Making OAuth2TokenService multi-login aware, updating callers, minor fixes

chrome/browser/signin/profile_oauth2_token_service.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/profile_oauth2_token_service.h"
 
 #include "base/bind.h"
 #include "base/message_loop/message_loop.h"
 #include "base/stl_util.h"
 #include "base/time/time.h"
@@ skipping 82 matching lines @@
 }
 
 void ProfileOAuth2TokenService::Shutdown() {
   CancelAllRequests();
   signin_global_error_->RemoveProvider(this);
   GlobalErrorServiceFactory::GetForProfile(profile_)->RemoveGlobalError(
       signin_global_error_.get());
   signin_global_error_.reset();
 }
 
-std::string ProfileOAuth2TokenService::GetRefreshToken() {
-  TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
-  if (!token_service || !token_service->HasOAuthLoginToken()) {
-    return std::string();
-  }
-  return token_service->GetOAuth2LoginRefreshToken();
+std::string ProfileOAuth2TokenService::GetRefreshToken(
+    const std::string& account_id) {
+  return refresh_tokens_[account_id];
 }
 
 void ProfileOAuth2TokenService::UpdateAuthError(
     const GoogleServiceAuthError& error) {
   // Do not report connection errors as these are not actually auth errors.
   // We also want to avoid masking a "real" auth error just because we
   // subsequently get a transient network error.
   if (error.state() == GoogleServiceAuthError::CONNECTION_FAILED)
     return;
 
@@ skipping 22 matching lines @@
         ClearCache();
         UpdateAuthError(GoogleServiceAuthError::AuthErrorNone());
         FireRefreshTokenAvailable(GetAccountId(profile_));
       }
       break;
     }
     case chrome::NOTIFICATION_TOKENS_CLEARED: {
       CancelAllRequests();
       ClearCache();
       UpdateAuthError(GoogleServiceAuthError::AuthErrorNone());
-      FireRefreshTokensCleared();
       break;
     }
     case chrome::NOTIFICATION_TOKEN_LOADING_FINISHED:
       FireRefreshTokensLoaded();
       break;
     default:
       NOTREACHED() << "Invalid notification type=" << type;
       break;
   }
 }
 
 GoogleServiceAuthError ProfileOAuth2TokenService::GetAuthStatus() const {
   return last_auth_error_;
 }
 
 net::URLRequestContextGetter* ProfileOAuth2TokenService::GetRequestContext() {
   return profile_->GetRequestContext();
 }
 
 void ProfileOAuth2TokenService::RegisterCacheEntry(
     const std::string& refresh_token,
     const ScopeSet& scopes,
     const std::string& access_token,
     const base::Time& expiration_date) {
-  if (ShouldCacheForRefreshToken(TokenServiceFactory::GetForProfile(profile_),
-                                 refresh_token)) {
+  if (ShouldCacheForRefreshToken(refresh_token)) {
     OAuth2TokenService::RegisterCacheEntry(refresh_token,
                                            scopes,
                                            access_token,
                                            expiration_date);
   }
 }
 
 bool ProfileOAuth2TokenService::ShouldCacheForRefreshToken(
-    TokenService *token_service,
     const std::string& refresh_token) {
-  if (!token_service ||
-      !token_service->HasOAuthLoginToken() ||
-      token_service->GetOAuth2LoginRefreshToken().compare(refresh_token) != 0) {
-    DLOG(INFO) <<
-        "Received a token with a refresh token not maintained by TokenService.";
-    return false;
+  for (std::map<std::string, std::string>::const_iterator iter =

[Andrew T Wilson (Slow), 2013/08/23 09:38:13]

Add a comment as to what this is doing. Can users hit this case in reality (say,
after a re-auth) or should this be a CHECK/DCHECK instead?

[fgorski, 2013/08/23 19:13:35]

Done. Added a comment and a TODO to investigate CHECK/DCHECK option.

+           refresh_tokens_.begin(); iter != refresh_tokens_.end(); ++iter) {
+    if (iter->second == refresh_token)
+      return true;
   }
-  return true;
+
+  DLOG(INFO) <<
+      "Received a token with a refresh token not maintained by TokenService.";
+  return false;
+}
+
+std::string ProfileOAuth2TokenService::GetPrimaryAccountId() {
+  SigninManagerBase* signin_manager =
+      SigninManagerFactory::GetForProfileIfExists(profile_);
+  return signin_manager ? signin_manager->GetAuthenticatedUsername() :
+      std::string();
+}
+
+std::vector<std::string> ProfileOAuth2TokenService::GetAccounts() {
+  std::vector<std::string> account_ids;
+  for (std::map<std::string, std::string>::const_iterator iter =
+           refresh_tokens_.begin(); iter != refresh_tokens_.end(); ++iter) {
+    account_ids.push_back(iter->first);
+  }
+  return account_ids;
 }
 
 void ProfileOAuth2TokenService::UpdateCredentials(
     const std::string& account_id,
     const std::string& refresh_token) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
   DCHECK(!refresh_token.empty());
 
   bool refresh_token_present = refresh_tokens_.count(account_id) > 0;
   if (!refresh_token_present ||
       refresh_tokens_[account_id] != refresh_token) {
-    // If token present, and different from the new one, cancel its requests.
-    if (refresh_token_present)
+    // If token present, and different from the new one, cancel its requests,
+    // and clear the entries in cache related to that account.
+    if (refresh_token_present) {
       CancelRequestsForToken(refresh_tokens_[account_id]);
+      // ClearCacheForAccount(account_id);

[Andrew T Wilson (Slow), 2013/08/23 09:38:13]

Add a TODO here?

[fgorski, 2013/08/23 19:13:35]

Done.

+    }
 
     // Save the token in memory and in persistent store.
     refresh_tokens_[account_id] = refresh_token;
     scoped_refptr<TokenWebData> token_web_data =
         TokenWebData::FromBrowserContext(profile_);
     if (token_web_data.get())
       token_web_data->SetTokenForService(ApplyAccountIdPrefix(account_id),
                                          refresh_token);
 
+    UpdateAuthError(GoogleServiceAuthError::AuthErrorNone());

[Andrew T Wilson (Slow), 2013/08/23 09:38:13]

Just a note that we probably have to figure out how we want SigninGlobalError to
work in this multi-profile world. Do we need multiple SigninGlobalError objects
(one per account?) or just a single one and somehow have SigninGlobalError deal
with multi-accounts internally.

My point is that if I have two accounts, A and B, and they both have auth
errors, I probably shouldn't clear the "global" auth error (as we're doing here)
just because I've re-auth one of the accounts.

[fgorski, 2013/08/23 19:13:35]

Done. Included a section in design doc. Updated the signature of UpdateAuthError
method.

     FireRefreshTokenAvailable(account_id);
     // TODO(fgorski): Notify diagnostic observers.
   }
 }
 
 void ProfileOAuth2TokenService::RevokeCredentials(
     const std::string& account_id) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
 
   if (refresh_tokens_.count(account_id) > 0) {
     CancelRequestsForToken(refresh_tokens_[account_id]);
+    // ClearCacheForAccount(account_id);
     refresh_tokens_.erase(account_id);
     scoped_refptr<TokenWebData> token_web_data =
         TokenWebData::FromBrowserContext(profile_);
     if (token_web_data.get())
       token_web_data->RemoveTokenForService(ApplyAccountIdPrefix(account_id));
     FireRefreshTokenRevoked(account_id);
 
     // TODO(fgorski): Notify diagnostic observers.
   }
 }
 
 void ProfileOAuth2TokenService::RevokeAllCredentials() {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
 
   CancelAllRequests();
   for (std::map<std::string, std::string>::const_iterator iter =
            refresh_tokens_.begin();
        iter != refresh_tokens_.end();
        ++iter) {
     FireRefreshTokenRevoked(iter->first);
   }
   refresh_tokens_.clear();
 
   scoped_refptr<TokenWebData> token_web_data =
       TokenWebData::FromBrowserContext(profile_);
   if (token_web_data.get())
     token_web_data->RemoveAllTokens();
-  FireRefreshTokensCleared();
 
   // TODO(fgorski): Notify diagnostic observers.
 }
 
 void ProfileOAuth2TokenService::LoadCredentials() {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
   DCHECK_EQ(0, web_data_service_request_);
 
   CancelAllRequests();
   refresh_tokens_.clear();
@@ skipping 47 matching lines @@
     }
   }
 
   if (!old_login_token.empty() &&
       refresh_tokens_.count(GetAccountId(profile_)) == 0) {
     UpdateCredentials(GetAccountId(profile_), old_login_token);
   }
 
   FireRefreshTokensLoaded();
 }