signin: record http response codes and net errors in OAuth2AccessTokenFetcher.

google_apis/gaia/oauth2_access_token_fetcher.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "google_apis/gaia/oauth2_access_token_fetcher.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
 #include "base/json/json_reader.h"
+#include "base/metrics/histogram.h"
+#include "base/metrics/sparse_histogram.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/time/time.h"
 #include "base/values.h"
 #include "google_apis/gaia/gaia_urls.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "net/base/escape.h"
 #include "net/base/load_flags.h"
 #include "net/http/http_status_code.h"
 #include "net/url_request/url_fetcher.h"
@@ skipping 15 matching lines @@
 
 static const char kGetAccessTokenBodyWithScopeFormat[] =
     "client_id=%s&"
     "client_secret=%s&"
     "grant_type=refresh_token&"
     "refresh_token=%s&"
     "scope=%s";
 
 static const char kAccessTokenKey[] = "access_token";
 static const char kExpiresInKey[] = "expires_in";
+static const char kErrorKey[] = "error";
+
+// Enumerated constants for logging server responses on 400 errors, matching
+// RFC 6749.
+enum OAuth2ErrorCodesForHistogram {
+   OAUTH2_ACCESS_ERROR_INVALID_REQUEST = 0,
+   OAUTH2_ACCESS_ERROR_INVALID_CLIENT,
+   OAUTH2_ACCESS_ERROR_INVALID_GRANT,
+   OAUTH2_ACCESS_ERROR_UNAUTHORIZED_CLIENT,
+   OAUTH2_ACCESS_ERROR_UNSUPPORTED_GRANT_TYPE,
+   OAUTH2_ACCESS_ERROR_INVALID_SCOPE,
+   OAUTH2_ACCESS_ERROR_UNKNOWN,
+   OAUTH2_ACCESS_ERROR_COUNT
+};
+
+OAuth2ErrorCodesForHistogram OAuth2ErrorToHistogramValue(
+    const std::string& error) {
+  if (error == "invalid_request")
+    return OAUTH2_ACCESS_ERROR_INVALID_REQUEST;
+  else if (error == "invalid_client")
+    return OAUTH2_ACCESS_ERROR_INVALID_CLIENT;
+  else if (error == "invalid_grant")
+    return OAUTH2_ACCESS_ERROR_INVALID_GRANT;
+  else if (error == "unauthorized_client")
+    return OAUTH2_ACCESS_ERROR_UNAUTHORIZED_CLIENT;
+  else if (error == "unsupported_grant_type")
+    return OAUTH2_ACCESS_ERROR_UNSUPPORTED_GRANT_TYPE;
+  else if (error == "invalid_scope")
+    return OAUTH2_ACCESS_ERROR_INVALID_SCOPE;
+
+  return OAUTH2_ACCESS_ERROR_UNKNOWN;
+}
 
 static GoogleServiceAuthError CreateAuthError(URLRequestStatus status) {
   CHECK(!status.is_success());
   if (status.status() == URLRequestStatus::CANCELED) {
     return GoogleServiceAuthError(GoogleServiceAuthError::REQUEST_CANCELED);
   } else {
     DLOG(WARNING) << "Could not reach Google Accounts servers: errno "
                   << status.error();
     return GoogleServiceAuthError::FromConnectionError(status.error());
   }
@@ skipping 60 matching lines @@
       this));
   fetcher_->Start();  // OnURLFetchComplete will be called.
 }
 
 void OAuth2AccessTokenFetcher::EndGetAccessToken(
     const net::URLFetcher* source) {
   CHECK_EQ(GET_ACCESS_TOKEN_STARTED, state_);
   state_ = GET_ACCESS_TOKEN_DONE;
 
   URLRequestStatus status = source->GetStatus();
+  int histogram_value = status.is_success() ? source->GetResponseCode() :
+                                              status.error();
+  UMA_HISTOGRAM_SPARSE_SLOWLY("Gaia.ResponseCodesForOAuth2AccessToken",
+                              histogram_value);
   if (!status.is_success()) {
     OnGetTokenFailure(CreateAuthError(status));
     return;
   }
 
   // HTTP_FORBIDDEN (403) is treated as temporary error, because it may be
   // '403 Rate Limit Exeeded.'
   if (source->GetResponseCode() == net::HTTP_FORBIDDEN) {
     OnGetTokenFailure(GoogleServiceAuthError(
         GoogleServiceAuthError::SERVICE_UNAVAILABLE));
     return;
   }
 
+  if (source->GetResponseCode() == net::HTTP_BAD_REQUEST) {
+    // HTTP_BAD_REQUEST (400) usually contains error as per
+    // http://tools.ietf.org/html/rfc6749#section-5.2.
+    std::string gaia_error;
+    OAuth2ErrorCodesForHistogram access_error(OAUTH2_ACCESS_ERROR_UNKNOWN);
+    if (ParseGetAccessTokenFailureResponse(source, &gaia_error))
+      access_error = OAuth2ErrorToHistogramValue(gaia_error);
+    UMA_HISTOGRAM_ENUMERATION("Gaia.BadRequestTypeForOAuth2AccessToken",
+                              access_error, OAUTH2_ACCESS_ERROR_COUNT);
+    OnGetTokenFailure(GoogleServiceAuthError(
+        GoogleServiceAuthError::SERVICE_ERROR));

[pavely, 2013/11/04 23:25:28]

You still need to return INVALID_GAIA_CREDENTIALS for invalid_grant

+    return;
+  }
+
   // The other errors are treated as permanent error.
   if (source->GetResponseCode() != net::HTTP_OK) {
     OnGetTokenFailure(GoogleServiceAuthError(
         GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS));
     return;
   }
 
   // The request was successfully fetched and it returned OK.
   // Parse out the access token and the expiration time.
   std::string access_token;
   int expires_in;
-  if (!ParseGetAccessTokenResponse(source, &access_token, &expires_in)) {
+  if (!ParseGetAccessTokenSuccessResponse(
+          source, &access_token, &expires_in)) {
     DLOG(WARNING) << "Response doesn't match expected format";
     OnGetTokenFailure(
         GoogleServiceAuthError(GoogleServiceAuthError::SERVICE_UNAVAILABLE));
     return;
   }
   // The token will expire in |expires_in| seconds. Take a 10% error margin to
   // prevent reusing a token too close to its expiration date.
   OnGetTokenSuccess(
       access_token,
       base::Time::Now() + base::TimeDelta::FromSeconds(9 * expires_in / 10));
@@ skipping 44 matching lines @@
     std::string scopes_string = JoinString(scopes, ' ');
     return base::StringPrintf(
         kGetAccessTokenBodyWithScopeFormat,
         enc_client_id.c_str(),
         enc_client_secret.c_str(),
         enc_refresh_token.c_str(),
         net::EscapeUrlEncodedData(scopes_string, true).c_str());
   }
 }
 
-// static
-bool OAuth2AccessTokenFetcher::ParseGetAccessTokenResponse(
-    const net::URLFetcher* source,
-    std::string* access_token,
-    int* expires_in) {
+scoped_ptr<base::DictionaryValue> ParseGetAccessTokenResponse(
+    const net::URLFetcher* source) {
   CHECK(source);
-  CHECK(access_token);
+
   std::string data;
   source->GetResponseAsString(&data);
   scoped_ptr<base::Value> value(base::JSONReader::Read(data));
   if (!value.get() || value->GetType() != base::Value::TYPE_DICTIONARY)
+    value.reset();
+
+  return scoped_ptr<base::DictionaryValue>(
+      static_cast<base::DictionaryValue*>(value.release()));
+}
+
+// static
+bool OAuth2AccessTokenFetcher::ParseGetAccessTokenSuccessResponse(
+    const net::URLFetcher* source,
+    std::string* access_token,
+    int* expires_in) {
+  CHECK(access_token);
+  scoped_ptr<base::DictionaryValue> value = ParseGetAccessTokenResponse(
+      source);
+  if (value.get() == NULL)
     return false;
 
-  base::DictionaryValue* dict =
-      static_cast<base::DictionaryValue*>(value.get());
-  return dict->GetString(kAccessTokenKey, access_token) &&
-      dict->GetInteger(kExpiresInKey, expires_in);
+  return value->GetString(kAccessTokenKey, access_token) &&
+      value->GetInteger(kExpiresInKey, expires_in);
 }
+
+// static
+bool OAuth2AccessTokenFetcher::ParseGetAccessTokenFailureResponse(
+    const net::URLFetcher* source,
+    std::string* error) {
+  CHECK(error);
+  scoped_ptr<base::DictionaryValue> value = ParseGetAccessTokenResponse(
+      source);
+  if (value.get() == NULL)
+    return false;
+  return value->GetString(kErrorKey, error);
+}