| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/managed_mode/managed_user_refresh_token_fetcher.h" | |
| 6 | |
| 7 #include "base/callback.h" | |
| 8 #include "base/json/json_reader.h" | |
| 9 #include "base/logging.h" | |
| 10 #include "base/strings/stringprintf.h" | |
| 11 #include "base/values.h" | |
| 12 #include "google_apis/gaia/gaia_constants.h" | |
| 13 #include "google_apis/gaia/gaia_oauth_client.h" | |
| 14 #include "google_apis/gaia/gaia_urls.h" | |
| 15 #include "google_apis/gaia/google_service_auth_error.h" | |
| 16 #include "google_apis/gaia/oauth2_api_call_flow.h" | |
| 17 #include "google_apis/gaia/oauth2_token_service.h" | |
| 18 #include "net/base/escape.h" | |
| 19 #include "net/base/load_flags.h" | |
| 20 #include "net/base/net_errors.h" | |
| 21 #include "net/http/http_status_code.h" | |
| 22 #include "net/url_request/url_fetcher.h" | |
| 23 #include "net/url_request/url_request_status.h" | |
| 24 | |
| 25 using GaiaConstants::kChromeSyncSupervisedOAuth2Scope; | |
| 26 using base::Time; | |
| 27 using gaia::GaiaOAuthClient; | |
| 28 using net::URLFetcher; | |
| 29 using net::URLFetcherDelegate; | |
| 30 using net::URLRequestContextGetter; | |
| 31 | |
| 32 namespace { | |
| 33 | |
| 34 const int kNumRetries = 1; | |
| 35 | |
| 36 static const char kIssueTokenBodyFormat[] = | |
| 37 "client_id=%s" | |
| 38 "&scope=%s" | |
| 39 "&response_type=code" | |
| 40 "&profile_id=%s" | |
| 41 "&device_name=%s"; | |
| 42 | |
| 43 static const char kAuthorizationHeaderFormat[] = | |
| 44 "Authorization: Bearer %s"; | |
| 45 | |
| 46 static const char kCodeKey[] = "code"; | |
| 47 | |
| 48 class ManagedUserRefreshTokenFetcherImpl | |
| 49 : public ManagedUserRefreshTokenFetcher, | |
| 50 public OAuth2TokenService::Consumer, | |
| 51 public URLFetcherDelegate, | |
| 52 public GaiaOAuthClient::Delegate { | |
| 53 public: | |
| 54 ManagedUserRefreshTokenFetcherImpl(OAuth2TokenService* oauth2_token_service, | |
| 55 const std::string& account_id, | |
| 56 URLRequestContextGetter* context); | |
| 57 virtual ~ManagedUserRefreshTokenFetcherImpl(); | |
| 58 | |
| 59 // ManagedUserRefreshTokenFetcher implementation: | |
| 60 virtual void Start(const std::string& managed_user_id, | |
| 61 const std::string& device_name, | |
| 62 const TokenCallback& callback) OVERRIDE; | |
| 63 | |
| 64 protected: | |
| 65 // OAuth2TokenService::Consumer implementation: | |
| 66 virtual void OnGetTokenSuccess(const OAuth2TokenService::Request* request, | |
| 67 const std::string& access_token, | |
| 68 const Time& expiration_time) OVERRIDE; | |
| 69 virtual void OnGetTokenFailure(const OAuth2TokenService::Request* request, | |
| 70 const GoogleServiceAuthError& error) OVERRIDE; | |
| 71 | |
| 72 // net::URLFetcherDelegate implementation. | |
| 73 virtual void OnURLFetchComplete(const URLFetcher* source) OVERRIDE; | |
| 74 | |
| 75 // GaiaOAuthClient::Delegate implementation: | |
| 76 virtual void OnGetTokensResponse(const std::string& refresh_token, | |
| 77 const std::string& access_token, | |
| 78 int expires_in_seconds) OVERRIDE; | |
| 79 virtual void OnRefreshTokenResponse(const std::string& access_token, | |
| 80 int expires_in_seconds) OVERRIDE; | |
| 81 virtual void OnOAuthError() OVERRIDE; | |
| 82 virtual void OnNetworkError(int response_code) OVERRIDE; | |
| 83 | |
| 84 private: | |
| 85 // Requests an access token, which is the first thing we need. This is where | |
| 86 // we restart when the returned access token has expired. | |
| 87 void StartFetching(); | |
| 88 | |
| 89 void DispatchNetworkError(int error_code); | |
| 90 void DispatchGoogleServiceAuthError(const GoogleServiceAuthError& error, | |
| 91 const std::string& token); | |
| 92 OAuth2TokenService* oauth2_token_service_; | |
| 93 std::string account_id_; | |
| 94 URLRequestContextGetter* context_; | |
| 95 | |
| 96 std::string device_name_; | |
| 97 std::string managed_user_id_; | |
| 98 TokenCallback callback_; | |
| 99 | |
| 100 scoped_ptr<OAuth2TokenService::Request> access_token_request_; | |
| 101 std::string access_token_; | |
| 102 bool access_token_expired_; | |
| 103 scoped_ptr<URLFetcher> url_fetcher_; | |
| 104 scoped_ptr<GaiaOAuthClient> gaia_oauth_client_; | |
| 105 }; | |
| 106 | |
| 107 ManagedUserRefreshTokenFetcherImpl::ManagedUserRefreshTokenFetcherImpl( | |
| 108 OAuth2TokenService* oauth2_token_service, | |
| 109 const std::string& account_id, | |
| 110 URLRequestContextGetter* context) | |
| 111 : OAuth2TokenService::Consumer("managed_user"), | |
| 112 oauth2_token_service_(oauth2_token_service), | |
| 113 account_id_(account_id), | |
| 114 context_(context), | |
| 115 access_token_expired_(false) {} | |
| 116 | |
| 117 ManagedUserRefreshTokenFetcherImpl::~ManagedUserRefreshTokenFetcherImpl() {} | |
| 118 | |
| 119 void ManagedUserRefreshTokenFetcherImpl::Start( | |
| 120 const std::string& managed_user_id, | |
| 121 const std::string& device_name, | |
| 122 const TokenCallback& callback) { | |
| 123 DCHECK(callback_.is_null()); | |
| 124 managed_user_id_ = managed_user_id; | |
| 125 device_name_ = device_name; | |
| 126 callback_ = callback; | |
| 127 StartFetching(); | |
| 128 } | |
| 129 | |
| 130 void ManagedUserRefreshTokenFetcherImpl::StartFetching() { | |
| 131 OAuth2TokenService::ScopeSet scopes; | |
| 132 scopes.insert(GaiaConstants::kOAuth1LoginScope); | |
| 133 access_token_request_ = oauth2_token_service_->StartRequest( | |
| 134 account_id_, scopes, this); | |
| 135 } | |
| 136 | |
| 137 void ManagedUserRefreshTokenFetcherImpl::OnGetTokenSuccess( | |
| 138 const OAuth2TokenService::Request* request, | |
| 139 const std::string& access_token, | |
| 140 const Time& expiration_time) { | |
| 141 DCHECK_EQ(access_token_request_.get(), request); | |
| 142 access_token_ = access_token; | |
| 143 | |
| 144 GURL url(GaiaUrls::GetInstance()->oauth2_issue_token_url()); | |
| 145 // GaiaOAuthClient uses id 0, so we use 1 to distinguish the requests in | |
| 146 // unit tests. | |
| 147 const int id = 1; | |
| 148 | |
| 149 url_fetcher_.reset(URLFetcher::Create(id, url, URLFetcher::POST, this)); | |
| 150 | |
| 151 url_fetcher_->SetRequestContext(context_); | |
| 152 url_fetcher_->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | | |
| 153 net::LOAD_DO_NOT_SAVE_COOKIES); | |
| 154 url_fetcher_->SetAutomaticallyRetryOnNetworkChanges(kNumRetries); | |
| 155 url_fetcher_->AddExtraRequestHeader( | |
| 156 base::StringPrintf(kAuthorizationHeaderFormat, access_token.c_str())); | |
| 157 | |
| 158 std::string body = base::StringPrintf( | |
| 159 kIssueTokenBodyFormat, | |
| 160 net::EscapeUrlEncodedData( | |
| 161 GaiaUrls::GetInstance()->oauth2_chrome_client_id(), true).c_str(), | |
| 162 net::EscapeUrlEncodedData(kChromeSyncSupervisedOAuth2Scope, true).c_str(), | |
| 163 net::EscapeUrlEncodedData(managed_user_id_, true).c_str(), | |
| 164 net::EscapeUrlEncodedData(device_name_, true).c_str()); | |
| 165 url_fetcher_->SetUploadData("application/x-www-form-urlencoded", body); | |
| 166 | |
| 167 url_fetcher_->Start(); | |
| 168 } | |
| 169 | |
| 170 void ManagedUserRefreshTokenFetcherImpl::OnGetTokenFailure( | |
| 171 const OAuth2TokenService::Request* request, | |
| 172 const GoogleServiceAuthError& error) { | |
| 173 DCHECK_EQ(access_token_request_.get(), request); | |
| 174 callback_.Run(error, std::string()); | |
| 175 callback_.Reset(); | |
| 176 } | |
| 177 | |
| 178 void ManagedUserRefreshTokenFetcherImpl::OnURLFetchComplete( | |
| 179 const URLFetcher* source) { | |
| 180 const net::URLRequestStatus& status = source->GetStatus(); | |
| 181 if (!status.is_success()) { | |
| 182 DispatchNetworkError(status.error()); | |
| 183 return; | |
| 184 } | |
| 185 | |
| 186 int response_code = source->GetResponseCode(); | |
| 187 if (response_code == net::HTTP_UNAUTHORIZED && !access_token_expired_) { | |
| 188 access_token_expired_ = true; | |
| 189 oauth2_token_service_->InvalidateToken(account_id_, | |
| 190 OAuth2TokenService::ScopeSet(), | |
| 191 access_token_); | |
| 192 StartFetching(); | |
| 193 return; | |
| 194 } | |
| 195 | |
| 196 if (response_code != net::HTTP_OK) { | |
| 197 // TODO(bauerb): We should return the HTTP response code somehow. | |
| 198 DLOG(WARNING) << "HTTP error " << response_code; | |
| 199 DispatchGoogleServiceAuthError( | |
| 200 GoogleServiceAuthError(GoogleServiceAuthError::CONNECTION_FAILED), | |
| 201 std::string()); | |
| 202 return; | |
| 203 } | |
| 204 | |
| 205 std::string response_body; | |
| 206 source->GetResponseAsString(&response_body); | |
| 207 scoped_ptr<base::Value> value(base::JSONReader::Read(response_body)); | |
| 208 base::DictionaryValue* dict = NULL; | |
| 209 if (!value.get() || !value->GetAsDictionary(&dict)) { | |
| 210 DispatchNetworkError(net::ERR_INVALID_RESPONSE); | |
| 211 return; | |
| 212 } | |
| 213 std::string auth_code; | |
| 214 if (!dict->GetString(kCodeKey, &auth_code)) { | |
| 215 DispatchNetworkError(net::ERR_INVALID_RESPONSE); | |
| 216 return; | |
| 217 } | |
| 218 | |
| 219 gaia::OAuthClientInfo client_info; | |
| 220 GaiaUrls* urls = GaiaUrls::GetInstance(); | |
| 221 client_info.client_id = urls->oauth2_chrome_client_id(); | |
| 222 client_info.client_secret = urls->oauth2_chrome_client_secret(); | |
| 223 gaia_oauth_client_.reset(new gaia::GaiaOAuthClient(context_)); | |
| 224 gaia_oauth_client_->GetTokensFromAuthCode(client_info, auth_code, kNumRetries, | |
| 225 this); | |
| 226 } | |
| 227 | |
| 228 void ManagedUserRefreshTokenFetcherImpl::OnGetTokensResponse( | |
| 229 const std::string& refresh_token, | |
| 230 const std::string& access_token, | |
| 231 int expires_in_seconds) { | |
| 232 // TODO(bauerb): It would be nice if we could pass the access token as well, | |
| 233 // so we don't need to fetch another one immediately. | |
| 234 DispatchGoogleServiceAuthError(GoogleServiceAuthError::AuthErrorNone(), | |
| 235 refresh_token); | |
| 236 } | |
| 237 | |
| 238 void ManagedUserRefreshTokenFetcherImpl::OnRefreshTokenResponse( | |
| 239 const std::string& access_token, | |
| 240 int expires_in_seconds) { | |
| 241 NOTREACHED(); | |
| 242 } | |
| 243 | |
| 244 void ManagedUserRefreshTokenFetcherImpl::OnOAuthError() { | |
| 245 DispatchGoogleServiceAuthError( | |
| 246 GoogleServiceAuthError(GoogleServiceAuthError::CONNECTION_FAILED), | |
| 247 std::string()); | |
| 248 } | |
| 249 | |
| 250 void ManagedUserRefreshTokenFetcherImpl::OnNetworkError(int response_code) { | |
| 251 // TODO(bauerb): We should return the HTTP response code somehow. | |
| 252 DLOG(WARNING) << "HTTP error " << response_code; | |
| 253 DispatchGoogleServiceAuthError( | |
| 254 GoogleServiceAuthError(GoogleServiceAuthError::CONNECTION_FAILED), | |
| 255 std::string()); | |
| 256 } | |
| 257 | |
| 258 void ManagedUserRefreshTokenFetcherImpl::DispatchNetworkError(int error_code) { | |
| 259 DispatchGoogleServiceAuthError( | |
| 260 GoogleServiceAuthError::FromConnectionError(error_code), std::string()); | |
| 261 } | |
| 262 | |
| 263 void ManagedUserRefreshTokenFetcherImpl::DispatchGoogleServiceAuthError( | |
| 264 const GoogleServiceAuthError& error, | |
| 265 const std::string& token) { | |
| 266 callback_.Run(error, token); | |
| 267 callback_.Reset(); | |
| 268 } | |
| 269 | |
| 270 } // namespace | |
| 271 | |
| 272 // static | |
| 273 scoped_ptr<ManagedUserRefreshTokenFetcher> | |
| 274 ManagedUserRefreshTokenFetcher::Create(OAuth2TokenService* oauth2_token_service, | |
| 275 const std::string& account_id, | |
| 276 URLRequestContextGetter* context) { | |
| 277 scoped_ptr<ManagedUserRefreshTokenFetcher> fetcher( | |
| 278 new ManagedUserRefreshTokenFetcherImpl(oauth2_token_service, account_id, | |
| 279 context)); | |
| 280 return fetcher.Pass(); | |
| 281 } | |
| 282 | |
| 283 ManagedUserRefreshTokenFetcher::~ManagedUserRefreshTokenFetcher() {} | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 335833003:
Rename "managed (mode|user)" to "supervised user" (part 2) (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src