src/chrome/browser/managed_mode/managed_user_refresh_token_fetcher.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/managed_mode/managed_user_refresh_token_fetcher.h"
   6
   7 #include "base/callback.h"
   8 #include "base/json/json_reader.h"
   9 #include "base/logging.h"
  10 #include "base/strings/stringprintf.h"
  11 #include "base/values.h"
  12 #include "google_apis/gaia/gaia_constants.h"
  13 #include "google_apis/gaia/gaia_oauth_client.h"
  14 #include "google_apis/gaia/gaia_urls.h"
  15 #include "google_apis/gaia/google_service_auth_error.h"
  16 #include "google_apis/gaia/oauth2_api_call_flow.h"
  17 #include "google_apis/gaia/oauth2_token_service.h"
  18 #include "net/base/escape.h"
  19 #include "net/base/load_flags.h"
  20 #include "net/base/net_errors.h"
  21 #include "net/http/http_status_code.h"
  22 #include "net/url_request/url_fetcher.h"
  23 #include "net/url_request/url_request_status.h"
  24
  25 using base::Time;
  26 using gaia::GaiaOAuthClient;
  27 using GaiaConstants::kChromeSyncManagedOAuth2Scope;
  28 using net::URLFetcher;
  29 using net::URLFetcherDelegate;
  30 using net::URLRequestContextGetter;
  31
  32 namespace {
  33
  34 const int kNumRetries = 1;
  35
  36 static const char kIssueTokenBodyFormat[] =
  37     "client_id=%s"
  38     "&scope=%s"
  39     "&response_type=code"
  40     "&profile_id=%s"
  41     "&device_name=%s";
  42
  43 static const char kAuthorizationHeaderFormat[] =
  44     "Authorization: Bearer %s";
  45
  46 static const char kCodeKey[] = "code";
  47
  48 class ManagedUserRefreshTokenFetcherImpl
  49     : public ManagedUserRefreshTokenFetcher,
  50       public OAuth2TokenService::Consumer,
  51       public URLFetcherDelegate,
  52       public GaiaOAuthClient::Delegate {
  53  public:
  54   ManagedUserRefreshTokenFetcherImpl(OAuth2TokenService* oauth2_token_service,
  55                                      const std::string& account_id,
  56                                      URLRequestContextGetter* context);
  57   virtual ~ManagedUserRefreshTokenFetcherImpl();
  58
  59   // ManagedUserRefreshTokenFetcher implementation:
  60   virtual void Start(const std::string& managed_user_id,
  61                      const std::string& device_name,
  62                      const TokenCallback& callback) OVERRIDE;
  63
  64  protected:
  65   // OAuth2TokenService::Consumer implementation:
  66   virtual void OnGetTokenSuccess(const OAuth2TokenService::Request* request,
  67                                  const std::string& access_token,
  68                                  const Time& expiration_time) OVERRIDE;
  69   virtual void OnGetTokenFailure(const OAuth2TokenService::Request* request,
  70                                  const GoogleServiceAuthError& error) OVERRIDE;
  71
  72   // net::URLFetcherDelegate implementation.
  73   virtual void OnURLFetchComplete(const URLFetcher* source) OVERRIDE;
  74
  75   // GaiaOAuthClient::Delegate implementation:
  76   virtual void OnGetTokensResponse(const std::string& refresh_token,
  77                                    const std::string& access_token,
  78                                    int expires_in_seconds) OVERRIDE;
  79   virtual void OnRefreshTokenResponse(const std::string& access_token,
  80                                       int expires_in_seconds) OVERRIDE;
  81   virtual void OnOAuthError() OVERRIDE;
  82   virtual void OnNetworkError(int response_code) OVERRIDE;
  83
  84  private:
  85   // Requests an access token, which is the first thing we need. This is where
  86   // we restart when the returned access token has expired.
  87   void StartFetching();
  88
  89   void DispatchNetworkError(int error_code);
  90   void DispatchGoogleServiceAuthError(const GoogleServiceAuthError& error,
  91                                       const std::string& token);
  92   OAuth2TokenService* oauth2_token_service_;
  93   std::string account_id_;
  94   URLRequestContextGetter* context_;
  95
  96   std::string device_name_;
  97   std::string managed_user_id_;
  98   TokenCallback callback_;
  99
 100   scoped_ptr<OAuth2TokenService::Request> access_token_request_;
 101   std::string access_token_;
 102   bool access_token_expired_;
 103   scoped_ptr<URLFetcher> url_fetcher_;
 104   scoped_ptr<GaiaOAuthClient> gaia_oauth_client_;
 105 };
 106
 107 ManagedUserRefreshTokenFetcherImpl::ManagedUserRefreshTokenFetcherImpl(
 108     OAuth2TokenService* oauth2_token_service,
 109     const std::string& account_id,
 110     URLRequestContextGetter* context)
 111     : oauth2_token_service_(oauth2_token_service),
 112       account_id_(account_id),
 113       context_(context),
 114       access_token_expired_(false) {}
 115
 116 ManagedUserRefreshTokenFetcherImpl::~ManagedUserRefreshTokenFetcherImpl() {}
 117
 118 void ManagedUserRefreshTokenFetcherImpl::Start(
 119     const std::string& managed_user_id,
 120     const std::string& device_name,
 121     const TokenCallback& callback) {
 122   DCHECK(callback_.is_null());
 123   managed_user_id_ = managed_user_id;
 124   device_name_ = device_name;
 125   callback_ = callback;
 126   StartFetching();
 127 }
 128
 129 void ManagedUserRefreshTokenFetcherImpl::StartFetching() {
 130   OAuth2TokenService::ScopeSet scopes;
 131   scopes.insert(GaiaUrls::GetInstance()->oauth1_login_scope());
 132   access_token_request_ = oauth2_token_service_->StartRequest(
 133       account_id_, scopes, this);
 134 }
 135
 136 void ManagedUserRefreshTokenFetcherImpl::OnGetTokenSuccess(
 137     const OAuth2TokenService::Request* request,
 138     const std::string& access_token,
 139     const Time& expiration_time) {
 140   DCHECK_EQ(access_token_request_.get(), request);
 141   access_token_ = access_token;
 142
 143   GURL url(GaiaUrls::GetInstance()->oauth2_issue_token_url());
 144   // GaiaOAuthClient uses id 0, so we use 1 to distinguish the requests in
 145   // unit tests.
 146   const int id = 1;
 147
 148   url_fetcher_.reset(URLFetcher::Create(id, url, URLFetcher::POST, this));
 149
 150   url_fetcher_->SetRequestContext(context_);
 151   url_fetcher_->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
 152                              net::LOAD_DO_NOT_SAVE_COOKIES);
 153   url_fetcher_->SetAutomaticallyRetryOnNetworkChanges(kNumRetries);
 154   url_fetcher_->AddExtraRequestHeader(
 155       base::StringPrintf(kAuthorizationHeaderFormat, access_token.c_str()));
 156
 157   std::string body = base::StringPrintf(
 158       kIssueTokenBodyFormat,
 159       net::EscapeUrlEncodedData(
 160           GaiaUrls::GetInstance()->oauth2_chrome_client_id(), true).c_str(),
 161       net::EscapeUrlEncodedData(kChromeSyncManagedOAuth2Scope, true).c_str(),
 162       net::EscapeUrlEncodedData(managed_user_id_, true).c_str(),
 163       net::EscapeUrlEncodedData(device_name_, true).c_str());
 164   url_fetcher_->SetUploadData("application/x-www-form-urlencoded", body);
 165
 166   url_fetcher_->Start();
 167 }
 168
 169 void ManagedUserRefreshTokenFetcherImpl::OnGetTokenFailure(
 170     const OAuth2TokenService::Request* request,
 171     const GoogleServiceAuthError& error) {
 172   DCHECK_EQ(access_token_request_.get(), request);
 173   callback_.Run(error, std::string());
 174   callback_.Reset();
 175 }
 176
 177 void ManagedUserRefreshTokenFetcherImpl::OnURLFetchComplete(
 178     const URLFetcher* source) {
 179   const net::URLRequestStatus& status = source->GetStatus();
 180   if (!status.is_success()) {
 181     DispatchNetworkError(status.error());
 182     return;
 183   }
 184
 185   int response_code = source->GetResponseCode();
 186   if (response_code == net::HTTP_UNAUTHORIZED && !access_token_expired_) {
 187     access_token_expired_ = true;
 188     oauth2_token_service_->InvalidateToken(account_id_,
 189                                            OAuth2TokenService::ScopeSet(),
 190                                            access_token_);
 191     StartFetching();
 192     return;
 193   }
 194
 195   if (response_code != net::HTTP_OK) {
 196     // TODO(bauerb): We should return the HTTP response code somehow.
 197     DLOG(WARNING) << "HTTP error " << response_code;
 198     DispatchGoogleServiceAuthError(
 199         GoogleServiceAuthError(GoogleServiceAuthError::CONNECTION_FAILED),
 200         std::string());
 201     return;
 202   }
 203
 204   std::string response_body;
 205   source->GetResponseAsString(&response_body);
 206   scoped_ptr<base::Value> value(base::JSONReader::Read(response_body));
 207   DictionaryValue* dict = NULL;
 208   if (!value.get() || !value->GetAsDictionary(&dict)) {
 209     DispatchNetworkError(net::ERR_INVALID_RESPONSE);
 210     return;
 211   }
 212   std::string auth_code;
 213   if (!dict->GetString(kCodeKey, &auth_code)) {
 214     DispatchNetworkError(net::ERR_INVALID_RESPONSE);
 215     return;
 216   }
 217
 218   gaia::OAuthClientInfo client_info;
 219   GaiaUrls* urls = GaiaUrls::GetInstance();
 220   client_info.client_id = urls->oauth2_chrome_client_id();
 221   client_info.client_secret = urls->oauth2_chrome_client_secret();
 222   gaia_oauth_client_.reset(new gaia::GaiaOAuthClient(context_));
 223   gaia_oauth_client_->GetTokensFromAuthCode(client_info, auth_code, kNumRetries,
 224                                             this);
 225 }
 226
 227 void ManagedUserRefreshTokenFetcherImpl::OnGetTokensResponse(
 228     const std::string& refresh_token,
 229     const std::string& access_token,
 230     int expires_in_seconds) {
 231   // TODO(bauerb): It would be nice if we could pass the access token as well,
 232   // so we don't need to fetch another one immediately.
 233   DispatchGoogleServiceAuthError(GoogleServiceAuthError::AuthErrorNone(),
 234                                  refresh_token);
 235 }
 236
 237 void ManagedUserRefreshTokenFetcherImpl::OnRefreshTokenResponse(
 238     const std::string& access_token,
 239     int expires_in_seconds) {
 240   NOTREACHED();
 241 }
 242
 243 void ManagedUserRefreshTokenFetcherImpl::OnOAuthError() {
 244   DispatchGoogleServiceAuthError(
 245       GoogleServiceAuthError(GoogleServiceAuthError::CONNECTION_FAILED),
 246       std::string());
 247 }
 248
 249 void ManagedUserRefreshTokenFetcherImpl::OnNetworkError(int response_code) {
 250   // TODO(bauerb): We should return the HTTP response code somehow.
 251   DLOG(WARNING) << "HTTP error " << response_code;
 252   DispatchGoogleServiceAuthError(
 253       GoogleServiceAuthError(GoogleServiceAuthError::CONNECTION_FAILED),
 254       std::string());
 255 }
 256
 257 void ManagedUserRefreshTokenFetcherImpl::DispatchNetworkError(int error_code) {
 258   DispatchGoogleServiceAuthError(
 259       GoogleServiceAuthError::FromConnectionError(error_code), std::string());
 260 }
 261
 262 void ManagedUserRefreshTokenFetcherImpl::DispatchGoogleServiceAuthError(
 263     const GoogleServiceAuthError& error,
 264     const std::string& token) {
 265   callback_.Run(error, token);
 266   callback_.Reset();
 267 }
 268
 269 }  // namespace
 270
 271 // static
 272 scoped_ptr<ManagedUserRefreshTokenFetcher>
 273 ManagedUserRefreshTokenFetcher::Create(OAuth2TokenService* oauth2_token_service,
 274                                        const std::string& account_id,
 275                                        URLRequestContextGetter* context) {
 276   scoped_ptr<ManagedUserRefreshTokenFetcher> fetcher(
 277       new ManagedUserRefreshTokenFetcherImpl(oauth2_token_service, account_id,
 278           context));
 279   return fetcher.Pass();
 280 }
 281
 282 ManagedUserRefreshTokenFetcher::~ManagedUserRefreshTokenFetcher() {}