| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/signin/profile_oauth2_token_service.h" | 5 #include "chrome/browser/signin/profile_oauth2_token_service.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/message_loop/message_loop.h" | 8 #include "base/message_loop/message_loop.h" |
| 9 #include "base/stl_util.h" | 9 #include "base/stl_util.h" |
| 10 #include "base/time/time.h" | 10 #include "base/time/time.h" |
| (...skipping 28 matching lines...) Expand all Loading... |
| 39 } | 39 } |
| 40 | 40 |
| 41 std::string ApplyAccountIdPrefix(const std::string& account_id) { | 41 std::string ApplyAccountIdPrefix(const std::string& account_id) { |
| 42 return kAccountIdPrefix + account_id; | 42 return kAccountIdPrefix + account_id; |
| 43 } | 43 } |
| 44 | 44 |
| 45 std::string RemoveAccountIdPrefix(const std::string& prefixed_account_id) { | 45 std::string RemoveAccountIdPrefix(const std::string& prefixed_account_id) { |
| 46 return prefixed_account_id.substr(kAccountIdPrefixLength); | 46 return prefixed_account_id.substr(kAccountIdPrefixLength); |
| 47 } | 47 } |
| 48 | 48 |
| 49 std::string GetAccountId(Profile* profile) { | |
| 50 SigninManagerBase* signin_manager = | |
| 51 SigninManagerFactory::GetForProfileIfExists(profile); | |
| 52 return signin_manager ? signin_manager->GetAuthenticatedUsername() : | |
| 53 std::string(); | |
| 54 } | |
| 55 | |
| 56 } // namespace | 49 } // namespace |
| 57 | 50 |
| 58 ProfileOAuth2TokenService::ProfileOAuth2TokenService() | 51 ProfileOAuth2TokenService::ProfileOAuth2TokenService() |
| 59 : profile_(NULL), | 52 : profile_(NULL), |
| 60 web_data_service_request_(0), | 53 web_data_service_request_(0), |
| 61 last_auth_error_(GoogleServiceAuthError::NONE) { | 54 last_auth_error_(GoogleServiceAuthError::NONE) { |
| 62 } | 55 } |
| 63 | 56 |
| 64 ProfileOAuth2TokenService::~ProfileOAuth2TokenService() { | 57 ProfileOAuth2TokenService::~ProfileOAuth2TokenService() { |
| 65 DCHECK(!signin_global_error_.get()) << | 58 DCHECK(!signin_global_error_.get()) << |
| (...skipping 26 matching lines...) Expand all Loading... |
| 92 | 85 |
| 93 void ProfileOAuth2TokenService::Shutdown() { | 86 void ProfileOAuth2TokenService::Shutdown() { |
| 94 DCHECK(profile_) << "Shutdown() called without matching call to Initialize()"; | 87 DCHECK(profile_) << "Shutdown() called without matching call to Initialize()"; |
| 95 CancelAllRequests(); | 88 CancelAllRequests(); |
| 96 signin_global_error_->RemoveProvider(this); | 89 signin_global_error_->RemoveProvider(this); |
| 97 GlobalErrorServiceFactory::GetForProfile(profile_)->RemoveGlobalError( | 90 GlobalErrorServiceFactory::GetForProfile(profile_)->RemoveGlobalError( |
| 98 signin_global_error_.get()); | 91 signin_global_error_.get()); |
| 99 signin_global_error_.reset(); | 92 signin_global_error_.reset(); |
| 100 } | 93 } |
| 101 | 94 |
| 102 std::string ProfileOAuth2TokenService::GetRefreshToken() { | 95 std::string ProfileOAuth2TokenService::GetRefreshToken( |
| 103 TokenService* token_service = TokenServiceFactory::GetForProfile(profile_); | 96 const std::string& account_id) { |
| 104 if (!token_service || !token_service->HasOAuthLoginToken()) { | 97 std::map<std::string, std::string>::const_iterator iter = |
| 105 return std::string(); | 98 refresh_tokens_.find(account_id); |
| 106 } | 99 if (iter != refresh_tokens_.end()) |
| 107 return token_service->GetOAuth2LoginRefreshToken(); | 100 return iter->second; |
| 101 return std::string(); |
| 108 } | 102 } |
| 109 | 103 |
| 110 net::URLRequestContextGetter* ProfileOAuth2TokenService::GetRequestContext() { | 104 net::URLRequestContextGetter* ProfileOAuth2TokenService::GetRequestContext() { |
| 111 return profile_->GetRequestContext(); | 105 return profile_->GetRequestContext(); |
| 112 } | 106 } |
| 113 | 107 |
| 114 void ProfileOAuth2TokenService::UpdateAuthError( | 108 void ProfileOAuth2TokenService::UpdateAuthError( |
| 109 const std::string& account_id, |
| 115 const GoogleServiceAuthError& error) { | 110 const GoogleServiceAuthError& error) { |
| 111 // TODO(fgorski): SigninGlobalError needs to be made multi-login aware. |
| 116 // Do not report connection errors as these are not actually auth errors. | 112 // Do not report connection errors as these are not actually auth errors. |
| 117 // We also want to avoid masking a "real" auth error just because we | 113 // We also want to avoid masking a "real" auth error just because we |
| 118 // subsequently get a transient network error. | 114 // subsequently get a transient network error. |
| 119 if (error.state() == GoogleServiceAuthError::CONNECTION_FAILED) | 115 if (error.state() == GoogleServiceAuthError::CONNECTION_FAILED) |
| 120 return; | 116 return; |
| 121 | 117 |
| 122 if (error.state() != last_auth_error_.state()) { | 118 if (error.state() != last_auth_error_.state()) { |
| 123 last_auth_error_ = error; | 119 last_auth_error_ = error; |
| 124 signin_global_error_->AuthStatusChanged(); | 120 signin_global_error_->AuthStatusChanged(); |
| 125 } | 121 } |
| 126 } | 122 } |
| 127 | 123 |
| 128 void ProfileOAuth2TokenService::Observe( | 124 void ProfileOAuth2TokenService::Observe( |
| 129 int type, | 125 int type, |
| 130 const content::NotificationSource& source, | 126 const content::NotificationSource& source, |
| 131 const content::NotificationDetails& details) { | 127 const content::NotificationDetails& details) { |
| 128 const std::string& account_id = GetPrimaryAccountId(); |
| 132 switch (type) { | 129 switch (type) { |
| 133 case chrome::NOTIFICATION_TOKEN_AVAILABLE: { | 130 case chrome::NOTIFICATION_TOKEN_AVAILABLE: { |
| 134 TokenService::TokenAvailableDetails* tok_details = | 131 TokenService::TokenAvailableDetails* tok_details = |
| 135 content::Details<TokenService::TokenAvailableDetails>(details).ptr(); | 132 content::Details<TokenService::TokenAvailableDetails>(details).ptr(); |
| 136 if (tok_details->service() == | 133 if (tok_details->service() == |
| 137 GaiaConstants::kGaiaOAuth2LoginRefreshToken) { | 134 GaiaConstants::kGaiaOAuth2LoginRefreshToken) { |
| 138 // TODO(fgorski): Canceling all requests will not be correct in a | 135 // TODO(fgorski): Work on removing this code altogether in favor of the |
| 139 // multi-login environment. We should cancel only the requests related | 136 // upgrade steps invoked by Initialize. |
| 140 // to the token being replaced (old token for the same account_id). | 137 // TODO(fgorski): Refresh token received that way is not persisted in |
| 141 // Previous refresh token is not available at this point, but since | 138 // the token DB. |
| 142 // there are no other refresh tokens, we cancel all active requests. | 139 CancelRequestsForToken(tok_details->token()); |
| 143 CancelAllRequests(); | 140 ClearCacheForAccount(account_id); |
| 144 ClearCache(); | 141 refresh_tokens_[account_id] = tok_details->token(); |
| 145 UpdateAuthError(GoogleServiceAuthError::AuthErrorNone()); | 142 UpdateAuthError(account_id, GoogleServiceAuthError::AuthErrorNone()); |
| 146 FireRefreshTokenAvailable(GetAccountId(profile_)); | 143 FireRefreshTokenAvailable(account_id); |
| 147 } | 144 } |
| 148 break; | 145 break; |
| 149 } | 146 } |
| 150 case chrome::NOTIFICATION_TOKENS_CLEARED: { | 147 case chrome::NOTIFICATION_TOKENS_CLEARED: { |
| 151 CancelAllRequests(); | 148 CancelAllRequests(); |
| 152 ClearCache(); | 149 ClearCache(); |
| 153 UpdateAuthError(GoogleServiceAuthError::AuthErrorNone()); | 150 UpdateAuthError(account_id, GoogleServiceAuthError::AuthErrorNone()); |
| 154 FireRefreshTokensCleared(); | |
| 155 break; | 151 break; |
| 156 } | 152 } |
| 157 case chrome::NOTIFICATION_TOKEN_LOADING_FINISHED: | 153 case chrome::NOTIFICATION_TOKEN_LOADING_FINISHED: |
| 158 // During startup, if the user is signed in and the OAuth2 refresh token | 154 // During startup, if the user is signed in and the OAuth2 refresh token |
| 159 // is empty, flag it as an error by badging the menu. Otherwise, if the | 155 // is empty, flag it as an error by badging the menu. Otherwise, if the |
| 160 // user goes on to set up sync, they will have to make two attempts: | 156 // user goes on to set up sync, they will have to make two attempts: |
| 161 // One to surface the OAuth2 error, and a second one after signing in. | 157 // One to surface the OAuth2 error, and a second one after signing in. |
| 162 // See crbug.com/276650. | 158 // See crbug.com/276650. |
| 163 if (!GetAccountId(profile_).empty() && GetRefreshToken().empty()) { | 159 if (!account_id.empty() && GetRefreshToken(account_id).empty()) { |
| 164 UpdateAuthError(GoogleServiceAuthError( | 160 UpdateAuthError(account_id, GoogleServiceAuthError( |
| 165 GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS)); | 161 GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS)); |
| 166 } | 162 } |
| 167 FireRefreshTokensLoaded(); | 163 FireRefreshTokensLoaded(); |
| 168 break; | 164 break; |
| 169 default: | 165 default: |
| 170 NOTREACHED() << "Invalid notification type=" << type; | 166 NOTREACHED() << "Invalid notification type=" << type; |
| 171 break; | 167 break; |
| 172 } | 168 } |
| 173 } | 169 } |
| 174 | 170 |
| 175 GoogleServiceAuthError ProfileOAuth2TokenService::GetAuthStatus() const { | 171 GoogleServiceAuthError ProfileOAuth2TokenService::GetAuthStatus() const { |
| 176 return last_auth_error_; | 172 return last_auth_error_; |
| 177 } | 173 } |
| 178 | 174 |
| 179 void ProfileOAuth2TokenService::RegisterCacheEntry( | 175 void ProfileOAuth2TokenService::RegisterCacheEntry( |
| 180 const std::string& client_id, | 176 const std::string& client_id, |
| 181 const std::string& refresh_token, | 177 const std::string& refresh_token, |
| 182 const ScopeSet& scopes, | 178 const ScopeSet& scopes, |
| 183 const std::string& access_token, | 179 const std::string& access_token, |
| 184 const base::Time& expiration_date) { | 180 const base::Time& expiration_date) { |
| 185 if (ShouldCacheForRefreshToken(TokenServiceFactory::GetForProfile(profile_), | 181 if (ShouldCacheForRefreshToken(refresh_token)) { |
| 186 refresh_token)) { | |
| 187 OAuth2TokenService::RegisterCacheEntry(client_id, | 182 OAuth2TokenService::RegisterCacheEntry(client_id, |
| 188 refresh_token, | 183 refresh_token, |
| 189 scopes, | 184 scopes, |
| 190 access_token, | 185 access_token, |
| 191 expiration_date); | 186 expiration_date); |
| 192 } | 187 } |
| 193 } | 188 } |
| 194 | 189 |
| 195 bool ProfileOAuth2TokenService::ShouldCacheForRefreshToken( | 190 bool ProfileOAuth2TokenService::ShouldCacheForRefreshToken( |
| 196 TokenService *token_service, | |
| 197 const std::string& refresh_token) { | 191 const std::string& refresh_token) { |
| 198 if (!token_service || | 192 // Check below ensures that only refresh tokens belonging to one of the logged |
| 199 !token_service->HasOAuthLoginToken() || | 193 // in accounts will allow for the access tokens to be cached. |
| 200 token_service->GetOAuth2LoginRefreshToken().compare(refresh_token) != 0) { | 194 // TODO(fgorski): Convert to CHECK/DCHECK if it should not be possible. |
| 201 DLOG(INFO) << | 195 // Consider a re-auth scenario. |
| 202 "Received a token with a refresh token not maintained by TokenService."; | 196 for (std::map<std::string, std::string>::const_iterator iter = |
| 203 return false; | 197 refresh_tokens_.begin(); iter != refresh_tokens_.end(); ++iter) { |
| 198 if (iter->second == refresh_token) |
| 199 return true; |
| 204 } | 200 } |
| 205 return true; | 201 |
| 202 DLOG(INFO) << |
| 203 "Received a token with a refresh token not maintained by TokenService."; |
| 204 return false; |
| 205 } |
| 206 |
| 207 std::string ProfileOAuth2TokenService::GetPrimaryAccountId() { |
| 208 SigninManagerBase* signin_manager = |
| 209 SigninManagerFactory::GetForProfileIfExists(profile_); |
| 210 // TODO(fgorski): DCHECK(signin_manager) here - it may require update to test |
| 211 // code and the line above (SigninManager might not exist yet). |
| 212 return signin_manager ? signin_manager->GetAuthenticatedUsername() |
| 213 : std::string(); |
| 214 } |
| 215 |
| 216 std::vector<std::string> ProfileOAuth2TokenService::GetAccounts() { |
| 217 std::vector<std::string> account_ids; |
| 218 for (std::map<std::string, std::string>::const_iterator iter = |
| 219 refresh_tokens_.begin(); iter != refresh_tokens_.end(); ++iter) { |
| 220 account_ids.push_back(iter->first); |
| 221 } |
| 222 return account_ids; |
| 206 } | 223 } |
| 207 | 224 |
| 208 void ProfileOAuth2TokenService::UpdateCredentials( | 225 void ProfileOAuth2TokenService::UpdateCredentials( |
| 209 const std::string& account_id, | 226 const std::string& account_id, |
| 210 const std::string& refresh_token) { | 227 const std::string& refresh_token) { |
| 211 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | 228 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 212 DCHECK(!refresh_token.empty()); | 229 DCHECK(!refresh_token.empty()); |
| 213 | 230 |
| 214 bool refresh_token_present = refresh_tokens_.count(account_id) > 0; | 231 bool refresh_token_present = refresh_tokens_.count(account_id) > 0; |
| 215 if (!refresh_token_present || | 232 if (!refresh_token_present || |
| 216 refresh_tokens_[account_id] != refresh_token) { | 233 refresh_tokens_[account_id] != refresh_token) { |
| 217 // If token present, and different from the new one, cancel its requests. | 234 // If token present, and different from the new one, cancel its requests, |
| 218 if (refresh_token_present) | 235 // and clear the entries in cache related to that account. |
| 236 if (refresh_token_present) { |
| 219 CancelRequestsForToken(refresh_tokens_[account_id]); | 237 CancelRequestsForToken(refresh_tokens_[account_id]); |
| 238 ClearCacheForAccount(account_id); |
| 239 } |
| 220 | 240 |
| 221 // Save the token in memory and in persistent store. | 241 // Save the token in memory and in persistent store. |
| 222 refresh_tokens_[account_id] = refresh_token; | 242 refresh_tokens_[account_id] = refresh_token; |
| 223 scoped_refptr<TokenWebData> token_web_data = | 243 PersistCredentials(account_id, refresh_token); |
| 224 TokenWebData::FromBrowserContext(profile_); | |
| 225 if (token_web_data.get()) | |
| 226 token_web_data->SetTokenForService(ApplyAccountIdPrefix(account_id), | |
| 227 refresh_token); | |
| 228 | 244 |
| 245 UpdateAuthError(account_id, GoogleServiceAuthError::AuthErrorNone()); |
| 229 FireRefreshTokenAvailable(account_id); | 246 FireRefreshTokenAvailable(account_id); |
| 230 // TODO(fgorski): Notify diagnostic observers. | 247 // TODO(fgorski): Notify diagnostic observers. |
| 231 } | 248 } |
| 232 } | 249 } |
| 233 | 250 |
| 234 void ProfileOAuth2TokenService::RevokeCredentials( | 251 void ProfileOAuth2TokenService::RevokeCredentials( |
| 235 const std::string& account_id) { | 252 const std::string& account_id) { |
| 236 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | 253 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 237 | 254 |
| 238 if (refresh_tokens_.count(account_id) > 0) { | 255 if (refresh_tokens_.count(account_id) > 0) { |
| 239 CancelRequestsForToken(refresh_tokens_[account_id]); | 256 CancelRequestsForToken(refresh_tokens_[account_id]); |
| 257 ClearCacheForAccount(account_id); |
| 240 refresh_tokens_.erase(account_id); | 258 refresh_tokens_.erase(account_id); |
| 241 scoped_refptr<TokenWebData> token_web_data = | 259 ClearPersistedCredentials(account_id); |
| 242 TokenWebData::FromBrowserContext(profile_); | |
| 243 if (token_web_data.get()) | |
| 244 token_web_data->RemoveTokenForService(ApplyAccountIdPrefix(account_id)); | |
| 245 FireRefreshTokenRevoked(account_id); | 260 FireRefreshTokenRevoked(account_id); |
| 246 | 261 |
| 247 // TODO(fgorski): Notify diagnostic observers. | 262 // TODO(fgorski): Notify diagnostic observers. |
| 248 } | 263 } |
| 249 } | 264 } |
| 250 | 265 |
| 266 void ProfileOAuth2TokenService::PersistCredentials( |
| 267 const std::string& account_id, |
| 268 const std::string& refresh_token) { |
| 269 scoped_refptr<TokenWebData> token_web_data = |
| 270 TokenWebData::FromBrowserContext(profile_); |
| 271 if (token_web_data.get()) { |
| 272 token_web_data->SetTokenForService(ApplyAccountIdPrefix(account_id), |
| 273 refresh_token); |
| 274 } |
| 275 } |
| 276 |
| 277 void ProfileOAuth2TokenService::ClearPersistedCredentials( |
| 278 const std::string& account_id) { |
| 279 scoped_refptr<TokenWebData> token_web_data = |
| 280 TokenWebData::FromBrowserContext(profile_); |
| 281 if (token_web_data.get()) |
| 282 token_web_data->RemoveTokenForService(ApplyAccountIdPrefix(account_id)); |
| 283 } |
| 284 |
| 251 void ProfileOAuth2TokenService::RevokeAllCredentials() { | 285 void ProfileOAuth2TokenService::RevokeAllCredentials() { |
| 252 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | 286 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 253 | 287 |
| 254 CancelAllRequests(); | 288 CancelAllRequests(); |
| 255 for (std::map<std::string, std::string>::const_iterator iter = | 289 for (std::map<std::string, std::string>::const_iterator iter = |
| 256 refresh_tokens_.begin(); | 290 refresh_tokens_.begin(); |
| 257 iter != refresh_tokens_.end(); | 291 iter != refresh_tokens_.end(); |
| 258 ++iter) { | 292 ++iter) { |
| 259 FireRefreshTokenRevoked(iter->first); | 293 FireRefreshTokenRevoked(iter->first); |
| 260 } | 294 } |
| 261 refresh_tokens_.clear(); | 295 refresh_tokens_.clear(); |
| 262 | 296 |
| 263 scoped_refptr<TokenWebData> token_web_data = | 297 scoped_refptr<TokenWebData> token_web_data = |
| 264 TokenWebData::FromBrowserContext(profile_); | 298 TokenWebData::FromBrowserContext(profile_); |
| 265 if (token_web_data.get()) | 299 if (token_web_data.get()) |
| 266 token_web_data->RemoveAllTokens(); | 300 token_web_data->RemoveAllTokens(); |
| 267 FireRefreshTokensCleared(); | |
| 268 | 301 |
| 269 // TODO(fgorski): Notify diagnostic observers. | 302 // TODO(fgorski): Notify diagnostic observers. |
| 270 } | 303 } |
| 271 | 304 |
| 272 void ProfileOAuth2TokenService::LoadCredentials() { | 305 void ProfileOAuth2TokenService::LoadCredentials() { |
| 273 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | 306 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 274 DCHECK_EQ(0, web_data_service_request_); | 307 DCHECK_EQ(0, web_data_service_request_); |
| 275 | 308 |
| 276 CancelAllRequests(); | 309 CancelAllRequests(); |
| 277 refresh_tokens_.clear(); | 310 refresh_tokens_.clear(); |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 319 } else { | 352 } else { |
| 320 DCHECK(!refresh_token.empty()); | 353 DCHECK(!refresh_token.empty()); |
| 321 std::string account_id = RemoveAccountIdPrefix(prefixed_account_id); | 354 std::string account_id = RemoveAccountIdPrefix(prefixed_account_id); |
| 322 refresh_tokens_[account_id] = refresh_token; | 355 refresh_tokens_[account_id] = refresh_token; |
| 323 FireRefreshTokenAvailable(account_id); | 356 FireRefreshTokenAvailable(account_id); |
| 324 // TODO(fgorski): Notify diagnostic observers. | 357 // TODO(fgorski): Notify diagnostic observers. |
| 325 } | 358 } |
| 326 } | 359 } |
| 327 | 360 |
| 328 if (!old_login_token.empty() && | 361 if (!old_login_token.empty() && |
| 329 refresh_tokens_.count(GetAccountId(profile_)) == 0) { | 362 refresh_tokens_.count(GetPrimaryAccountId()) == 0) { |
| 330 UpdateCredentials(GetAccountId(profile_), old_login_token); | 363 UpdateCredentials(GetPrimaryAccountId(), old_login_token); |
| 331 } | 364 } |
| 332 | 365 |
| 333 FireRefreshTokensLoaded(); | 366 FireRefreshTokensLoaded(); |
| 334 } | 367 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 23382008:
Making OAuth2TokenService multi-login aware, updating callers, minor fixes (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master