| // Copyright 2014 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "remoting/host/oauth_token_getter.h" |
| |
| #include "base/bind.h" |
| #include "base/callback.h" |
| #include "base/strings/string_util.h" |
| #include "google_apis/google_api_keys.h" |
| #include "net/url_request/url_request_context_getter.h" |
| #include "remoting/base/logging.h" |
| |
| namespace remoting { |
| |
| namespace { |
| |
| // Maximum number of retries on network/500 errors. |
| const int kMaxRetries = 3; |
| |
| // Time when we we try to update OAuth token before its expiration. |
| const int kTokenUpdateTimeBeforeExpirySeconds = 60; |
| |
| } // namespace |
| |
| OAuthTokenGetter::OAuthCredentials::OAuthCredentials( |
| const std::string& login, |
| const std::string& refresh_token, |
| bool is_service_account) |
| : login(login), |
| refresh_token(refresh_token), |
| is_service_account(is_service_account) { |
| } |
| |
| OAuthTokenGetter::OAuthTokenGetter( |
| scoped_ptr<OAuthCredentials> oauth_credentials, |
| const scoped_refptr<net::URLRequestContextGetter>& |
| url_request_context_getter, |
| bool auto_refresh) |
| : oauth_credentials_(oauth_credentials.Pass()), |
| gaia_oauth_client_( |
| new gaia::GaiaOAuthClient(url_request_context_getter.get())), |
| url_request_context_getter_(url_request_context_getter), |
| refreshing_oauth_token_(false) { |
| if (auto_refresh) { |
| refresh_timer_.reset(new base::OneShotTimer<OAuthTokenGetter>()); |
| } |
| } |
| |
| OAuthTokenGetter::~OAuthTokenGetter() {} |
| |
| void OAuthTokenGetter::OnGetTokensResponse(const std::string& user_email, |
| const std::string& access_token, |
| int expires_seconds) { |
| NOTREACHED(); |
| } |
| |
| void OAuthTokenGetter::OnRefreshTokenResponse( |
| const std::string& access_token, |
| int expires_seconds) { |
| DCHECK(CalledOnValidThread()); |
| DCHECK(oauth_credentials_.get()); |
| HOST_LOG << "Received OAuth token."; |
| |
| oauth_access_token_ = access_token; |
| base::TimeDelta token_expiration = |
| base::TimeDelta::FromSeconds(expires_seconds) - |
| base::TimeDelta::FromSeconds(kTokenUpdateTimeBeforeExpirySeconds); |
| auth_token_expiry_time_ = base::Time::Now() + token_expiration; |
| |
| if (refresh_timer_) { |
| refresh_timer_->Stop(); |
| refresh_timer_->Start(FROM_HERE, token_expiration, this, |
| &OAuthTokenGetter::RefreshOAuthToken); |
| } |
| |
| if (verified_email_.empty()) { |
| gaia_oauth_client_->GetUserEmail(access_token, kMaxRetries, this); |
| } else { |
| refreshing_oauth_token_ = false; |
| NotifyCallbacks( |
| OAuthTokenGetter::SUCCESS, verified_email_, oauth_access_token_); |
| } |
| } |
| |
| void OAuthTokenGetter::OnGetUserEmailResponse(const std::string& user_email) { |
| DCHECK(CalledOnValidThread()); |
| DCHECK(oauth_credentials_.get()); |
| HOST_LOG << "Received user info."; |
| |
| if (user_email != oauth_credentials_->login) { |
| LOG(ERROR) << "OAuth token and email address do not refer to " |
| "the same account."; |
| OnOAuthError(); |
| return; |
| } |
| |
| verified_email_ = user_email; |
| refreshing_oauth_token_ = false; |
| |
| // Now that we've refreshed the token and verified that it's for the correct |
| // user account, try to connect using the new token. |
| NotifyCallbacks(OAuthTokenGetter::SUCCESS, user_email, oauth_access_token_); |
| } |
| |
| void OAuthTokenGetter::NotifyCallbacks(Status status, |
| const std::string& user_email, |
| const std::string& access_token) { |
| std::queue<TokenCallback> callbacks(pending_callbacks_); |
| pending_callbacks_ = std::queue<TokenCallback>(); |
| |
| while (!callbacks.empty()) { |
| callbacks.front().Run(status, user_email, access_token); |
| callbacks.pop(); |
| } |
| } |
| |
| void OAuthTokenGetter::OnOAuthError() { |
| DCHECK(CalledOnValidThread()); |
| LOG(ERROR) << "OAuth: invalid credentials."; |
| refreshing_oauth_token_ = false; |
| |
| // Throw away invalid credentials and force a refresh. |
| oauth_access_token_.clear(); |
| auth_token_expiry_time_ = base::Time(); |
| verified_email_.clear(); |
| |
| NotifyCallbacks(OAuthTokenGetter::AUTH_ERROR, std::string(), std::string()); |
| } |
| |
| void OAuthTokenGetter::OnNetworkError(int response_code) { |
| DCHECK(CalledOnValidThread()); |
| LOG(ERROR) << "Network error when trying to update OAuth token: " |
| << response_code; |
| refreshing_oauth_token_ = false; |
| NotifyCallbacks( |
| OAuthTokenGetter::NETWORK_ERROR, std::string(), std::string()); |
| } |
| |
| void OAuthTokenGetter::CallWithToken(const TokenCallback& on_access_token) { |
| DCHECK(CalledOnValidThread()); |
| bool need_new_auth_token = auth_token_expiry_time_.is_null() || |
| base::Time::Now() >= auth_token_expiry_time_ || |
| verified_email_.empty(); |
| |
| if (need_new_auth_token) { |
| pending_callbacks_.push(on_access_token); |
| if (!refreshing_oauth_token_) |
| RefreshOAuthToken(); |
| } else { |
| on_access_token.Run( |
| SUCCESS, oauth_credentials_->login, oauth_access_token_); |
| } |
| } |
| |
| void OAuthTokenGetter::RefreshOAuthToken() { |
| DCHECK(CalledOnValidThread()); |
| HOST_LOG << "Refreshing OAuth token."; |
| DCHECK(!refreshing_oauth_token_); |
| |
| // Service accounts use different API keys, as they use the client app flow. |
| google_apis::OAuth2Client oauth2_client = |
| oauth_credentials_->is_service_account ? |
| google_apis::CLIENT_REMOTING_HOST : google_apis::CLIENT_REMOTING; |
| |
| gaia::OAuthClientInfo client_info = { |
| google_apis::GetOAuth2ClientID(oauth2_client), |
| google_apis::GetOAuth2ClientSecret(oauth2_client), |
| // Redirect URL is only used when getting tokens from auth code. It |
| // is not required when getting access tokens. |
| "" |
| }; |
| |
| refreshing_oauth_token_ = true; |
| std::vector<std::string> empty_scope_list; // Use scope from refresh token. |
| gaia_oauth_client_->RefreshToken( |
| client_info, oauth_credentials_->refresh_token, empty_scope_list, |
| kMaxRetries, this); |
| } |
| |
| } // namespace remoting |