Service account setup for headless Linux hosts

remoting/host/setup/host_starter.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "remoting/host/setup/host_starter.h"
 
 #include "base/guid.h"
 #include "base/thread_task_runner_handle.h"
 #include "base/values.h"
 #include "google_apis/google_api_keys.h"
@@ skipping 83 matching lines @@
   // We never request a refresh token, so this call is not expected.
   NOTREACHED();
 }
 
 void HostStarter::OnGetUserEmailResponse(const std::string& user_email) {
   if (!main_task_runner_->BelongsToCurrentThread()) {
     main_task_runner_->PostTask(FROM_HERE, base::Bind(
         &HostStarter::OnGetUserEmailResponse, weak_ptr_, user_email));
     return;
   }
-  user_email_ = user_email;
-  // Register the host.
-  host_id_ = base::GenerateGUID();
-  key_pair_ = RsaKeyPair::Generate();
-  service_client_->RegisterHost(
-      host_id_, host_name_, key_pair_->GetPublicKey(), access_token_, this);
+
+  if (host_id_.empty()) {

[Sergey Ulanov, 2013/08/13 23:33:38]

Add a comment that this function is used for both user account and robot
account.

Maybe check that host_owner_ is not empty here instead of looking at host_id_,
just to make this more readable?

[rmsousa, 2013/08/14 02:13:12]

Done.

+    // Register the host.
+    xmpp_login_ = user_email;

[Sergey Ulanov, 2013/08/13 23:33:38]

I think it's better to set host_owner_ here and copy it to xmpp_login_ if we
don't get auth code for the robot account.

[rmsousa, 2013/08/14 02:13:12]

Done.

+    host_id_ = base::GenerateGUID();
+    key_pair_ = RsaKeyPair::Generate();
+
+    std::string host_client_id;
+    host_client_id = google_apis::GetOAuth2ClientID(
+        google_apis::CLIENT_REMOTING_HOST);
+
+    service_client_->RegisterHost(
+        host_id_, host_name_, key_pair_->GetPublicKey(), host_client_id,
+        access_token_, this);
+  } else {
+    // Host is already registered, this response is for the service account.
+    // The previous value of xmpp_login is the host owner's email.
+    host_owner_ = xmpp_login_;
+    xmpp_login_ = user_email;
+    StartHostProcess();
+  }
 }
 
-void HostStarter::OnHostRegistered() {
+void HostStarter::OnHostRegistered(const std::string& authorization_code) {
   if (!main_task_runner_->BelongsToCurrentThread()) {
     main_task_runner_->PostTask(FROM_HERE, base::Bind(
-        &HostStarter::OnHostRegistered, weak_ptr_));
+        &HostStarter::OnHostRegistered, weak_ptr_, authorization_code));
     return;
   }
+
+  if (authorization_code.empty()) {
+    // No service account code, start the host with the user's credentials.
+    StartHostProcess();
+  } else {

[Sergey Ulanov, 2013/08/13 23:33:38]

add return in the case above and remove else. The no-robot-account case above
will be removed eventually.

[rmsousa, 2013/08/14 02:13:12]

Done.

+    // Received a service account authorization code, update oauth_client_info_
+    // to use the service account client keys, and get service account tokens.
+    oauth_client_info_.client_id =
+        google_apis::GetOAuth2ClientID(
+            google_apis::CLIENT_REMOTING_HOST);
+    oauth_client_info_.client_secret =
+        google_apis::GetOAuth2ClientSecret(
+            google_apis::CLIENT_REMOTING_HOST);
+    oauth_client_info_.redirect_uri = "oob";
+    oauth_client_->GetTokensFromAuthCode(
+        oauth_client_info_, authorization_code, kMaxGetTokensRetries, this);
+  }
+}
+
+void HostStarter::StartHostProcess() {
   // Start the host.
   std::string host_secret_hash = remoting::MakeHostPinHash(host_id_, host_pin_);
   scoped_ptr<base::DictionaryValue> config(new base::DictionaryValue());
-  config->SetString("xmpp_login", user_email_);
+  if (!host_owner_.empty()) {

[Sergey Ulanov, 2013/08/13 23:33:38]

Can we always set host_owner, even when using user credentials for the host (in
that case host_owner = xmpp_login)?

[rmsousa, 2013/08/14 02:13:12]

https://codereview.chromium.org/19796006/ uses the absence of a host_owner to
mean it's an old (non-service-account) host config. If I always write it here,
there will be two special cases to check on remoting_me2me_host - no host_owner
(old configs), and host_owner == xmpp_login (we can't just follow the
service_account codepath in that case, because it uses different api keys for
xmpp_login).

+    config->SetString("host_owner", host_owner_);
+  }
+  config->SetString("xmpp_login", xmpp_login_);
   config->SetString("oauth_refresh_token", refresh_token_);
   config->SetString("host_id", host_id_);
   config->SetString("host_name", host_name_);
   config->SetString("private_key", key_pair_->ToString());
   config->SetString("host_secret_hash", host_secret_hash);
   daemon_controller_->SetConfigAndStart(
       config.Pass(), consent_to_data_collection_,
       base::Bind(&HostStarter::OnHostStarted, base::Unretained(this)));
 }
 
@@ skipping 41 matching lines @@
     main_task_runner_->PostTask(FROM_HERE, base::Bind(
         &HostStarter::OnHostUnregistered, weak_ptr_));
     return;
   }
   CompletionCallback cb = on_done_;
   on_done_.Reset();
   cb.Run(START_ERROR);
 }
 
 }  // namespace remoting