OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/policy/policy_oauth2_token_fetcher.h" | 5 #include "chrome/browser/chromeos/policy/policy_oauth2_token_fetcher.h" |
6 | 6 |
| 7 #include <memory> |
7 #include <vector> | 8 #include <vector> |
8 | 9 |
9 #include "base/bind.h" | 10 #include "base/bind.h" |
10 #include "base/logging.h" | 11 #include "base/logging.h" |
| 12 #include "base/memory/weak_ptr.h" |
11 #include "base/strings/string_util.h" | 13 #include "base/strings/string_util.h" |
12 #include "content/public/browser/browser_thread.h" | 14 #include "content/public/browser/browser_thread.h" |
13 #include "google_apis/gaia/gaia_auth_fetcher.h" | 15 #include "google_apis/gaia/gaia_auth_fetcher.h" |
14 #include "google_apis/gaia/gaia_constants.h" | 16 #include "google_apis/gaia/gaia_constants.h" |
15 #include "google_apis/gaia/gaia_urls.h" | 17 #include "google_apis/gaia/gaia_urls.h" |
16 #include "google_apis/gaia/google_service_auth_error.h" | 18 #include "google_apis/gaia/google_service_auth_error.h" |
17 #include "google_apis/gaia/oauth2_access_token_fetcher_impl.h" | 19 #include "google_apis/gaia/oauth2_access_token_fetcher_impl.h" |
18 #include "net/url_request/url_request_context_getter.h" | 20 #include "net/url_request/url_request_context_getter.h" |
19 | 21 |
20 using content::BrowserThread; | 22 using content::BrowserThread; |
21 | 23 |
22 namespace policy { | 24 namespace policy { |
23 | 25 |
24 namespace { | 26 namespace { |
25 | 27 |
| 28 // If true, fake policy tokens will be sent instead of making network requests. |
| 29 bool use_fake_tokens_for_testing_ = false; |
| 30 |
26 // Max retry count for token fetching requests. | 31 // Max retry count for token fetching requests. |
27 const int kMaxRequestAttemptCount = 5; | 32 const int kMaxRequestAttemptCount = 5; |
28 | 33 |
29 // OAuth token request retry delay in milliseconds. | 34 // OAuth token request retry delay in milliseconds. |
30 const int kRequestRestartDelay = 3000; | 35 const int kRequestRestartDelay = 3000; |
31 | 36 |
32 } // namespace | 37 class PolicyOAuth2TokenFetcherImpl : public PolicyOAuth2TokenFetcher, |
| 38 public GaiaAuthConsumer, |
| 39 public OAuth2AccessTokenConsumer { |
| 40 public: |
| 41 PolicyOAuth2TokenFetcherImpl(); |
| 42 ~PolicyOAuth2TokenFetcherImpl() override; |
33 | 43 |
34 PolicyOAuth2TokenFetcher::PolicyOAuth2TokenFetcher() { | 44 private: |
35 } | 45 // PolicyOAuth2TokenFetcher overrides. |
| 46 void StartWithSigninContext( |
| 47 net::URLRequestContextGetter* auth_context_getter, |
| 48 net::URLRequestContextGetter* system_context_getter, |
| 49 const TokenCallback& callback) override; |
| 50 void StartWithAuthCode(const std::string& auth_code, |
| 51 net::URLRequestContextGetter* system_context_getter, |
| 52 const TokenCallback& callback) override; |
| 53 void StartWithRefreshToken( |
| 54 const std::string& oauth2_refresh_token, |
| 55 net::URLRequestContextGetter* system_context_getter, |
| 56 const TokenCallback& callback) override; |
36 | 57 |
37 PolicyOAuth2TokenFetcher::~PolicyOAuth2TokenFetcher() { | 58 // Returns true if we have previously attempted to fetch tokens with this |
38 } | 59 // class and failed. |
| 60 bool Failed() const override { return failed_; } |
39 | 61 |
40 void PolicyOAuth2TokenFetcher::StartWithSigninContext( | 62 const std::string& OAuth2RefreshToken() const override { |
| 63 return oauth2_refresh_token_; |
| 64 } |
| 65 const std::string& OAuth2AccessToken() const override { |
| 66 return oauth2_access_token_; |
| 67 } |
| 68 |
| 69 // GaiaAuthConsumer overrides. |
| 70 void OnClientOAuthSuccess( |
| 71 const GaiaAuthConsumer::ClientOAuthResult& oauth_tokens) override; |
| 72 void OnClientOAuthFailure(const GoogleServiceAuthError& error) override; |
| 73 |
| 74 // OAuth2AccessTokenConsumer overrides. |
| 75 void OnGetTokenSuccess(const std::string& access_token, |
| 76 const base::Time& expiration_time) override; |
| 77 void OnGetTokenFailure(const GoogleServiceAuthError& error) override; |
| 78 |
| 79 // Starts fetching OAuth2 refresh token. |
| 80 void StartFetchingRefreshToken(); |
| 81 |
| 82 // Starts fetching OAuth2 access token for the device management service. |
| 83 void StartFetchingAccessToken(); |
| 84 |
| 85 // Decides how to proceed on GAIA |error|. If the error looks temporary, |
| 86 // retries |task| until max retry count is reached. |
| 87 // If retry count runs out, or error condition is unrecoverable, it calls |
| 88 // Delegate::OnOAuth2TokenFetchFailed(). |
| 89 void RetryOnError(const GoogleServiceAuthError& error, |
| 90 const base::Closure& task); |
| 91 |
| 92 // Passes |token| and |error| to the |callback_|. |
| 93 void ForwardPolicyToken(const std::string& token, |
| 94 const GoogleServiceAuthError& error); |
| 95 |
| 96 // Auth code which is used to retreive a refresh token. |
| 97 std::string auth_code_; |
| 98 |
| 99 scoped_refptr<net::URLRequestContextGetter> auth_context_getter_; |
| 100 scoped_refptr<net::URLRequestContextGetter> system_context_getter_; |
| 101 std::unique_ptr<GaiaAuthFetcher> refresh_token_fetcher_; |
| 102 std::unique_ptr<OAuth2AccessTokenFetcher> access_token_fetcher_; |
| 103 |
| 104 // OAuth2 refresh token. Could come either from the outside or through |
| 105 // refresh token fetching flow within this class. |
| 106 std::string oauth2_refresh_token_; |
| 107 |
| 108 // OAuth2 access token. |
| 109 std::string oauth2_access_token_; |
| 110 |
| 111 // The retry counter. Increment this only when failure happened. |
| 112 int retry_count_ = 0; |
| 113 |
| 114 // True if we have already failed to fetch the policy. |
| 115 bool failed_ = false; |
| 116 |
| 117 // The callback to invoke when done. |
| 118 TokenCallback callback_; |
| 119 |
| 120 base::WeakPtrFactory<PolicyOAuth2TokenFetcherImpl> weak_ptr_factory_; |
| 121 |
| 122 DISALLOW_COPY_AND_ASSIGN(PolicyOAuth2TokenFetcherImpl); |
| 123 }; |
| 124 |
| 125 PolicyOAuth2TokenFetcherImpl::PolicyOAuth2TokenFetcherImpl() |
| 126 : weak_ptr_factory_(this) {} |
| 127 |
| 128 PolicyOAuth2TokenFetcherImpl::~PolicyOAuth2TokenFetcherImpl() {} |
| 129 |
| 130 void PolicyOAuth2TokenFetcherImpl::StartWithSigninContext( |
41 net::URLRequestContextGetter* auth_context_getter, | 131 net::URLRequestContextGetter* auth_context_getter, |
42 net::URLRequestContextGetter* system_context_getter, | 132 net::URLRequestContextGetter* system_context_getter, |
43 const TokenCallback& callback) { | 133 const TokenCallback& callback) { |
44 DCHECK(!refresh_token_fetcher_ && !access_token_fetcher_); | 134 DCHECK(!refresh_token_fetcher_ && !access_token_fetcher_); |
45 | 135 |
46 auth_context_getter_ = auth_context_getter; | 136 auth_context_getter_ = auth_context_getter; |
47 system_context_getter_ = system_context_getter; | 137 system_context_getter_ = system_context_getter; |
48 callback_ = callback; | 138 callback_ = callback; |
49 StartFetchingRefreshToken(); | 139 StartFetchingRefreshToken(); |
50 } | 140 } |
51 | 141 |
52 void PolicyOAuth2TokenFetcher::StartWithAuthCode( | 142 void PolicyOAuth2TokenFetcherImpl::StartWithAuthCode( |
53 const std::string& auth_code, | 143 const std::string& auth_code, |
54 net::URLRequestContextGetter* system_context_getter, | 144 net::URLRequestContextGetter* system_context_getter, |
55 const TokenCallback& callback) { | 145 const TokenCallback& callback) { |
56 DCHECK(!refresh_token_fetcher_ && !access_token_fetcher_); | 146 DCHECK(!refresh_token_fetcher_ && !access_token_fetcher_); |
57 | 147 |
58 auth_code_ = auth_code; | 148 auth_code_ = auth_code; |
59 system_context_getter_ = system_context_getter; | 149 system_context_getter_ = system_context_getter; |
60 callback_ = callback; | 150 callback_ = callback; |
61 StartFetchingRefreshToken(); | 151 StartFetchingRefreshToken(); |
62 } | 152 } |
63 | 153 |
64 void PolicyOAuth2TokenFetcher::StartWithRefreshToken( | 154 void PolicyOAuth2TokenFetcherImpl::StartWithRefreshToken( |
65 const std::string& oauth2_refresh_token, | 155 const std::string& oauth2_refresh_token, |
66 net::URLRequestContextGetter* system_context_getter, | 156 net::URLRequestContextGetter* system_context_getter, |
67 const TokenCallback& callback) { | 157 const TokenCallback& callback) { |
68 DCHECK(!refresh_token_fetcher_ && !access_token_fetcher_); | 158 DCHECK(!refresh_token_fetcher_ && !access_token_fetcher_); |
69 | 159 |
70 oauth2_refresh_token_ = oauth2_refresh_token; | 160 oauth2_refresh_token_ = oauth2_refresh_token; |
71 system_context_getter_ = system_context_getter; | 161 system_context_getter_ = system_context_getter; |
72 callback_ = callback; | 162 callback_ = callback; |
73 StartFetchingAccessToken(); | 163 StartFetchingAccessToken(); |
74 } | 164 } |
75 | 165 |
76 void PolicyOAuth2TokenFetcher::StartFetchingRefreshToken() { | 166 void PolicyOAuth2TokenFetcherImpl::StartFetchingRefreshToken() { |
77 if (auth_code_.empty()) { | 167 if (auth_code_.empty()) { |
78 refresh_token_fetcher_.reset(new GaiaAuthFetcher( | 168 refresh_token_fetcher_.reset(new GaiaAuthFetcher( |
79 this, GaiaConstants::kChromeSource, auth_context_getter_.get())); | 169 this, GaiaConstants::kChromeSource, auth_context_getter_.get())); |
80 refresh_token_fetcher_->StartCookieForOAuthLoginTokenExchange( | 170 refresh_token_fetcher_->StartCookieForOAuthLoginTokenExchange( |
81 std::string()); | 171 std::string()); |
82 } else { | 172 } else { |
83 refresh_token_fetcher_.reset(new GaiaAuthFetcher( | 173 refresh_token_fetcher_.reset(new GaiaAuthFetcher( |
84 this, GaiaConstants::kChromeSource, system_context_getter_.get())); | 174 this, GaiaConstants::kChromeSource, system_context_getter_.get())); |
85 refresh_token_fetcher_->StartAuthCodeForOAuth2TokenExchange(auth_code_); | 175 refresh_token_fetcher_->StartAuthCodeForOAuth2TokenExchange(auth_code_); |
86 } | 176 } |
87 } | 177 } |
88 | 178 |
89 void PolicyOAuth2TokenFetcher::StartFetchingAccessToken() { | 179 void PolicyOAuth2TokenFetcherImpl::StartFetchingAccessToken() { |
90 std::vector<std::string> scopes; | 180 std::vector<std::string> scopes; |
91 scopes.push_back(GaiaConstants::kDeviceManagementServiceOAuth); | 181 scopes.push_back(GaiaConstants::kDeviceManagementServiceOAuth); |
92 scopes.push_back(GaiaConstants::kOAuthWrapBridgeUserInfoScope); | 182 scopes.push_back(GaiaConstants::kOAuthWrapBridgeUserInfoScope); |
93 access_token_fetcher_.reset( | 183 access_token_fetcher_.reset( |
94 new OAuth2AccessTokenFetcherImpl(this, | 184 new OAuth2AccessTokenFetcherImpl(this, |
95 system_context_getter_.get(), | 185 system_context_getter_.get(), |
96 oauth2_refresh_token_)); | 186 oauth2_refresh_token_)); |
97 access_token_fetcher_->Start( | 187 access_token_fetcher_->Start( |
98 GaiaUrls::GetInstance()->oauth2_chrome_client_id(), | 188 GaiaUrls::GetInstance()->oauth2_chrome_client_id(), |
99 GaiaUrls::GetInstance()->oauth2_chrome_client_secret(), | 189 GaiaUrls::GetInstance()->oauth2_chrome_client_secret(), |
100 scopes); | 190 scopes); |
101 } | 191 } |
102 | 192 |
103 void PolicyOAuth2TokenFetcher::OnClientOAuthSuccess( | 193 void PolicyOAuth2TokenFetcherImpl::OnClientOAuthSuccess( |
104 const GaiaAuthConsumer::ClientOAuthResult& oauth2_tokens) { | 194 const GaiaAuthConsumer::ClientOAuthResult& oauth2_tokens) { |
105 VLOG(1) << "OAuth2 tokens for policy fetching succeeded."; | 195 VLOG(1) << "OAuth2 tokens for policy fetching succeeded."; |
106 oauth2_refresh_token_ = oauth2_tokens.refresh_token; | 196 oauth2_refresh_token_ = oauth2_tokens.refresh_token; |
107 retry_count_ = 0; | 197 retry_count_ = 0; |
108 StartFetchingAccessToken(); | 198 StartFetchingAccessToken(); |
109 } | 199 } |
110 | 200 |
111 void PolicyOAuth2TokenFetcher::OnClientOAuthFailure( | 201 void PolicyOAuth2TokenFetcherImpl::OnClientOAuthFailure( |
112 const GoogleServiceAuthError& error) { | 202 const GoogleServiceAuthError& error) { |
113 VLOG(1) << "OAuth2 tokens fetch for policy fetch failed! (error = " | 203 VLOG(1) << "OAuth2 tokens fetch for policy fetch failed! (error = " |
114 << error.state() << ")"; | 204 << error.state() << ")"; |
115 RetryOnError(error, | 205 RetryOnError( |
116 base::Bind(&PolicyOAuth2TokenFetcher::StartFetchingRefreshToken, | 206 error, |
117 AsWeakPtr())); | 207 base::Bind(&PolicyOAuth2TokenFetcherImpl::StartFetchingRefreshToken, |
| 208 weak_ptr_factory_.GetWeakPtr())); |
118 } | 209 } |
119 | 210 |
120 void PolicyOAuth2TokenFetcher::OnGetTokenSuccess( | 211 void PolicyOAuth2TokenFetcherImpl::OnGetTokenSuccess( |
121 const std::string& access_token, | 212 const std::string& access_token, |
122 const base::Time& expiration_time) { | 213 const base::Time& expiration_time) { |
123 VLOG(1) << "OAuth2 access token (device management) fetching succeeded."; | 214 VLOG(1) << "OAuth2 access token (device management) fetching succeeded."; |
124 oauth2_access_token_ = access_token; | 215 oauth2_access_token_ = access_token; |
125 ForwardPolicyToken(access_token, | 216 ForwardPolicyToken(access_token, |
126 GoogleServiceAuthError(GoogleServiceAuthError::NONE)); | 217 GoogleServiceAuthError(GoogleServiceAuthError::NONE)); |
127 } | 218 } |
128 | 219 |
129 void PolicyOAuth2TokenFetcher::OnGetTokenFailure( | 220 void PolicyOAuth2TokenFetcherImpl::OnGetTokenFailure( |
130 const GoogleServiceAuthError& error) { | 221 const GoogleServiceAuthError& error) { |
131 LOG(ERROR) << "OAuth2 access token (device management) fetching failed!"; | 222 LOG(ERROR) << "OAuth2 access token (device management) fetching failed!"; |
132 RetryOnError(error, | 223 RetryOnError( |
133 base::Bind(&PolicyOAuth2TokenFetcher::StartFetchingAccessToken, | 224 error, base::Bind(&PolicyOAuth2TokenFetcherImpl::StartFetchingAccessToken, |
134 AsWeakPtr())); | 225 weak_ptr_factory_.GetWeakPtr())); |
135 } | 226 } |
136 | 227 |
137 void PolicyOAuth2TokenFetcher::RetryOnError(const GoogleServiceAuthError& error, | 228 void PolicyOAuth2TokenFetcherImpl::RetryOnError( |
138 const base::Closure& task) { | 229 const GoogleServiceAuthError& error, |
| 230 const base::Closure& task) { |
139 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 231 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
140 if (error.IsTransientError() && retry_count_ < kMaxRequestAttemptCount) { | 232 if (error.IsTransientError() && retry_count_ < kMaxRequestAttemptCount) { |
141 retry_count_++; | 233 retry_count_++; |
142 BrowserThread::PostDelayedTask( | 234 BrowserThread::PostDelayedTask( |
143 BrowserThread::UI, FROM_HERE, task, | 235 BrowserThread::UI, FROM_HERE, task, |
144 base::TimeDelta::FromMilliseconds(kRequestRestartDelay)); | 236 base::TimeDelta::FromMilliseconds(kRequestRestartDelay)); |
145 return; | 237 return; |
146 } | 238 } |
147 LOG(ERROR) << "Unrecoverable error or retry count max reached."; | 239 LOG(ERROR) << "Unrecoverable error or retry count max reached."; |
148 failed_ = true; | 240 failed_ = true; |
149 // Invoking the |callback_| signals to the owner of this object that it has | 241 // Invoking the |callback_| signals to the owner of this object that it has |
150 // completed, and the owner may delete this object on the callback method. | 242 // completed, and the owner may delete this object on the callback method. |
151 // So don't rely on |this| still being valid after ForwardPolicyToken() | 243 // So don't rely on |this| still being valid after ForwardPolicyToken() |
152 // returns i.e. don't write to |failed_| or other fields. | 244 // returns i.e. don't write to |failed_| or other fields. |
153 ForwardPolicyToken(std::string(), error); | 245 ForwardPolicyToken(std::string(), error); |
154 } | 246 } |
155 | 247 |
156 void PolicyOAuth2TokenFetcher::ForwardPolicyToken( | 248 void PolicyOAuth2TokenFetcherImpl::ForwardPolicyToken( |
157 const std::string& token, | 249 const std::string& token, |
158 const GoogleServiceAuthError& error) { | 250 const GoogleServiceAuthError& error) { |
159 if (!callback_.is_null()) | 251 if (!callback_.is_null()) |
160 callback_.Run(token, error); | 252 callback_.Run(token, error); |
161 } | 253 } |
162 | 254 |
| 255 // Fake token fetcher that immediately returns tokens without making network |
| 256 // requests. |
| 257 class PolicyOAuth2TokenFetcherFake : public PolicyOAuth2TokenFetcher { |
| 258 public: |
| 259 PolicyOAuth2TokenFetcherFake() {} |
| 260 ~PolicyOAuth2TokenFetcherFake() override {} |
| 261 |
| 262 private: |
| 263 // PolicyOAuth2TokenFetcher overrides. |
| 264 void StartWithSigninContext( |
| 265 net::URLRequestContextGetter* auth_context_getter, |
| 266 net::URLRequestContextGetter* system_context_getter, |
| 267 const TokenCallback& callback) override { |
| 268 ForwardPolicyToken(callback); |
| 269 } |
| 270 |
| 271 void StartWithAuthCode(const std::string& auth_code, |
| 272 net::URLRequestContextGetter* system_context_getter, |
| 273 const TokenCallback& callback) override { |
| 274 ForwardPolicyToken(callback); |
| 275 } |
| 276 |
| 277 void StartWithRefreshToken( |
| 278 const std::string& oauth2_refresh_token, |
| 279 net::URLRequestContextGetter* system_context_getter, |
| 280 const TokenCallback& callback) override { |
| 281 ForwardPolicyToken(callback); |
| 282 } |
| 283 |
| 284 bool Failed() const override { return false; } |
| 285 const std::string& OAuth2RefreshToken() const override { |
| 286 return refresh_token_; |
| 287 } |
| 288 const std::string& OAuth2AccessToken() const override { |
| 289 return access_token_; |
| 290 } |
| 291 |
| 292 private: |
| 293 void ForwardPolicyToken(const TokenCallback& callback) { |
| 294 if (!callback.is_null()) |
| 295 callback.Run(access_token_, GoogleServiceAuthError::AuthErrorNone()); |
| 296 } |
| 297 |
| 298 const std::string refresh_token_ = "fake_refresh_token"; |
| 299 const std::string access_token_ = "fake_access_token"; |
| 300 |
| 301 DISALLOW_COPY_AND_ASSIGN(PolicyOAuth2TokenFetcherFake); |
| 302 }; |
| 303 |
| 304 } // namespace |
| 305 |
| 306 // static |
| 307 void PolicyOAuth2TokenFetcher::UseFakeTokensForTesting() { |
| 308 use_fake_tokens_for_testing_ = true; |
| 309 } |
| 310 |
| 311 // static |
| 312 PolicyOAuth2TokenFetcher* PolicyOAuth2TokenFetcher::CreateInstance() { |
| 313 if (use_fake_tokens_for_testing_) |
| 314 return new PolicyOAuth2TokenFetcherFake(); |
| 315 return new PolicyOAuth2TokenFetcherImpl(); |
| 316 } |
| 317 |
| 318 PolicyOAuth2TokenFetcher::PolicyOAuth2TokenFetcher() {} |
| 319 |
| 320 PolicyOAuth2TokenFetcher::~PolicyOAuth2TokenFetcher() {} |
| 321 |
163 } // namespace policy | 322 } // namespace policy |
OLD | NEW |