| Index: chrome/browser/managed_mode/permission_request_creator.cc
|
| diff --git a/chrome/browser/managed_mode/permission_request_creator.cc b/chrome/browser/managed_mode/permission_request_creator.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..cdd03336ad15271f436f59691a74a5162b8640d4
|
| --- /dev/null
|
| +++ b/chrome/browser/managed_mode/permission_request_creator.cc
|
| @@ -0,0 +1,239 @@
|
| +// Copyright 2014 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "chrome/browser/managed_mode/permission_request_creator.h"
|
| +
|
| +#include "base/callback.h"
|
| +#include "base/command_line.h"
|
| +#include "base/json/json_reader.h"
|
| +#include "base/json/json_writer.h"
|
| +#include "base/logging.h"
|
| +#include "base/strings/stringprintf.h"
|
| +#include "base/values.h"
|
| +#include "chrome/browser/profiles/profile.h"
|
| +#include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
|
| +#include "chrome/browser/signin/signin_manager_factory.h"
|
| +#include "chrome/browser/sync/managed_user_signin_manager_wrapper.h"
|
| +#include "chrome/common/chrome_switches.h"
|
| +#include "components/signin/core/browser/profile_oauth2_token_service.h"
|
| +#include "components/signin/core/browser/signin_manager.h"
|
| +#include "components/signin/core/browser/signin_manager_base.h"
|
| +#include "google_apis/gaia/gaia_constants.h"
|
| +#include "google_apis/gaia/google_service_auth_error.h"
|
| +#include "google_apis/gaia/oauth2_api_call_flow.h"
|
| +#include "google_apis/gaia/oauth2_token_service.h"
|
| +#include "net/base/escape.h"
|
| +#include "net/base/load_flags.h"
|
| +#include "net/base/net_errors.h"
|
| +#include "net/http/http_status_code.h"
|
| +#include "net/url_request/url_fetcher.h"
|
| +#include "net/url_request/url_request_status.h"
|
| +
|
| +using base::Time;
|
| +using net::URLFetcher;
|
| +using net::URLFetcherDelegate;
|
| +using net::URLRequestContextGetter;
|
| +
|
| +namespace {
|
| +
|
| +const int kNumRetries = 1;
|
| +const char kIdKey[] = "id";
|
| +const char kNamespace[] = "CHROME";
|
| +const char kState[] = "PENDING";
|
| +
|
| +static const char kAuthorizationHeaderFormat[] =
|
| + "Authorization: Bearer %s";
|
| +
|
| +class PermissionRequestCreatorImpl
|
| + : public PermissionRequestCreator,
|
| + public OAuth2TokenService::Consumer,
|
| + public URLFetcherDelegate {
|
| + public:
|
| + PermissionRequestCreatorImpl(
|
| + OAuth2TokenService* oauth2_token_service,
|
| + scoped_ptr<ManagedUserSigninManagerWrapper> signin_wrapper,
|
| + URLRequestContextGetter* context);
|
| + virtual ~PermissionRequestCreatorImpl();
|
| +
|
| + // PermissionRequestCreator implementation:
|
| + virtual void CreatePermissionRequest(
|
| + const std::string& url_requested,
|
| + const PermissionRequestCallback& callback) OVERRIDE;
|
| +
|
| + protected:
|
| + // OAuth2TokenService::Consumer implementation:
|
| + virtual void OnGetTokenSuccess(const OAuth2TokenService::Request* request,
|
| + const std::string& access_token,
|
| + const Time& expiration_time) OVERRIDE;
|
| + virtual void OnGetTokenFailure(const OAuth2TokenService::Request* request,
|
| + const GoogleServiceAuthError& error) OVERRIDE;
|
| +
|
| + // net::URLFetcherDelegate implementation.
|
| + virtual void OnURLFetchComplete(const URLFetcher* source) OVERRIDE;
|
| +
|
| + private:
|
| + // Requests an access token, which is the first thing we need. This is where
|
| + // we restart when the returned access token has expired.
|
| + void StartFetching();
|
| +
|
| + void DispatchNetworkError(int error_code);
|
| + void DispatchGoogleServiceAuthError(const GoogleServiceAuthError& error);
|
| + OAuth2TokenService* oauth2_token_service_;
|
| + scoped_ptr<ManagedUserSigninManagerWrapper> signin_wrapper_;
|
| + PermissionRequestCallback callback_;
|
| + URLRequestContextGetter* context_;
|
| + std::string url_requested_;
|
| + scoped_ptr<OAuth2TokenService::Request> access_token_request_;
|
| + std::string access_token_;
|
| + bool access_token_expired_;
|
| + scoped_ptr<URLFetcher> url_fetcher_;
|
| +};
|
| +
|
| +PermissionRequestCreatorImpl::PermissionRequestCreatorImpl(
|
| + OAuth2TokenService* oauth2_token_service,
|
| + scoped_ptr<ManagedUserSigninManagerWrapper> signin_wrapper,
|
| + URLRequestContextGetter* context)
|
| + : OAuth2TokenService::Consumer("permissions_creator"),
|
| + oauth2_token_service_(oauth2_token_service),
|
| + signin_wrapper_(signin_wrapper.Pass()),
|
| + context_(context),
|
| + access_token_expired_(false) {}
|
| +
|
| +PermissionRequestCreatorImpl::~PermissionRequestCreatorImpl() {}
|
| +
|
| +void PermissionRequestCreatorImpl::CreatePermissionRequest(
|
| + const std::string& url_requested,
|
| + const PermissionRequestCallback& callback) {
|
| + url_requested_ = url_requested;
|
| + callback_ = callback;
|
| + StartFetching();
|
| +}
|
| +
|
| +void PermissionRequestCreatorImpl::StartFetching() {
|
| + OAuth2TokenService::ScopeSet scopes;
|
| + scopes.insert(signin_wrapper_->GetSyncScopeToUse());
|
| + access_token_request_ = oauth2_token_service_->StartRequest(
|
| + signin_wrapper_->GetAccountIdToUse(), scopes, this);
|
| +}
|
| +
|
| +void PermissionRequestCreatorImpl::OnGetTokenSuccess(
|
| + const OAuth2TokenService::Request* request,
|
| + const std::string& access_token,
|
| + const Time& expiration_time) {
|
| + DCHECK_EQ(access_token_request_.get(), request);
|
| + access_token_ = access_token;
|
| + GURL url(CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
|
| + switches::kPermissionRequestApiUrl));
|
| + const int id = 0;
|
| +
|
| + url_fetcher_.reset(URLFetcher::Create(id, url, URLFetcher::POST, this));
|
| +
|
| + url_fetcher_->SetRequestContext(context_);
|
| + url_fetcher_->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
|
| + net::LOAD_DO_NOT_SAVE_COOKIES);
|
| + url_fetcher_->SetAutomaticallyRetryOnNetworkChanges(kNumRetries);
|
| + url_fetcher_->AddExtraRequestHeader(
|
| + base::StringPrintf(kAuthorizationHeaderFormat, access_token.c_str()));
|
| +
|
| + base::DictionaryValue dict;
|
| + dict.SetStringWithoutPathExpansion("namespace", kNamespace);
|
| + dict.SetStringWithoutPathExpansion("objectRef", url_requested_);
|
| + dict.SetStringWithoutPathExpansion("state", kState);
|
| + std::string body;
|
| + base::JSONWriter::Write(&dict, &body);
|
| + url_fetcher_->SetUploadData("application/json", body);
|
| +
|
| + url_fetcher_->Start();
|
| +}
|
| +
|
| +void PermissionRequestCreatorImpl::OnGetTokenFailure(
|
| + const OAuth2TokenService::Request* request,
|
| + const GoogleServiceAuthError& error) {
|
| + DCHECK_EQ(access_token_request_.get(), request);
|
| + callback_.Run(error);
|
| + callback_.Reset();
|
| +}
|
| +
|
| +void PermissionRequestCreatorImpl::OnURLFetchComplete(
|
| + const URLFetcher* source) {
|
| + const net::URLRequestStatus& status = source->GetStatus();
|
| + if (!status.is_success()) {
|
| + DispatchNetworkError(status.error());
|
| + return;
|
| + }
|
| +
|
| + int response_code = source->GetResponseCode();
|
| + if (response_code == net::HTTP_UNAUTHORIZED && !access_token_expired_) {
|
| + access_token_expired_ = true;
|
| + OAuth2TokenService::ScopeSet scopes;
|
| + scopes.insert(GaiaConstants::kChromeSyncManagedOAuth2Scope);
|
| + oauth2_token_service_->InvalidateToken(
|
| + signin_wrapper_->GetAccountIdToUse(), scopes, access_token_);
|
| + StartFetching();
|
| + return;
|
| + }
|
| +
|
| + if (response_code != net::HTTP_OK) {
|
| + DLOG(WARNING) << "HTTP error " << response_code;
|
| + DispatchGoogleServiceAuthError(
|
| + GoogleServiceAuthError(GoogleServiceAuthError::CONNECTION_FAILED));
|
| + return;
|
| + }
|
| +
|
| + std::string response_body;
|
| + source->GetResponseAsString(&response_body);
|
| + scoped_ptr<base::Value> value(base::JSONReader::Read(response_body));
|
| + base::DictionaryValue* dict = NULL;
|
| + if (!value || !value->GetAsDictionary(&dict)) {
|
| + DispatchNetworkError(net::ERR_INVALID_RESPONSE);
|
| + return;
|
| + }
|
| + std::string id;
|
| + if (!dict->GetString(kIdKey, &id)) {
|
| + DispatchNetworkError(net::ERR_INVALID_RESPONSE);
|
| + return;
|
| + }
|
| + callback_.Run(GoogleServiceAuthError(GoogleServiceAuthError::NONE));
|
| + callback_.Reset();
|
| +}
|
| +
|
| +void PermissionRequestCreatorImpl::DispatchNetworkError(int error_code) {
|
| + DispatchGoogleServiceAuthError(
|
| + GoogleServiceAuthError::FromConnectionError(error_code));
|
| +}
|
| +
|
| +void PermissionRequestCreatorImpl::DispatchGoogleServiceAuthError(
|
| + const GoogleServiceAuthError& error) {
|
| + callback_.Run(error);
|
| + callback_.Reset();
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| +// static
|
| +scoped_ptr<PermissionRequestCreator> PermissionRequestCreator::Create(
|
| + OAuth2TokenService* oauth2_token_service,
|
| + scoped_ptr<ManagedUserSigninManagerWrapper> signin_wrapper,
|
| + net::URLRequestContextGetter* context) {
|
| + scoped_ptr<PermissionRequestCreator> creator(
|
| + new PermissionRequestCreatorImpl(oauth2_token_service,
|
| + signin_wrapper.Pass(),
|
| + context));
|
| + return creator.Pass();
|
| +}
|
| +
|
| +// static
|
| +scoped_ptr<PermissionRequestCreator>
|
| +PermissionRequestCreator::CreateWithProfile(Profile* profile) {
|
| + ProfileOAuth2TokenService* token_service =
|
| + ProfileOAuth2TokenServiceFactory::GetForProfile(profile);
|
| + SigninManagerBase* signin = SigninManagerFactory::GetForProfile(profile);
|
| + scoped_ptr<ManagedUserSigninManagerWrapper> signin_wrapper(
|
| + new ManagedUserSigninManagerWrapper(profile, signin));
|
| + scoped_ptr<PermissionRequestCreator> creator(
|
| + new PermissionRequestCreatorImpl(token_service,
|
| + signin_wrapper.Pass(),
|
| + profile->GetRequestContext()));
|
| + return creator.Pass();
|
| +}
|
|
|
Chromium Code Reviews
Issue 288913003:
Add permission request creator class. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src