chrome/browser/signin/profile_oauth2_token_service_builder.cc - chromium/src - Git at Google

 // Copyright (c) 2019 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "chrome/browser/signin/profile_oauth2_token_service_builder.h"

 #include <memory>
 #include <string>
 #include <utility>

 #include "base/bind.h"
 #include "base/callback.h"
 #include "chrome/browser/profiles/profile.h"
 #include "components/signin/core/browser/account_consistency_method.h"
 #include "components/signin/core/browser/device_id_helper.h"
 #include "components/signin/core/browser/profile_oauth2_token_service.h"
 #include "components/signin/core/browser/signin_client.h"

 #if defined(OS_ANDROID)
 #include "components/signin/core/browser/oauth2_token_service_delegate_android.h"
 #else
 #include "chrome/browser/content_settings/cookie_settings_factory.h"
 #include "chrome/browser/web_data_service_factory.h"
 #include "components/content_settings/core/browser/cookie_settings.h"
 #include "components/signin/core/browser/cookie_settings_util.h"
 #include "components/signin/core/browser/mutable_profile_oauth2_token_service_delegate.h"
 #endif

 #if defined(OS_CHROMEOS)
 #include "chromeos/components/account_manager/account_manager.h"
 #include "chromeos/constants/chromeos_switches.h"
 #include "components/signin/core/browser/profile_oauth2_token_service_delegate_chromeos.h"
 #include "components/user_manager/user_manager.h"
 #endif  // defined(OS_CHROMEOS)

 #if defined(OS_WIN)
 #include "chrome/browser/signin/signin_util_win.h"
 #endif

 namespace {

 #if defined(OS_ANDROID)
 std::unique_ptr<OAuth2TokenServiceDelegateAndroid> CreateAndroidOAuthDelegate(
     AccountTrackerService* account_tracker_service) {
   return std::make_unique<OAuth2TokenServiceDelegateAndroid>(
       account_tracker_service);
 }
 #else  // defined(OS_ANDROID)
 #if defined(OS_CHROMEOS)
 std::unique_ptr<signin::ProfileOAuth2TokenServiceDelegateChromeOS>
 CreateCrOsOAuthDelegate(
     AccountTrackerService* account_tracker_service,
     network::NetworkConnectionTracker* network_connection_tracker,
     chromeos::AccountManager* account_manager,
     bool is_regular_profile) {
   DCHECK(account_manager);
   return std::make_unique<signin::ProfileOAuth2TokenServiceDelegateChromeOS>(
       account_tracker_service, network_connection_tracker, account_manager,
       is_regular_profile);
 }
 #endif  // defined(OS_CHROMEOS)

 // Supervised users cannot revoke credentials.
 bool CanRevokeCredentials(Profile* profile) {
 #if defined(OS_CHROMEOS)
   // UserManager may not exist in unit_tests.
   if (user_manager::UserManager::IsInitialized() &&
       user_manager::UserManager::Get()->IsLoggedInAsSupervisedUser()) {
     // Don't allow revoking credentials for Chrome OS supervised users.
     // See http://crbug.com/332032
     LOG(ERROR) << "Attempt to revoke supervised user refresh "
                << "token detected, ignoring.";
     return false;
   }
 #endif

   return true;
 }

 std::unique_ptr<MutableProfileOAuth2TokenServiceDelegate>
 CreateMutableProfileOAuthDelegate(
     Profile* profile,
     AccountTrackerService* account_tracker_service,
     signin::AccountConsistencyMethod account_consistency,
     SigninClient* signin_client,
     network::NetworkConnectionTracker* network_connection_tracker) {
   // When signin cookies are cleared on exit and Dice is enabled, all tokens
   // should also be cleared.
   bool revoke_all_tokens_on_load =
       (account_consistency == signin::AccountConsistencyMethod::kDice) &&
       signin::SettingsDeleteSigninCookiesOnExit(
           CookieSettingsFactory::GetForProfile(profile).get());

   return std::make_unique<MutableProfileOAuth2TokenServiceDelegate>(
       signin_client, account_tracker_service, network_connection_tracker,
       WebDataServiceFactory::GetTokenWebDataForProfile(
           profile, ServiceAccessType::EXPLICIT_ACCESS),
       account_consistency, revoke_all_tokens_on_load,
       CanRevokeCredentials(profile),
 #if defined(OS_WIN)
       base::BindRepeating(&signin_util::ReauthWithCredentialProviderIfPossible,
                           base::Unretained(profile)));
 #else
       MutableProfileOAuth2TokenServiceDelegate::FixRequestErrorCallback());
 #endif  // defined(OS_WIN)
 }
 #endif  // !defined(OS_ANDROID)

 std::unique_ptr<OAuth2TokenServiceDelegate> CreateOAuth2TokenServiceDelegate(
     Profile* profile,
     AccountTrackerService* account_tracker_service,
     signin::AccountConsistencyMethod account_consistency,
     SigninClient* signin_client,
 #if defined(OS_CHROMEOS)
     chromeos::AccountManager* account_manager,
     bool is_regular_profile,
 #endif
     network::NetworkConnectionTracker* network_connection_tracker) {
 #if defined(OS_ANDROID)
   return CreateAndroidOAuthDelegate(account_tracker_service);
 #else  // defined(OS_ANDROID)
 #if defined(OS_CHROMEOS)
   if (chromeos::switches::IsAccountManagerEnabled()) {
     return CreateCrOsOAuthDelegate(account_tracker_service,
                                    network_connection_tracker, account_manager,
                                    is_regular_profile);
   }
 #endif  // defined(OS_CHROMEOS)

   // Fall back to |MutableProfileOAuth2TokenServiceDelegate|:
   // 1. On all platforms other than Android and Chrome OS.
   // 2. On Chrome OS, if Account Manager has not been switched on yet
   // (chromeos::switches::IsAccountManagerEnabled).
   return CreateMutableProfileOAuthDelegate(profile, account_tracker_service,
                                            account_consistency, signin_client,
                                            network_connection_tracker);
 #endif  // !defined(OS_ANDROID)
 }

 }  // namespace

 // static
 std::unique_ptr<ProfileOAuth2TokenService>
 ProfileOAuth2TokenServiceBuilder::BuildInstanceFor(
     content::BrowserContext* context,
     PrefService* pref_service,
     AccountTrackerService* account_tracker_service,
     network::NetworkConnectionTracker* network_connection_tracker,
     signin::AccountConsistencyMethod account_consistency,
 #if defined(OS_CHROMEOS)
     chromeos::AccountManager* account_manager,
     bool is_regular_profile,
 #endif
     SigninClient* signin_client) {
   Profile* profile = static_cast<Profile*>(context);

 // On ChromeOS the device ID is not managed by the token service.
 #if !defined(OS_CHROMEOS)
   // Ensure the device ID is not empty. This is important for Dice, because the
   // device ID is needed on the network thread, but can only be generated on the
   // main thread.
   std::string device_id = signin::GetSigninScopedDeviceId(pref_service);
   DCHECK(!device_id.empty());
 #endif

   return std::make_unique<ProfileOAuth2TokenService>(
       pref_service,
       CreateOAuth2TokenServiceDelegate(profile, account_tracker_service,
                                        account_consistency, signin_client,
 #if defined(OS_CHROMEOS)
                                        account_manager, is_regular_profile,
 #endif
                                        network_connection_tracker));
 }
	// Copyright (c) 2019 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "chrome/browser/signin/profile_oauth2_token_service_builder.h"

	#include <memory>
	#include <string>
	#include <utility>

	#include "base/bind.h"
	#include "base/callback.h"
	#include "chrome/browser/profiles/profile.h"
	#include "components/signin/core/browser/account_consistency_method.h"
	#include "components/signin/core/browser/device_id_helper.h"
	#include "components/signin/core/browser/profile_oauth2_token_service.h"
	#include "components/signin/core/browser/signin_client.h"

	#if defined(OS_ANDROID)
	#include "components/signin/core/browser/oauth2_token_service_delegate_android.h"
	#else
	#include "chrome/browser/content_settings/cookie_settings_factory.h"
	#include "chrome/browser/web_data_service_factory.h"
	#include "components/content_settings/core/browser/cookie_settings.h"
	#include "components/signin/core/browser/cookie_settings_util.h"
	#include "components/signin/core/browser/mutable_profile_oauth2_token_service_delegate.h"
	#endif

	#if defined(OS_CHROMEOS)
	#include "chromeos/components/account_manager/account_manager.h"
	#include "chromeos/constants/chromeos_switches.h"
	#include "components/signin/core/browser/profile_oauth2_token_service_delegate_chromeos.h"
	#include "components/user_manager/user_manager.h"
	#endif // defined(OS_CHROMEOS)

	#if defined(OS_WIN)
	#include "chrome/browser/signin/signin_util_win.h"
	#endif

	namespace {

	#if defined(OS_ANDROID)
	std::unique_ptr<OAuth2TokenServiceDelegateAndroid> CreateAndroidOAuthDelegate(
	AccountTrackerService* account_tracker_service) {
	return std::make_unique<OAuth2TokenServiceDelegateAndroid>(
	account_tracker_service);
	}
	#else // defined(OS_ANDROID)
	#if defined(OS_CHROMEOS)
	std::unique_ptr<signin::ProfileOAuth2TokenServiceDelegateChromeOS>
	CreateCrOsOAuthDelegate(
	AccountTrackerService* account_tracker_service,
	network::NetworkConnectionTracker* network_connection_tracker,
	chromeos::AccountManager* account_manager,
	bool is_regular_profile) {
	DCHECK(account_manager);
	return std::make_unique<signin::ProfileOAuth2TokenServiceDelegateChromeOS>(
	account_tracker_service, network_connection_tracker, account_manager,
	is_regular_profile);
	}
	#endif // defined(OS_CHROMEOS)

	// Supervised users cannot revoke credentials.
	bool CanRevokeCredentials(Profile* profile) {
	#if defined(OS_CHROMEOS)
	// UserManager may not exist in unit_tests.
	if (user_manager::UserManager::IsInitialized() &&
	user_manager::UserManager::Get()->IsLoggedInAsSupervisedUser()) {
	// Don't allow revoking credentials for Chrome OS supervised users.
	// See http://crbug.com/332032
	LOG(ERROR) << "Attempt to revoke supervised user refresh "
	<< "token detected, ignoring.";
	return false;
	}
	#endif

	return true;
	}

	std::unique_ptr<MutableProfileOAuth2TokenServiceDelegate>
	CreateMutableProfileOAuthDelegate(
	Profile* profile,
	AccountTrackerService* account_tracker_service,
	signin::AccountConsistencyMethod account_consistency,
	SigninClient* signin_client,
	network::NetworkConnectionTracker* network_connection_tracker) {
	// When signin cookies are cleared on exit and Dice is enabled, all tokens
	// should also be cleared.
	bool revoke_all_tokens_on_load =
	(account_consistency == signin::AccountConsistencyMethod::kDice) &&
	signin::SettingsDeleteSigninCookiesOnExit(
	CookieSettingsFactory::GetForProfile(profile).get());

	return std::make_unique<MutableProfileOAuth2TokenServiceDelegate>(
	signin_client, account_tracker_service, network_connection_tracker,
	WebDataServiceFactory::GetTokenWebDataForProfile(
	profile, ServiceAccessType::EXPLICIT_ACCESS),
	account_consistency, revoke_all_tokens_on_load,
	CanRevokeCredentials(profile),
	#if defined(OS_WIN)
	base::BindRepeating(&signin_util::ReauthWithCredentialProviderIfPossible,
	base::Unretained(profile)));
	#else
	MutableProfileOAuth2TokenServiceDelegate::FixRequestErrorCallback());
	#endif // defined(OS_WIN)
	}
	#endif // !defined(OS_ANDROID)

	std::unique_ptr<OAuth2TokenServiceDelegate> CreateOAuth2TokenServiceDelegate(
	Profile* profile,
	AccountTrackerService* account_tracker_service,
	signin::AccountConsistencyMethod account_consistency,
	SigninClient* signin_client,
	#if defined(OS_CHROMEOS)
	chromeos::AccountManager* account_manager,
	bool is_regular_profile,
	#endif
	network::NetworkConnectionTracker* network_connection_tracker) {
	#if defined(OS_ANDROID)
	return CreateAndroidOAuthDelegate(account_tracker_service);
	#else // defined(OS_ANDROID)
	#if defined(OS_CHROMEOS)
	if (chromeos::switches::IsAccountManagerEnabled()) {
	return CreateCrOsOAuthDelegate(account_tracker_service,
	network_connection_tracker, account_manager,
	is_regular_profile);
	}
	#endif // defined(OS_CHROMEOS)

	// Fall back to \|MutableProfileOAuth2TokenServiceDelegate\|:
	// 1. On all platforms other than Android and Chrome OS.
	// 2. On Chrome OS, if Account Manager has not been switched on yet
	// (chromeos::switches::IsAccountManagerEnabled).
	return CreateMutableProfileOAuthDelegate(profile, account_tracker_service,
	account_consistency, signin_client,
	network_connection_tracker);
	#endif // !defined(OS_ANDROID)
	}

	} // namespace

	// static
	std::unique_ptr<ProfileOAuth2TokenService>
	ProfileOAuth2TokenServiceBuilder::BuildInstanceFor(
	content::BrowserContext* context,
	PrefService* pref_service,
	AccountTrackerService* account_tracker_service,
	network::NetworkConnectionTracker* network_connection_tracker,
	signin::AccountConsistencyMethod account_consistency,
	#if defined(OS_CHROMEOS)
	chromeos::AccountManager* account_manager,
	bool is_regular_profile,
	#endif
	SigninClient* signin_client) {
	Profile* profile = static_cast<Profile*>(context);

	// On ChromeOS the device ID is not managed by the token service.
	#if !defined(OS_CHROMEOS)
	// Ensure the device ID is not empty. This is important for Dice, because the
	// device ID is needed on the network thread, but can only be generated on the
	// main thread.
	std::string device_id = signin::GetSigninScopedDeviceId(pref_service);
	DCHECK(!device_id.empty());
	#endif

	return std::make_unique<ProfileOAuth2TokenService>(
	pref_service,
	CreateOAuth2TokenServiceDelegate(profile, account_tracker_service,
	account_consistency, signin_client,
	#if defined(OS_CHROMEOS)
	account_manager, is_regular_profile,
	#endif
	network_connection_tracker));
	}