Home | History | Annotate | Download | only in browser 
      1 // Copyright 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_
      6 #define COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_
      7 
      8 #include <string>
      9 
     10 #include "base/threading/thread_checker.h"
     11 #include "components/signin/core/browser/mutable_profile_oauth2_token_service.h"
     12 
     13 class OAuth2AccessTokenFetcher;
     14 
     15 namespace ios{
     16 class ProfileOAuth2TokenServiceIOSProvider;
     17 }
     18 
     19 // A specialization of ProfileOAuth2TokenService that will be returned by
     20 // ProfileOAuth2TokenServiceFactory for OS_IOS when iOS authentication service
     21 // is used to lookup OAuth2 tokens.
     22 //
     23 // See |ProfileOAuth2TokenService| for usage details.
     24 //
     25 // Note: Requests should be started from the UI thread. To start a
     26 // request from aother thread, please use OAuth2TokenServiceRequest.
     27 class ProfileOAuth2TokenServiceIOS : public MutableProfileOAuth2TokenService {
     28  public:
     29   ProfileOAuth2TokenServiceIOS();
     30   virtual ~ProfileOAuth2TokenServiceIOS();
     31 
     32   // KeyedService
     33   virtual void Shutdown() OVERRIDE;
     34 
     35   // OAuth2TokenService
     36   virtual bool RefreshTokenIsAvailable(
     37       const std::string& account_id) const OVERRIDE;
     38 
     39   virtual void InvalidateOAuth2Token(const std::string& account_id,
     40                                      const std::string& client_id,
     41                                      const ScopeSet& scopes,
     42                                      const std::string& access_token) OVERRIDE;
     43 
     44   // ProfileOAuth2TokenService
     45   virtual void Initialize(SigninClient* client) OVERRIDE;
     46   virtual void LoadCredentials(const std::string& primary_account_id) OVERRIDE;
     47   virtual std::vector<std::string> GetAccounts() OVERRIDE;
     48   virtual void UpdateAuthError(const std::string& account_id,
     49                                const GoogleServiceAuthError& error) OVERRIDE;
     50 
     51   // This method should not be called when using shared authentication.
     52   virtual void UpdateCredentials(const std::string& account_id,
     53                                  const std::string& refresh_token) OVERRIDE;
     54 
     55   // Removes all credentials from this instance of |ProfileOAuth2TokenService|,
     56   // however, it does not revoke the identities from the device.
     57   // Subsequent calls to |RefreshTokenIsAvailable| will return |false|.
     58   virtual void RevokeAllCredentials() OVERRIDE;
     59 
     60   // Returns the refresh token for |account_id| .
     61   // Must only be called when |ShouldUseIOSSharedAuthentication| returns false.
     62   std::string GetRefreshTokenWhenNotUsingSharedAuthentication(
     63       const std::string& account_id);
     64 
     65   // Reloads accounts from the provider. Fires |OnRefreshTokenAvailable| for
     66   // each new account. Fires |OnRefreshTokenRevoked| for each account that was
     67   // removed.
     68   void ReloadCredentials();
     69 
     70   // Upgrades to using shared authentication token service.
     71   //
     72   // Note: If this |ProfileOAuth2TokenServiceIOS| was using the legacy token
     73   // service, then this call also revokes all tokens from the parent
     74   // |MutableProfileOAuth2TokenService|.
     75   void StartUsingSharedAuthentication();
     76 
     77   // Sets |use_legacy_token_service_| to |use_legacy_token_service|.
     78   //
     79   // Should only be called for testing.
     80   void SetUseLegacyTokenServiceForTesting(bool use_legacy_token_service);
     81 
     82   // Revokes the OAuth2 refresh tokens for all accounts from the parent
     83   // |MutableProfileOAuth2TokenService|.
     84   //
     85   // Note: This method should only be called if the legacy pre-SSOAuth token
     86   // service is used.
     87   void ForceInvalidGrantResponses();
     88 
     89  protected:
     90   virtual OAuth2AccessTokenFetcher* CreateAccessTokenFetcher(
     91       const std::string& account_id,
     92       net::URLRequestContextGetter* getter,
     93       OAuth2AccessTokenConsumer* consumer) OVERRIDE;
     94 
     95   // Protected and virtual to be overriden by fake for testing.
     96 
     97   // Adds |account_id| to |accounts_| if it does not exist or udpates
     98   // the auth error state of |account_id| if it exists. Fires
     99   // |OnRefreshTokenAvailable| if the account info is updated.
    100   virtual void AddOrUpdateAccount(const std::string& account_id);
    101 
    102   // Removes |account_id| from |accounts_|. Fires |OnRefreshTokenRevoked|
    103   // if the account info is removed.
    104   virtual void RemoveAccount(const std::string& account_id);
    105 
    106  private:
    107   class AccountInfo : public SigninErrorController::AuthStatusProvider {
    108    public:
    109     AccountInfo(ProfileOAuth2TokenService* token_service,
    110                 const std::string& account_id);
    111     virtual ~AccountInfo();
    112 
    113     void SetLastAuthError(const GoogleServiceAuthError& error);
    114 
    115     // SigninErrorController::AuthStatusProvider implementation.
    116     virtual std::string GetAccountId() const OVERRIDE;
    117     virtual std::string GetUsername() const OVERRIDE;
    118     virtual GoogleServiceAuthError GetAuthStatus() const OVERRIDE;
    119 
    120    private:
    121     ProfileOAuth2TokenService* token_service_;
    122     std::string account_id_;
    123     GoogleServiceAuthError last_auth_error_;
    124 
    125     DISALLOW_COPY_AND_ASSIGN(AccountInfo);
    126   };
    127 
    128   // Maps the |account_id| of accounts known to ProfileOAuth2TokenService
    129   // to information about the account.
    130   typedef std::map<std::string, linked_ptr<AccountInfo> > AccountInfoMap;
    131 
    132   // MutableProfileOAuth2TokenService
    133   virtual std::string GetRefreshToken(
    134       const std::string& account_id) const OVERRIDE;
    135 
    136   // Returns the iOS provider;
    137   ios::ProfileOAuth2TokenServiceIOSProvider* GetProvider();
    138 
    139   // Info about the existing accounts.
    140   AccountInfoMap accounts_;
    141 
    142   // Calls to this class are expected to be made from the browser UI thread.
    143   // The purpose of this  this checker is to warn us if the upstream usage of
    144   // ProfileOAuth2TokenService ever gets changed to have it be used across
    145   // multiple threads.
    146   base::ThreadChecker thread_checker_;
    147 
    148   // Whether to use the legacy pre-SSOAuth token service.
    149   //
    150   // |use_legacy_token_service_| is true iff the provider is not using shared
    151   // authentication during |LoadCredentials|. Note that |LoadCredentials| is
    152   // called exactly once after the PO2TS initialization iff the user is signed
    153   // in.
    154   //
    155   // If |use_legacy_token_service_| is true, then this
    156   // |ProfileOAuth2TokenServiceIOS| delegates all calls to the parent
    157   // |MutableProfileOAuth2TokenService|.
    158   bool use_legacy_token_service_;
    159 
    160   DISALLOW_COPY_AND_ASSIGN(ProfileOAuth2TokenServiceIOS);
    161 };
    162 
    163 #endif  // COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_
    164