Scoping auth tokens by app

chrome/browser/extensions/api/copresence/copresence_api.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/api/copresence/copresence_api.h"
 
 #include "base/lazy_instance.h"
 #include "base/memory/linked_ptr.h"
 #include "chrome/browser/copresence/chrome_whispernet_client.h"
 #include "chrome/browser/services/gcm/gcm_profile_service.h"
@@ skipping 40 matching lines @@
     manager_.reset(new copresence::CopresenceManagerImpl(this));
   return manager_.get();
 }
 
 copresence::WhispernetClient* CopresenceService::whispernet_client() {
   if (!whispernet_client_ && !is_shutting_down_)
     whispernet_client_.reset(new ChromeWhispernetClient(browser_context_));
   return whispernet_client_.get();
 }
 
+const std::string CopresenceService::auth_token(const std::string& app_id)
+    const {
+  // This won't be const if we use map[]
+  const auto& key = auth_tokens_by_app_.find(app_id);
+  return key == auth_tokens_by_app_.end() ? std::string() : key->second;
+}
+
 void CopresenceService::set_api_key(const std::string& app_id,
                                     const std::string& api_key) {
   DCHECK(!app_id.empty());
   api_keys_by_app_[app_id] = api_key;
 }
 
-void CopresenceService::set_auth_token(const std::string& token) {
-  auth_token_ = token;
+void CopresenceService::set_auth_token(const std::string& app_id,
+                                       const std::string& token) {
+  DCHECK(!app_id.empty());
+  auth_tokens_by_app_[app_id] = token;
 }
 
 void CopresenceService::set_manager_for_testing(
     scoped_ptr<copresence::CopresenceManager> manager) {
   manager_ = manager.Pass();
 }
 
 // static
 BrowserContextKeyedAPIFactory<CopresenceService>*
 CopresenceService::GetFactoryInstance() {
@@ skipping 98 matching lines @@
   if (!PrepareReportRequestProto(params->operations,
                                  extension_id(),
                                  &service->apps_by_subscription_id(),
                                  &request)) {
     return RespondNow(Error(kInvalidOperationsMessage));
   }
 
   service->manager()->ExecuteReportRequest(
       request,
       extension_id(),
-      service->auth_token(),
+      service->auth_token(extension_id()),
       base::Bind(&CopresenceExecuteFunction::SendResult, this));
   return RespondLater();
 }
 
 void CopresenceExecuteFunction::SendResult(
     copresence::CopresenceStatus status) {
   api::copresence::ExecuteStatus api_status =
       (status == copresence::SUCCESS) ? api::copresence::EXECUTE_STATUS_SUCCESS
                                       : api::copresence::EXECUTE_STATUS_FAILED;
   Respond(ArgumentList(api::copresence::Execute::Results::Create(api_status)));
@@ skipping 11 matching lines @@
   return RespondNow(NoArguments());
 }
 
 // CopresenceSetAuthTokenFunction implementation
 ExtensionFunction::ResponseAction CopresenceSetAuthTokenFunction::Run() {
   scoped_ptr<api::copresence::SetAuthToken::Params> params(
       api::copresence::SetAuthToken::Params::Create(*args_));
   EXTENSION_FUNCTION_VALIDATE(params.get());
 
   // The token may be set to empty, to clear it.
-  // TODO(ckehoe): Scope the auth token appropriately (crbug/423517).
   CopresenceService::GetFactoryInstance()->Get(browser_context())
-      ->set_auth_token(params->token);
+      ->set_auth_token(extension_id(), params->token);
   return RespondNow(NoArguments());
 }
 
 }  // namespace extensions