OLD | NEW |
| (Empty) |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #if !defined(__has_feature) || !__has_feature(objc_arc) | |
6 #error "This file requires ARC support." | |
7 #endif | |
8 | |
9 #import "remoting/client/ios/facade/remoting_authentication.h" | |
10 | |
11 #import <Foundation/Foundation.h> | |
12 #import <Security/Security.h> | |
13 | |
14 #import "base/mac/bind_objc_block.h" | |
15 #import "remoting/client/ios/facade/host_info.h" | |
16 #import "remoting/client/ios/facade/host_list_fetcher.h" | |
17 #import "remoting/client/ios/facade/ios_client_runtime_delegate.h" | |
18 #import "remoting/client/ios/facade/remoting_service.h" | |
19 #import "remoting/client/ios/keychain_wrapper.h" | |
20 | |
21 #include "base/logging.h" | |
22 #include "base/strings/sys_string_conversions.h" | |
23 #include "net/url_request/url_request_context_getter.h" | |
24 #include "remoting/base/oauth_token_getter.h" | |
25 #include "remoting/base/oauth_token_getter_impl.h" | |
26 | |
27 static NSString* const kCRDAuthenticatedUserEmailKey = | |
28 @"kCRDAuthenticatedUserEmailKey"; | |
29 | |
30 const char kOauthRedirectUrl[] = | |
31 "https://chromoting-oauth.talkgadget." | |
32 "google.com/talkgadget/oauth/chrome-remote-desktop/dev"; | |
33 | |
34 std::unique_ptr<remoting::OAuthTokenGetter> | |
35 CreateOAuthTokenGetterWithAuthorizationCode( | |
36 const std::string& auth_code, | |
37 const remoting::OAuthTokenGetter::CredentialsUpdatedCallback& | |
38 on_credentials_update) { | |
39 std::unique_ptr<remoting::OAuthTokenGetter::OAuthIntermediateCredentials> | |
40 oauth_credentials( | |
41 new remoting::OAuthTokenGetter::OAuthIntermediateCredentials( | |
42 auth_code, /*is_service_account=*/false)); | |
43 oauth_credentials->oauth_redirect_uri = kOauthRedirectUrl; | |
44 | |
45 std::unique_ptr<remoting::OAuthTokenGetter> oauth_tokenGetter( | |
46 new remoting::OAuthTokenGetterImpl( | |
47 std::move(oauth_credentials), on_credentials_update, | |
48 [RemotingService SharedInstance].runtime->url_requester(), | |
49 /*auto_refresh=*/true)); | |
50 return oauth_tokenGetter; | |
51 } | |
52 | |
53 std::unique_ptr<remoting::OAuthTokenGetter> CreateOAuthTokenWithRefreshToken( | |
54 const std::string& refresh_token, | |
55 const std::string& email) { | |
56 std::unique_ptr<remoting::OAuthTokenGetter::OAuthAuthorizationCredentials> | |
57 oauth_credentials( | |
58 new remoting::OAuthTokenGetter::OAuthAuthorizationCredentials( | |
59 email, refresh_token, /*is_service_account=*/false)); | |
60 | |
61 std::unique_ptr<remoting::OAuthTokenGetter> oauth_tokenGetter( | |
62 new remoting::OAuthTokenGetterImpl( | |
63 std::move(oauth_credentials), | |
64 [RemotingService SharedInstance].runtime->url_requester(), | |
65 /*auto_refresh=*/true)); | |
66 return oauth_tokenGetter; | |
67 } | |
68 | |
69 @interface RemotingAuthentication () { | |
70 std::unique_ptr<remoting::OAuthTokenGetter> _tokenGetter; | |
71 KeychainWrapper* _keychainWrapper; | |
72 BOOL _firstLoadUserAttempt; | |
73 } | |
74 @end | |
75 | |
76 @implementation RemotingAuthentication | |
77 | |
78 @synthesize user = _user; | |
79 @synthesize delegate = _delegate; | |
80 | |
81 - (instancetype)init { | |
82 self = [super init]; | |
83 if (self) { | |
84 _keychainWrapper = [[KeychainWrapper alloc] init]; | |
85 _user = nil; | |
86 _firstLoadUserAttempt = YES; | |
87 } | |
88 return self; | |
89 } | |
90 | |
91 #pragma mark - Property Overrides | |
92 | |
93 - (UserInfo*)user { | |
94 if (_firstLoadUserAttempt && _user == nil) { | |
95 _firstLoadUserAttempt = NO; | |
96 [self setUser:[self loadUserInfo]]; | |
97 } | |
98 return _user; | |
99 } | |
100 | |
101 - (void)setUser:(UserInfo*)user { | |
102 _user = user; | |
103 [self storeUserInfo:_user]; | |
104 [_delegate userDidUpdate:_user]; | |
105 } | |
106 | |
107 #pragma mark - Class Implementation | |
108 | |
109 - (void)authenticateWithAuthorizationCode:(NSString*)authorizationCode { | |
110 __weak RemotingAuthentication* weakSelf = self; | |
111 _tokenGetter = CreateOAuthTokenGetterWithAuthorizationCode( | |
112 std::string(base::SysNSStringToUTF8(authorizationCode)), | |
113 base::BindBlockArc( | |
114 ^(const std::string& user_email, const std::string& refresh_token) { | |
115 // TODO(nicholss): Do something with these new creds. | |
116 VLOG(1) << "New Creds: " << user_email << " " << refresh_token; | |
117 UserInfo* user = [[UserInfo alloc] init]; | |
118 user.userEmail = base::SysUTF8ToNSString(user_email); | |
119 user.refreshToken = base::SysUTF8ToNSString(refresh_token); | |
120 [weakSelf setUser:user]; | |
121 })); | |
122 // Stimulate the oAuth Token Getter to fetch and access token, this forces it | |
123 // to convert the authorization code into a refresh token, and saving the | |
124 // refresh token will happen automaticly in the above block. | |
125 [self callbackWithAccessToken:base::BindBlockArc(^( | |
126 remoting::OAuthTokenGetter::Status status, | |
127 const std::string& user_email, | |
128 const std::string& access_token) { | |
129 if (status == remoting::OAuthTokenGetter::Status::SUCCESS) { | |
130 VLOG(1) << "Success fetching access token from authorization code."; | |
131 } else { | |
132 LOG(ERROR) | |
133 << "Failed to fetch access token from authorization code. (" | |
134 << status << ")"; | |
135 // TODO(nicholss): Deal with the sad path for a bad auth token. | |
136 } | |
137 })]; | |
138 } | |
139 | |
140 #pragma mark - Private | |
141 | |
142 // Provide the |refreshToken| and |email| to authenticate a user as a returning | |
143 // user of the application. | |
144 - (void)authenticateWithRefreshToken:(NSString*)refreshToken | |
145 email:(NSString*)email { | |
146 _tokenGetter = CreateOAuthTokenWithRefreshToken( | |
147 std::string(base::SysNSStringToUTF8(refreshToken)), | |
148 base::SysNSStringToUTF8(email)); | |
149 } | |
150 | |
151 - (void)callbackWithAccessToken: | |
152 (const remoting::OAuthTokenGetter::TokenCallback&)onAccessToken { | |
153 // TODO(nicholss): Be careful here since a failure to reset onAccessToken | |
154 // will end up with retain cycle and memory leakage. | |
155 if (_tokenGetter) { | |
156 _tokenGetter->CallWithToken(onAccessToken); | |
157 } | |
158 } | |
159 | |
160 - (void)logout { | |
161 [self storeUserInfo:nil]; | |
162 [self setUser:nil]; | |
163 } | |
164 | |
165 #pragma mark - Persistence | |
166 | |
167 - (void)storeUserInfo:(UserInfo*)user { | |
168 NSUserDefaults* defaults = [NSUserDefaults standardUserDefaults]; | |
169 if (user) { | |
170 [defaults setObject:user.userEmail forKey:kCRDAuthenticatedUserEmailKey]; | |
171 // TODO(nicholss): Need to match the token with the email. | |
172 [_keychainWrapper setRefreshToken:user.refreshToken]; | |
173 } else { | |
174 [defaults removeObjectForKey:kCRDAuthenticatedUserEmailKey]; | |
175 [_keychainWrapper resetKeychainItem]; | |
176 } | |
177 [defaults synchronize]; | |
178 } | |
179 | |
180 - (UserInfo*)loadUserInfo { | |
181 UserInfo* user = [[UserInfo alloc] init]; | |
182 NSUserDefaults* defaults = [NSUserDefaults standardUserDefaults]; | |
183 user.userEmail = [defaults objectForKey:kCRDAuthenticatedUserEmailKey]; | |
184 // TODO(nicholss): Need to match the token with the email. | |
185 user.refreshToken = [_keychainWrapper refreshToken]; | |
186 | |
187 if (!user || ![user isAuthenticated]) { | |
188 user = nil; | |
189 } else { | |
190 [self authenticateWithRefreshToken:user.refreshToken email:user.userEmail]; | |
191 } | |
192 return user; | |
193 } | |
194 | |
195 @end | |
OLD | NEW |