OAuth2 support for Webstore downloads.

chrome/browser/extensions/updater/extension_downloader.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/updater/extension_downloader.h"
 
 #include <utility>
 
 #include "base/bind.h"
 #include "base/command_line.h"
@@ skipping 13 matching lines @@
 #include "chrome/browser/extensions/updater/request_queue_impl.h"
 #include "chrome/browser/extensions/updater/safe_manifest_parser.h"
 #include "chrome/browser/metrics/chrome_metrics_service_accessor.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/chrome_version_info.h"
 #include "chrome/common/extensions/extension_constants.h"
 #include "chrome/common/extensions/manifest_url_handler.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/notification_details.h"
 #include "content/public/browser/notification_service.h"
+#include "google_apis/gaia/identity_provider.h"
 #include "net/base/backoff_entry.h"
 #include "net/base/load_flags.h"
 #include "net/base/net_errors.h"
+#include "net/http/http_request_headers.h"
+#include "net/http/http_status_code.h"
 #include "net/url_request/url_fetcher.h"
 #include "net/url_request/url_request_context_getter.h"
 #include "net/url_request/url_request_status.h"
 
 using base::Time;
 using base::TimeDelta;
 using content::BrowserThread;
 
 namespace extensions {
 
@@ skipping 27 matching lines @@
   false,
 };
 
 const char kAuthUserQueryKey[] = "authuser";
 
 const int kMaxAuthUserValue = 10;
 
 const char kNotFromWebstoreInstallSource[] = "notfromwebstore";
 const char kDefaultInstallSource[] = "";
 
-#define RETRY_HISTOGRAM(name, retry_count, url) \
-    if ((url).DomainIs("google.com")) { \
-      UMA_HISTOGRAM_CUSTOM_COUNTS( \
-          "Extensions." name "RetryCountGoogleUrl", retry_count, 1, \
-          kMaxRetries, kMaxRetries+1); \
-    } else { \
-      UMA_HISTOGRAM_CUSTOM_COUNTS( \
-          "Extensions." name "RetryCountOtherUrl", retry_count, 1, \
-          kMaxRetries, kMaxRetries+1); \
-    }
+const char kGoogleDotCom[] = "google.com";
+const char kTokenServiceConsumerId[] = "extension_downloader";
+const char kWebstoreOAuth2Scope[] =
+    "https://www.googleapis.com/auth/chromewebstore.readonly";
+
+#define RETRY_HISTOGRAM(name, retry_count, url)                           \
+  if ((url).DomainIs(kGoogleDotCom)) {                                    \
+    UMA_HISTOGRAM_CUSTOM_COUNTS("Extensions." name "RetryCountGoogleUrl", \
+                                retry_count,                              \
+                                1,                                        \
+                                kMaxRetries,                              \
+                                kMaxRetries + 1);                         \
+  } else {                                                                \
+    UMA_HISTOGRAM_CUSTOM_COUNTS("Extensions." name "RetryCountOtherUrl",  \
+                                retry_count,                              \
+                                1,                                        \
+                                kMaxRetries,                              \
+                                kMaxRetries + 1);                         \
+  }
 
 bool ShouldRetryRequest(const net::URLRequestStatus& status,
                         int response_code) {
   // Retry if the response code is a server error, or the request failed because
   // of network errors as opposed to file errors.
   return ((response_code >= 500 && status.is_success()) ||
           status.status() == net::URLRequestStatus::FAILED);
 }
 
-bool ShouldRetryRequestWithCookies(const net::URLRequestStatus& status,
-                                   int response_code,
-                                   bool included_cookies) {
-  if (included_cookies)
-    return false;
-
-  if (status.status() == net::URLRequestStatus::CANCELED)
-    return true;
-
-  // Retry if a 401 or 403 is received.
-  return (status.status() == net::URLRequestStatus::SUCCESS &&
-          (response_code == 401 || response_code == 403));
-}
-
-bool ShouldRetryRequestWithNextUser(const net::URLRequestStatus& status,
-                                    int response_code,
-                                    bool included_cookies) {
-  // Retry if a 403 is received in response to a request including cookies.
-  // Note that receiving a 401 in response to a request which included cookies
-  // should indicate that the |authuser| index was out of bounds for the profile
-  // and therefore Chrome should NOT retry with another index.
-  return (status.status() == net::URLRequestStatus::SUCCESS &&
-          response_code == 403 && included_cookies);
-}
-
 // This parses and updates a URL query such that the value of the |authuser|
 // query parameter is incremented by 1. If parameter was not present in the URL,
 // it will be added with a value of 1. All other query keys and values are
 // preserved as-is. Returns |false| if the user index exceeds a hard-coded
 // maximum.
 bool IncrementAuthUserIndex(GURL* url) {
   int user_index = 0;
   std::string old_query = url->query();
   std::vector<std::string> new_query_parts;
   url::Component query(0, old_query.length());
@@ skipping 21 matching lines @@
 }
 
 }  // namespace
 
 UpdateDetails::UpdateDetails(const std::string& id, const Version& version)
     : id(id), version(version) {}
 
 UpdateDetails::~UpdateDetails() {}
 
 ExtensionDownloader::ExtensionFetch::ExtensionFetch()
-    : url(), is_protected(false) {}
+    : url(), credentials(CREDENTIALS_NONE) {
+}
 
 ExtensionDownloader::ExtensionFetch::ExtensionFetch(
     const std::string& id,
     const GURL& url,
     const std::string& package_hash,
     const std::string& version,
     const std::set<int>& request_ids)
-    : id(id), url(url), package_hash(package_hash), version(version),
-      request_ids(request_ids), is_protected(false) {}
+    : id(id),
+      url(url),
+      package_hash(package_hash),
+      version(version),
+      request_ids(request_ids),
+      credentials(CREDENTIALS_NONE) {
+}
 
 ExtensionDownloader::ExtensionFetch::~ExtensionFetch() {}
 
 ExtensionDownloader::ExtensionDownloader(
     ExtensionDownloaderDelegate* delegate,
-    net::URLRequestContextGetter* request_context)
-    : delegate_(delegate),
+    net::URLRequestContextGetter* request_context,
+    IdentityProvider* webstore_identity_provider)
+    : OAuth2TokenService::Consumer(kTokenServiceConsumerId),
+      delegate_(delegate),
       request_context_(request_context),
       weak_ptr_factory_(this),
       manifests_queue_(&kDefaultBackoffPolicy,
-          base::Bind(&ExtensionDownloader::CreateManifestFetcher,
-                     base::Unretained(this))),
+                       base::Bind(&ExtensionDownloader::CreateManifestFetcher,
+                                  base::Unretained(this))),
       extensions_queue_(&kDefaultBackoffPolicy,
-          base::Bind(&ExtensionDownloader::CreateExtensionFetcher,
-                     base::Unretained(this))),
-      extension_cache_(NULL) {
+                        base::Bind(&ExtensionDownloader::CreateExtensionFetcher,
+                                   base::Unretained(this))),
+      extension_cache_(NULL),
+      identity_provider_(webstore_identity_provider) {
   DCHECK(delegate_);
   DCHECK(request_context_);
 }
 
 ExtensionDownloader::~ExtensionDownloader() {}
 
 bool ExtensionDownloader::AddExtension(const Extension& extension,
                                        int request_id) {
   // Skip extensions with empty update URLs converted from user
   // scripts.
@@ skipping 94 matching lines @@
   if (extension_urls::IsWebstoreUpdateUrl(update_url) &&
       !update_url.SchemeIsSecure())
     update_url = extension_urls::GetWebstoreUpdateUrl();
 
   // Skip extensions with empty IDs.
   if (id.empty()) {
     LOG(WARNING) << "Found extension with empty ID";
     return false;
   }
 
-  if (update_url.DomainIs("google.com")) {
+  if (update_url.DomainIs(kGoogleDotCom)) {
     url_stats_.google_url_count++;
   } else if (update_url.is_empty()) {
     url_stats_.no_url_count++;
     // Fill in default update URL.
     update_url = extension_urls::GetWebstoreUpdateUrl();
   } else {
     url_stats_.other_url_count++;
   }
 
   switch (extension_type) {
@@ skipping 253 matching lines @@
       }
     }
     scoped_ptr<ExtensionFetch> fetch(new ExtensionFetch(
         update->extension_id, crx_url, update->package_hash,
         update->version, fetch_data.request_ids()));
     FetchUpdatedExtension(fetch.Pass());
   }
 
   // If the manifest response included a <daystart> element, we want to save
   // that value for any extensions which had sent a ping in the request.
-  if (fetch_data.base_url().DomainIs("google.com") &&
+  if (fetch_data.base_url().DomainIs(kGoogleDotCom) &&
       results->daystart_elapsed_seconds >= 0) {
     Time day_start =
         Time::Now() - TimeDelta::FromSeconds(results->daystart_elapsed_seconds);
 
     const std::set<std::string>& extension_ids = fetch_data.extension_ids();
     std::set<std::string>::const_iterator i;
     for (i = extension_ids.begin(); i != extension_ids.end(); i++) {
       const std::string& id = *i;
       ExtensionDownloaderDelegate::PingResult& result = ping_results_[id];
       result.did_ping = fetch_data.DidPing(id, ManifestFetchData::ROLLCALL);
@@ skipping 121 matching lines @@
     const base::FilePath& crx_path,
     bool file_ownership_passed) {
   delegate_->OnExtensionDownloadFinished(fetch_data->id, crx_path,
       file_ownership_passed, fetch_data->url, fetch_data->version,
       ping_results_[fetch_data->id], fetch_data->request_ids);
   ping_results_.erase(fetch_data->id);
 }
 
 void ExtensionDownloader::CreateExtensionFetcher() {
   const ExtensionFetch* fetch = extensions_queue_.active_request();
+  extension_fetcher_.reset(net::URLFetcher::Create(
+      kExtensionFetcherId, fetch->url, net::URLFetcher::GET, this));
+  extension_fetcher_->SetRequestContext(request_context_);
+  extension_fetcher_->SetAutomaticallyRetryOnNetworkChanges(3);
+
   int load_flags = net::LOAD_DISABLE_CACHE;
-  if (!fetch->is_protected || !fetch->url.SchemeIs("https")) {
+  bool is_secure = fetch->url.SchemeIsSecure();
+  if (fetch->credentials != ExtensionFetch::CREDENTIALS_COOKIES || !is_secure) {
       load_flags |= net::LOAD_DO_NOT_SEND_COOKIES |
                     net::LOAD_DO_NOT_SAVE_COOKIES;
   }
-  extension_fetcher_.reset(net::URLFetcher::Create(
-      kExtensionFetcherId, fetch->url, net::URLFetcher::GET, this));
-  extension_fetcher_->SetRequestContext(request_context_);
   extension_fetcher_->SetLoadFlags(load_flags);
-  extension_fetcher_->SetAutomaticallyRetryOnNetworkChanges(3);
+
   // Download CRX files to a temp file. The blacklist is small and will be
   // processed in memory, so it is fetched into a string.
   if (fetch->id != kBlacklistAppID) {
     extension_fetcher_->SaveResponseToTemporaryFile(
         BrowserThread::GetMessageLoopProxyForThread(BrowserThread::FILE));
   }
 
+  if (fetch->credentials == ExtensionFetch::CREDENTIALS_OAUTH2_TOKEN &&
+      is_secure) {
+    if (access_token_.empty()) {
+      // We should try OAuth2, but we have no token cached. This
+      // ExtensionFetcher will be started once a token fetch is complete.
+      DCHECK(identity_provider_);
+      OAuth2TokenService::ScopeSet webstore_scopes;
+      webstore_scopes.insert(kWebstoreOAuth2Scope);
+      access_token_request_ =
+          identity_provider_->GetTokenService()->StartRequest(
+              identity_provider_->GetActiveAccountId(),
+              webstore_scopes,
+              this);

[asargent_no_longer_on_chrome, 2014/08/07 17:09:12]

It might be helpful to future readers to add a comment here noting that we'll be
called back via OnGetTokenSuccess/OnGetTokenFailure, and control flow will
contine from there.  

[Ken Rockot(use gerrit already), 2014/08/07 19:50:47]

Added some clarity to the existing comment

+      return;
+    }
+    extension_fetcher_->AddExtraRequestHeader(
+        base::StringPrintf("%s: Bearer %s",
+            net::HttpRequestHeaders::kAuthorization,
+            access_token_.c_str()));

[asargent_no_longer_on_chrome, 2014/08/07 17:09:12]

Would it be worth adding a kAuthorizationBearer constant as well to
net::HttpRequestHeaders ? 

[Ken Rockot(use gerrit already), 2014/08/07 19:50:47]

Bearer tokens are (unlike the Authorization header itself) an OAuth2 concept
rather than an HTTP concept.

It might be justifiable to add a constant somewhere in the oauth support code,
or even a utility function that takes a bearer token string and generates a
well-formed Authorization header.

Opting to leave as-is for now though.

+  }
+
   VLOG(2) << "Starting fetch of " << fetch->url << " for " << fetch->id;
-
   extension_fetcher_->Start();
 }
 
 void ExtensionDownloader::OnCRXFetchComplete(
     const net::URLFetcher* source,
     const GURL& url,
     const net::URLRequestStatus& status,
     int response_code,
     const base::TimeDelta& backoff_delay) {
-  const std::string& id = extensions_queue_.active_request()->id;
+  ExtensionFetch& active_request = *extensions_queue_.active_request();
+  const std::string& id = active_request.id;
   if (status.status() == net::URLRequestStatus::SUCCESS &&
       (response_code == 200 || url.SchemeIsFile())) {
     RETRY_HISTOGRAM("CrxFetchSuccess",
                     extensions_queue_.active_request_failure_count(), url);
     base::FilePath crx_path;
     // Take ownership of the file at |crx_path|.
     CHECK(source->GetResponseAsFilePath(true, &crx_path));
     scoped_ptr<ExtensionFetch> fetch_data =
         extensions_queue_.reset_active_request();
     if (extension_cache_) {
       const std::string& version = fetch_data->version;
       extension_cache_->PutExtension(id, crx_path, version,
           base::Bind(&ExtensionDownloader::NotifyDelegateDownloadFinished,
                      weak_ptr_factory_.GetWeakPtr(),
                      base::Passed(&fetch_data)));
     } else {
       NotifyDelegateDownloadFinished(fetch_data.Pass(), crx_path, true);
     }
-  } else if (ShouldRetryRequestWithCookies(
-                 status,
-                 response_code,
-                 extensions_queue_.active_request()->is_protected)) {
-    // Requeue the fetch with |is_protected| set, enabling cookies.
-    extensions_queue_.active_request()->is_protected = true;
-    extensions_queue_.RetryRequest(backoff_delay);
-  } else if (ShouldRetryRequestWithNextUser(
-                 status,
-                 response_code,
-                 extensions_queue_.active_request()->is_protected) &&
-             IncrementAuthUserIndex(&extensions_queue_.active_request()->url)) {
+  } else if (IterateFetchCredentialsAfterFailure(
+                &active_request,
+                status,
+                response_code)) {
     extensions_queue_.RetryRequest(backoff_delay);
   } else {
-    const std::set<int>& request_ids =
-        extensions_queue_.active_request()->request_ids;
+    const std::set<int>& request_ids = active_request.request_ids;
     const ExtensionDownloaderDelegate::PingResult& ping = ping_results_[id];
     VLOG(1) << "Failed to fetch extension '" << url.possibly_invalid_spec()
             << "' response code:" << response_code;
     if (ShouldRetryRequest(status, response_code) &&
         extensions_queue_.active_request_failure_count() < kMaxRetries) {
       extensions_queue_.RetryRequest(backoff_delay);
     } else {
       RETRY_HISTOGRAM("CrxFetchFailure",
                       extensions_queue_.active_request_failure_count(), url);
       // status.error() is 0 (net::OK) or negative. (See net/base/net_errors.h)
@@ skipping 25 matching lines @@
 
 void ExtensionDownloader::NotifyUpdateFound(const std::string& id,
                                             const std::string& version) {
   UpdateDetails updateInfo(id, Version(version));
   content::NotificationService::current()->Notify(
       extensions::NOTIFICATION_EXTENSION_UPDATE_FOUND,
       content::NotificationService::AllBrowserContextsAndSources(),
       content::Details<UpdateDetails>(&updateInfo));
 }
 
+bool ExtensionDownloader::IterateFetchCredentialsAfterFailure(
+    ExtensionFetch* fetch,
+    const net::URLRequestStatus& status,
+    int response_code) {
+  bool auth_failure = status.status() == net::URLRequestStatus::CANCELED ||
+                      (status.status() == net::URLRequestStatus::SUCCESS &&
+                       (response_code == net::HTTP_UNAUTHORIZED ||
+                        response_code == net::HTTP_FORBIDDEN));
+  if (!auth_failure) {
+    return false;
+  }
+  // Here we decide what to do next if the server refused to authorize this
+  // fetch.
+  switch (fetch->credentials) {
+    case ExtensionFetch::CREDENTIALS_NONE:
+      if (fetch->url.DomainIs(kGoogleDotCom) && identity_provider_) {
+        fetch->credentials = ExtensionFetch::CREDENTIALS_OAUTH2_TOKEN;
+      } else {
+        fetch->credentials = ExtensionFetch::CREDENTIALS_COOKIES;
+      }
+      return true;
+    case ExtensionFetch::CREDENTIALS_OAUTH2_TOKEN:
+      // OAuth2 may fail due to an expired access token, in which case we
+      // should invalidate the token and try again.
+      if (response_code == net::HTTP_UNAUTHORIZED) {
+        DCHECK(identity_provider_ != NULL);
+        OAuth2TokenService::ScopeSet webstore_scopes;
+        webstore_scopes.insert(kWebstoreOAuth2Scope);
+        identity_provider_->GetTokenService()->InvalidateToken(
+            identity_provider_->GetActiveAccountId(),
+            webstore_scopes,
+            access_token_);
+        access_token_.clear();

[asargent_no_longer_on_chrome, 2014/08/07 17:09:12]

Can a misbehaving server cause us to fall into an infinite loop of requests if
it keeps responding with HTTP_UNAUTHORIZED? If so maybe we should remember the
fact that we're doing a retry for this case and give up after some reasonable
number of attempts. 

[Ken Rockot(use gerrit already), 2014/08/07 19:50:48]

Ah yes. Good catch. Added an attempt counter to the fetch.

+        return true;
+      }
+      // Either there is no Gaia identity available or the active identity
+      // doesn't have access to this resource. Fall back on cookies.
+      if (access_token_.empty() ||
+          response_code == net::HTTP_FORBIDDEN) {
+        fetch->credentials = ExtensionFetch::CREDENTIALS_COOKIES;
+        return true;
+      }
+      return false;
+    case ExtensionFetch::CREDENTIALS_COOKIES:
+      if (response_code == net::HTTP_FORBIDDEN) {
+        // Try the next session identity, up to some maximum.
+        return IncrementAuthUserIndex(&fetch->url);
+      }
+      return false;
+    default:
+      NOTREACHED();
+  }
+  NOTREACHED();
+}
+
+void ExtensionDownloader::OnGetTokenSuccess(
+    const OAuth2TokenService::Request* request,
+    const std::string& access_token,
+    const base::Time& expiration_time) {
+  access_token_ = access_token;
+  extension_fetcher_->AddExtraRequestHeader(
+      base::StringPrintf("%s: Bearer %s",
+          net::HttpRequestHeaders::kAuthorization,
+          access_token_.c_str()));
+  extension_fetcher_->Start();
+}
+
+void ExtensionDownloader::OnGetTokenFailure(
+    const OAuth2TokenService::Request* request,
+    const GoogleServiceAuthError& error) {
+  // If we fail to get an access token, kick the pending fetch and let it fall
+  // back on cookies.
+  extension_fetcher_->Start();
+}
+
 }  // namespace extensions