Add application pre-authorization.

remoting/webapp/crd/js/identity.js

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 /**
  * @fileoverview
  * Wrapper class for Chrome's identity API.
  */
+/** @suppress {duplicate} */
+var remoting = remoting || {};
+
+(function(){
 
 'use strict';
 
-/** @suppress {duplicate} */
-var remoting = remoting || {};
-
 /**
  * @type {remoting.Identity}
  */
 remoting.identity = null;
 
+var USER_CANCELLED = 'The user did not approve access.';
+
 /**
  * @param {remoting.Identity.ConsentDialog=} opt_consentDialog
  * @constructor
  */
 remoting.Identity = function(opt_consentDialog) {
   /** @private */
   this.consentDialog_ = opt_consentDialog;
-  /** @type {string} @private */
+  /** @private {string} */
   this.email_ = '';
-  /** @type {string} @private */
+  /** @private {string} */
   this.fullName_ = '';
   /** @type {base.Deferred<string>} */
   this.authTokenDeferred_ = null;
+  /** @private {boolean} */
+  this.interactive_ = false;
 };
 
 /**
  * chrome.identity.getAuthToken should be initiated from user interactions if
  * called with interactive equals true.  This interface prompts a dialog for
  * the user's consent.
  *
  * @interface
  */
 remoting.Identity.ConsentDialog = function() {};
@@ skipping 10 matching lines @@
  * @return {!Promise<string>} A promise resolved with an access token
  *     or rejected with a remoting.Error.
  */
 remoting.Identity.prototype.getToken = function() {
   /** @const */
   var that = this;
 
   if (this.authTokenDeferred_ == null) {
     this.authTokenDeferred_ = new base.Deferred();
     chrome.identity.getAuthToken(
-        { 'interactive': false },
-        that.onAuthComplete_.bind(that, false));
+        { 'interactive': this.interactive_ },
+        this.onAuthComplete_.bind(this));
   }
   return this.authTokenDeferred_.promise();
 };
 
 /**
  * Gets a fresh access token.
  *
  * @return {!Promise<string>} A promise resolved with an access token
  *     or rejected with a remoting.Error.
  */
@@ skipping 80 matching lines @@
  */
 remoting.Identity.prototype.getEmail = function() {
   return this.getUserInfo().then(function(userInfo) {
     return userInfo.email;
   });
 };
 
 /**
  * Callback for the getAuthToken API.
  *
- * @param {boolean} interactive The value of the "interactive" parameter to
- *     getAuthToken.
  * @param {?string} token The auth token, or null if the request failed.
  * @private
  */
-remoting.Identity.prototype.onAuthComplete_ = function(interactive, token) {
+remoting.Identity.prototype.onAuthComplete_ = function(token) {
   var authTokenDeferred = this.authTokenDeferred_;
 
   // Pass the token to the callback(s) if it was retrieved successfully.
   if (token) {
     authTokenDeferred.resolve(token);
     this.authTokenDeferred_ = null;
     return;
   }
 
   // If not, pass an error back to the callback(s) if we've already prompted the
   // user for permission.
-  if (interactive) {
+  if (this.interactive_) {
     var error_message =
         chrome.runtime.lastError ? chrome.runtime.lastError.message
                                  : 'Unknown error.';
     console.error(error_message);

[kelvinp, 2015/03/05 02:12:14]

Should we set this.interactive_ to false here? Or else, once the dialog is
shown, it will consider all future attempts as interactive.

[Jamie, 2015/03/05 02:31:27]

That's intentional. Part of the reason for this change is that we only
(potentially) show in-DOM UI for the first call to getToken(). This class was
originally designed under the assumption that you could only set {interactive:
true} from a UIEvent, but since that's not the case I prefer that we let
chrome.identity show whatever UI it deems appropriate in the rare case that a
token is revoked--it's better UX than popping up something in-DOM which might
not get cleaned up correctly.

-    authTokenDeferred.reject(remoting.Error.NOT_AUTHENTICATED);
+    var error = (error_message == USER_CANCELLED) ?
+        remoting.Error.CANCELLED : remoting.Error.NOT_AUTHENTICATED;

[Jamie, 2015/03/05 01:35:56]

courage@, is this the recommended way of determining whether the user declined
the permissions (ie, not an error--should probably just close the app) or
something went wrong (ie, should show an error message)? It seems fragile to do
a string comparison against a human-readable error message, rather than, for
example, an enumerated constant.

[Michael Courage, 2015/03/05 01:43:55]

Sorry, that's still the only way until there is an overhaul of the apps error
handling system. Such an overhaul is not on the horizon as far as I know :(

+    authTokenDeferred.reject(error);
     this.authTokenDeferred_ = null;
     return;
   }
 
   // If there's no token, but we haven't yet prompted for permission, do so
   // now.
   var that = this;
   var showConsentDialog =
       (this.consentDialog_) ? this.consentDialog_.show() : Promise.resolve();
   showConsentDialog.then(function() {
-    chrome.identity.getAuthToken(
-        {'interactive': true}, that.onAuthComplete_.bind(that, true));
+    that.interactive_ = true;
+    chrome.identity.getAuthToken({'interactive': that.interactive_},
+                                 that.onAuthComplete_.bind(that));
   });
 };
 
 /**
  * Returns whether the web app has authenticated with the Google services.
  *
  * @return {boolean}
  */
 remoting.Identity.prototype.isAuthenticated = function() {
   return remoting.identity.email_ !== '';
 };
+
+})();