Making OAuth2TokenService multi-login aware, updating callers, minor fixes

chrome/browser/signin/profile_oauth2_token_service.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/profile_oauth2_token_service.h"
 
 #include "base/bind.h"
 #include "base/message_loop/message_loop.h"
 #include "base/stl_util.h"
 #include "base/time/time.h"
@@ skipping 28 matching lines @@
 }
 
 std::string ApplyAccountIdPrefix(const std::string& account_id) {
   return kAccountIdPrefix + account_id;
 }
 
 std::string RemoveAccountIdPrefix(const std::string& prefixed_account_id) {
   return prefixed_account_id.substr(kAccountIdPrefixLength);
 }
 
-std::string GetAccountId(Profile* profile) {
-  SigninManagerBase* signin_manager =
-      SigninManagerFactory::GetForProfileIfExists(profile);
-  return signin_manager ? signin_manager->GetAuthenticatedUsername() :
-      std::string();
-}
-
 }  // namespace
 
 ProfileOAuth2TokenService::ProfileOAuth2TokenService()
     : profile_(NULL),
       web_data_service_request_(0),
       last_auth_error_(GoogleServiceAuthError::NONE) {
 }
 
 ProfileOAuth2TokenService::~ProfileOAuth2TokenService() {
   DCHECK(!signin_global_error_.get()) <<
@@ skipping 26 matching lines @@
 
 void ProfileOAuth2TokenService::Shutdown() {
   DCHECK(profile_) << "Shutdown() called without matching call to Initialize()";
   CancelAllRequests();
   signin_global_error_->RemoveProvider(this);
   GlobalErrorServiceFactory::GetForProfile(profile_)->RemoveGlobalError(
       signin_global_error_.get());
   signin_global_error_.reset();
 }
 
-std::string ProfileOAuth2TokenService::GetRefreshToken() {
-  TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
-  if (!token_service || !token_service->HasOAuthLoginToken()) {
-    return std::string();
-  }
-  return token_service->GetOAuth2LoginRefreshToken();
+std::string ProfileOAuth2TokenService::GetRefreshToken(
+    const std::string& account_id) {
+  std::map<std::string, std::string>::const_iterator iter =
+      refresh_tokens_.find(account_id);
+  if (iter != refresh_tokens_.end())
+    return iter->second;
+  return std::string();
 }
 
 net::URLRequestContextGetter* ProfileOAuth2TokenService::GetRequestContext() {
   return profile_->GetRequestContext();
 }
 
 void ProfileOAuth2TokenService::UpdateAuthError(
+    const std::string& account_id,
     const GoogleServiceAuthError& error) {
+  // TODO(fgorski): SigninGlobalError needs to be made multi-login aware.
   // Do not report connection errors as these are not actually auth errors.
   // We also want to avoid masking a "real" auth error just because we
   // subsequently get a transient network error.
   if (error.state() == GoogleServiceAuthError::CONNECTION_FAILED)
     return;
 
   if (error.state() != last_auth_error_.state()) {
     last_auth_error_ = error;
     signin_global_error_->AuthStatusChanged();
   }
 }
 
 void ProfileOAuth2TokenService::Observe(
     int type,
     const content::NotificationSource& source,
     const content::NotificationDetails& details) {
   switch (type) {
     case chrome::NOTIFICATION_TOKEN_AVAILABLE: {
       TokenService::TokenAvailableDetails* tok_details =
           content::Details<TokenService::TokenAvailableDetails>(details).ptr();
       if (tok_details->service() ==
           GaiaConstants::kGaiaOAuth2LoginRefreshToken) {
         // TODO(fgorski): Canceling all requests will not be correct in a
         // multi-login environment. We should cancel only the requests related
         // to the token being replaced (old token for the same account_id).
         // Previous refresh token is not available at this point, but since
         // there are no other refresh tokens, we cancel all active requests.
         CancelAllRequests();
         ClearCache();
-        UpdateAuthError(GoogleServiceAuthError::AuthErrorNone());
-        FireRefreshTokenAvailable(GetAccountId(profile_));
+        std::string account_id = GetPrimaryAccountId();
+        UpdateAuthError(account_id, GoogleServiceAuthError::AuthErrorNone());
+        refresh_tokens_[account_id] = tok_details->token();
+        FireRefreshTokenAvailable(account_id);
       }
       break;
     }
     case chrome::NOTIFICATION_TOKENS_CLEARED: {
       CancelAllRequests();
       ClearCache();
-      UpdateAuthError(GoogleServiceAuthError::AuthErrorNone());
-      FireRefreshTokensCleared();
+      UpdateAuthError(GetPrimaryAccountId(),
+                      GoogleServiceAuthError::AuthErrorNone());
       break;
     }
     case chrome::NOTIFICATION_TOKEN_LOADING_FINISHED:
       // During startup, if the user is signed in and the OAuth2 refresh token
       // is empty, flag it as an error by badging the menu. Otherwise, if the
       // user goes on to set up sync, they will have to make two attempts:
       // One to surface the OAuth2 error, and a second one after signing in.
       // See crbug.com/276650.
-      if (!GetAccountId(profile_).empty() && GetRefreshToken().empty()) {
-        UpdateAuthError(GoogleServiceAuthError(
+      if (!GetPrimaryAccountId().empty() &&
+          !RefreshTokenIsAvailable(GetPrimaryAccountId())) {
+        UpdateAuthError(GetPrimaryAccountId(), GoogleServiceAuthError(
             GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS));
       }
       FireRefreshTokensLoaded();
       break;
     default:
       NOTREACHED() << "Invalid notification type=" << type;
       break;
   }
 }
 
 GoogleServiceAuthError ProfileOAuth2TokenService::GetAuthStatus() const {
   return last_auth_error_;
 }
 
 void ProfileOAuth2TokenService::RegisterCacheEntry(
     const std::string& refresh_token,
     const ScopeSet& scopes,
     const std::string& access_token,
     const base::Time& expiration_date) {
-  if (ShouldCacheForRefreshToken(TokenServiceFactory::GetForProfile(profile_),
-                                 refresh_token)) {
+  if (ShouldCacheForRefreshToken(refresh_token)) {
     OAuth2TokenService::RegisterCacheEntry(refresh_token,
                                            scopes,
                                            access_token,
                                            expiration_date);
   }
 }
 
 bool ProfileOAuth2TokenService::ShouldCacheForRefreshToken(
-    TokenService *token_service,
     const std::string& refresh_token) {
-  if (!token_service ||
-      !token_service->HasOAuthLoginToken() ||
-      token_service->GetOAuth2LoginRefreshToken().compare(refresh_token) != 0) {
-    DLOG(INFO) <<
-        "Received a token with a refresh token not maintained by TokenService.";
-    return false;
+  // Check below ensures that only refresh tokens belonging to one of the logged
+  // in accounts will allow for the access tokens to be cached.
+  // TODO(fgorski): Convert to CHECK/DCHECK if it should not be possible.
+  // Consider a re-auth scenario.
+  for (std::map<std::string, std::string>::const_iterator iter =
+           refresh_tokens_.begin(); iter != refresh_tokens_.end(); ++iter) {
+    if (iter->second == refresh_token)
+      return true;
   }
-  return true;
+
+  DLOG(INFO) <<
+      "Received a token with a refresh token not maintained by TokenService.";
+  return false;
+}
+
+std::string ProfileOAuth2TokenService::GetPrimaryAccountId() {
+  SigninManagerBase* signin_manager =
+      SigninManagerFactory::GetForProfileIfExists(profile_);
+  // TODO(fgorski): DCHECK(signin_manager) here - it may require update to test
+  // code and the line above (SigninManager might not exist yet).
+  return signin_manager ? signin_manager->GetAuthenticatedUsername()
+      : std::string();
+}
+
+std::vector<std::string> ProfileOAuth2TokenService::GetAccounts() {
+  std::vector<std::string> account_ids;
+  for (std::map<std::string, std::string>::const_iterator iter =
+           refresh_tokens_.begin(); iter != refresh_tokens_.end(); ++iter) {
+    account_ids.push_back(iter->first);
+  }
+  return account_ids;
 }
 
 void ProfileOAuth2TokenService::UpdateCredentials(
     const std::string& account_id,
     const std::string& refresh_token) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
   DCHECK(!refresh_token.empty());
 
   bool refresh_token_present = refresh_tokens_.count(account_id) > 0;
   if (!refresh_token_present ||
       refresh_tokens_[account_id] != refresh_token) {
-    // If token present, and different from the new one, cancel its requests.
-    if (refresh_token_present)
+    // If token present, and different from the new one, cancel its requests,
+    // and clear the entries in cache related to that account.
+    if (refresh_token_present) {
       CancelRequestsForToken(refresh_tokens_[account_id]);
+      // ClearCacheForAccount(account_id);
+    }
 
     // Save the token in memory and in persistent store.
     refresh_tokens_[account_id] = refresh_token;
     scoped_refptr<TokenWebData> token_web_data =
         TokenWebData::FromBrowserContext(profile_);
     if (token_web_data.get())
       token_web_data->SetTokenForService(ApplyAccountIdPrefix(account_id),
                                          refresh_token);
 
+    UpdateAuthError(account_id, GoogleServiceAuthError::AuthErrorNone());
     FireRefreshTokenAvailable(account_id);
     // TODO(fgorski): Notify diagnostic observers.
   }
 }
 
 void ProfileOAuth2TokenService::RevokeCredentials(
     const std::string& account_id) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
 
   if (refresh_tokens_.count(account_id) > 0) {
     CancelRequestsForToken(refresh_tokens_[account_id]);
+    // TODO(fgorski): Call ClearCacheForAccount(account_id) from here.
     refresh_tokens_.erase(account_id);
     scoped_refptr<TokenWebData> token_web_data =
         TokenWebData::FromBrowserContext(profile_);
     if (token_web_data.get())
       token_web_data->RemoveTokenForService(ApplyAccountIdPrefix(account_id));
     FireRefreshTokenRevoked(account_id);
 
     // TODO(fgorski): Notify diagnostic observers.
   }
 }
 
 void ProfileOAuth2TokenService::RevokeAllCredentials() {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
 
   CancelAllRequests();
   for (std::map<std::string, std::string>::const_iterator iter =
            refresh_tokens_.begin();
        iter != refresh_tokens_.end();
        ++iter) {
     FireRefreshTokenRevoked(iter->first);
   }
   refresh_tokens_.clear();
 
   scoped_refptr<TokenWebData> token_web_data =
       TokenWebData::FromBrowserContext(profile_);
   if (token_web_data.get())
     token_web_data->RemoveAllTokens();
-  FireRefreshTokensCleared();
 
   // TODO(fgorski): Notify diagnostic observers.
 }
 
 void ProfileOAuth2TokenService::LoadCredentials() {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
   DCHECK_EQ(0, web_data_service_request_);
 
   CancelAllRequests();
   refresh_tokens_.clear();
@@ skipping 41 matching lines @@
     } else {
       DCHECK(!refresh_token.empty());
       std::string account_id = RemoveAccountIdPrefix(prefixed_account_id);
       refresh_tokens_[account_id] = refresh_token;
       FireRefreshTokenAvailable(account_id);
       // TODO(fgorski): Notify diagnostic observers.
     }
   }
 
   if (!old_login_token.empty() &&
-      refresh_tokens_.count(GetAccountId(profile_)) == 0) {
-    UpdateCredentials(GetAccountId(profile_), old_login_token);
+      refresh_tokens_.count(GetPrimaryAccountId()) == 0) {
+    UpdateCredentials(GetPrimaryAccountId(), old_login_token);
   }
 
   FireRefreshTokensLoaded();
 }