1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/common/extensions/api/identity/oauth2_manifest_handler.h" 6 7 #include "base/lazy_instance.h" 8 #include "base/memory/scoped_ptr.h" 9 #include "base/strings/utf_string_conversions.h" 10 #include "base/values.h" 11 #include "chrome/common/extensions/extension_manifest_constants.h" 12 #include "extensions/common/error_utils.h" 13 14 namespace keys = extension_manifest_keys; 15 namespace errors = extension_manifest_errors; 16 17 namespace { 18 19 // Manifest keys. 20 const char kClientId[] = "client_id"; 21 const char kScopes[] = "scopes"; 22 const char kAutoApprove[] = "auto_approve"; 23 24 } // namespace 25 26 namespace extensions { 27 28 OAuth2Info::OAuth2Info() : auto_approve(false) {} 29 OAuth2Info::~OAuth2Info() {} 30 31 static base::LazyInstance<OAuth2Info> g_empty_oauth2_info = 32 LAZY_INSTANCE_INITIALIZER; 33 34 // static 35 const OAuth2Info& OAuth2Info::GetOAuth2Info(const Extension* extension) { 36 OAuth2Info* info = static_cast<OAuth2Info*>( 37 extension->GetManifestData(keys::kOAuth2)); 38 return info ? *info : g_empty_oauth2_info.Get(); 39 } 40 41 OAuth2ManifestHandler::OAuth2ManifestHandler() { 42 } 43 44 OAuth2ManifestHandler::~OAuth2ManifestHandler() { 45 } 46 47 bool OAuth2ManifestHandler::Parse(Extension* extension, 48 string16* error) { 49 scoped_ptr<OAuth2Info> info(new OAuth2Info); 50 const base::DictionaryValue* dict = NULL; 51 if (!extension->manifest()->GetDictionary(keys::kOAuth2, &dict)) { 52 *error = ASCIIToUTF16(errors::kInvalidOAuth2ClientId); 53 return false; 54 } 55 56 // HasPath checks for whether the manifest is allowed to have 57 // oauth2.auto_approve based on whitelist, and if it is present. 58 // GetBoolean reads the value of auto_approve directly from dict to prevent 59 // duplicate checking. 60 if (extension->manifest()->HasPath(keys::kOAuth2AutoApprove) && 61 !dict->GetBoolean(kAutoApprove, &info->auto_approve)) { 62 *error = ASCIIToUTF16(errors::kInvalidOAuth2AutoApprove); 63 return false; 64 } 65 66 // Component apps using auto_approve may use Chrome's client ID by 67 // omitting the field. 68 if ((!dict->GetString(kClientId, &info->client_id) || 69 info->client_id.empty()) && 70 (extension->location() != Manifest::COMPONENT || !info->auto_approve)) { 71 *error = ASCIIToUTF16(errors::kInvalidOAuth2ClientId); 72 return false; 73 } 74 75 const base::ListValue* list = NULL; 76 if (!dict->GetList(kScopes, &list)) { 77 *error = ASCIIToUTF16(errors::kInvalidOAuth2Scopes); 78 return false; 79 } 80 81 for (size_t i = 0; i < list->GetSize(); ++i) { 82 std::string scope; 83 if (!list->GetString(i, &scope)) { 84 *error = ASCIIToUTF16(errors::kInvalidOAuth2Scopes); 85 return false; 86 } 87 info->scopes.push_back(scope); 88 } 89 90 extension->SetManifestData(keys::kOAuth2, info.release()); 91 return true; 92 } 93 94 const std::vector<std::string> OAuth2ManifestHandler::Keys() const { 95 return SingleKey(keys::kOAuth2); 96 } 97 98 } // namespace extensions 99