OLD | NEW |
| (Empty) |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "remoting/host/oauth_token_getter_impl.h" | |
6 | |
7 #include <utility> | |
8 | |
9 #include "base/bind.h" | |
10 #include "base/callback.h" | |
11 #include "base/strings/string_util.h" | |
12 #include "google_apis/google_api_keys.h" | |
13 #include "net/url_request/url_request_context_getter.h" | |
14 #include "remoting/base/logging.h" | |
15 | |
16 namespace remoting { | |
17 | |
18 namespace { | |
19 | |
20 // Maximum number of retries on network/500 errors. | |
21 const int kMaxRetries = 3; | |
22 | |
23 // Time when we we try to update OAuth token before its expiration. | |
24 const int kTokenUpdateTimeBeforeExpirySeconds = 60; | |
25 | |
26 } // namespace | |
27 | |
28 OAuthTokenGetterImpl::OAuthTokenGetterImpl( | |
29 std::unique_ptr<OAuthCredentials> oauth_credentials, | |
30 const scoped_refptr<net::URLRequestContextGetter>& | |
31 url_request_context_getter, | |
32 bool auto_refresh) | |
33 : oauth_credentials_(std::move(oauth_credentials)), | |
34 gaia_oauth_client_( | |
35 new gaia::GaiaOAuthClient(url_request_context_getter.get())), | |
36 url_request_context_getter_(url_request_context_getter) { | |
37 if (auto_refresh) { | |
38 refresh_timer_.reset(new base::OneShotTimer()); | |
39 } | |
40 } | |
41 | |
42 OAuthTokenGetterImpl::~OAuthTokenGetterImpl() {} | |
43 | |
44 void OAuthTokenGetterImpl::OnGetTokensResponse(const std::string& user_email, | |
45 const std::string& access_token, | |
46 int expires_seconds) { | |
47 NOTREACHED(); | |
48 } | |
49 | |
50 void OAuthTokenGetterImpl::OnRefreshTokenResponse( | |
51 const std::string& access_token, | |
52 int expires_seconds) { | |
53 DCHECK(CalledOnValidThread()); | |
54 DCHECK(oauth_credentials_.get()); | |
55 HOST_LOG << "Received OAuth token."; | |
56 | |
57 oauth_access_token_ = access_token; | |
58 base::TimeDelta token_expiration = | |
59 base::TimeDelta::FromSeconds(expires_seconds) - | |
60 base::TimeDelta::FromSeconds(kTokenUpdateTimeBeforeExpirySeconds); | |
61 auth_token_expiry_time_ = base::Time::Now() + token_expiration; | |
62 | |
63 if (refresh_timer_) { | |
64 refresh_timer_->Stop(); | |
65 refresh_timer_->Start(FROM_HERE, token_expiration, this, | |
66 &OAuthTokenGetterImpl::RefreshOAuthToken); | |
67 } | |
68 | |
69 if (!oauth_credentials_->is_service_account && !email_verified_) { | |
70 gaia_oauth_client_->GetUserEmail(access_token, kMaxRetries, this); | |
71 } else { | |
72 refreshing_oauth_token_ = false; | |
73 NotifyCallbacks(OAuthTokenGetterImpl::SUCCESS, oauth_credentials_->login, | |
74 oauth_access_token_); | |
75 } | |
76 } | |
77 | |
78 void OAuthTokenGetterImpl::OnGetUserEmailResponse( | |
79 const std::string& user_email) { | |
80 DCHECK(CalledOnValidThread()); | |
81 DCHECK(oauth_credentials_.get()); | |
82 HOST_LOG << "Received user info."; | |
83 | |
84 if (user_email != oauth_credentials_->login) { | |
85 LOG(ERROR) << "OAuth token and email address do not refer to " | |
86 "the same account."; | |
87 OnOAuthError(); | |
88 return; | |
89 } | |
90 | |
91 email_verified_ = true; | |
92 refreshing_oauth_token_ = false; | |
93 | |
94 // Now that we've refreshed the token and verified that it's for the correct | |
95 // user account, try to connect using the new token. | |
96 NotifyCallbacks(OAuthTokenGetterImpl::SUCCESS, user_email, | |
97 oauth_access_token_); | |
98 } | |
99 | |
100 void OAuthTokenGetterImpl::NotifyCallbacks(Status status, | |
101 const std::string& user_email, | |
102 const std::string& access_token) { | |
103 std::queue<TokenCallback> callbacks(pending_callbacks_); | |
104 pending_callbacks_ = std::queue<TokenCallback>(); | |
105 | |
106 while (!callbacks.empty()) { | |
107 callbacks.front().Run(status, user_email, access_token); | |
108 callbacks.pop(); | |
109 } | |
110 } | |
111 | |
112 void OAuthTokenGetterImpl::OnOAuthError() { | |
113 DCHECK(CalledOnValidThread()); | |
114 LOG(ERROR) << "OAuth: invalid credentials."; | |
115 refreshing_oauth_token_ = false; | |
116 | |
117 // Throw away invalid credentials and force a refresh. | |
118 oauth_access_token_.clear(); | |
119 auth_token_expiry_time_ = base::Time(); | |
120 email_verified_ = false; | |
121 | |
122 NotifyCallbacks(OAuthTokenGetterImpl::AUTH_ERROR, std::string(), | |
123 std::string()); | |
124 } | |
125 | |
126 void OAuthTokenGetterImpl::OnNetworkError(int response_code) { | |
127 DCHECK(CalledOnValidThread()); | |
128 LOG(ERROR) << "Network error when trying to update OAuth token: " | |
129 << response_code; | |
130 refreshing_oauth_token_ = false; | |
131 NotifyCallbacks(OAuthTokenGetterImpl::NETWORK_ERROR, std::string(), | |
132 std::string()); | |
133 } | |
134 | |
135 void OAuthTokenGetterImpl::CallWithToken(const TokenCallback& on_access_token) { | |
136 DCHECK(CalledOnValidThread()); | |
137 bool need_new_auth_token = auth_token_expiry_time_.is_null() || | |
138 base::Time::Now() >= auth_token_expiry_time_ || | |
139 (!oauth_credentials_->is_service_account && | |
140 !email_verified_); | |
141 | |
142 if (need_new_auth_token) { | |
143 pending_callbacks_.push(on_access_token); | |
144 if (!refreshing_oauth_token_) | |
145 RefreshOAuthToken(); | |
146 } else { | |
147 on_access_token.Run(SUCCESS, oauth_credentials_->login, | |
148 oauth_access_token_); | |
149 } | |
150 } | |
151 | |
152 void OAuthTokenGetterImpl::InvalidateCache() { | |
153 DCHECK(CalledOnValidThread()); | |
154 auth_token_expiry_time_ = base::Time(); | |
155 } | |
156 | |
157 void OAuthTokenGetterImpl::RefreshOAuthToken() { | |
158 DCHECK(CalledOnValidThread()); | |
159 HOST_LOG << "Refreshing OAuth token."; | |
160 DCHECK(!refreshing_oauth_token_); | |
161 | |
162 // Service accounts use different API keys, as they use the client app flow. | |
163 google_apis::OAuth2Client oauth2_client = | |
164 oauth_credentials_->is_service_account ? google_apis::CLIENT_REMOTING_HOST | |
165 : google_apis::CLIENT_REMOTING; | |
166 | |
167 gaia::OAuthClientInfo client_info = { | |
168 google_apis::GetOAuth2ClientID(oauth2_client), | |
169 google_apis::GetOAuth2ClientSecret(oauth2_client), | |
170 // Redirect URL is only used when getting tokens from auth code. It | |
171 // is not required when getting access tokens. | |
172 ""}; | |
173 | |
174 refreshing_oauth_token_ = true; | |
175 std::vector<std::string> empty_scope_list; // Use scope from refresh token. | |
176 gaia_oauth_client_->RefreshToken(client_info, | |
177 oauth_credentials_->refresh_token, | |
178 empty_scope_list, kMaxRetries, this); | |
179 } | |
180 | |
181 } // namespace remoting | |
OLD | NEW |