|  | // Copyright 2014 The Chromium Authors. All rights reserved. | 
|  | // Use of this source code is governed by a BSD-style license that can be | 
|  | // found in the LICENSE file. | 
|  |  | 
|  | #include "components/gcm_driver/gcm_account_tracker.h" | 
|  |  | 
|  | #include <stdint.h> | 
|  |  | 
|  | #include <algorithm> | 
|  | #include <vector> | 
|  |  | 
|  | #include "base/bind.h" | 
|  | #include "base/location.h" | 
|  | #include "base/single_thread_task_runner.h" | 
|  | #include "base/threading/thread_task_runner_handle.h" | 
|  | #include "base/time/time.h" | 
|  | #include "components/gcm_driver/gcm_driver.h" | 
|  | #include "google_apis/gaia/google_service_auth_error.h" | 
|  | #include "net/base/ip_endpoint.h" | 
|  | #include "services/identity/public/cpp/access_token_fetcher.h" | 
|  | #include "services/identity/public/cpp/identity_manager.h" | 
|  |  | 
|  | namespace gcm { | 
|  |  | 
|  | namespace { | 
|  |  | 
|  | // Scopes needed by the OAuth2 access tokens. | 
|  | const char kGCMGroupServerScope[] = "https://www.googleapis.com/auth/gcm"; | 
|  | const char kGCMCheckinServerScope[] = | 
|  | "https://www.googleapis.com/auth/android_checkin"; | 
|  | // Name of the GCM account tracker for fetching access tokens. | 
|  | const char kGCMAccountTrackerName[] = "gcm_account_tracker"; | 
|  | // Minimum token validity when sending to GCM groups server. | 
|  | const int64_t kMinimumTokenValidityMs = 500; | 
|  | // Token reporting interval, when no account changes are detected. | 
|  | const int64_t kTokenReportingIntervalMs = | 
|  | 12 * 60 * 60 * 1000;  // 12 hours in ms. | 
|  |  | 
|  | }  // namespace | 
|  |  | 
|  | GCMAccountTracker::AccountInfo::AccountInfo(const std::string& email, | 
|  | AccountState state) | 
|  | : email(email), state(state) { | 
|  | } | 
|  |  | 
|  | GCMAccountTracker::AccountInfo::~AccountInfo() { | 
|  | } | 
|  |  | 
|  | GCMAccountTracker::GCMAccountTracker( | 
|  | std::unique_ptr<AccountTracker> account_tracker, | 
|  | identity::IdentityManager* identity_manager, | 
|  | GCMDriver* driver) | 
|  | : account_tracker_(account_tracker.release()), | 
|  | identity_manager_(identity_manager), | 
|  | driver_(driver), | 
|  | shutdown_called_(false), | 
|  | reporting_weak_ptr_factory_(this) {} | 
|  |  | 
|  | GCMAccountTracker::~GCMAccountTracker() { | 
|  | DCHECK(shutdown_called_); | 
|  | } | 
|  |  | 
|  | void GCMAccountTracker::Shutdown() { | 
|  | shutdown_called_ = true; | 
|  | driver_->RemoveConnectionObserver(this); | 
|  | account_tracker_->RemoveObserver(this); | 
|  | account_tracker_->Shutdown(); | 
|  | } | 
|  |  | 
|  | void GCMAccountTracker::Start() { | 
|  | DCHECK(!shutdown_called_); | 
|  | account_tracker_->AddObserver(this); | 
|  | driver_->AddConnectionObserver(this); | 
|  |  | 
|  | std::vector<AccountIds> accounts = account_tracker_->GetAccounts(); | 
|  | for (std::vector<AccountIds>::const_iterator iter = accounts.begin(); | 
|  | iter != accounts.end(); ++iter) { | 
|  | if (!iter->email.empty()) { | 
|  | account_infos_.insert(std::make_pair( | 
|  | iter->account_key, AccountInfo(iter->email, TOKEN_NEEDED))); | 
|  | } | 
|  | } | 
|  |  | 
|  | if (IsTokenReportingRequired()) | 
|  | ReportTokens(); | 
|  | else | 
|  | ScheduleReportTokens(); | 
|  | } | 
|  |  | 
|  | void GCMAccountTracker::ScheduleReportTokens() { | 
|  | // Shortcutting here, in case GCM Driver is not yet connected. In that case | 
|  | // reporting will be scheduled/started when the connection is made. | 
|  | if (!driver_->IsConnected()) | 
|  | return; | 
|  |  | 
|  | DVLOG(1) << "Deferring the token reporting for: " | 
|  | << GetTimeToNextTokenReporting().InSeconds() << " seconds."; | 
|  |  | 
|  | reporting_weak_ptr_factory_.InvalidateWeakPtrs(); | 
|  | base::ThreadTaskRunnerHandle::Get()->PostDelayedTask( | 
|  | FROM_HERE, | 
|  | base::BindOnce(&GCMAccountTracker::ReportTokens, | 
|  | reporting_weak_ptr_factory_.GetWeakPtr()), | 
|  | GetTimeToNextTokenReporting()); | 
|  | } | 
|  |  | 
|  | void GCMAccountTracker::OnAccountSignInChanged(const AccountIds& ids, | 
|  | bool is_signed_in) { | 
|  | if (is_signed_in) | 
|  | OnAccountSignedIn(ids); | 
|  | else | 
|  | OnAccountSignedOut(ids); | 
|  | } | 
|  |  | 
|  | void GCMAccountTracker::OnAccessTokenFetchCompleteForAccount( | 
|  | std::string account_id, | 
|  | GoogleServiceAuthError error, | 
|  | identity::AccessTokenInfo access_token_info) { | 
|  | auto iter = account_infos_.find(account_id); | 
|  | DCHECK(iter != account_infos_.end()); | 
|  | if (iter != account_infos_.end()) { | 
|  | DCHECK_EQ(GETTING_TOKEN, iter->second.state); | 
|  |  | 
|  | if (error.state() == GoogleServiceAuthError::NONE) { | 
|  | DVLOG(1) << "Get token success: " << account_id; | 
|  |  | 
|  | iter->second.state = TOKEN_PRESENT; | 
|  | iter->second.access_token = access_token_info.token; | 
|  | iter->second.expiration_time = access_token_info.expiration_time; | 
|  | } else { | 
|  | DVLOG(1) << "Get token failure: " << account_id; | 
|  |  | 
|  | // Given the fetcher has a built in retry logic, consider this situation | 
|  | // to be invalid refresh token, that is only fixed when user signs in. | 
|  | // Once the users signs in properly the minting will retry. | 
|  | iter->second.access_token.clear(); | 
|  | iter->second.state = ACCOUNT_REMOVED; | 
|  | } | 
|  | } | 
|  |  | 
|  | pending_token_requests_.erase(account_id); | 
|  | ReportTokens(); | 
|  | } | 
|  |  | 
|  | void GCMAccountTracker::OnConnected(const net::IPEndPoint& ip_endpoint) { | 
|  | // We are sure here, that GCM is running and connected. We can start reporting | 
|  | // tokens if reporting is due now, or schedule reporting for later. | 
|  | if (IsTokenReportingRequired()) | 
|  | ReportTokens(); | 
|  | else | 
|  | ScheduleReportTokens(); | 
|  | } | 
|  |  | 
|  | void GCMAccountTracker::OnDisconnected() { | 
|  | // We are disconnected, so no point in trying to work with tokens. | 
|  | } | 
|  |  | 
|  | void GCMAccountTracker::ReportTokens() { | 
|  | SanitizeTokens(); | 
|  | // Make sure all tokens are valid. | 
|  | if (IsTokenFetchingRequired()) { | 
|  | GetAllNeededTokens(); | 
|  | return; | 
|  | } | 
|  |  | 
|  | // Wait for AccountTracker to be done with fetching the user info, as | 
|  | // well as all of the pending token requests from GCMAccountTracker to be done | 
|  | // before you report the results. | 
|  | if (!account_tracker_->IsAllUserInfoFetched() || | 
|  | !pending_token_requests_.empty()) { | 
|  | return; | 
|  | } | 
|  |  | 
|  | bool account_removed = false; | 
|  | // Stop tracking the accounts, that were removed, as it will be reported to | 
|  | // the driver. | 
|  | for (auto iter = account_infos_.begin(); iter != account_infos_.end();) { | 
|  | if (iter->second.state == ACCOUNT_REMOVED) { | 
|  | account_removed = true; | 
|  | account_infos_.erase(iter++); | 
|  | } else { | 
|  | ++iter; | 
|  | } | 
|  | } | 
|  |  | 
|  | std::vector<GCMClient::AccountTokenInfo> account_tokens; | 
|  | for (auto iter = account_infos_.begin(); iter != account_infos_.end(); | 
|  | ++iter) { | 
|  | if (iter->second.state == TOKEN_PRESENT) { | 
|  | GCMClient::AccountTokenInfo token_info; | 
|  | token_info.account_id = iter->first; | 
|  | token_info.email = iter->second.email; | 
|  | token_info.access_token = iter->second.access_token; | 
|  | account_tokens.push_back(token_info); | 
|  | } else { | 
|  | // This should not happen, as we are making a check that there are no | 
|  | // pending requests above, stopping tracking of removed accounts, or start | 
|  | // fetching tokens. | 
|  | NOTREACHED(); | 
|  | } | 
|  | } | 
|  |  | 
|  | // Make sure that there is something to report, otherwise bail out. | 
|  | if (!account_tokens.empty() || account_removed) { | 
|  | DVLOG(1) << "Reporting the tokens to driver: " << account_tokens.size(); | 
|  | driver_->SetAccountTokens(account_tokens); | 
|  | driver_->SetLastTokenFetchTime(base::Time::Now()); | 
|  | ScheduleReportTokens(); | 
|  | } else { | 
|  | DVLOG(1) << "No tokens and nothing removed. Skipping callback."; | 
|  | } | 
|  | } | 
|  |  | 
|  | void GCMAccountTracker::SanitizeTokens() { | 
|  | for (auto iter = account_infos_.begin(); iter != account_infos_.end(); | 
|  | ++iter) { | 
|  | if (iter->second.state == TOKEN_PRESENT && | 
|  | iter->second.expiration_time < | 
|  | base::Time::Now() + | 
|  | base::TimeDelta::FromMilliseconds(kMinimumTokenValidityMs)) { | 
|  | iter->second.access_token.clear(); | 
|  | iter->second.state = TOKEN_NEEDED; | 
|  | iter->second.expiration_time = base::Time(); | 
|  | } | 
|  | } | 
|  | } | 
|  |  | 
|  | bool GCMAccountTracker::IsTokenReportingRequired() const { | 
|  | if (GetTimeToNextTokenReporting().is_zero()) | 
|  | return true; | 
|  |  | 
|  | bool reporting_required = false; | 
|  | for (auto iter = account_infos_.begin(); iter != account_infos_.end(); | 
|  | ++iter) { | 
|  | if (iter->second.state == ACCOUNT_REMOVED) | 
|  | reporting_required = true; | 
|  | } | 
|  |  | 
|  | return reporting_required; | 
|  | } | 
|  |  | 
|  | bool GCMAccountTracker::IsTokenFetchingRequired() const { | 
|  | bool token_needed = false; | 
|  | for (auto iter = account_infos_.begin(); iter != account_infos_.end(); | 
|  | ++iter) { | 
|  | if (iter->second.state == TOKEN_NEEDED) | 
|  | token_needed = true; | 
|  | } | 
|  |  | 
|  | return token_needed; | 
|  | } | 
|  |  | 
|  | base::TimeDelta GCMAccountTracker::GetTimeToNextTokenReporting() const { | 
|  | base::TimeDelta time_till_next_reporting = | 
|  | driver_->GetLastTokenFetchTime() + | 
|  | base::TimeDelta::FromMilliseconds(kTokenReportingIntervalMs) - | 
|  | base::Time::Now(); | 
|  |  | 
|  | // Case when token fetching is overdue. | 
|  | if (time_till_next_reporting < base::TimeDelta()) | 
|  | return base::TimeDelta(); | 
|  |  | 
|  | // Case when calculated period is larger than expected, including the | 
|  | // situation when the method is called before GCM driver is completely | 
|  | // initialized. | 
|  | if (time_till_next_reporting > | 
|  | base::TimeDelta::FromMilliseconds(kTokenReportingIntervalMs)) { | 
|  | return base::TimeDelta::FromMilliseconds(kTokenReportingIntervalMs); | 
|  | } | 
|  |  | 
|  | return time_till_next_reporting; | 
|  | } | 
|  |  | 
|  | void GCMAccountTracker::GetAllNeededTokens() { | 
|  | // Only start fetching tokens if driver is running, they have a limited | 
|  | // validity time and GCM connection is a good indication of network running. | 
|  | // If the GetAllNeededTokens was called as part of periodic schedule, it may | 
|  | // not have network. In that case the next network change will trigger token | 
|  | // fetching. | 
|  | if (!driver_->IsConnected()) | 
|  | return; | 
|  |  | 
|  | for (auto iter = account_infos_.begin(); iter != account_infos_.end(); | 
|  | ++iter) { | 
|  | if (iter->second.state == TOKEN_NEEDED) | 
|  | GetToken(iter); | 
|  | } | 
|  | } | 
|  |  | 
|  | void GCMAccountTracker::GetToken(AccountInfos::iterator& account_iter) { | 
|  | DCHECK_EQ(account_iter->second.state, TOKEN_NEEDED); | 
|  |  | 
|  | identity::ScopeSet scopes; | 
|  | scopes.insert(kGCMGroupServerScope); | 
|  | scopes.insert(kGCMCheckinServerScope); | 
|  |  | 
|  | // NOTE: It is safe to use base::Unretained() here as |token_fetcher| is owned | 
|  | // by this object and guarantees that it will not invoke its callback after | 
|  | // its destruction. | 
|  | std::unique_ptr<identity::AccessTokenFetcher> token_fetcher = | 
|  | identity_manager_->CreateAccessTokenFetcherForAccount( | 
|  | account_iter->first, kGCMAccountTrackerName, scopes, | 
|  | base::BindOnce( | 
|  | &GCMAccountTracker::OnAccessTokenFetchCompleteForAccount, | 
|  | base::Unretained(this), account_iter->first), | 
|  | identity::AccessTokenFetcher::Mode::kImmediate); | 
|  |  | 
|  | DCHECK(pending_token_requests_.count(account_iter->first) == 0); | 
|  | pending_token_requests_.emplace(account_iter->first, | 
|  | std::move(token_fetcher)); | 
|  | account_iter->second.state = GETTING_TOKEN; | 
|  | } | 
|  |  | 
|  | void GCMAccountTracker::OnAccountSignedIn(const AccountIds& ids) { | 
|  | DVLOG(1) << "Account signed in: " << ids.email; | 
|  | auto iter = account_infos_.find(ids.account_key); | 
|  | if (iter == account_infos_.end()) { | 
|  | DCHECK(!ids.email.empty()); | 
|  | account_infos_.insert( | 
|  | std::make_pair(ids.account_key, AccountInfo(ids.email, TOKEN_NEEDED))); | 
|  | } else if (iter->second.state == ACCOUNT_REMOVED) { | 
|  | iter->second.state = TOKEN_NEEDED; | 
|  | } | 
|  |  | 
|  | GetAllNeededTokens(); | 
|  | } | 
|  |  | 
|  | void GCMAccountTracker::OnAccountSignedOut(const AccountIds& ids) { | 
|  | DVLOG(1) << "Account signed out: " << ids.email; | 
|  | auto iter = account_infos_.find(ids.account_key); | 
|  | if (iter == account_infos_.end()) | 
|  | return; | 
|  |  | 
|  | iter->second.access_token.clear(); | 
|  | iter->second.state = ACCOUNT_REMOVED; | 
|  |  | 
|  | // Delete any ongoing access token request now so that if the account is later | 
|  | // re-added and a new access token request made, we do not break this class' | 
|  | // invariant that there is at most one ongoing access token request per | 
|  | // account. | 
|  | pending_token_requests_.erase(ids.account_key); | 
|  | ReportTokens(); | 
|  | } | 
|  |  | 
|  | }  // namespace gcm |