chrome/browser/signin/force_signin_verifier.cc - Issue 2944713003: After signin token check failed, show force reauth dialog and start window closing countdown.

Side by Side Diff: chrome/browser/signin/force_signin_verifier.cc

Issue 2944713003: After signin token check failed, show force reauth dialog and start window closing countdown. (Closed)

Patch Set: fixup Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« chrome/browser/signin/force_signin_verifier.h ('K') | « chrome/browser/signin/force_signin_verifier.h ('k') | chrome/browser/signin/force_signin_verifier_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2017 The Chromium Authors. All rights reserved.	1 // Copyright 2017 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <string>	5 #include <string>

6	6

	7 #include "base/bind.h"

7 #include "chrome/browser/profiles/profile.h"	8 #include "chrome/browser/profiles/profile.h"

8 #include "chrome/browser/signin/force_signin_verifier.h"	9 #include "chrome/browser/signin/force_signin_verifier.h"

9 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"	10 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"

10 #include "chrome/browser/signin/signin_manager_factory.h"	11 #include "chrome/browser/signin/signin_manager_factory.h"

	12 #include "chrome/browser/ui/views/profiles/forced_reauthentication_dialog.h"

11 #include "components/signin/core/browser/signin_manager.h"	13 #include "components/signin/core/browser/signin_manager.h"

12 #include "google_apis/gaia/gaia_constants.h"	14 #include "google_apis/gaia/gaia_constants.h"

	15 #include "ui/views/widget/widget.h"

	16 #include "ui/views/widget/widget_deletion_observer.h"

13	17

14 namespace {	18 namespace {

15 const net::BackoffEntry::Policy kBackoffPolicy = {	19 const net::BackoffEntry::Policy kBackoffPolicy = {

16 0, // Number of initial errors to ignore before applying	20 0, // Number of initial errors to ignore before applying

17 // exponential back-off rules.	21 // exponential back-off rules.

18 2000, // Initial delay in ms.	22 2000, // Initial delay in ms.

19 2, // Factor by which the waiting time will be multiplied.	23 2, // Factor by which the waiting time will be multiplied.

20 0.2, // Fuzzing percentage.	24 0.2, // Fuzzing percentage.

21 4 * 60 * 1000, // Maximum amount of time to delay th request in ms.	25 4 * 60 * 1000, // Maximum amount of time to delay th request in ms.

22 -1, // Never discard the entry.	26 -1, // Never discard the entry.

23 false // Do not always use initial delay.	27 false // Do not always use initial delay.

24 };	28 };

25	29

	30 const int kNoDelaySignoutInSecond = 3; // If verification is finished within 3

	31 // seconds, user can't cancel signout

	32 // confirm dialog.

	33 const int kWindowClosingNormalDelayInSecond = 390; //

	34 const int kWindowClosingShortDelayInSecond = 30; // I
	Roger Tawa OOO till Jul 10th 2017/06/20 14:17:51 I think the comments here are incomplete. Better I think the comments here are incomplete. Better to put the comment above each constant instead of the right,especially when they are long. zmin 2017/06/20 17:40:32 Done. Show quoted text On 2017/06/20 14:17:51, Roger Tawa wrote: > I think the comments here are incomplete. Better to put the comment above each > constant instead of the right,especially when they are long. Done.
	35

26 } // namespace	36 } // namespace

27	37

28 ForceSigninVerifier::ForceSigninVerifier(Profile* profile)	38 ForceSigninVerifier::ForceSigninVerifier(Profile* profile)

29 : OAuth2TokenService::Consumer("force_signin_verifier"),	39 : OAuth2TokenService::Consumer("force_signin_verifier"),

	40 #if !defined(OS_MACOSX)

	41 profile_(profile),

	42 #endif

30 has_token_verified_(false),	43 has_token_verified_(false),

31 backoff_entry_(&kBackoffPolicy),	44 backoff_entry_(&kBackoffPolicy),

32 oauth2_token_service_(	45 oauth2_token_service_(

33 ProfileOAuth2TokenServiceFactory::GetForProfile(profile)),	46 ProfileOAuth2TokenServiceFactory::GetForProfile(profile)),

34 signin_manager_(SigninManagerFactory::GetForProfile(profile)),	47 signin_manager_(SigninManagerFactory::GetForProfile(profile)),

35 token_request_time_(base::Time::Now()) {	48 token_request_time_(base::Time::Now()),

	49 reauth_dialog_(nullptr) {

36 net::NetworkChangeNotifier::AddNetworkChangeObserver(this);	50 net::NetworkChangeNotifier::AddNetworkChangeObserver(this);

37 SendRequest();	51 SendRequest();

38 }	52 }

39	53

40 ForceSigninVerifier::~ForceSigninVerifier() {	54 ForceSigninVerifier::~ForceSigninVerifier() {

41 Cancel();	55 Cancel();

	56 if (dialog_observer_.get() && dialog_observer_->IsWidgetAlive())

	57 reauth_dialog_->Close();

42 }	58 }

43	59

44 void ForceSigninVerifier::OnGetTokenSuccess(	60 void ForceSigninVerifier::OnGetTokenSuccess(

45 const OAuth2TokenService::Request* request,	61 const OAuth2TokenService::Request* request,

46 const std::string& access_token,	62 const std::string& access_token,

47 const base::Time& expiration_time) {	63 const base::Time& expiration_time) {

48 has_token_verified_ = true;	64 has_token_verified_ = true;

49 net::NetworkChangeNotifier::RemoveNetworkChangeObserver(this);	65 net::NetworkChangeNotifier::RemoveNetworkChangeObserver(this);

50 Cancel();	66 Cancel();

51 }	67 }

(...skipping 48 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
100 access_token_request_ =	116 access_token_request_ =

101 oauth2_token_service_->StartRequest(account_id, oauth2_scopes, this);	117 oauth2_token_service_->StartRequest(account_id, oauth2_scopes, this);

102 }	118 }

103	119

104 bool ForceSigninVerifier::ShouldSendRequest() {	120 bool ForceSigninVerifier::ShouldSendRequest() {

105 return !has_token_verified_ && access_token_request_.get() == nullptr &&	121 return !has_token_verified_ && access_token_request_.get() == nullptr &&

106 !net::NetworkChangeNotifier::IsOffline() &&	122 !net::NetworkChangeNotifier::IsOffline() &&

107 signin_manager_->IsAuthenticated();	123 signin_manager_->IsAuthenticated();

108 }	124 }

109	125

	126 base::TimeDelta ForceSigninVerifier::StartCountdown() {

	127 base::TimeDelta countdown_duration;

	128 if (base::Time::Now() - token_request_time_ >

	129 base::TimeDelta::FromSeconds(kNoDelaySignoutInSecond)) {
	Roger Tawa OOO till Jul 10th 2017/06/20 14:17:51 Can you add a comment explaining the if condition? Can you add a comment explaining the if condition? Also, where does 3 seconds come from? Is this possibly racy? zmin 2017/06/20 17:40:32 I have updated the comments above and rename the v Show quoted text On 2017/06/20 14:17:51, Roger Tawa wrote: > Can you add a comment explaining the if condition? Also, where does 3 seconds > come from? Is this possibly racy? I have updated the comments above and rename the variables to make the logic here more clear. Based on the metrics, 99% of gaia ping can be finished in 3 seconds. User will get a short countdown if ping returns in 3 seconds. Once the reauth done, the ForceSigninVerifier will be recreated and the countdown will be stopped automatically. However, there're still some other potential race conditions. So I added some code to cover them: 1) If signout has been called somewhere else and window has been closed, stop the countdown to avoid double sign out. 2) If AuthInProcess is true, do not close window to interrupt the signin. If it fails later, then the signin process should take care of the signout after that. Note that, if user is still typing on the reauth gaia dialog, window will be closed. However, if user press 'Signin again' button when countdown is less than 60 seconds, windows will be closed before reauth dialog displayed.
	130 countdown_duration =

	131 base::TimeDelta::FromSeconds(kWindowClosingNormalDelayInSecond);

	132 } else {

	133 countdown_duration =

	134 base::TimeDelta::FromSeconds(kWindowClosingShortDelayInSecond);

	135 }

	136

	137 window_close_timer_.Start(FROM_HERE, countdown_duration, this,

	138 &ForceSigninVerifier::CloseWindows);

	139 return countdown_duration;

	140 }

	141

110 void ForceSigninVerifier::ShowDialog() {	142 void ForceSigninVerifier::ShowDialog() {

111 // TODO(zmin): Show app modal dialog.	143 #if !defined(OS_MACOSX)

	144 base::TimeDelta countdown_duration = StartCountdown();

	145 reauth_dialog_ = ForcedReauthenticationDialog::ShowDialog(

	146 profile_, signin_manager_, countdown_duration)

	147 ->GetWidget();

	148 dialog_observer_ =

	149 base::MakeUnique<views::WidgetDeletionObserver>(reauth_dialog_);

	150 #endif

	151 }

	152

	153 void ForceSigninVerifier::CloseWindows() {

	154 dialog_observer_.reset();

	155 signin_manager_->SignOut(

	156 signin_metrics::AUTHENTICATION_FAILED_WITH_FORCE_SIGNIN,

	157 signin_metrics::SignoutDelete::IGNORE_METRIC);

112 }	158 }

113	159

114 OAuth2TokenService::Request* ForceSigninVerifier::GetRequestForTesting() {	160 OAuth2TokenService::Request* ForceSigninVerifier::GetRequestForTesting() {

115 return access_token_request_.get();	161 return access_token_request_.get();

116 }	162 }

117	163

118 net::BackoffEntry* ForceSigninVerifier::GetBackoffEntryForTesting() {	164 net::BackoffEntry* ForceSigninVerifier::GetBackoffEntryForTesting() {

119 return &backoff_entry_;	165 return &backoff_entry_;

120 }	166 }

121	167

122 base::OneShotTimer* ForceSigninVerifier::GetOneShotTimerForTesting() {	168 base::OneShotTimer* ForceSigninVerifier::GetOneShotTimerForTesting() {

123 return &backoff_request_timer_;	169 return &backoff_request_timer_;

124 }	170 }

	171

	172 base::OneShotTimer* ForceSigninVerifier::GetWindowCloseTimerForTesting() {

	173 return &window_close_timer_;

	174 }

OLD	NEW