Handling of multiple concurrent requests from different clients in OAuth2TokenService

chrome/browser/signin/oauth2_token_service.cc

 // Copyright 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/oauth2_token_service.h"
 
 #include <vector>
 
 #include "base/bind.h"
 #include "base/memory/weak_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/rand_util.h"
 #include "base/stl_util.h"
 #include "base/time/time.h"
 #include "base/timer/timer.h"
 #include "content/public/browser/browser_thread.h"
 #include "google_apis/gaia/gaia_urls.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "google_apis/gaia/oauth2_access_token_consumer.h"
 #include "google_apis/gaia/oauth2_access_token_fetcher.h"
 #include "net/url_request/url_request_context_getter.h"
 
 int OAuth2TokenService::max_fetch_retry_num_ = 5;
 
+OAuth2TokenService::ClientScopeSet::ClientScopeSet(
+    const std::string& request_origin,
+    const std::string& client_id,
+    const ScopeSet& scopes)
+    : request_origin(request_origin),
+      client_id(client_id),
+      scopes(scopes) {
+}
+
+bool OAuth2TokenService::ClientScopeSet::operator<(
+    const ClientScopeSet& set) const {

[fgorski, 2013/08/08 17:25:33]

Will this produce strict weak ordering required by the map?

Here is my concern:
I think that this implementation of the operator< does not guarantee asymmetry
and will lead to situations where std::map using the operation will have order
of elements dependent on the order in which they were inserted. That would cause
a situation where you might not find what you are looking for even if it is
there.

Example:
Consider situation where you have to sets a and b, and the following holds:
a.request_origin < b.request_origin and b.client_id < a.client_id

in that case both of these hold:
a < b and b < a

[zel, 2013/08/08 19:15:18]

The ordering should be fixed now and covered with unit tests. PTAL.

+  if (request_origin < set.request_origin)
+    return true;
+
+  if (client_id < set.client_id)
+    return true;
+
+  if (scopes < set.scopes)
+    return true;
+
+  return false;
+}
+
+OAuth2TokenService::FetchParameters::FetchParameters(
+    const std::string& request_origin,
+    const std::string& client_id,
+    const std::string& refresh_token,
+    const ScopeSet& scopes)
+    : request_origin(request_origin),
+      client_id(client_id),
+      refresh_token(refresh_token),
+      scopes(scopes) {
+}
+
+bool OAuth2TokenService::FetchParameters::operator<(
+    const FetchParameters& params) const {

[fgorski, 2013/08/08 17:25:33]

Same comment as implementation of the ClientScopeSet::operator<

[zel, 2013/08/08 18:31:20]

you are absolutely right good catch! fixing that now and adding unit tests...

[zel, 2013/08/08 19:15:18]

Done.

+  if (request_origin < params.request_origin)
+    return true;
+
+  if (client_id < params.client_id)
+    return true;
+
+  if (refresh_token < params.refresh_token)
+    return true;
+
+  if (scopes < params.scopes)
+    return true;
+
+  return false;
+}
+
 OAuth2TokenService::RequestImpl::RequestImpl(
     OAuth2TokenService::Consumer* consumer)
     : consumer_(consumer) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
 }
 
 OAuth2TokenService::RequestImpl::~RequestImpl() {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
 }
 
@@ skipping 35 matching lines @@
 // - when the Fetcher is destructed if the Fetcher is destructed before it
 //   completes fetching (in this case, the waiting requests will be called back
 //   with error).
 class OAuth2TokenService::Fetcher : public OAuth2AccessTokenConsumer {
  public:
   // Creates a Fetcher and starts fetching an OAuth2 access token for
   // |refresh_token| and |scopes| in the request context obtained by |getter|.
   // The given |oauth2_token_service| will be informed when fetching is done.
   static Fetcher* CreateAndStart(OAuth2TokenService* oauth2_token_service,
                                  net::URLRequestContextGetter* getter,
-                                 const std::string& chrome_client_id,
-                                 const std::string& chrome_client_secret,
+                                 const std::string& request_origin,
+                                 const std::string& client_id,
+                                 const std::string& client_secret,
                                  const std::string& refresh_token,
                                  const OAuth2TokenService::ScopeSet& scopes,
                                  base::WeakPtr<RequestImpl> waiting_request);
   virtual ~Fetcher();
 
   // Add a request that is waiting for the result of this Fetcher.
   void AddWaitingRequest(base::WeakPtr<RequestImpl> waiting_request);
 
   void Cancel();
 
   const OAuth2TokenService::ScopeSet& GetScopeSet() const;
   const std::string& GetRefreshToken() const;
+  const std::string& GetClientId() const;
+  const std::string& GetRequestOrigin() const;
 
   // The error result from this fetcher.
   const GoogleServiceAuthError& error() const { return error_; }
 
  protected:
    // OAuth2AccessTokenConsumer
   virtual void OnGetTokenSuccess(const std::string& access_token,
                                  const base::Time& expiration_date) OVERRIDE;
   virtual void OnGetTokenFailure(const GoogleServiceAuthError& error) OVERRIDE;
 
  private:
   Fetcher(OAuth2TokenService* oauth2_token_service,
           net::URLRequestContextGetter* getter,
-          const std::string& chrome_client_id,
-          const std::string& chrome_client_secret,
+          const std::string& request_origin,
+          const std::string& client_id,
+          const std::string& client_secret,
           const std::string& refresh_token,
           const OAuth2TokenService::ScopeSet& scopes,
           base::WeakPtr<RequestImpl> waiting_request);
   void Start();
   void InformWaitingRequests();
   void InformWaitingRequestsAndDelete();
   static bool ShouldRetry(const GoogleServiceAuthError& error);
   int64 ComputeExponentialBackOffMilliseconds(int retry_num);
 
   // |oauth2_token_service_| remains valid for the life of this Fetcher, since
   // this Fetcher is destructed in the dtor of the OAuth2TokenService or is
   // scheduled for deletion at the end of OnGetTokenFailure/OnGetTokenSuccess
   // (whichever comes first).
   OAuth2TokenService* const oauth2_token_service_;
   scoped_refptr<net::URLRequestContextGetter> getter_;
   const std::string refresh_token_;
   const OAuth2TokenService::ScopeSet scopes_;
   std::vector<base::WeakPtr<RequestImpl> > waiting_requests_;
 
   int retry_number_;
   base::OneShotTimer<OAuth2TokenService::Fetcher> retry_timer_;
   scoped_ptr<OAuth2AccessTokenFetcher> fetcher_;
 
   // Variables that store fetch results.
   // Initialized to be GoogleServiceAuthError::SERVICE_UNAVAILABLE to handle
   // destruction.
   GoogleServiceAuthError error_;
   std::string access_token_;
   base::Time expiration_date_;
+
+  // Token fetch request origin identifier.
+  std::string request_origin_;
+
   // OAuth2 client id and secret.
-  std::string chrome_client_id_;
-  std::string chrome_client_secret_;
+  std::string client_id_;
+  std::string client_secret_;
 
   DISALLOW_COPY_AND_ASSIGN(Fetcher);
 };
 
 // static
 OAuth2TokenService::Fetcher* OAuth2TokenService::Fetcher::CreateAndStart(
     OAuth2TokenService* oauth2_token_service,
     net::URLRequestContextGetter* getter,
-    const std::string& chrome_client_id,
-    const std::string& chrome_client_secret,
+    const std::string& request_origin,
+    const std::string& client_id,
+    const std::string& client_secret,
     const std::string& refresh_token,
     const OAuth2TokenService::ScopeSet& scopes,
     base::WeakPtr<RequestImpl> waiting_request) {
   OAuth2TokenService::Fetcher* fetcher = new Fetcher(
       oauth2_token_service,
       getter,
-      chrome_client_id,
-      chrome_client_secret,
+      request_origin,
+      client_id,
+      client_secret,
       refresh_token,
       scopes,
       waiting_request);
   fetcher->Start();
   return fetcher;
 }
 
 OAuth2TokenService::Fetcher::Fetcher(
     OAuth2TokenService* oauth2_token_service,
     net::URLRequestContextGetter* getter,
-    const std::string& chrome_client_id,
-    const std::string& chrome_client_secret,
+    const std::string& request_origin,
+    const std::string& client_id,
+    const std::string& client_secret,
     const std::string& refresh_token,
     const OAuth2TokenService::ScopeSet& scopes,
     base::WeakPtr<RequestImpl> waiting_request)
     : oauth2_token_service_(oauth2_token_service),
       getter_(getter),
       refresh_token_(refresh_token),
       scopes_(scopes),
       retry_number_(0),
       error_(GoogleServiceAuthError::SERVICE_UNAVAILABLE),
-      chrome_client_id_(chrome_client_id),
-      chrome_client_secret_(chrome_client_secret) {
+      request_origin_(request_origin),
+      client_id_(client_id),
+      client_secret_(client_secret) {
   DCHECK(oauth2_token_service_);
   DCHECK(getter_.get());
   DCHECK(refresh_token_.length());
   waiting_requests_.push_back(waiting_request);
 }
 
 OAuth2TokenService::Fetcher::~Fetcher() {
   // Inform the waiting requests if it has not done so.
   if (waiting_requests_.size())
     InformWaitingRequests();
 }
 
 void OAuth2TokenService::Fetcher::Start() {
   fetcher_.reset(new OAuth2AccessTokenFetcher(this, getter_.get()));
-  fetcher_->Start(chrome_client_id_,
-                  chrome_client_secret_,
+  fetcher_->Start(client_id_,
+                  client_secret_,
                   refresh_token_,
                   std::vector<std::string>(scopes_.begin(), scopes_.end()));
   retry_timer_.Stop();
 }
 
 void OAuth2TokenService::Fetcher::OnGetTokenSuccess(
     const std::string& access_token,
     const base::Time& expiration_date) {
   fetcher_.reset();
 
   // Fetch completes.
   error_ = GoogleServiceAuthError::AuthErrorNone();
   access_token_ = access_token;
   expiration_date_ = expiration_date;
 
   // Subclasses may override this method to skip caching in some cases, but
   // we still inform all waiting Consumers of a successful token fetch below.
   // This is intentional -- some consumers may need the token for cleanup
   // tasks. https://chromiumcodereview.appspot.com/11312124/
-  oauth2_token_service_->RegisterCacheEntry(refresh_token_,
+  oauth2_token_service_->RegisterCacheEntry(request_origin_,
+                                            client_id_,
+                                            refresh_token_,
                                             scopes_,
                                             access_token_,
                                             expiration_date_);
   InformWaitingRequestsAndDelete();
 }
 
 void OAuth2TokenService::Fetcher::OnGetTokenFailure(
     const GoogleServiceAuthError& error) {
   fetcher_.reset();
 
@@ skipping 64 matching lines @@
 
 const OAuth2TokenService::ScopeSet& OAuth2TokenService::Fetcher::GetScopeSet()
     const {
   return scopes_;
 }
 
 const std::string& OAuth2TokenService::Fetcher::GetRefreshToken() const {
   return refresh_token_;
 }
 
+const std::string& OAuth2TokenService::Fetcher::GetClientId() const {
+  return client_id_;
+}
+
+const std::string& OAuth2TokenService::Fetcher::GetRequestOrigin() const {
+  return request_origin_;
+}
+
 OAuth2TokenService::Request::Request() {
 }
 
 OAuth2TokenService::Request::~Request() {
 }
 
 OAuth2TokenService::Consumer::Consumer() {
 }
 
 OAuth2TokenService::Consumer::~Consumer() {
@@ skipping 20 matching lines @@
 bool OAuth2TokenService::RefreshTokenIsAvailable() {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
   return !GetRefreshToken().empty();
 }
 
 scoped_ptr<OAuth2TokenService::Request> OAuth2TokenService::StartRequest(
     const OAuth2TokenService::ScopeSet& scopes,
     OAuth2TokenService::Consumer* consumer) {
   return StartRequestForClientWithContext(
       GetRequestContext(),
+      std::string(),
       GaiaUrls::GetInstance()->oauth2_chrome_client_id(),
       GaiaUrls::GetInstance()->oauth2_chrome_client_secret(),
       scopes,
       consumer);
 }
 
 scoped_ptr<OAuth2TokenService::Request>
 OAuth2TokenService::StartRequestForClient(
+    const std::string& request_origin,
     const std::string& client_id,
     const std::string& client_secret,
     const OAuth2TokenService::ScopeSet& scopes,
     OAuth2TokenService::Consumer* consumer) {
   return StartRequestForClientWithContext(
       GetRequestContext(),
+      request_origin,
       client_id,
       client_secret,
       scopes,
       consumer);
 }
 
 scoped_ptr<OAuth2TokenService::Request>
 OAuth2TokenService::StartRequestWithContext(
     net::URLRequestContextGetter* getter,
     const ScopeSet& scopes,
     Consumer* consumer) {
   return StartRequestForClientWithContext(
       getter,
+      std::string(),
       GaiaUrls::GetInstance()->oauth2_chrome_client_id(),
       GaiaUrls::GetInstance()->oauth2_chrome_client_secret(),
       scopes,
       consumer);
 }
 
 scoped_ptr<OAuth2TokenService::Request>
 OAuth2TokenService::StartRequestForClientWithContext(
     net::URLRequestContextGetter* getter,
+    const std::string& request_origin,
     const std::string& client_id,
     const std::string& client_secret,
     const ScopeSet& scopes,
     Consumer* consumer) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
 
   scoped_ptr<RequestImpl> request(new RequestImpl(consumer));
 
   std::string refresh_token = GetRefreshToken();
   if (refresh_token.empty()) {
     base::MessageLoop::current()->PostTask(FROM_HERE, base::Bind(
         &RequestImpl::InformConsumer,
         request->AsWeakPtr(),
         GoogleServiceAuthError(
             GoogleServiceAuthError::USER_NOT_SIGNED_UP),
         std::string(),
         base::Time()));
     return request.PassAs<Request>();
   }
 
-  if (HasCacheEntry(scopes))
-    return StartCacheLookupRequest(scopes, consumer);
+  ClientScopeSet client_scopes(request_origin,
+                               client_id,
+                               scopes);
+  if (HasCacheEntry(client_scopes))
+    return StartCacheLookupRequest(client_scopes, consumer);
 
   // If there is already a pending fetcher for |scopes| and |refresh_token|,
   // simply register this |request| for those results rather than starting
   // a new fetcher.
-  FetchParameters fetch_parameters = std::make_pair(refresh_token, scopes);
+  FetchParameters fetch_parameters = FetchParameters(request_origin,
+                                                     client_id,
+                                                     refresh_token,
+                                                     scopes);
   std::map<FetchParameters, Fetcher*>::iterator iter =
       pending_fetchers_.find(fetch_parameters);
   if (iter != pending_fetchers_.end()) {
     iter->second->AddWaitingRequest(request->AsWeakPtr());
     return request.PassAs<Request>();
   }
 
   pending_fetchers_[fetch_parameters] =
       Fetcher::CreateAndStart(this,
                               getter,
+                              request_origin,
                               client_id,
                               client_secret,
                               refresh_token,
                               scopes,
                               request->AsWeakPtr());
   return request.PassAs<Request>();
 }
 
 scoped_ptr<OAuth2TokenService::Request>
     OAuth2TokenService::StartCacheLookupRequest(
-        const OAuth2TokenService::ScopeSet& scopes,
+        const OAuth2TokenService::ClientScopeSet& client_scopes,
         OAuth2TokenService::Consumer* consumer) {
-  CHECK(HasCacheEntry(scopes));
-  const CacheEntry* cache_entry = GetCacheEntry(scopes);
+  CHECK(HasCacheEntry(client_scopes));
+  const CacheEntry* cache_entry = GetCacheEntry(client_scopes);
   scoped_ptr<RequestImpl> request(new RequestImpl(consumer));
   base::MessageLoop::current()->PostTask(FROM_HERE, base::Bind(
       &RequestImpl::InformConsumer,
       request->AsWeakPtr(),
       GoogleServiceAuthError(GoogleServiceAuthError::NONE),
       cache_entry->access_token,
       cache_entry->expiration_date));
   return request.PassAs<Request>();
 }
 
 void OAuth2TokenService::InvalidateToken(const ScopeSet& scopes,
                                          const std::string& invalid_token) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
-  RemoveCacheEntry(scopes, invalid_token);
+  RemoveCacheEntry(
+      ClientScopeSet(std::string(),
+                     GaiaUrls::GetInstance()->oauth2_chrome_client_id(),
+                     scopes),
+      invalid_token);
 }
 
 void OAuth2TokenService::OnFetchComplete(Fetcher* fetcher) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
 
   // Update the auth error state so auth errors are appropriately communicated
   // to the user.
   UpdateAuthError(fetcher->error());
 
   // Note |fetcher| is recorded in |pending_fetcher_| mapped to its refresh
@@ skipping 16 matching lines @@
   //
   // (3) Each of the Fetchers recorded in |pending_fetchers_| is mapped to its
   //     refresh token and ScopeSet. This is guaranteed by Fetcher creation in
   //     method StartRequest().
   //
   // When this method is called, |fetcher| is alive and uncompleted.
   // By (1), |fetcher| is created by this service.
   // Then by (2), |fetcher| is recorded in |pending_fetchers_|.
   // Then by (3), |fetcher_| is mapped to its refresh token and ScopeSet.
   std::map<FetchParameters, Fetcher*>::iterator iter =
-    pending_fetchers_.find(std::make_pair(
-        fetcher->GetRefreshToken(), fetcher->GetScopeSet()));
+    pending_fetchers_.find(FetchParameters(
+        fetcher->GetRequestOrigin(),
+        fetcher->GetClientId(),
+        fetcher->GetRefreshToken(),
+        fetcher->GetScopeSet()));
   DCHECK(iter != pending_fetchers_.end());
   DCHECK_EQ(fetcher, iter->second);
   pending_fetchers_.erase(iter);
 }
 
 bool OAuth2TokenService::HasCacheEntry(
-    const OAuth2TokenService::ScopeSet& scopes) {
-  const CacheEntry* cache_entry = GetCacheEntry(scopes);
+    const ClientScopeSet& client_scopes) {
+  const CacheEntry* cache_entry = GetCacheEntry(client_scopes);
   return cache_entry && cache_entry->access_token.length();
 }
 
 const OAuth2TokenService::CacheEntry* OAuth2TokenService::GetCacheEntry(
-    const OAuth2TokenService::ScopeSet& scopes) {
+    const ClientScopeSet& client_scopes) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
-  TokenCache::iterator token_iterator = token_cache_.find(scopes);
+  TokenCache::iterator token_iterator = token_cache_.find(client_scopes);
   if (token_iterator == token_cache_.end())
     return NULL;
   if (token_iterator->second.expiration_date <= base::Time::Now()) {
     token_cache_.erase(token_iterator);
     return NULL;
   }
   return &token_iterator->second;
 }
 
 bool OAuth2TokenService::RemoveCacheEntry(
-    const OAuth2TokenService::ScopeSet& scopes,
+    const ClientScopeSet& client_scopes,
     const std::string& token_to_remove) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
-  TokenCache::iterator token_iterator = token_cache_.find(scopes);
+  TokenCache::iterator token_iterator = token_cache_.find(client_scopes);
   if (token_iterator != token_cache_.end() &&
       token_iterator->second.access_token == token_to_remove) {
     token_cache_.erase(token_iterator);
     return true;
   }
   return false;
 }
 
 void OAuth2TokenService::RegisterCacheEntry(
+    const std::string& request_origin,
+    const std::string& client_id,
     const std::string& refresh_token,
     const OAuth2TokenService::ScopeSet& scopes,
     const std::string& access_token,
     const base::Time& expiration_date) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
 
-  CacheEntry& token = token_cache_[scopes];
+  CacheEntry& token = token_cache_[ClientScopeSet(request_origin,
+                                                  client_id,
+                                                  scopes)];
   token.access_token = access_token;
   token.expiration_date = expiration_date;
 }
 
 void OAuth2TokenService::UpdateAuthError(const GoogleServiceAuthError& error) {
   // Default implementation does nothing.
 }
 
 void OAuth2TokenService::ClearCache() {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
@@ skipping 11 matching lines @@
   CancelFetchers(fetchers_to_cancel);
 }
 
 void OAuth2TokenService::CancelRequestsForToken(
     const std::string& refresh_token) {
   std::vector<Fetcher*> fetchers_to_cancel;
   for (std::map<FetchParameters, Fetcher*>::iterator iter =
            pending_fetchers_.begin();
        iter != pending_fetchers_.end();
        ++iter) {
-    if (iter->first.first == refresh_token)
+    if (iter->first.refresh_token == refresh_token)
       fetchers_to_cancel.push_back(iter->second);
   }
   CancelFetchers(fetchers_to_cancel);
 }
 
 void OAuth2TokenService::CancelFetchers(
     std::vector<Fetcher*> fetchers_to_cancel) {
   for (std::vector<OAuth2TokenService::Fetcher*>::iterator iter =
            fetchers_to_cancel.begin();
        iter != fetchers_to_cancel.end();
@@ skipping 25 matching lines @@
 
 int OAuth2TokenService::cache_size_for_testing() const {
   return token_cache_.size();
 }
 
 void OAuth2TokenService::set_max_authorization_token_fetch_retries_for_testing(
     int max_retries) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
   max_fetch_retry_num_ = max_retries;
 }