| OLD | NEW |
|---|
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <string> | 5 #include <string> |
| 6 | 6 |
| 7 #include "base/bind.h" |
| 7 #include "chrome/browser/profiles/profile.h" | 8 #include "chrome/browser/profiles/profile.h" |
| 8 #include "chrome/browser/signin/force_signin_verifier.h" | 9 #include "chrome/browser/signin/force_signin_verifier.h" |
| 9 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h" | 10 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h" |
| 10 #include "chrome/browser/signin/signin_manager_factory.h" | 11 #include "chrome/browser/signin/signin_manager_factory.h" |
| 12 #include "chrome/browser/ui/views/profiles/forced_reauthentication_dialog.h" |
| 11 #include "components/signin/core/browser/signin_manager.h" | 13 #include "components/signin/core/browser/signin_manager.h" |
| 12 #include "google_apis/gaia/gaia_constants.h" | 14 #include "google_apis/gaia/gaia_constants.h" |
| 15 #include "ui/views/widget/widget.h" |
| 16 #include "ui/views/widget/widget_deletion_observer.h" |
| 13 | 17 |
| 14 namespace { | 18 namespace { |
| 15 const net::BackoffEntry::Policy kBackoffPolicy = { | 19 const net::BackoffEntry::Policy kBackoffPolicy = { |
| 16 0, // Number of initial errors to ignore before applying | 20 0, // Number of initial errors to ignore before applying |
| 17 // exponential back-off rules. | 21 // exponential back-off rules. |
| 18 2000, // Initial delay in ms. | 22 2000, // Initial delay in ms. |
| 19 2, // Factor by which the waiting time will be multiplied. | 23 2, // Factor by which the waiting time will be multiplied. |
| 20 0.2, // Fuzzing percentage. | 24 0.2, // Fuzzing percentage. |
| 21 4 * 60 * 1000, // Maximum amount of time to delay th request in ms. | 25 4 * 60 * 1000, // Maximum amount of time to delay th request in ms. |
| 22 -1, // Never discard the entry. | 26 -1, // Never discard the entry. |
| 23 false // Do not always use initial delay. | 27 false // Do not always use initial delay. |
| 24 }; | 28 }; |
| 25 | 29 |
| 30 // The duration of window closing countdown when verification failed. Use the |
| 31 // short countdown if the verfication is finished in |
| 32 // |kShortCountdownVerificationTimeLimitInSeconds|, otherwise use the normal |
| 33 // countdown. |
| 34 const int kShortCountdownVerificationTimeLimitInSeconds = 3; |
| 35 const int kWindowClosingNormalCountdownDurationInSecond = 300; |
| 36 const int kWindowClosingShortCountdownDurationInSecond = 30; |
| 37 |
| 26 } // namespace | 38 } // namespace |
| 27 | 39 |
| 28 ForceSigninVerifier::ForceSigninVerifier(Profile* profile) | 40 ForceSigninVerifier::ForceSigninVerifier(Profile* profile) |
| 29 : OAuth2TokenService::Consumer("force_signin_verifier"), | 41 : OAuth2TokenService::Consumer("force_signin_verifier"), |
| 42 #if !defined(OS_MACOSX) |
| 43 profile_(profile), |
| 44 #endif |
| 30 has_token_verified_(false), | 45 has_token_verified_(false), |
| 31 backoff_entry_(&kBackoffPolicy), | 46 backoff_entry_(&kBackoffPolicy), |
| 32 oauth2_token_service_( | 47 oauth2_token_service_( |
| 33 ProfileOAuth2TokenServiceFactory::GetForProfile(profile)), | 48 ProfileOAuth2TokenServiceFactory::GetForProfile(profile)), |
| 34 signin_manager_(SigninManagerFactory::GetForProfile(profile)), | 49 signin_manager_(SigninManagerFactory::GetForProfile(profile)), |
| 35 token_request_time_(base::Time::Now()) { | 50 token_request_time_(base::Time::Now()), |
| 51 reauth_dialog_(nullptr) { |
| 36 net::NetworkChangeNotifier::AddNetworkChangeObserver(this); | 52 net::NetworkChangeNotifier::AddNetworkChangeObserver(this); |
| 37 SendRequest(); | 53 SendRequest(); |
| 38 } | 54 } |
| 39 | 55 |
| 40 ForceSigninVerifier::~ForceSigninVerifier() { | 56 ForceSigninVerifier::~ForceSigninVerifier() { |
| 41 Cancel(); | 57 Cancel(); |
| 58 if (dialog_observer_.get() && dialog_observer_->IsWidgetAlive()) |
| 59 reauth_dialog_->Close(); |
| 42 } | 60 } |
| 43 | 61 |
| 44 void ForceSigninVerifier::OnGetTokenSuccess( | 62 void ForceSigninVerifier::OnGetTokenSuccess( |
| 45 const OAuth2TokenService::Request* request, | 63 const OAuth2TokenService::Request* request, |
| 46 const std::string& access_token, | 64 const std::string& access_token, |
| 47 const base::Time& expiration_time) { | 65 const base::Time& expiration_time) { |
| 48 has_token_verified_ = true; | 66 has_token_verified_ = true; |
| 49 net::NetworkChangeNotifier::RemoveNetworkChangeObserver(this); | 67 net::NetworkChangeNotifier::RemoveNetworkChangeObserver(this); |
| 50 Cancel(); | 68 Cancel(); |
| 51 } | 69 } |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 83 backoff_entry_.Reset(); | 101 backoff_entry_.Reset(); |
| 84 backoff_request_timer_.Stop(); | 102 backoff_request_timer_.Stop(); |
| 85 access_token_request_.reset(); | 103 access_token_request_.reset(); |
| 86 net::NetworkChangeNotifier::RemoveNetworkChangeObserver(this); | 104 net::NetworkChangeNotifier::RemoveNetworkChangeObserver(this); |
| 87 } | 105 } |
| 88 | 106 |
| 89 bool ForceSigninVerifier::HasTokenBeenVerified() { | 107 bool ForceSigninVerifier::HasTokenBeenVerified() { |
| 90 return has_token_verified_; | 108 return has_token_verified_; |
| 91 } | 109 } |
| 92 | 110 |
| 111 void ForceSigninVerifier::AbortSignoutCountdownIfExisted() { |
| 112 window_close_timer_.Stop(); |
| 113 } |
| 114 |
| 93 void ForceSigninVerifier::SendRequest() { | 115 void ForceSigninVerifier::SendRequest() { |
| 94 if (!ShouldSendRequest()) | 116 if (!ShouldSendRequest()) |
| 95 return; | 117 return; |
| 96 | 118 |
| 97 std::string account_id = signin_manager_->GetAuthenticatedAccountId(); | 119 std::string account_id = signin_manager_->GetAuthenticatedAccountId(); |
| 98 OAuth2TokenService::ScopeSet oauth2_scopes; | 120 OAuth2TokenService::ScopeSet oauth2_scopes; |
| 99 oauth2_scopes.insert(GaiaConstants::kChromeSyncOAuth2Scope); | 121 oauth2_scopes.insert(GaiaConstants::kChromeSyncOAuth2Scope); |
| 100 access_token_request_ = | 122 access_token_request_ = |
| 101 oauth2_token_service_->StartRequest(account_id, oauth2_scopes, this); | 123 oauth2_token_service_->StartRequest(account_id, oauth2_scopes, this); |
| 102 } | 124 } |
| 103 | 125 |
| 104 bool ForceSigninVerifier::ShouldSendRequest() { | 126 bool ForceSigninVerifier::ShouldSendRequest() { |
| 105 return !has_token_verified_ && access_token_request_.get() == nullptr && | 127 return !has_token_verified_ && access_token_request_.get() == nullptr && |
| 106 !net::NetworkChangeNotifier::IsOffline() && | 128 !net::NetworkChangeNotifier::IsOffline() && |
| 107 signin_manager_->IsAuthenticated(); | 129 signin_manager_->IsAuthenticated(); |
| 108 } | 130 } |
| 109 | 131 |
| 132 base::TimeDelta ForceSigninVerifier::StartCountdown() { |
| 133 base::TimeDelta countdown_duration; |
| 134 if (base::Time::Now() - token_request_time_ > |
| 135 base::TimeDelta::FromSeconds( |
| 136 kShortCountdownVerificationTimeLimitInSeconds)) { |
| 137 countdown_duration = base::TimeDelta::FromSeconds( |
| 138 kWindowClosingNormalCountdownDurationInSecond); |
| 139 } else { |
| 140 countdown_duration = base::TimeDelta::FromSeconds( |
| 141 kWindowClosingShortCountdownDurationInSecond); |
| 142 } |
| 143 |
| 144 window_close_timer_.Start(FROM_HERE, countdown_duration, this, |
| 145 &ForceSigninVerifier::CloseAllBrowserWindows); |
| 146 return countdown_duration; |
| 147 } |
| 148 |
| 110 void ForceSigninVerifier::ShowDialog() { | 149 void ForceSigninVerifier::ShowDialog() { |
| 111 // TODO(zmin): Show app modal dialog. | 150 #if !defined(OS_MACOSX) |
| 151 base::TimeDelta countdown_duration = StartCountdown(); |
| 152 reauth_dialog_ = ForcedReauthenticationDialog::ShowDialog( |
| 153 profile_, signin_manager_, countdown_duration) |
| 154 ->GetWidget(); |
| 155 dialog_observer_ = |
| 156 base::MakeUnique<views::WidgetDeletionObserver>(reauth_dialog_); |
| 157 #endif |
| 158 } |
| 159 |
| 160 void ForceSigninVerifier::CloseAllBrowserWindows() { |
| 161 // Do not close window if there is ongoing reauth. If it fails later, the |
| 162 // signin process should take care of the signout. |
| 163 if (signin_manager_->AuthInProgress()) |
| 164 return; |
| 165 dialog_observer_.reset(); |
| 166 signin_manager_->SignOut( |
| 167 signin_metrics::AUTHENTICATION_FAILED_WITH_FORCE_SIGNIN, |
| 168 signin_metrics::SignoutDelete::IGNORE_METRIC); |
| 112 } | 169 } |
| 113 | 170 |
| 114 OAuth2TokenService::Request* ForceSigninVerifier::GetRequestForTesting() { | 171 OAuth2TokenService::Request* ForceSigninVerifier::GetRequestForTesting() { |
| 115 return access_token_request_.get(); | 172 return access_token_request_.get(); |
| 116 } | 173 } |
| 117 | 174 |
| 118 net::BackoffEntry* ForceSigninVerifier::GetBackoffEntryForTesting() { | 175 net::BackoffEntry* ForceSigninVerifier::GetBackoffEntryForTesting() { |
| 119 return &backoff_entry_; | 176 return &backoff_entry_; |
| 120 } | 177 } |
| 121 | 178 |
| 122 base::OneShotTimer* ForceSigninVerifier::GetOneShotTimerForTesting() { | 179 base::OneShotTimer* ForceSigninVerifier::GetOneShotTimerForTesting() { |
| 123 return &backoff_request_timer_; | 180 return &backoff_request_timer_; |
| 124 } | 181 } |
| 182 |
| 183 base::OneShotTimer* ForceSigninVerifier::GetWindowCloseTimerForTesting() { |
| 184 return &window_close_timer_; |
| 185 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2944713003:
After signin token check failed, show force reauth dialog and start window closing countdown. (Closed)
