Chromium Code Reviews Chromium Code Reviews
Issue 1767443002:
Add enterprise enrollment support for fake users. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@lkgr| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/policy_oauth2_token_fetcher.h" | 5 #include "chrome/browser/chromeos/policy/policy_oauth2_token_fetcher.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "base/memory/weak_ptr.h" | |
| 11 #include "base/strings/string_util.h" | 12 #include "base/strings/string_util.h" |
| 12 #include "content/public/browser/browser_thread.h" | 13 #include "content/public/browser/browser_thread.h" |
| 13 #include "google_apis/gaia/gaia_auth_fetcher.h" | 14 #include "google_apis/gaia/gaia_auth_fetcher.h" |
| 14 #include "google_apis/gaia/gaia_constants.h" | 15 #include "google_apis/gaia/gaia_constants.h" |
| 15 #include "google_apis/gaia/gaia_urls.h" | 16 #include "google_apis/gaia/gaia_urls.h" |
| 16 #include "google_apis/gaia/google_service_auth_error.h" | 17 #include "google_apis/gaia/google_service_auth_error.h" |
| 17 #include "google_apis/gaia/oauth2_access_token_fetcher_impl.h" | 18 #include "google_apis/gaia/oauth2_access_token_fetcher_impl.h" |
| 18 #include "net/url_request/url_request_context_getter.h" | 19 #include "net/url_request/url_request_context_getter.h" |
| 19 | 20 |
| 20 using content::BrowserThread; | 21 using content::BrowserThread; |
| 21 | 22 |
| 22 namespace policy { | 23 namespace policy { |
| 23 | 24 |
| 24 namespace { | 25 namespace { |
| 25 | 26 |
| 27 // If true, fake policy tokens will be sent instead of making network requests. | |
| 28 bool use_fake_tokens_for_testing_ = false; | |
| 29 | |
| 26 // Max retry count for token fetching requests. | 30 // Max retry count for token fetching requests. |
| 27 const int kMaxRequestAttemptCount = 5; | 31 const int kMaxRequestAttemptCount = 5; |
| 28 | 32 |
| 29 // OAuth token request retry delay in milliseconds. | 33 // OAuth token request retry delay in milliseconds. |
| 30 const int kRequestRestartDelay = 3000; | 34 const int kRequestRestartDelay = 3000; |
| 31 | 35 |
| 32 } // namespace | 36 class PolicyOAuth2TokenFetcherImpl : public PolicyOAuth2TokenFetcher, |
| 37 public GaiaAuthConsumer, | |
| 38 public OAuth2AccessTokenConsumer { | |
| 39 public: | |
| 40 PolicyOAuth2TokenFetcherImpl(); | |
| 41 ~PolicyOAuth2TokenFetcherImpl() override; | |
| 33 | 42 |
| 34 PolicyOAuth2TokenFetcher::PolicyOAuth2TokenFetcher() { | 43 private: |
| 35 } | 44 // PolicyOAuth2TokenFetcher overrides. |
| 45 void StartWithSigninContext( | |
| 46 net::URLRequestContextGetter* auth_context_getter, | |
| 47 net::URLRequestContextGetter* system_context_getter, | |
| 48 const TokenCallback& callback) override; | |
| 49 void StartWithAuthCode(const std::string& auth_code, | |
| 50 net::URLRequestContextGetter* system_context_getter, | |
| 51 const TokenCallback& callback) override; | |
| 52 void StartWithRefreshToken( | |
| 53 const std::string& oauth2_refresh_token, | |
| 54 net::URLRequestContextGetter* system_context_getter, | |
| 55 const TokenCallback& callback) override; | |
| 36 | 56 |
| 37 PolicyOAuth2TokenFetcher::~PolicyOAuth2TokenFetcher() { | 57 // Returns true if we have previously attempted to fetch tokens with this |
| 38 } | 58 // class and failed. |
| 59 bool Failed() const override { return failed_; } | |
| 39 | 60 |
| 40 void PolicyOAuth2TokenFetcher::StartWithSigninContext( | 61 const std::string& OAuth2RefreshToken() const override { |
| 62 return oauth2_refresh_token_; | |
| 63 } | |
| 64 const std::string& OAuth2AccessToken() const override { | |
| 65 return oauth2_access_token_; | |
| 66 } | |
| 67 | |
| 68 // GaiaAuthConsumer overrides. | |
| 69 void OnClientOAuthSuccess( | |
| 70 const GaiaAuthConsumer::ClientOAuthResult& oauth_tokens) override; | |
| 71 void OnClientOAuthFailure(const GoogleServiceAuthError& error) override; | |
| 72 | |
| 73 // OAuth2AccessTokenConsumer overrides. | |
| 74 void OnGetTokenSuccess(const std::string& access_token, | |
| 75 const base::Time& expiration_time) override; | |
| 76 void OnGetTokenFailure(const GoogleServiceAuthError& error) override; | |
| 77 | |
| 78 // Starts fetching OAuth2 refresh token. | |
| 79 void StartFetchingRefreshToken(); | |
| 80 | |
| 81 // Starts fetching OAuth2 access token for the device management service. | |
| 82 void StartFetchingAccessToken(); | |
| 83 | |
| 84 // Decides how to proceed on GAIA |error|. If the error looks temporary, | |
| 85 // retries |task| until max retry count is reached. | |
| 86 // If retry count runs out, or error condition is unrecoverable, it calls | |
| 87 // Delegate::OnOAuth2TokenFetchFailed(). | |
| 88 void RetryOnError(const GoogleServiceAuthError& error, | |
| 89 const base::Closure& task); | |
| 90 | |
| 91 // Passes |token| and |error| to the |callback_|. | |
| 92 void ForwardPolicyToken(const std::string& token, | |
| 93 const GoogleServiceAuthError& error); | |
| 94 | |
| 95 // Auth code which is used to retreive a refresh token. | |
| 96 std::string auth_code_; | |
| 97 | |
| 98 scoped_refptr<net::URLRequestContextGetter> auth_context_getter_; | |
| 99 scoped_refptr<net::URLRequestContextGetter> system_context_getter_; | |
| 100 scoped_ptr<GaiaAuthFetcher> refresh_token_fetcher_; | |
| 101 scoped_ptr<OAuth2AccessTokenFetcher> access_token_fetcher_; | |
| 102 | |
| 103 // OAuth2 refresh token. Could come either from the outside or through | |
| 104 // refresh token fetching flow within this class. | |
| 105 std::string oauth2_refresh_token_; | |
| 106 | |
| 107 // OAuth2 access token. | |
| 108 std::string oauth2_access_token_; | |
| 109 | |
| 110 // The retry counter. Increment this only when failure happened. | |
| 111 int retry_count_ = 0; | |
| 112 | |
| 113 // True if we have already failed to fetch the policy. | |
| 114 bool failed_ = false; | |
| 115 | |
| 116 // The callback to invoke when done. | |
| 117 TokenCallback callback_; | |
| 118 | |
| 119 base::WeakPtrFactory<PolicyOAuth2TokenFetcherImpl> weak_ptr_factory_; | |
| 120 | |
| 121 DISALLOW_COPY_AND_ASSIGN(PolicyOAuth2TokenFetcherImpl); | |
| 122 }; | |
| 123 | |
| 124 PolicyOAuth2TokenFetcherImpl::PolicyOAuth2TokenFetcherImpl() | |
| 125 : weak_ptr_factory_(this) {} | |
| 126 | |
| 127 PolicyOAuth2TokenFetcherImpl::~PolicyOAuth2TokenFetcherImpl() {} | |
| 128 | |
| 129 void PolicyOAuth2TokenFetcherImpl::StartWithSigninContext( | |
| 41 net::URLRequestContextGetter* auth_context_getter, | 130 net::URLRequestContextGetter* auth_context_getter, |
| 42 net::URLRequestContextGetter* system_context_getter, | 131 net::URLRequestContextGetter* system_context_getter, |
| 43 const TokenCallback& callback) { | 132 const TokenCallback& callback) { |
| 44 DCHECK(!refresh_token_fetcher_ && !access_token_fetcher_); | 133 DCHECK(!refresh_token_fetcher_ && !access_token_fetcher_); |
| 45 | 134 |
| 46 auth_context_getter_ = auth_context_getter; | 135 auth_context_getter_ = auth_context_getter; |
| 47 system_context_getter_ = system_context_getter; | 136 system_context_getter_ = system_context_getter; |
| 48 callback_ = callback; | 137 callback_ = callback; |
| 49 StartFetchingRefreshToken(); | 138 StartFetchingRefreshToken(); |
| 50 } | 139 } |
| 51 | 140 |
| 52 void PolicyOAuth2TokenFetcher::StartWithAuthCode( | 141 void PolicyOAuth2TokenFetcherImpl::StartWithAuthCode( |
| 53 const std::string& auth_code, | 142 const std::string& auth_code, |
| 54 net::URLRequestContextGetter* system_context_getter, | 143 net::URLRequestContextGetter* system_context_getter, |
| 55 const TokenCallback& callback) { | 144 const TokenCallback& callback) { |
| 56 DCHECK(!refresh_token_fetcher_ && !access_token_fetcher_); | 145 DCHECK(!refresh_token_fetcher_ && !access_token_fetcher_); |
| 57 | 146 |
| 58 auth_code_ = auth_code; | 147 auth_code_ = auth_code; |
| 59 system_context_getter_ = system_context_getter; | 148 system_context_getter_ = system_context_getter; |
| 60 callback_ = callback; | 149 callback_ = callback; |
| 61 StartFetchingRefreshToken(); | 150 StartFetchingRefreshToken(); |
| 62 } | 151 } |
| 63 | 152 |
| 64 void PolicyOAuth2TokenFetcher::StartWithRefreshToken( | 153 void PolicyOAuth2TokenFetcherImpl::StartWithRefreshToken( |
| 65 const std::string& oauth2_refresh_token, | 154 const std::string& oauth2_refresh_token, |
| 66 net::URLRequestContextGetter* system_context_getter, | 155 net::URLRequestContextGetter* system_context_getter, |
| 67 const TokenCallback& callback) { | 156 const TokenCallback& callback) { |
| 68 DCHECK(!refresh_token_fetcher_ && !access_token_fetcher_); | 157 DCHECK(!refresh_token_fetcher_ && !access_token_fetcher_); |
| 69 | 158 |
| 70 oauth2_refresh_token_ = oauth2_refresh_token; | 159 oauth2_refresh_token_ = oauth2_refresh_token; |
| 71 system_context_getter_ = system_context_getter; | 160 system_context_getter_ = system_context_getter; |
| 72 callback_ = callback; | 161 callback_ = callback; |
| 73 StartFetchingAccessToken(); | 162 StartFetchingAccessToken(); |
| 74 } | 163 } |
| 75 | 164 |
| 76 void PolicyOAuth2TokenFetcher::StartFetchingRefreshToken() { | 165 void PolicyOAuth2TokenFetcherImpl::StartFetchingRefreshToken() { |
| 77 if (auth_code_.empty()) { | 166 if (auth_code_.empty()) { |
| 78 refresh_token_fetcher_.reset(new GaiaAuthFetcher( | 167 refresh_token_fetcher_.reset(new GaiaAuthFetcher( |
| 79 this, GaiaConstants::kChromeSource, auth_context_getter_.get())); | 168 this, GaiaConstants::kChromeSource, auth_context_getter_.get())); |
| 80 refresh_token_fetcher_->StartCookieForOAuthLoginTokenExchange( | 169 refresh_token_fetcher_->StartCookieForOAuthLoginTokenExchange( |
| 81 std::string()); | 170 std::string()); |
| 82 } else { | 171 } else { |
| 83 refresh_token_fetcher_.reset(new GaiaAuthFetcher( | 172 refresh_token_fetcher_.reset(new GaiaAuthFetcher( |
| 84 this, GaiaConstants::kChromeSource, system_context_getter_.get())); | 173 this, GaiaConstants::kChromeSource, system_context_getter_.get())); |
| 85 refresh_token_fetcher_->StartAuthCodeForOAuth2TokenExchange(auth_code_); | 174 refresh_token_fetcher_->StartAuthCodeForOAuth2TokenExchange(auth_code_); |
| 86 } | 175 } |
| 87 } | 176 } |
| 88 | 177 |
| 89 void PolicyOAuth2TokenFetcher::StartFetchingAccessToken() { | 178 void PolicyOAuth2TokenFetcherImpl::StartFetchingAccessToken() { |
| 90 std::vector<std::string> scopes; | 179 std::vector<std::string> scopes; |
| 91 scopes.push_back(GaiaConstants::kDeviceManagementServiceOAuth); | 180 scopes.push_back(GaiaConstants::kDeviceManagementServiceOAuth); |
| 92 scopes.push_back(GaiaConstants::kOAuthWrapBridgeUserInfoScope); | 181 scopes.push_back(GaiaConstants::kOAuthWrapBridgeUserInfoScope); |
| 93 access_token_fetcher_.reset( | 182 access_token_fetcher_.reset( |
| 94 new OAuth2AccessTokenFetcherImpl(this, | 183 new OAuth2AccessTokenFetcherImpl(this, |
| 95 system_context_getter_.get(), | 184 system_context_getter_.get(), |
| 96 oauth2_refresh_token_)); | 185 oauth2_refresh_token_)); |
| 97 access_token_fetcher_->Start( | 186 access_token_fetcher_->Start( |
| 98 GaiaUrls::GetInstance()->oauth2_chrome_client_id(), | 187 GaiaUrls::GetInstance()->oauth2_chrome_client_id(), |
| 99 GaiaUrls::GetInstance()->oauth2_chrome_client_secret(), | 188 GaiaUrls::GetInstance()->oauth2_chrome_client_secret(), |
| 100 scopes); | 189 scopes); |
| 101 } | 190 } |
| 102 | 191 |
| 103 void PolicyOAuth2TokenFetcher::OnClientOAuthSuccess( | 192 void PolicyOAuth2TokenFetcherImpl::OnClientOAuthSuccess( |
| 104 const GaiaAuthConsumer::ClientOAuthResult& oauth2_tokens) { | 193 const GaiaAuthConsumer::ClientOAuthResult& oauth2_tokens) { |
| 105 VLOG(1) << "OAuth2 tokens for policy fetching succeeded."; | 194 VLOG(1) << "OAuth2 tokens for policy fetching succeeded."; |
| 106 oauth2_refresh_token_ = oauth2_tokens.refresh_token; | 195 oauth2_refresh_token_ = oauth2_tokens.refresh_token; |
| 107 retry_count_ = 0; | 196 retry_count_ = 0; |
| 108 StartFetchingAccessToken(); | 197 StartFetchingAccessToken(); |
| 109 } | 198 } |
| 110 | 199 |
| 111 void PolicyOAuth2TokenFetcher::OnClientOAuthFailure( | 200 void PolicyOAuth2TokenFetcherImpl::OnClientOAuthFailure( |
| 112 const GoogleServiceAuthError& error) { | 201 const GoogleServiceAuthError& error) { |
| 113 VLOG(1) << "OAuth2 tokens fetch for policy fetch failed! (error = " | 202 VLOG(1) << "OAuth2 tokens fetch for policy fetch failed! (error = " |
| 114 << error.state() << ")"; | 203 << error.state() << ")"; |
| 115 RetryOnError(error, | 204 RetryOnError( |
| 116 base::Bind(&PolicyOAuth2TokenFetcher::StartFetchingRefreshToken, | 205 error, |
| 117 AsWeakPtr())); | 206 base::Bind(&PolicyOAuth2TokenFetcherImpl::StartFetchingRefreshToken, |
| 207 weak_ptr_factory_.GetWeakPtr())); | |
| 118 } | 208 } |
| 119 | 209 |
| 120 void PolicyOAuth2TokenFetcher::OnGetTokenSuccess( | 210 void PolicyOAuth2TokenFetcherImpl::OnGetTokenSuccess( |
| 121 const std::string& access_token, | 211 const std::string& access_token, |
| 122 const base::Time& expiration_time) { | 212 const base::Time& expiration_time) { |
| 123 VLOG(1) << "OAuth2 access token (device management) fetching succeeded."; | 213 VLOG(1) << "OAuth2 access token (device management) fetching succeeded."; |
| 124 oauth2_access_token_ = access_token; | 214 oauth2_access_token_ = access_token; |
| 125 ForwardPolicyToken(access_token, | 215 ForwardPolicyToken(access_token, |
| 126 GoogleServiceAuthError(GoogleServiceAuthError::NONE)); | 216 GoogleServiceAuthError(GoogleServiceAuthError::NONE)); |
| 127 } | 217 } |
| 128 | 218 |
| 129 void PolicyOAuth2TokenFetcher::OnGetTokenFailure( | 219 void PolicyOAuth2TokenFetcherImpl::OnGetTokenFailure( |
| 130 const GoogleServiceAuthError& error) { | 220 const GoogleServiceAuthError& error) { |
| 131 LOG(ERROR) << "OAuth2 access token (device management) fetching failed!"; | 221 LOG(ERROR) << "OAuth2 access token (device management) fetching failed!"; |
| 132 RetryOnError(error, | 222 RetryOnError( |
| 133 base::Bind(&PolicyOAuth2TokenFetcher::StartFetchingAccessToken, | 223 error, base::Bind(&PolicyOAuth2TokenFetcherImpl::StartFetchingAccessToken, |
| 134 AsWeakPtr())); | 224 weak_ptr_factory_.GetWeakPtr())); |
| 135 } | 225 } |
| 136 | 226 |
| 137 void PolicyOAuth2TokenFetcher::RetryOnError(const GoogleServiceAuthError& error, | 227 void PolicyOAuth2TokenFetcherImpl::RetryOnError( |
| 138 const base::Closure& task) { | 228 const GoogleServiceAuthError& error, |
| 229 const base::Closure& task) { | |
| 139 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 230 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 140 if (error.IsTransientError() && retry_count_ < kMaxRequestAttemptCount) { | 231 if (error.IsTransientError() && retry_count_ < kMaxRequestAttemptCount) { |
| 141 retry_count_++; | 232 retry_count_++; |
| 142 BrowserThread::PostDelayedTask( | 233 BrowserThread::PostDelayedTask( |
| 143 BrowserThread::UI, FROM_HERE, task, | 234 BrowserThread::UI, FROM_HERE, task, |
| 144 base::TimeDelta::FromMilliseconds(kRequestRestartDelay)); | 235 base::TimeDelta::FromMilliseconds(kRequestRestartDelay)); |
| 145 return; | 236 return; |
| 146 } | 237 } |
| 147 LOG(ERROR) << "Unrecoverable error or retry count max reached."; | 238 LOG(ERROR) << "Unrecoverable error or retry count max reached."; |
| 148 failed_ = true; | 239 failed_ = true; |
| 149 // Invoking the |callback_| signals to the owner of this object that it has | 240 // Invoking the |callback_| signals to the owner of this object that it has |
| 150 // completed, and the owner may delete this object on the callback method. | 241 // completed, and the owner may delete this object on the callback method. |
| 151 // So don't rely on |this| still being valid after ForwardPolicyToken() | 242 // So don't rely on |this| still being valid after ForwardPolicyToken() |
| 152 // returns i.e. don't write to |failed_| or other fields. | 243 // returns i.e. don't write to |failed_| or other fields. |
| 153 ForwardPolicyToken(std::string(), error); | 244 ForwardPolicyToken(std::string(), error); |
| 154 } | 245 } |
| 155 | 246 |
| 156 void PolicyOAuth2TokenFetcher::ForwardPolicyToken( | 247 void PolicyOAuth2TokenFetcherImpl::ForwardPolicyToken( |
| 157 const std::string& token, | 248 const std::string& token, |
| 158 const GoogleServiceAuthError& error) { | 249 const GoogleServiceAuthError& error) { |
| 159 if (!callback_.is_null()) | 250 if (!callback_.is_null()) |
| 160 callback_.Run(token, error); | 251 callback_.Run(token, error); |
| 161 } | 252 } |
| 162 | 253 |
| 254 // Fake token fetcher that immediately returns tokens without making network | |
| 255 // requests. | |
| 256 class PolicyOAuth2TokenFetcherFake : public PolicyOAuth2TokenFetcher { | |
| 257 public: | |
| 258 PolicyOAuth2TokenFetcherFake() {} | |
| 259 ~PolicyOAuth2TokenFetcherFake() override {} | |
| 260 | |
| 261 private: | |
| 262 // PolicyOAuth2TokenFetcher overrides. | |
| 263 void StartWithSigninContext( | |
| 264 net::URLRequestContextGetter* auth_context_getter, | |
| 265 net::URLRequestContextGetter* system_context_getter, | |
| 266 const TokenCallback& callback) override { | |
| 267 ForwardPolicyToken(callback); | |
| 268 } | |
| 269 | |
| 270 void StartWithAuthCode(const std::string& auth_code, | |
| 271 net::URLRequestContextGetter* system_context_getter, | |
| 272 const TokenCallback& callback) override { | |
| 273 ForwardPolicyToken(callback); | |
| 274 } | |
| 275 | |
| 276 void StartWithRefreshToken( | |
| 277 const std::string& oauth2_refresh_token, | |
| 278 net::URLRequestContextGetter* system_context_getter, | |
| 279 const TokenCallback& callback) override { | |
| 280 ForwardPolicyToken(callback); | |
| 281 } | |
| 282 | |
| 283 bool Failed() const override { return false; } | |
| 284 const std::string& OAuth2RefreshToken() const override { | |
| 285 return refresh_token_; | |
| 286 } | |
| 287 const std::string& OAuth2AccessToken() const override { | |
| 288 return access_token_; | |
| 289 } | |
| 290 | |
| 291 private: | |
| 292 void ForwardPolicyToken(const TokenCallback& callback) { | |
| 293 if (!callback.is_null()) | |
| 294 callback.Run(access_token_, GoogleServiceAuthError::AuthErrorNone()); | |
| 295 } | |
| 296 | |
| 297 std::string refresh_token_ = "fake_refresh_token"; | |
| 298 std::string access_token_ = "fake_access_token"; | |
|
achuithb
2016/03/08 22:13:26
make both const
jdufault
2016/03/18 17:38:20
Done.
| |
| 299 | |
| 300 DISALLOW_COPY_AND_ASSIGN(PolicyOAuth2TokenFetcherFake); | |
| 301 }; | |
| 302 | |
| 303 } // namespace | |
| 304 | |
| 305 // static | |
| 306 void PolicyOAuth2TokenFetcher::UseFakeTokensForTesting() { | |
| 307 use_fake_tokens_for_testing_ = true; | |
| 308 } | |
| 309 | |
| 310 // static | |
| 311 PolicyOAuth2TokenFetcher* PolicyOAuth2TokenFetcher::CreateInstance() { | |
| 312 if (use_fake_tokens_for_testing_) | |
| 313 return new PolicyOAuth2TokenFetcherFake(); | |
| 314 return new PolicyOAuth2TokenFetcherImpl(); | |
| 315 } | |
| 316 | |
| 317 PolicyOAuth2TokenFetcher::PolicyOAuth2TokenFetcher() {} | |
| 318 | |
| 319 PolicyOAuth2TokenFetcher::~PolicyOAuth2TokenFetcher() {} | |
| 320 | |
| 163 } // namespace policy | 321 } // namespace policy |
| OLD | NEW |
