chrome/browser/signin/ubertoken_fetcher.cc - Issue 9301003: Change X-Auto-Login implementation to use OAuth token.

Side by Side Diff: chrome/browser/signin/ubertoken_fetcher.cc

Issue 9301003: Change X-Auto-Login implementation to use OAuth token. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: With comments. Created 8 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« chrome/browser/signin/ubertoken_fetcher.h ('K') | « chrome/browser/signin/ubertoken_fetcher.h ('k') | chrome/browser/signin/ubertoken_fetcher_unittest.cc » ('j') | chrome/browser/ui/auto_login_info_bar_delegate.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "base/logging.h"

	6 #include "chrome/browser/profiles/profile.h"

	7 #include "chrome/browser/signin/token_service.h"

	8 #include "chrome/browser/signin/ubertoken_fetcher.h"

	9 #include "chrome/common/chrome_notification_types.h"

	10 #include "chrome/common/net/gaia/gaia_constants.h"

	11 #include "chrome/common/net/gaia/gaia_urls.h"

	12 #include "chrome/common/net/gaia/google_service_auth_error.h"

	13 #include "net/base/load_flags.h"

	14

	15 namespace {

	16 // Url of the service to call to generate an über-auth token.

	17 const char* kUberAuthTokenUrl =

	18 "https://accounts.google.com/OAuthLogin?source=chrome&issueuberauth=1";
	Roger Tawa OOO till Jul 10th 2012/01/31 21:38:23 i think this url should live in gaia_urls.h i think this url should live in gaia_urls.h qsr 2012/02/01 14:59:18 Change this to construct the url from urls in Gaia Show quoted text On 2012/01/31 21:38:23, Roger Tawa wrote: > i think this url should live in gaia_urls.h Change this to construct the url from urls in GaiaUrls.
	19 } // namespace

	20

	21 UbertokenFetcher::UbertokenFetcher(Profile* profile,

	22 UbertokenConsumer* consumer)

	23 : profile_(profile), consumer_(consumer) {

	24 DCHECK(profile);

	25 DCHECK(consumer);

	26 }

	27

	28 UbertokenFetcher::~UbertokenFetcher() {}
	Roger Tawa OOO till Jul 10th 2012/01/31 21:38:23 closing brace on next line closing brace on next line qsr 2012/02/01 14:59:18 Done. Show quoted text On 2012/01/31 21:38:23, Roger Tawa wrote: > closing brace on next line Done.
	29

	30 void UbertokenFetcher::StartFetchingToken() {

	31 TokenService* token_service = profile_->GetTokenService();

	32 if (token_service->HasOAuthLoginToken()) {

	33 StartFetchingUbertoken();

	34 } else {

	35 registrar_.Add(this,

	36 chrome::NOTIFICATION_TOKEN_AVAILABLE,

	37 content::Source<TokenService>(token_service));

	38 registrar_.Add(this,

	39 chrome::NOTIFICATION_TOKEN_REQUEST_FAILED,

	40 content::Source<TokenService>(token_service));

	41 token_service->StartFetchingTokens();

	42 }

	43 }

	44

	45 void UbertokenFetcher::StartFetchingUbertoken() {

	46 TokenService* token_service = profile_->GetTokenService();

	47 DCHECK(token_service->HasOAuthLoginToken());

	48 gaia::OAuthClientInfo client_info;

	49 GaiaUrls* urls = GaiaUrls::GetInstance();

	50 client_info.client_id = urls->oauth2_chrome_client_id();

	51 client_info.client_secret = urls->oauth2_chrome_client_secret();

	52 gaia_oauth_client_.reset(new gaia::GaiaOAuthClient(

	53 urls->oauth2_token_url(), profile_->GetRequestContext()));

	54 gaia_oauth_client_->RefreshToken(

	55 client_info, token_service->GetOAuth2LoginRefreshToken(), 1, this);

	56 }

	57

	58 void UbertokenFetcher::Observe(int type,

	59 const content::NotificationSource& source,

	60 const content::NotificationDetails& details) {

	61 DCHECK(type == chrome::NOTIFICATION_TOKEN_AVAILABLE \|\|

	62 type == chrome::NOTIFICATION_TOKEN_REQUEST_FAILED);

	63

	64 if (type == chrome::NOTIFICATION_TOKEN_AVAILABLE) {

	65 TokenService::TokenAvailableDetails* token_details =

	66 content::Details<TokenService::TokenAvailableDetails>(details).ptr();

	67 if (token_details->service() !=

	68 GaiaConstants::kGaiaOAuth2LoginRefreshToken) {

	69 return;

	70 }

	71 registrar_.RemoveAll();

	72 StartFetchingUbertoken();

	73 } else {

	74 TokenService::TokenRequestFailedDetails* token_details =

	75 content::Details<TokenService::TokenRequestFailedDetails>(details).

	76 ptr();

	77 if (token_details->service() == GaiaConstants::kLSOService \|\|

	78 token_details->service() ==

	79 GaiaConstants::kGaiaOAuth2LoginRefreshToken) {

	80 consumer_->OnUbertokenFailure(token_details->error());

	81 }

	82 }

	83 }

	84

	85 void UbertokenFetcher::OnGetTokensResponse(const std::string& refresh_token,

	86 const std::string& access_token,

	87 int expires_in_seconds) {

	88 NOTREACHED();

	89 }

	90

	91 void UbertokenFetcher::OnRefreshTokenResponse(const std::string& access_token,

	92 int expires_in_seconds) {

	93 GURL url(kUberAuthTokenUrl);

	94 url_fetcher_.reset(

	95 content::URLFetcher::Create(0, url, content::URLFetcher::GET, this));

	96 url_fetcher_->SetRequestContext(profile_->GetRequestContext());

	97 url_fetcher_->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES \|

	98 net::LOAD_DO_NOT_SAVE_COOKIES);

	99 url_fetcher_->SetExtraRequestHeaders("Authorization: OAuth " + access_token);

	100 url_fetcher_->Start();
	Roger Tawa OOO till Jul 10th 2012/01/31 21:38:23 I think it would be better to add this functionali I think it would be better to add this functionality to GaiaAuthFetcher, and using that instead of a directly creating a URLFetcher here. qsr 2012/02/01 14:59:18 If you strongly insist, I'll do it but: 1) GaiaAut If you strongly insist, I'll do it but: 1) GaiaAuthFetcher doesn't seem the right place, because it mainly handles ClientLogin related things. There is a little bit of OAuth related functionality, but only in the sense of exchanging a LSO token to a OAuth2 token. 2) GaiaOAuthClient is weird to use for this case -> it takes an URL on its constructor that will not be used at all as the url to get an uber-token is not the same one as those used to handle tokens. Because Uber token are something quite special, I think that the fetcher must live here. Now, we might want to move this class next to GaiaAuthFetcher, but then it would have to take the Oauth2 refresh token as parameter (because it cannot depends on TokenService anymore), which will make some logic of this class back to the AutoLoginRedirector and that logic will have to be replicated if anything else need an uber token. Those are the reasons I put all the functionality here. Now, like I said, I can try to move things a bit, but I don't think they will really feel natural either. Roger Tawa OOO till Jul 10th 2012/02/01 15:29:55 Agree that keeping the uber token fetcher class he Show quoted text On 2012/02/01 14:59:18, qsr1 wrote: > If you strongly insist, I'll do it but: > 1) GaiaAuthFetcher doesn't seem the right place, because it mainly handles > ClientLogin related things. There is a little bit of OAuth related > functionality, but only in the sense of exchanging a LSO token to a OAuth2 > token. > 2) GaiaOAuthClient is weird to use for this case -> it takes an URL on its > constructor that will not be used at all as the url to get an uber-token is not > the same one as those used to handle tokens. > > Because Uber token are something quite special, I think that the fetcher must > live here. Now, we might want to move this class next to GaiaAuthFetcher, but > then it would have to take the Oauth2 refresh token as parameter (because it > cannot depends on TokenService anymore), which will make some logic of this > class back to the AutoLoginRedirector and that logic will have to be replicated > if anything else need an uber token. > > Those are the reasons I put all the functionality here. Now, like I said, I can > try to move things a bit, but I don't think they will really feel natural > either. Agree that keeping the uber token fetcher class here makes sense. I do think it makes sense to move the fetching specific code to GaiaAuthFetcher. As you say, that class already has some oauth stuff in it. Also, by moving the URL to GaiaUrls as you already did, this makes more sense too. There is also logic there for setting up the fetch wrt cookie management that you have duplicated here and I don't think that's a good idea. The GaiaAuthFetcher class is the one that knows how to format and fetch all GAIA related URLs. Today these are mainly clientlogin based URLs, but as I work to replace clientlogin with oauth, this will change. GaiaAuthFetcher is a not a clientlogin wrapper, its a GAIA fetcher. The GaiaOAuthFetcher was experimental and its functonality will likely move into GaiaAuthFetcher. Note that I believe there are files missing from this CL. You moved the URL to GaiaUrls, but I don't see the code for that. qsr 2012/02/01 18:28:10 Done. Show quoted text On 2012/02/01 15:29:55, Roger Tawa wrote: > On 2012/02/01 14:59:18, qsr1 wrote: > > If you strongly insist, I'll do it but: > > 1) GaiaAuthFetcher doesn't seem the right place, because it mainly handles > > ClientLogin related things. There is a little bit of OAuth related > > functionality, but only in the sense of exchanging a LSO token to a OAuth2 > > token. > > 2) GaiaOAuthClient is weird to use for this case -> it takes an URL on its > > constructor that will not be used at all as the url to get an uber-token is > not > > the same one as those used to handle tokens. > > > > Because Uber token are something quite special, I think that the fetcher must > > live here. Now, we might want to move this class next to GaiaAuthFetcher, but > > then it would have to take the Oauth2 refresh token as parameter (because it > > cannot depends on TokenService anymore), which will make some logic of this > > class back to the AutoLoginRedirector and that logic will have to be > replicated > > if anything else need an uber token. > > > > Those are the reasons I put all the functionality here. Now, like I said, I > can > > try to move things a bit, but I don't think they will really feel natural > > either. > > Agree that keeping the uber token fetcher class here makes sense. > > I do think it makes sense to move the fetching specific code to GaiaAuthFetcher. > As you say, that class already has some oauth stuff in it. Also, by moving the > URL to GaiaUrls as you already did, this makes more sense too. There is also > logic there for setting up the fetch wrt cookie management that you have > duplicated here and I don't think that's a good idea. > > The GaiaAuthFetcher class is the one that knows how to format and fetch all GAIA > related URLs. Today these are mainly clientlogin based URLs, but as I work to > replace clientlogin with oauth, this will change. GaiaAuthFetcher is a not a > clientlogin wrapper, its a GAIA fetcher. The GaiaOAuthFetcher was experimental > and its functonality will likely move into GaiaAuthFetcher. > > Note that I believe there are files missing from this CL. You moved the URL to > GaiaUrls, but I don't see the code for that. Done.
	101 }

	102

	103 void UbertokenFetcher::OnOAuthError() {

	104 GoogleServiceAuthError error(

	105 GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);

	106 consumer_->OnUbertokenFailure(error);

	107 }

	108

	109 void UbertokenFetcher::OnNetworkError(int response_code) {

	110 GoogleServiceAuthError error =

	111 GoogleServiceAuthError::FromConnectionError(response_code);

	112 consumer_->OnUbertokenFailure(error);

	113 }

	114

	115 void UbertokenFetcher::OnURLFetchComplete(const content::URLFetcher* source) {

	116 std::string response;

	117 bool result = source->GetResponseAsString(&response);

	118 DCHECK(result);

	119 if (source->GetResponseCode() == 200) {

	120 consumer_->OnUbertokenSuccess(response);

	121 } else {

	122 GoogleServiceAuthError error(

	123 GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);

	124 consumer_->OnUbertokenFailure(error);

	125 }

	126 }

OLD	NEW