src/chrome/browser/invalidation/ticl_invalidation_service.cc

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/invalidation/ticl_invalidation_service.h"
   6
   7 #include "base/command_line.h"
   8 #include "base/metrics/histogram.h"
   9 #include "chrome/browser/chrome_notification_types.h"
  10 #include "chrome/browser/invalidation/gcm_network_channel_delegate_impl.h"
  11 #include "chrome/browser/invalidation/invalidation_logger.h"
  12 #include "chrome/browser/invalidation/invalidation_service_util.h"
  13 #include "chrome/browser/profiles/profile.h"
  14 #include "chrome/browser/signin/about_signin_internals.h"
  15 #include "chrome/browser/signin/about_signin_internals_factory.h"
  16 #include "chrome/browser/signin/profile_oauth2_token_service.h"
  17 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
  18 #include "chrome/browser/signin/signin_manager.h"
  19 #include "content/public/browser/notification_service.h"
  20 #include "google_apis/gaia/gaia_constants.h"
  21 #include "sync/notifier/gcm_network_channel_delegate.h"
  22 #include "sync/notifier/invalidation_util.h"
  23 #include "sync/notifier/invalidator.h"
  24 #include "sync/notifier/invalidator_state.h"
  25 #include "sync/notifier/non_blocking_invalidator.h"
  26 #include "sync/notifier/object_id_invalidation_map.h"
  27
  28 static const char* kOAuth2Scopes[] = {
  29   GaiaConstants::kGoogleTalkOAuth2Scope
  30 };
  31
  32 static const net::BackoffEntry::Policy kRequestAccessTokenBackoffPolicy = {
  33   // Number of initial errors (in sequence) to ignore before applying
  34   // exponential back-off rules.
  35   0,
  36
  37   // Initial delay for exponential back-off in ms.
  38   2000,
  39
  40   // Factor by which the waiting time will be multiplied.
  41   2,
  42
  43   // Fuzzing percentage. ex: 10% will spread requests randomly
  44   // between 90%-100% of the calculated time.
  45   0.2, // 20%
  46
  47   // Maximum amount of time we are willing to delay our request in ms.
  48   // TODO(pavely): crbug.com/246686 ProfileSyncService should retry
  49   // RequestAccessToken on connection state change after backoff
  50   1000 * 3600 * 4, // 4 hours.
  51
  52   // Time to keep an entry from being discarded even when it
  53   // has no significant state, -1 to never discard.
  54   -1,
  55
  56   // Don't use initial delay unless the last request was an error.
  57   false,
  58 };
  59
  60 namespace invalidation {
  61
  62 TiclInvalidationService::TiclInvalidationService(
  63     SigninManagerBase* signin,
  64     ProfileOAuth2TokenService* oauth2_token_service,
  65     Profile* profile)
  66     : OAuth2TokenService::Consumer("ticl_invalidation"),
  67       profile_(profile),
  68       signin_manager_(signin),
  69       oauth2_token_service_(oauth2_token_service),
  70       invalidator_registrar_(new syncer::InvalidatorRegistrar()),
  71       request_access_token_backoff_(&kRequestAccessTokenBackoffPolicy),
  72       logger_() {}
  73
  74 TiclInvalidationService::~TiclInvalidationService() {
  75   DCHECK(CalledOnValidThread());
  76 }
  77
  78 void TiclInvalidationService::Init() {
  79   DCHECK(CalledOnValidThread());
  80
  81   invalidator_storage_.reset(new InvalidatorStorage(profile_->GetPrefs()));
  82   if (invalidator_storage_->GetInvalidatorClientId().empty()) {
  83     // This also clears any existing state.  We can't reuse old invalidator
  84     // state with the new ID anyway.
  85     invalidator_storage_->SetInvalidatorClientId(GenerateInvalidatorClientId());
  86   }
  87
  88   if (IsReadyToStart()) {
  89     StartInvalidator(PUSH_CLIENT_CHANNEL);
  90   }
  91
  92   notification_registrar_.Add(this,
  93                               chrome::NOTIFICATION_GOOGLE_SIGNED_OUT,
  94                               content::Source<Profile>(profile_));
  95   oauth2_token_service_->AddObserver(this);
  96 }
  97
  98 void TiclInvalidationService::InitForTest(syncer::Invalidator* invalidator) {
  99   // Here we perform the equivalent of Init() and StartInvalidator(), but with
 100   // some minor changes to account for the fact that we're injecting the
 101   // invalidator.
 102   invalidator_.reset(invalidator);
 103
 104   invalidator_->RegisterHandler(this);
 105   invalidator_->UpdateRegisteredIds(
 106       this,
 107       invalidator_registrar_->GetAllRegisteredIds());
 108 }
 109
 110 void TiclInvalidationService::RegisterInvalidationHandler(
 111     syncer::InvalidationHandler* handler) {
 112   DCHECK(CalledOnValidThread());
 113   DVLOG(2) << "Registering an invalidation handler";
 114   invalidator_registrar_->RegisterHandler(handler);
 115 }
 116
 117 void TiclInvalidationService::UpdateRegisteredInvalidationIds(
 118     syncer::InvalidationHandler* handler,
 119     const syncer::ObjectIdSet& ids) {
 120   DCHECK(CalledOnValidThread());
 121   DVLOG(2) << "Registering ids: " << ids.size();
 122   invalidator_registrar_->UpdateRegisteredIds(handler, ids);
 123   if (invalidator_) {
 124     invalidator_->UpdateRegisteredIds(
 125         this,
 126         invalidator_registrar_->GetAllRegisteredIds());
 127   }
 128 }
 129
 130 void TiclInvalidationService::UnregisterInvalidationHandler(
 131     syncer::InvalidationHandler* handler) {
 132   DCHECK(CalledOnValidThread());
 133   DVLOG(2) << "Unregistering";
 134   invalidator_registrar_->UnregisterHandler(handler);
 135   if (invalidator_) {
 136     invalidator_->UpdateRegisteredIds(
 137         this,
 138         invalidator_registrar_->GetAllRegisteredIds());
 139   }
 140 }
 141
 142 syncer::InvalidatorState TiclInvalidationService::GetInvalidatorState() const {
 143   DCHECK(CalledOnValidThread());
 144   if (invalidator_) {
 145     DVLOG(2) << "GetInvalidatorState returning "
 146         << invalidator_->GetInvalidatorState();
 147     return invalidator_->GetInvalidatorState();
 148   } else {
 149     DVLOG(2) << "Invalidator currently stopped";
 150     return syncer::TRANSIENT_INVALIDATION_ERROR;
 151   }
 152 }
 153
 154 std::string TiclInvalidationService::GetInvalidatorClientId() const {
 155   DCHECK(CalledOnValidThread());
 156   return invalidator_storage_->GetInvalidatorClientId();
 157 }
 158
 159 InvalidationLogger* TiclInvalidationService::GetInvalidationLogger() {
 160   return &logger_;
 161 }
 162
 163 void TiclInvalidationService::Observe(
 164     int type,
 165     const content::NotificationSource& source,
 166     const content::NotificationDetails& details) {
 167   DCHECK(CalledOnValidThread());
 168   DCHECK_EQ(type, chrome::NOTIFICATION_GOOGLE_SIGNED_OUT);
 169   Logout();
 170 }
 171
 172 void TiclInvalidationService::RequestAccessToken() {
 173   // Only one active request at a time.
 174   if (access_token_request_ != NULL)
 175     return;
 176   request_access_token_retry_timer_.Stop();
 177   OAuth2TokenService::ScopeSet oauth2_scopes;
 178   for (size_t i = 0; i < arraysize(kOAuth2Scopes); i++)
 179     oauth2_scopes.insert(kOAuth2Scopes[i]);
 180   // Invalidate previous token, otherwise token service will return the same
 181   // token again.
 182   const std::string& account_id = signin_manager_->GetAuthenticatedAccountId();
 183   oauth2_token_service_->InvalidateToken(account_id,
 184                                          oauth2_scopes,
 185                                          access_token_);
 186   access_token_.clear();
 187   access_token_request_ = oauth2_token_service_->StartRequest(account_id,
 188                                                               oauth2_scopes,
 189                                                               this);
 190 }
 191
 192 void TiclInvalidationService::OnGetTokenSuccess(
 193     const OAuth2TokenService::Request* request,
 194     const std::string& access_token,
 195     const base::Time& expiration_time) {
 196   DCHECK_EQ(access_token_request_, request);
 197   access_token_request_.reset();
 198   // Reset backoff time after successful response.
 199   request_access_token_backoff_.Reset();
 200   access_token_ = access_token;
 201   if (!IsStarted() && IsReadyToStart()) {
 202     StartInvalidator(PUSH_CLIENT_CHANNEL);
 203   } else {
 204     UpdateInvalidatorCredentials();
 205   }
 206 }
 207
 208 void TiclInvalidationService::OnGetTokenFailure(
 209     const OAuth2TokenService::Request* request,
 210     const GoogleServiceAuthError& error) {
 211   DCHECK_EQ(access_token_request_, request);
 212   DCHECK_NE(error.state(), GoogleServiceAuthError::NONE);
 213   access_token_request_.reset();
 214   switch (error.state()) {
 215     case GoogleServiceAuthError::CONNECTION_FAILED:
 216     case GoogleServiceAuthError::SERVICE_UNAVAILABLE: {
 217       // Transient error. Retry after some time.
 218       request_access_token_backoff_.InformOfRequest(false);
 219       request_access_token_retry_timer_.Start(
 220             FROM_HERE,
 221             request_access_token_backoff_.GetTimeUntilRelease(),
 222             base::Bind(&TiclInvalidationService::RequestAccessToken,
 223                        base::Unretained(this)));
 224       break;
 225     }
 226     case GoogleServiceAuthError::SERVICE_ERROR:
 227     case GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS: {
 228       invalidator_registrar_->UpdateInvalidatorState(
 229           syncer::INVALIDATION_CREDENTIALS_REJECTED);
 230       break;
 231     }
 232     default: {
 233       // We have no way to notify the user of this.  Do nothing.
 234     }
 235   }
 236 }
 237
 238 void TiclInvalidationService::OnRefreshTokenAvailable(
 239     const std::string& account_id) {
 240   if (signin_manager_->GetAuthenticatedAccountId() == account_id) {
 241     if (!IsStarted() && IsReadyToStart()) {
 242       StartInvalidator(PUSH_CLIENT_CHANNEL);
 243     }
 244   }
 245 }
 246
 247 void TiclInvalidationService::OnRefreshTokenRevoked(
 248     const std::string& account_id) {
 249   if (signin_manager_->GetAuthenticatedAccountId() == account_id) {
 250     access_token_.clear();
 251     if (IsStarted()) {
 252       UpdateInvalidatorCredentials();
 253     }
 254   }
 255 }
 256
 257 void TiclInvalidationService::OnInvalidatorStateChange(
 258     syncer::InvalidatorState state) {
 259   if (state == syncer::INVALIDATION_CREDENTIALS_REJECTED) {
 260     // This may be due to normal OAuth access token expiration.  If so, we must
 261     // fetch a new one using our refresh token.  Resetting the invalidator's
 262     // access token will not reset the invalidator's exponential backoff, so
 263     // it's safe to try to update the token every time we receive this signal.
 264     //
 265     // We won't be receiving any invalidations while the refresh is in progress,
 266     // we set our state to TRANSIENT_INVALIDATION_ERROR.  If the credentials
 267     // really are invalid, the refresh request should fail and
 268     // OnGetTokenFailure() will put us into a INVALIDATION_CREDENTIALS_REJECTED
 269     // state.
 270     invalidator_registrar_->UpdateInvalidatorState(
 271         syncer::TRANSIENT_INVALIDATION_ERROR);
 272     RequestAccessToken();
 273   } else {
 274     invalidator_registrar_->UpdateInvalidatorState(state);
 275   }
 276   logger_.OnStateChange(state);
 277 }
 278
 279 void TiclInvalidationService::OnIncomingInvalidation(
 280     const syncer::ObjectIdInvalidationMap& invalidation_map) {
 281   invalidator_registrar_->DispatchInvalidationsToHandlers(invalidation_map);
 282
 283   logger_.OnInvalidation(invalidation_map);
 284 }
 285
 286 void TiclInvalidationService::Shutdown() {
 287   DCHECK(CalledOnValidThread());
 288   oauth2_token_service_->RemoveObserver(this);
 289   if (IsStarted()) {
 290     StopInvalidator();
 291   }
 292   invalidator_storage_.reset();
 293   invalidator_registrar_.reset();
 294 }
 295
 296 bool TiclInvalidationService::IsReadyToStart() {
 297   if (profile_->IsManaged()) {
 298     DVLOG(2) << "Not starting TiclInvalidationService: User is managed.";
 299     return false;
 300   }
 301
 302   if (signin_manager_->GetAuthenticatedUsername().empty()) {
 303     DVLOG(2) << "Not starting TiclInvalidationService: User is not signed in.";
 304     return false;
 305   }
 306
 307   if (!oauth2_token_service_) {
 308     DVLOG(2)
 309         << "Not starting TiclInvalidationService: "
 310         << "OAuth2TokenService unavailable.";
 311     return false;
 312   }
 313
 314   if (!oauth2_token_service_->RefreshTokenIsAvailable(
 315           signin_manager_->GetAuthenticatedAccountId())) {
 316     DVLOG(2)
 317         << "Not starting TiclInvalidationServce: Waiting for refresh token.";
 318     return false;
 319   }
 320
 321   return true;
 322 }
 323
 324 bool TiclInvalidationService::IsStarted() {
 325   return invalidator_.get() != NULL;
 326 }
 327
 328 void TiclInvalidationService::StartInvalidator(
 329     InvalidationNetworkChannel network_channel) {
 330   DCHECK(CalledOnValidThread());
 331   DCHECK(!invalidator_);
 332   DCHECK(invalidator_storage_);
 333   DCHECK(!invalidator_storage_->GetInvalidatorClientId().empty());
 334
 335   if (access_token_.empty()) {
 336     DVLOG(1)
 337         << "TiclInvalidationService: "
 338         << "Deferring start until we have an access token.";
 339     RequestAccessToken();
 340     return;
 341   }
 342
 343   syncer::NetworkChannelCreator network_channel_creator;
 344
 345   switch (network_channel) {
 346     case PUSH_CLIENT_CHANNEL: {
 347       notifier::NotifierOptions options =
 348           ParseNotifierOptions(*CommandLine::ForCurrentProcess());
 349       options.request_context_getter = profile_->GetRequestContext();
 350       options.auth_mechanism = "X-OAUTH2";
 351       DCHECK_EQ(notifier::NOTIFICATION_SERVER, options.notification_method);
 352       network_channel_creator =
 353           syncer::NonBlockingInvalidator::MakePushClientChannelCreator(options);
 354       break;
 355     }
 356     case GCM_NETWORK_CHANNEL: {
 357       scoped_ptr<syncer::GCMNetworkChannelDelegate> delegate;
 358       delegate.reset(new GCMNetworkChannelDelegateImpl(profile_));
 359       network_channel_creator =
 360           syncer::NonBlockingInvalidator::MakeGCMNetworkChannelCreator(
 361               profile_->GetRequestContext(),
 362               delegate.Pass());
 363       break;
 364     }
 365     default: {
 366       NOTREACHED();
 367       return;
 368     }
 369   }
 370   invalidator_.reset(new syncer::NonBlockingInvalidator(
 371           network_channel_creator,
 372           invalidator_storage_->GetInvalidatorClientId(),
 373           invalidator_storage_->GetSavedInvalidations(),
 374           invalidator_storage_->GetBootstrapData(),
 375           syncer::WeakHandle<syncer::InvalidationStateTracker>(
 376               invalidator_storage_->AsWeakPtr()),
 377           content::GetUserAgent(GURL()),
 378           profile_->GetRequestContext()));
 379
 380   UpdateInvalidatorCredentials();
 381
 382   invalidator_->RegisterHandler(this);
 383   invalidator_->UpdateRegisteredIds(
 384       this,
 385       invalidator_registrar_->GetAllRegisteredIds());
 386 }
 387
 388 void TiclInvalidationService::UpdateInvalidatorCredentials() {
 389   std::string email = signin_manager_->GetAuthenticatedUsername();
 390
 391   DCHECK(!email.empty()) << "Expected user to be signed in.";
 392
 393   DVLOG(2) << "UpdateCredentials: " << email;
 394   invalidator_->UpdateCredentials(email, access_token_);
 395 }
 396
 397 void TiclInvalidationService::StopInvalidator() {
 398   DCHECK(invalidator_);
 399   invalidator_->UnregisterHandler(this);
 400   invalidator_.reset();
 401 }
 402
 403 void TiclInvalidationService::Logout() {
 404   access_token_request_.reset();
 405   request_access_token_retry_timer_.Stop();
 406
 407   if (IsStarted()) {
 408     StopInvalidator();
 409   }
 410
 411   // This service always expects to have a valid invalidator storage.
 412   // So we must not only clear the old one, but also start a new one.
 413   invalidator_storage_->Clear();
 414   invalidator_storage_.reset(new InvalidatorStorage(profile_->GetPrefs()));
 415   invalidator_storage_->SetInvalidatorClientId(GenerateInvalidatorClientId());
 416 }
 417
 418 }  // namespace invalidation