components/cryptauth/cryptauth_device_manager.cc - Issue 2888053003: Network traffic annotation added to OAuth2ApiCallFlow and its subclasses.

Side by Side Diff: components/cryptauth/cryptauth_device_manager.cc

Issue 2888053003: Network traffic annotation added to OAuth2ApiCallFlow and its subclasses. (Closed)

Patch Set: Annotations updated. Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « components/cryptauth/cryptauth_client_impl_unittest.cc ('k') | components/cryptauth/cryptauth_device_manager_unittest.cc » ('j') | components/proximity_auth/webui/reachable_phone_flow.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "components/cryptauth/cryptauth_device_manager.h"	5 #include "components/cryptauth/cryptauth_device_manager.h"

6	6

7 #include <stddef.h>	7 #include <stddef.h>

8 #include <stdexcept>	8 #include <stdexcept>

9 #include <utility>	9 #include <utility>

10	10

11 #include "base/base64url.h"	11 #include "base/base64url.h"

12 #include "base/memory/ptr_util.h"	12 #include "base/memory/ptr_util.h"

13 #include "base/strings/string_number_conversions.h"	13 #include "base/strings/string_number_conversions.h"

14 #include "components/cryptauth/cryptauth_client.h"	14 #include "components/cryptauth/cryptauth_client.h"

15 #include "components/cryptauth/pref_names.h"	15 #include "components/cryptauth/pref_names.h"

16 #include "components/cryptauth/sync_scheduler_impl.h"	16 #include "components/cryptauth/sync_scheduler_impl.h"

17 #include "components/prefs/pref_registry_simple.h"	17 #include "components/prefs/pref_registry_simple.h"

18 #include "components/prefs/pref_service.h"	18 #include "components/prefs/pref_service.h"

19 #include "components/prefs/scoped_user_pref_update.h"	19 #include "components/prefs/scoped_user_pref_update.h"

20 #include "components/proximity_auth/logging/logging.h"	20 #include "components/proximity_auth/logging/logging.h"

	21 #include "net/traffic_annotation/network_traffic_annotation.h"

21	22

22 namespace cryptauth {	23 namespace cryptauth {

23	24

24 namespace {	25 namespace {

25	26

26 // The normal period between successful syncs, in hours.	27 // The normal period between successful syncs, in hours.

27 const int kRefreshPeriodHours = 24;	28 const int kRefreshPeriodHours = 24;

28	29

29 // A more aggressive period between sync attempts to recover when the last	30 // A more aggressive period between sync attempts to recover when the last

30 // sync attempt fails, in minutes. This is a base time that increases for each	31 // sync attempt fails, in minutes. This is a base time that increases for each

(...skipping 468 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
499 PA_LOG(ERROR) << "Unable to deserialize unlock key dictionary "	500 PA_LOG(ERROR) << "Unable to deserialize unlock key dictionary "

500 << "(index=" << i << "):\n" << *unlock_key_dictionary;	501 << "(index=" << i << "):\n" << *unlock_key_dictionary;

501 }	502 }

502 } else {	503 } else {

503 PA_LOG(ERROR) << "Can not get dictionary in list of unlock keys "	504 PA_LOG(ERROR) << "Can not get dictionary in list of unlock keys "

504 << "(index=" << i << "):\n" << *unlock_key_list;	505 << "(index=" << i << "):\n" << *unlock_key_list;

505 }	506 }

506 }	507 }

507 }	508 }

508	509

509 void CryptAuthDeviceManager::OnSyncRequested(	510 void CryptAuthDeviceManager::OnSyncRequested(
	sacomoto 2017/06/19 18:25:38 There are essentially two way this method can be c There are essentially two way this method can be called (and then trigger an GetMyDevices API call): periodic or forced. In both cases, the only difference in the annotation should be in the "trigger" value. For the periodic one, we already have all the information to another the request. But this is not true for the forced sync. Any user of this class can call the \|ForceSyncNow\| method and trigger an API call. For the forced sync case, I think there are two alternative here: 1) Be a little bit more vague, and set the ""trigger" to forced sync whenever \|invocation_reason != INVOCATION_REASON_PERIODIC && invocation_reason != INVOCATION_REASON_INITIALIZATION\|. 2) Let the clients of this class set the "trigger" value. Concretely, add a \|trigger\| parameter to the \|ForceSyncNow\| method. Ramin Halavati 2017/06/20 05:35:34 I think it would be good if we give a general desc Show quoted text On 2017/06/19 18:25:38, sacomoto wrote: > There are essentially two way this method can be called (and then trigger an > GetMyDevices API call): periodic or forced. In both cases, the only difference > in the annotation should be in the "trigger" value. > > For the periodic one, we already have all the information to another the > request. But this is not true for the forced sync. Any user of this class can > call the \|ForceSyncNow\| method and trigger an API call. > > For the forced sync case, I think there are two alternative here: > 1) Be a little bit more vague, and set the ""trigger" to forced sync whenever > \|invocation_reason != INVOCATION_REASON_PERIODIC && invocation_reason != > INVOCATION_REASON_INITIALIZATION\|. > 2) Let the clients of this class set the "trigger" value. Concretely, add a > \|trigger\| parameter to the \|ForceSyncNow\| method. I think it would be good if we give a general description of both trigger situations here, like 'Periodically every 24h, or by API request'. We don't have the required structure to define more than 2 level partial annotations now, and I don't feel that we need to expand the structures because of this case as the data and policy are very much the same and it is very improbable that one would like to stop this request based on a specific trigger case. But if you believe so, I can start it that way. sacomoto 2017/06/20 09:48:18 I'm fine with the general description. Show quoted text On 2017/06/20 05:35:34, Ramin Halavati wrote: > On 2017/06/19 18:25:38, sacomoto wrote: > > There are essentially two way this method can be called (and then trigger an > > GetMyDevices API call): periodic or forced. In both cases, the only difference > > in the annotation should be in the "trigger" value. > > > > For the periodic one, we already have all the information to another the > > request. But this is not true for the forced sync. Any user of this class can > > call the \|ForceSyncNow\| method and trigger an API call. > > > > For the forced sync case, I think there are two alternative here: > > 1) Be a little bit more vague, and set the ""trigger" to forced sync whenever > > \|invocation_reason != INVOCATION_REASON_PERIODIC && invocation_reason != > > INVOCATION_REASON_INITIALIZATION\|. > > 2) Let the clients of this class set the "trigger" value. Concretely, add a > > \|trigger\| parameter to the \|ForceSyncNow\| method. > > I think it would be good if we give a general description of both trigger > situations here, like 'Periodically every 24h, or by API request'. > We don't have the required structure to define more than 2 level partial > annotations now, and I don't feel that we need to expand the structures because > of this case as the data and policy are very much the same and it is very > improbable that one would like to stop this request based on a specific trigger > case. But if you believe so, I can start it that way. I'm fine with the general description. Ramin Halavati 2017/06/20 10:46:16 Acknowledged. Show quoted text On 2017/06/20 09:48:18, sacomoto wrote: > On 2017/06/20 05:35:34, Ramin Halavati wrote: > > On 2017/06/19 18:25:38, sacomoto wrote: > > > There are essentially two way this method can be called (and then trigger an > > > GetMyDevices API call): periodic or forced. In both cases, the only > difference > > > in the annotation should be in the "trigger" value. > > > > > > For the periodic one, we already have all the information to another the > > > request. But this is not true for the forced sync. Any user of this class > can > > > call the \|ForceSyncNow\| method and trigger an API call. > > > > > > For the forced sync case, I think there are two alternative here: > > > 1) Be a little bit more vague, and set the ""trigger" to forced sync > whenever > > > \|invocation_reason != INVOCATION_REASON_PERIODIC && invocation_reason != > > > INVOCATION_REASON_INITIALIZATION\|. > > > 2) Let the clients of this class set the "trigger" value. Concretely, add a > > > \|trigger\| parameter to the \|ForceSyncNow\| method. > > > > I think it would be good if we give a general description of both trigger > > situations here, like 'Periodically every 24h, or by API request'. > > We don't have the required structure to define more than 2 level partial > > annotations now, and I don't feel that we need to expand the structures > because > > of this case as the data and policy are very much the same and it is very > > improbable that one would like to stop this request based on a specific > trigger > > case. But if you believe so, I can start it that way. > > I'm fine with the general description. Acknowledged.
510 std::unique_ptr<SyncScheduler::SyncRequest> sync_request) {	511 std::unique_ptr<SyncScheduler::SyncRequest> sync_request) {

511 for (auto& observer : observers_)	512 for (auto& observer : observers_)

512 observer.OnSyncStarted();	513 observer.OnSyncStarted();

513	514

514 sync_request_ = std::move(sync_request);	515 sync_request_ = std::move(sync_request);

515 cryptauth_client_ = client_factory_->CreateInstance();	516 cryptauth_client_ = client_factory_->CreateInstance();

516	517

517 InvocationReason invocation_reason =	518 InvocationReason invocation_reason =

518 INVOCATION_REASON_UNKNOWN;	519 INVOCATION_REASON_UNKNOWN;

519	520

(...skipping 14 matching lines...) Expand all Loading...
534 invocation_reason = INVOCATION_REASON_INITIALIZATION;	535 invocation_reason = INVOCATION_REASON_INITIALIZATION;

535 } else if (IsRecoveringFromFailure()) {	536 } else if (IsRecoveringFromFailure()) {

536 invocation_reason = INVOCATION_REASON_FAILURE_RECOVERY;	537 invocation_reason = INVOCATION_REASON_FAILURE_RECOVERY;

537 } else {	538 } else {

538 invocation_reason = INVOCATION_REASON_PERIODIC;	539 invocation_reason = INVOCATION_REASON_PERIODIC;

539 }	540 }

540	541

541 GetMyDevicesRequest request;	542 GetMyDevicesRequest request;

542 request.set_invocation_reason(invocation_reason);	543 request.set_invocation_reason(invocation_reason);

543 request.set_allow_stale_read(is_sync_speculative);	544 request.set_allow_stale_read(is_sync_speculative);

	545 net::PartialNetworkTrafficAnnotationTag partial_traffic_annotation =

	546 net::DefinePartialNetworkTrafficAnnotation("...", "oauth2_api_call_flow",
	sacomoto 2017/06/20 09:48:18 cryptauth_get_my_devices cryptauth_get_my_devices Ramin Halavati 2017/06/20 10:46:16 Done. Show quoted text On 2017/06/20 09:48:18, sacomoto wrote: > cryptauth_get_my_devices Done.
	547 R"(

	548 semantics {

	549 sender: "..."
	sacomoto 2017/06/20 09:48:18 CryptAuth Device Manager CryptAuth Device Manager Ramin Halavati 2017/06/20 10:46:16 Done. Show quoted text On 2017/06/20 09:48:18, sacomoto wrote: > CryptAuth Device Manager Done.
	550 description: "..."
	sacomoto 2017/06/20 09:48:18 Gets a list of the devices registered (for the sam Gets a list of the devices registered (for the same user) on CryptAuth Ramin Halavati 2017/06/20 10:46:16 Done. Show quoted text On 2017/06/20 09:48:18, sacomoto wrote: > Gets a list of the devices registered (for the same user) on CryptAuth Done.
	551 trigger: "..."
	sacomoto 2017/06/20 09:48:18 Periodically every 24h, or by API request Periodically every 24h, or by API request Ramin Halavati 2017/06/20 10:46:16 Done. Show quoted text On 2017/06/20 09:48:18, sacomoto wrote: > Periodically every 24h, or by API request Done.
	552 data: "..."
	sacomoto 2017/06/20 09:48:18 None None Ramin Halavati 2017/06/20 10:46:15 If sign-in is required, shouldn't this be user aut Show quoted text On 2017/06/20 09:48:18, sacomoto wrote: > None If sign-in is required, shouldn't this be user authentication token? Also for other requests that are dependent on sign-in.
	553 destination: GOOGLE_OWNED_SERVICE

	554 }

	555 policy {

	556 setting: "..."
	sacomoto 2017/06/20 09:48:18 This feature cannot be disabled in settings. This feature cannot be disabled in settings. Ramin Halavati 2017/06/20 10:46:15 Done. Show quoted text On 2017/06/20 09:48:18, sacomoto wrote: > This feature cannot be disabled in settings. Done.
	557 chrome_policy {

	558 [POLICY_NAME] {
	sacomoto 2017/06/20 09:48:18 SigninAllowed SigninAllowed Ramin Halavati 2017/06/20 10:46:16 Done. Show quoted text On 2017/06/20 09:48:18, sacomoto wrote: > SigninAllowed Done.
	559 policy_options {mode: MANDATORY/RECOMMENDED/UNSET}

	560 [POLICY_NAME]: ... //(value to disable it)
	sacomoto 2017/06/20 09:48:18 SigninAllowed: false SigninAllowed: false Ramin Halavati 2017/06/20 10:46:15 Done. Show quoted text On 2017/06/20 09:48:18, sacomoto wrote: > SigninAllowed: false Done.
	561 }

	562 }

	563 policy_exception_justification: "..."

	564 })");

544 cryptauth_client_->GetMyDevices(	565 cryptauth_client_->GetMyDevices(

545 request, base::Bind(&CryptAuthDeviceManager::OnGetMyDevicesSuccess,	566 request,

546 weak_ptr_factory_.GetWeakPtr()),	567 base::Bind(&CryptAuthDeviceManager::OnGetMyDevicesSuccess,

	568 weak_ptr_factory_.GetWeakPtr()),

547 base::Bind(&CryptAuthDeviceManager::OnGetMyDevicesFailure,	569 base::Bind(&CryptAuthDeviceManager::OnGetMyDevicesFailure,

548 weak_ptr_factory_.GetWeakPtr()));	570 weak_ptr_factory_.GetWeakPtr()),

	571 partial_traffic_annotation);

549 }	572 }

550	573

551 } // namespace cryptauth	574 } // namespace cryptauth

OLD	NEW