Add application pre-authorization.

remoting/webapp/crd/js/identity.js

Index: remoting/webapp/crd/js/identity.js
diff --git a/remoting/webapp/crd/js/identity.js b/remoting/webapp/crd/js/identity.js
index dfa7f987ab2dd87926935d67d8a9b5323768bd2d..b65f37512b836be829dbce1204b02545af5c708f 100644
--- a/remoting/webapp/crd/js/identity.js
+++ b/remoting/webapp/crd/js/identity.js
@@ -6,17 +6,20 @@
  * @fileoverview
  * Wrapper class for Chrome's identity API.
  */
-
-'use strict';
-
 /** @suppress {duplicate} */
 var remoting = remoting || {};
 
+(function(){
+
+'use strict';
+
 /**
  * @type {remoting.Identity}
  */
 remoting.identity = null;
 
+var USER_CANCELLED = 'The user did not approve access.';
+
 /**
  * @param {remoting.Identity.ConsentDialog=} opt_consentDialog
  * @constructor
@@ -24,12 +27,14 @@ remoting.identity = null;
 remoting.Identity = function(opt_consentDialog) {
   /** @private */
   this.consentDialog_ = opt_consentDialog;
-  /** @type {string} @private */
+  /** @private {string} */
   this.email_ = '';
-  /** @type {string} @private */
+  /** @private {string} */
   this.fullName_ = '';
   /** @type {base.Deferred<string>} */
   this.authTokenDeferred_ = null;
+  /** @private {boolean} */
+  this.interactive_ = false;
 };
 
 /**
@@ -60,8 +65,8 @@ remoting.Identity.prototype.getToken = function() {
   if (this.authTokenDeferred_ == null) {
     this.authTokenDeferred_ = new base.Deferred();
     chrome.identity.getAuthToken(
-        { 'interactive': false },
-        that.onAuthComplete_.bind(that, false));
+        { 'interactive': this.interactive_ },
+        this.onAuthComplete_.bind(this));
   }
   return this.authTokenDeferred_.promise();
 };
@@ -162,12 +167,10 @@ remoting.Identity.prototype.getEmail = function() {
 /**
  * Callback for the getAuthToken API.
  *
- * @param {boolean} interactive The value of the "interactive" parameter to
- *     getAuthToken.
  * @param {?string} token The auth token, or null if the request failed.
  * @private
  */
-remoting.Identity.prototype.onAuthComplete_ = function(interactive, token) {
+remoting.Identity.prototype.onAuthComplete_ = function(token) {
   var authTokenDeferred = this.authTokenDeferred_;
 
   // Pass the token to the callback(s) if it was retrieved successfully.
@@ -179,12 +182,14 @@ remoting.Identity.prototype.onAuthComplete_ = function(interactive, token) {
 
   // If not, pass an error back to the callback(s) if we've already prompted the
   // user for permission.
-  if (interactive) {
+  if (this.interactive_) {
     var error_message =
         chrome.runtime.lastError ? chrome.runtime.lastError.message
                                  : 'Unknown error.';
     console.error(error_message);

[kelvinp, 2015/03/05 02:12:14]

Should we set this.interactive_ to false here? Or else, once the dialog is
shown, it will consider all future attempts as interactive.

[Jamie, 2015/03/05 02:31:27]

That's intentional. Part of the reason for this change is that we only
(potentially) show in-DOM UI for the first call to getToken(). This class was
originally designed under the assumption that you could only set {interactive:
true} from a UIEvent, but since that's not the case I prefer that we let
chrome.identity show whatever UI it deems appropriate in the rare case that a
token is revoked--it's better UX than popping up something in-DOM which might
not get cleaned up correctly.

-    authTokenDeferred.reject(remoting.Error.NOT_AUTHENTICATED);
+    var error = (error_message == USER_CANCELLED) ?
+        remoting.Error.CANCELLED : remoting.Error.NOT_AUTHENTICATED;

[Jamie, 2015/03/05 01:35:56]

courage@, is this the recommended way of determining whether the user declined
the permissions (ie, not an error--should probably just close the app) or
something went wrong (ie, should show an error message)? It seems fragile to do
a string comparison against a human-readable error message, rather than, for
example, an enumerated constant.

[Michael Courage, 2015/03/05 01:43:55]

Sorry, that's still the only way until there is an overhaul of the apps error
handling system. Such an overhaul is not on the horizon as far as I know :(

+    authTokenDeferred.reject(error);
     this.authTokenDeferred_ = null;
     return;
   }
@@ -195,8 +200,9 @@ remoting.Identity.prototype.onAuthComplete_ = function(interactive, token) {
   var showConsentDialog =
       (this.consentDialog_) ? this.consentDialog_.show() : Promise.resolve();
   showConsentDialog.then(function() {
-    chrome.identity.getAuthToken(
-        {'interactive': true}, that.onAuthComplete_.bind(that, true));
+    that.interactive_ = true;
+    chrome.identity.getAuthToken({'interactive': that.interactive_},
+                                 that.onAuthComplete_.bind(that));
   });
 };
 
@@ -208,3 +214,5 @@ remoting.Identity.prototype.onAuthComplete_ = function(interactive, token) {
 remoting.Identity.prototype.isAuthenticated = function() {
   return remoting.identity.email_ !== '';
 };
+
+})();