Chromium Code Reviews Chromium Code Reviews
Issue 17109006:
Device robot refresh token integrity validation. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "google_apis/gaia/gaia_oauth_client.h" | 5 #include "google_apis/gaia/gaia_oauth_client.h" |
| 6 | 6 |
| 7 #include "base/json/json_reader.h" | 7 #include "base/json/json_reader.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "base/string_util.cc" | |
| 10 #include "base/values.h" | 11 #include "base/values.h" |
| 11 #include "google_apis/gaia/gaia_urls.h" | 12 #include "google_apis/gaia/gaia_urls.h" |
| 12 #include "googleurl/src/gurl.h" | 13 #include "googleurl/src/gurl.h" |
| 13 #include "net/base/escape.h" | 14 #include "net/base/escape.h" |
| 14 #include "net/http/http_status_code.h" | 15 #include "net/http/http_status_code.h" |
| 15 #include "net/url_request/url_fetcher.h" | 16 #include "net/url_request/url_fetcher.h" |
| 16 #include "net/url_request/url_fetcher_delegate.h" | 17 #include "net/url_request/url_fetcher_delegate.h" |
| 17 #include "net/url_request/url_request_context_getter.h" | 18 #include "net/url_request/url_request_context_getter.h" |
| 18 | 19 |
| 19 namespace { | 20 namespace { |
| (...skipping 16 matching lines...) Expand all Loading... | |
| 36 delegate_(NULL), | 37 delegate_(NULL), |
| 37 request_type_(NO_PENDING_REQUEST) { | 38 request_type_(NO_PENDING_REQUEST) { |
| 38 } | 39 } |
| 39 | 40 |
| 40 void GetTokensFromAuthCode(const OAuthClientInfo& oauth_client_info, | 41 void GetTokensFromAuthCode(const OAuthClientInfo& oauth_client_info, |
| 41 const std::string& auth_code, | 42 const std::string& auth_code, |
| 42 int max_retries, | 43 int max_retries, |
| 43 GaiaOAuthClient::Delegate* delegate); | 44 GaiaOAuthClient::Delegate* delegate); |
| 44 void RefreshToken(const OAuthClientInfo& oauth_client_info, | 45 void RefreshToken(const OAuthClientInfo& oauth_client_info, |
| 45 const std::string& refresh_token, | 46 const std::string& refresh_token, |
| 47 const std::vector<std::string>& scopes, | |
| 46 int max_retries, | 48 int max_retries, |
| 47 GaiaOAuthClient::Delegate* delegate); | 49 GaiaOAuthClient::Delegate* delegate); |
| 48 void GetUserInfo(const std::string& oauth_access_token, | 50 void GetUserInfo(const std::string& oauth_access_token, |
| 51 int max_retries, | |
| 52 Delegate* delegate); | |
| 53 void GetTokenInfo(const std::string& oauth_access_token, | |
| 49 int max_retries, | 54 int max_retries, |
| 50 Delegate* delegate); | 55 Delegate* delegate); |
| 51 | 56 |
| 52 // net::URLFetcherDelegate implementation. | 57 // net::URLFetcherDelegate implementation. |
| 53 virtual void OnURLFetchComplete(const net::URLFetcher* source) OVERRIDE; | 58 virtual void OnURLFetchComplete(const net::URLFetcher* source) OVERRIDE; |
| 54 | 59 |
| 55 private: | 60 private: |
| 56 friend class base::RefCountedThreadSafe<Core>; | 61 friend class base::RefCountedThreadSafe<Core>; |
| 57 | 62 |
| 58 enum RequestType { | 63 enum RequestType { |
| 59 NO_PENDING_REQUEST, | 64 NO_PENDING_REQUEST, |
| 60 TOKENS_FROM_AUTH_CODE, | 65 TOKENS_FROM_AUTH_CODE, |
| 61 REFRESH_TOKEN, | 66 REFRESH_TOKEN, |
| 67 TOKEN_INFO, | |
| 62 USER_INFO, | 68 USER_INFO, |
| 63 }; | 69 }; |
| 64 | 70 |
| 65 virtual ~Core() {} | 71 virtual ~Core() {} |
| 66 | 72 |
| 67 void MakeGaiaRequest(const std::string& post_body, | 73 void MakeGaiaRequest(const GURL& url, |
| 74 const std::string& post_body, | |
| 68 int max_retries, | 75 int max_retries, |
| 69 GaiaOAuthClient::Delegate* delegate); | 76 GaiaOAuthClient::Delegate* delegate); |
| 70 void HandleResponse(const net::URLFetcher* source, | 77 void HandleResponse(const net::URLFetcher* source, |
| 71 bool* should_retry_request); | 78 bool* should_retry_request); |
| 72 | 79 |
| 73 GURL gaia_url_; | 80 GURL gaia_url_; |
| 74 int num_retries_; | 81 int num_retries_; |
| 75 scoped_refptr<net::URLRequestContextGetter> request_context_getter_; | 82 scoped_refptr<net::URLRequestContextGetter> request_context_getter_; |
| 76 GaiaOAuthClient::Delegate* delegate_; | 83 GaiaOAuthClient::Delegate* delegate_; |
| 77 scoped_ptr<net::URLFetcher> request_; | 84 scoped_ptr<net::URLFetcher> request_; |
| 78 RequestType request_type_; | 85 RequestType request_type_; |
| 79 }; | 86 }; |
| 80 | 87 |
| 81 void GaiaOAuthClient::Core::GetTokensFromAuthCode( | 88 void GaiaOAuthClient::Core::GetTokensFromAuthCode( |
| 82 const OAuthClientInfo& oauth_client_info, | 89 const OAuthClientInfo& oauth_client_info, |
| 83 const std::string& auth_code, | 90 const std::string& auth_code, |
| 84 int max_retries, | 91 int max_retries, |
| 85 GaiaOAuthClient::Delegate* delegate) { | 92 GaiaOAuthClient::Delegate* delegate) { |
| 86 DCHECK_EQ(request_type_, NO_PENDING_REQUEST); | 93 DCHECK_EQ(request_type_, NO_PENDING_REQUEST); |
| 87 request_type_ = TOKENS_FROM_AUTH_CODE; | 94 request_type_ = TOKENS_FROM_AUTH_CODE; |
| 88 std::string post_body = | 95 std::string post_body = |
| 89 "code=" + net::EscapeUrlEncodedData(auth_code, true) + | 96 "code=" + net::EscapeUrlEncodedData(auth_code, true) + |
| 90 "&client_id=" + net::EscapeUrlEncodedData(oauth_client_info.client_id, | 97 "&client_id=" + net::EscapeUrlEncodedData(oauth_client_info.client_id, |
| 91 true) + | 98 true) + |
| 92 "&client_secret=" + | 99 "&client_secret=" + |
| 93 net::EscapeUrlEncodedData(oauth_client_info.client_secret, true) + | 100 net::EscapeUrlEncodedData(oauth_client_info.client_secret, true) + |
| 94 "&redirect_uri=" + | 101 "&redirect_uri=" + |
| 95 net::EscapeUrlEncodedData(oauth_client_info.redirect_uri, true) + | 102 net::EscapeUrlEncodedData(oauth_client_info.redirect_uri, true) + |
| 96 "&grant_type=authorization_code"; | 103 "&grant_type=authorization_code"; |
| 97 MakeGaiaRequest(post_body, max_retries, delegate); | 104 MakeGaiaRequest(gaia_url_, post_body, max_retries, delegate); |
| 98 } | 105 } |
| 99 | 106 |
| 100 void GaiaOAuthClient::Core::RefreshToken( | 107 void GaiaOAuthClient::Core::RefreshToken( |
| 101 const OAuthClientInfo& oauth_client_info, | 108 const OAuthClientInfo& oauth_client_info, |
| 102 const std::string& refresh_token, | 109 const std::string& refresh_token, |
| 110 const std::vector<std::string>& scopes, | |
| 103 int max_retries, | 111 int max_retries, |
| 104 GaiaOAuthClient::Delegate* delegate) { | 112 GaiaOAuthClient::Delegate* delegate) { |
| 105 DCHECK_EQ(request_type_, NO_PENDING_REQUEST); | 113 DCHECK_EQ(request_type_, NO_PENDING_REQUEST); |
| 106 request_type_ = REFRESH_TOKEN; | 114 request_type_ = REFRESH_TOKEN; |
| 107 std::string post_body = | 115 std::string post_body = |
| 108 "refresh_token=" + net::EscapeUrlEncodedData(refresh_token, true) + | 116 "refresh_token=" + net::EscapeUrlEncodedData(refresh_token, true) + |
| 109 "&client_id=" + net::EscapeUrlEncodedData(oauth_client_info.client_id, | 117 "&client_id=" + net::EscapeUrlEncodedData(oauth_client_info.client_id, |
| 110 true) + | 118 true) + |
| 111 "&client_secret=" + | 119 "&client_secret=" + |
| 112 net::EscapeUrlEncodedData(oauth_client_info.client_secret, true) + | 120 net::EscapeUrlEncodedData(oauth_client_info.client_secret, true) + |
| 113 "&grant_type=refresh_token"; | 121 "&grant_type=refresh_token"; |
| 114 MakeGaiaRequest(post_body, max_retries, delegate); | 122 |
| 123 if (!scopes.empty()) { | |
| 124 std::string scopes_string = JoinString(scopes, ' '); | |
| 125 post_body += "&scope=" + net::EscapeUrlEncodedData(scopes_string, true); | |
| 126 } | |
| 127 | |
| 128 MakeGaiaRequest(gaia_url_, post_body, max_retries, delegate); | |
| 129 } | |
| 130 | |
| 131 void GaiaOAuthClient::Core::GetTokenInfo(const std::string& oauth_access_token, | |
|
Mattias Nissler (ping if slow)
2013/06/17 05:34:17
Hm, shouldn't this logically be closer to GetUserI
David Roche
2013/06/18 04:12:08
I'm not sure I follow. Are you saying to keep the
| |
| 132 int max_retries, | |
| 133 Delegate* delegate) { | |
| 134 DCHECK_EQ(request_type_, NO_PENDING_REQUEST); | |
| 135 DCHECK(!request_.get()); | |
| 136 request_type_ = TOKEN_INFO; | |
| 137 std::string post_body = | |
| 138 "access_token=" + net::EscapeUrlEncodedData(oauth_access_token, true); | |
| 139 MakeGaiaRequest(GURL(GaiaUrls::GetInstance()->oauth2_token_info_url()), | |
| 140 post_body, | |
| 141 max_retries, | |
| 142 delegate); | |
| 115 } | 143 } |
| 116 | 144 |
| 117 void GaiaOAuthClient::Core::GetUserInfo(const std::string& oauth_access_token, | 145 void GaiaOAuthClient::Core::GetUserInfo(const std::string& oauth_access_token, |
| 118 int max_retries, | 146 int max_retries, |
| 119 Delegate* delegate) { | 147 Delegate* delegate) { |
| 120 DCHECK_EQ(request_type_, NO_PENDING_REQUEST); | 148 DCHECK_EQ(request_type_, NO_PENDING_REQUEST); |
| 121 DCHECK(!request_.get()); | 149 DCHECK(!request_.get()); |
| 122 request_type_ = USER_INFO; | 150 request_type_ = USER_INFO; |
| 123 delegate_ = delegate; | 151 delegate_ = delegate; |
| 124 num_retries_ = 0; | 152 num_retries_ = 0; |
| 125 request_.reset(net::URLFetcher::Create( | 153 request_.reset(net::URLFetcher::Create( |
| 126 0, GURL(GaiaUrls::GetInstance()->oauth_user_info_url()), | 154 0, GURL(GaiaUrls::GetInstance()->oauth_user_info_url()), |
| 127 net::URLFetcher::GET, this)); | 155 net::URLFetcher::GET, this)); |
| 128 request_->SetRequestContext(request_context_getter_.get()); | 156 request_->SetRequestContext(request_context_getter_.get()); |
| 129 request_->AddExtraRequestHeader("Authorization: OAuth " + oauth_access_token); | 157 request_->AddExtraRequestHeader("Authorization: OAuth " + oauth_access_token); |
| 130 request_->SetMaxRetriesOn5xx(max_retries); | 158 request_->SetMaxRetriesOn5xx(max_retries); |
| 131 // Fetchers are sometimes cancelled because a network change was detected, | 159 // Fetchers are sometimes cancelled because a network change was detected, |
| 132 // especially at startup and after sign-in on ChromeOS. Retrying once should | 160 // especially at startup and after sign-in on ChromeOS. Retrying once should |
| 133 // be enough in those cases; let the fetcher retry up to 3 times just in case. | 161 // be enough in those cases; let the fetcher retry up to 3 times just in case. |
| 134 // http://crbug.com/163710 | 162 // http://crbug.com/163710 |
| 135 request_->SetAutomaticallyRetryOnNetworkChanges(3); | 163 request_->SetAutomaticallyRetryOnNetworkChanges(3); |
| 136 request_->Start(); | 164 request_->Start(); |
| 137 } | 165 } |
| 138 | 166 |
| 139 void GaiaOAuthClient::Core::MakeGaiaRequest( | 167 void GaiaOAuthClient::Core::MakeGaiaRequest( |
| 168 const GURL& url, | |
| 140 const std::string& post_body, | 169 const std::string& post_body, |
| 141 int max_retries, | 170 int max_retries, |
| 142 GaiaOAuthClient::Delegate* delegate) { | 171 GaiaOAuthClient::Delegate* delegate) { |
| 143 DCHECK(!request_.get()) << "Tried to fetch two things at once!"; | 172 DCHECK(!request_.get()) << "Tried to fetch two things at once!"; |
| 144 delegate_ = delegate; | 173 delegate_ = delegate; |
| 145 num_retries_ = 0; | 174 num_retries_ = 0; |
| 146 request_.reset(net::URLFetcher::Create( | 175 request_.reset(net::URLFetcher::Create( |
| 147 0, gaia_url_, net::URLFetcher::POST, this)); | 176 0, url, net::URLFetcher::POST, this)); |
| 148 request_->SetRequestContext(request_context_getter_.get()); | 177 request_->SetRequestContext(request_context_getter_.get()); |
| 149 request_->SetUploadData("application/x-www-form-urlencoded", post_body); | 178 request_->SetUploadData("application/x-www-form-urlencoded", post_body); |
| 150 request_->SetMaxRetriesOn5xx(max_retries); | 179 request_->SetMaxRetriesOn5xx(max_retries); |
| 151 // See comment on SetAutomaticallyRetryOnNetworkChanges() above. | 180 // See comment on SetAutomaticallyRetryOnNetworkChanges() above. |
| 152 request_->SetAutomaticallyRetryOnNetworkChanges(3); | 181 request_->SetAutomaticallyRetryOnNetworkChanges(3); |
| 153 request_->Start(); | 182 request_->Start(); |
| 154 } | 183 } |
| 155 | 184 |
| 156 // URLFetcher::Delegate implementation. | 185 // URLFetcher::Delegate implementation. |
| 157 void GaiaOAuthClient::Core::OnURLFetchComplete( | 186 void GaiaOAuthClient::Core::OnURLFetchComplete( |
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 216 request_type_ = NO_PENDING_REQUEST; | 245 request_type_ = NO_PENDING_REQUEST; |
| 217 | 246 |
| 218 switch (type) { | 247 switch (type) { |
| 219 case USER_INFO: { | 248 case USER_INFO: { |
| 220 std::string email; | 249 std::string email; |
| 221 response_dict->GetString("email", &email); | 250 response_dict->GetString("email", &email); |
| 222 delegate_->OnGetUserInfoResponse(email); | 251 delegate_->OnGetUserInfoResponse(email); |
| 223 break; | 252 break; |
| 224 } | 253 } |
| 225 | 254 |
| 255 case TOKEN_INFO: { | |
| 256 delegate_->OnGetTokenInfoResponse(response_dict.Pass()); | |
| 257 break; | |
| 258 } | |
| 259 | |
| 226 case TOKENS_FROM_AUTH_CODE: | 260 case TOKENS_FROM_AUTH_CODE: |
| 227 case REFRESH_TOKEN: { | 261 case REFRESH_TOKEN: { |
| 228 std::string access_token; | 262 std::string access_token; |
| 229 std::string refresh_token; | 263 std::string refresh_token; |
| 230 int expires_in_seconds = 0; | 264 int expires_in_seconds = 0; |
| 231 response_dict->GetString(kAccessTokenValue, &access_token); | 265 response_dict->GetString(kAccessTokenValue, &access_token); |
| 232 response_dict->GetString(kRefreshTokenValue, &refresh_token); | 266 response_dict->GetString(kRefreshTokenValue, &refresh_token); |
| 233 response_dict->GetInteger(kExpiresInValue, &expires_in_seconds); | 267 response_dict->GetInteger(kExpiresInValue, &expires_in_seconds); |
| 234 | 268 |
| 235 if (access_token.empty()) { | 269 if (access_token.empty()) { |
| 236 delegate_->OnOAuthError(); | 270 delegate_->OnOAuthError(); |
| 237 return; | 271 return; |
| 238 } | 272 } |
| 239 | 273 |
| 240 if (type == REFRESH_TOKEN) { | 274 if (type == REFRESH_TOKEN) { |
| 241 delegate_->OnRefreshTokenResponse(access_token, expires_in_seconds); | 275 delegate_->OnRefreshTokenResponse(access_token, expires_in_seconds); |
| 242 } else { | 276 } else { |
| 243 delegate_->OnGetTokensResponse(refresh_token, | 277 delegate_->OnGetTokensResponse(refresh_token, |
| 244 access_token, | 278 access_token, |
| 245 expires_in_seconds); | 279 expires_in_seconds); |
| 246 } | 280 } |
| 247 break; | 281 break; |
| 248 } | 282 } |
| 249 | 283 |
| 250 default: | 284 default: |
| 251 NOTREACHED(); | 285 NOTREACHED(); |
| 252 } | 286 } |
| 253 } | 287 } |
| 254 | 288 |
| 289 // TODO: remove passed-in gaia_url? | |
|
Mattias Nissler (ping if slow)
2013/06/17 05:34:17
TODOs without owners/bugs are not worth much...
David Roche
2013/06/18 04:12:08
Oops, left that as a note to be cleaned up before
| |
| 255 GaiaOAuthClient::GaiaOAuthClient(const std::string& gaia_url, | 290 GaiaOAuthClient::GaiaOAuthClient(const std::string& gaia_url, |
| 256 net::URLRequestContextGetter* context_getter) { | 291 net::URLRequestContextGetter* context_getter) { |
| 257 core_ = new Core(gaia_url, context_getter); | 292 core_ = new Core(gaia_url, context_getter); |
| 258 } | 293 } |
| 259 | 294 |
| 260 GaiaOAuthClient::~GaiaOAuthClient() { | 295 GaiaOAuthClient::~GaiaOAuthClient() { |
| 261 } | 296 } |
| 262 | 297 |
| 263 void GaiaOAuthClient::GetTokensFromAuthCode( | 298 void GaiaOAuthClient::GetTokensFromAuthCode( |
| 264 const OAuthClientInfo& oauth_client_info, | 299 const OAuthClientInfo& oauth_client_info, |
| 265 const std::string& auth_code, | 300 const std::string& auth_code, |
| 266 int max_retries, | 301 int max_retries, |
| 267 Delegate* delegate) { | 302 Delegate* delegate) { |
| 268 return core_->GetTokensFromAuthCode(oauth_client_info, | 303 return core_->GetTokensFromAuthCode(oauth_client_info, |
| 269 auth_code, | 304 auth_code, |
| 270 max_retries, | 305 max_retries, |
| 271 delegate); | 306 delegate); |
| 272 } | 307 } |
| 273 | 308 |
| 274 void GaiaOAuthClient::RefreshToken(const OAuthClientInfo& oauth_client_info, | 309 void GaiaOAuthClient::RefreshToken( |
| 275 const std::string& refresh_token, | 310 const OAuthClientInfo& oauth_client_info, |
| 276 int max_retries, | 311 const std::string& refresh_token, |
| 277 Delegate* delegate) { | 312 const std::vector<std::string>& scopes, |
| 313 int max_retries, | |
| 314 Delegate* delegate) { | |
| 278 return core_->RefreshToken(oauth_client_info, | 315 return core_->RefreshToken(oauth_client_info, |
| 279 refresh_token, | 316 refresh_token, |
| 317 scopes, | |
| 280 max_retries, | 318 max_retries, |
| 281 delegate); | 319 delegate); |
| 282 } | 320 } |
| 283 | 321 |
| 284 void GaiaOAuthClient::GetUserInfo(const std::string& access_token, | 322 void GaiaOAuthClient::GetUserInfo(const std::string& access_token, |
| 285 int max_retries, | 323 int max_retries, |
| 286 Delegate* delegate) { | 324 Delegate* delegate) { |
| 287 return core_->GetUserInfo(access_token, max_retries, delegate); | 325 return core_->GetUserInfo(access_token, max_retries, delegate); |
| 288 } | 326 } |
| 289 | 327 |
| 328 void GaiaOAuthClient::GetTokenInfo(const std::string& access_token, | |
| 329 int max_retries, | |
| 330 Delegate* delegate) { | |
| 331 return core_->GetTokenInfo(access_token, max_retries, delegate); | |
| 332 } | |
| 333 | |
| 290 } // namespace gaia | 334 } // namespace gaia |
| OLD | NEW |
