| OLD | NEW |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/invalidation/ticl_invalidation_service.h" | 5 #include "chrome/browser/invalidation/ticl_invalidation_service.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/metrics/histogram.h" | 8 #include "base/metrics/histogram.h" |
| 9 #include "chrome/browser/invalidation/gcm_invalidation_bridge.h" | 9 #include "chrome/browser/invalidation/gcm_invalidation_bridge.h" |
| 10 #include "chrome/browser/invalidation/invalidation_auth_provider.h" |
| 10 #include "chrome/browser/invalidation/invalidation_logger.h" | 11 #include "chrome/browser/invalidation/invalidation_logger.h" |
| 11 #include "chrome/browser/invalidation/invalidation_service_util.h" | 12 #include "chrome/browser/invalidation/invalidation_service_util.h" |
| 12 #include "chrome/browser/profiles/profile.h" | 13 #include "chrome/browser/profiles/profile.h" |
| 13 #include "chrome/browser/signin/about_signin_internals.h" | 14 #include "chrome/browser/services/gcm/gcm_profile_service_factory.h" |
| 14 #include "chrome/browser/signin/about_signin_internals_factory.h" | |
| 15 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h" | |
| 16 #include "chrome/common/chrome_content_client.h" | 15 #include "chrome/common/chrome_content_client.h" |
| 17 #include "components/signin/core/profile_oauth2_token_service.h" | 16 #include "components/signin/core/profile_oauth2_token_service.h" |
| 18 #include "google_apis/gaia/gaia_constants.h" | 17 #include "google_apis/gaia/gaia_constants.h" |
| 19 #include "sync/notifier/gcm_network_channel_delegate.h" | 18 #include "sync/notifier/gcm_network_channel_delegate.h" |
| 20 #include "sync/notifier/invalidation_util.h" | 19 #include "sync/notifier/invalidation_util.h" |
| 21 #include "sync/notifier/invalidator.h" | 20 #include "sync/notifier/invalidator.h" |
| 22 #include "sync/notifier/invalidator_state.h" | 21 #include "sync/notifier/invalidator_state.h" |
| 23 #include "sync/notifier/non_blocking_invalidator.h" | 22 #include "sync/notifier/non_blocking_invalidator.h" |
| 24 #include "sync/notifier/object_id_invalidation_map.h" | 23 #include "sync/notifier/object_id_invalidation_map.h" |
| 25 | 24 |
| (...skipping 25 matching lines...) Expand all Loading... |
| 51 // has no significant state, -1 to never discard. | 50 // has no significant state, -1 to never discard. |
| 52 -1, | 51 -1, |
| 53 | 52 |
| 54 // Don't use initial delay unless the last request was an error. | 53 // Don't use initial delay unless the last request was an error. |
| 55 false, | 54 false, |
| 56 }; | 55 }; |
| 57 | 56 |
| 58 namespace invalidation { | 57 namespace invalidation { |
| 59 | 58 |
| 60 TiclInvalidationService::TiclInvalidationService( | 59 TiclInvalidationService::TiclInvalidationService( |
| 61 SigninManagerBase* signin, | 60 scoped_ptr<InvalidationAuthProvider> auth_provider, |
| 62 ProfileOAuth2TokenService* oauth2_token_service, | |
| 63 Profile* profile) | 61 Profile* profile) |
| 64 : OAuth2TokenService::Consumer("ticl_invalidation"), | 62 : OAuth2TokenService::Consumer("ticl_invalidation"), |
| 65 profile_(profile), | 63 profile_(profile), |
| 66 signin_manager_(signin), | 64 auth_provider_(auth_provider.Pass()), |
| 67 oauth2_token_service_(oauth2_token_service), | |
| 68 invalidator_registrar_(new syncer::InvalidatorRegistrar()), | 65 invalidator_registrar_(new syncer::InvalidatorRegistrar()), |
| 69 request_access_token_backoff_(&kRequestAccessTokenBackoffPolicy), | 66 request_access_token_backoff_(&kRequestAccessTokenBackoffPolicy), |
| 70 logger_() {} | 67 logger_() {} |
| 71 | 68 |
| 72 TiclInvalidationService::~TiclInvalidationService() { | 69 TiclInvalidationService::~TiclInvalidationService() { |
| 73 DCHECK(CalledOnValidThread()); | 70 DCHECK(CalledOnValidThread()); |
| 74 } | 71 } |
| 75 | 72 |
| 76 void TiclInvalidationService::Init() { | 73 void TiclInvalidationService::Init() { |
| 77 DCHECK(CalledOnValidThread()); | 74 DCHECK(CalledOnValidThread()); |
| 78 | 75 |
| 79 invalidator_storage_.reset(new InvalidatorStorage(profile_->GetPrefs())); | 76 invalidator_storage_.reset(new InvalidatorStorage(profile_->GetPrefs())); |
| 80 if (invalidator_storage_->GetInvalidatorClientId().empty()) { | 77 if (invalidator_storage_->GetInvalidatorClientId().empty()) { |
| 81 // This also clears any existing state. We can't reuse old invalidator | 78 // This also clears any existing state. We can't reuse old invalidator |
| 82 // state with the new ID anyway. | 79 // state with the new ID anyway. |
| 83 invalidator_storage_->SetInvalidatorClientId(GenerateInvalidatorClientId()); | 80 invalidator_storage_->SetInvalidatorClientId(GenerateInvalidatorClientId()); |
| 84 } | 81 } |
| 85 | 82 |
| 86 if (IsReadyToStart()) { | 83 if (IsReadyToStart()) { |
| 87 StartInvalidator(PUSH_CLIENT_CHANNEL); | 84 StartInvalidator(PUSH_CLIENT_CHANNEL); |
| 88 } | 85 } |
| 89 | 86 |
| 90 SigninManagerBase* signin_manager = | 87 auth_provider_->AddObserver(this); |
| 91 SigninManagerFactory::GetForProfile(profile_); | 88 auth_provider_->GetTokenService()->AddObserver(this); |
| 92 signin_manager->AddObserver(this); | |
| 93 | |
| 94 oauth2_token_service_->AddObserver(this); | |
| 95 } | 89 } |
| 96 | 90 |
| 97 void TiclInvalidationService::InitForTest(syncer::Invalidator* invalidator) { | 91 void TiclInvalidationService::InitForTest(syncer::Invalidator* invalidator) { |
| 98 // Here we perform the equivalent of Init() and StartInvalidator(), but with | 92 // Here we perform the equivalent of Init() and StartInvalidator(), but with |
| 99 // some minor changes to account for the fact that we're injecting the | 93 // some minor changes to account for the fact that we're injecting the |
| 100 // invalidator. | 94 // invalidator. |
| 101 invalidator_.reset(invalidator); | 95 invalidator_.reset(invalidator); |
| 102 | 96 |
| 103 invalidator_->RegisterHandler(this); | 97 invalidator_->RegisterHandler(this); |
| 104 invalidator_->UpdateRegisteredIds( | 98 invalidator_->UpdateRegisteredIds( |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 155 | 149 |
| 156 std::string TiclInvalidationService::GetInvalidatorClientId() const { | 150 std::string TiclInvalidationService::GetInvalidatorClientId() const { |
| 157 DCHECK(CalledOnValidThread()); | 151 DCHECK(CalledOnValidThread()); |
| 158 return invalidator_storage_->GetInvalidatorClientId(); | 152 return invalidator_storage_->GetInvalidatorClientId(); |
| 159 } | 153 } |
| 160 | 154 |
| 161 InvalidationLogger* TiclInvalidationService::GetInvalidationLogger() { | 155 InvalidationLogger* TiclInvalidationService::GetInvalidationLogger() { |
| 162 return &logger_; | 156 return &logger_; |
| 163 } | 157 } |
| 164 | 158 |
| 165 void TiclInvalidationService::GoogleSignedOut(const std::string& username) { | 159 InvalidationAuthProvider* |
| 166 DCHECK(CalledOnValidThread()); | 160 TiclInvalidationService::GetInvalidationAuthProvider() { |
| 167 Logout(); | 161 return auth_provider_.get(); |
| 168 } | 162 } |
| 169 | 163 |
| 170 void TiclInvalidationService::RequestDetailedStatus( | 164 void TiclInvalidationService::RequestDetailedStatus( |
| 171 base::Callback<void(const base::DictionaryValue&)> return_callback) { | 165 base::Callback<void(const base::DictionaryValue&)> return_callback) { |
| 172 return_callback.Run(network_channel_options_); | 166 return_callback.Run(network_channel_options_); |
| 173 invalidator_->RequestDetailedStatus(return_callback); | 167 invalidator_->RequestDetailedStatus(return_callback); |
| 174 } | 168 } |
| 175 | 169 |
| 176 void TiclInvalidationService::RequestAccessToken() { | 170 void TiclInvalidationService::RequestAccessToken() { |
| 177 // Only one active request at a time. | 171 // Only one active request at a time. |
| 178 if (access_token_request_ != NULL) | 172 if (access_token_request_ != NULL) |
| 179 return; | 173 return; |
| 180 request_access_token_retry_timer_.Stop(); | 174 request_access_token_retry_timer_.Stop(); |
| 181 OAuth2TokenService::ScopeSet oauth2_scopes; | 175 OAuth2TokenService::ScopeSet oauth2_scopes; |
| 182 for (size_t i = 0; i < arraysize(kOAuth2Scopes); i++) | 176 for (size_t i = 0; i < arraysize(kOAuth2Scopes); i++) |
| 183 oauth2_scopes.insert(kOAuth2Scopes[i]); | 177 oauth2_scopes.insert(kOAuth2Scopes[i]); |
| 184 // Invalidate previous token, otherwise token service will return the same | 178 // Invalidate previous token, otherwise token service will return the same |
| 185 // token again. | 179 // token again. |
| 186 const std::string& account_id = signin_manager_->GetAuthenticatedAccountId(); | 180 const std::string& account_id = auth_provider_->GetAccountId(); |
| 187 oauth2_token_service_->InvalidateToken(account_id, | 181 OAuth2TokenService* token_service = auth_provider_->GetTokenService(); |
| 188 oauth2_scopes, | 182 token_service->InvalidateToken(account_id, oauth2_scopes, access_token_); |
| 189 access_token_); | |
| 190 access_token_.clear(); | 183 access_token_.clear(); |
| 191 access_token_request_ = oauth2_token_service_->StartRequest(account_id, | 184 access_token_request_ = |
| 192 oauth2_scopes, | 185 token_service->StartRequest(account_id, oauth2_scopes, this); |
| 193 this); | |
| 194 } | 186 } |
| 195 | 187 |
| 196 void TiclInvalidationService::OnGetTokenSuccess( | 188 void TiclInvalidationService::OnGetTokenSuccess( |
| 197 const OAuth2TokenService::Request* request, | 189 const OAuth2TokenService::Request* request, |
| 198 const std::string& access_token, | 190 const std::string& access_token, |
| 199 const base::Time& expiration_time) { | 191 const base::Time& expiration_time) { |
| 200 DCHECK_EQ(access_token_request_, request); | 192 DCHECK_EQ(access_token_request_, request); |
| 201 access_token_request_.reset(); | 193 access_token_request_.reset(); |
| 202 // Reset backoff time after successful response. | 194 // Reset backoff time after successful response. |
| 203 request_access_token_backoff_.Reset(); | 195 request_access_token_backoff_.Reset(); |
| (...skipping 30 matching lines...) Expand all Loading... |
| 234 break; | 226 break; |
| 235 } | 227 } |
| 236 default: { | 228 default: { |
| 237 // We have no way to notify the user of this. Do nothing. | 229 // We have no way to notify the user of this. Do nothing. |
| 238 } | 230 } |
| 239 } | 231 } |
| 240 } | 232 } |
| 241 | 233 |
| 242 void TiclInvalidationService::OnRefreshTokenAvailable( | 234 void TiclInvalidationService::OnRefreshTokenAvailable( |
| 243 const std::string& account_id) { | 235 const std::string& account_id) { |
| 244 if (signin_manager_->GetAuthenticatedAccountId() == account_id) { | 236 if (auth_provider_->GetAccountId() == account_id) { |
| 245 if (!IsStarted() && IsReadyToStart()) { | 237 if (!IsStarted() && IsReadyToStart()) { |
| 246 StartInvalidator(PUSH_CLIENT_CHANNEL); | 238 StartInvalidator(PUSH_CLIENT_CHANNEL); |
| 247 } | 239 } |
| 248 } | 240 } |
| 249 } | 241 } |
| 250 | 242 |
| 251 void TiclInvalidationService::OnRefreshTokenRevoked( | 243 void TiclInvalidationService::OnRefreshTokenRevoked( |
| 252 const std::string& account_id) { | 244 const std::string& account_id) { |
| 253 if (signin_manager_->GetAuthenticatedAccountId() == account_id) { | 245 if (auth_provider_->GetAccountId() == account_id) { |
| 254 access_token_.clear(); | 246 access_token_.clear(); |
| 255 if (IsStarted()) { | 247 if (IsStarted()) { |
| 256 UpdateInvalidatorCredentials(); | 248 UpdateInvalidatorCredentials(); |
| 257 } | 249 } |
| 258 } | 250 } |
| 259 } | 251 } |
| 260 | 252 |
| 253 void TiclInvalidationService::OnInvalidationAuthLogout() { |
| 254 access_token_request_.reset(); |
| 255 request_access_token_retry_timer_.Stop(); |
| 256 |
| 257 if (IsStarted()) { |
| 258 StopInvalidator(); |
| 259 } |
| 260 |
| 261 // This service always expects to have a valid invalidator storage. |
| 262 // So we must not only clear the old one, but also start a new one. |
| 263 invalidator_storage_->Clear(); |
| 264 invalidator_storage_.reset(new InvalidatorStorage(profile_->GetPrefs())); |
| 265 invalidator_storage_->SetInvalidatorClientId(GenerateInvalidatorClientId()); |
| 266 } |
| 267 |
| 261 void TiclInvalidationService::OnInvalidatorStateChange( | 268 void TiclInvalidationService::OnInvalidatorStateChange( |
| 262 syncer::InvalidatorState state) { | 269 syncer::InvalidatorState state) { |
| 263 if (state == syncer::INVALIDATION_CREDENTIALS_REJECTED) { | 270 if (state == syncer::INVALIDATION_CREDENTIALS_REJECTED) { |
| 264 // This may be due to normal OAuth access token expiration. If so, we must | 271 // This may be due to normal OAuth access token expiration. If so, we must |
| 265 // fetch a new one using our refresh token. Resetting the invalidator's | 272 // fetch a new one using our refresh token. Resetting the invalidator's |
| 266 // access token will not reset the invalidator's exponential backoff, so | 273 // access token will not reset the invalidator's exponential backoff, so |
| 267 // it's safe to try to update the token every time we receive this signal. | 274 // it's safe to try to update the token every time we receive this signal. |
| 268 // | 275 // |
| 269 // We won't be receiving any invalidations while the refresh is in progress, | 276 // We won't be receiving any invalidations while the refresh is in progress, |
| 270 // we set our state to TRANSIENT_INVALIDATION_ERROR. If the credentials | 277 // we set our state to TRANSIENT_INVALIDATION_ERROR. If the credentials |
| (...skipping 13 matching lines...) Expand all Loading... |
| 284 const syncer::ObjectIdInvalidationMap& invalidation_map) { | 291 const syncer::ObjectIdInvalidationMap& invalidation_map) { |
| 285 invalidator_registrar_->DispatchInvalidationsToHandlers(invalidation_map); | 292 invalidator_registrar_->DispatchInvalidationsToHandlers(invalidation_map); |
| 286 | 293 |
| 287 logger_.OnInvalidation(invalidation_map); | 294 logger_.OnInvalidation(invalidation_map); |
| 288 } | 295 } |
| 289 | 296 |
| 290 std::string TiclInvalidationService::GetOwnerName() const { return "TICL"; } | 297 std::string TiclInvalidationService::GetOwnerName() const { return "TICL"; } |
| 291 | 298 |
| 292 void TiclInvalidationService::Shutdown() { | 299 void TiclInvalidationService::Shutdown() { |
| 293 DCHECK(CalledOnValidThread()); | 300 DCHECK(CalledOnValidThread()); |
| 294 SigninManagerBase* signin_manager = | 301 auth_provider_->GetTokenService()->RemoveObserver(this); |
| 295 SigninManagerFactory::GetForProfile(profile_); | 302 auth_provider_->RemoveObserver(this); |
| 296 signin_manager->RemoveObserver(this); | |
| 297 oauth2_token_service_->RemoveObserver(this); | |
| 298 if (IsStarted()) { | 303 if (IsStarted()) { |
| 299 StopInvalidator(); | 304 StopInvalidator(); |
| 300 } | 305 } |
| 301 invalidator_storage_.reset(); | 306 invalidator_storage_.reset(); |
| 302 invalidator_registrar_.reset(); | 307 invalidator_registrar_.reset(); |
| 303 } | 308 } |
| 304 | 309 |
| 305 bool TiclInvalidationService::IsReadyToStart() { | 310 bool TiclInvalidationService::IsReadyToStart() { |
| 306 if (profile_->IsManaged()) { | 311 if (profile_->IsManaged()) { |
| 307 DVLOG(2) << "Not starting TiclInvalidationService: User is managed."; | 312 DVLOG(2) << "Not starting TiclInvalidationService: User is managed."; |
| 308 return false; | 313 return false; |
| 309 } | 314 } |
| 310 | 315 |
| 311 if (signin_manager_->GetAuthenticatedUsername().empty()) { | 316 if (auth_provider_->GetAccountId().empty()) { |
| 312 DVLOG(2) << "Not starting TiclInvalidationService: User is not signed in."; | 317 DVLOG(2) << "Not starting TiclInvalidationService: User is not signed in."; |
| 313 return false; | 318 return false; |
| 314 } | 319 } |
| 315 | 320 |
| 316 if (!oauth2_token_service_) { | 321 OAuth2TokenService* token_service = auth_provider_->GetTokenService(); |
| 322 if (!token_service) { |
| 317 DVLOG(2) | 323 DVLOG(2) |
| 318 << "Not starting TiclInvalidationService: " | 324 << "Not starting TiclInvalidationService: " |
| 319 << "OAuth2TokenService unavailable."; | 325 << "OAuth2TokenService unavailable."; |
| 320 return false; | 326 return false; |
| 321 } | 327 } |
| 322 | 328 |
| 323 if (!oauth2_token_service_->RefreshTokenIsAvailable( | 329 if (!token_service->RefreshTokenIsAvailable(auth_provider_->GetAccountId())) { |
| 324 signin_manager_->GetAuthenticatedAccountId())) { | |
| 325 DVLOG(2) | 330 DVLOG(2) |
| 326 << "Not starting TiclInvalidationServce: Waiting for refresh token."; | 331 << "Not starting TiclInvalidationServce: Waiting for refresh token."; |
| 327 return false; | 332 return false; |
| 328 } | 333 } |
| 329 | 334 |
| 330 return true; | 335 return true; |
| 331 } | 336 } |
| 332 | 337 |
| 333 bool TiclInvalidationService::IsStarted() { | 338 bool TiclInvalidationService::IsStarted() { |
| 334 return invalidator_.get() != NULL; | 339 return invalidator_.get() != NULL; |
| (...skipping 25 matching lines...) Expand all Loading... |
| 360 network_channel_options_.SetString("Options.HostPort", | 365 network_channel_options_.SetString("Options.HostPort", |
| 361 options.xmpp_host_port.ToString()); | 366 options.xmpp_host_port.ToString()); |
| 362 network_channel_options_.SetString("Options.AuthMechanism", | 367 network_channel_options_.SetString("Options.AuthMechanism", |
| 363 options.auth_mechanism); | 368 options.auth_mechanism); |
| 364 DCHECK_EQ(notifier::NOTIFICATION_SERVER, options.notification_method); | 369 DCHECK_EQ(notifier::NOTIFICATION_SERVER, options.notification_method); |
| 365 network_channel_creator = | 370 network_channel_creator = |
| 366 syncer::NonBlockingInvalidator::MakePushClientChannelCreator(options); | 371 syncer::NonBlockingInvalidator::MakePushClientChannelCreator(options); |
| 367 break; | 372 break; |
| 368 } | 373 } |
| 369 case GCM_NETWORK_CHANNEL: { | 374 case GCM_NETWORK_CHANNEL: { |
| 370 gcm_invalidation_bridge_.reset(new GCMInvalidationBridge(profile_)); | 375 gcm::GCMProfileService* gcm_profile_service = |
| 376 gcm::GCMProfileServiceFactory::GetForProfile(profile_); |
| 377 gcm_invalidation_bridge_.reset( |
| 378 new GCMInvalidationBridge(gcm_profile_service, auth_provider_.get())); |
| 371 network_channel_creator = | 379 network_channel_creator = |
| 372 syncer::NonBlockingInvalidator::MakeGCMNetworkChannelCreator( | 380 syncer::NonBlockingInvalidator::MakeGCMNetworkChannelCreator( |
| 373 profile_->GetRequestContext(), | 381 profile_->GetRequestContext(), |
| 374 gcm_invalidation_bridge_->CreateDelegate().Pass()); | 382 gcm_invalidation_bridge_->CreateDelegate().Pass()); |
| 375 break; | 383 break; |
| 376 } | 384 } |
| 377 default: { | 385 default: { |
| 378 NOTREACHED(); | 386 NOTREACHED(); |
| 379 return; | 387 return; |
| 380 } | 388 } |
| (...skipping 10 matching lines...) Expand all Loading... |
| 391 | 399 |
| 392 UpdateInvalidatorCredentials(); | 400 UpdateInvalidatorCredentials(); |
| 393 | 401 |
| 394 invalidator_->RegisterHandler(this); | 402 invalidator_->RegisterHandler(this); |
| 395 invalidator_->UpdateRegisteredIds( | 403 invalidator_->UpdateRegisteredIds( |
| 396 this, | 404 this, |
| 397 invalidator_registrar_->GetAllRegisteredIds()); | 405 invalidator_registrar_->GetAllRegisteredIds()); |
| 398 } | 406 } |
| 399 | 407 |
| 400 void TiclInvalidationService::UpdateInvalidatorCredentials() { | 408 void TiclInvalidationService::UpdateInvalidatorCredentials() { |
| 401 std::string email = signin_manager_->GetAuthenticatedUsername(); | 409 std::string email = auth_provider_->GetAccountId(); |
| 402 | 410 |
| 403 DCHECK(!email.empty()) << "Expected user to be signed in."; | 411 DCHECK(!email.empty()) << "Expected user to be signed in."; |
| 404 | 412 |
| 405 DVLOG(2) << "UpdateCredentials: " << email; | 413 DVLOG(2) << "UpdateCredentials: " << email; |
| 406 invalidator_->UpdateCredentials(email, access_token_); | 414 invalidator_->UpdateCredentials(email, access_token_); |
| 407 } | 415 } |
| 408 | 416 |
| 409 void TiclInvalidationService::StopInvalidator() { | 417 void TiclInvalidationService::StopInvalidator() { |
| 410 DCHECK(invalidator_); | 418 DCHECK(invalidator_); |
| 411 gcm_invalidation_bridge_.reset(); | 419 gcm_invalidation_bridge_.reset(); |
| 412 invalidator_->UnregisterHandler(this); | 420 invalidator_->UnregisterHandler(this); |
| 413 invalidator_.reset(); | 421 invalidator_.reset(); |
| 414 } | 422 } |
| 415 | 423 |
| 416 void TiclInvalidationService::Logout() { | |
| 417 access_token_request_.reset(); | |
| 418 request_access_token_retry_timer_.Stop(); | |
| 419 | |
| 420 if (IsStarted()) { | |
| 421 StopInvalidator(); | |
| 422 } | |
| 423 | |
| 424 // This service always expects to have a valid invalidator storage. | |
| 425 // So we must not only clear the old one, but also start a new one. | |
| 426 invalidator_storage_->Clear(); | |
| 427 invalidator_storage_.reset(new InvalidatorStorage(profile_->GetPrefs())); | |
| 428 invalidator_storage_->SetInvalidatorClientId(GenerateInvalidatorClientId()); | |
| 429 } | |
| 430 | |
| 431 } // namespace invalidation | 424 } // namespace invalidation |
| OLD | NEW |