Identity API: web-based scope approval dialogs for getAuthToken

chrome/browser/extensions/api/identity/identity_api.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/api/identity/identity_api.h"
 
 #include <set>
 #include <string>
 #include <vector>
 
 #include "base/lazy_instance.h"
 #include "base/stringprintf.h"
+#include "base/strings/string_number_conversions.h"
 #include "base/values.h"
 #include "chrome/browser/app_mode/app_mode_utils.h"
 #include "chrome/browser/extensions/extension_function_dispatcher.h"
 #include "chrome/browser/extensions/extension_install_prompt.h"
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/extensions/permissions_updater.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
 #include "chrome/browser/signin/token_service.h"
@@ skipping 194 matching lines @@
         StartMintTokenFlow(IdentityMintRequestQueue::MINT_TYPE_INTERACTIVE);
         break;
     }
   } else {
     DCHECK(type == IdentityMintRequestQueue::MINT_TYPE_INTERACTIVE);
 
     if (cache_status == IdentityTokenCacheValue::CACHE_STATUS_TOKEN) {
       CompleteMintTokenFlow();
       CompleteFunctionWithResult(cache_entry.token());
     } else {
-      install_ui_.reset(new ExtensionInstallPrompt(GetAssociatedWebContents()));
       ShowOAuthApprovalDialog(issue_advice_);
     }
   }
 }
 
 void IdentityGetAuthTokenFunction::OnMintTokenSuccess(
     const std::string& access_token, int time_to_live) {
   const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(GetExtension());
   IdentityTokenCacheValue token(access_token,
                                 base::TimeDelta::FromSeconds(time_to_live));
@@ skipping 46 matching lines @@
 
 void IdentityGetAuthTokenFunction::SigninSuccess(const std::string& token) {
   refresh_token_ = token;
   StartMintTokenFlow(IdentityMintRequestQueue::MINT_TYPE_NONINTERACTIVE);
 }
 
 void IdentityGetAuthTokenFunction::SigninFailed() {
   CompleteFunctionWithError(identity_constants::kUserNotSignedIn);
 }
 
-void IdentityGetAuthTokenFunction::InstallUIProceed() {
-  // The user has accepted the scopes, so we may now force (recording a grant
-  // and receiving a token).
-  StartGaiaRequest(OAuth2MintTokenFlow::MODE_MINT_TOKEN_FORCE);
+void IdentityGetAuthTokenFunction::OnGaiaFlowFailure(
+    GaiaWebAuthFlow::Failure failure,
+    GoogleServiceAuthError service_error) {
+  CompleteMintTokenFlow();
+  std::string error;
+
+  switch (failure) {
+    case GaiaWebAuthFlow::WINDOW_CLOSED:
+      error = identity_constants::kUserRejected;
+      break;
+
+    case GaiaWebAuthFlow::INVALID_REDIRECT:
+      error = identity_constants::kInvalidRedirect;
+      break;
+
+    case GaiaWebAuthFlow::SERVICE_AUTH_ERROR:
+      error = std::string(identity_constants::kAuthFailure) +
+          service_error.ToString();
+      break;
+
+    default:
+      NOTREACHED() << "Unexpected error from gaia web auth flow: " << failure;
+      error = identity_constants::kInvalidRedirect;
+      break;
+  }
+
+  CompleteFunctionWithError(error);
 }
 
-void IdentityGetAuthTokenFunction::InstallUIAbort(bool user_initiated) {
+void IdentityGetAuthTokenFunction::OnGaiaFlowCompleted(
+    const std::string& token,
+    const std::string& expiration,
+    const std::string& error) {
+  if (!error.empty()) {
+    CompleteMintTokenFlow();
+    CompleteFunctionWithError(MapOAuth2ErrorToDescription(error));
+    return;
+  }
+
+  int time_to_live;
+  if (!expiration.empty() && base::StringToInt(expiration, &time_to_live)) {
+    const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(GetExtension());
+    IdentityTokenCacheValue token_value(
+        token, base::TimeDelta::FromSeconds(time_to_live));
+    IdentityAPI::GetFactoryInstance()->GetForProfile(profile())
+        ->SetCachedToken(GetExtension()->id(), oauth2_info.scopes, token_value);
+  }
+
   CompleteMintTokenFlow();
-  CompleteFunctionWithError(identity_constants::kUserRejected);
+  CompleteFunctionWithResult(token);
 }
 
 void IdentityGetAuthTokenFunction::StartGaiaRequest(
     OAuth2MintTokenFlow::Mode mode) {
   mint_token_flow_.reset(CreateMintTokenFlow(mode));
   mint_token_flow_->Start();
 }
 
 void IdentityGetAuthTokenFunction::ShowLoginPopup() {
   signin_flow_.reset(new IdentitySigninFlow(this, profile()));
   signin_flow_->Start();
 }
 
 void IdentityGetAuthTokenFunction::ShowOAuthApprovalDialog(
     const IssueAdviceInfo& issue_advice) {
-  install_ui_->ConfirmIssueAdvice(this, GetExtension(), issue_advice);
+  Browser* current_browser = this->GetCurrentBrowser();
+  chrome::HostDesktopType host_desktop_type =
+      current_browser ? current_browser->host_desktop_type()
+                      : chrome::GetActiveDesktop();
+  const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(GetExtension());
+
+  web_auth_flow_.reset(new GaiaWebAuthFlow(
+      this, profile(), host_desktop_type, GetExtension()->id(), oauth2_info));
+  web_auth_flow_->Start();
 }
 
 OAuth2MintTokenFlow* IdentityGetAuthTokenFunction::CreateMintTokenFlow(
     OAuth2MintTokenFlow::Mode mode) {
   const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(GetExtension());
   OAuth2MintTokenFlow* mint_token_flow =
       new OAuth2MintTokenFlow(
           profile()->GetRequestContext(),
           this,
           OAuth2MintTokenFlow::Parameters(
@@ skipping 14 matching lines @@
   }
 #endif
   return mint_token_flow;
 }
 
 bool IdentityGetAuthTokenFunction::HasLoginToken() const {
   TokenService* token_service = TokenServiceFactory::GetForProfile(profile());
   return token_service->HasOAuthLoginToken();
 }
 
+std::string IdentityGetAuthTokenFunction::MapOAuth2ErrorToDescription(
+    const std::string& error) {
+  const char kOAuth2ErrorAccessDenied[] = "access_denied";
+  const char kOAuth2ErrorInvalidScope[] = "invalid_scope";
+
+  if (error == kOAuth2ErrorAccessDenied)
+    return std::string(identity_constants::kUserRejected);
+  else if (error == kOAuth2ErrorInvalidScope)
+    return std::string(identity_constants::kInvalidScopes);
+  else
+    return std::string(identity_constants::kAuthFailure) + error;
+}
+
 IdentityRemoveCachedAuthTokenFunction::IdentityRemoveCachedAuthTokenFunction() {
 }
 
 IdentityRemoveCachedAuthTokenFunction::
     ~IdentityRemoveCachedAuthTokenFunction() {
 }
 
 bool IdentityRemoveCachedAuthTokenFunction::RunImpl() {
   if (profile()->IsOffTheRecord()) {
     error_ = identity_constants::kOffTheRecord;
@@ skipping 249 matching lines @@
     const IdentityAPI::TokenCacheKey& rhs) const {
   if (extension_id < rhs.extension_id)
     return true;
   else if (rhs.extension_id < extension_id)
     return false;
 
   return scopes < rhs.scopes;
 }
 
 }  // namespace extensions