[Signin] Add timeout to Dice token exchange requests

chrome/browser/signin/dice_response_handler.cc

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/dice_response_handler.h"
 
+#include "base/bind.h"
+#include "base/bind_helpers.h"
+#include "base/location.h"
 #include "base/logging.h"
 #include "base/memory/singleton.h"
+#include "base/threading/thread_task_runner_handle.h"
+#include "base/time/time.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/signin/account_tracker_service_factory.h"
 #include "chrome/browser/signin/chrome_signin_client_factory.h"
 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "components/keyed_service/content/browser_context_dependency_manager.h"
 #include "components/keyed_service/content/browser_context_keyed_service_factory.h"
 #include "components/signin/core/browser/account_tracker_service.h"
 #include "components/signin/core/browser/profile_oauth2_token_service.h"
 #include "components/signin/core/browser/signin_client.h"
 #include "components/signin/core/browser/signin_header_helper.h"
 #include "components/signin/core/common/profile_management_switches.h"
 #include "google_apis/gaia/gaia_auth_fetcher.h"
 #include "google_apis/gaia/gaia_constants.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 
+const int kDiceTokenFetchTimeoutSeconds = 10;
+
 namespace {
 
 class DiceResponseHandlerFactory : public BrowserContextKeyedServiceFactory {
  public:
   // Returns an instance of the factory singleton.
   static DiceResponseHandlerFactory* GetInstance() {
     return base::Singleton<DiceResponseHandlerFactory>::get();
   }
 
   static DiceResponseHandler* GetForProfile(Profile* profile) {
@@ skipping 37 matching lines @@
 
 DiceResponseHandler::DiceTokenFetcher::DiceTokenFetcher(
     const std::string& gaia_id,
     const std::string& email,
     const std::string& authorization_code,
     SigninClient* signin_client,
     DiceResponseHandler* dice_response_handler)
     : gaia_id_(gaia_id),
       email_(email),
       authorization_code_(authorization_code),
-      dice_response_handler_(dice_response_handler) {
+      dice_response_handler_(dice_response_handler),
+      timeout_closure_(
+          base::Bind(&DiceResponseHandler::DiceTokenFetcher::OnTimeout,
+                     base::Unretained(this))) {
+  DCHECK(dice_response_handler_);
   gaia_auth_fetcher_ = signin_client->CreateGaiaAuthFetcher(
       this, GaiaConstants::kChromeSource,
       signin_client->GetURLRequestContext());
   gaia_auth_fetcher_->StartAuthCodeForOAuth2TokenExchange(authorization_code_);
-
-  // TODO(droger): The token exchange must complete quickly or be cancelled. Add
-  // a timeout logic.
+  base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
+      FROM_HERE, timeout_closure_.callback(),
+      base::TimeDelta::FromSeconds(kDiceTokenFetchTimeoutSeconds));
 }
 
 DiceResponseHandler::DiceTokenFetcher::~DiceTokenFetcher() {}
 
+void DiceResponseHandler::DiceTokenFetcher::OnTimeout() {
+  gaia_auth_fetcher_.reset();
+  timeout_closure_.Cancel();
+  dice_response_handler_->OnTokenExchangeFailure(
+      this, GoogleServiceAuthError(GoogleServiceAuthError::REQUEST_CANCELED));
+  // |this| may be deleted at this point.
+}
+
 void DiceResponseHandler::DiceTokenFetcher::OnClientOAuthSuccess(
     const GaiaAuthConsumer::ClientOAuthResult& result) {
+  gaia_auth_fetcher_.reset();
+  timeout_closure_.Cancel();
   dice_response_handler_->OnTokenExchangeSuccess(this, gaia_id_, email_,
                                                  result);
+  // |this| may be deleted at this point.
 }
 
 void DiceResponseHandler::DiceTokenFetcher::OnClientOAuthFailure(
     const GoogleServiceAuthError& error) {
+  gaia_auth_fetcher_.reset();
+  timeout_closure_.Cancel();
   dice_response_handler_->OnTokenExchangeFailure(this, error);
+  // |this| may be deleted at this point.
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 // DiceResponseHandler
 ////////////////////////////////////////////////////////////////////////////////
 
 // static
 DiceResponseHandler* DiceResponseHandler::GetForProfile(Profile* profile) {
   return DiceResponseHandlerFactory::GetForProfile(profile);
 }
@@ skipping 28 matching lines @@
       return;
     case signin::DiceAction::NONE:
       NOTREACHED() << "Invalid Dice response parameters.";
       return;
   }
 
   NOTREACHED();
   return;
 }
 
+size_t DiceResponseHandler::GetPendingDiceTokenFetchersCountForTesting() const {
+  return token_fetchers_.size();
+}
+
 void DiceResponseHandler::ProcessDiceSigninHeader(
     const std::string& gaia_id,
     const std::string& email,
     const std::string& authorization_code) {
   DCHECK(!gaia_id.empty());
   DCHECK(!email.empty());
   DCHECK(!authorization_code.empty());
 
   for (auto it = token_fetchers_.begin(); it != token_fetchers_.end(); ++it) {
     if ((it->get()->gaia_id() == gaia_id) && (it->get()->email() == email) &&
@@ skipping 28 matching lines @@
   DeleteTokenFetcher(token_fetcher);
 }
 
 void DiceResponseHandler::OnTokenExchangeFailure(
     DiceTokenFetcher* token_fetcher,
     const GoogleServiceAuthError& error) {
   // TODO(droger): Handle authentication errors.
   VLOG(1) << "Dice OAuth failed with error: " << error.ToString();
   DeleteTokenFetcher(token_fetcher);
 }