Chromium Code Reviews Chromium Code Reviews
Issue 23382008:
Making OAuth2TokenService multi-login aware, updating callers, minor fixes (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/signin/profile_oauth2_token_service.cc |
| diff --git a/chrome/browser/signin/profile_oauth2_token_service.cc b/chrome/browser/signin/profile_oauth2_token_service.cc |
| index 7dbab236cfb034afa8c4b9f681316d10b3aab19a..5433ff065402a9f82ec833f545746649b25c84a0 100644 |
| --- a/chrome/browser/signin/profile_oauth2_token_service.cc |
| +++ b/chrome/browser/signin/profile_oauth2_token_service.cc |
| @@ -46,13 +46,6 @@ std::string RemoveAccountIdPrefix(const std::string& prefixed_account_id) { |
| return prefixed_account_id.substr(kAccountIdPrefixLength); |
| } |
| -std::string GetAccountId(Profile* profile) { |
| - SigninManagerBase* signin_manager = |
| - SigninManagerFactory::GetForProfileIfExists(profile); |
| - return signin_manager ? signin_manager->GetAuthenticatedUsername() : |
| - std::string(); |
| -} |
| - |
| } // namespace |
| ProfileOAuth2TokenService::ProfileOAuth2TokenService() |
| @@ -99,12 +92,13 @@ void ProfileOAuth2TokenService::Shutdown() { |
| signin_global_error_.reset(); |
| } |
| -std::string ProfileOAuth2TokenService::GetRefreshToken() { |
| - TokenService* token_service = TokenServiceFactory::GetForProfile(profile_); |
| - if (!token_service || !token_service->HasOAuthLoginToken()) { |
| - return std::string(); |
| - } |
| - return token_service->GetOAuth2LoginRefreshToken(); |
| +std::string ProfileOAuth2TokenService::GetRefreshToken( |
| + const std::string& account_id) { |
| + std::map<std::string, std::string>::const_iterator iter = |
| + refresh_tokens_.find(account_id); |
| + if (iter != refresh_tokens_.end()) |
| + return iter->second; |
| + return std::string(); |
| } |
| net::URLRequestContextGetter* ProfileOAuth2TokenService::GetRequestContext() { |
| @@ -112,7 +106,9 @@ net::URLRequestContextGetter* ProfileOAuth2TokenService::GetRequestContext() { |
| } |
| void ProfileOAuth2TokenService::UpdateAuthError( |
| + const std::string& account_id, |
| const GoogleServiceAuthError& error) { |
| + // TODO(fgorski): SigninGlobalError needs to be made multi-login aware. |
| // Do not report connection errors as these are not actually auth errors. |
| // We also want to avoid masking a "real" auth error just because we |
| // subsequently get a transient network error. |
| @@ -142,16 +138,18 @@ void ProfileOAuth2TokenService::Observe( |
| // there are no other refresh tokens, we cancel all active requests. |
| CancelAllRequests(); |
| ClearCache(); |
| - UpdateAuthError(GoogleServiceAuthError::AuthErrorNone()); |
| - FireRefreshTokenAvailable(GetAccountId(profile_)); |
| + std::string account_id = GetPrimaryAccountId(); |
| + UpdateAuthError(account_id, GoogleServiceAuthError::AuthErrorNone()); |
| + refresh_tokens_[account_id] = tok_details->token(); |
|
Andrew T Wilson (Slow)
2013/09/06 09:23:10
nit: I'd probably update refresh_tokens_[] before
fgorski
2013/09/12 23:46:24
Done.
|
| + FireRefreshTokenAvailable(account_id); |
| } |
| break; |
| } |
| case chrome::NOTIFICATION_TOKENS_CLEARED: { |
| CancelAllRequests(); |
| ClearCache(); |
| - UpdateAuthError(GoogleServiceAuthError::AuthErrorNone()); |
| - FireRefreshTokensCleared(); |
| + UpdateAuthError(GetPrimaryAccountId(), |
| + GoogleServiceAuthError::AuthErrorNone()); |
| break; |
| } |
| case chrome::NOTIFICATION_TOKEN_LOADING_FINISHED: |
| @@ -172,8 +170,7 @@ void ProfileOAuth2TokenService::RegisterCacheEntry( |
| const ScopeSet& scopes, |
| const std::string& access_token, |
| const base::Time& expiration_date) { |
| - if (ShouldCacheForRefreshToken(TokenServiceFactory::GetForProfile(profile_), |
| - refresh_token)) { |
| + if (ShouldCacheForRefreshToken(refresh_token)) { |
| OAuth2TokenService::RegisterCacheEntry(refresh_token, |
| scopes, |
| access_token, |
| @@ -182,16 +179,38 @@ void ProfileOAuth2TokenService::RegisterCacheEntry( |
| } |
| bool ProfileOAuth2TokenService::ShouldCacheForRefreshToken( |
| - TokenService *token_service, |
| const std::string& refresh_token) { |
| - if (!token_service || |
| - !token_service->HasOAuthLoginToken() || |
| - token_service->GetOAuth2LoginRefreshToken().compare(refresh_token) != 0) { |
| - DLOG(INFO) << |
| - "Received a token with a refresh token not maintained by TokenService."; |
| - return false; |
| + // Check below ensures that only refresh tokens belonging to one of the logged |
| + // in accounts will allow for the access tokens to be cached. |
| + // TODO(fgorski): Convert to CHECK/DCHECK if it should not be possible. |
| + // Consider a re-auth scenario. |
| + for (std::map<std::string, std::string>::const_iterator iter = |
| + refresh_tokens_.begin(); iter != refresh_tokens_.end(); ++iter) { |
| + if (iter->second == refresh_token) |
| + return true; |
| + } |
| + |
| + DLOG(INFO) << |
| + "Received a token with a refresh token not maintained by TokenService."; |
| + return false; |
| +} |
| + |
| +std::string ProfileOAuth2TokenService::GetPrimaryAccountId() { |
| + SigninManagerBase* signin_manager = |
| + SigninManagerFactory::GetForProfileIfExists(profile_); |
| + // TODO(fgorski): DCHECK(signin_manager) here - it may require update to test |
| + // code and the line above (SigninManager might not exist yet). |
| + return signin_manager ? signin_manager->GetAuthenticatedUsername() |
| + : std::string(); |
| +} |
| + |
| +std::vector<std::string> ProfileOAuth2TokenService::GetAccounts() { |
| + std::vector<std::string> account_ids; |
| + for (std::map<std::string, std::string>::const_iterator iter = |
| + refresh_tokens_.begin(); iter != refresh_tokens_.end(); ++iter) { |
| + account_ids.push_back(iter->first); |
| } |
| - return true; |
| + return account_ids; |
| } |
| void ProfileOAuth2TokenService::UpdateCredentials( |
| @@ -203,18 +222,18 @@ void ProfileOAuth2TokenService::UpdateCredentials( |
| bool refresh_token_present = refresh_tokens_.count(account_id) > 0; |
| if (!refresh_token_present || |
| refresh_tokens_[account_id] != refresh_token) { |
| - // If token present, and different from the new one, cancel its requests. |
| - if (refresh_token_present) |
| + // If token present, and different from the new one, cancel its requests, |
| + // and clear the entries in cache related to that account. |
| + if (refresh_token_present) { |
| CancelRequestsForToken(refresh_tokens_[account_id]); |
| + // TODO(fgorski): Call ClearCacheForAccount(account_id) from here. |
| + } |
| // Save the token in memory and in persistent store. |
| refresh_tokens_[account_id] = refresh_token; |
| - scoped_refptr<TokenWebData> token_web_data = |
| - TokenWebData::FromBrowserContext(profile_); |
| - if (token_web_data.get()) |
| - token_web_data->SetTokenForService(ApplyAccountIdPrefix(account_id), |
| - refresh_token); |
| + PersistCredentials(account_id, refresh_token); |
| + UpdateAuthError(account_id, GoogleServiceAuthError::AuthErrorNone()); |
| FireRefreshTokenAvailable(account_id); |
| // TODO(fgorski): Notify diagnostic observers. |
| } |
| @@ -226,17 +245,34 @@ void ProfileOAuth2TokenService::RevokeCredentials( |
| if (refresh_tokens_.count(account_id) > 0) { |
| CancelRequestsForToken(refresh_tokens_[account_id]); |
| + // TODO(fgorski): Call ClearCacheForAccount(account_id) from here. |
| refresh_tokens_.erase(account_id); |
| - scoped_refptr<TokenWebData> token_web_data = |
| - TokenWebData::FromBrowserContext(profile_); |
| - if (token_web_data.get()) |
| - token_web_data->RemoveTokenForService(ApplyAccountIdPrefix(account_id)); |
| + ClearPersistedCredentials(account_id); |
| FireRefreshTokenRevoked(account_id); |
| // TODO(fgorski): Notify diagnostic observers. |
| } |
| } |
| +void ProfileOAuth2TokenService::PersistCredentials( |
| + const std::string& account_id, |
| + const std::string& refresh_token) { |
| + scoped_refptr<TokenWebData> token_web_data = |
| + TokenWebData::FromBrowserContext(profile_); |
| + if (token_web_data.get()) { |
| + token_web_data->SetTokenForService(ApplyAccountIdPrefix(account_id), |
| + refresh_token); |
| + } |
| +} |
| + |
| +void ProfileOAuth2TokenService::ClearPersistedCredentials( |
| + const std::string& account_id) { |
| + scoped_refptr<TokenWebData> token_web_data = |
| + TokenWebData::FromBrowserContext(profile_); |
| + if (token_web_data.get()) |
| + token_web_data->RemoveTokenForService(ApplyAccountIdPrefix(account_id)); |
| +} |
| + |
| void ProfileOAuth2TokenService::RevokeAllCredentials() { |
| DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| @@ -253,7 +289,6 @@ void ProfileOAuth2TokenService::RevokeAllCredentials() { |
| TokenWebData::FromBrowserContext(profile_); |
| if (token_web_data.get()) |
| token_web_data->RemoveAllTokens(); |
| - FireRefreshTokensCleared(); |
| // TODO(fgorski): Notify diagnostic observers. |
| } |
| @@ -315,8 +350,8 @@ void ProfileOAuth2TokenService::LoadAllCredentialsIntoMemory( |
| } |
| if (!old_login_token.empty() && |
| - refresh_tokens_.count(GetAccountId(profile_)) == 0) { |
| - UpdateCredentials(GetAccountId(profile_), old_login_token); |
| + refresh_tokens_.count(GetPrimaryAccountId()) == 0) { |
| + UpdateCredentials(GetPrimaryAccountId(), old_login_token); |
| } |
| FireRefreshTokensLoaded(); |
