Device robot refresh token integrity validation.

chrome/browser/signin/oauth2_token_service.h

 // Copyright 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_SIGNIN_OAUTH2_TOKEN_SERVICE_H_
 #define CHROME_BROWSER_SIGNIN_OAUTH2_TOKEN_SERVICE_H_
 
 #include <map>
 #include <set>
 #include <string>
@@ skipping 69 matching lines @@
 
   // Checks in the cache for a valid access token, and if not found starts
   // a request for an OAuth2 access token using the OAuth2 refresh token
   // maintained by this instance. The caller owns the returned Request.
   // |scopes| is the set of scopes to get an access token for, |consumer| is
   // the object that will be called back with results if the returned request
   // is not deleted.
   virtual scoped_ptr<Request> StartRequest(const ScopeSet& scopes,
                                            Consumer* consumer);
 
-  // Returns true if a refresh token exists. If false, calls to
-  // |StartRequest| will result in a Consumer::OnGetTokenFailure callback.
-  bool RefreshTokenIsAvailable();
-
   // Mark an OAuth2 access token as invalid. This should be done if the token
   // was received from this class, but was not accepted by the server (e.g.,
   // the server returned 401 Unauthorized). The token will be removed from the
   // cache for the given scopes.
   virtual void InvalidateToken(const ScopeSet& scopes,
                                const std::string& invalid_token);
 
   // Return the current number of entries in the cache.
   int cache_size_for_testing() const;
+  void set_max_authorization_token_fetch_retries_for_testing(int max_retries);

[Andrew T Wilson (Slow), 2013/06/20 17:47:28]

can we inject this in the constructor instead and pass that along to the
Fetcher?

[David Roche, 2013/06/20 18:17:18]

Passing this to the constructor would require plumbing it through to all the
subclass implementations and the factories that create them:

DeviceOAuth2TokenService
DeviceOAuth2TokenServiceFactory
ProfileOAuth2TokenService
ProfileOAuth2TokenServiceFactory
AndroidProfileOAuth2TokenService

Since this was only for test purposes, I was inclined to keep this as a simple
*_for_testing method rather that impacting all those classes.  WDYT?

 
  protected:
+  // Implements a cancelable |OAuth2TokenService::Request|, which should be
+  // operated on the UI thread.
+  class RequestImpl : public base::SupportsWeakPtr<RequestImpl>,

[Andrew T Wilson (Slow), 2013/06/20 17:47:28]

This is fine, but I wonder now if it's time to move this into a separate header
file rather than in this public file.

[David Roche, 2013/06/20 18:17:18]

Ideally this would just be hidden, since it's an impl detail of this class.  I
could do that now, but I need to work cancellable requests into
DeviceOAuth2TokenService, which may call for this to be exposed to subclasses. 
I'll take a note to resolve this one way or the other when I'm making that
change.

+                      public Request {
+   public:
+    // |consumer| is required to outlive this.
+    explicit RequestImpl(Consumer* consumer);
+    virtual ~RequestImpl();
+
+    // Informs |consumer_| that this request is completed.
+    void InformConsumer(const GoogleServiceAuthError& error,
+                        const std::string& access_token,
+                        const base::Time& expiration_date);
+
+   private:
+    // |consumer_| to call back when this request completes.
+    Consumer* const consumer_;
+  };
+
   // Subclasses should return the refresh token maintained.
   // If no token is available, return an empty string.
   virtual std::string GetRefreshToken() = 0;
 
   // Subclasses can override if they want to report errors to the user.
   virtual void UpdateAuthError(const GoogleServiceAuthError& error);
 
   // Add a new entry to the cache.
   // Subclasses can override if there are implementation-specific reasons
   // that an access token should ever not be cached.
   virtual void RegisterCacheEntry(const std::string& refresh_token,
                                   const ScopeSet& scopes,
                                   const std::string& access_token,
                                   const base::Time& expiration_date);
 
   // Returns true if GetCacheEntry would return a valid cache entry for the
   // given scopes.
   bool HasCacheEntry(const ScopeSet& scopes);
 
-  // Posts a task to fire the Consumer callback with the cached token.  Must
-  // only be called if HasCacheEntry() returns true.
+  // Posts a task to fetch the cached token for the given in-flight Request.
+  // Must only be called if HasCacheEntry() returns true.
   scoped_ptr<Request> StartCacheLookupRequest(const ScopeSet& scopes,
-                                              Consumer* consumer);
+                                              scoped_ptr<RequestImpl> request);
 
   // Clears the internal token cache.
   void ClearCache();
 
-  // Implements a cancelable |OAuth2TokenService::Request|, which should be
-  // operated on the UI thread.
-  class RequestImpl : public base::SupportsWeakPtr<RequestImpl>,
-                      public Request {
-   public:
-    // |consumer| is required to outlive this.
-    explicit RequestImpl(Consumer* consumer);
-    virtual ~RequestImpl();
-
-    // Informs |consumer_| that this request is completed.
-    void InformConsumer(const GoogleServiceAuthError& error,
-                        const std::string& access_token,
-                        const base::Time& expiration_date);
-
-   private:
-    // |consumer_| to call back when this request completes.
-    Consumer* const consumer_;
-  };
-
  private:
   // Class that fetches an OAuth2 access token for a given set of scopes and
   // OAuth2 refresh token.
   class Fetcher;
   friend class Fetcher;
 
   // Struct that contains the information of an OAuth2 access token.
   struct CacheEntry {
     std::string access_token;
     base::Time expiration_date;
@@ skipping 21 matching lines @@
   // The cache of currently valid tokens.
   typedef std::map<ScopeSet, CacheEntry> TokenCache;
   TokenCache token_cache_;
 
   // The parameters (refresh token and scope set) used to fetch an OAuth2 access
   // token.
   typedef std::pair<std::string, ScopeSet> FetchParameters;
   // A map from fetch parameters to a fetcher that is fetching an OAuth2 access
   // token using these parameters.
   std::map<FetchParameters, Fetcher*> pending_fetchers_;
+  // Maximum number of retries in fetching an OAuth2 access token.
+  static int max_fetch_retry_num_;
 
   DISALLOW_COPY_AND_ASSIGN(OAuth2TokenService);
 };
 
 #endif  // CHROME_BROWSER_SIGNIN_OAUTH2_TOKEN_SERVICE_H_