Home | History | Annotate | Download | only in signin 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_BROWSER_SIGNIN_PROFILE_OAUTH2_TOKEN_SERVICE_H_
      6 #define CHROME_BROWSER_SIGNIN_PROFILE_OAUTH2_TOKEN_SERVICE_H_
      7 
      8 #include <string>
      9 
     10 #include "base/gtest_prod_util.h"
     11 #include "base/memory/linked_ptr.h"
     12 #include "chrome/browser/signin/signin_global_error.h"
     13 #include "components/browser_context_keyed_service/browser_context_keyed_service.h"
     14 #include "google_apis/gaia/oauth2_token_service.h"
     15 
     16 namespace net {
     17 class URLRequestContextGetter;
     18 }
     19 
     20 class GoogleServiceAuthError;
     21 class Profile;
     22 class SigninGlobalError;
     23 
     24 // ProfileOAuth2TokenService is a BrowserContextKeyedService that retrieves
     25 // OAuth2 access tokens for a given set of scopes using the OAuth2 login
     26 // refresh tokens.
     27 //
     28 // See |OAuth2TokenService| for usage details.
     29 //
     30 // Note: after StartRequest returns, in-flight requests will continue
     31 // even if the TokenService refresh token that was used to initiate
     32 // the request changes or is cleared.  When the request completes,
     33 // Consumer::OnGetTokenSuccess will be invoked, but the access token
     34 // won't be cached.
     35 //
     36 // Note: requests should be started from the UI thread. To start a
     37 // request from other thread, please use ProfileOAuth2TokenServiceRequest.
     38 class ProfileOAuth2TokenService : public OAuth2TokenService,
     39                                   public BrowserContextKeyedService {
     40  public:
     41   // Initializes this token service with the profile.
     42   virtual void Initialize(Profile* profile);
     43 
     44   // Loads credentials from a backing persistent store to make them available
     45   // after service is used between profile restarts.
     46   // Usually it's not necessary to directly call this method.
     47   // TODO(bauerb): Make this method protected once this class initializes itself
     48   // automatically.
     49   virtual void LoadCredentials();
     50 
     51   // BrowserContextKeyedService implementation.
     52   virtual void Shutdown() OVERRIDE;
     53 
     54   // Gets an account id of the primary account related to the profile.
     55   std::string GetPrimaryAccountId();
     56 
     57   // Lists account IDs of all accounts with a refresh token.
     58   virtual std::vector<std::string> GetAccounts() OVERRIDE;
     59 
     60   // Updates a |refresh_token| for an |account_id|. Credentials are persisted,
     61   // and available through |LoadCredentials| after service is restarted.
     62   virtual void UpdateCredentials(const std::string& account_id,
     63                                  const std::string& refresh_token);
     64 
     65   // Revokes credentials related to |account_id|.
     66   void RevokeCredentials(const std::string& account_id);
     67 
     68   // Revokes all credentials handled by the object.
     69   void RevokeAllCredentials();
     70 
     71   SigninGlobalError* signin_global_error() {
     72     return signin_global_error_.get();
     73   }
     74 
     75   const SigninGlobalError* signin_global_error() const {
     76     return signin_global_error_.get();
     77   }
     78 
     79   Profile* profile() const { return profile_; }
     80 
     81  protected:
     82   class AccountInfo : public SigninGlobalError::AuthStatusProvider {
     83    public:
     84     AccountInfo(ProfileOAuth2TokenService* token_service,
     85                 const std::string& account_id,
     86                 const std::string& refresh_token);
     87     virtual ~AccountInfo();
     88 
     89     const std::string& refresh_token() const { return refresh_token_; }
     90     void set_refresh_token(const std::string& token) {
     91       refresh_token_ = token;
     92     }
     93 
     94     void SetLastAuthError(const GoogleServiceAuthError& error);
     95 
     96     // SigninGlobalError::AuthStatusProvider implementation.
     97     virtual std::string GetAccountId() const OVERRIDE;
     98     virtual GoogleServiceAuthError GetAuthStatus() const OVERRIDE;
     99 
    100    private:
    101     ProfileOAuth2TokenService* token_service_;
    102     std::string account_id_;
    103     std::string refresh_token_;
    104     GoogleServiceAuthError last_auth_error_;
    105 
    106     DISALLOW_COPY_AND_ASSIGN(AccountInfo);
    107   };
    108 
    109   // Maps the |account_id| of accounts known to ProfileOAuth2TokenService
    110   // to information about the account.
    111   typedef std::map<std::string, linked_ptr<AccountInfo> > AccountInfoMap;
    112 
    113   ProfileOAuth2TokenService();
    114   virtual ~ProfileOAuth2TokenService();
    115 
    116   // OAuth2TokenService overrides.
    117   virtual std::string GetRefreshToken(const std::string& account_id) OVERRIDE;
    118 
    119   // OAuth2TokenService implementation.
    120   virtual net::URLRequestContextGetter* GetRequestContext() OVERRIDE;
    121 
    122   // Updates the internal cache of the result from the most-recently-completed
    123   // auth request (used for reporting errors to the user).
    124   virtual void UpdateAuthError(
    125       const std::string& account_id,
    126       const GoogleServiceAuthError& error) OVERRIDE;
    127 
    128   // Persists credentials for |account_id|. Enables overriding for
    129   // testing purposes, or other cases, when accessing the DB is not desired.
    130   virtual void PersistCredentials(const std::string& account_id,
    131                                   const std::string& refresh_token);
    132 
    133   // Clears credentials persisted for |account_id|. Enables overriding for
    134   // testing purposes, or other cases, when accessing the DB is not desired.
    135   virtual void ClearPersistedCredentials(const std::string& account_id);
    136 
    137   AccountInfoMap& refresh_tokens() { return refresh_tokens_; }
    138 
    139  private:
    140   FRIEND_TEST_ALL_PREFIXES(MutableProfileOAuth2TokenServiceTest,
    141                            TokenServiceUpdateClearsCache);
    142   FRIEND_TEST_ALL_PREFIXES(MutableProfileOAuth2TokenServiceTest,
    143                            PersistenceDBUpgrade);
    144   FRIEND_TEST_ALL_PREFIXES(MutableProfileOAuth2TokenServiceTest,
    145                            PersistenceLoadCredentials);
    146 
    147   // Revokes the refresh token on the server.
    148   virtual void RevokeCredentialsOnServer(const std::string& refresh_token);
    149 
    150   // The profile with which this instance was initialized, or NULL.
    151   Profile* profile_;
    152 
    153   // In memory refresh token store mapping account_id to refresh_token.
    154   AccountInfoMap refresh_tokens_;
    155 
    156   // Used to show auth errors in the wrench menu. The SigninGlobalError is
    157   // different than most GlobalErrors in that its lifetime is controlled by
    158   // ProfileOAuth2TokenService (so we can expose a reference for use in the
    159   // wrench menu).
    160   scoped_ptr<SigninGlobalError> signin_global_error_;
    161 
    162   DISALLOW_COPY_AND_ASSIGN(ProfileOAuth2TokenService);
    163 };
    164 
    165 #endif  // CHROME_BROWSER_SIGNIN_PROFILE_OAUTH2_TOKEN_SERVICE_H_
    166