| Index: chrome/browser/net/gaia/oauth2_login_token_fetcher.cc
|
| ===================================================================
|
| --- chrome/browser/net/gaia/oauth2_login_token_fetcher.cc (revision 0)
|
| +++ chrome/browser/net/gaia/oauth2_login_token_fetcher.cc (revision 0)
|
| @@ -0,0 +1,331 @@
|
| +// Copyright (c) 2011 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "chrome/browser/net/gaia/oauth2_login_token_fetcher.h"
|
| +
|
| +#include <algorithm>
|
| +#include <string>
|
| +
|
| +#include "base/json/json_reader.h"
|
| +#include "base/string_split.h"
|
| +#include "base/string_util.h"
|
| +#include "base/stringprintf.h"
|
| +#include "base/values.h"
|
| +#include "chrome/common/net/gaia/gaia_urls.h"
|
| +#include "chrome/common/net/gaia/google_service_auth_error.h"
|
| +#include "chrome/common/net/http_return.h"
|
| +#include "net/base/escape.h"
|
| +#include "net/base/load_flags.h"
|
| +#include "net/url_request/url_request_context_getter.h"
|
| +#include "net/url_request/url_request_status.h"
|
| +
|
| +using content::URLFetcher;
|
| +using content::URLFetcherDelegate;
|
| +using net::ResponseCookies;
|
| +using net::URLRequestContextGetter;
|
| +using net::URLRequestStatus;
|
| +
|
| +namespace {
|
| +// To get OAtuh2 authorization code from "lso" service auth token.
|
| +static const char kAuthHeaderFormat[] = "Authorization: GoogleLogin auth=%s";
|
| +static const char kGetAuthCodeBodyFormat[] = "scope=%s&client_id=%s";
|
| +static const char kAuthCodeCookiePartSecure[] = "Secure";
|
| +static const char kAuthCodeCookiePartHttpOnly[] = "HttpOnly";
|
| +static const char kAuthCodeCookiePartCodePrefix[] = "oauth_code=";
|
| +static const int kAuthCodeCookiePartCodePrefixLength =
|
| + arraysize(kAuthCodeCookiePartCodePrefix) - 1;
|
| +
|
| +// To get OAuth2 token pair from authorization code.
|
| +static const char kGetTokenPairBodyFormat[] =
|
| + "scope=%s&"
|
| + "grant_type=authorization_code&"
|
| + "client_id=%s&"
|
| + "client_secret=%s&"
|
| + "code=%s";
|
| +static const char kRefreshTokenKey[] = "refresh_token";
|
| +static const char kAccessTokenKey[] = "access_token";
|
| +
|
| +static bool CookiePartsContains(const std::vector<std::string>& parts,
|
| + const char* part) {
|
| + return std::find(parts.begin(), parts.end(), part) != parts.end();
|
| +}
|
| +
|
| +static bool ParseCookieToAuthCode(const std::string& cookie,
|
| + std::string* auth_code) {
|
| + std::vector<std::string> parts;
|
| + base::SplitString(cookie, ';', &parts);
|
| + // Per documentation, the cookie should have Secure and HttpOnly.
|
| + if (!CookiePartsContains(parts, kAuthCodeCookiePartSecure) ||
|
| + !CookiePartsContains(parts, kAuthCodeCookiePartHttpOnly)) {
|
| + return false;
|
| + }
|
| +
|
| + std::vector<std::string>::const_iterator iter;
|
| + for (iter = parts.begin(); iter != parts.end(); ++iter) {
|
| + const std::string& part = *iter;
|
| + if (StartsWithASCII(part, kAuthCodeCookiePartCodePrefix, false)) {
|
| + auth_code->assign(part.substr(kAuthCodeCookiePartCodePrefixLength));
|
| + return true;
|
| + }
|
| + }
|
| + return false;
|
| +}
|
| +
|
| +static bool GetStringFromDictionary(const DictionaryValue* dict,
|
| + const std::string& key,
|
| + std::string* value) {
|
| + Value* json_value;
|
| + if (!dict->Get(key, &json_value))
|
| + return false;
|
| + if (json_value->GetType() != base::Value::TYPE_STRING)
|
| + return false;
|
| +
|
| + StringValue* json_str_value = static_cast<StringValue*>(json_value);
|
| + json_str_value->GetAsString(value);
|
| + return true;
|
| +}
|
| +
|
| +static GoogleServiceAuthError CreateAuthError(URLRequestStatus status) {
|
| + CHECK(!status.is_success());
|
| + if (status.status() == URLRequestStatus::CANCELED) {
|
| + return GoogleServiceAuthError(GoogleServiceAuthError::REQUEST_CANCELED);
|
| + } else {
|
| + DLOG(WARNING) << "Could not reach Google Accounts servers: errno "
|
| + << status.error();
|
| + return GoogleServiceAuthError::FromConnectionError(status.error());
|
| + }
|
| +}
|
| +
|
| +static URLFetcher* CreateFetcher(URLRequestContextGetter* getter,
|
| + const GURL& url,
|
| + const std::string& body,
|
| + const std::string& headers,
|
| + URLFetcherDelegate* delegate) {
|
| + bool empty_body = body.empty();
|
| + URLFetcher* result = URLFetcher::Create(
|
| + 0, url,
|
| + empty_body ? URLFetcher::GET : URLFetcher::POST,
|
| + delegate);
|
| +
|
| + result->SetRequestContext(getter);
|
| + result->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
|
| + net::LOAD_DO_NOT_SAVE_COOKIES);
|
| +
|
| + if (!empty_body)
|
| + result->SetUploadData("application/x-www-form-urlencoded", body);
|
| + if (!headers.empty())
|
| + result->SetExtraRequestHeaders(headers);
|
| +
|
| + return result;
|
| +}
|
| +} // namespace
|
| +
|
| +OAuth2LoginTokenFetcher::OAuth2LoginTokenFetcher(
|
| + OAuth2LoginTokenConsumer* consumer,
|
| + URLRequestContextGetter* getter,
|
| + const std::string& source)
|
| + : consumer_(consumer),
|
| + getter_(getter),
|
| + source_(source),
|
| + state_(INITIAL) { }
|
| +
|
| +OAuth2LoginTokenFetcher::~OAuth2LoginTokenFetcher() { }
|
| +
|
| +void OAuth2LoginTokenFetcher::CancelRequest() {
|
| + fetcher_.reset();
|
| +}
|
| +
|
| +void OAuth2LoginTokenFetcher::Start(const std::string& auth_token) {
|
| + auth_token_ = auth_token;
|
| + StartGetAuthCode();
|
| +}
|
| +
|
| +void OAuth2LoginTokenFetcher::StartGetAuthCode() {
|
| + CHECK_EQ(INITIAL, state_);
|
| + state_ = GET_AUTH_CODE_STARTED;
|
| + fetcher_.reset(CreateFetcher(
|
| + getter_,
|
| + MakeGetAuthCodeUrl(),
|
| + MakeGetAuthCodeBody(),
|
| + MakeGetAuthCodeHeader(auth_token_),
|
| + this));
|
| + fetcher_->Start(); // OnUrlFetchComplete will be called.
|
| +}
|
| +
|
| +void OAuth2LoginTokenFetcher::EndGetAuthCode(const URLFetcher* source) {
|
| + CHECK_EQ(GET_AUTH_CODE_STARTED, state_);
|
| + state_ = GET_AUTH_CODE_DONE;
|
| +
|
| + URLRequestStatus status = source->GetStatus();
|
| + if (!status.is_success()) {
|
| + ReportFailure(CreateAuthError(status));
|
| + return;
|
| + }
|
| +
|
| + if (source->GetResponseCode() != RC_REQUEST_OK) {
|
| + ReportFailure(GoogleServiceAuthError(
|
| + GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS));
|
| + return;
|
| + }
|
| +
|
| + // The request was successfully fetched and it returned OK.
|
| + // Parse out the auth code from cookies.
|
| + if (!ParseGetAuthCodeResponse(source, &auth_code_)) {
|
| + ReportFailure(GoogleServiceAuthError(
|
| + GoogleServiceAuthError::UNEXPECTED_RESPONSE));
|
| + return;
|
| + }
|
| +
|
| + StartGetTokenPair();
|
| +}
|
| +
|
| +void OAuth2LoginTokenFetcher::StartGetTokenPair() {
|
| + CHECK_EQ(GET_AUTH_CODE_DONE, state_);
|
| + state_ = GET_TOKEN_PAIR_STARTED;
|
| +
|
| + fetcher_.reset(CreateFetcher(
|
| + getter_,
|
| + MakeGetTokenPairUrl(),
|
| + MakeGetTokenPairBody(auth_code_),
|
| + "",
|
| + this));
|
| + fetcher_->Start(); // OnUrlFetchComplete will be called.
|
| +}
|
| +
|
| +void OAuth2LoginTokenFetcher::EndGetTokenPair(const URLFetcher* source) {
|
| + CHECK_EQ(GET_TOKEN_PAIR_STARTED, state_);
|
| + state_ = GET_TOKEN_PAIR_DONE;
|
| +
|
| + URLRequestStatus status = source->GetStatus();
|
| + if (!status.is_success()) {
|
| + ReportFailure(CreateAuthError(status));
|
| + return;
|
| + }
|
| +
|
| + if (source->GetResponseCode() != RC_REQUEST_OK) {
|
| + ReportFailure(GoogleServiceAuthError(
|
| + GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS));
|
| + return;
|
| + }
|
| +
|
| + std::string refresh_token;
|
| + std::string access_token;
|
| + if (!ParseGetTokenPairResponse(source, &refresh_token, &access_token)) {
|
| + ReportFailure(GoogleServiceAuthError(
|
| + GoogleServiceAuthError::UNEXPECTED_RESPONSE));
|
| + return;
|
| + }
|
| +
|
| + ReportSuccess(refresh_token, access_token);
|
| +}
|
| +
|
| +void OAuth2LoginTokenFetcher::ReportSuccess(const std::string& refresh_token,
|
| + const std::string& access_token) {
|
| + consumer_->OnGetTokenSuccess(refresh_token, access_token);
|
| +}
|
| +
|
| +void OAuth2LoginTokenFetcher::ReportFailure(GoogleServiceAuthError error) {
|
| + state_ = ERROR_STATE;
|
| + consumer_->OnGetTokenFailure(error);
|
| +}
|
| +
|
| +void OAuth2LoginTokenFetcher::OnURLFetchComplete(const URLFetcher* source) {
|
| + CHECK(source);
|
| + CHECK(state_ == GET_AUTH_CODE_STARTED || state_ == GET_TOKEN_PAIR_STARTED);
|
| + switch (state_) {
|
| + case GET_AUTH_CODE_STARTED:
|
| + EndGetAuthCode(source);
|
| + break;
|
| + case GET_TOKEN_PAIR_STARTED:
|
| + EndGetTokenPair(source);
|
| + break;
|
| + default:
|
| + CHECK(false) << "This should not happen.";
|
| + break;
|
| + }
|
| +}
|
| +
|
| +// static
|
| +GURL OAuth2LoginTokenFetcher::MakeGetAuthCodeUrl() {
|
| + return GURL(GaiaUrls::GetInstance()->client_login_to_oauth2_url());
|
| +}
|
| +
|
| +// static
|
| +std::string OAuth2LoginTokenFetcher::MakeGetAuthCodeHeader(
|
| + const std::string& auth_token) {
|
| + return StringPrintf(kAuthHeaderFormat, auth_token.c_str());
|
| +}
|
| +
|
| +// static
|
| +std::string OAuth2LoginTokenFetcher::MakeGetAuthCodeBody() {
|
| + return StringPrintf(
|
| + kGetAuthCodeBodyFormat,
|
| + net::EscapeUrlEncodedData(
|
| + GaiaUrls::GetInstance()->oauth1_login_scope(), true).c_str(),
|
| + net::EscapeUrlEncodedData(
|
| + GaiaUrls::GetInstance()->oauth2_chrome_client_id(), true).c_str());
|
| +}
|
| +
|
| +// static
|
| +bool OAuth2LoginTokenFetcher::ParseGetAuthCodeResponse(
|
| + const URLFetcher* source,
|
| + std::string* auth_code) {
|
| + CHECK(source);
|
| + CHECK(auth_code);
|
| + const ResponseCookies& cookies = source->GetCookies();
|
| + ResponseCookies::const_iterator iter;
|
| + for (iter = cookies.begin(); iter != cookies.end(); ++iter) {
|
| + if (ParseCookieToAuthCode(*iter, auth_code))
|
| + return true;
|
| + }
|
| + return false;
|
| +}
|
| +
|
| +// static
|
| +GURL OAuth2LoginTokenFetcher::MakeGetTokenPairUrl() {
|
| + return GURL(GaiaUrls::GetInstance()->oauth2_token_url());
|
| +}
|
| +
|
| +// static
|
| +std::string OAuth2LoginTokenFetcher::MakeGetTokenPairBody(
|
| + const std::string& auth_code) {
|
| + return StringPrintf(
|
| + kGetTokenPairBodyFormat,
|
| + net::EscapeUrlEncodedData(
|
| + GaiaUrls::GetInstance()->oauth1_login_scope(), true).c_str(),
|
| + net::EscapeUrlEncodedData(
|
| + GaiaUrls::GetInstance()->oauth2_chrome_client_id(), true).c_str(),
|
| + net::EscapeUrlEncodedData(
|
| + GaiaUrls::GetInstance()->oauth2_chrome_client_secret(),
|
| + true).c_str(),
|
| + net::EscapeUrlEncodedData(auth_code, true).c_str());
|
| +}
|
| +
|
| +// static
|
| +bool OAuth2LoginTokenFetcher::ParseGetTokenPairResponse(
|
| + const URLFetcher* source,
|
| + std::string* refresh_token,
|
| + std::string* access_token) {
|
| + CHECK(source);
|
| + CHECK(refresh_token);
|
| + CHECK(access_token);
|
| + std::string data;
|
| + source->GetResponseAsString(&data);
|
| + base::JSONReader reader;
|
| + scoped_ptr<base::Value> value(reader.Read(data, false));
|
| + if (!value.get() || value->GetType() != base::Value::TYPE_DICTIONARY)
|
| + return false;
|
| +
|
| + DictionaryValue* dict = static_cast<DictionaryValue*>(value.get());
|
| + std::string rt;
|
| + std::string at;
|
| + if (!GetStringFromDictionary(dict, kRefreshTokenKey, &rt) ||
|
| + !GetStringFromDictionary(dict, kAccessTokenKey, &at)) {
|
| + return false;
|
| + }
|
| +
|
| + refresh_token->assign(rt);
|
| + access_token->assign(at);
|
| + return true;
|
| +}
|
|
|
Chromium Code Reviews
Issue 8603009:
Add a fetcher class to fetch an OAuth2 login scope token from ClientLogin credentials. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/