Making OAuth2TokenService multi-login aware, updating callers, minor fixes

chrome/browser/signin/profile_oauth2_token_service.cc

Index: chrome/browser/signin/profile_oauth2_token_service.cc
diff --git a/chrome/browser/signin/profile_oauth2_token_service.cc b/chrome/browser/signin/profile_oauth2_token_service.cc
index 1687b33ef6c8e637b13d75deb8c981d0331e215b..9698906aa1398e857025b61f369570f584fc6095 100644
--- a/chrome/browser/signin/profile_oauth2_token_service.cc
+++ b/chrome/browser/signin/profile_oauth2_token_service.cc
@@ -99,12 +99,9 @@ void ProfileOAuth2TokenService::Shutdown() {
   signin_global_error_.reset();
 }
 
-std::string ProfileOAuth2TokenService::GetRefreshToken() {
-  TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
-  if (!token_service || !token_service->HasOAuthLoginToken()) {
-    return std::string();
-  }
-  return token_service->GetOAuth2LoginRefreshToken();
+std::string ProfileOAuth2TokenService::GetRefreshToken(
+    const std::string& account_id) {
+  return refresh_tokens_[account_id];
 }
 
 net::URLRequestContextGetter* ProfileOAuth2TokenService::GetRequestContext() {
@@ -112,7 +109,9 @@ net::URLRequestContextGetter* ProfileOAuth2TokenService::GetRequestContext() {
 }
 
 void ProfileOAuth2TokenService::UpdateAuthError(
+    const std::string& account_id,
     const GoogleServiceAuthError& error) {
+  // TODO(fgorski): SigninGlobalError needs to be made multi-login aware.
   // Do not report connection errors as these are not actually auth errors.
   // We also want to avoid masking a "real" auth error just because we
   // subsequently get a transient network error.
@@ -142,7 +141,8 @@ void ProfileOAuth2TokenService::Observe(
         // there are no other refresh tokens, we cancel all active requests.
         CancelAllRequests();
         ClearCache();
-        UpdateAuthError(GoogleServiceAuthError::AuthErrorNone());
+        UpdateAuthError(GetPrimaryAccountId(),
+                        GoogleServiceAuthError::AuthErrorNone());
         FireRefreshTokenAvailable(GetAccountId(profile_));
       }
       break;
@@ -150,8 +150,8 @@ void ProfileOAuth2TokenService::Observe(
     case chrome::NOTIFICATION_TOKENS_CLEARED: {
       CancelAllRequests();
       ClearCache();
-      UpdateAuthError(GoogleServiceAuthError::AuthErrorNone());
-      FireRefreshTokensCleared();
+      UpdateAuthError(GetPrimaryAccountId(),
+                      GoogleServiceAuthError::AuthErrorNone());
       break;
     }
     case chrome::NOTIFICATION_TOKEN_LOADING_FINISHED:
@@ -160,8 +160,9 @@ void ProfileOAuth2TokenService::Observe(
       // user goes on to set up sync, they will have to make two attempts:
       // One to surface the OAuth2 error, and a second one after signing in.
       // See crbug.com/276650.
-      if (!GetAccountId(profile_).empty() && GetRefreshToken().empty()) {
-        UpdateAuthError(GoogleServiceAuthError(
+      if (!GetPrimaryAccountId().empty() &&
+          !RefreshTokenIsAvailable(GetPrimaryAccountId())) {
+        UpdateAuthError(GetPrimaryAccountId(), GoogleServiceAuthError(
             GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS));
       }
       FireRefreshTokensLoaded();
@@ -181,8 +182,7 @@ void ProfileOAuth2TokenService::RegisterCacheEntry(
     const ScopeSet& scopes,
     const std::string& access_token,
     const base::Time& expiration_date) {
-  if (ShouldCacheForRefreshToken(TokenServiceFactory::GetForProfile(profile_),
-                                 refresh_token)) {
+  if (ShouldCacheForRefreshToken(refresh_token)) {
     OAuth2TokenService::RegisterCacheEntry(refresh_token,
                                            scopes,
                                            access_token,
@@ -191,16 +191,36 @@ void ProfileOAuth2TokenService::RegisterCacheEntry(
 }
 
 bool ProfileOAuth2TokenService::ShouldCacheForRefreshToken(
-    TokenService *token_service,
     const std::string& refresh_token) {
-  if (!token_service ||
-      !token_service->HasOAuthLoginToken() ||
-      token_service->GetOAuth2LoginRefreshToken().compare(refresh_token) != 0) {
-    DLOG(INFO) <<
-        "Received a token with a refresh token not maintained by TokenService.";
-    return false;
+  // Check below ensures that only refresh tokens belonging to one of the logged
+  // in accounts will allow for the access tokens to be cached.
+  // TODO(fgorski): Convert to CHECK/DCHECK if it should not be possible.
+  // Consider a re-auth scenario.
+  for (std::map<std::string, std::string>::const_iterator iter =
+           refresh_tokens_.begin(); iter != refresh_tokens_.end(); ++iter) {
+    if (iter->second == refresh_token)
+      return true;
   }
-  return true;
+
+  DLOG(INFO) <<
+      "Received a token with a refresh token not maintained by TokenService.";
+  return false;
+}
+
+std::string ProfileOAuth2TokenService::GetPrimaryAccountId() {
+  SigninManagerBase* signin_manager =
+      SigninManagerFactory::GetForProfileIfExists(profile_);
+  return signin_manager ? signin_manager->GetAuthenticatedUsername() :

[Roger Tawa OOO till Jul 10th, 2013/08/29 15:41:40]

Should probably DCHECK that SM is not null, at least as long as this method
exists in this class.

[fgorski, 2013/08/29 23:04:14]

Done.

+      std::string();
+}
+
+std::vector<std::string> ProfileOAuth2TokenService::GetAccounts() {
+  std::vector<std::string> account_ids;
+  for (std::map<std::string, std::string>::const_iterator iter =
+           refresh_tokens_.begin(); iter != refresh_tokens_.end(); ++iter) {
+    account_ids.push_back(iter->first);
+  }
+  return account_ids;
 }
 
 void ProfileOAuth2TokenService::UpdateCredentials(
@@ -212,9 +232,12 @@ void ProfileOAuth2TokenService::UpdateCredentials(
   bool refresh_token_present = refresh_tokens_.count(account_id) > 0;
   if (!refresh_token_present ||
       refresh_tokens_[account_id] != refresh_token) {
-    // If token present, and different from the new one, cancel its requests.
-    if (refresh_token_present)
+    // If token present, and different from the new one, cancel its requests,
+    // and clear the entries in cache related to that account.
+    if (refresh_token_present) {
       CancelRequestsForToken(refresh_tokens_[account_id]);
+      // ClearCacheForAccount(account_id);
+    }
 
     // Save the token in memory and in persistent store.
     refresh_tokens_[account_id] = refresh_token;
@@ -224,6 +247,7 @@ void ProfileOAuth2TokenService::UpdateCredentials(
       token_web_data->SetTokenForService(ApplyAccountIdPrefix(account_id),
                                          refresh_token);
 
+    UpdateAuthError(account_id, GoogleServiceAuthError::AuthErrorNone());
     FireRefreshTokenAvailable(account_id);
     // TODO(fgorski): Notify diagnostic observers.
   }
@@ -235,6 +259,7 @@ void ProfileOAuth2TokenService::RevokeCredentials(
 
   if (refresh_tokens_.count(account_id) > 0) {
     CancelRequestsForToken(refresh_tokens_[account_id]);
+    // TODO(fgorski): Call ClearCacheForAccount(account_id) from here.
     refresh_tokens_.erase(account_id);
     scoped_refptr<TokenWebData> token_web_data =
         TokenWebData::FromBrowserContext(profile_);
@@ -262,7 +287,6 @@ void ProfileOAuth2TokenService::RevokeAllCredentials() {
       TokenWebData::FromBrowserContext(profile_);
   if (token_web_data.get())
     token_web_data->RemoveAllTokens();
-  FireRefreshTokensCleared();
 
   // TODO(fgorski): Notify diagnostic observers.
 }