| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "remoting/host/oauth_token_getter_impl.h" | |
| 6 | |
| 7 #include <utility> | |
| 8 | |
| 9 #include "base/bind.h" | |
| 10 #include "base/callback.h" | |
| 11 #include "base/strings/string_util.h" | |
| 12 #include "google_apis/google_api_keys.h" | |
| 13 #include "net/url_request/url_request_context_getter.h" | |
| 14 #include "remoting/base/logging.h" | |
| 15 | |
| 16 namespace remoting { | |
| 17 | |
| 18 namespace { | |
| 19 | |
| 20 // Maximum number of retries on network/500 errors. | |
| 21 const int kMaxRetries = 3; | |
| 22 | |
| 23 // Time when we we try to update OAuth token before its expiration. | |
| 24 const int kTokenUpdateTimeBeforeExpirySeconds = 60; | |
| 25 | |
| 26 } // namespace | |
| 27 | |
| 28 OAuthTokenGetterImpl::OAuthTokenGetterImpl( | |
| 29 std::unique_ptr<OAuthCredentials> oauth_credentials, | |
| 30 const scoped_refptr<net::URLRequestContextGetter>& | |
| 31 url_request_context_getter, | |
| 32 bool auto_refresh) | |
| 33 : oauth_credentials_(std::move(oauth_credentials)), | |
| 34 gaia_oauth_client_( | |
| 35 new gaia::GaiaOAuthClient(url_request_context_getter.get())), | |
| 36 url_request_context_getter_(url_request_context_getter) { | |
| 37 if (auto_refresh) { | |
| 38 refresh_timer_.reset(new base::OneShotTimer()); | |
| 39 } | |
| 40 } | |
| 41 | |
| 42 OAuthTokenGetterImpl::~OAuthTokenGetterImpl() {} | |
| 43 | |
| 44 void OAuthTokenGetterImpl::OnGetTokensResponse(const std::string& user_email, | |
| 45 const std::string& access_token, | |
| 46 int expires_seconds) { | |
| 47 NOTREACHED(); | |
| 48 } | |
| 49 | |
| 50 void OAuthTokenGetterImpl::OnRefreshTokenResponse( | |
| 51 const std::string& access_token, | |
| 52 int expires_seconds) { | |
| 53 DCHECK(CalledOnValidThread()); | |
| 54 DCHECK(oauth_credentials_.get()); | |
| 55 HOST_LOG << "Received OAuth token."; | |
| 56 | |
| 57 oauth_access_token_ = access_token; | |
| 58 base::TimeDelta token_expiration = | |
| 59 base::TimeDelta::FromSeconds(expires_seconds) - | |
| 60 base::TimeDelta::FromSeconds(kTokenUpdateTimeBeforeExpirySeconds); | |
| 61 auth_token_expiry_time_ = base::Time::Now() + token_expiration; | |
| 62 | |
| 63 if (refresh_timer_) { | |
| 64 refresh_timer_->Stop(); | |
| 65 refresh_timer_->Start(FROM_HERE, token_expiration, this, | |
| 66 &OAuthTokenGetterImpl::RefreshOAuthToken); | |
| 67 } | |
| 68 | |
| 69 if (!oauth_credentials_->is_service_account && !email_verified_) { | |
| 70 gaia_oauth_client_->GetUserEmail(access_token, kMaxRetries, this); | |
| 71 } else { | |
| 72 refreshing_oauth_token_ = false; | |
| 73 NotifyCallbacks(OAuthTokenGetterImpl::SUCCESS, oauth_credentials_->login, | |
| 74 oauth_access_token_); | |
| 75 } | |
| 76 } | |
| 77 | |
| 78 void OAuthTokenGetterImpl::OnGetUserEmailResponse( | |
| 79 const std::string& user_email) { | |
| 80 DCHECK(CalledOnValidThread()); | |
| 81 DCHECK(oauth_credentials_.get()); | |
| 82 HOST_LOG << "Received user info."; | |
| 83 | |
| 84 if (user_email != oauth_credentials_->login) { | |
| 85 LOG(ERROR) << "OAuth token and email address do not refer to " | |
| 86 "the same account."; | |
| 87 OnOAuthError(); | |
| 88 return; | |
| 89 } | |
| 90 | |
| 91 email_verified_ = true; | |
| 92 refreshing_oauth_token_ = false; | |
| 93 | |
| 94 // Now that we've refreshed the token and verified that it's for the correct | |
| 95 // user account, try to connect using the new token. | |
| 96 NotifyCallbacks(OAuthTokenGetterImpl::SUCCESS, user_email, | |
| 97 oauth_access_token_); | |
| 98 } | |
| 99 | |
| 100 void OAuthTokenGetterImpl::NotifyCallbacks(Status status, | |
| 101 const std::string& user_email, | |
| 102 const std::string& access_token) { | |
| 103 std::queue<TokenCallback> callbacks(pending_callbacks_); | |
| 104 pending_callbacks_ = std::queue<TokenCallback>(); | |
| 105 | |
| 106 while (!callbacks.empty()) { | |
| 107 callbacks.front().Run(status, user_email, access_token); | |
| 108 callbacks.pop(); | |
| 109 } | |
| 110 } | |
| 111 | |
| 112 void OAuthTokenGetterImpl::OnOAuthError() { | |
| 113 DCHECK(CalledOnValidThread()); | |
| 114 LOG(ERROR) << "OAuth: invalid credentials."; | |
| 115 refreshing_oauth_token_ = false; | |
| 116 | |
| 117 // Throw away invalid credentials and force a refresh. | |
| 118 oauth_access_token_.clear(); | |
| 119 auth_token_expiry_time_ = base::Time(); | |
| 120 email_verified_ = false; | |
| 121 | |
| 122 NotifyCallbacks(OAuthTokenGetterImpl::AUTH_ERROR, std::string(), | |
| 123 std::string()); | |
| 124 } | |
| 125 | |
| 126 void OAuthTokenGetterImpl::OnNetworkError(int response_code) { | |
| 127 DCHECK(CalledOnValidThread()); | |
| 128 LOG(ERROR) << "Network error when trying to update OAuth token: " | |
| 129 << response_code; | |
| 130 refreshing_oauth_token_ = false; | |
| 131 NotifyCallbacks(OAuthTokenGetterImpl::NETWORK_ERROR, std::string(), | |
| 132 std::string()); | |
| 133 } | |
| 134 | |
| 135 void OAuthTokenGetterImpl::CallWithToken(const TokenCallback& on_access_token) { | |
| 136 DCHECK(CalledOnValidThread()); | |
| 137 bool need_new_auth_token = auth_token_expiry_time_.is_null() || | |
| 138 base::Time::Now() >= auth_token_expiry_time_ || | |
| 139 (!oauth_credentials_->is_service_account && | |
| 140 !email_verified_); | |
| 141 | |
| 142 if (need_new_auth_token) { | |
| 143 pending_callbacks_.push(on_access_token); | |
| 144 if (!refreshing_oauth_token_) | |
| 145 RefreshOAuthToken(); | |
| 146 } else { | |
| 147 on_access_token.Run(SUCCESS, oauth_credentials_->login, | |
| 148 oauth_access_token_); | |
| 149 } | |
| 150 } | |
| 151 | |
| 152 void OAuthTokenGetterImpl::InvalidateCache() { | |
| 153 DCHECK(CalledOnValidThread()); | |
| 154 auth_token_expiry_time_ = base::Time(); | |
| 155 } | |
| 156 | |
| 157 void OAuthTokenGetterImpl::RefreshOAuthToken() { | |
| 158 DCHECK(CalledOnValidThread()); | |
| 159 HOST_LOG << "Refreshing OAuth token."; | |
| 160 DCHECK(!refreshing_oauth_token_); | |
| 161 | |
| 162 // Service accounts use different API keys, as they use the client app flow. | |
| 163 google_apis::OAuth2Client oauth2_client = | |
| 164 oauth_credentials_->is_service_account ? google_apis::CLIENT_REMOTING_HOST | |
| 165 : google_apis::CLIENT_REMOTING; | |
| 166 | |
| 167 gaia::OAuthClientInfo client_info = { | |
| 168 google_apis::GetOAuth2ClientID(oauth2_client), | |
| 169 google_apis::GetOAuth2ClientSecret(oauth2_client), | |
| 170 // Redirect URL is only used when getting tokens from auth code. It | |
| 171 // is not required when getting access tokens. | |
| 172 ""}; | |
| 173 | |
| 174 refreshing_oauth_token_ = true; | |
| 175 std::vector<std::string> empty_scope_list; // Use scope from refresh token. | |
| 176 gaia_oauth_client_->RefreshToken(client_info, | |
| 177 oauth_credentials_->refresh_token, | |
| 178 empty_scope_list, kMaxRetries, this); | |
| 179 } | |
| 180 | |
| 181 } // namespace remoting | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2661153003:
Moving oauth code from host to base to allow code sharing between host and client. (Closed)
