GAIA ID migration for Android

chrome/browser/signin/oauth2_token_service_delegate_android.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/oauth2_token_service_delegate_android.h"
 
 #include "base/android/jni_android.h"
 #include "base/android/jni_array.h"
 #include "base/android/jni_string.h"
 #include "base/bind.h"
@@ skipping 113 matching lines @@
       scope += " ";
     scope += *it;
   }
   return scope;
 }
 
 }  // namespace
 
 bool OAuth2TokenServiceDelegateAndroid::is_testing_profile_ = false;
 
-OAuth2TokenServiceDelegateAndroid::OAuth2TokenServiceDelegateAndroid() {
+OAuth2TokenServiceDelegateAndroid::OAuth2TokenServiceDelegateAndroid()
+    : account_tracker_service_(nullptr),
+      accounts_have_been_validated_(false),
+      should_fire_refresh_token_loaded_(false) {
   DVLOG(1) << "OAuth2TokenServiceDelegateAndroid::ctor";
   JNIEnv* env = AttachCurrentThread();
   base::android::ScopedJavaLocalRef<jobject> local_java_ref =
       Java_OAuth2TokenService_create(env, reinterpret_cast<intptr_t>(this));
   java_ref_.Reset(env, local_java_ref.obj());
 }
 
 OAuth2TokenServiceDelegateAndroid::~OAuth2TokenServiceDelegateAndroid() {
 }
 
@@ skipping 10 matching lines @@
       ->java_ref_.obj();
 }
 
 static jobject GetForProfile(JNIEnv* env,
                              jclass clazz,
                              jobject j_profile_android) {
   return OAuth2TokenServiceDelegateAndroid::GetForProfile(env, clazz,
                                                           j_profile_android);
 }
 
-void OAuth2TokenServiceDelegateAndroid::Initialize() {
+void OAuth2TokenServiceDelegateAndroid::Initialize(
+    AccountTrackerService* account_tracker_service) {
   DVLOG(1) << "OAuth2TokenServiceDelegateAndroid::Initialize";
+
+  account_tracker_service_ = account_tracker_service;
+  DCHECK(account_tracker_service_);
+  if (account_tracker_service_->GetMigrationState() ==
+      AccountTrackerService::MIGRATION_IN_PROGRESS) {
+    std::vector<std::string> accounts = GetAccounts();
+    std::vector<std::string> accounts_id;
+    for (std::vector<std::string>::iterator it = accounts.begin();
+         it != accounts.end(); ++it) {
+      AccountTrackerService::AccountInfo account_info =
+          account_tracker_service_->FindAccountInfoByEmail(*it);
+      if (account_info.gaia.empty())
+        accounts_id.push_back(*it);

[Roger Tawa OOO till Jul 10th, 2015/08/14 15:01:22]

If this is empty there is a bug.  I don't think it is correct to push the email
back into the list.  Should add a DCHECK.

Nit: add { and }

[gogerald1, 2015/08/18 01:14:27]

Done.

+      else
+        accounts_id.push_back(account_info.gaia);
+    }
+    JNIEnv* env = AttachCurrentThread();
+    ScopedJavaLocalRef<jobjectArray> java_accounts(
+        base::android::ToJavaArrayOfStrings(env, accounts_id));
+    Java_OAuth2TokenService_saveStoredAccounts(
+        env, base::android::GetApplicationContext(), java_accounts.obj());
+  }
+
   if (!is_testing_profile_) {
     Java_OAuth2TokenService_validateAccounts(
         AttachCurrentThread(), java_ref_.obj(),
         base::android::GetApplicationContext(), JNI_TRUE);
   }
 }
 
 bool OAuth2TokenServiceDelegateAndroid::RefreshTokenIsAvailable(
     const std::string& account_id) const {
+  std::string account_name = MapAccountIdToAccountName(account_id);
   JNIEnv* env = AttachCurrentThread();
   ScopedJavaLocalRef<jstring> j_account_id =
-      ConvertUTF8ToJavaString(env, account_id);
+      ConvertUTF8ToJavaString(env, account_name);
   jboolean refresh_token_is_available =
       Java_OAuth2TokenService_hasOAuth2RefreshToken(
           env, base::android::GetApplicationContext(), j_account_id.obj());
   return refresh_token_is_available == JNI_TRUE;
 }
 
 void OAuth2TokenServiceDelegateAndroid::UpdateAuthError(
     const std::string& account_id,
     const GoogleServiceAuthError& error) {
   // TODO(rogerta): do we need to update anything, or does the system handle it?
 }
 
 std::vector<std::string> OAuth2TokenServiceDelegateAndroid::GetAccounts() {
   std::vector<std::string> accounts;
   JNIEnv* env = AttachCurrentThread();
   ScopedJavaLocalRef<jobjectArray> j_accounts =
       Java_OAuth2TokenService_getAccounts(
           env, base::android::GetApplicationContext());
   // TODO(fgorski): We may decide to filter out some of the accounts.
   base::android::AppendJavaStringArrayToStringVector(env, j_accounts.obj(),
                                                      &accounts);
   return accounts;
 }
 
 std::vector<std::string>
-OAuth2TokenServiceDelegateAndroid::GetSystemAccounts() {
-  std::vector<std::string> accounts;
+OAuth2TokenServiceDelegateAndroid::GetSystemAccountNames() {
+  std::vector<std::string> account_names;
   JNIEnv* env = AttachCurrentThread();
   ScopedJavaLocalRef<jobjectArray> j_accounts =
-      Java_OAuth2TokenService_getSystemAccounts(
+      Java_OAuth2TokenService_getSystemAccountNames(
           env, base::android::GetApplicationContext());
   base::android::AppendJavaStringArrayToStringVector(env, j_accounts.obj(),
-                                                     &accounts);
-  return accounts;
+                                                     &account_names);
+  return account_names;
 }
 
 OAuth2AccessTokenFetcher*
 OAuth2TokenServiceDelegateAndroid::CreateAccessTokenFetcher(
     const std::string& account_id,
     net::URLRequestContextGetter* getter,
     OAuth2AccessTokenConsumer* consumer) {
-  ValidateAccountId(account_id);
-  return new AndroidAccessTokenFetcher(consumer, account_id);
+  std::string account_name = MapAccountIdToAccountName(account_id);
+  ValidateAccountId(account_name);

[Roger Tawa OOO till Jul 10th, 2015/08/14 15:01:22]

There is no need to map the account_id to a username for validation.  Please use
the account_id directly.  Same for other calls to ValidateAccountId() below.

[gogerald1, 2015/08/18 01:14:27]

Done.

+  return new AndroidAccessTokenFetcher(consumer, account_name);
 }
 
 void OAuth2TokenServiceDelegateAndroid::InvalidateAccessToken(
     const std::string& account_id,
     const std::string& client_id,
     const OAuth2TokenService::ScopeSet& scopes,
     const std::string& access_token) {
-  ValidateAccountId(account_id);
+  ValidateAccountId(MapAccountIdToAccountName(account_id));
   JNIEnv* env = AttachCurrentThread();
   ScopedJavaLocalRef<jstring> j_access_token =
       ConvertUTF8ToJavaString(env, access_token);
   Java_OAuth2TokenService_invalidateOAuth2AuthToken(
       env, base::android::GetApplicationContext(), j_access_token.obj());
 }
 
 void OAuth2TokenServiceDelegateAndroid::ValidateAccounts(
     JNIEnv* env,
     jobject obj,
     jstring j_current_acc,
     jboolean j_force_notifications) {
   std::string signed_in_account;
   DVLOG(1) << "OAuth2TokenServiceDelegateAndroid::ValidateAccounts from java";
   if (j_current_acc)
     signed_in_account = ConvertJavaStringToUTF8(env, j_current_acc);
   if (!signed_in_account.empty())
     signed_in_account = gaia::CanonicalizeEmail(signed_in_account);
-  ValidateAccounts(signed_in_account, j_force_notifications != JNI_FALSE);
+  ValidateAccounts(MapAccountNameToAccountId(signed_in_account),
+                   j_force_notifications != JNI_FALSE);
 }
 
 void OAuth2TokenServiceDelegateAndroid::ValidateAccounts(
     const std::string& signed_in_account,
     bool force_notifications) {
   std::vector<std::string> prev_ids = GetAccounts();
-  std::vector<std::string> curr_ids = GetSystemAccounts();
+  std::vector<std::string> curr_ids = GetSystemAccountNames();
   std::vector<std::string> refreshed_ids;
   std::vector<std::string> revoked_ids;
 
-  // Canonicalize system accounts.  |prev_ids| is already done.
   for (size_t i = 0; i < curr_ids.size(); ++i)
-    curr_ids[i] = gaia::CanonicalizeEmail(curr_ids[i]);
+    curr_ids[i] = MapAccountNameToAccountId(curr_ids[i]);
+
   for (size_t i = 0; i < prev_ids.size(); ++i)
     ValidateAccountId(prev_ids[i]);
 
   DVLOG(1) << "OAuth2TokenServiceDelegateAndroid::ValidateAccounts:"
            << " sigined_in_account=" << signed_in_account
            << " prev_ids=" << prev_ids.size() << " curr_ids=" << curr_ids.size()
            << " force=" << (force_notifications ? "true" : "false");
 
   if (!ValidateAccounts(signed_in_account, prev_ids, curr_ids, refreshed_ids,
                         revoked_ids, force_notifications)) {
@@ skipping 10 matching lines @@
 
   for (std::vector<std::string>::iterator it = refreshed_ids.begin();
        it != refreshed_ids.end(); it++) {
     FireRefreshTokenAvailable(*it);
   }
 
   for (std::vector<std::string>::iterator it = revoked_ids.begin();
        it != revoked_ids.end(); it++) {
     FireRefreshTokenRevoked(*it);
   }
+
+  accounts_have_been_validated_ = true;
+  lock_.Acquire();
+  if (should_fire_refresh_token_loaded_) {
+    should_fire_refresh_token_loaded_ = false;
+    FireRefreshTokensLoaded();
+  }
+  lock_.Release();

[Roger Tawa OOO till Jul 10th, 2015/08/14 15:01:22]

There is no need for a lock.  All places that touch
should_fire_refresh_token_loaded_ are called from ui thread.  You can add a
DCHECK for that too.

(Note that you should never fire callbacks while holding a lock, this can cause
deadlocks.)

[gogerald1, 2015/08/18 01:14:27]

Done.

 }
 
 bool OAuth2TokenServiceDelegateAndroid::ValidateAccounts(
     const std::string& signed_in_account,
     const std::vector<std::string>& prev_account_ids,
     const std::vector<std::string>& curr_account_ids,
     std::vector<std::string>& refreshed_ids,
     std::vector<std::string>& revoked_ids,
     bool force_notifications) {
   if (std::find(curr_account_ids.begin(), curr_account_ids.end(),
@@ skipping 123 matching lines @@
 
   // Clear everything on the Java side as well.
   std::vector<std::string> empty;
   JNIEnv* env = AttachCurrentThread();
   ScopedJavaLocalRef<jobjectArray> java_accounts(
       base::android::ToJavaArrayOfStrings(env, empty));
   Java_OAuth2TokenService_saveStoredAccounts(
       env, base::android::GetApplicationContext(), java_accounts.obj());
 }
 
+void OAuth2TokenServiceDelegateAndroid::LoadCredentials(
+    const std::string& primary_account_id) {
+  lock_.Acquire();
+  if (accounts_have_been_validated_)
+    FireRefreshTokensLoaded();
+  else
+    should_fire_refresh_token_loaded_ = true;

[Roger Tawa OOO till Jul 10th, 2015/08/14 15:01:22]

Why do you need two bools?  I think accounts_have_been_validated_ should be
enough.

[gogerald1, 2015/08/18 01:14:27]

The reason is that we don't want fire refresh token loaded multiple times as on
desktop platform, however validation may not finish yet when LoadCredentials()
is called, so we need to tell validation to fire refresh token loaded. Change to
use one variable with more status.

+  lock_.Release();
+}
+
+std::string OAuth2TokenServiceDelegateAndroid::MapAccountIdToAccountName(
+    const std::string& account_id) const {
+  if (account_tracker_service_->GetMigrationState() !=
+      AccountTrackerService::MIGRATION_NOT_STARTED) {
+    return account_tracker_service_->GetAccountInfo(account_id).email;
+  }
+  return account_id;

[Roger Tawa OOO till Jul 10th, 2015/08/14 15:01:22]

You don't need the if, it should work in any state.  You can add a DCHECK that
.email is not empty.

[gogerald1, 2015/08/18 01:14:27]

Acknowledged. Always over worried about the efficiency :). 

+}
+
+std::string OAuth2TokenServiceDelegateAndroid::MapAccountNameToAccountId(
+    const std::string& account_name) const {
+  if (account_tracker_service_->GetMigrationState() !=
+      AccountTrackerService::MIGRATION_NOT_STARTED) {
+    return account_tracker_service_->FindAccountInfoByEmail(account_name)
+        .account_id;
+  }
+
+  return account_name;

[Roger Tawa OOO till Jul 10th, 2015/08/14 15:01:22]

You don't need the if, it should work in any state.  You can add a DCHECK that
.account_id is not empty.

[gogerald1, 2015/08/18 01:14:26]

Done.

+}
+
 // Called from Java when fetching of an OAuth2 token is finished. The
 // |authToken| param is only valid when |result| is true.
 void OAuth2TokenFetched(JNIEnv* env,
                         jclass clazz,
                         jstring authToken,
                         jlong nativeCallback) {
   std::string token;
   if (authToken)
     token = ConvertJavaStringToUTF8(env, authToken);
   scoped_ptr<FetchOAuth2TokenCallback> heap_callback(
       reinterpret_cast<FetchOAuth2TokenCallback*>(nativeCallback));
   // Android does not provide enough information to know if the credentials are
   // wrong, so assume any error is transient by using CONNECTION_FAILED.
   GoogleServiceAuthError err(authToken
                                  ? GoogleServiceAuthError::NONE
                                  : GoogleServiceAuthError::CONNECTION_FAILED);
   heap_callback->Run(err, token, base::Time());
 }
 
 // static
 bool OAuth2TokenServiceDelegateAndroid::Register(JNIEnv* env) {
   return RegisterNativesImpl(env);
 }