Use OAuth2 token for sync

chrome/browser/sync/profile_sync_service.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/sync/profile_sync_service.h"
 
 #include <cstddef>
 #include <map>
 #include <set>
 #include <utility>
@@ skipping 12 matching lines @@
 #include "base/threading/thread_restrictions.h"
 #include "build/build_config.h"
 #include "chrome/browser/about_flags.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/defaults.h"
 #include "chrome/browser/net/chrome_cookie_notification_details.h"
 #include "chrome/browser/prefs/pref_service_syncable.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/signin/about_signin_internals.h"
 #include "chrome/browser/signin/about_signin_internals_factory.h"
+#include "chrome/browser/signin/profile_oauth2_token_service.h"
+#include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
 #include "chrome/browser/signin/token_service.h"
 #include "chrome/browser/signin/token_service_factory.h"
 #include "chrome/browser/sync/backend_migrator.h"
 #include "chrome/browser/sync/glue/change_processor.h"
 #include "chrome/browser/sync/glue/chrome_encryptor.h"
 #include "chrome/browser/sync/glue/chrome_report_unrecoverable_error.h"
 #include "chrome/browser/sync/glue/data_type_controller.h"
 #include "chrome/browser/sync/glue/device_info.h"
@@ skipping 61 matching lines @@
 typedef GoogleServiceAuthError AuthError;
 
 const char* ProfileSyncService::kSyncServerUrl =
     "https://clients4.google.com/chrome-sync";
 
 const char* ProfileSyncService::kDevServerUrl =
     "https://clients4.google.com/chrome-sync/dev";
 
 static const int kSyncClearDataTimeoutInSeconds = 60;  // 1 minute.
 
-static const char* kRelevantTokenServices[] = {
-    GaiaConstants::kSyncService
+static const char* kOAuth2Scopes[] = {
+  GaiaConstants::kChromeSyncOAuth2Scope,
+  // GoogleTalk scope is needed for notifications.
+  GaiaConstants::kGoogleTalkOAuth2Scope
 };
-static const int kRelevantTokenServicesCount =
-    arraysize(kRelevantTokenServices);
+
 
 static const char* kSyncUnrecoverableErrorHistogram =
     "Sync.UnrecoverableErrors";
 
-// Helper to check if the given token service is relevant for sync.
-static bool IsTokenServiceRelevant(const std::string& service) {
-  for (int i = 0; i < kRelevantTokenServicesCount; ++i) {
-    if (service == kRelevantTokenServices[i])
-      return true;
-  }
-  return false;
-}
+const net::BackoffEntry::Policy kRequestAccessTokenBackoffPolicy = {
+  // Number of initial errors (in sequence) to ignore before applying
+  // exponential back-off rules.
+  0,
+
+  // Initial delay for exponential back-off in ms.
+  2000,
+
+  // Factor by which the waiting time will be multiplied.
+  2,
+
+  // Fuzzing percentage. ex: 10% will spread requests randomly
+  // between 90%-100% of the calculated time.
+  0.2, // 20%
+
+  // Maximum amount of time we are willing to delay our request in ms.
+  // TODO(pavely): crbug.com/246686 ProfileSyncService should retry
+  // RequestAccessToken on connection state change after backoff
+  1000 * 3600 * 4, // 4 hours.
+
+  // Time to keep an entry from being discarded even when it
+  // has no significant state, -1 to never discard.
+  -1,
+
+  // Don't use initial delay unless the last request was an error.
+  false,
+};
 
 bool ShouldShowActionOnUI(
     const syncer::SyncProtocolError& error) {
   return (error.action != syncer::UNKNOWN_ACTION &&
           error.action != syncer::DISABLE_SYNC_ON_CLIENT &&
           error.action != syncer::STOP_SYNC_FOR_DISABLED_ACCOUNT);
 }
 
 ProfileSyncService::ProfileSyncService(ProfileSyncComponentsFactory* factory,
                                        Profile* profile,
@@ skipping 15 matching lines @@
       signin_(signin_manager),
       unrecoverable_error_reason_(ERROR_REASON_UNSET),
       weak_factory_(this),
       expect_sync_configuration_aborted_(false),
       encrypted_types_(syncer::SyncEncryptionHandler::SensitiveTypes()),
       encrypt_everything_(false),
       encryption_pending_(false),
       auto_start_enabled_(start_behavior == AUTO_START),
       configure_status_(DataTypeManager::UNKNOWN),
       setup_in_progress_(false),
-      invalidator_state_(syncer::DEFAULT_INVALIDATION_ERROR) {
+      invalidator_state_(syncer::DEFAULT_INVALIDATION_ERROR),
+      request_access_token_backoff_(&kRequestAccessTokenBackoffPolicy) {
   // By default, dev, canary, and unbranded Chromium users will go to the
   // development servers. Development servers have more features than standard
   // sync servers. Users with officially-branded Chrome stable and beta builds
   // will go to the standard sync servers.
   //
   // GetChannel hits the registry on Windows. See http://crbug.com/70380.
   base::ThreadRestrictions::ScopedAllowIO allow_io;
   chrome::VersionInfo::Channel channel = chrome::VersionInfo::GetChannel();
   if (channel == chrome::VersionInfo::CHANNEL_STABLE ||
       channel == chrome::VersionInfo::CHANNEL_BETA) {
@@ skipping 11 matching lines @@
 
 bool ProfileSyncService::IsSyncEnabledAndLoggedIn() {
   // Exit if sync is disabled.
   if (IsManaged() || sync_prefs_.IsStartSuppressed())
     return false;
 
   // Sync is logged in if there is a non-empty effective username.
   return !GetEffectiveUsername().empty();
 }
 
-bool ProfileSyncService::IsSyncTokenAvailable() {
-  TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
-  if (!token_service)
-    return false;
-  return token_service->HasTokenForService(GaiaConstants::kSyncService);
+bool ProfileSyncService::IsOAuthRefreshTokenAvailable() {

[tim (not reviewing), 2013/06/12 21:54:49]

Are we sure this isn't called from any place that depends on your new command
line flag?  I know the webui/ places are safe, because they don't exist on
Android either, but perhaps a DCHECK here that the flag is not passed.

+  if (use_oauth2_token_) {
+    ProfileOAuth2TokenService* token_service =
+        ProfileOAuth2TokenServiceFactory::GetForProfile(profile_);
+    if (!token_service)
+      return false;
+    return token_service->RefreshTokenIsAvailable();
+  } else {
+    TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
+    if (!token_service)
+      return false;
+    return token_service->HasTokenForService(GaiaConstants::kSyncService);
+  }
 }
 
 void ProfileSyncService::Initialize() {
   DCHECK(!invalidator_registrar_.get());
   invalidator_registrar_.reset(new syncer::InvalidatorRegistrar());
 
   InitSettings();
 
   // We clear this here (vs Shutdown) because we want to remember that an error
   // happened on shutdown so we can display details (message, location) about it
@@ skipping 57 matching lines @@
     return;
   TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
   if (!token_service)
     return;
   // Don't start the backend if the token service hasn't finished loading tokens
   // yet. Note if the backend is started before the sync token has been loaded,
   // GetCredentials() will return bogus credentials. On auto_start platforms
   // (like ChromeOS) we don't start sync until tokens are loaded, because the
   // user can be "signed in" on those platforms long before the tokens get
   // loaded, and we don't want to generate spurious auth errors.
-  if (!IsSyncTokenAvailable() &&
+  if (!IsOAuthRefreshTokenAvailable() &&
       !(!auto_start_enabled_ && token_service->TokensLoadedFromDB())) {
     return;
   }
 
+  if (use_oauth2_token_) {
+    // If we got here then tokens are loaded and user logged in and sync is
+    // enabled. If OAuth refresh token is not available then something is wrong.
+    // When PSS requests access token, OAuth2TokenService will return error and
+    // PSS will show error to user asking to reauthenticate.
+    UMA_HISTOGRAM_BOOLEAN("Sync.CredentialsLost",

[tim (not reviewing), 2013/06/12 21:54:49]

What's the rationale for moving this from GetCredentials?

[pavely, 2013/06/12 23:12:32]

In OAuth2 world if access_token_ is empty in GetCredentials doesn't mean that
credentials are lost. The criteria should be if refresh token is available. By
the time GetCredentials is called access_token_ is already populated and there
is no need to query TokenService for anything. So I thought that checking for
refresh token in GetCredentials is not the right place and this would be better
place.

+        !IsOAuthRefreshTokenAvailable());
+  }
+
   // If sync setup has completed we always start the backend. If the user is in
   // the process of setting up now, we should start the backend to download
   // account control state / encryption information). If autostart is enabled,
   // but we haven't completed sync setup, we try to start sync anyway, since
   // it's possible we crashed/shutdown after logging in but before the backend
   // finished initializing the last time.
   //
   // However, the only time we actually need to start sync _immediately_ is if
   // we haven't completed sync setup and the user is in the process of setting
   // up - either they just signed in (for the first time) on an auto-start
@@ skipping 103 matching lines @@
     if (!value.empty()) {
       GURL custom_sync_url(value);
       if (custom_sync_url.is_valid()) {
         sync_service_url_ = custom_sync_url;
       } else {
         LOG(WARNING) << "The following sync URL specified at the command-line "
                      << "is invalid: " << value;
       }
     }
   }
+
+  use_oauth2_token_ = !command_line.HasSwitch(
+      switches::kSyncDisableOAuth2Token);
 }
 
 SyncCredentials ProfileSyncService::GetCredentials() {
   SyncCredentials credentials;
   credentials.email = GetEffectiveUsername();
   DCHECK(!credentials.email.empty());
-  TokenService* service = TokenServiceFactory::GetForProfile(profile_);
-  if (service->HasTokenForService(GaiaConstants::kSyncService)) {
-    credentials.sync_token = service->GetTokenForService(
-        GaiaConstants::kSyncService);
-    credentials.sync_token_time =
-        AboutSigninInternalsFactory::GetForProfile(profile_)->
-            GetTokenTime(GaiaConstants::kSyncService);
-    UMA_HISTOGRAM_BOOLEAN("Sync.CredentialsLost", false);
+  if (use_oauth2_token_) {
+    credentials.sync_token = access_token_;
   } else {
-    // We've lost our sync credentials (crbug.com/121755), so just make up some
-    // invalid credentials so the backend will generate an auth error.
-    UMA_HISTOGRAM_BOOLEAN("Sync.CredentialsLost", true);
+    TokenService* service = TokenServiceFactory::GetForProfile(profile_);
+    if (service->HasTokenForService(GaiaConstants::kSyncService)) {
+      credentials.sync_token = service->GetTokenForService(
+          GaiaConstants::kSyncService);
+    }
+  }
+
+  if (credentials.sync_token.empty())
     credentials.sync_token = "credentials_lost";
-  }
   return credentials;
 }
 
 void ProfileSyncService::InitializeBackend(bool delete_stale_data) {
   if (!backend_) {
     NOTREACHED();
     return;
   }
 
   SyncCredentials credentials = GetCredentials();
@@ skipping 46 matching lines @@
 
 void ProfileSyncService::StartUp(StartUpDeferredOption deferred_option) {
   // Don't start up multiple times.
   if (backend_) {
     DVLOG(1) << "Skipping bringing up backend host.";
     return;
   }
 
   DCHECK(IsSyncEnabledAndLoggedIn());
 
+  if (use_oauth2_token_ && access_token_.empty()) {
+    RequestAccessToken();
+    return;
+  }
+
   if (start_up_time_.is_null()) {
     start_up_time_ = base::Time::Now();
     last_synced_time_ = sync_prefs_.GetLastSyncedTime();
 
 #if defined(OS_CHROMEOS)
     std::string bootstrap_token = sync_prefs_.GetEncryptionBootstrapToken();
     if (bootstrap_token.empty()) {
       sync_prefs_.SetEncryptionBootstrapToken(
           sync_prefs_.GetSpareBootstrapToken());
     }
@@ skipping 127 matching lines @@
     // If |backend_| is NULL, save the acknowledgements to replay when
     // it's created and initialized.
     ack_replay_queue_.push_back(std::make_pair(id, ack_handle));
   }
 }
 
 syncer::InvalidatorState ProfileSyncService::GetInvalidatorState() const {
   return invalidator_registrar_->GetInvalidatorState();
 }
 
+void ProfileSyncService::OnGetTokenSuccess(
+    const OAuth2TokenService::Request* request,
+    const std::string& access_token,
+    const base::Time& expiration_time) {
+  DCHECK_EQ(access_token_request_, request);
+  access_token_request_.reset();
+  // Reset backoff time after successful response.
+  request_access_token_backoff_.Reset();
+  access_token_ = access_token;
+  if (backend_)
+    backend_->UpdateCredentials(GetCredentials());
+  else
+    TryStart();
+}
+
+void ProfileSyncService::OnGetTokenFailure(
+    const OAuth2TokenService::Request* request,
+    const GoogleServiceAuthError& error) {
+  DCHECK_EQ(access_token_request_, request);
+  DCHECK_NE(error.state(), GoogleServiceAuthError::NONE);
+  access_token_request_.reset();
+  switch (error.state()) {
+    case GoogleServiceAuthError::CONNECTION_FAILED:
+    case GoogleServiceAuthError::SERVICE_UNAVAILABLE: {
+      // Transient error. Retry after some time.
+      request_access_token_backoff_.InformOfRequest(false);
+      request_access_token_retry_timer_.Start(
+            FROM_HERE,
+            request_access_token_backoff_.GetTimeUntilRelease(),
+            base::Bind(&ProfileSyncService::RequestAccessToken,
+                        weak_factory_.GetWeakPtr()));
+      break;
+    }
+    case GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS: {
+      // Report time since token was issued for invalid credentials error.
+      // TODO(pavely): crbug.com/246817 Collect UMA histogram for auth token
+      // rejections from invalidation service.
+      base::Time auth_token_time =
+          AboutSigninInternalsFactory::GetForProfile(profile_)->
+              GetTokenTime(GaiaConstants::kGaiaOAuth2LoginRefreshToken);
+      if (!auth_token_time.is_null()) {
+        base::TimeDelta age = base::Time::Now() - auth_token_time;
+        if (age < base::TimeDelta::FromHours(1)) {
+          UMA_HISTOGRAM_CUSTOM_TIMES("Sync.AuthServerRejectedTokenAgeShort",
+                                     age,
+                                     base::TimeDelta::FromSeconds(1),
+                                     base::TimeDelta::FromHours(1),
+                                     50);
+        }
+        UMA_HISTOGRAM_COUNTS("Sync.AuthServerRejectedTokenAgeLong",
+                             age.InDays());
+      }
+      // Fallthrough.
+    }
+    default: {
+      // Show error to user.
+      UpdateAuthErrorState(error);
+    }
+  }
+}
+
 void ProfileSyncService::EmitInvalidationForTest(
     const invalidation::ObjectId& id,
     const std::string& payload) {
   syncer::ObjectIdSet notify_ids;
   notify_ids.insert(id);
 
   const syncer::ObjectIdInvalidationMap& invalidation_map =
       ObjectIdSetToInvalidationMap(notify_ids, payload);
   OnIncomingInvalidation(invalidation_map);
 }
@@ skipping 59 matching lines @@
   is_auth_in_progress_ = false;
   backend_initialized_ = false;
   // NULL if we're called from Shutdown().
   if (invalidator_registrar_)
     UpdateInvalidatorRegistrarState();
   cached_passphrase_.clear();
   encryption_pending_ = false;
   encrypt_everything_ = false;
   encrypted_types_ = syncer::SyncEncryptionHandler::SensitiveTypes();
   passphrase_required_reason_ = syncer::REASON_PASSPHRASE_NOT_REQUIRED;
-  start_up_time_ = base::Time();
+  request_access_token_retry_timer_.Stop();
   // Revert to "no auth error".
   if (last_auth_error_.state() != GoogleServiceAuthError::NONE)
     UpdateAuthErrorState(GoogleServiceAuthError::AuthErrorNone());
 
   if (sync_global_error_) {
     GlobalErrorServiceFactory::GetForProfile(profile_)->RemoveGlobalError(
         sync_global_error_.get());
     RemoveObserver(sync_global_error_.get());
     sync_global_error_.reset(NULL);
   }
@@ skipping 329 matching lines @@
     default:
       NOTREACHED();
       return AuthError(AuthError::CONNECTION_FAILED);
   }
 }
 
 }  // namespace
 
 void ProfileSyncService::OnConnectionStatusChange(
     syncer::ConnectionStatus status) {
-  const GoogleServiceAuthError auth_error =
-      ConnectionStatusToAuthError(status);
-  DVLOG(1) << "Connection status change: " << auth_error.ToString();
-  UpdateAuthErrorState(auth_error);
+  if (use_oauth2_token_ && status == syncer::CONNECTION_AUTH_ERROR) {
+    // Sync or Tango server returned error indicating that access token is
+    // invalid. It could be either expired or access is revoked. Let's request
+    // another access token and if access is revoked then request for token will
+    // fail with corresponding error.
+    RequestAccessToken();
+  } else {
+    const GoogleServiceAuthError auth_error =
+        ConnectionStatusToAuthError(status);
+    DVLOG(1) << "Connection status change: " << auth_error.ToString();
+    UpdateAuthErrorState(auth_error);
+  }
 }
 
 void ProfileSyncService::OnStopSyncingPermanently() {
   sync_prefs_.SetStartSuppressed(true);
   DisableForUser();
 }
 
 void ProfileSyncService::OnPassphraseRequired(
     syncer::PassphraseRequiredReason reason,
     const sync_pb::EncryptedData& pending_keys) {
@@ skipping 703 matching lines @@
     }
   }
 
   // If we get here, we don't have pending keys (or at least, the passphrase
   // doesn't decrypt them) - just try to re-encrypt using the encryption
   // passphrase.
   if (!IsUsingSecondaryPassphrase())
     SetEncryptionPassphrase(passphrase, IMPLICIT);
 }
 
+void ProfileSyncService::RequestAccessToken() {
+  // Only one active request at a time.
+  if (access_token_request_ != NULL)
+    return;
+  request_access_token_retry_timer_.Stop();
+  OAuth2TokenService::ScopeSet oauth2_scopes;
+  for (size_t i = 0; i < arraysize(kOAuth2Scopes); i++)
+    oauth2_scopes.insert(kOAuth2Scopes[i]);
+  OAuth2TokenService* token_service =
+      ProfileOAuth2TokenServiceFactory::GetForProfile(profile_);
+  // Invalidate previous token, otherwise token service will return the same
+  // token again.
+  token_service->InvalidateToken(oauth2_scopes, access_token_);
+  access_token_.clear();
+  access_token_request_ = token_service->StartRequest(oauth2_scopes, this);
+}
+
 void ProfileSyncService::SetEncryptionPassphrase(const std::string& passphrase,
                                                  PassphraseType type) {
   // This should only be called when the backend has been initialized.
   DCHECK(sync_initialized());
   DCHECK(!(type == IMPLICIT && IsUsingSecondaryPassphrase())) <<
       "Data is already encrypted using an explicit passphrase";
   DCHECK(!(type == EXPLICIT &&
            passphrase_required_reason_ == syncer::REASON_DECRYPTION)) <<
          "Can not set explicit passphrase when decryption is needed.";
 
@@ skipping 59 matching lines @@
     DisableForUser();
   } else {
     // Sync is no longer disabled by policy. Try starting it up if appropriate.
     TryStart();
   }
 }
 
 void ProfileSyncService::Observe(int type,
                                  const content::NotificationSource& source,
                                  const content::NotificationDetails& details) {
+  const char* sync_token_service = use_oauth2_token_ ?
+      GaiaConstants::kGaiaOAuth2LoginRefreshToken : GaiaConstants::kSyncService;
   switch (type) {
     case chrome::NOTIFICATION_GOOGLE_SIGNIN_SUCCESSFUL: {
       const GoogleServiceSigninSuccessDetails* successful =
           content::Details<const GoogleServiceSigninSuccessDetails>(
               details).ptr();
       if (!sync_prefs_.IsStartSuppressed() &&
           !successful->password.empty()) {
         cached_passphrase_ = successful->password;
         // Try to consume the passphrase we just cached. If the sync backend
         // is not running yet, the passphrase will remain cached until the
         // backend starts up.
         ConsumeCachedPassphraseIfPossible();
       }
 #if defined(OS_CHROMEOS)
       RefreshSpareBootstrapToken(successful->password);
 #endif
       if (!sync_initialized() ||
           GetAuthError().state() != AuthError::NONE) {
         // Track the fact that we're still waiting for auth to complete.
         is_auth_in_progress_ = true;
       }
       break;
     }
     case chrome::NOTIFICATION_TOKEN_REQUEST_FAILED: {
+      // TODO(atwilson): sync shouldn't report refresh token request failures.
+      // TokenService should do that instead.
       const TokenService::TokenRequestFailedDetails& token_details =
           *(content::Details<const TokenService::TokenRequestFailedDetails>(
               details).ptr());
-      if (IsTokenServiceRelevant(token_details.service()) &&
-          !IsSyncTokenAvailable()) {
-        // The additional check around IsSyncTokenAvailable() above prevents us
-        // sounding the alarm if we actually have a valid token but a refresh
-        // attempt by TokenService failed for any variety of reasons (e.g. flaky
-        // network). It's possible the token we do have is also invalid, but in
-        // that case we should already have (or can expect) an auth error sent
-        // from the sync backend.
+      if (token_details.service() == sync_token_service &&
+          !IsOAuthRefreshTokenAvailable()) {
+        // The additional check around IsOAuthRefreshTokenAvailable() above
+        // prevents us sounding the alarm if we actually have a valid token but
+        // a refresh attempt by TokenService failed for any variety of reasons
+        // (e.g. flaky network). It's possible the token we do have is also
+        // invalid, but in that case we should already have (or can expect) an
+        // auth error sent from the sync backend.
         AuthError error(AuthError::INVALID_GAIA_CREDENTIALS);
         UpdateAuthErrorState(error);
       }
       break;
     }
     case chrome::NOTIFICATION_TOKEN_AVAILABLE: {
+      // TODO(atwilson): Listen for notifications on OAuth2TokenService
+      // (crbug.com/243737)
       const TokenService::TokenAvailableDetails& token_details =
           *(content::Details<const TokenService::TokenAvailableDetails>(
               details).ptr());
-      if (!IsTokenServiceRelevant(token_details.service()))
+      if (token_details.service() != sync_token_service)
         break;
     } // Fall through.
     case chrome::NOTIFICATION_TOKEN_LOADING_FINISHED: {
       // This notification gets fired when TokenService loads the tokens
       // from storage.
       // Initialize the backend if sync is enabled. If the sync token was
       // not loaded, GetCredentials() will generate invalid credentials to
       // cause the backend to generate an auth error (crbug.com/121755).
-      if (backend_)
-        backend_->UpdateCredentials(GetCredentials());
-      else
+      if (backend_) {
+        if (use_oauth2_token_)
+          RequestAccessToken();
+        else
+          backend_->UpdateCredentials(GetCredentials());
+      } else {
         TryStart();
+      }
       break;
     }
     case chrome::NOTIFICATION_TOKENS_CLEARED: {
       // GetCredentials() will generate invalid credentials to cause the backend
       // to generate an auth error.
+      access_token_.clear();
       if (backend_)
         backend_->UpdateCredentials(GetCredentials());
       break;
     }
     case chrome::NOTIFICATION_GOOGLE_SIGNED_OUT:
       sync_disabled_by_admin_ = false;
       DisableForUser();
       break;
     default: {
       NOTREACHED();
@@ skipping 116 matching lines @@
 std::string ProfileSyncService::GetEffectiveUsername() {
 #if defined(ENABLE_MANAGED_USERS)
   if (ManagedUserService::ProfileIsManaged(profile_)) {
     DCHECK_EQ(std::string(), signin_->GetAuthenticatedUsername());
     return ManagedUserService::GetManagedUserPseudoEmail();
   }
 #endif
 
   return signin_->GetAuthenticatedUsername();
 }
-