// Copyright 2014 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "chrome/browser/managed_mode/permission_request_creator_apiary.h" #include "base/callback.h" #include "base/command_line.h" #include "base/json/json_reader.h" #include "base/json/json_writer.h" #include "base/logging.h" #include "base/strings/stringprintf.h" #include "base/values.h" #include "chrome/browser/profiles/profile.h" #include "chrome/browser/signin/profile_oauth2_token_service_factory.h" #include "chrome/browser/signin/signin_manager_factory.h" #include "chrome/browser/sync/managed_user_signin_manager_wrapper.h" #include "chrome/common/chrome_switches.h" #include "components/signin/core/browser/profile_oauth2_token_service.h" #include "components/signin/core/browser/signin_manager.h" #include "components/signin/core/browser/signin_manager_base.h" #include "google_apis/gaia/google_service_auth_error.h" #include "net/base/load_flags.h" #include "net/base/net_errors.h" #include "net/http/http_status_code.h" #include "net/url_request/url_fetcher.h" #include "net/url_request/url_request_status.h" using net::URLFetcher; const int kNumRetries = 1; const char kIdKey[] = "id"; const char kNamespace[] = "CHROME"; const char kState[] = "PENDING"; static const char kAuthorizationHeaderFormat[] = "Authorization: Bearer %s"; PermissionRequestCreatorApiary::PermissionRequestCreatorApiary( OAuth2TokenService* oauth2_token_service, scoped_ptr signin_wrapper, net::URLRequestContextGetter* context) : OAuth2TokenService::Consumer("permissions_creator"), oauth2_token_service_(oauth2_token_service), signin_wrapper_(signin_wrapper.Pass()), context_(context), access_token_expired_(false) {} PermissionRequestCreatorApiary::~PermissionRequestCreatorApiary() {} // static scoped_ptr PermissionRequestCreatorApiary::CreateWithProfile(Profile* profile) { ProfileOAuth2TokenService* token_service = ProfileOAuth2TokenServiceFactory::GetForProfile(profile); SigninManagerBase* signin = SigninManagerFactory::GetForProfile(profile); scoped_ptr signin_wrapper( new ManagedUserSigninManagerWrapper(profile, signin)); scoped_ptr creator( new PermissionRequestCreatorApiary( token_service, signin_wrapper.Pass(), profile->GetRequestContext())); return creator.Pass(); } void PermissionRequestCreatorApiary::CreatePermissionRequest( const std::string& url_requested, const base::Closure& callback) { url_requested_ = url_requested; callback_ = callback; StartFetching(); } void PermissionRequestCreatorApiary::StartFetching() { OAuth2TokenService::ScopeSet scopes; scopes.insert(signin_wrapper_->GetSyncScopeToUse()); access_token_request_ = oauth2_token_service_->StartRequest( signin_wrapper_->GetAccountIdToUse(), scopes, this); } void PermissionRequestCreatorApiary::OnGetTokenSuccess( const OAuth2TokenService::Request* request, const std::string& access_token, const base::Time& expiration_time) { DCHECK_EQ(access_token_request_.get(), request); access_token_ = access_token; GURL url(CommandLine::ForCurrentProcess()->GetSwitchValueASCII( switches::kPermissionRequestApiUrl)); const int id = 0; url_fetcher_.reset(URLFetcher::Create(id, url, URLFetcher::POST, this)); url_fetcher_->SetRequestContext(context_); url_fetcher_->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES); url_fetcher_->SetAutomaticallyRetryOnNetworkChanges(kNumRetries); url_fetcher_->AddExtraRequestHeader( base::StringPrintf(kAuthorizationHeaderFormat, access_token.c_str())); base::DictionaryValue dict; dict.SetStringWithoutPathExpansion("namespace", kNamespace); dict.SetStringWithoutPathExpansion("objectRef", url_requested_); dict.SetStringWithoutPathExpansion("state", kState); std::string body; base::JSONWriter::Write(&dict, &body); url_fetcher_->SetUploadData("application/json", body); url_fetcher_->Start(); } void PermissionRequestCreatorApiary::OnGetTokenFailure( const OAuth2TokenService::Request* request, const GoogleServiceAuthError& error) { DCHECK_EQ(access_token_request_.get(), request); callback_.Run(); callback_.Reset(); } void PermissionRequestCreatorApiary::OnURLFetchComplete( const URLFetcher* source) { const net::URLRequestStatus& status = source->GetStatus(); if (!status.is_success()) { DispatchNetworkError(status.error()); return; } int response_code = source->GetResponseCode(); if (response_code == net::HTTP_UNAUTHORIZED && !access_token_expired_) { access_token_expired_ = true; OAuth2TokenService::ScopeSet scopes; scopes.insert(signin_wrapper_->GetSyncScopeToUse()); oauth2_token_service_->InvalidateToken( signin_wrapper_->GetAccountIdToUse(), scopes, access_token_); StartFetching(); return; } if (response_code != net::HTTP_OK) { DLOG(WARNING) << "HTTP error " << response_code; DispatchGoogleServiceAuthError( GoogleServiceAuthError(GoogleServiceAuthError::CONNECTION_FAILED)); return; } std::string response_body; source->GetResponseAsString(&response_body); scoped_ptr value(base::JSONReader::Read(response_body)); base::DictionaryValue* dict = NULL; if (!value || !value->GetAsDictionary(&dict)) { DispatchNetworkError(net::ERR_INVALID_RESPONSE); return; } std::string id; if (!dict->GetString(kIdKey, &id)) { DispatchNetworkError(net::ERR_INVALID_RESPONSE); return; } callback_.Run(); callback_.Reset(); } void PermissionRequestCreatorApiary::DispatchNetworkError(int error_code) { DispatchGoogleServiceAuthError( GoogleServiceAuthError::FromConnectionError(error_code)); } void PermissionRequestCreatorApiary::DispatchGoogleServiceAuthError( const GoogleServiceAuthError& error) { callback_.Run(); callback_.Reset(); }