| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "remoting/host/oauth_token_getter.h" |
| 6 |
| 7 #include "base/bind.h" |
| 8 #include "base/callback.h" |
| 9 #include "base/strings/string_util.h" |
| 10 #include "google_apis/google_api_keys.h" |
| 11 #include "net/url_request/url_request_context_getter.h" |
| 12 #include "remoting/base/logging.h" |
| 13 |
| 14 namespace remoting { |
| 15 |
| 16 namespace { |
| 17 |
| 18 // Maximum number of retries on network/500 errors. |
| 19 const int kMaxRetries = 3; |
| 20 |
| 21 // Time when we we try to update OAuth token before its expiration. |
| 22 const int kTokenUpdateTimeBeforeExpirySeconds = 60; |
| 23 |
| 24 } // namespace |
| 25 |
| 26 OAuthTokenGetter::OAuthCredentials::OAuthCredentials( |
| 27 const std::string& login, |
| 28 const std::string& refresh_token, |
| 29 bool is_service_account) |
| 30 : login(login), |
| 31 refresh_token(refresh_token), |
| 32 is_service_account(is_service_account) { |
| 33 } |
| 34 |
| 35 OAuthTokenGetter::OAuthTokenGetter( |
| 36 scoped_ptr<OAuthCredentials> oauth_credentials, |
| 37 scoped_refptr<net::URLRequestContextGetter> url_request_context_getter) |
| 38 : oauth_credentials_(oauth_credentials.Pass()), |
| 39 gaia_oauth_client_( |
| 40 new gaia::GaiaOAuthClient(url_request_context_getter)), |
| 41 url_request_context_getter_(url_request_context_getter), |
| 42 refreshing_oauth_token_(false) { |
| 43 } |
| 44 |
| 45 OAuthTokenGetter::~OAuthTokenGetter() {} |
| 46 |
| 47 void OAuthTokenGetter::OnGetTokensResponse(const std::string& user_email, |
| 48 const std::string& access_token, |
| 49 int expires_seconds) { |
| 50 NOTREACHED(); |
| 51 } |
| 52 |
| 53 void OAuthTokenGetter::OnRefreshTokenResponse( |
| 54 const std::string& access_token, |
| 55 int expires_seconds) { |
| 56 DCHECK(CalledOnValidThread()); |
| 57 DCHECK(oauth_credentials_.get()); |
| 58 HOST_LOG << "Received OAuth token."; |
| 59 |
| 60 oauth_access_token_ = access_token; |
| 61 auth_token_expiry_time_ = base::Time::Now() + |
| 62 base::TimeDelta::FromSeconds(expires_seconds) - |
| 63 base::TimeDelta::FromSeconds(kTokenUpdateTimeBeforeExpirySeconds); |
| 64 |
| 65 gaia_oauth_client_->GetUserEmail(access_token, kMaxRetries, this); |
| 66 } |
| 67 |
| 68 void OAuthTokenGetter::OnGetUserEmailResponse(const std::string& user_email) { |
| 69 DCHECK(CalledOnValidThread()); |
| 70 DCHECK(oauth_credentials_.get()); |
| 71 HOST_LOG << "Received user info."; |
| 72 |
| 73 if (user_email != oauth_credentials_->login) { |
| 74 LOG(ERROR) << "OAuth token and email address do not refer to " |
| 75 "the same account."; |
| 76 OnOAuthError(); |
| 77 return; |
| 78 } |
| 79 |
| 80 refreshing_oauth_token_ = false; |
| 81 |
| 82 // Now that we've refreshed the token and verified that it's for the correct |
| 83 // user account, try to connect using the new token. |
| 84 NotifyCallbacks(OAuthTokenGetter::SUCCESS, user_email, oauth_access_token_); |
| 85 } |
| 86 |
| 87 void OAuthTokenGetter::NotifyCallbacks(Status status, |
| 88 const std::string& user_email, |
| 89 const std::string& access_token) { |
| 90 std::queue<TokenCallback> callbacks(pending_callbacks_); |
| 91 pending_callbacks_ = std::queue<TokenCallback>(); |
| 92 |
| 93 while (!callbacks.empty()) { |
| 94 callbacks.front().Run(status, user_email, access_token); |
| 95 callbacks.pop(); |
| 96 } |
| 97 } |
| 98 |
| 99 void OAuthTokenGetter::OnOAuthError() { |
| 100 DCHECK(CalledOnValidThread()); |
| 101 LOG(ERROR) << "OAuth: invalid credentials."; |
| 102 refreshing_oauth_token_ = false; |
| 103 NotifyCallbacks(OAuthTokenGetter::AUTH_ERROR, std::string(), std::string()); |
| 104 } |
| 105 |
| 106 void OAuthTokenGetter::OnNetworkError(int response_code) { |
| 107 DCHECK(CalledOnValidThread()); |
| 108 LOG(ERROR) << "Network error when trying to update OAuth token: " |
| 109 << response_code; |
| 110 refreshing_oauth_token_ = false; |
| 111 NotifyCallbacks( |
| 112 OAuthTokenGetter::NETWORK_ERROR, std::string(), std::string()); |
| 113 } |
| 114 |
| 115 void OAuthTokenGetter::CallWithToken(const TokenCallback& on_access_token) { |
| 116 DCHECK(CalledOnValidThread()); |
| 117 bool need_new_auth_token = oauth_credentials_.get() && |
| 118 (auth_token_expiry_time_.is_null() || |
| 119 base::Time::Now() >= auth_token_expiry_time_); |
| 120 if (need_new_auth_token) { |
| 121 pending_callbacks_.push(on_access_token); |
| 122 if (!refreshing_oauth_token_) |
| 123 RefreshOAuthToken(); |
| 124 } else { |
| 125 on_access_token.Run( |
| 126 SUCCESS, oauth_credentials_->login, oauth_access_token_); |
| 127 } |
| 128 } |
| 129 |
| 130 void OAuthTokenGetter::RefreshOAuthToken() { |
| 131 DCHECK(CalledOnValidThread()); |
| 132 HOST_LOG << "Refreshing OAuth token."; |
| 133 DCHECK(!refreshing_oauth_token_); |
| 134 |
| 135 // Service accounts use different API keys, as they use the client app flow. |
| 136 google_apis::OAuth2Client oauth2_client = |
| 137 oauth_credentials_->is_service_account ? |
| 138 google_apis::CLIENT_REMOTING_HOST : google_apis::CLIENT_REMOTING; |
| 139 |
| 140 gaia::OAuthClientInfo client_info = { |
| 141 google_apis::GetOAuth2ClientID(oauth2_client), |
| 142 google_apis::GetOAuth2ClientSecret(oauth2_client), |
| 143 // Redirect URL is only used when getting tokens from auth code. It |
| 144 // is not required when getting access tokens. |
| 145 "" |
| 146 }; |
| 147 |
| 148 refreshing_oauth_token_ = true; |
| 149 std::vector<std::string> empty_scope_list; // Use scope from refresh token. |
| 150 gaia_oauth_client_->RefreshToken( |
| 151 client_info, oauth_credentials_->refresh_token, empty_scope_list, |
| 152 kMaxRetries, this); |
| 153 } |
| 154 |
| 155 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 141063009:
Separate access token caching logic from signaling connector. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src