OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/supervised_user/child_accounts/permission_request_creat
or_apiary.h" | 5 #include "chrome/browser/supervised_user/child_accounts/permission_request_creat
or_apiary.h" |
6 | 6 |
7 #include "base/callback.h" | 7 #include "base/callback.h" |
8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
9 #include "base/json/json_reader.h" | 9 #include "base/json/json_reader.h" |
10 #include "base/json/json_writer.h" | 10 #include "base/json/json_writer.h" |
11 #include "base/logging.h" | 11 #include "base/logging.h" |
12 #include "base/memory/ptr_util.h" | 12 #include "base/memory/ptr_util.h" |
13 #include "base/strings/stringprintf.h" | 13 #include "base/strings/stringprintf.h" |
14 #include "base/values.h" | 14 #include "base/values.h" |
15 #include "chrome/browser/profiles/profile.h" | 15 #include "chrome/browser/profiles/profile.h" |
16 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h" | 16 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h" |
17 #include "chrome/browser/signin/signin_manager_factory.h" | 17 #include "chrome/browser/signin/signin_manager_factory.h" |
18 #include "chrome/browser/supervised_user/child_accounts/kids_management_api.h" | 18 #include "chrome/browser/supervised_user/child_accounts/kids_management_api.h" |
19 #include "chrome/common/chrome_switches.h" | 19 #include "chrome/common/chrome_switches.h" |
20 #include "components/data_use_measurement/core/data_use_user_data.h" | 20 #include "components/data_use_measurement/core/data_use_user_data.h" |
21 #include "components/signin/core/browser/profile_oauth2_token_service.h" | 21 #include "components/signin/core/browser/profile_oauth2_token_service.h" |
22 #include "components/signin/core/browser/signin_manager.h" | 22 #include "components/signin/core/browser/signin_manager.h" |
23 #include "components/signin/core/browser/signin_manager_base.h" | 23 #include "components/signin/core/browser/signin_manager_base.h" |
24 #include "google_apis/gaia/google_service_auth_error.h" | 24 #include "google_apis/gaia/google_service_auth_error.h" |
25 #include "net/base/load_flags.h" | 25 #include "net/base/load_flags.h" |
26 #include "net/base/net_errors.h" | 26 #include "net/base/net_errors.h" |
27 #include "net/http/http_status_code.h" | 27 #include "net/http/http_status_code.h" |
| 28 #include "net/traffic_annotation/network_traffic_annotation.h" |
28 #include "net/url_request/url_fetcher.h" | 29 #include "net/url_request/url_fetcher.h" |
29 #include "net/url_request/url_request_status.h" | 30 #include "net/url_request/url_request_status.h" |
30 #include "url/gurl.h" | 31 #include "url/gurl.h" |
31 | 32 |
32 using net::URLFetcher; | 33 using net::URLFetcher; |
33 | 34 |
34 const char kApiPath[] = "people/me/permissionRequests"; | 35 const char kApiPath[] = "people/me/permissionRequests"; |
35 const char kApiScope[] = "https://www.googleapis.com/auth/kid.permission"; | 36 const char kApiScope[] = "https://www.googleapis.com/auth/kid.permission"; |
36 | 37 |
37 const int kNumRetries = 1; | 38 const int kNumRetries = 1; |
(...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
175 const base::Time& expiration_time) { | 176 const base::Time& expiration_time) { |
176 RequestIterator it = requests_.begin(); | 177 RequestIterator it = requests_.begin(); |
177 while (it != requests_.end()) { | 178 while (it != requests_.end()) { |
178 if (request == (*it)->access_token_request.get()) | 179 if (request == (*it)->access_token_request.get()) |
179 break; | 180 break; |
180 ++it; | 181 ++it; |
181 } | 182 } |
182 DCHECK(it != requests_.end()); | 183 DCHECK(it != requests_.end()); |
183 (*it)->access_token = access_token; | 184 (*it)->access_token = access_token; |
184 | 185 |
185 (*it)->url_fetcher = URLFetcher::Create((*it)->url_fetcher_id, GetApiUrl(), | 186 net::NetworkTrafficAnnotationTag traffic_annotation = |
186 URLFetcher::POST, this); | 187 net::DefineNetworkTrafficAnnotation("permission_request_creator", R"( |
| 188 semantics { |
| 189 sender: "Supervised Users" |
| 190 description: |
| 191 "Requests permission for the user to access a blocked site." |
| 192 trigger: "Initiated by the user." |
| 193 data: |
| 194 "The request is authenticated with an OAuth2 access token " |
| 195 "identifying the Google account and contains the URL that the user " |
| 196 "requests access to." |
| 197 destination: GOOGLE_OWNED_SERVICE |
| 198 } |
| 199 policy { |
| 200 cookies_allowed: false |
| 201 setting: |
| 202 "This feature cannot be disabled in settings and is only enabled " |
| 203 "for child accounts. If sign-in is restricted to accounts from a " |
| 204 "managed domain, those accounts are not going to be child accounts." |
| 205 chrome_policy { |
| 206 RestrictSigninToPattern { |
| 207 policy_options {mode: MANDATORY} |
| 208 RestrictSigninToPattern: "*@manageddomain.com" |
| 209 } |
| 210 } |
| 211 })"); |
| 212 (*it)->url_fetcher = |
| 213 URLFetcher::Create((*it)->url_fetcher_id, GetApiUrl(), URLFetcher::POST, |
| 214 this, traffic_annotation); |
187 | 215 |
188 data_use_measurement::DataUseUserData::AttachToFetcher( | 216 data_use_measurement::DataUseUserData::AttachToFetcher( |
189 (*it)->url_fetcher.get(), | 217 (*it)->url_fetcher.get(), |
190 data_use_measurement::DataUseUserData::SUPERVISED_USER); | 218 data_use_measurement::DataUseUserData::SUPERVISED_USER); |
191 (*it)->url_fetcher->SetRequestContext(context_); | 219 (*it)->url_fetcher->SetRequestContext(context_); |
192 (*it)->url_fetcher->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | | 220 (*it)->url_fetcher->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | |
193 net::LOAD_DO_NOT_SAVE_COOKIES); | 221 net::LOAD_DO_NOT_SAVE_COOKIES); |
194 (*it)->url_fetcher->SetAutomaticallyRetryOnNetworkChanges(kNumRetries); | 222 (*it)->url_fetcher->SetAutomaticallyRetryOnNetworkChanges(kNumRetries); |
195 (*it)->url_fetcher->AddExtraRequestHeader( | 223 (*it)->url_fetcher->AddExtraRequestHeader( |
196 base::StringPrintf(kAuthorizationHeaderFormat, access_token.c_str())); | 224 base::StringPrintf(kAuthorizationHeaderFormat, access_token.c_str())); |
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
277 return; | 305 return; |
278 } | 306 } |
279 DispatchResult(it, true); | 307 DispatchResult(it, true); |
280 } | 308 } |
281 | 309 |
282 void PermissionRequestCreatorApiary::DispatchResult(RequestIterator it, | 310 void PermissionRequestCreatorApiary::DispatchResult(RequestIterator it, |
283 bool success) { | 311 bool success) { |
284 (*it)->callback.Run(success); | 312 (*it)->callback.Run(success); |
285 requests_.erase(it); | 313 requests_.erase(it); |
286 } | 314 } |
OLD | NEW |