1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/invalidation/ticl_invalidation_service.h"
7 #include "base/command_line.h"
8 #include "base/metrics/histogram.h"
9 #include "chrome/browser/chrome_notification_types.h"
10 #include "chrome/browser/invalidation/gcm_network_channel_delegate_impl.h"
11 #include "chrome/browser/invalidation/invalidation_logger.h"
12 #include "chrome/browser/invalidation/invalidation_service_util.h"
13 #include "chrome/browser/profiles/profile.h"
14 #include "chrome/browser/signin/about_signin_internals.h"
15 #include "chrome/browser/signin/about_signin_internals_factory.h"
16 #include "chrome/browser/signin/profile_oauth2_token_service.h"
17 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
18 #include "chrome/browser/signin/signin_manager.h"
19 #include "content/public/browser/notification_service.h"
20 #include "google_apis/gaia/gaia_constants.h"
21 #include "sync/notifier/gcm_network_channel_delegate.h"
22 #include "sync/notifier/invalidation_util.h"
23 #include "sync/notifier/invalidator.h"
24 #include "sync/notifier/invalidator_state.h"
25 #include "sync/notifier/non_blocking_invalidator.h"
26 #include "sync/notifier/object_id_invalidation_map.h"
28 static const char* kOAuth2Scopes[] = {
29 GaiaConstants::kGoogleTalkOAuth2Scope
32 static const net::BackoffEntry::Policy kRequestAccessTokenBackoffPolicy = {
33 // Number of initial errors (in sequence) to ignore before applying
34 // exponential back-off rules.
37 // Initial delay for exponential back-off in ms.
40 // Factor by which the waiting time will be multiplied.
43 // Fuzzing percentage. ex: 10% will spread requests randomly
44 // between 90%-100% of the calculated time.
47 // Maximum amount of time we are willing to delay our request in ms.
48 // TODO(pavely): crbug.com/246686 ProfileSyncService should retry
49 // RequestAccessToken on connection state change after backoff
50 1000 * 3600 * 4, // 4 hours.
52 // Time to keep an entry from being discarded even when it
53 // has no significant state, -1 to never discard.
56 // Don't use initial delay unless the last request was an error.
60 namespace invalidation {
62 TiclInvalidationService::TiclInvalidationService(
63 SigninManagerBase* signin,
64 ProfileOAuth2TokenService* oauth2_token_service,
66 : OAuth2TokenService::Consumer("ticl_invalidation"),
68 signin_manager_(signin),
69 oauth2_token_service_(oauth2_token_service),
70 invalidator_registrar_(new syncer::InvalidatorRegistrar()),
71 request_access_token_backoff_(&kRequestAccessTokenBackoffPolicy),
74 TiclInvalidationService::~TiclInvalidationService() {
75 DCHECK(CalledOnValidThread());
78 void TiclInvalidationService::Init() {
79 DCHECK(CalledOnValidThread());
81 invalidator_storage_.reset(new InvalidatorStorage(profile_->GetPrefs()));
82 if (invalidator_storage_->GetInvalidatorClientId().empty()) {
83 // This also clears any existing state. We can't reuse old invalidator
84 // state with the new ID anyway.
85 invalidator_storage_->SetInvalidatorClientId(GenerateInvalidatorClientId());
88 if (IsReadyToStart()) {
89 StartInvalidator(PUSH_CLIENT_CHANNEL);
92 notification_registrar_.Add(this,
93 chrome::NOTIFICATION_GOOGLE_SIGNED_OUT,
94 content::Source<Profile>(profile_));
95 oauth2_token_service_->AddObserver(this);
98 void TiclInvalidationService::InitForTest(syncer::Invalidator* invalidator) {
99 // Here we perform the equivalent of Init() and StartInvalidator(), but with
100 // some minor changes to account for the fact that we're injecting the
102 invalidator_.reset(invalidator);
104 invalidator_->RegisterHandler(this);
105 invalidator_->UpdateRegisteredIds(
107 invalidator_registrar_->GetAllRegisteredIds());
110 void TiclInvalidationService::RegisterInvalidationHandler(
111 syncer::InvalidationHandler* handler) {
112 DCHECK(CalledOnValidThread());
113 DVLOG(2) << "Registering an invalidation handler";
114 invalidator_registrar_->RegisterHandler(handler);
117 void TiclInvalidationService::UpdateRegisteredInvalidationIds(
118 syncer::InvalidationHandler* handler,
119 const syncer::ObjectIdSet& ids) {
120 DCHECK(CalledOnValidThread());
121 DVLOG(2) << "Registering ids: " << ids.size();
122 invalidator_registrar_->UpdateRegisteredIds(handler, ids);
124 invalidator_->UpdateRegisteredIds(
126 invalidator_registrar_->GetAllRegisteredIds());
130 void TiclInvalidationService::UnregisterInvalidationHandler(
131 syncer::InvalidationHandler* handler) {
132 DCHECK(CalledOnValidThread());
133 DVLOG(2) << "Unregistering";
134 invalidator_registrar_->UnregisterHandler(handler);
136 invalidator_->UpdateRegisteredIds(
138 invalidator_registrar_->GetAllRegisteredIds());
142 syncer::InvalidatorState TiclInvalidationService::GetInvalidatorState() const {
143 DCHECK(CalledOnValidThread());
145 DVLOG(2) << "GetInvalidatorState returning "
146 << invalidator_->GetInvalidatorState();
147 return invalidator_->GetInvalidatorState();
149 DVLOG(2) << "Invalidator currently stopped";
150 return syncer::TRANSIENT_INVALIDATION_ERROR;
154 std::string TiclInvalidationService::GetInvalidatorClientId() const {
155 DCHECK(CalledOnValidThread());
156 return invalidator_storage_->GetInvalidatorClientId();
159 InvalidationLogger* TiclInvalidationService::GetInvalidationLogger() {
163 void TiclInvalidationService::Observe(
165 const content::NotificationSource& source,
166 const content::NotificationDetails& details) {
167 DCHECK(CalledOnValidThread());
168 DCHECK_EQ(type, chrome::NOTIFICATION_GOOGLE_SIGNED_OUT);
172 void TiclInvalidationService::RequestAccessToken() {
173 // Only one active request at a time.
174 if (access_token_request_ != NULL)
176 request_access_token_retry_timer_.Stop();
177 OAuth2TokenService::ScopeSet oauth2_scopes;
178 for (size_t i = 0; i < arraysize(kOAuth2Scopes); i++)
179 oauth2_scopes.insert(kOAuth2Scopes[i]);
180 // Invalidate previous token, otherwise token service will return the same
182 const std::string& account_id = signin_manager_->GetAuthenticatedAccountId();
183 oauth2_token_service_->InvalidateToken(account_id,
186 access_token_.clear();
187 access_token_request_ = oauth2_token_service_->StartRequest(account_id,
192 void TiclInvalidationService::OnGetTokenSuccess(
193 const OAuth2TokenService::Request* request,
194 const std::string& access_token,
195 const base::Time& expiration_time) {
196 DCHECK_EQ(access_token_request_, request);
197 access_token_request_.reset();
198 // Reset backoff time after successful response.
199 request_access_token_backoff_.Reset();
200 access_token_ = access_token;
201 if (!IsStarted() && IsReadyToStart()) {
202 StartInvalidator(PUSH_CLIENT_CHANNEL);
204 UpdateInvalidatorCredentials();
208 void TiclInvalidationService::OnGetTokenFailure(
209 const OAuth2TokenService::Request* request,
210 const GoogleServiceAuthError& error) {
211 DCHECK_EQ(access_token_request_, request);
212 DCHECK_NE(error.state(), GoogleServiceAuthError::NONE);
213 access_token_request_.reset();
214 switch (error.state()) {
215 case GoogleServiceAuthError::CONNECTION_FAILED:
216 case GoogleServiceAuthError::SERVICE_UNAVAILABLE: {
217 // Transient error. Retry after some time.
218 request_access_token_backoff_.InformOfRequest(false);
219 request_access_token_retry_timer_.Start(
221 request_access_token_backoff_.GetTimeUntilRelease(),
222 base::Bind(&TiclInvalidationService::RequestAccessToken,
223 base::Unretained(this)));
226 case GoogleServiceAuthError::SERVICE_ERROR:
227 case GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS: {
228 invalidator_registrar_->UpdateInvalidatorState(
229 syncer::INVALIDATION_CREDENTIALS_REJECTED);
233 // We have no way to notify the user of this. Do nothing.
238 void TiclInvalidationService::OnRefreshTokenAvailable(
239 const std::string& account_id) {
240 if (signin_manager_->GetAuthenticatedAccountId() == account_id) {
241 if (!IsStarted() && IsReadyToStart()) {
242 StartInvalidator(PUSH_CLIENT_CHANNEL);
247 void TiclInvalidationService::OnRefreshTokenRevoked(
248 const std::string& account_id) {
249 if (signin_manager_->GetAuthenticatedAccountId() == account_id) {
250 access_token_.clear();
252 UpdateInvalidatorCredentials();
257 void TiclInvalidationService::OnInvalidatorStateChange(
258 syncer::InvalidatorState state) {
259 if (state == syncer::INVALIDATION_CREDENTIALS_REJECTED) {
260 // This may be due to normal OAuth access token expiration. If so, we must
261 // fetch a new one using our refresh token. Resetting the invalidator's
262 // access token will not reset the invalidator's exponential backoff, so
263 // it's safe to try to update the token every time we receive this signal.
265 // We won't be receiving any invalidations while the refresh is in progress,
266 // we set our state to TRANSIENT_INVALIDATION_ERROR. If the credentials
267 // really are invalid, the refresh request should fail and
268 // OnGetTokenFailure() will put us into a INVALIDATION_CREDENTIALS_REJECTED
270 invalidator_registrar_->UpdateInvalidatorState(
271 syncer::TRANSIENT_INVALIDATION_ERROR);
272 RequestAccessToken();
274 invalidator_registrar_->UpdateInvalidatorState(state);
276 logger_.OnStateChange(state);
279 void TiclInvalidationService::OnIncomingInvalidation(
280 const syncer::ObjectIdInvalidationMap& invalidation_map) {
281 invalidator_registrar_->DispatchInvalidationsToHandlers(invalidation_map);
283 logger_.OnInvalidation(invalidation_map);
286 void TiclInvalidationService::Shutdown() {
287 DCHECK(CalledOnValidThread());
288 oauth2_token_service_->RemoveObserver(this);
292 invalidator_storage_.reset();
293 invalidator_registrar_.reset();
296 bool TiclInvalidationService::IsReadyToStart() {
297 if (profile_->IsManaged()) {
298 DVLOG(2) << "Not starting TiclInvalidationService: User is managed.";
302 if (signin_manager_->GetAuthenticatedUsername().empty()) {
303 DVLOG(2) << "Not starting TiclInvalidationService: User is not signed in.";
307 if (!oauth2_token_service_) {
309 << "Not starting TiclInvalidationService: "
310 << "OAuth2TokenService unavailable.";
314 if (!oauth2_token_service_->RefreshTokenIsAvailable(
315 signin_manager_->GetAuthenticatedAccountId())) {
317 << "Not starting TiclInvalidationServce: Waiting for refresh token.";
324 bool TiclInvalidationService::IsStarted() {
325 return invalidator_.get() != NULL;
328 void TiclInvalidationService::StartInvalidator(
329 InvalidationNetworkChannel network_channel) {
330 DCHECK(CalledOnValidThread());
331 DCHECK(!invalidator_);
332 DCHECK(invalidator_storage_);
333 DCHECK(!invalidator_storage_->GetInvalidatorClientId().empty());
335 if (access_token_.empty()) {
337 << "TiclInvalidationService: "
338 << "Deferring start until we have an access token.";
339 RequestAccessToken();
343 syncer::NetworkChannelCreator network_channel_creator;
345 switch (network_channel) {
346 case PUSH_CLIENT_CHANNEL: {
347 notifier::NotifierOptions options =
348 ParseNotifierOptions(*CommandLine::ForCurrentProcess());
349 options.request_context_getter = profile_->GetRequestContext();
350 options.auth_mechanism = "X-OAUTH2";
351 DCHECK_EQ(notifier::NOTIFICATION_SERVER, options.notification_method);
352 network_channel_creator =
353 syncer::NonBlockingInvalidator::MakePushClientChannelCreator(options);
356 case GCM_NETWORK_CHANNEL: {
357 scoped_ptr<syncer::GCMNetworkChannelDelegate> delegate;
358 delegate.reset(new GCMNetworkChannelDelegateImpl(profile_));
359 network_channel_creator =
360 syncer::NonBlockingInvalidator::MakeGCMNetworkChannelCreator(
361 profile_->GetRequestContext(),
370 invalidator_.reset(new syncer::NonBlockingInvalidator(
371 network_channel_creator,
372 invalidator_storage_->GetInvalidatorClientId(),
373 invalidator_storage_->GetSavedInvalidations(),
374 invalidator_storage_->GetBootstrapData(),
375 syncer::WeakHandle<syncer::InvalidationStateTracker>(
376 invalidator_storage_->AsWeakPtr()),
377 content::GetUserAgent(GURL()),
378 profile_->GetRequestContext()));
380 UpdateInvalidatorCredentials();
382 invalidator_->RegisterHandler(this);
383 invalidator_->UpdateRegisteredIds(
385 invalidator_registrar_->GetAllRegisteredIds());
388 void TiclInvalidationService::UpdateInvalidatorCredentials() {
389 std::string email = signin_manager_->GetAuthenticatedUsername();
391 DCHECK(!email.empty()) << "Expected user to be signed in.";
393 DVLOG(2) << "UpdateCredentials: " << email;
394 invalidator_->UpdateCredentials(email, access_token_);
397 void TiclInvalidationService::StopInvalidator() {
398 DCHECK(invalidator_);
399 invalidator_->UnregisterHandler(this);
400 invalidator_.reset();
403 void TiclInvalidationService::Logout() {
404 access_token_request_.reset();
405 request_access_token_retry_timer_.Stop();
411 // This service always expects to have a valid invalidator storage.
412 // So we must not only clear the old one, but also start a new one.
413 invalidator_storage_->Clear();
414 invalidator_storage_.reset(new InvalidatorStorage(profile_->GetPrefs()));
415 invalidator_storage_->SetInvalidatorClientId(GenerateInvalidatorClientId());
418 } // namespace invalidation