Identity API: Pop-up a sign-in dialog if gaia credentials are bad

chrome/browser/extensions/api/identity/identity_api.cc

Index: chrome/browser/extensions/api/identity/identity_api.cc
diff --git a/chrome/browser/extensions/api/identity/identity_api.cc b/chrome/browser/extensions/api/identity/identity_api.cc
index 72658a33fcf26119ac4088fe958bfa6e838e4acc..a2fac8d80304ad534badd7ea8c3193cf137a27f6 100644
--- a/chrome/browser/extensions/api/identity/identity_api.cc
+++ b/chrome/browser/extensions/api/identity/identity_api.cc
@@ -11,13 +11,11 @@
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/extensions/permissions_updater.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/signin/signin_manager.h"
+#include "chrome/browser/signin/signin_manager_factory.h"
 #include "chrome/browser/signin/token_service.h"
 #include "chrome/browser/signin/token_service_factory.h"
 #include "chrome/browser/ui/browser.h"
-#include "chrome/browser/ui/browser_navigator.h"
-#include "chrome/browser/ui/webui/signin/login_ui_service.h"
-#include "chrome/browser/ui/webui/signin/login_ui_service_factory.h"
-#include "chrome/browser/ui/webui/sync_promo/sync_promo_ui.h"
 #include "chrome/common/extensions/api/experimental_identity.h"
 #include "chrome/common/extensions/api/identity/oauth2_manifest_handler.h"
 #include "chrome/common/extensions/extension.h"
@@ -25,6 +23,7 @@
 #include "chrome/common/extensions/manifest_handler.h"
 #include "chrome/common/url_constants.h"
 #include "content/public/common/page_transition_types.h"
+#include "google_apis/gaia/gaia_constants.h"
 #include "googleurl/src/gurl.h"
 #include "ui/base/window_open_disposition.h"
 
@@ -45,7 +44,8 @@ namespace LaunchWebAuthFlow = api::experimental_identity::LaunchWebAuthFlow;
 namespace identity = api::experimental_identity;
 
 IdentityGetAuthTokenFunction::IdentityGetAuthTokenFunction()
-    : interactive_(false) {}
+    : interactive_(false),
+      should_retry_with_signin_(false) {}
 IdentityGetAuthTokenFunction::~IdentityGetAuthTokenFunction() {}
 
 bool IdentityGetAuthTokenFunction::RunImpl() {
@@ -68,24 +68,24 @@ bool IdentityGetAuthTokenFunction::RunImpl() {
   }
 
   // Balanced in OnIssueAdviceSuccess|OnMintTokenSuccess|OnMintTokenFailure|
-  // InstallUIAbort|OnLoginUIClosed.
+  // InstallUIAbort|SigninFailed.
   AddRef();
 
   if (!HasLoginToken()) {
-    if (StartLogin()) {
-      return true;
-    } else {
+    if (!interactive_) {
+      error_ = identity_constants::kUserNotSignedIn;
       Release();
       return false;
     }
-  }
-
-  if (StartFlow(OAuth2MintTokenFlow::MODE_MINT_TOKEN_NO_FORCE)) {
-    return true;
+    ShowLoginPopup();
   } else {
-    Release();
-    return false;
+    TokenService* token_service = TokenServiceFactory::GetForProfile(profile());
+    refresh_token_ = token_service->GetOAuth2LoginRefreshToken();
+    should_retry_with_signin_ = interactive_;
+    StartFlow(OAuth2MintTokenFlow::MODE_MINT_TOKEN_NO_FORCE);
   }
+
+  return true;
 }
 
 void IdentityGetAuthTokenFunction::OnMintTokenSuccess(
@@ -97,6 +97,23 @@ void IdentityGetAuthTokenFunction::OnMintTokenSuccess(
 
 void IdentityGetAuthTokenFunction::OnMintTokenFailure(
     const GoogleServiceAuthError& error) {
+  switch (error.state()) {
+    case GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS:
+    case GoogleServiceAuthError::ACCOUNT_DELETED:
+    case GoogleServiceAuthError::ACCOUNT_DISABLED:
+      extensions::IdentityAPI::GetFactoryInstance()->GetForProfile(
+          profile())->ReportAuthError(error);
+      if (should_retry_with_signin_) {
+        should_retry_with_signin_ = false;
+        ShowLoginPopup();
+        return;
+      }
+      break;
+    default:
+      // Return error to caller.
+      break;
+  }
+
   error_ = std::string(identity_constants::kAuthFailure) + error.ToString();
   SendResponse(false);
   Release();  // Balanced in RunImpl.
@@ -104,6 +121,7 @@ void IdentityGetAuthTokenFunction::OnMintTokenFailure(
 
 void IdentityGetAuthTokenFunction::OnIssueAdviceSuccess(
     const IssueAdviceInfo& issue_advice) {
+  should_retry_with_signin_ = false;
   // Existing grant was revoked and we used NO_FORCE, so we got info back
   // instead.
   if (interactive_) {
@@ -116,21 +134,22 @@ void IdentityGetAuthTokenFunction::OnIssueAdviceSuccess(
   }
 }
 
-void IdentityGetAuthTokenFunction::OnLoginUIClosed(
-    LoginUIService::LoginUI* ui) {
-  StopObservingLoginService();
-  if (!StartFlow(OAuth2MintTokenFlow::MODE_MINT_TOKEN_NO_FORCE)) {
-    SendResponse(false);
-    Release();
-  }
+void IdentityGetAuthTokenFunction::SigninSuccess(const std::string& token) {
+  refresh_token_ = token;
+  StartFlow(OAuth2MintTokenFlow::MODE_MINT_TOKEN_NO_FORCE);
+}
+
+void IdentityGetAuthTokenFunction::SigninFailed() {
+  error_ = identity_constants::kUserNotSignedIn;
+  SendResponse(false);
+  Release();
 }
 
 void IdentityGetAuthTokenFunction::InstallUIProceed() {
   DCHECK(install_ui_->record_oauth2_grant());
   // The user has accepted the scopes, so we may now force (recording a grant
   // and receiving a token).
-  bool success = StartFlow(OAuth2MintTokenFlow::MODE_MINT_TOKEN_FORCE);
-  DCHECK(success);
+  StartFlow(OAuth2MintTokenFlow::MODE_MINT_TOKEN_FORCE);
 }
 
 void IdentityGetAuthTokenFunction::InstallUIAbort(bool user_initiated) {
@@ -139,45 +158,15 @@ void IdentityGetAuthTokenFunction::InstallUIAbort(bool user_initiated) {
   Release();  // Balanced in RunImpl.
 }
 
-bool IdentityGetAuthTokenFunction::StartFlow(OAuth2MintTokenFlow::Mode mode) {
-  if (!HasLoginToken()) {
-    error_ = identity_constants::kUserNotSignedIn;
-    return false;
-  }
-
+void IdentityGetAuthTokenFunction::StartFlow(OAuth2MintTokenFlow::Mode mode) {
+  signin_flow_.reset(NULL);
   flow_.reset(CreateMintTokenFlow(mode));
   flow_->Start();
-  return true;
-}
-
-bool IdentityGetAuthTokenFunction::StartLogin() {
-  if (!interactive_) {
-    error_ = identity_constants::kUserNotSignedIn;
-    return false;
-  }
-
-  ShowLoginPopup();
-  return true;
-}
-
-void IdentityGetAuthTokenFunction::StartObservingLoginService() {
-  LoginUIService* login_ui_service =
-      LoginUIServiceFactory::GetForProfile(profile());
-  login_ui_service->AddObserver(this);
-}
-
-void IdentityGetAuthTokenFunction::StopObservingLoginService() {
-  LoginUIService* login_ui_service =
-      LoginUIServiceFactory::GetForProfile(profile());
-  login_ui_service->RemoveObserver(this);
 }
 
 void IdentityGetAuthTokenFunction::ShowLoginPopup() {
-  StartObservingLoginService();
-
-  LoginUIService* login_ui_service =
-      LoginUIServiceFactory::GetForProfile(profile());
-  login_ui_service->ShowLoginPopup();
+  signin_flow_.reset(new IdentitySigninFlow(this, profile()));
+  signin_flow_->Start();
 }
 
 void IdentityGetAuthTokenFunction::ShowOAuthApprovalDialog(
@@ -188,12 +177,11 @@ void IdentityGetAuthTokenFunction::ShowOAuthApprovalDialog(
 OAuth2MintTokenFlow* IdentityGetAuthTokenFunction::CreateMintTokenFlow(
     OAuth2MintTokenFlow::Mode mode) {
   const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(GetExtension());
-  TokenService* token_service = TokenServiceFactory::GetForProfile(profile());
   return new OAuth2MintTokenFlow(
       profile()->GetRequestContext(),
       this,
       OAuth2MintTokenFlow::Parameters(
-          token_service->GetOAuth2LoginRefreshToken(),
+          refresh_token_,
           GetExtension()->id(),
           oauth2_info.client_id,
           oauth2_info.scopes,
@@ -256,13 +244,39 @@ void IdentityLaunchWebAuthFlowFunction::OnAuthFlowFailure() {
   Release();  // Balanced in RunImpl.
 }
 
-IdentityAPI::IdentityAPI(Profile* profile) {
+IdentityAPI::IdentityAPI(Profile* profile)
+    : profile_(profile),
+      signin_manager_(NULL),
+      error_(GoogleServiceAuthError::NONE) {
   (new OAuth2ManifestHandler)->Register();
 }
 
 IdentityAPI::~IdentityAPI() {
 }
 
+void IdentityAPI::Initialize() {
+  signin_manager_ = SigninManagerFactory::GetForProfile(profile_);
+  signin_manager_->signin_global_error()->AddProvider(this);
+
+  TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
+  registrar_.Add(this,
+                 chrome::NOTIFICATION_TOKEN_AVAILABLE,
+                 content::Source<TokenService>(token_service));
+}
+
+void IdentityAPI::ReportAuthError(const GoogleServiceAuthError& error) {
+  if (!signin_manager_)
+    Initialize();
+
+  error_ = error;
+  signin_manager_->signin_global_error()->AuthStatusChanged();
+}
+
+void IdentityAPI::Shutdown() {
+  if (signin_manager_)
+    signin_manager_->signin_global_error()->RemoveProvider(this);
+}
+
 static base::LazyInstance<ProfileKeyedAPIFactory<IdentityAPI> >
     g_factory = LAZY_INSTANCE_INITIALIZER;
 
@@ -271,4 +285,31 @@ ProfileKeyedAPIFactory<IdentityAPI>* IdentityAPI::GetFactoryInstance() {
   return &g_factory.Get();
 }
 
+GoogleServiceAuthError IdentityAPI::GetAuthStatus() const {
+  return error_;
+}
+
+void IdentityAPI::Observe(int type,
+                            const content::NotificationSource& source,
+                            const content::NotificationDetails& details) {
+  if (type == chrome::NOTIFICATION_TOKEN_AVAILABLE) {
+    TokenService::TokenAvailableDetails* token_details =
+        content::Details<TokenService::TokenAvailableDetails>(details).ptr();

[Pete Williamson, 2013/03/27 18:03:55]

It seems odd that we aren't doing much with the token_details.   Why do we need
to observe both here and in IdentitySigninFlow?

[Michael Courage, 2013/03/27 18:40:11]

This class has an interest in the token independent of IdentitySigninFlow. In a
non-interactive getAuthToken call, the API call will return immediately, but the
error state persists until a token is added.

The flow is waiting for the TokenService to provide a token, so it makes sense
for that class to listen to the TokenService event directly rather than proxying
the event through IdentityAPI, which is acting as an error status service.

+    if (token_details->service() ==
+        GaiaConstants::kGaiaOAuth2LoginRefreshToken) {
+      error_ = GoogleServiceAuthError::AuthErrorNone();
+      signin_manager_->signin_global_error()->AuthStatusChanged();
+    }
+  } else {
+    NOTREACHED();
+  }
+}
+
+template <>
+void ProfileKeyedAPIFactory<IdentityAPI>::DeclareFactoryDependencies() {
+  DependsOn(ExtensionSystemFactory::GetInstance());
+  DependsOn(TokenServiceFactory::GetInstance());
+  DependsOn(SigninManagerFactory::GetInstance());
+}
+
 }  // namespace extensions