Change X-Auto-Login implementation to use OAuth token.

chrome/browser/signin/ubertoken_fetcher.cc

Index: chrome/browser/signin/ubertoken_fetcher.cc
diff --git a/chrome/browser/signin/ubertoken_fetcher.cc b/chrome/browser/signin/ubertoken_fetcher.cc
new file mode 100644
index 0000000000000000000000000000000000000000..18b3a53c6d1d2bb2a3530b4d3d32983f278cb7fb
--- /dev/null
+++ b/chrome/browser/signin/ubertoken_fetcher.cc
@@ -0,0 +1,126 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/logging.h"
+#include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/signin/token_service.h"
+#include "chrome/browser/signin/ubertoken_fetcher.h"
+#include "chrome/common/chrome_notification_types.h"
+#include "chrome/common/net/gaia/gaia_constants.h"
+#include "chrome/common/net/gaia/gaia_urls.h"
+#include "chrome/common/net/gaia/google_service_auth_error.h"
+#include "net/base/load_flags.h"
+
+namespace {
+// Url of the service to call to generate an über-auth token.
+const char* kUberAuthTokenUrl =
+    "https://accounts.google.com/OAuthLogin?source=chrome&issueuberauth=1";

[Roger Tawa OOO till Jul 10th, 2012/01/31 21:38:23]

i think this url should live in gaia_urls.h

[qsr, 2012/02/01 14:59:18]

 Change this to construct the url from urls in GaiaUrls.

+}  // namespace
+
+UbertokenFetcher::UbertokenFetcher(Profile* profile,
+                                   UbertokenConsumer* consumer)
+    : profile_(profile), consumer_(consumer) {
+  DCHECK(profile);
+  DCHECK(consumer);
+}
+
+UbertokenFetcher::~UbertokenFetcher() {}

[Roger Tawa OOO till Jul 10th, 2012/01/31 21:38:23]

closing brace on next line

[qsr, 2012/02/01 14:59:18]

Done.

+
+void UbertokenFetcher::StartFetchingToken() {
+  TokenService* token_service = profile_->GetTokenService();
+  if (token_service->HasOAuthLoginToken()) {
+    StartFetchingUbertoken();
+  } else {
+    registrar_.Add(this,
+                   chrome::NOTIFICATION_TOKEN_AVAILABLE,
+                   content::Source<TokenService>(token_service));
+    registrar_.Add(this,
+                   chrome::NOTIFICATION_TOKEN_REQUEST_FAILED,
+                   content::Source<TokenService>(token_service));
+    token_service->StartFetchingTokens();
+  }
+}
+
+void UbertokenFetcher::StartFetchingUbertoken() {
+  TokenService* token_service = profile_->GetTokenService();
+  DCHECK(token_service->HasOAuthLoginToken());
+  gaia::OAuthClientInfo client_info;
+  GaiaUrls* urls = GaiaUrls::GetInstance();
+  client_info.client_id = urls->oauth2_chrome_client_id();
+  client_info.client_secret = urls->oauth2_chrome_client_secret();
+  gaia_oauth_client_.reset(new gaia::GaiaOAuthClient(
+      urls->oauth2_token_url(), profile_->GetRequestContext()));
+  gaia_oauth_client_->RefreshToken(
+      client_info, token_service->GetOAuth2LoginRefreshToken(), 1, this);
+}
+
+void UbertokenFetcher::Observe(int type,
+                               const content::NotificationSource& source,
+                               const content::NotificationDetails& details) {
+  DCHECK(type == chrome::NOTIFICATION_TOKEN_AVAILABLE ||
+         type == chrome::NOTIFICATION_TOKEN_REQUEST_FAILED);
+
+  if (type == chrome::NOTIFICATION_TOKEN_AVAILABLE) {
+    TokenService::TokenAvailableDetails* token_details =
+        content::Details<TokenService::TokenAvailableDetails>(details).ptr();
+    if (token_details->service() !=
+        GaiaConstants::kGaiaOAuth2LoginRefreshToken) {
+      return;
+    }
+    registrar_.RemoveAll();
+    StartFetchingUbertoken();
+  } else {
+    TokenService::TokenRequestFailedDetails* token_details =
+        content::Details<TokenService::TokenRequestFailedDetails>(details).
+            ptr();
+    if (token_details->service() == GaiaConstants::kLSOService ||
+        token_details->service() ==
+            GaiaConstants::kGaiaOAuth2LoginRefreshToken) {
+      consumer_->OnUbertokenFailure(token_details->error());
+    }
+  }
+}
+
+void UbertokenFetcher::OnGetTokensResponse(const std::string& refresh_token,
+                                           const std::string& access_token,
+                                           int expires_in_seconds) {
+  NOTREACHED();
+}
+
+void UbertokenFetcher::OnRefreshTokenResponse(const std::string& access_token,
+                                              int expires_in_seconds) {
+  GURL url(kUberAuthTokenUrl);
+  url_fetcher_.reset(
+      content::URLFetcher::Create(0, url, content::URLFetcher::GET, this));
+  url_fetcher_->SetRequestContext(profile_->GetRequestContext());
+  url_fetcher_->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
+                             net::LOAD_DO_NOT_SAVE_COOKIES);
+  url_fetcher_->SetExtraRequestHeaders("Authorization: OAuth " + access_token);
+  url_fetcher_->Start();

[Roger Tawa OOO till Jul 10th, 2012/01/31 21:38:23]

I think it would be better to add this functionality to GaiaAuthFetcher, and
using that instead of a directly creating a URLFetcher here.

[qsr, 2012/02/01 14:59:18]

 If you strongly insist, I'll do it but:
1) GaiaAuthFetcher doesn't seem the right place, because it mainly handles
ClientLogin related things. There is a little bit of OAuth related
functionality, but only in the sense of exchanging a LSO token to a OAuth2
token.
2) GaiaOAuthClient is weird to use for this case -> it takes an URL on its
constructor that will not be used at all as the url to get an uber-token is not
the same one as those used to handle tokens.

 Because Uber token are something quite special, I think that the fetcher must
live here. Now, we might want to move this class next to GaiaAuthFetcher, but
then it would have to take the Oauth2 refresh token as parameter (because it
cannot depends on TokenService anymore), which will make some logic of this
class back to the AutoLoginRedirector and that logic will have to be replicated
if anything else need an uber token.

 Those are the reasons I put all the functionality here. Now, like I said, I can
try to move things a bit, but I don't think they will really feel natural
either.

[Roger Tawa OOO till Jul 10th, 2012/02/01 15:29:55]

Agree that keeping the uber token fetcher class here makes sense.

I do think it makes sense to move the fetching specific code to GaiaAuthFetcher.
 As you say, that class already has some oauth stuff in it.  Also, by moving the
URL to GaiaUrls as you already did, this makes more sense too.  There is also
logic there for setting up the fetch wrt cookie management that you have
duplicated here and I don't think that's a good idea.

The GaiaAuthFetcher class is the one that knows how to format and fetch all GAIA
related URLs.  Today these are mainly clientlogin based URLs, but as I work to
replace clientlogin with oauth, this will change.  GaiaAuthFetcher is a not a
clientlogin wrapper, its a GAIA fetcher.  The GaiaOAuthFetcher was experimental
and its functonality will likely move into GaiaAuthFetcher.

Note that I believe there are files missing from this CL.  You moved the URL to
GaiaUrls, but I don't see the code for that.

[qsr, 2012/02/01 18:28:10]

Done.

+}
+
+void UbertokenFetcher::OnOAuthError() {
+  GoogleServiceAuthError error(
+      GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);
+  consumer_->OnUbertokenFailure(error);
+}
+
+void UbertokenFetcher::OnNetworkError(int response_code) {
+  GoogleServiceAuthError error =
+      GoogleServiceAuthError::FromConnectionError(response_code);
+  consumer_->OnUbertokenFailure(error);
+}
+
+void UbertokenFetcher::OnURLFetchComplete(const content::URLFetcher* source) {
+  std::string response;
+  bool result = source->GetResponseAsString(&response);
+  DCHECK(result);
+  if (source->GetResponseCode() == 200) {
+    consumer_->OnUbertokenSuccess(response);
+  } else {
+    GoogleServiceAuthError error(
+        GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);
+    consumer_->OnUbertokenFailure(error);
+  }
+}