| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/managed_mode/permission_request_creator.h" |
| 6 |
| 7 #include "base/callback.h" |
| 8 #include "base/command_line.h" |
| 9 #include "base/json/json_reader.h" |
| 10 #include "base/json/json_writer.h" |
| 11 #include "base/logging.h" |
| 12 #include "base/strings/stringprintf.h" |
| 13 #include "base/values.h" |
| 14 #include "chrome/browser/profiles/profile.h" |
| 15 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h" |
| 16 #include "chrome/browser/signin/signin_manager_factory.h" |
| 17 #include "chrome/browser/sync/managed_user_signin_manager_wrapper.h" |
| 18 #include "chrome/common/chrome_switches.h" |
| 19 #include "components/signin/core/browser/profile_oauth2_token_service.h" |
| 20 #include "components/signin/core/browser/signin_manager.h" |
| 21 #include "components/signin/core/browser/signin_manager_base.h" |
| 22 #include "google_apis/gaia/gaia_constants.h" |
| 23 #include "google_apis/gaia/google_service_auth_error.h" |
| 24 #include "google_apis/gaia/oauth2_api_call_flow.h" |
| 25 #include "google_apis/gaia/oauth2_token_service.h" |
| 26 #include "net/base/escape.h" |
| 27 #include "net/base/load_flags.h" |
| 28 #include "net/base/net_errors.h" |
| 29 #include "net/http/http_status_code.h" |
| 30 #include "net/url_request/url_fetcher.h" |
| 31 #include "net/url_request/url_request_status.h" |
| 32 |
| 33 using base::Time; |
| 34 using net::URLFetcher; |
| 35 using net::URLFetcherDelegate; |
| 36 using net::URLRequestContextGetter; |
| 37 |
| 38 namespace { |
| 39 |
| 40 const int kNumRetries = 1; |
| 41 const char kIdKey[] = "id"; |
| 42 const char kNamespace[] = "CHROME"; |
| 43 const char kState[] = "PENDING"; |
| 44 |
| 45 static const char kAuthorizationHeaderFormat[] = |
| 46 "Authorization: Bearer %s"; |
| 47 |
| 48 class PermissionRequestCreatorImpl |
| 49 : public PermissionRequestCreator, |
| 50 public OAuth2TokenService::Consumer, |
| 51 public URLFetcherDelegate { |
| 52 public: |
| 53 PermissionRequestCreatorImpl( |
| 54 OAuth2TokenService* oauth2_token_service, |
| 55 scoped_ptr<ManagedUserSigninManagerWrapper> signin_wrapper, |
| 56 URLRequestContextGetter* context); |
| 57 virtual ~PermissionRequestCreatorImpl(); |
| 58 |
| 59 // PermissionRequestCreator implementation: |
| 60 virtual void CreatePermissionRequest( |
| 61 const std::string& url_requested, |
| 62 const PermissionRequestCallback& callback) OVERRIDE; |
| 63 |
| 64 protected: |
| 65 // OAuth2TokenService::Consumer implementation: |
| 66 virtual void OnGetTokenSuccess(const OAuth2TokenService::Request* request, |
| 67 const std::string& access_token, |
| 68 const Time& expiration_time) OVERRIDE; |
| 69 virtual void OnGetTokenFailure(const OAuth2TokenService::Request* request, |
| 70 const GoogleServiceAuthError& error) OVERRIDE; |
| 71 |
| 72 // net::URLFetcherDelegate implementation. |
| 73 virtual void OnURLFetchComplete(const URLFetcher* source) OVERRIDE; |
| 74 |
| 75 private: |
| 76 // Requests an access token, which is the first thing we need. This is where |
| 77 // we restart when the returned access token has expired. |
| 78 void StartFetching(); |
| 79 |
| 80 void DispatchNetworkError(int error_code); |
| 81 void DispatchGoogleServiceAuthError(const GoogleServiceAuthError& error); |
| 82 OAuth2TokenService* oauth2_token_service_; |
| 83 scoped_ptr<ManagedUserSigninManagerWrapper> signin_wrapper_; |
| 84 PermissionRequestCallback callback_; |
| 85 URLRequestContextGetter* context_; |
| 86 std::string url_requested_; |
| 87 scoped_ptr<OAuth2TokenService::Request> access_token_request_; |
| 88 std::string access_token_; |
| 89 bool access_token_expired_; |
| 90 scoped_ptr<URLFetcher> url_fetcher_; |
| 91 }; |
| 92 |
| 93 PermissionRequestCreatorImpl::PermissionRequestCreatorImpl( |
| 94 OAuth2TokenService* oauth2_token_service, |
| 95 scoped_ptr<ManagedUserSigninManagerWrapper> signin_wrapper, |
| 96 URLRequestContextGetter* context) |
| 97 : OAuth2TokenService::Consumer("permissions_creator"), |
| 98 oauth2_token_service_(oauth2_token_service), |
| 99 signin_wrapper_(signin_wrapper.Pass()), |
| 100 context_(context), |
| 101 access_token_expired_(false) {} |
| 102 |
| 103 PermissionRequestCreatorImpl::~PermissionRequestCreatorImpl() {} |
| 104 |
| 105 void PermissionRequestCreatorImpl::CreatePermissionRequest( |
| 106 const std::string& url_requested, |
| 107 const PermissionRequestCallback& callback) { |
| 108 url_requested_ = url_requested; |
| 109 callback_ = callback; |
| 110 StartFetching(); |
| 111 } |
| 112 |
| 113 void PermissionRequestCreatorImpl::StartFetching() { |
| 114 OAuth2TokenService::ScopeSet scopes; |
| 115 scopes.insert(signin_wrapper_->GetSyncScopeToUse()); |
| 116 access_token_request_ = oauth2_token_service_->StartRequest( |
| 117 signin_wrapper_->GetAccountIdToUse(), scopes, this); |
| 118 } |
| 119 |
| 120 void PermissionRequestCreatorImpl::OnGetTokenSuccess( |
| 121 const OAuth2TokenService::Request* request, |
| 122 const std::string& access_token, |
| 123 const Time& expiration_time) { |
| 124 DCHECK_EQ(access_token_request_.get(), request); |
| 125 access_token_ = access_token; |
| 126 GURL url(CommandLine::ForCurrentProcess()->GetSwitchValueASCII( |
| 127 switches::kPermissionRequestApiUrl)); |
| 128 const int id = 0; |
| 129 |
| 130 url_fetcher_.reset(URLFetcher::Create(id, url, URLFetcher::POST, this)); |
| 131 |
| 132 url_fetcher_->SetRequestContext(context_); |
| 133 url_fetcher_->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | |
| 134 net::LOAD_DO_NOT_SAVE_COOKIES); |
| 135 url_fetcher_->SetAutomaticallyRetryOnNetworkChanges(kNumRetries); |
| 136 url_fetcher_->AddExtraRequestHeader( |
| 137 base::StringPrintf(kAuthorizationHeaderFormat, access_token.c_str())); |
| 138 |
| 139 base::DictionaryValue dict; |
| 140 dict.SetStringWithoutPathExpansion("namespace", kNamespace); |
| 141 dict.SetStringWithoutPathExpansion("objectRef", url_requested_); |
| 142 dict.SetStringWithoutPathExpansion("state", kState); |
| 143 std::string body; |
| 144 base::JSONWriter::Write(&dict, &body); |
| 145 url_fetcher_->SetUploadData("application/json", body); |
| 146 |
| 147 url_fetcher_->Start(); |
| 148 } |
| 149 |
| 150 void PermissionRequestCreatorImpl::OnGetTokenFailure( |
| 151 const OAuth2TokenService::Request* request, |
| 152 const GoogleServiceAuthError& error) { |
| 153 DCHECK_EQ(access_token_request_.get(), request); |
| 154 callback_.Run(error); |
| 155 callback_.Reset(); |
| 156 } |
| 157 |
| 158 void PermissionRequestCreatorImpl::OnURLFetchComplete( |
| 159 const URLFetcher* source) { |
| 160 const net::URLRequestStatus& status = source->GetStatus(); |
| 161 if (!status.is_success()) { |
| 162 DispatchNetworkError(status.error()); |
| 163 return; |
| 164 } |
| 165 |
| 166 int response_code = source->GetResponseCode(); |
| 167 if (response_code == net::HTTP_UNAUTHORIZED && !access_token_expired_) { |
| 168 access_token_expired_ = true; |
| 169 OAuth2TokenService::ScopeSet scopes; |
| 170 scopes.insert(GaiaConstants::kChromeSyncManagedOAuth2Scope); |
| 171 oauth2_token_service_->InvalidateToken( |
| 172 signin_wrapper_->GetAccountIdToUse(), scopes, access_token_); |
| 173 StartFetching(); |
| 174 return; |
| 175 } |
| 176 |
| 177 if (response_code != net::HTTP_OK) { |
| 178 DLOG(WARNING) << "HTTP error " << response_code; |
| 179 DispatchGoogleServiceAuthError( |
| 180 GoogleServiceAuthError(GoogleServiceAuthError::CONNECTION_FAILED)); |
| 181 return; |
| 182 } |
| 183 |
| 184 std::string response_body; |
| 185 source->GetResponseAsString(&response_body); |
| 186 scoped_ptr<base::Value> value(base::JSONReader::Read(response_body)); |
| 187 base::DictionaryValue* dict = NULL; |
| 188 if (!value || !value->GetAsDictionary(&dict)) { |
| 189 DispatchNetworkError(net::ERR_INVALID_RESPONSE); |
| 190 return; |
| 191 } |
| 192 std::string id; |
| 193 if (!dict->GetString(kIdKey, &id)) { |
| 194 DispatchNetworkError(net::ERR_INVALID_RESPONSE); |
| 195 return; |
| 196 } |
| 197 callback_.Run(GoogleServiceAuthError(GoogleServiceAuthError::NONE)); |
| 198 callback_.Reset(); |
| 199 } |
| 200 |
| 201 void PermissionRequestCreatorImpl::DispatchNetworkError(int error_code) { |
| 202 DispatchGoogleServiceAuthError( |
| 203 GoogleServiceAuthError::FromConnectionError(error_code)); |
| 204 } |
| 205 |
| 206 void PermissionRequestCreatorImpl::DispatchGoogleServiceAuthError( |
| 207 const GoogleServiceAuthError& error) { |
| 208 callback_.Run(error); |
| 209 callback_.Reset(); |
| 210 } |
| 211 |
| 212 } // namespace |
| 213 |
| 214 // static |
| 215 scoped_ptr<PermissionRequestCreator> PermissionRequestCreator::Create( |
| 216 OAuth2TokenService* oauth2_token_service, |
| 217 scoped_ptr<ManagedUserSigninManagerWrapper> signin_wrapper, |
| 218 net::URLRequestContextGetter* context) { |
| 219 scoped_ptr<PermissionRequestCreator> creator( |
| 220 new PermissionRequestCreatorImpl(oauth2_token_service, |
| 221 signin_wrapper.Pass(), |
| 222 context)); |
| 223 return creator.Pass(); |
| 224 } |
| 225 |
| 226 // static |
| 227 scoped_ptr<PermissionRequestCreator> |
| 228 PermissionRequestCreator::CreateWithProfile(Profile* profile) { |
| 229 ProfileOAuth2TokenService* token_service = |
| 230 ProfileOAuth2TokenServiceFactory::GetForProfile(profile); |
| 231 SigninManagerBase* signin = SigninManagerFactory::GetForProfile(profile); |
| 232 scoped_ptr<ManagedUserSigninManagerWrapper> signin_wrapper( |
| 233 new ManagedUserSigninManagerWrapper(profile, signin)); |
| 234 scoped_ptr<PermissionRequestCreator> creator( |
| 235 new PermissionRequestCreatorImpl(token_service, |
| 236 signin_wrapper.Pass(), |
| 237 profile->GetRequestContext())); |
| 238 return creator.Pass(); |
| 239 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 288913003:
Add permission request creator class. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src