERRIDE;
+  virtual void RestoreSession(
+      Profile* user_profile,
+      net::URLRequestContextGetter* auth_request_context,
+      bool restore_from_auth_cookies) OVERRIDE;
+  virtual void ContinueSessionRestore() OVERRIDE;
+  virtual void Stop() OVERRIDE;
+
+ private:
+  // content::NotificationObserver overrides.
+  void Observe(int type,
+               const content::NotificationSource& source,
+               const content::NotificationDetails& details) OVERRIDE;
+
+  // OAuth2LoginVerifier::Delegate overrides.
+  virtual void OnOAuth2LoginVerifierSuccess(const std::string& sid,
+                                            const std::string& lsid,
+                                            const std::string& auth) OVERRIDE;
+  virtual void OnOAuth2LoginVerifierFailure() OVERRIDE;
+
+  // OAuth2TokenFetcher::Delegate overrides.
+  virtual void OnOAuth2TokenAvailable(
+      const GaiaAuthConsumer::ClientOAuthResult& oauth2_tokens) OVERRIDE;
+  virtual void OnOAuth2TokenFetchFailed() OVERRIDE;
+
+  // Retrieves TokenService for |user_profile_| and sets up notification
+  // observer events.
+  TokenService* SetupTokenService();
+  // Removes legacy tokens form OAuth1 flow.
+  void RemoveLegacyTokens();
+  // Loads previously stored OAuth2 tokens and kicks off its validation.
+  void LoadAndVerifyOAuth2Tokens();
+  // Attempts to fetch OAuth2 tokens by using pre-authenticated cookie jar from
+  // provided |auth_profile|.
+  void FetchOAuth2Tokens();
+  // Reports when all tokens are loaded.
+  void ReportOAuth2TokensLoaded();
+  // Issue GAIA cookie recovery (MergeSession) from |refresh_token_|.
+  void RestoreSessionCookies();
+  // Fetches device policy OAuth2 access tokens if have not attempted or
+  // failed that step previously.
+  void FetchPolicyTokens();
+  // Checks GAIA error and figures out whether the request should be
+  // re-attempted.
+  bool RetryOnError(const GoogleServiceAuthError& error);
+
+  // Keeps the track if we have already reported OAuth2 token being loaded
+  // by TokenService.
+  bool loading_reported_;
+  content::NotificationRegistrar registrar_;
+  scoped_ptr<OAuth2TokenFetcher> oauth2_token_fetcher_;
+  scoped_ptr<OAuth2LoginVerifier> login_verifier_;
+  scoped_ptr<OAuth2PolicyFetcher> oauth2_policy_fetcher_;
+  std::string refresh_token_;
+
+  DISALLOW_COPY_AND_ASSIGN(OAuth2LoginManager);
+};
+
+
+// OAuth1 specialization of OAuthLoginManager.
+// TODO(zelidrag): Get rid of this one once we move everything to OAuth2.
+class OAuth1LoginManager : public OAuthLoginManager,
+                           public OAuth1TokenFetcher::Delegate,
+                           public OAuth1LoginVerifier::Delegate {
+ public:
+  explicit OAuth1LoginManager(OAuthLoginManager::Delegate* delegate);
+
+  // OAuthLoginManager overrides.
+  virtual void RestorePolicyTokens(
+      net::URLRequestContextGetter* auth_request_context) OVERRIDE;
+  virtual void RestoreSession(
+      Profile* user_profile,
+      net::URLRequestContextGetter* auth_request_context,
+      bool restore_from_auth_cookies) OVERRIDE;
+  virtual void ContinueSessionRestore() OVERRIDE;
+  virtual void Stop() OVERRIDE;
+
+ private:
+  // OAuth1TokenFetcher::Delegate overrides.
+  void OnOAuth1AccessTokenAvailable(const std::string& token,
+                                    const std::string& secret) OVERRIDE;
+  void OnOAuth1AccessTokenFetchFailed() OVERRIDE;
+
+  // OAuth1LoginVerifier::Delegate overrides.
+  virtual void OnOAuth1VerificationSucceeded(const std::string& user_name,
+                                             const std::string& sid,
+                                             const std::string& lsid,
+                                             const std::string& auth) OVERRIDE;
+  virtual void OnOAuth1VerificationFailed(
+      const std::string& user_name) OVERRIDE;
+
+  // Reads OAuth1 token from user profile's prefs.
+  bool ReadOAuth1Tokens();
+  // Stores OAuth1 token + secret in profile's prefs.
+  void StoreOAuth1Tokens();
+  // Fetch user credentials (sid/lsid) from |oauth1_token_| and
+  // |oauth1_secret_|.
+  void FetchCredentialsWithOAuth1();
+  // Verifies OAuth1 token by performing OAuthLogin and fetching credentials.
+  void VerifyOAuth1AccessToken();
+  // Starts fetching device policy tokens.
+  void FetchPolicyTokens();
+
+  scoped_ptr<OAuth1TokenFetcher> oauth1_token_fetcher_;
+  scoped_ptr<OAuth1LoginVerifier> oauth1_login_verifier_;
+  scoped_ptr<PolicyOAuthFetcher> policy_oauth_fetcher_;
+  std::string oauth1_token_;
+  std::string oauth1_secret_;
+
+  DISALLOW_COPY_AND_ASSIGN(OAuth1LoginManager);
+};
+
+}  // namespace chromeos
+
+#endif  // CHROME_BROWSER_CHROMEOS_LOGIN_OAUTH_LOGIN_MANAGER_H_