chrome/browser/managed_mode/permission_request_creator.cc - Issue 288913003: Add permission request creator class.

Side by Side Diff: chrome/browser/managed_mode/permission_request_creator.cc

Issue 288913003: Add permission request creator class. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Remove unnecessary brackets. Created 6 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 // Copyright 2014 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chrome/browser/managed_mode/permission_request_creator.h"

	6

	7 #include "base/callback.h"

	8 #include "base/command_line.h"

	9 #include "base/json/json_reader.h"

	10 #include "base/json/json_writer.h"

	11 #include "base/logging.h"

	12 #include "base/strings/stringprintf.h"

	13 #include "base/values.h"

	14 #include "chrome/browser/profiles/profile.h"

	15 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"

	16 #include "chrome/browser/signin/signin_manager_factory.h"

	17 #include "chrome/browser/sync/managed_user_signin_manager_wrapper.h"

	18 #include "chrome/common/chrome_switches.h"

	19 #include "components/signin/core/browser/profile_oauth2_token_service.h"

	20 #include "components/signin/core/browser/signin_manager.h"

	21 #include "components/signin/core/browser/signin_manager_base.h"

	22 #include "google_apis/gaia/gaia_constants.h"

	23 #include "google_apis/gaia/google_service_auth_error.h"

	24 #include "google_apis/gaia/oauth2_api_call_flow.h"

	25 #include "google_apis/gaia/oauth2_token_service.h"

	26 #include "net/base/escape.h"

	27 #include "net/base/load_flags.h"

	28 #include "net/base/net_errors.h"

	29 #include "net/http/http_status_code.h"

	30 #include "net/url_request/url_fetcher.h"

	31 #include "net/url_request/url_request_status.h"

	32

	33 using base::Time;

	34 using net::URLFetcher;

	35 using net::URLFetcherDelegate;

	36 using net::URLRequestContextGetter;

	37

	38 namespace {

	39

	40 const int kNumRetries = 1;

	41 const char kIdKey[] = "id";

	42 const char kNamespace[] = "CHROME";

	43 const char kState[] = "PENDING";

	44

	45 static const char kAuthorizationHeaderFormat[] =

	46 "Authorization: Bearer %s";

	47

	48 class PermissionRequestCreatorImpl

	49 : public PermissionRequestCreator,

	50 public OAuth2TokenService::Consumer,

	51 public URLFetcherDelegate {

	52 public:

	53 PermissionRequestCreatorImpl(OAuth2TokenService* oauth2_token_service,

	54 const std::string& account_id,

	55 URLRequestContextGetter* context);

	56 virtual ~PermissionRequestCreatorImpl();

	57

	58 // PermissionRequestCreator implementation:

	59 virtual void CreatePermissionRequest(

	60 const std::string& url_requested,

	61 const PermissionRequestCallback& callback) OVERRIDE;

	62

	63 protected:

	64 // OAuth2TokenService::Consumer implementation:

	65 virtual void OnGetTokenSuccess(const OAuth2TokenService::Request* request,

	66 const std::string& access_token,

	67 const Time& expiration_time) OVERRIDE;

	68 virtual void OnGetTokenFailure(const OAuth2TokenService::Request* request,

	69 const GoogleServiceAuthError& error) OVERRIDE;

	70

	71 // net::URLFetcherDelegate implementation.

	72 virtual void OnURLFetchComplete(const URLFetcher* source) OVERRIDE;

	73

	74 private:

	75 // Requests an access token, which is the first thing we need. This is where

	76 // we restart when the returned access token has expired.

	77 void StartFetching();

	78

	79 void DispatchNetworkError(int error_code);

	80 void DispatchGoogleServiceAuthError(const GoogleServiceAuthError& error,

	81 const std::string& token);

	82 OAuth2TokenService* oauth2_token_service_;

	83 std::string account_id_;

	84 PermissionRequestCallback callback_;

	85 URLRequestContextGetter* context_;

	86 std::string url_requested_;

	87 scoped_ptr<OAuth2TokenService::Request> access_token_request_;

	88 std::string access_token_;

	89 bool access_token_expired_;

	90 scoped_ptr<URLFetcher> url_fetcher_;

	91 };

	92

	93 PermissionRequestCreatorImpl::PermissionRequestCreatorImpl(

	94 OAuth2TokenService* oauth2_token_service,

	95 const std::string& account_id,

	96 URLRequestContextGetter* context)

	97 : OAuth2TokenService::Consumer("managed_user"),
	Bernhard Bauer 2014/05/15 16:23:35 Should we use a different ID here? Should we use a different ID here? Adrian Kuegel 2014/05/16 13:21:57 What about "permissions_creator"? Show quoted text On 2014/05/15 16:23:35, Bernhard Bauer wrote: > Should we use a different ID here? What about "permissions_creator"? Bernhard Bauer 2014/05/16 13:52:36 SG. We can still use "managed user" in there, it j Show quoted text On 2014/05/16 13:21:57, Adrian Kuegel wrote: > On 2014/05/15 16:23:35, Bernhard Bauer wrote: > > Should we use a different ID here? > > What about "permissions_creator"? SG. We can still use "managed user" in there, it just shouldn't be the exact same string, as that would sort of defeat the purpose.
	98 oauth2_token_service_(oauth2_token_service),

	99 account_id_(account_id),

	100 context_(context),

	101 access_token_expired_(false) {}

	102

	103 PermissionRequestCreatorImpl::~PermissionRequestCreatorImpl() {}

	104

	105 void PermissionRequestCreatorImpl::CreatePermissionRequest(

	106 const std::string& url_requested,

	107 const PermissionRequestCallback& callback) {

	108 url_requested_ = url_requested;

	109 callback_ = callback;

	110 StartFetching();

	111 }

	112

	113 void PermissionRequestCreatorImpl::StartFetching() {

	114 OAuth2TokenService::ScopeSet scopes;

	115 scopes.insert(GaiaConstants::kChromeSyncManagedOAuth2Scope);

	116 access_token_request_ = oauth2_token_service_->StartRequest(

	117 account_id_, scopes, this);

	118 }

	119

	120 void PermissionRequestCreatorImpl::OnGetTokenSuccess(

	121 const OAuth2TokenService::Request* request,

	122 const std::string& access_token,

	123 const Time& expiration_time) {

	124 DCHECK_EQ(access_token_request_.get(), request);

	125 access_token_ = access_token;
	Bernhard Bauer 2014/05/15 16:23:35 We don't really use the \|access_token_\| outside of We don't really use the \|access_token_\| outside of this method. Adrian Kuegel 2014/05/16 13:21:57 It is also used in OnURLFetchComplete for invalida Show quoted text On 2014/05/15 16:23:35, Bernhard Bauer wrote: > We don't really use the \|access_token_\| outside of this method. It is also used in OnURLFetchComplete for invalidating the token if the http request fails.
	126 GURL url(CommandLine::ForCurrentProcess()->GetSwitchValueASCII(

	127 switches::kPermissionRequestApiUrl));

	128 const int id = 0;

	129

	130 url_fetcher_.reset(URLFetcher::Create(id, url, URLFetcher::POST, this));

	131

	132 url_fetcher_->SetRequestContext(context_);

	133 url_fetcher_->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES \|

	134 net::LOAD_DO_NOT_SAVE_COOKIES);

	135 url_fetcher_->SetAutomaticallyRetryOnNetworkChanges(kNumRetries);

	136 url_fetcher_->AddExtraRequestHeader(

	137 base::StringPrintf(kAuthorizationHeaderFormat, access_token.c_str()));

	138

	139 base::DictionaryValue dict;

	140 dict.SetStringWithoutPathExpansion("namespace", kNamespace);

	141 dict.SetStringWithoutPathExpansion("objectRef", url_requested_);

	142 dict.SetStringWithoutPathExpansion("state", kState);

	143 std::string body;

	144 base::JSONWriter::Write(&dict, &body);

	145 url_fetcher_->SetUploadData("application/json", body);

	146

	147 url_fetcher_->Start();

	148 }

	149

	150 void PermissionRequestCreatorImpl::OnGetTokenFailure(

	151 const OAuth2TokenService::Request* request,

	152 const GoogleServiceAuthError& error) {

	153 DCHECK_EQ(access_token_request_.get(), request);

	154 callback_.Run(error);

	155 callback_.Reset();

	156 }

	157

	158 void PermissionRequestCreatorImpl::OnURLFetchComplete(

	159 const URLFetcher* source) {

	160 const net::URLRequestStatus& status = source->GetStatus();

	161 if (!status.is_success()) {

	162 DispatchNetworkError(status.error());

	163 return;

	164 }

	165

	166 int response_code = source->GetResponseCode();

	167 if (response_code == net::HTTP_UNAUTHORIZED && !access_token_expired_) {

	168 access_token_expired_ = true;

	169 OAuth2TokenService::ScopeSet scopes;

	170 scopes.insert(GaiaConstants::kChromeSyncManagedOAuth2Scope);

	171 oauth2_token_service_->InvalidateToken(account_id_, scopes, access_token_);

	172 StartFetching();

	173 return;

	174 }

	175

	176 if (response_code != net::HTTP_OK) {

	177 DLOG(WARNING) << "HTTP error " << response_code;

	178 DispatchGoogleServiceAuthError(

	179 GoogleServiceAuthError(GoogleServiceAuthError::CONNECTION_FAILED),

	180 std::string());

	181 return;

	182 }

	183

	184 std::string response_body;

	185 source->GetResponseAsString(&response_body);

	186 scoped_ptr<base::Value> value(base::JSONReader::Read(response_body));

	187 base::DictionaryValue* dict = NULL;

	188 if (!value \|\| !value->GetAsDictionary(&dict)) {

	189 DispatchNetworkError(net::ERR_INVALID_RESPONSE);

	190 return;

	191 }

	192 std::string id;

	193 if (!dict->GetString(kIdKey, &id)) {

	194 DispatchNetworkError(net::ERR_INVALID_RESPONSE);

	195 return;

	196 }

	197 }

	198

	199 void PermissionRequestCreatorImpl::DispatchNetworkError(int error_code) {

	200 DispatchGoogleServiceAuthError(

	201 GoogleServiceAuthError::FromConnectionError(error_code), std::string());

	202 }

	203

	204 void PermissionRequestCreatorImpl::DispatchGoogleServiceAuthError(

	205 const GoogleServiceAuthError& error,

	206 const std::string& token) {
	Bernhard Bauer 2014/05/15 16:23:35 This parameter is unnecessary. This parameter is unnecessary. Adrian Kuegel 2014/05/16 13:21:57 Done. Show quoted text On 2014/05/15 16:23:35, Bernhard Bauer wrote: > This parameter is unnecessary. Done.
	207 callback_.Run(error);

	208 callback_.Reset();

	209 }

	210

	211 } // namespace

	212

	213 // static

	214 scoped_ptr<PermissionRequestCreator> PermissionRequestCreator::Create(

	215 Profile* profile) {
	Bernhard Bauer 2014/05/16 13:52:36 I think having a convenience method that will just I think having a convenience method that will just take a profile is fine. What I wanted was just a way to inject other dependencies into the constructor (e.g. for tests). Adrian Kuegel 2014/05/16 14:57:19 Done. Show quoted text On 2014/05/16 13:52:36, Bernhard Bauer wrote: > I think having a convenience method that will just take a profile is fine. What > I wanted was just a way to inject other dependencies into the constructor (e.g. > for tests). Done.
	216 ProfileOAuth2TokenService* token_service =

	217 ProfileOAuth2TokenServiceFactory::GetForProfile(profile);

	218 SigninManagerBase* signin = SigninManagerFactory::GetForProfile(profile);

	219 ManagedUserSigninManagerWrapper signin_wrapper(profile, signin);

	220 scoped_ptr<PermissionRequestCreator> creator(

	221 new PermissionRequestCreatorImpl(token_service,

	222 signin_wrapper.GetAccountIdToUse(),

	223 profile->GetRequestContext()));

	224 return creator.Pass();

	225 }

	226

	227 PermissionRequestCreator::~PermissionRequestCreator() {}

OLD	NEW

« no previous file with comments | « chrome/browser/managed_mode/permission_request_creator.h ('k') | chrome/chrome_browser.gypi » ('j') | no next file with comments »