1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/managed_mode/managed_user_refresh_token_fetcher.h"
7 #include "base/callback.h"
8 #include "base/json/json_reader.h"
9 #include "base/logging.h"
10 #include "base/strings/stringprintf.h"
11 #include "base/values.h"
12 #include "google_apis/gaia/gaia_constants.h"
13 #include "google_apis/gaia/gaia_oauth_client.h"
14 #include "google_apis/gaia/gaia_urls.h"
15 #include "google_apis/gaia/google_service_auth_error.h"
16 #include "google_apis/gaia/oauth2_api_call_flow.h"
17 #include "google_apis/gaia/oauth2_token_service.h"
18 #include "net/base/escape.h"
19 #include "net/base/load_flags.h"
20 #include "net/base/net_errors.h"
21 #include "net/http/http_status_code.h"
22 #include "net/url_request/url_fetcher.h"
23 #include "net/url_request/url_request_status.h"
26 using gaia::GaiaOAuthClient;
27 using GaiaConstants::kChromeSyncManagedOAuth2Scope;
28 using net::URLFetcher;
29 using net::URLFetcherDelegate;
30 using net::URLRequestContextGetter;
34 const int kNumRetries = 1;
36 static const char kIssueTokenBodyFormat[] =
43 static const char kAuthorizationHeaderFormat[] =
44 "Authorization: Bearer %s";
46 static const char kCodeKey[] = "code";
48 class ManagedUserRefreshTokenFetcherImpl
49 : public ManagedUserRefreshTokenFetcher,
50 public OAuth2TokenService::Consumer,
51 public URLFetcherDelegate,
52 public GaiaOAuthClient::Delegate {
54 ManagedUserRefreshTokenFetcherImpl(OAuth2TokenService* oauth2_token_service,
55 const std::string& account_id,
56 URLRequestContextGetter* context);
57 virtual ~ManagedUserRefreshTokenFetcherImpl();
59 // ManagedUserRefreshTokenFetcher implementation:
60 virtual void Start(const std::string& managed_user_id,
61 const std::string& device_name,
62 const TokenCallback& callback) OVERRIDE;
65 // OAuth2TokenService::Consumer implementation:
66 virtual void OnGetTokenSuccess(const OAuth2TokenService::Request* request,
67 const std::string& access_token,
68 const Time& expiration_time) OVERRIDE;
69 virtual void OnGetTokenFailure(const OAuth2TokenService::Request* request,
70 const GoogleServiceAuthError& error) OVERRIDE;
72 // net::URLFetcherDelegate implementation.
73 virtual void OnURLFetchComplete(const URLFetcher* source) OVERRIDE;
75 // GaiaOAuthClient::Delegate implementation:
76 virtual void OnGetTokensResponse(const std::string& refresh_token,
77 const std::string& access_token,
78 int expires_in_seconds) OVERRIDE;
79 virtual void OnRefreshTokenResponse(const std::string& access_token,
80 int expires_in_seconds) OVERRIDE;
81 virtual void OnOAuthError() OVERRIDE;
82 virtual void OnNetworkError(int response_code) OVERRIDE;
85 // Requests an access token, which is the first thing we need. This is where
86 // we restart when the returned access token has expired.
89 void DispatchNetworkError(int error_code);
90 void DispatchGoogleServiceAuthError(const GoogleServiceAuthError& error,
91 const std::string& token);
92 OAuth2TokenService* oauth2_token_service_;
93 std::string account_id_;
94 URLRequestContextGetter* context_;
96 std::string device_name_;
97 std::string managed_user_id_;
98 TokenCallback callback_;
100 scoped_ptr<OAuth2TokenService::Request> access_token_request_;
101 std::string access_token_;
102 bool access_token_expired_;
103 scoped_ptr<URLFetcher> url_fetcher_;
104 scoped_ptr<GaiaOAuthClient> gaia_oauth_client_;
107 ManagedUserRefreshTokenFetcherImpl::ManagedUserRefreshTokenFetcherImpl(
108 OAuth2TokenService* oauth2_token_service,
109 const std::string& account_id,
110 URLRequestContextGetter* context)
111 : oauth2_token_service_(oauth2_token_service),
112 account_id_(account_id),
114 access_token_expired_(false) {}
116 ManagedUserRefreshTokenFetcherImpl::~ManagedUserRefreshTokenFetcherImpl() {}
118 void ManagedUserRefreshTokenFetcherImpl::Start(
119 const std::string& managed_user_id,
120 const std::string& device_name,
121 const TokenCallback& callback) {
122 DCHECK(callback_.is_null());
123 managed_user_id_ = managed_user_id;
124 device_name_ = device_name;
125 callback_ = callback;
129 void ManagedUserRefreshTokenFetcherImpl::StartFetching() {
130 OAuth2TokenService::ScopeSet scopes;
131 scopes.insert(GaiaUrls::GetInstance()->oauth1_login_scope());
132 access_token_request_ = oauth2_token_service_->StartRequest(
133 account_id_, scopes, this);
136 void ManagedUserRefreshTokenFetcherImpl::OnGetTokenSuccess(
137 const OAuth2TokenService::Request* request,
138 const std::string& access_token,
139 const Time& expiration_time) {
140 DCHECK_EQ(access_token_request_.get(), request);
141 access_token_ = access_token;
143 GURL url(GaiaUrls::GetInstance()->oauth2_issue_token_url());
144 // GaiaOAuthClient uses id 0, so we use 1 to distinguish the requests in
148 url_fetcher_.reset(URLFetcher::Create(id, url, URLFetcher::POST, this));
150 url_fetcher_->SetRequestContext(context_);
151 url_fetcher_->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
152 net::LOAD_DO_NOT_SAVE_COOKIES);
153 url_fetcher_->SetAutomaticallyRetryOnNetworkChanges(kNumRetries);
154 url_fetcher_->AddExtraRequestHeader(
155 base::StringPrintf(kAuthorizationHeaderFormat, access_token.c_str()));
157 std::string body = base::StringPrintf(
158 kIssueTokenBodyFormat,
159 net::EscapeUrlEncodedData(
160 GaiaUrls::GetInstance()->oauth2_chrome_client_id(), true).c_str(),
161 net::EscapeUrlEncodedData(kChromeSyncManagedOAuth2Scope, true).c_str(),
162 net::EscapeUrlEncodedData(managed_user_id_, true).c_str(),
163 net::EscapeUrlEncodedData(device_name_, true).c_str());
164 url_fetcher_->SetUploadData("application/x-www-form-urlencoded", body);
166 url_fetcher_->Start();
169 void ManagedUserRefreshTokenFetcherImpl::OnGetTokenFailure(
170 const OAuth2TokenService::Request* request,
171 const GoogleServiceAuthError& error) {
172 DCHECK_EQ(access_token_request_.get(), request);
173 callback_.Run(error, std::string());
177 void ManagedUserRefreshTokenFetcherImpl::OnURLFetchComplete(
178 const URLFetcher* source) {
179 const net::URLRequestStatus& status = source->GetStatus();
180 if (!status.is_success()) {
181 DispatchNetworkError(status.error());
185 int response_code = source->GetResponseCode();
186 if (response_code == net::HTTP_UNAUTHORIZED && !access_token_expired_) {
187 access_token_expired_ = true;
188 oauth2_token_service_->InvalidateToken(account_id_,
189 OAuth2TokenService::ScopeSet(),
195 if (response_code != net::HTTP_OK) {
196 // TODO(bauerb): We should return the HTTP response code somehow.
197 DLOG(WARNING) << "HTTP error " << response_code;
198 DispatchGoogleServiceAuthError(
199 GoogleServiceAuthError(GoogleServiceAuthError::CONNECTION_FAILED),
204 std::string response_body;
205 source->GetResponseAsString(&response_body);
206 scoped_ptr<base::Value> value(base::JSONReader::Read(response_body));
207 DictionaryValue* dict = NULL;
208 if (!value.get() || !value->GetAsDictionary(&dict)) {
209 DispatchNetworkError(net::ERR_INVALID_RESPONSE);
212 std::string auth_code;
213 if (!dict->GetString(kCodeKey, &auth_code)) {
214 DispatchNetworkError(net::ERR_INVALID_RESPONSE);
218 gaia::OAuthClientInfo client_info;
219 GaiaUrls* urls = GaiaUrls::GetInstance();
220 client_info.client_id = urls->oauth2_chrome_client_id();
221 client_info.client_secret = urls->oauth2_chrome_client_secret();
222 gaia_oauth_client_.reset(new gaia::GaiaOAuthClient(context_));
223 gaia_oauth_client_->GetTokensFromAuthCode(client_info, auth_code, kNumRetries,
227 void ManagedUserRefreshTokenFetcherImpl::OnGetTokensResponse(
228 const std::string& refresh_token,
229 const std::string& access_token,
230 int expires_in_seconds) {
231 // TODO(bauerb): It would be nice if we could pass the access token as well,
232 // so we don't need to fetch another one immediately.
233 DispatchGoogleServiceAuthError(GoogleServiceAuthError::AuthErrorNone(),
237 void ManagedUserRefreshTokenFetcherImpl::OnRefreshTokenResponse(
238 const std::string& access_token,
239 int expires_in_seconds) {
243 void ManagedUserRefreshTokenFetcherImpl::OnOAuthError() {
244 DispatchGoogleServiceAuthError(
245 GoogleServiceAuthError(GoogleServiceAuthError::CONNECTION_FAILED),
249 void ManagedUserRefreshTokenFetcherImpl::OnNetworkError(int response_code) {
250 // TODO(bauerb): We should return the HTTP response code somehow.
251 DLOG(WARNING) << "HTTP error " << response_code;
252 DispatchGoogleServiceAuthError(
253 GoogleServiceAuthError(GoogleServiceAuthError::CONNECTION_FAILED),
257 void ManagedUserRefreshTokenFetcherImpl::DispatchNetworkError(int error_code) {
258 DispatchGoogleServiceAuthError(
259 GoogleServiceAuthError::FromConnectionError(error_code), std::string());
262 void ManagedUserRefreshTokenFetcherImpl::DispatchGoogleServiceAuthError(
263 const GoogleServiceAuthError& error,
264 const std::string& token) {
265 callback_.Run(error, token);
272 scoped_ptr<ManagedUserRefreshTokenFetcher>
273 ManagedUserRefreshTokenFetcher::Create(OAuth2TokenService* oauth2_token_service,
274 const std::string& account_id,
275 URLRequestContextGetter* context) {
276 scoped_ptr<ManagedUserRefreshTokenFetcher> fetcher(
277 new ManagedUserRefreshTokenFetcherImpl(oauth2_token_service, account_id,
279 return fetcher.Pass();
282 ManagedUserRefreshTokenFetcher::~ManagedUserRefreshTokenFetcher() {}