src/chrome/browser/chromeos/login/auth/online_attempt.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/login/auth/online_attempt.h"
   6
   7 #include <string>
   8
   9 #include "base/bind.h"
  10 #include "base/logging.h"
  11 #include "base/memory/ref_counted.h"
  12 #include "base/memory/scoped_ptr.h"
  13 #include "chromeos/login/auth/auth_attempt_state.h"
  14 #include "chromeos/login/auth/auth_attempt_state_resolver.h"
  15 #include "chromeos/login/auth/key.h"
  16 #include "chromeos/login/auth/user_context.h"
  17 #include "components/user_manager/user_type.h"
  18 #include "content/public/browser/browser_context.h"
  19 #include "content/public/browser/browser_thread.h"
  20 #include "google_apis/gaia/gaia_auth_consumer.h"
  21 #include "google_apis/gaia/gaia_auth_fetcher.h"
  22 #include "google_apis/gaia/gaia_constants.h"
  23 #include "net/base/load_flags.h"
  24 #include "net/base/net_errors.h"
  25 #include "net/url_request/url_request_status.h"
  26
  27 using content::BrowserThread;
  28
  29 namespace chromeos {
  30
  31 // static
  32 const int OnlineAttempt::kClientLoginTimeoutMs = 10000;
  33
  34 OnlineAttempt::OnlineAttempt(AuthAttemptState* current_attempt,
  35                              AuthAttemptStateResolver* callback)
  36     : attempt_(current_attempt),
  37       resolver_(callback),
  38       weak_factory_(this),
  39       try_again_(true) {
  40   DCHECK(attempt_->user_type == user_manager::USER_TYPE_REGULAR);
  41 }
  42
  43 OnlineAttempt::~OnlineAttempt() {
  44   // Just to be sure.
  45   if (client_fetcher_.get())
  46     client_fetcher_->CancelRequest();
  47 }
  48
  49 void OnlineAttempt::Initiate(content::BrowserContext* auth_context) {
  50   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
  51   client_fetcher_.reset(
  52       new GaiaAuthFetcher(this, GaiaConstants::kChromeOSSource,
  53                           auth_context->GetRequestContext()));
  54   BrowserThread::PostTask(
  55       BrowserThread::UI, FROM_HERE,
  56       base::Bind(&OnlineAttempt::TryClientLogin, weak_factory_.GetWeakPtr()));
  57 }
  58
  59 void OnlineAttempt::OnClientLoginSuccess(
  60     const GaiaAuthConsumer::ClientLoginResult& unused) {
  61   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
  62   VLOG(1) << "Online login successful!";
  63
  64   weak_factory_.InvalidateWeakPtrs();
  65
  66   if (attempt_->hosted_policy() == GaiaAuthFetcher::HostedAccountsAllowed &&
  67       attempt_->is_first_time_user()) {
  68     // First time user, and we don't know if the account is HOSTED or not.
  69     // Since we don't allow HOSTED accounts to log in, we need to try
  70     // again, without allowing HOSTED accounts.
  71     //
  72     // NOTE: we used to do this in the opposite order, so that we'd only
  73     // try the HOSTED pathway if GOOGLE-only failed.  This breaks CAPTCHA
  74     // handling, though.
  75     attempt_->DisableHosted();
  76     TryClientLogin();
  77     return;
  78   }
  79   TriggerResolve(AuthFailure::AuthFailureNone());
  80 }
  81
  82 void OnlineAttempt::OnClientLoginFailure(
  83     const GoogleServiceAuthError& error) {
  84   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
  85
  86   weak_factory_.InvalidateWeakPtrs();
  87
  88   if (error.state() == GoogleServiceAuthError::REQUEST_CANCELED) {
  89     if (try_again_) {
  90       try_again_ = false;
  91       // TODO(cmasone): add UMA tracking for this to see if we can remove it.
  92       LOG(ERROR) << "Login attempt canceled!?!?  Trying again.";
  93       TryClientLogin();
  94       return;
  95     }
  96     LOG(ERROR) << "Login attempt canceled again?  Already retried...";
  97   }
  98
  99   if (error.state() == GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS &&
 100       attempt_->is_first_time_user() &&
 101       attempt_->hosted_policy() != GaiaAuthFetcher::HostedAccountsAllowed) {
 102     // This was a first-time login, we already tried allowing HOSTED accounts
 103     // and succeeded.  That we've failed with INVALID_GAIA_CREDENTIALS now
 104     // indicates that the account is HOSTED.
 105     LOG(WARNING) << "Rejecting valid HOSTED account.";
 106     TriggerResolve(AuthFailure::FromNetworkAuthFailure(
 107         GoogleServiceAuthError(GoogleServiceAuthError::HOSTED_NOT_ALLOWED)));
 108     return;
 109   }
 110
 111   if (error.state() == GoogleServiceAuthError::TWO_FACTOR) {
 112     LOG(WARNING) << "Two factor authenticated. Sync will not work.";
 113     TriggerResolve(AuthFailure::AuthFailureNone());
 114
 115     return;
 116   }
 117   VLOG(2) << "ClientLogin attempt failed with " << error.state();
 118   TriggerResolve(AuthFailure::FromNetworkAuthFailure(error));
 119 }
 120
 121 void OnlineAttempt::TryClientLogin() {
 122   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
 123
 124   BrowserThread::PostDelayedTask(
 125       BrowserThread::UI, FROM_HERE,
 126       base::Bind(&OnlineAttempt::CancelClientLogin, weak_factory_.GetWeakPtr()),
 127       base::TimeDelta::FromMilliseconds(kClientLoginTimeoutMs));
 128
 129   client_fetcher_->StartClientLogin(
 130       attempt_->user_context.GetUserID(),
 131       attempt_->user_context.GetKey()->GetSecret(),
 132       GaiaConstants::kSyncService,
 133       attempt_->login_token,
 134       attempt_->login_captcha,
 135       attempt_->hosted_policy());
 136 }
 137
 138 bool OnlineAttempt::HasPendingFetch() {
 139   return client_fetcher_->HasPendingFetch();
 140 }
 141
 142 void OnlineAttempt::CancelRequest() {
 143   weak_factory_.InvalidateWeakPtrs();
 144 }
 145
 146 void OnlineAttempt::CancelClientLogin() {
 147   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
 148   if (HasPendingFetch()) {
 149     LOG(WARNING) << "Canceling ClientLogin attempt.";
 150     CancelRequest();
 151
 152     TriggerResolve(AuthFailure(AuthFailure::LOGIN_TIMED_OUT));
 153   }
 154 }
 155
 156 void OnlineAttempt::TriggerResolve(const AuthFailure& outcome) {
 157   attempt_->RecordOnlineLoginStatus(outcome);
 158   client_fetcher_.reset(NULL);
 159   resolver_->Resolve();
 160 }
 161
 162 }  // namespace chromeos