chrome/browser/extensions/api/dial/device_description_fetcher.cc - Issue 2583853004: [chrome.dial] Adds chrome.dial.fetchDeviceDecription API.

Side by Side Diff: chrome/browser/extensions/api/dial/device_description_fetcher.cc

Issue 2583853004: [chrome.dial] Adds chrome.dial.fetchDeviceDecription API. (Closed)

Patch Set: Respond to lazyboy@ comments. Rebase w/namespace changes Created 3 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« chrome/browser/extensions/api/dial/device_description_fetcher.h ('K') | « chrome/browser/extensions/api/dial/device_description_fetcher.h ('k') | chrome/browser/extensions/api/dial/device_description_fetcher_unittest.cc » ('j') | chrome/browser/extensions/api/dial/device_description_fetcher_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright (c) 2016 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "base/strings/string_util.h"

	6 #include "base/strings/stringprintf.h"

	7 #include "chrome/browser/extensions/api/dial/device_description_fetcher.h"

	8 #include "chrome/browser/extensions/api/dial/dial_device_data.h"

	9 #include "chrome/browser/profiles/profile.h"

	10 #include "content/public/browser/browser_thread.h"

	11 #include "net/base/load_flags.h"

	12 #include "net/http/http_response_headers.h"

	13 #include "net/http/http_status_code.h"

	14 #include "net/http/http_util.h"

	15 #include "net/url_request/url_fetcher.h"

	16

	17 using content::BrowserThread;

	18

	19 constexpr char kApplicationUrlHeaderName[] = "Application-URL";

	20 constexpr int kMaxRetries = 3;

	21 constexpr int kMaxDescriptionSizeBytes = 262144;
	Wez 2017/01/05 22:29:24 nit: For max-size constants it is helpful if you c nit: For max-size constants it is helpful if you can summarize a rationale based on what the field might contain, e.g. in this case it can presumably be large if the device has a lot of functions? mark a. foltz 2017/01/09 21:38:07 Done. Show quoted text On 2017/01/05 at 22:29:24, Wez wrote: > nit: For max-size constants it is helpful if you can summarize a rationale based on what the field might contain, e.g. in this case it can presumably be large if the device has a lot of functions? Done.
	22

	23 namespace extensions {

	24 namespace api {

	25 namespace dial {

	26

	27 DeviceDescriptionFetcher::DeviceDescriptionFetcher(

	28 const GURL& device_description_url,

	29 Profile* profile,

	30 base::OnceCallback<void(const DialDeviceDescriptionData&)> success_cb,

	31 base::OnceCallback<void(const std::string&)> error_cb)

	32 : device_description_url_(device_description_url),

	33 profile_(profile),

	34 success_cb_(std::move(success_cb)),

	35 error_cb_(std::move(error_cb)) {

	36 DCHECK_CURRENTLY_ON(BrowserThread::UI);

	37 DCHECK(profile_);

	38 DCHECK(device_description_url_.is_valid());

	39 }

	40

	41 DeviceDescriptionFetcher::~DeviceDescriptionFetcher() {

	42 DCHECK_CURRENTLY_ON(BrowserThread::UI);

	43 }

	44

	45 void DeviceDescriptionFetcher::Start() {

	46 DCHECK_CURRENTLY_ON(BrowserThread::UI);

	47 DCHECK(!fetcher_);
	Wez 2017/01/05 22:29:24 nit: I usually recommend a blank line between DCHE nit: I usually recommend a blank line between DCHECK'd pre-conditions and actual code. mark a. foltz 2017/01/09 21:38:07 Done. Show quoted text On 2017/01/05 at 22:29:24, Wez wrote: > nit: I usually recommend a blank line between DCHECK'd pre-conditions and actual code. Done.
	48 fetcher_ = net::URLFetcher::Create(kURLFetcherID, device_description_url_,

	49 net::URLFetcher::GET, this);
	Wez 2017/01/05 22:29:24 nit: Consider introducing this with e.g. "// uPnP nit: Consider introducing this with e.g. "// uPnP returns device descriptions via GET request." mark a. foltz 2017/01/09 21:38:06 Done. Show quoted text On 2017/01/05 at 22:29:24, Wez wrote: > nit: Consider introducing this with e.g. "// uPnP returns device descriptions via GET request." Done.
	50

	51 // The request should not side effect cache or the cookie store or send auth

	52 // data. Proxies almost certainly hurt more cases than they help.
	Wez 2017/01/05 22:29:24 nit: It might be more readable to create a local i nit: It might be more readable to create a local int and \|= each set of flags into it here, e.g: int flags = 0; // Never use cookies in these requests. flags \|= ... which would make it easier to provide helpful comments for each flag. mark a. foltz 2017/01/09 21:38:07 Reformatted comment to be more explicit about flag Show quoted text On 2017/01/05 at 22:29:24, Wez wrote: > nit: It might be more readable to create a local int and \|= each set of flags into it here, e.g: > > int flags = 0; > > // Never use cookies in these requests. > flags \|= ... > > which would make it easier to provide helpful comments for each flag. Reformatted comment to be more explicit about flags.
	53 fetcher_->SetLoadFlags(net::LOAD_BYPASS_PROXY \| net::LOAD_DISABLE_CACHE \|

	54 net::LOAD_DO_NOT_SAVE_COOKIES \|

	55 net::LOAD_DO_NOT_SEND_COOKIES \|

	56 net::LOAD_DO_NOT_SEND_AUTH_DATA);

	57

	58 // Technically uPnP allows devices to issue HTTP 307 redirects (sec

	59 // 2.1). However, we want to enforce that redirects are not followed to hosts

	60 // other than the DIAL device; and there is no logical reason why a device

	61 // needs to redirect a request for the device description.

	62 //

	63 // We can relax this restriction if there are well-behaved devices that

	64 // actually need redirects.
	Wez 2017/01/05 22:29:24 Presumably we would only do that if we had the abi Presumably we would only do that if we had the ability to intercept the redirect and verify the constraint that it is to the same device? Note that Section 5.4 of the current spec says that devices SHALL NOT redirect this request, though. mark a. foltz 2017/01/09 21:38:07 Good catch, I was looking at the uPnP spec which d Show quoted text On 2017/01/05 at 22:29:24, Wez wrote: > Presumably we would only do that if we had the ability to intercept the redirect and verify the constraint that it is to the same device? > > Note that Section 5.4 of the current spec says that devices SHALL NOT redirect this request, though. Good catch, I was looking at the uPnP spec which does allow certain redirects. Updated comment to state we'll never allow them. Wez 2017/01/09 22:12:58 Acknowledged. Show quoted text On 2017/01/09 21:38:07, mark a. foltz wrote: > On 2017/01/05 at 22:29:24, Wez wrote: > > Presumably we would only do that if we had the ability to intercept the > redirect and verify the constraint that it is to the same device? > > > > Note that Section 5.4 of the current spec says that devices SHALL NOT redirect > this request, though. > > Good catch, I was looking at the uPnP spec which does allow certain redirects. > Updated comment to state we'll never allow them. Acknowledged.
	65 fetcher_->SetStopOnRedirect(true);

	66

	67 // Allow the fetcher to retry on 5XX responses and ERR_NETWORK_CHANGED.

	68 fetcher_->SetMaxRetriesOn5xx(kMaxRetries);

	69 fetcher_->SetAutomaticallyRetryOnNetworkChanges(kMaxRetries);

	70

	71 fetcher_->SetRequestContext(profile_->GetRequestContext());

	72 fetcher_->Start();

	73 }

	74

	75 void DeviceDescriptionFetcher::OnURLFetchComplete(

	76 const net::URLFetcher* source) {
	Wez 2017/01/05 22:29:24 nit: DCHECK_EQ(fetcher_.get(), source); nit: DCHECK_EQ(fetcher_.get(), source); mark a. foltz 2017/01/09 21:38:07 This code doesn't refer to fetcher_. Show quoted text On 2017/01/05 at 22:29:24, Wez wrote: > nit: DCHECK_EQ(fetcher_.get(), source); This code doesn't refer to fetcher_. Wez 2017/01/09 22:12:58 Doesn't this method expect that \|source\| is the sa Show quoted text On 2017/01/09 21:38:07, mark a. foltz wrote: > On 2017/01/05 at 22:29:24, Wez wrote: > > nit: DCHECK_EQ(fetcher_.get(), source); > > This code doesn't refer to fetcher_. Doesn't this method expect that \|source\| is the same URLFetcher that was created in Start(), though? I suppose you can argue that it doesn't matter to this code whether that is the case, or not, so seems legit not to bother checking if you prefer not to. mark a. foltz 2017/01/10 00:36:13 Ah, I misread your earlier comment. Done. Show quoted text On 2017/01/09 at 22:12:58, Wez wrote: > On 2017/01/09 21:38:07, mark a. foltz wrote: > > On 2017/01/05 at 22:29:24, Wez wrote: > > > nit: DCHECK_EQ(fetcher_.get(), source); > > > > This code doesn't refer to fetcher_. > > Doesn't this method expect that \|source\| is the same URLFetcher that was created in Start(), though? I suppose you can argue that it doesn't matter to this code whether that is the case, or not, so seems legit not to bother checking if you prefer not to. Ah, I misread your earlier comment. Done.
	77 if (source->GetResponseCode() != net::HTTP_OK) {

	78 ReportError(

	79 base::StringPrintf("HTTP %d: Unable to fetch device description",

	80 source->GetResponseCode()));

	81 return;

	82 }

	83

	84 const net::HttpResponseHeaders* headers = source->GetResponseHeaders();

	85

	86 // NOTE: The uPnP spec requires devices to set a Content-Type: header of

	87 // text/xml; charset="utf-8" (sec 2.11). However Chromecast (and possibly

	88 // other devices) do not comply, so not checking this header specifcially.
	Wez 2017/01/05 22:29:24 typo: specifically Also, reword: so specifically typo: specifically Also, reword: so specifically do not check that header. Is there much chance that we'd ever want to enable that check, since it seems unlikely that device behaviours will change much? Is it the case that devices actually set the field, but with an incorrect value, or do the misbehaving devices simply omit it? Have we observed devices that we definitely want to support (e.g. smart TVs?) that set bogus Content-Type? mark a. foltz 2017/01/09 21:38:07 I know Cast devices don't comply; presumably they Show quoted text On 2017/01/05 at 22:29:24, Wez wrote: > typo: specifically > > Also, reword: so specifically do not check that header. > > Is there much chance that we'd ever want to enable that check, since it seems unlikely that device behaviours will change much? I know Cast devices don't comply; presumably they could get an update to fix this. If all other devices do comply, then we could turn it on. Show quoted text > Is it the case that devices actually set the field, but with an incorrect value, or do the misbehaving devices simply omit it? So far I've observed Cast devices setting the wrong value. Show quoted text > Have we observed devices that we definitely want to support (e.g. smart TVs?) that set bogus Content-Type? I can check on our lab network to see what they do. We'd probably have to write an UMA to see how many non-compliant devices there are before adding the check. The check doesn't add a ton of value anyway, since XML is the only possible content that can be served for this request. Wez 2017/01/09 22:12:58 Acknowledged. Show quoted text On 2017/01/09 21:38:07, mark a. foltz wrote: > On 2017/01/05 at 22:29:24, Wez wrote: > > typo: specifically > > > > Also, reword: so specifically do not check that header. > > > > Is there much chance that we'd ever want to enable that check, since it seems > unlikely that device behaviours will change much? > > I know Cast devices don't comply; presumably they could get an update to fix > this. If all other devices do comply, then we could turn it on. > > > Is it the case that devices actually set the field, but with an incorrect > value, or do the misbehaving devices simply omit it? > > So far I've observed Cast devices setting the wrong value. > > > Have we observed devices that we definitely want to support (e.g. smart TVs?) > that set bogus Content-Type? > > I can check on our lab network to see what they do. We'd probably have to > write an UMA to see how many non-compliant devices there are before adding the > check. The check doesn't add a ton of value anyway, since XML is the only > possible content that can be served for this request. Acknowledged.
	89

	90 std::string app_url_header;

	91 if (!headers->GetNormalizedHeader(kApplicationUrlHeaderName,

	92 &app_url_header) \|\|

	93 app_url_header.empty()) {

	94 ReportError("Missing or empty Application-URL:");

	95 return;

	96 }

	97

	98 // Section 5.4 of the DIAL spec implies that the Application URL should not

	99 // have path, query or fragment...unsure if that can be enforced.
	Wez 2017/01/05 22:29:24 There seem to be a number of issues of this sort - There seem to be a number of issues of this sort - could the DeviceDescriptionFetcher perhaps check for these conditions but report them to the caller (e.g. via getters) rather than enforcing? That would allow calling code to report the correllation of usable-DIAL-device with non-compliance so we can evaluate whether to enforce. mark a. foltz 2017/01/09 21:38:07 I would probably start with UMA to determine preva Show quoted text On 2017/01/05 at 22:29:24, Wez wrote: > There seem to be a number of issues of this sort - could the DeviceDescriptionFetcher perhaps check for these conditions but report them to the caller (e.g. via getters) rather than enforcing? That would allow calling code to report the correllation of usable-DIAL-device with non-compliance so we can evaluate whether to enforce. I would probably start with UMA to determine prevalence before investing in a complete reporting API. In the meantime we might be able to determine from user feedback if there are devices that are non-compliant and non-working (and thus should be flagged as such). Wez 2017/01/09 22:12:58 Acknowledged. Show quoted text On 2017/01/09 21:38:07, mark a. foltz wrote: > On 2017/01/05 at 22:29:24, Wez wrote: > > There seem to be a number of issues of this sort - could the > DeviceDescriptionFetcher perhaps check for these conditions but report them to > the caller (e.g. via getters) rather than enforcing? That would allow calling > code to report the correllation of usable-DIAL-device with non-compliance so we > can evaluate whether to enforce. > > I would probably start with UMA to determine prevalence before investing in a > complete reporting API. In the meantime we might be able to determine from user > feedback if there are devices that are non-compliant and non-working (and thus > should be flagged as such). Acknowledged.
	100 GURL app_url(app_url_header);

	101 if (!app_url.is_valid() \|\| !app_url.SchemeIs("http") \|\|

	102 !app_url.HostIsIPAddress() \|\|
	Wez 2017/01/05 22:29:24 Strictly the spec says that the \|host\| must either Strictly the spec says that the \|host\| must either resolve to an IPv4 address, or be one; what you're enforcing here is that it is either an IPv4 or IPv6 address, instead. I'd suggest simply omitting this check and adding a note, since you already check that the App URL host is the same as the device description URL host - so any restrictions on the latter implicitly apply to the former. mark a. foltz 2017/01/09 21:38:07 Yes. We don't want domain name resolution here. Show quoted text On 2017/01/05 at 22:29:24, Wez wrote: > Strictly the spec says that the \|host\| must either resolve to an IPv4 address, or be one; what you're enforcing here is that it is either an IPv4 or IPv6 address, instead. Yes. We don't want domain name resolution here. Show quoted text > I'd suggest simply omitting this check and adding a note, since you already check that the App URL host is the same as the device description URL host - so any restrictions on the latter implicitly apply to the former. I don't think having independent checks is a bad thing. Also, we don't have restrictions on the device description host in this API, yet. Filed crbug.com/679432 to track this work. Wez 2017/01/09 22:12:58 The DIAL spec appears to allow for DNS names in ap Show quoted text On 2017/01/09 21:38:07, mark a. foltz wrote: > On 2017/01/05 at 22:29:24, Wez wrote: > > Strictly the spec says that the \|host\| must either resolve to an IPv4 address, > or be one; what you're enforcing here is that it is either an IPv4 or IPv6 > address, instead. > > Yes. We don't want domain name resolution here. The DIAL spec appears to allow for DNS names in app URLs, though, though admittedly it's not clear how you'd actually use those (maybe they have in mind mDNS..?) Show quoted text > > I'd suggest simply omitting this check and adding a note, since you already > check that the App URL host is the same as the device description URL host - so > any restrictions on the latter implicitly apply to the former. > > I don't think having independent checks is a bad thing. > > Also, we don't have restrictions on the device description host in this API, > yet. Filed crbug.com/679432 to track this work. Acknowledged.
	103 app_url.host() != device_description_url_.host()) {

	104 ReportError(base::StringPrintf("Invalid Application-URL: %s",

	105 app_url_header.c_str()));

	106 return;

	107 }

	108

	109 if (source->GetReceivedResponseContentLength() > kMaxDescriptionSizeBytes) {

	110 ReportError("Response too large");

	111 return;

	112 }

	113

	114 std::string device_description;

	115 if (!source->GetResponseAsString(&device_description) \|\|

	116 device_description.empty()) {

	117 ReportError("Missing or empty response");

	118 return;

	119 }

	120

	121 if (!base::IsStringUTF8(device_description)) {

	122 ReportError("Invalid response encoding");

	123 return;

	124 }

	125

	126 std::move(success_cb_)

	127 .Run(DialDeviceDescriptionData(device_description, app_url));
	Wez 2017/01/05 22:29:24 nit: \|device_description\| can be up to 256KB in si nit: \|device_description\| can be up to 256KB in size - std::move() it here? mark a. foltz 2017/01/09 21:38:06 Done. Show quoted text On 2017/01/05 at 22:29:24, Wez wrote: > nit: \|device_description\| can be up to 256KB in size - std::move() it here? Done.
	128 }

	129

	130 void DeviceDescriptionFetcher::OnURLFetchDownloadProgress(

	131 const net::URLFetcher* source,

	132 int64_t current,

	133 int64_t total,

	134 int64_t current_network_bytes) {}

	135

	136 void DeviceDescriptionFetcher::OnURLFetchUploadProgress(

	137 const net::URLFetcher* source,

	138 int64_t current,

	139 int64_t total) {}

	140

	141 void DeviceDescriptionFetcher::ReportError(const std::string& message) {

	142 std::move(error_cb_).Run(message);
	Wez 2017/01/05 22:29:24 I'm not familiar with the new OnceCallback semanti I'm not familiar with the new OnceCallback semantics. Is std::move() now preferred over base::ReturnAndClear(&cb)? Will std::move() clear the Callback such that a second Run() would DCHECK? (I think it will; just confirming :) mark a. foltz 2017/01/09 21:38:07 That's what the following says: https://chromium. Show quoted text On 2017/01/05 at 22:29:24, Wez wrote: > I'm not familiar with the new OnceCallback semantics. > > Is std::move() now preferred over base::ReturnAndClear(&cb)? > > Will std::move() clear the Callback such that a second Run() would DCHECK? (I think it will; just confirming :) That's what the following says: https://chromium.googlesource.com/chromium/src/+/master/docs/callback.md Wez 2017/01/09 22:12:58 Acknowledged. Show quoted text On 2017/01/09 21:38:07, mark a. foltz wrote: > On 2017/01/05 at 22:29:24, Wez wrote: > > I'm not familiar with the new OnceCallback semantics. > > > > Is std::move() now preferred over base::ReturnAndClear(&cb)? > > > > Will std::move() clear the Callback such that a second Run() would DCHECK? (I > think it will; just confirming :) > > That's what the following says: > > https://chromium.googlesource.com/chromium/src/+/master/docs/callback.md Acknowledged.
	143 }

	144

	145 } // namespace dial

	146 } // namespace api

	147 } // namespace extensions

OLD	NEW