Add ManagedUserTokenFetcher to fetch scoped-down tokens.

chrome/browser/managed_mode/managed_user_token_fetcher.cc

+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/managed_mode/managed_user_token_fetcher.h"
+
+#include "base/callback.h"
+#include "base/json/json_reader.h"
+#include "base/logging.h"
+#include "base/string16.h"
+#include "base/stringprintf.h"
+#include "base/utf_string_conversions.h"
+#include "base/values.h"
+#include "chrome/browser/signin/oauth2_token_service.h"
+#include "google_apis/gaia/gaia_oauth_client.h"
+#include "google_apis/gaia/gaia_urls.h"
+#include "google_apis/gaia/google_service_auth_error.h"
+#include "google_apis/gaia/oauth2_api_call_flow.h"
+#include "net/base/escape.h"
+#include "net/base/load_flags.h"
+#include "net/base/net_errors.h"
+#include "net/http/http_status_code.h"
+#include "net/url_request/url_fetcher.h"
+#include "net/url_request/url_request_status.h"
+
+using base::Time;
+using gaia::GaiaOAuthClient;
+using net::URLFetcher;
+using net::URLFetcherDelegate;
+using net::URLRequestContextGetter;
+
+namespace {
+
+const int kNumRetries = 1;
+
+static const char kChromeSyncManagedScope[] =
+    "https://www.googleapis.com/auth/chromesync_playpen";

[Andrew T Wilson (Slow), 2013/05/27 13:52:15]

You may want to move this into GaiaUrls - at the very least, it's useful to have
some way for QA to test this vs gaiastaging, and if you move this into GaiaUrls
then QA can override www.googleapis.com via a command-line switch.

[Bernhard Bauer, 2013/05/27 14:42:13]

This is a scope, not an actual URL that we resolve, so it's constant.

+
+static const char kIssueTokenBodyFormat[] =
+    "client_id=%s"
+    "&scope=&%s"
+    "&response_type=code"
+    "&profile_id=%s"
+    "&profile_name=%s"
+    "&device_name=%s";
+
+static const char kAuthorizationHeaderFormat[] =
+    "Authorization: Bearer %s";
+
+static const char kCodeKey[] = "code";
+
+class ManagedUserTokenFetcherImpl : public ManagedUserTokenFetcher,
+                                    public OAuth2TokenService::Consumer,
+                                    public URLFetcherDelegate,
+                                    public GaiaOAuthClient::Delegate {
+ public:
+  ManagedUserTokenFetcherImpl(OAuth2TokenService* oauth2_token_service,
+                              URLRequestContextGetter* context);
+  virtual ~ManagedUserTokenFetcherImpl();
+
+  // ManagedUserTokenFetcher implementation:
+  virtual void Start(const std::string& managed_user_id,
+                     const string16& name,
+                     const std::string& device_name,
+                     const TokenCallback& callback) OVERRIDE;
+
+ protected:
+  // OAuth2TokenService::Consumer implementation:
+  virtual void OnGetTokenSuccess(const OAuth2TokenService::Request* request,
+                                 const std::string& access_token,
+                                 const Time& expiration_time) OVERRIDE;
+  virtual void OnGetTokenFailure(const OAuth2TokenService::Request* request,
+                                 const GoogleServiceAuthError& error) OVERRIDE;
+
+  // net::URLFetcherDelegate implementation.
+  virtual void OnURLFetchComplete(const URLFetcher* source) OVERRIDE;
+
+// GaiaOAuthClient::Delegate implementation:

[Andrew T Wilson (Slow), 2013/05/27 13:52:15]

Incorrect indent on this comment.

[Bernhard Bauer, 2013/05/27 14:42:13]

Done.

+  virtual void OnGetTokensResponse(const std::string& refresh_token,
+                                   const std::string& access_token,
+                                   int expires_in_seconds) OVERRIDE;
+  virtual void OnRefreshTokenResponse(const std::string& access_token,
+                                      int expires_in_seconds) OVERRIDE;
+  virtual void OnOAuthError() OVERRIDE;
+  virtual void OnNetworkError(int response_code) OVERRIDE;
+
+ private:
+  void StartInternal();

[Andrew T Wilson (Slow), 2013/05/27 13:52:15]

Maybe a better name for this is worthwhile? What precisely does it do that
Start() does not?

[Bernhard Bauer, 2013/05/27 14:42:13]

Renamed to StartFetching() and added a comment.

+
+  void DispatchNetworkError(int error_code);
+  void DispatchGoogleServiceAuthError(GoogleServiceAuthError::State foo);
+
+  OAuth2TokenService* oauth2_token_service_;
+  URLRequestContextGetter* context_;
+
+  std::string device_name_;
+  std::string managed_user_id_;
+  string16 name_;
+  TokenCallback callback_;
+
+  scoped_ptr<OAuth2TokenService::Request> access_token_request_;
+  std::string access_token_;
+  scoped_ptr<URLFetcher> url_fetcher_;
+  scoped_ptr<GaiaOAuthClient> gaia_oauth_client_;
+};
+
+ManagedUserTokenFetcherImpl::ManagedUserTokenFetcherImpl(
+    OAuth2TokenService* oauth2_token_service,
+    URLRequestContextGetter* context)
+    : oauth2_token_service_(oauth2_token_service),
+      context_(context) {}
+
+ManagedUserTokenFetcherImpl::~ManagedUserTokenFetcherImpl() {}
+
+void ManagedUserTokenFetcherImpl::Start(
+    const std::string& managed_user_id,
+    const string16& name,
+    const std::string& device_name,
+    const TokenCallback& callback) {
+  DCHECK(callback_.is_null());
+  managed_user_id_ = managed_user_id;
+  name_ = name;
+  device_name_ = device_name;
+  callback_ = callback;
+  StartInternal();
+}
+
+void ManagedUserTokenFetcherImpl::StartInternal() {
+  access_token_request_ = oauth2_token_service_->StartRequest(
+      OAuth2TokenService::ScopeSet(), this);

[Andrew T Wilson (Slow), 2013/05/27 13:52:15]

What is this doing? You aren't passing any scopes in, so what are you expecting
the OAuth2TokenService to give you in this case?

[Bernhard Bauer, 2013/05/27 14:42:13]

See OAuth2AccessTokenFetcher::Start(): If the set of scopes is empty, the access
token will have the same scope as the refresh token. I added a comment to that
effect.

[Andrew T Wilson (Slow), 2013/05/27 16:41:24]

Yes, but OAuth2TokenService doesn't advertise that it does this - you're relying
on specific implementations of this class. I actually think that
OAuth2TokenService should probably add a DCHECK() to prevent calling it with an
empty scope, since the entire point of the class is to manage *scoped* tokens,
not pass back unscoped tokens.

I guess I still don't understand why you aren't just passing in
kChromeSyncManagedScope in to OAuth2TokenService and just returning the token it
provides (don't understand why you need to use GaiaAuthFetcher at all, since
OAuth2TokenService will return you a downscoped token). Come grab me tomorrow
morning and you can explain it to me because I think I'm just being dense.

+}
+
+void ManagedUserTokenFetcherImpl::OnGetTokenSuccess(
+    const OAuth2TokenService::Request* request,
+    const std::string& access_token,
+    const Time& expiration_time) {
+  DCHECK_EQ(access_token_request_.get(), request);
+  access_token_ = access_token;
+
+  GURL url(GaiaUrls::GetInstance()->oauth2_issue_token_url());
+  // GaiaOAuthClient uses id 0, so we use 1 to distinguish the requests in
+  // unit tests.
+  int id = 1;
+
+  url_fetcher_.reset(URLFetcher::Create(id, url, URLFetcher::POST, this));
+
+  url_fetcher_->SetRequestContext(context_);
+  url_fetcher_->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
+                             net::LOAD_DO_NOT_SAVE_COOKIES);
+  url_fetcher_->SetAutomaticallyRetryOnNetworkChanges(kNumRetries);
+  url_fetcher_->AddExtraRequestHeader(
+      base::StringPrintf(kAuthorizationHeaderFormat, access_token.c_str()));
+
+  std::string body = base::StringPrintf(
+      kIssueTokenBodyFormat,
+      net::EscapeUrlEncodedData(
+          GaiaUrls::GetInstance()->oauth2_chrome_client_id(), true).c_str(),
+      net::EscapeUrlEncodedData(kChromeSyncManagedScope, true).c_str(),
+      net::EscapeUrlEncodedData(managed_user_id_, true).c_str(),
+      net::EscapeUrlEncodedData(UTF16ToUTF8(name_), true).c_str(),
+      net::EscapeUrlEncodedData(device_name_, true).c_str());
+  url_fetcher_->SetUploadData("application/x-www-form-urlencoded", body);

[Andrew T Wilson (Slow), 2013/05/27 13:52:15]

This is the piece I don't understand. You are calling OAuth2TokenFetcher to mint
tokens, then you are trying to use those tokens to mint tokens again using
GaiaOAuthClient? I think I'm missing something.

[Bernhard Bauer, 2013/05/27 14:42:13]

Yes, the first time is for a regular access token for the custodian, the second
time fetches the downscoped token for the managed user.

+
+  url_fetcher_->Start();
+}
+
+void ManagedUserTokenFetcherImpl::OnGetTokenFailure(
+    const OAuth2TokenService::Request* request,
+    const GoogleServiceAuthError& error) {
+  DCHECK_EQ(access_token_request_.get(), request);
+  callback_.Run(error, std::string());
+  callback_.Reset();
+}
+
+void ManagedUserTokenFetcherImpl::OnURLFetchComplete(
+    const URLFetcher* source) {
+  const net::URLRequestStatus& status = source->GetStatus();
+  if (!status.is_success()) {
+    DispatchNetworkError(status.error());
+    return;
+  }
+
+  int response_code = source->GetResponseCode();
+  if (response_code == net::HTTP_UNAUTHORIZED) {
+    oauth2_token_service_->InvalidateToken(OAuth2TokenService::ScopeSet(),
+                                           access_token_);
+    StartInternal();
+    return;
+  }
+
+  if (response_code != net::HTTP_OK) {
+    // TODO(bauerb): We should return the HTTP response code somehow.
+    LOG(WARNING) << "HTTP error " << response_code;
+    DispatchGoogleServiceAuthError(GoogleServiceAuthError::CONNECTION_FAILED);
+    return;
+  }
+
+  std::string response_body;
+  source->GetResponseAsString(&response_body);
+  scoped_ptr<base::Value> value(base::JSONReader::Read(response_body));
+  DictionaryValue* dict = NULL;
+  if (!value.get() || !value->GetAsDictionary(&dict)) {
+    DispatchNetworkError(net::ERR_INVALID_RESPONSE);
+    return;
+  }
+  std::string auth_code;
+  if (!dict->GetString(kCodeKey, &auth_code)) {
+    DispatchNetworkError(net::ERR_INVALID_RESPONSE);
+    return;
+  }
+
+  gaia::OAuthClientInfo client_info;
+  GaiaUrls* urls = GaiaUrls::GetInstance();
+  client_info.client_id = urls->oauth2_chrome_client_id();
+  client_info.client_secret = urls->oauth2_chrome_client_secret();
+  gaia_oauth_client_.reset(
+      new gaia::GaiaOAuthClient(GaiaUrls::GetInstance()->oauth2_token_url(),
+                                context_));
+  gaia_oauth_client_->GetTokensFromAuthCode(client_info, auth_code, kNumRetries,
+                                            this);
+}
+
+void ManagedUserTokenFetcherImpl::OnGetTokensResponse(
+    const std::string& refresh_token,
+    const std::string& access_token,
+    int expires_in_seconds) {
+  // TODO(bauerb): It would be nice if we could pass the access token as well,
+  // so we don't need to fetch another one immediately.
+  GoogleServiceAuthError error(GoogleServiceAuthError::NONE);
+  callback_.Run(error, refresh_token);
+  callback_.Reset();
+}
+
+void ManagedUserTokenFetcherImpl::OnRefreshTokenResponse(
+    const std::string& access_token,
+    int expires_in_seconds) {
+  NOTREACHED();
+}
+
+void ManagedUserTokenFetcherImpl::OnOAuthError() {
+  DispatchGoogleServiceAuthError(GoogleServiceAuthError::CONNECTION_FAILED);
+}
+
+void ManagedUserTokenFetcherImpl::OnNetworkError(int response_code) {
+  // TODO(bauerb): We should return the HTTP response code somehow.
+  LOG(WARNING) << "HTTP error " << response_code;
+  DispatchGoogleServiceAuthError(GoogleServiceAuthError::CONNECTION_FAILED);
+}
+
+void ManagedUserTokenFetcherImpl::DispatchNetworkError(int error_code) {
+  callback_.Run(GoogleServiceAuthError::FromConnectionError(error_code),
+                std::string());
+  callback_.Reset();
+}
+
+void ManagedUserTokenFetcherImpl::DispatchGoogleServiceAuthError(
+    GoogleServiceAuthError::State state) {
+  GoogleServiceAuthError error(state);
+  callback_.Run(error, std::string());

[Andrew T Wilson (Slow), 2013/05/27 13:52:15]

Does it make sense to refactor all these callback_.Run() + callback_.Reset()
calls into a single routine?

[Bernhard Bauer, 2013/05/27 14:42:13]

Honestly, I don't know. I have three cases where I call the callback: 

* no error, received a token
* error with GoogleServiceAuthError::State, no token
* error with network error, no token

I could factor out a method that takes a GoogleServiceAuthError and a string,
but that would only save me a call to .Reset, and in exchange I'd need to
construct the GoogleServiceAuthError myself. You think it's worth doing?

+  callback_.Reset();
+}
+
+}  // namespace
+
+// static
+scoped_ptr<ManagedUserTokenFetcher> ManagedUserTokenFetcher::Create(
+    OAuth2TokenService* oauth2_token_service,
+    URLRequestContextGetter* context) {
+  scoped_ptr<ManagedUserTokenFetcher> fetcher(
+      new ManagedUserTokenFetcherImpl(oauth2_token_service, context));
+  return fetcher.Pass();
+}
+
+ManagedUserTokenFetcher::~ManagedUserTokenFetcher() {}