| Index: chrome/browser/signin/profile_oauth2_token_service.cc
|
| diff --git a/chrome/browser/signin/profile_oauth2_token_service.cc b/chrome/browser/signin/profile_oauth2_token_service.cc
|
| index 1687b33ef6c8e637b13d75deb8c981d0331e215b..4fa44e31b8df3cdb1de5158a42e09b5b74058df9 100644
|
| --- a/chrome/browser/signin/profile_oauth2_token_service.cc
|
| +++ b/chrome/browser/signin/profile_oauth2_token_service.cc
|
| @@ -46,13 +46,6 @@ std::string RemoveAccountIdPrefix(const std::string& prefixed_account_id) {
|
| return prefixed_account_id.substr(kAccountIdPrefixLength);
|
| }
|
|
|
| -std::string GetAccountId(Profile* profile) {
|
| - SigninManagerBase* signin_manager =
|
| - SigninManagerFactory::GetForProfileIfExists(profile);
|
| - return signin_manager ? signin_manager->GetAuthenticatedUsername() :
|
| - std::string();
|
| -}
|
| -
|
| } // namespace
|
|
|
| ProfileOAuth2TokenService::ProfileOAuth2TokenService()
|
| @@ -99,12 +92,13 @@ void ProfileOAuth2TokenService::Shutdown() {
|
| signin_global_error_.reset();
|
| }
|
|
|
| -std::string ProfileOAuth2TokenService::GetRefreshToken() {
|
| - TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
|
| - if (!token_service || !token_service->HasOAuthLoginToken()) {
|
| - return std::string();
|
| - }
|
| - return token_service->GetOAuth2LoginRefreshToken();
|
| +std::string ProfileOAuth2TokenService::GetRefreshToken(
|
| + const std::string& account_id) {
|
| + std::map<std::string, std::string>::const_iterator iter =
|
| + refresh_tokens_.find(account_id);
|
| + if (iter != refresh_tokens_.end())
|
| + return iter->second;
|
| + return std::string();
|
| }
|
|
|
| net::URLRequestContextGetter* ProfileOAuth2TokenService::GetRequestContext() {
|
| @@ -112,7 +106,9 @@ net::URLRequestContextGetter* ProfileOAuth2TokenService::GetRequestContext() {
|
| }
|
|
|
| void ProfileOAuth2TokenService::UpdateAuthError(
|
| + const std::string& account_id,
|
| const GoogleServiceAuthError& error) {
|
| + // TODO(fgorski): SigninGlobalError needs to be made multi-login aware.
|
| // Do not report connection errors as these are not actually auth errors.
|
| // We also want to avoid masking a "real" auth error just because we
|
| // subsequently get a transient network error.
|
| @@ -142,16 +138,18 @@ void ProfileOAuth2TokenService::Observe(
|
| // there are no other refresh tokens, we cancel all active requests.
|
| CancelAllRequests();
|
| ClearCache();
|
| - UpdateAuthError(GoogleServiceAuthError::AuthErrorNone());
|
| - FireRefreshTokenAvailable(GetAccountId(profile_));
|
| + std::string account_id = GetPrimaryAccountId();
|
| + UpdateAuthError(account_id, GoogleServiceAuthError::AuthErrorNone());
|
| + refresh_tokens_[account_id] = tok_details->token();
|
| + FireRefreshTokenAvailable(account_id);
|
| }
|
| break;
|
| }
|
| case chrome::NOTIFICATION_TOKENS_CLEARED: {
|
| CancelAllRequests();
|
| ClearCache();
|
| - UpdateAuthError(GoogleServiceAuthError::AuthErrorNone());
|
| - FireRefreshTokensCleared();
|
| + UpdateAuthError(GetPrimaryAccountId(),
|
| + GoogleServiceAuthError::AuthErrorNone());
|
| break;
|
| }
|
| case chrome::NOTIFICATION_TOKEN_LOADING_FINISHED:
|
| @@ -160,8 +158,9 @@ void ProfileOAuth2TokenService::Observe(
|
| // user goes on to set up sync, they will have to make two attempts:
|
| // One to surface the OAuth2 error, and a second one after signing in.
|
| // See crbug.com/276650.
|
| - if (!GetAccountId(profile_).empty() && GetRefreshToken().empty()) {
|
| - UpdateAuthError(GoogleServiceAuthError(
|
| + if (!GetPrimaryAccountId().empty() &&
|
| + !RefreshTokenIsAvailable(GetPrimaryAccountId())) {
|
| + UpdateAuthError(GetPrimaryAccountId(), GoogleServiceAuthError(
|
| GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS));
|
| }
|
| FireRefreshTokensLoaded();
|
| @@ -181,8 +180,7 @@ void ProfileOAuth2TokenService::RegisterCacheEntry(
|
| const ScopeSet& scopes,
|
| const std::string& access_token,
|
| const base::Time& expiration_date) {
|
| - if (ShouldCacheForRefreshToken(TokenServiceFactory::GetForProfile(profile_),
|
| - refresh_token)) {
|
| + if (ShouldCacheForRefreshToken(refresh_token)) {
|
| OAuth2TokenService::RegisterCacheEntry(refresh_token,
|
| scopes,
|
| access_token,
|
| @@ -191,16 +189,38 @@ void ProfileOAuth2TokenService::RegisterCacheEntry(
|
| }
|
|
|
| bool ProfileOAuth2TokenService::ShouldCacheForRefreshToken(
|
| - TokenService *token_service,
|
| const std::string& refresh_token) {
|
| - if (!token_service ||
|
| - !token_service->HasOAuthLoginToken() ||
|
| - token_service->GetOAuth2LoginRefreshToken().compare(refresh_token) != 0) {
|
| - DLOG(INFO) <<
|
| - "Received a token with a refresh token not maintained by TokenService.";
|
| - return false;
|
| + // Check below ensures that only refresh tokens belonging to one of the logged
|
| + // in accounts will allow for the access tokens to be cached.
|
| + // TODO(fgorski): Convert to CHECK/DCHECK if it should not be possible.
|
| + // Consider a re-auth scenario.
|
| + for (std::map<std::string, std::string>::const_iterator iter =
|
| + refresh_tokens_.begin(); iter != refresh_tokens_.end(); ++iter) {
|
| + if (iter->second == refresh_token)
|
| + return true;
|
| + }
|
| +
|
| + DLOG(INFO) <<
|
| + "Received a token with a refresh token not maintained by TokenService.";
|
| + return false;
|
| +}
|
| +
|
| +std::string ProfileOAuth2TokenService::GetPrimaryAccountId() {
|
| + SigninManagerBase* signin_manager =
|
| + SigninManagerFactory::GetForProfileIfExists(profile_);
|
| + // TODO(fgorski): DCHECK(signin_manager) here - it may require update to test
|
| + // code and the line above (SigninManager might not exist yet).
|
| + return signin_manager ? signin_manager->GetAuthenticatedUsername()
|
| + : std::string();
|
| +}
|
| +
|
| +std::vector<std::string> ProfileOAuth2TokenService::GetAccounts() {
|
| + std::vector<std::string> account_ids;
|
| + for (std::map<std::string, std::string>::const_iterator iter =
|
| + refresh_tokens_.begin(); iter != refresh_tokens_.end(); ++iter) {
|
| + account_ids.push_back(iter->first);
|
| }
|
| - return true;
|
| + return account_ids;
|
| }
|
|
|
| void ProfileOAuth2TokenService::UpdateCredentials(
|
| @@ -212,9 +232,12 @@ void ProfileOAuth2TokenService::UpdateCredentials(
|
| bool refresh_token_present = refresh_tokens_.count(account_id) > 0;
|
| if (!refresh_token_present ||
|
| refresh_tokens_[account_id] != refresh_token) {
|
| - // If token present, and different from the new one, cancel its requests.
|
| - if (refresh_token_present)
|
| + // If token present, and different from the new one, cancel its requests,
|
| + // and clear the entries in cache related to that account.
|
| + if (refresh_token_present) {
|
| CancelRequestsForToken(refresh_tokens_[account_id]);
|
| + // ClearCacheForAccount(account_id);
|
| + }
|
|
|
| // Save the token in memory and in persistent store.
|
| refresh_tokens_[account_id] = refresh_token;
|
| @@ -224,6 +247,7 @@ void ProfileOAuth2TokenService::UpdateCredentials(
|
| token_web_data->SetTokenForService(ApplyAccountIdPrefix(account_id),
|
| refresh_token);
|
|
|
| + UpdateAuthError(account_id, GoogleServiceAuthError::AuthErrorNone());
|
| FireRefreshTokenAvailable(account_id);
|
| // TODO(fgorski): Notify diagnostic observers.
|
| }
|
| @@ -235,6 +259,7 @@ void ProfileOAuth2TokenService::RevokeCredentials(
|
|
|
| if (refresh_tokens_.count(account_id) > 0) {
|
| CancelRequestsForToken(refresh_tokens_[account_id]);
|
| + // TODO(fgorski): Call ClearCacheForAccount(account_id) from here.
|
| refresh_tokens_.erase(account_id);
|
| scoped_refptr<TokenWebData> token_web_data =
|
| TokenWebData::FromBrowserContext(profile_);
|
| @@ -262,7 +287,6 @@ void ProfileOAuth2TokenService::RevokeAllCredentials() {
|
| TokenWebData::FromBrowserContext(profile_);
|
| if (token_web_data.get())
|
| token_web_data->RemoveAllTokens();
|
| - FireRefreshTokensCleared();
|
|
|
| // TODO(fgorski): Notify diagnostic observers.
|
| }
|
| @@ -324,8 +348,8 @@ void ProfileOAuth2TokenService::LoadAllCredentialsIntoMemory(
|
| }
|
|
|
| if (!old_login_token.empty() &&
|
| - refresh_tokens_.count(GetAccountId(profile_)) == 0) {
|
| - UpdateCredentials(GetAccountId(profile_), old_login_token);
|
| + refresh_tokens_.count(GetPrimaryAccountId()) == 0) {
|
| + UpdateCredentials(GetPrimaryAccountId(), old_login_token);
|
| }
|
|
|
| FireRefreshTokensLoaded();
|
|
|
Chromium Code Reviews
Issue 23382008:
Making OAuth2TokenService multi-login aware, updating callers, minor fixes (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master