Making OAuth2TokenService multi-login aware, updating callers, minor fixes

chrome/browser/signin/profile_oauth2_token_service.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/profile_oauth2_token_service.h"
 
 #include "base/bind.h"
 #include "base/message_loop/message_loop.h"
 #include "base/stl_util.h"
 #include "base/time/time.h"
@@ skipping 81 matching lines @@
 
 void ProfileOAuth2TokenService::Shutdown() {
   DCHECK(profile_) << "Shutdown() called without matching call to Initialize()";
   CancelAllRequests();
   signin_global_error_->RemoveProvider(this);
   GlobalErrorServiceFactory::GetForProfile(profile_)->RemoveGlobalError(
       signin_global_error_.get());
   signin_global_error_.reset();
 }
 
-std::string ProfileOAuth2TokenService::GetRefreshToken() {
-  TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
-  if (!token_service || !token_service->HasOAuthLoginToken()) {
-    return std::string();
-  }
-  return token_service->GetOAuth2LoginRefreshToken();
+std::string ProfileOAuth2TokenService::GetRefreshToken(
+    const std::string& account_id) {
+  return refresh_tokens_[account_id];
 }
 
 net::URLRequestContextGetter* ProfileOAuth2TokenService::GetRequestContext() {
   return profile_->GetRequestContext();
 }
 
 void ProfileOAuth2TokenService::UpdateAuthError(
+    const std::string& account_id,
     const GoogleServiceAuthError& error) {
+  // TODO(fgorski): SigninGlobalError needs to be made multi-login aware.
   // Do not report connection errors as these are not actually auth errors.
   // We also want to avoid masking a "real" auth error just because we
   // subsequently get a transient network error.
   if (error.state() == GoogleServiceAuthError::CONNECTION_FAILED)
     return;
 
   if (error.state() != last_auth_error_.state()) {
     last_auth_error_ = error;
     signin_global_error_->AuthStatusChanged();
   }
 }
 
 void ProfileOAuth2TokenService::Observe(
     int type,
     const content::NotificationSource& source,
     const content::NotificationDetails& details) {
   switch (type) {
     case chrome::NOTIFICATION_TOKEN_AVAILABLE: {
       TokenService::TokenAvailableDetails* tok_details =
           content::Details<TokenService::TokenAvailableDetails>(details).ptr();
       if (tok_details->service() ==
           GaiaConstants::kGaiaOAuth2LoginRefreshToken) {
         // TODO(fgorski): Canceling all requests will not be correct in a
         // multi-login environment. We should cancel only the requests related
         // to the token being replaced (old token for the same account_id).
         // Previous refresh token is not available at this point, but since
         // there are no other refresh tokens, we cancel all active requests.
         CancelAllRequests();
         ClearCache();
-        UpdateAuthError(GoogleServiceAuthError::AuthErrorNone());
+        UpdateAuthError(GetPrimaryAccountId(),
+                        GoogleServiceAuthError::AuthErrorNone());
         FireRefreshTokenAvailable(GetAccountId(profile_));
       }
       break;
     }
     case chrome::NOTIFICATION_TOKENS_CLEARED: {
       CancelAllRequests();
       ClearCache();
-      UpdateAuthError(GoogleServiceAuthError::AuthErrorNone());
-      FireRefreshTokensCleared();
+      UpdateAuthError(GetPrimaryAccountId(),
+                      GoogleServiceAuthError::AuthErrorNone());
       break;
     }
     case chrome::NOTIFICATION_TOKEN_LOADING_FINISHED:
       // During startup, if the user is signed in and the OAuth2 refresh token
       // is empty, flag it as an error by badging the menu. Otherwise, if the
       // user goes on to set up sync, they will have to make two attempts:
       // One to surface the OAuth2 error, and a second one after signing in.
       // See crbug.com/276650.
-      if (!GetAccountId(profile_).empty() && GetRefreshToken().empty()) {
-        UpdateAuthError(GoogleServiceAuthError(
+      if (!GetPrimaryAccountId().empty() &&
+          !RefreshTokenIsAvailable(GetPrimaryAccountId())) {
+        UpdateAuthError(GetPrimaryAccountId(), GoogleServiceAuthError(
             GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS));
       }
       FireRefreshTokensLoaded();
       break;
     default:
       NOTREACHED() << "Invalid notification type=" << type;
       break;
   }
 }
 
 GoogleServiceAuthError ProfileOAuth2TokenService::GetAuthStatus() const {
   return last_auth_error_;
 }
 
 void ProfileOAuth2TokenService::RegisterCacheEntry(
     const std::string& refresh_token,
     const ScopeSet& scopes,
     const std::string& access_token,
     const base::Time& expiration_date) {
-  if (ShouldCacheForRefreshToken(TokenServiceFactory::GetForProfile(profile_),
-                                 refresh_token)) {
+  if (ShouldCacheForRefreshToken(refresh_token)) {
     OAuth2TokenService::RegisterCacheEntry(refresh_token,
                                            scopes,
                                            access_token,
                                            expiration_date);
   }
 }
 
 bool ProfileOAuth2TokenService::ShouldCacheForRefreshToken(
-    TokenService *token_service,
     const std::string& refresh_token) {

[Roger Tawa OOO till Jul 10th, 2013/08/26 21:04:53]

Since the Fetcher class now has the |account_id|, I think you can change this
argument from |const std::string& refresh_token| to |const std::string&
account_id|.  This should simply the function a lot.

[fgorski, 2013/08/26 23:30:54]

I've put it on a TODO for myself, but I am deferring cache handling updates
until Zel's CL is committed or abandoned.

-  if (!token_service ||
-      !token_service->HasOAuthLoginToken() ||
-      token_service->GetOAuth2LoginRefreshToken().compare(refresh_token) != 0) {
-    DLOG(INFO) <<
-        "Received a token with a refresh token not maintained by TokenService.";
-    return false;
+  // Check below ensures that only refresh tokens belonging to one of the logged
+  // in accounts will allow for the access tokens to be cached.
+  // TODO(fgorski): Convert to CHECK/DCHECK if it should not be possible.
+  // Consider a re-auth scenario.
+  for (std::map<std::string, std::string>::const_iterator iter =
+           refresh_tokens_.begin(); iter != refresh_tokens_.end(); ++iter) {
+    if (iter->second == refresh_token)
+      return true;
   }
-  return true;
+
+  DLOG(INFO) <<
+      "Received a token with a refresh token not maintained by TokenService.";
+  return false;
+}
+
+std::string ProfileOAuth2TokenService::GetPrimaryAccountId() {
+  SigninManagerBase* signin_manager =
+      SigninManagerFactory::GetForProfileIfExists(profile_);
+  return signin_manager ? signin_manager->GetAuthenticatedUsername() :
+      std::string();
+}
+
+std::vector<std::string> ProfileOAuth2TokenService::GetAccounts() {
+  std::vector<std::string> account_ids;
+  for (std::map<std::string, std::string>::const_iterator iter =
+           refresh_tokens_.begin(); iter != refresh_tokens_.end(); ++iter) {
+    account_ids.push_back(iter->first);
+  }
+  return account_ids;
 }

[Roger Tawa OOO till Jul 10th, 2013/08/26 21:04:53]

I think GetAccounts() belongs to base class OAuth2TokenService.

[fgorski, 2013/08/26 23:30:54]

I've added GetAccounts() to the public interface of O2TS as an abstract method
(which we can provide a default implementation for to avoid fixing all of the
test overloads of O2TS). I still think that it makes more sense to have to
concrete implementation (the one above) here in PO2TS, as that is the class that
knows about accounts that have refresh tokens.

 
 void ProfileOAuth2TokenService::UpdateCredentials(
     const std::string& account_id,
     const std::string& refresh_token) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
   DCHECK(!refresh_token.empty());
 
   bool refresh_token_present = refresh_tokens_.count(account_id) > 0;
   if (!refresh_token_present ||
       refresh_tokens_[account_id] != refresh_token) {
-    // If token present, and different from the new one, cancel its requests.
-    if (refresh_token_present)
+    // If token present, and different from the new one, cancel its requests,
+    // and clear the entries in cache related to that account.
+    if (refresh_token_present) {
       CancelRequestsForToken(refresh_tokens_[account_id]);
+      // ClearCacheForAccount(account_id);
+    }
 
     // Save the token in memory and in persistent store.
     refresh_tokens_[account_id] = refresh_token;
     scoped_refptr<TokenWebData> token_web_data =
         TokenWebData::FromBrowserContext(profile_);
     if (token_web_data.get())
       token_web_data->SetTokenForService(ApplyAccountIdPrefix(account_id),
                                          refresh_token);
 
+    UpdateAuthError(account_id, GoogleServiceAuthError::AuthErrorNone());
     FireRefreshTokenAvailable(account_id);
     // TODO(fgorski): Notify diagnostic observers.
   }
 }
 
 void ProfileOAuth2TokenService::RevokeCredentials(
     const std::string& account_id) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
 
   if (refresh_tokens_.count(account_id) > 0) {
     CancelRequestsForToken(refresh_tokens_[account_id]);
+    // TODO(fgorski): Call ClearCacheForAccount(account_id) from here.
     refresh_tokens_.erase(account_id);
     scoped_refptr<TokenWebData> token_web_data =
         TokenWebData::FromBrowserContext(profile_);
     if (token_web_data.get())
       token_web_data->RemoveTokenForService(ApplyAccountIdPrefix(account_id));
     FireRefreshTokenRevoked(account_id);
 
     // TODO(fgorski): Notify diagnostic observers.
   }
 }
 
 void ProfileOAuth2TokenService::RevokeAllCredentials() {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
 
   CancelAllRequests();
   for (std::map<std::string, std::string>::const_iterator iter =
            refresh_tokens_.begin();
        iter != refresh_tokens_.end();
        ++iter) {
     FireRefreshTokenRevoked(iter->first);
   }
   refresh_tokens_.clear();
 
   scoped_refptr<TokenWebData> token_web_data =
       TokenWebData::FromBrowserContext(profile_);
   if (token_web_data.get())
     token_web_data->RemoveAllTokens();
-  FireRefreshTokensCleared();
 
   // TODO(fgorski): Notify diagnostic observers.
 }
 
 void ProfileOAuth2TokenService::LoadCredentials() {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
   DCHECK_EQ(0, web_data_service_request_);
 
   CancelAllRequests();
   refresh_tokens_.clear();
@@ skipping 47 matching lines @@
     }
   }
 
   if (!old_login_token.empty() &&
       refresh_tokens_.count(GetAccountId(profile_)) == 0) {
     UpdateCredentials(GetAccountId(profile_), old_login_token);
   }
 
   FireRefreshTokensLoaded();
 }