Chromium Code Reviews Chromium Code Reviews
Issue 2742743004:
Network traffic annotation added to supervised users. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/supervised_user/legacy/supervised_user_refresh_token_fe tcher.h" | 5 #include "chrome/browser/supervised_user/legacy/supervised_user_refresh_token_fe tcher.h" |
| 6 | 6 |
| 7 #include "base/callback.h" | 7 #include "base/callback.h" |
| 8 #include "base/json/json_reader.h" | 8 #include "base/json/json_reader.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/strings/stringprintf.h" | 10 #include "base/strings/stringprintf.h" |
| 11 #include "base/values.h" | 11 #include "base/values.h" |
| 12 #include "components/data_use_measurement/core/data_use_user_data.h" | 12 #include "components/data_use_measurement/core/data_use_user_data.h" |
| 13 #include "google_apis/gaia/gaia_constants.h" | 13 #include "google_apis/gaia/gaia_constants.h" |
| 14 #include "google_apis/gaia/gaia_oauth_client.h" | 14 #include "google_apis/gaia/gaia_oauth_client.h" |
| 15 #include "google_apis/gaia/gaia_urls.h" | 15 #include "google_apis/gaia/gaia_urls.h" |
| 16 #include "google_apis/gaia/google_service_auth_error.h" | 16 #include "google_apis/gaia/google_service_auth_error.h" |
| 17 #include "google_apis/gaia/oauth2_api_call_flow.h" | 17 #include "google_apis/gaia/oauth2_api_call_flow.h" |
| 18 #include "google_apis/gaia/oauth2_token_service.h" | 18 #include "google_apis/gaia/oauth2_token_service.h" |
| 19 #include "net/base/escape.h" | 19 #include "net/base/escape.h" |
| 20 #include "net/base/load_flags.h" | 20 #include "net/base/load_flags.h" |
| 21 #include "net/base/net_errors.h" | 21 #include "net/base/net_errors.h" |
| 22 #include "net/http/http_status_code.h" | 22 #include "net/http/http_status_code.h" |
| 23 #include "net/traffic_annotation/network_traffic_annotation.h" | |
| 23 #include "net/url_request/url_fetcher.h" | 24 #include "net/url_request/url_fetcher.h" |
| 24 #include "net/url_request/url_request_status.h" | 25 #include "net/url_request/url_request_status.h" |
| 25 | 26 |
| 26 using GaiaConstants::kChromeSyncSupervisedOAuth2Scope; | 27 using GaiaConstants::kChromeSyncSupervisedOAuth2Scope; |
| 27 using base::Time; | 28 using base::Time; |
| 28 using gaia::GaiaOAuthClient; | 29 using gaia::GaiaOAuthClient; |
| 29 using net::URLFetcher; | 30 using net::URLFetcher; |
| 30 using net::URLFetcherDelegate; | 31 using net::URLFetcherDelegate; |
| 31 using net::URLRequestContextGetter; | 32 using net::URLRequestContextGetter; |
| 32 | 33 |
| (...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 154 const std::string& access_token, | 155 const std::string& access_token, |
| 155 const Time& expiration_time) { | 156 const Time& expiration_time) { |
| 156 DCHECK_EQ(access_token_request_.get(), request); | 157 DCHECK_EQ(access_token_request_.get(), request); |
| 157 access_token_ = access_token; | 158 access_token_ = access_token; |
| 158 | 159 |
| 159 GURL url(GaiaUrls::GetInstance()->oauth2_issue_token_url()); | 160 GURL url(GaiaUrls::GetInstance()->oauth2_issue_token_url()); |
| 160 // GaiaOAuthClient uses id 0, so we use 1 to distinguish the requests in | 161 // GaiaOAuthClient uses id 0, so we use 1 to distinguish the requests in |
| 161 // unit tests. | 162 // unit tests. |
| 162 const int id = 1; | 163 const int id = 1; |
| 163 | 164 |
| 164 url_fetcher_ = URLFetcher::Create(id, url, URLFetcher::POST, this); | 165 net::NetworkTrafficAnnotationTag traffic_annotation = |
| 166 net::DefineNetworkTrafficAnnotation( | |
| 167 "supervised_user_refresh_token_fetcher", R"( | |
| 168 semantics { | |
| 169 sender: "Supervised Users" | |
| 170 description: | |
| 171 "Fetches an OAuth2 refresh token scoped down to the supervised " | |
|
Marc Treib
2017/03/14 11:52:46
nit: Capitalize "Supervised User" (for consistency
Ramin Halavati
2017/03/14 11:58:36
Done.
| |
| 172 "user Sync scope and tied to the given Supervised User ID, " | |
| 173 "identifying the Supervised User Profile to be created." | |
| 174 trigger: | |
| 175 "Called when creating a new Supervised User profile in Chrome to " | |
| 176 "fetch OAuth credentials for using Sync with new profile." | |
|
Marc Treib
2017/03/14 11:52:46
s/with new/with the new/
Ramin Halavati
2017/03/14 11:58:36
Done.
| |
| 177 data: | |
| 178 "The request is authenticated with an OAuth2 access token " | |
| 179 "identifying the Google account and contains the following " | |
| 180 "information:\n* The Supervised User ID, a randomly generated " | |
| 181 "64-bit identifier for the profile.\n* The device name, to " | |
| 182 "identify the refresh token in account management." | |
| 183 destination: GOOGLE_OWNED_SERVICE | |
| 184 } | |
| 185 policy { | |
| 186 cookies_allowed: false | |
| 187 setting: | |
| 188 "Users can disable this feature by toggling 'Let anyone add a " | |
| 189 "person to Chrome' in Chromium settings, under People." | |
| 190 chrome_policy { | |
| 191 SupervisedUserCreationEnabled { | |
| 192 policy_options {mode: MANDATORY} | |
| 193 RestrictSigninToPattern: false | |
|
Marc Treib
2017/03/14 11:52:46
I think this should be
SupervisedUserCreationEnabl
Ramin Halavati
2017/03/14 11:58:36
Done.
| |
| 194 } | |
| 195 } | |
| 196 })"); | |
| 197 url_fetcher_ = | |
| 198 URLFetcher::Create(id, url, URLFetcher::POST, this, traffic_annotation); | |
| 165 | 199 |
| 166 data_use_measurement::DataUseUserData::AttachToFetcher( | 200 data_use_measurement::DataUseUserData::AttachToFetcher( |
| 167 url_fetcher_.get(), | 201 url_fetcher_.get(), |
| 168 data_use_measurement::DataUseUserData::SUPERVISED_USER); | 202 data_use_measurement::DataUseUserData::SUPERVISED_USER); |
| 169 url_fetcher_->SetRequestContext(context_); | 203 url_fetcher_->SetRequestContext(context_); |
| 170 url_fetcher_->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | | 204 url_fetcher_->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | |
| 171 net::LOAD_DO_NOT_SAVE_COOKIES); | 205 net::LOAD_DO_NOT_SAVE_COOKIES); |
| 172 url_fetcher_->SetAutomaticallyRetryOnNetworkChanges(kNumRetries); | 206 url_fetcher_->SetAutomaticallyRetryOnNetworkChanges(kNumRetries); |
| 173 url_fetcher_->AddExtraRequestHeader( | 207 url_fetcher_->AddExtraRequestHeader( |
| 174 base::StringPrintf(kAuthorizationHeaderFormat, access_token.c_str())); | 208 base::StringPrintf(kAuthorizationHeaderFormat, access_token.c_str())); |
| (...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 299 const std::string& account_id, | 333 const std::string& account_id, |
| 300 const std::string& device_id, | 334 const std::string& device_id, |
| 301 URLRequestContextGetter* context) { | 335 URLRequestContextGetter* context) { |
| 302 std::unique_ptr<SupervisedUserRefreshTokenFetcher> fetcher( | 336 std::unique_ptr<SupervisedUserRefreshTokenFetcher> fetcher( |
| 303 new SupervisedUserRefreshTokenFetcherImpl( | 337 new SupervisedUserRefreshTokenFetcherImpl( |
| 304 oauth2_token_service, account_id, device_id, context)); | 338 oauth2_token_service, account_id, device_id, context)); |
| 305 return fetcher; | 339 return fetcher; |
| 306 } | 340 } |
| 307 | 341 |
| 308 SupervisedUserRefreshTokenFetcher::~SupervisedUserRefreshTokenFetcher() {} | 342 SupervisedUserRefreshTokenFetcher::~SupervisedUserRefreshTokenFetcher() {} |
| OLD | NEW |
