Chromium Code Reviews Chromium Code Reviews
Issue 23382008:
Making OAuth2TokenService multi-login aware, updating callers, minor fixes (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" | 5 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/prefs/pref_registry_simple.h" | 10 #include "base/prefs/pref_registry_simple.h" |
| 11 #include "base/prefs/pref_service.h" | 11 #include "base/prefs/pref_service.h" |
| 12 #include "base/values.h" | 12 #include "base/values.h" |
| 13 #include "chrome/browser/browser_process.h" | 13 #include "chrome/browser/browser_process.h" |
| 14 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" | 14 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" |
| 15 #include "chrome/browser/policy/browser_policy_connector.h" | 15 #include "chrome/browser/policy/browser_policy_connector.h" |
| 16 #include "chrome/browser/policy/proto/cloud/device_management_backend.pb.h" | 16 #include "chrome/browser/policy/proto/cloud/device_management_backend.pb.h" |
| 17 #include "chrome/common/pref_names.h" | 17 #include "chrome/common/pref_names.h" |
| 18 #include "chromeos/cryptohome/cryptohome_library.h" | 18 #include "chromeos/cryptohome/cryptohome_library.h" |
| 19 #include "content/public/browser/browser_thread.h" | 19 #include "content/public/browser/browser_thread.h" |
| 20 #include "google_apis/gaia/gaia_urls.h" | 20 #include "google_apis/gaia/gaia_urls.h" |
| 21 #include "google_apis/gaia/google_service_auth_error.h" | 21 #include "google_apis/gaia/google_service_auth_error.h" |
| 22 | 22 |
| 23 namespace { | 23 namespace { |
| 24 const char kServiceScopeGetUserInfo[] = | 24 const char kServiceScopeGetUserInfo[] = |
| 25 "https://www.googleapis.com/auth/userinfo.email"; | 25 "https://www.googleapis.com/auth/userinfo.email"; |
| 26 const char kDeviceAccountId[] = | |
| 27 "device_account_id"; | |
| 26 } // namespace | 28 } // namespace |
| 27 | 29 |
| 28 namespace chromeos { | 30 namespace chromeos { |
| 29 | 31 |
| 30 // A wrapper for the consumer passed to StartRequest, which doesn't call | 32 // A wrapper for the consumer passed to StartRequest, which doesn't call |
| 31 // through to the target Consumer unless the refresh token validation is | 33 // through to the target Consumer unless the refresh token validation is |
| 32 // complete. Additionally implements the Request interface, so that it | 34 // complete. Additionally implements the Request interface, so that it |
| 33 // can be passed back to the caller and directly deleted when cancelling | 35 // can be passed back to the caller and directly deleted when cancelling |
| 34 // the request. | 36 // the request. |
| 35 class DeviceOAuth2TokenService::ValidatingConsumer | 37 class DeviceOAuth2TokenService::ValidatingConsumer |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 108 gaia_oauth_client_.reset(new gaia::GaiaOAuthClient( | 110 gaia_oauth_client_.reset(new gaia::GaiaOAuthClient( |
| 109 g_browser_process->system_request_context())); | 111 g_browser_process->system_request_context())); |
| 110 | 112 |
| 111 GaiaUrls* gaia_urls = GaiaUrls::GetInstance(); | 113 GaiaUrls* gaia_urls = GaiaUrls::GetInstance(); |
| 112 gaia::OAuthClientInfo client_info; | 114 gaia::OAuthClientInfo client_info; |
| 113 client_info.client_id = gaia_urls->oauth2_chrome_client_id(); | 115 client_info.client_id = gaia_urls->oauth2_chrome_client_id(); |
| 114 client_info.client_secret = gaia_urls->oauth2_chrome_client_secret(); | 116 client_info.client_secret = gaia_urls->oauth2_chrome_client_secret(); |
| 115 | 117 |
| 116 gaia_oauth_client_->RefreshToken( | 118 gaia_oauth_client_->RefreshToken( |
| 117 client_info, | 119 client_info, |
| 118 token_service_->GetRefreshToken(), | 120 token_service_->GetRefreshToken(token_service_->GetDeviceAccountId()), |
| 119 std::vector<std::string>(1, kServiceScopeGetUserInfo), | 121 std::vector<std::string>(1, kServiceScopeGetUserInfo), |
| 120 token_service_->max_refresh_token_validation_retries_, | 122 token_service_->max_refresh_token_validation_retries_, |
| 121 this); | 123 this); |
| 122 } | 124 } |
| 123 | 125 |
| 124 void DeviceOAuth2TokenService::ValidatingConsumer::OnRefreshTokenResponse( | 126 void DeviceOAuth2TokenService::ValidatingConsumer::OnRefreshTokenResponse( |
| 125 const std::string& access_token, | 127 const std::string& access_token, |
| 126 int expires_in_seconds) { | 128 int expires_in_seconds) { |
| 127 gaia_oauth_client_->GetTokenInfo( | 129 gaia_oauth_client_->GetTokenInfo( |
| 128 access_token, | 130 access_token, |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 207 consumer_->OnGetTokenSuccess(this, access_token_copy, expiration_time_copy); | 209 consumer_->OnGetTokenSuccess(this, access_token_copy, expiration_time_copy); |
| 208 } | 210 } |
| 209 } | 211 } |
| 210 | 212 |
| 211 DeviceOAuth2TokenService::DeviceOAuth2TokenService( | 213 DeviceOAuth2TokenService::DeviceOAuth2TokenService( |
| 212 net::URLRequestContextGetter* getter, | 214 net::URLRequestContextGetter* getter, |
| 213 PrefService* local_state) | 215 PrefService* local_state) |
| 214 : refresh_token_is_valid_(false), | 216 : refresh_token_is_valid_(false), |
| 215 max_refresh_token_validation_retries_(3), | 217 max_refresh_token_validation_retries_(3), |
| 216 url_request_context_getter_(getter), | 218 url_request_context_getter_(getter), |
| 217 local_state_(local_state) { | 219 local_state_(local_state), |
| 220 device_account_id_(kDeviceAccountId) { | |
|
Mattias Nissler (ping if slow)
2013/09/06 09:34:48
I think this is wrong. We do have a proper account
fgorski
2013/09/12 23:46:24
Done.
| |
| 218 } | 221 } |
| 219 | 222 |
| 220 DeviceOAuth2TokenService::~DeviceOAuth2TokenService() { | 223 DeviceOAuth2TokenService::~DeviceOAuth2TokenService() { |
| 221 } | 224 } |
| 222 | 225 |
| 223 scoped_ptr<OAuth2TokenService::Request> DeviceOAuth2TokenService::StartRequest( | 226 scoped_ptr<OAuth2TokenService::Request> DeviceOAuth2TokenService::StartRequest( |
| 227 const std::string& account_id, | |
| 224 const OAuth2TokenService::ScopeSet& scopes, | 228 const OAuth2TokenService::ScopeSet& scopes, |
| 225 OAuth2TokenService::Consumer* consumer) { | 229 OAuth2TokenService::Consumer* consumer) { |
| 226 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | 230 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 231 DCHECK_EQ(account_id, device_account_id_); | |
| 227 | 232 |
| 228 if (refresh_token_is_valid_) { | 233 if (refresh_token_is_valid_) { |
| 229 return OAuth2TokenService::StartRequest(scopes, consumer).Pass(); | 234 return OAuth2TokenService::StartRequest( |
| 235 account_id, scopes, consumer).Pass(); | |
| 230 } else { | 236 } else { |
| 231 scoped_ptr<ValidatingConsumer> validating_consumer( | 237 scoped_ptr<ValidatingConsumer> validating_consumer( |
| 232 new ValidatingConsumer(this, consumer)); | 238 new ValidatingConsumer(this, consumer)); |
| 233 | 239 |
| 234 scoped_ptr<Request> request = OAuth2TokenService::StartRequest( | 240 scoped_ptr<Request> request = OAuth2TokenService::StartRequest( |
| 235 scopes, validating_consumer.get()); | 241 account_id, scopes, validating_consumer.get()); |
| 236 validating_consumer->StartValidation(request.Pass()); | 242 validating_consumer->StartValidation(request.Pass()); |
| 237 return validating_consumer.PassAs<Request>(); | 243 return validating_consumer.PassAs<Request>(); |
| 238 } | 244 } |
| 239 } | 245 } |
| 240 | 246 |
| 241 void DeviceOAuth2TokenService::OnValidationComplete( | 247 void DeviceOAuth2TokenService::OnValidationComplete( |
| 242 bool refresh_token_is_valid) { | 248 bool refresh_token_is_valid) { |
| 243 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | 249 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 244 refresh_token_is_valid_ = refresh_token_is_valid; | 250 refresh_token_is_valid_ = refresh_token_is_valid; |
| 245 } | 251 } |
| 246 | 252 |
| 247 // static | 253 // static |
| 248 void DeviceOAuth2TokenService::RegisterPrefs(PrefRegistrySimple* registry) { | 254 void DeviceOAuth2TokenService::RegisterPrefs(PrefRegistrySimple* registry) { |
| 249 registry->RegisterStringPref(prefs::kDeviceRobotAnyApiRefreshToken, | 255 registry->RegisterStringPref(prefs::kDeviceRobotAnyApiRefreshToken, |
| 250 std::string()); | 256 std::string()); |
| 251 } | 257 } |
| 252 | 258 |
| 253 void DeviceOAuth2TokenService::SetAndSaveRefreshToken( | 259 void DeviceOAuth2TokenService::SetAndSaveRefreshToken( |
| 254 const std::string& refresh_token) { | 260 const std::string& refresh_token) { |
| 255 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | 261 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 256 std::string encrypted_refresh_token = | 262 std::string encrypted_refresh_token = |
| 257 CryptohomeLibrary::Get()->EncryptWithSystemSalt(refresh_token); | 263 CryptohomeLibrary::Get()->EncryptWithSystemSalt(refresh_token); |
| 258 | 264 |
| 259 local_state_->SetString(prefs::kDeviceRobotAnyApiRefreshToken, | 265 local_state_->SetString(prefs::kDeviceRobotAnyApiRefreshToken, |
| 260 encrypted_refresh_token); | 266 encrypted_refresh_token); |
| 261 } | 267 } |
| 262 | 268 |
| 263 std::string DeviceOAuth2TokenService::GetRefreshToken() { | 269 std::string DeviceOAuth2TokenService::GetRefreshToken( |
| 270 const std::string& account_id) { | |
| 271 DCHECK_EQ(account_id, device_account_id_); | |
| 264 if (refresh_token_.empty()) { | 272 if (refresh_token_.empty()) { |
| 265 std::string encrypted_refresh_token = | 273 std::string encrypted_refresh_token = |
| 266 local_state_->GetString(prefs::kDeviceRobotAnyApiRefreshToken); | 274 local_state_->GetString(prefs::kDeviceRobotAnyApiRefreshToken); |
| 267 | 275 |
| 268 refresh_token_ = CryptohomeLibrary::Get()->DecryptWithSystemSalt( | 276 refresh_token_ = CryptohomeLibrary::Get()->DecryptWithSystemSalt( |
| 269 encrypted_refresh_token); | 277 encrypted_refresh_token); |
| 270 } | 278 } |
| 271 return refresh_token_; | 279 return refresh_token_; |
| 272 } | 280 } |
| 273 | 281 |
| 282 const std::string& DeviceOAuth2TokenService::GetDeviceAccountId() const { | |
| 283 return device_account_id_; | |
| 284 } | |
| 285 | |
| 274 std::string DeviceOAuth2TokenService::GetRobotAccountId() { | 286 std::string DeviceOAuth2TokenService::GetRobotAccountId() { |
| 275 policy::BrowserPolicyConnector* connector = | 287 policy::BrowserPolicyConnector* connector = |
| 276 g_browser_process->browser_policy_connector(); | 288 g_browser_process->browser_policy_connector(); |
| 277 if (connector) | 289 if (connector) |
| 278 return connector->GetDeviceCloudPolicyManager()->GetRobotAccountId(); | 290 return connector->GetDeviceCloudPolicyManager()->GetRobotAccountId(); |
| 279 return std::string(); | 291 return std::string(); |
| 280 } | 292 } |
| 281 | 293 |
| 282 net::URLRequestContextGetter* DeviceOAuth2TokenService::GetRequestContext() { | 294 net::URLRequestContextGetter* DeviceOAuth2TokenService::GetRequestContext() { |
| 283 return url_request_context_getter_.get(); | 295 return url_request_context_getter_.get(); |
| 284 } | 296 } |
| 285 | 297 |
| 286 } // namespace chromeos | 298 } // namespace chromeos |
| OLD | NEW |
