Chromium Code Reviews Chromium Code Reviews
Issue 2888053003:
Network traffic annotation added to OAuth2ApiCallFlow and its subclasses. (Closed)
| Index: components/cryptauth/cryptauth_client_impl.cc |
| diff --git a/components/cryptauth/cryptauth_client_impl.cc b/components/cryptauth/cryptauth_client_impl.cc |
| index 259838598ef08a9ce1856025ef9d3a0dba08081f..95caf3f75fe33a9135f19ec22299d97f3203e28e 100644 |
| --- a/components/cryptauth/cryptauth_client_impl.cc |
| +++ b/components/cryptauth/cryptauth_client_impl.cc |
| @@ -66,44 +66,142 @@ CryptAuthClientImpl::~CryptAuthClientImpl() { |
| void CryptAuthClientImpl::GetMyDevices( |
| const GetMyDevicesRequest& request, |
| const GetMyDevicesCallback& callback, |
| - const ErrorCallback& error_callback) { |
| - MakeApiCall(kGetMyDevicesPath, request, callback, error_callback); |
| + const ErrorCallback& error_callback, |
| + const net::PartialNetworkTrafficAnnotationTag& partial_traffic_annotation) { |
| + MakeApiCall(kGetMyDevicesPath, request, callback, error_callback, |
| + partial_traffic_annotation); |
| } |
| void CryptAuthClientImpl::FindEligibleUnlockDevices( |
| const FindEligibleUnlockDevicesRequest& request, |
| const FindEligibleUnlockDevicesCallback& callback, |
| const ErrorCallback& error_callback) { |
| - MakeApiCall(kFindEligibleUnlockDevicesPath, request, callback, |
| - error_callback); |
| + net::PartialNetworkTrafficAnnotationTag partial_traffic_annotation = |
| + net::DefinePartialNetworkTrafficAnnotation( |
| + "cryptauth_find_eligible_unlock_devices", "oauth2_api_call_flow", |
| + R"( |
| + semantics { |
| + sender: "CryptAuth Device Manager" |
| + description: |
| + "Gets the list of mobile devices that can be used by Smart Lock to " |
| + "unlock the current device." |
| + trigger: |
| + "This request is sent when the user starts the Smart Lock setup flow." |
| + data: "OAuth 2.0 token and the device's public key." |
| + destination: GOOGLE_OWNED_SERVICE |
| + } |
| + policy { |
| + setting: |
| + "This feature cannot be disabled in settings, but the request will " |
| + "only be send if the user explicitly tries to enable Smart Lock " |
|
msramek
2017/06/28 08:40:55
typo: sent
Ramin Halavati
2017/06/28 09:21:29
Done.
|
| + "(EasyUnlock), i.e. starts the setup flow." |
| + chrome_policy { |
| + EasyUnlockAllowed { |
| + EasyUnlockAllowed: false |
| + } |
| + } |
| + })"); |
| + MakeApiCall(kFindEligibleUnlockDevicesPath, request, callback, error_callback, |
| + partial_traffic_annotation); |
| } |
| void CryptAuthClientImpl::SendDeviceSyncTickle( |
| const SendDeviceSyncTickleRequest& request, |
| const SendDeviceSyncTickleCallback& callback, |
| - const ErrorCallback& error_callback) { |
| - MakeApiCall(kSendDeviceSyncTicklePath, request, callback, error_callback); |
| + const ErrorCallback& error_callback, |
| + const net::PartialNetworkTrafficAnnotationTag& partial_traffic_annotation) { |
| + MakeApiCall(kSendDeviceSyncTicklePath, request, callback, error_callback, |
| + partial_traffic_annotation); |
| } |
| void CryptAuthClientImpl::ToggleEasyUnlock( |
| const ToggleEasyUnlockRequest& request, |
| const ToggleEasyUnlockCallback& callback, |
| const ErrorCallback& error_callback) { |
| - MakeApiCall(kToggleEasyUnlockPath, request, callback, error_callback); |
| + net::PartialNetworkTrafficAnnotationTag partial_traffic_annotation = |
| + net::DefinePartialNetworkTrafficAnnotation("cryptauth_toggle_easyunlock", |
| + "oauth2_api_call_flow", R"( |
| + semantics { |
| + sender: "CryptAuth Device Manager" |
| + description: "Enables Smart Lock (EasyUnlock) for the current device." |
| + trigger: |
| + "This request is send after the user goes through the EasyUnlock " |
| + "setup flow." |
| + data: "OAuth 2.0 token and the device public key." |
| + destination: GOOGLE_OWNED_SERVICE |
| + } |
| + policy { |
| + setting: |
| + "This feature cannot be disabled in settings, but the request will " |
| + "only be send if the user explicitly enables Smart Lock " |
| + "(EasyUnlock), i.e. uccessfully complete the setup flow." |
| + chrome_policy { |
| + EasyUnlockAllowed { |
| + EasyUnlockAllowed: false |
| + } |
| + } |
| + })"); |
| + MakeApiCall(kToggleEasyUnlockPath, request, callback, error_callback, |
| + partial_traffic_annotation); |
| } |
| void CryptAuthClientImpl::SetupEnrollment( |
| const SetupEnrollmentRequest& request, |
| const SetupEnrollmentCallback& callback, |
| const ErrorCallback& error_callback) { |
| - MakeApiCall(kSetupEnrollmentPath, request, callback, error_callback); |
| + net::PartialNetworkTrafficAnnotationTag partial_traffic_annotation = |
| + net::DefinePartialNetworkTrafficAnnotation( |
| + "cryptauth_enrollment_flow_setup", "oauth2_api_call_flow", R"( |
| + semantics { |
| + sender: "CryptAuth Device Manager" |
| + description: "Starts the CryptAuth registration flow." |
|
msramek
2017/06/28 08:40:55
Since this cannot be disabled, could you expand th
sacomoto
2017/06/30 10:09:54
The periodic re-enrollments are part of the CryptA
Ramin Halavati
2017/06/30 11:51:36
Done.
|
| + trigger: "Occurs periodically, at least once a month." |
| + data: |
| + "Various device information (public key, bluetooth MAC address, " |
| + "model, OS version, screen size, manufacturer, has screen lock " |
| + "enabled), and OAuth 2.0 token." |
| + destination: GOOGLE_OWNED_SERVICE |
| + } |
| + policy { |
| + setting: |
| + "This feature cannot be disabled by settings. However, this request " |
| + "is made only for signed-in users." |
| + chrome_policy { |
| + SigninAllowed { |
| + SigninAllowed: false |
| + } |
| + } |
| + })"); |
| + MakeApiCall(kSetupEnrollmentPath, request, callback, error_callback, |
| + partial_traffic_annotation); |
| } |
| void CryptAuthClientImpl::FinishEnrollment( |
| const FinishEnrollmentRequest& request, |
| const FinishEnrollmentCallback& callback, |
| const ErrorCallback& error_callback) { |
| - MakeApiCall(kFinishEnrollmentPath, request, callback, error_callback); |
| + net::PartialNetworkTrafficAnnotationTag partial_traffic_annotation = |
| + net::DefinePartialNetworkTrafficAnnotation( |
| + "cryptauth_enrollment_flow_finish", "oauth2_api_call_flow", R"( |
| + semantics { |
| + sender: "CryptAuth Device Manager" |
| + description: "Finishes the CryptAuth registration flow." |
|
msramek
2017/06/28 08:40:55
Ditto here (I understand that this is related to t
sacomoto
2017/06/30 10:09:54
See the previous comment.
Ramin Halavati
2017/06/30 11:51:36
Done.
|
| + trigger: "Occurs periodically, at least once a month." |
| + data: "OAuth 2.0 token." |
| + destination: GOOGLE_OWNED_SERVICE |
| + } |
| + policy { |
| + setting: |
| + "This feature cannot be disabled by settings. However, this request " |
| + "is made only for signed-in users." |
| + chrome_policy { |
| + SigninAllowed { |
| + SigninAllowed: false |
| + } |
| + } |
| + })"); |
| + MakeApiCall(kFinishEnrollmentPath, request, callback, error_callback, |
| + partial_traffic_annotation); |
| } |
| std::string CryptAuthClientImpl::GetAccessTokenUsed() { |
| @@ -115,7 +213,8 @@ void CryptAuthClientImpl::MakeApiCall( |
| const std::string& request_path, |
| const RequestProto& request_proto, |
| const base::Callback<void(const ResponseProto&)>& response_callback, |
| - const ErrorCallback& error_callback) { |
| + const ErrorCallback& error_callback, |
| + const net::PartialNetworkTrafficAnnotationTag& partial_traffic_annotation) { |
| if (has_call_started_) { |
| error_callback.Run( |
| "Client has been used for another request. Do not reuse."); |
| @@ -123,6 +222,9 @@ void CryptAuthClientImpl::MakeApiCall( |
| } |
| has_call_started_ = true; |
| + api_call_flow_->SetPartialNetworkTrafficAnnotation( |
| + partial_traffic_annotation); |
| + |
| // The |device_classifier| field must be present for all CryptAuth requests. |
| RequestProto request_copy(request_proto); |
| request_copy.mutable_device_classifier()->CopyFrom(device_classifier_); |
