Support extension update dwnloads which require auth

chrome/browser/extensions/updater/extension_downloader.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/updater/extension_downloader.h"
 
 #include <utility>
 
 #include "base/bind.h"
 #include "base/command_line.h"
@@ skipping 60 matching lines @@
   -1,
 
   // Don't use initial delay unless the last request was an error.
   false,
 };
 
 const char kNotFromWebstoreInstallSource[] = "notfromwebstore";
 const char kDefaultInstallSource[] = "";
 
 #define RETRY_HISTOGRAM(name, retry_count, url) \
-    if ((url).DomainIs("google.com")) \
+    if ((url).DomainIs("google.com")) { \
       UMA_HISTOGRAM_CUSTOM_COUNTS( \
           "Extensions." name "RetryCountGoogleUrl", retry_count, 1, \
           kMaxRetries, kMaxRetries+1); \
-    else \
+    } else { \
       UMA_HISTOGRAM_CUSTOM_COUNTS( \
           "Extensions." name "RetryCountOtherUrl", retry_count, 1, \
-          kMaxRetries, kMaxRetries+1)
+          kMaxRetries, kMaxRetries+1); \
+    }
 
 bool ShouldRetryRequest(const net::URLRequestStatus& status,
                         int response_code) {
   // Retry if the response code is a server error, or the request failed because
   // of network errors as opposed to file errors.
   return (response_code >= 500 && status.is_success()) ||
          status.status() == net::URLRequestStatus::FAILED;
 }
 
 }  // namespace
 
 UpdateDetails::UpdateDetails(const std::string& id, const Version& version)
     : id(id), version(version) {}
 
 UpdateDetails::~UpdateDetails() {}
 
 ExtensionDownloader::ExtensionFetch::ExtensionFetch() : url() {}

[asargent_no_longer_on_chrome, 2014/01/31 18:22:26]

nit: make sure to initialize is_protected in this constructor too, or we could
get uninitialized memory reads (maybe you would have gotten a clang warning
about this, I'm not sure)

[Ken Rockot(use gerrit already), 2014/01/31 22:12:58]

Done.

 
 ExtensionDownloader::ExtensionFetch::ExtensionFetch(
     const std::string& id,
     const GURL& url,
     const std::string& package_hash,
     const std::string& version,
     const std::set<int>& request_ids)
     : id(id), url(url), package_hash(package_hash), version(version),
-      request_ids(request_ids) {}
+      request_ids(request_ids), is_protected(false) {}
 
 ExtensionDownloader::ExtensionFetch::~ExtensionFetch() {}
 
 ExtensionDownloader::ExtensionDownloader(
     ExtensionDownloaderDelegate* delegate,
     net::URLRequestContextGetter* request_context)
     : delegate_(delegate),
       request_context_(request_context),
       weak_ptr_factory_(this),
       manifests_queue_(&kDefaultBackoffPolicy,
@@ skipping 525 matching lines @@
     scoped_ptr<ExtensionFetch> fetch_data,
     const base::FilePath& crx_path,
     bool file_ownership_passed) {
   delegate_->OnExtensionDownloadFinished(fetch_data->id, crx_path,
       file_ownership_passed, fetch_data->url, fetch_data->version,
       ping_results_[fetch_data->id], fetch_data->request_ids);
   ping_results_.erase(fetch_data->id);
 }
 
 void ExtensionDownloader::CreateExtensionFetcher() {
+  const ExtensionFetch* fetch = extensions_queue_.active_request();
+  int load_flags = net::LOAD_DISABLE_CACHE;
+  if (!fetch->is_protected) {
+      load_flags |= net::LOAD_DO_NOT_SEND_COOKIES |
+                    net::LOAD_DO_NOT_SAVE_COOKIES;
+  }

[asargent_no_longer_on_chrome, 2014/01/31 18:22:26]

Perhaps we should also only send cookies on https urls? This would help avoid
exposing user credentials, eg on open wireless networks. (You should double
check with the webstore folks about this - if they need to do the eventually
download over plain http, maybe we could arrange to have some kind of
redirection where the valuable cookies are sent over https  which then generates
a redirect to a non-high-value origin over plain http url with some token
parameter which only provides access to download that crx file and nothing else,
perhaps for a limited time too). 

[Ken Rockot(use gerrit already), 2014/01/31 22:12:58]

Good catch. Done.

   extension_fetcher_.reset(net::URLFetcher::Create(
-      kExtensionFetcherId, extensions_queue_.active_request()->url,
-      net::URLFetcher::GET, this));
+      kExtensionFetcherId, fetch->url, net::URLFetcher::GET, this));
   extension_fetcher_->SetRequestContext(request_context_);
-  extension_fetcher_->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
-                                   net::LOAD_DO_NOT_SAVE_COOKIES |
-                                   net::LOAD_DISABLE_CACHE);
+  extension_fetcher_->SetLoadFlags(load_flags);
   extension_fetcher_->SetAutomaticallyRetryOnNetworkChanges(3);
   // Download CRX files to a temp file. The blacklist is small and will be
   // processed in memory, so it is fetched into a string.
-  if (extensions_queue_.active_request()->id != kBlacklistAppID) {
+  if (fetch->id != kBlacklistAppID) {
     extension_fetcher_->SaveResponseToTemporaryFile(
         BrowserThread::GetMessageLoopProxyForThread(BrowserThread::FILE));
   }
 
-  VLOG(2) << "Starting fetch of " << extensions_queue_.active_request()->url
-          << " for " << extensions_queue_.active_request()->id;
+  VLOG(2) << "Starting fetch of " << fetch->url << " for " << fetch->id;
 
   extension_fetcher_->Start();
 }
 
 void ExtensionDownloader::OnCRXFetchComplete(
     const net::URLFetcher* source,
     const GURL& url,
     const net::URLRequestStatus& status,
     int response_code,
     const base::TimeDelta& backoff_delay) {
   const std::string& id = extensions_queue_.active_request()->id;
   if (status.status() == net::URLRequestStatus::SUCCESS &&
       (response_code == 200 || url.SchemeIsFile())) {
     RETRY_HISTOGRAM("CrxFetchSuccess",
                     extensions_queue_.active_request_failure_count(), url);
     base::FilePath crx_path;
     // Take ownership of the file at |crx_path|.
     CHECK(source->GetResponseAsFilePath(true, &crx_path));
     scoped_ptr<ExtensionFetch> fetch_data =
         extensions_queue_.reset_active_request();
     if (extension_cache_) {
       const std::string& version = fetch_data->version;
       extension_cache_->PutExtension(id, crx_path, version,
           base::Bind(&ExtensionDownloader::NotifyDelegateDownloadFinished,
                      weak_ptr_factory_.GetWeakPtr(),
                      base::Passed(&fetch_data)));
     } else {
       NotifyDelegateDownloadFinished(fetch_data.Pass(), crx_path, true);
     }
+  } else if (status.status() == net::URLRequestStatus::SUCCESS &&
+             (response_code == 401 || response_code == 403) &&
+             !extensions_queue_.active_request()->is_protected) {
+    // On 401 or 403, requeue this fetch with cookies enabled.
+    extensions_queue_.active_request()->is_protected = true;
+    extensions_queue_.RetryRequest(backoff_delay);
   } else {
     const std::set<int>& request_ids =
         extensions_queue_.active_request()->request_ids;
     const ExtensionDownloaderDelegate::PingResult& ping = ping_results_[id];
 
     VLOG(1) << "Failed to fetch extension '" << url.possibly_invalid_spec()
             << "' response code:" << response_code;
     if (ShouldRetryRequest(status, response_code) &&
         extensions_queue_.active_request_failure_count() < kMaxRetries) {
       extensions_queue_.RetryRequest(backoff_delay);
@@ skipping 30 matching lines @@
 void ExtensionDownloader::NotifyUpdateFound(const std::string& id,
                                             const std::string& version) {
   UpdateDetails updateInfo(id, Version(version));
   content::NotificationService::current()->Notify(
       chrome::NOTIFICATION_EXTENSION_UPDATE_FOUND,
       content::NotificationService::AllBrowserContextsAndSources(),
       content::Details<UpdateDetails>(&updateInfo));
 }
 
 }  // namespace extensions