1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef COMPONENTS_AUTOFILL_CONTENT_BROWSER_WALLET_WALLET_CLIENT_H_ 6 #define COMPONENTS_AUTOFILL_CONTENT_BROWSER_WALLET_WALLET_CLIENT_H_ 7 8 #include <queue> 9 #include <string> 10 #include <vector> 11 12 #include "base/callback.h" // For base::Closure. 13 #include "base/memory/ref_counted.h" 14 #include "base/memory/weak_ptr.h" 15 #include "base/time/time.h" 16 #include "base/values.h" 17 #include "components/autofill/content/browser/wallet/full_wallet.h" 18 #include "components/autofill/content/browser/wallet/wallet_items.h" 19 #include "components/autofill/core/browser/autofill_client.h" 20 #include "components/autofill/core/browser/autofill_metrics.h" 21 #include "net/url_request/url_fetcher_delegate.h" 22 #include "testing/gtest/include/gtest/gtest_prod.h" 23 #include "url/gurl.h" 24 25 namespace net { 26 class URLFetcher; 27 class URLRequestContextGetter; 28 } 29 30 namespace autofill { 31 namespace wallet { 32 33 class Address; 34 class FullWallet; 35 class Instrument; 36 class WalletClientDelegate; 37 38 // WalletClient is responsible for making calls to the Online Wallet backend on 39 // the user's behalf. The normal flow for using this class is as follows: 40 // 1) GetWalletItems should be called to retrieve the user's Wallet. 41 // a) If the user does not have a Wallet, they must AcceptLegalDocuments and 42 // SaveToWallet to set up their account before continuing. 43 // b) If the user has not accepted the most recent legal documents for 44 // Wallet, they must AcceptLegalDocuments. 45 // 2) The user then chooses what instrument and shipping address to use for the 46 // current transaction. 47 // a) If they choose an instrument with a zip code only address, the billing 48 // address will need to be updated using SaveToWallet. 49 // b) The user may also choose to add a new instrument or address using 50 // SaveToWallet. 51 // 3) Once the user has selected the backing instrument and shipping address 52 // for this transaction, a FullWallet with the fronting card is generated 53 // using GetFullWallet. 54 // a) GetFullWallet may return a Risk challenge for the user. In that case, 55 // the user will need to verify who they are by authenticating their 56 // chosen backing instrument through AuthenticateInstrument 57 // 58 // WalletClient is designed so only one request to Online Wallet can be outgoing 59 // at any one time. If |HasRequestInProgress()| is true while calling e.g. 60 // GetWalletItems(), the request will be queued and started later. Queued 61 // requests start in the order they were received. 62 63 class WalletClient : public net::URLFetcherDelegate { 64 public: 65 // The Risk challenges supported by users of WalletClient. 66 enum RiskCapability { 67 RELOGIN, 68 VERIFY_CVC, 69 }; 70 71 // The type of error returned by Online Wallet. 72 enum ErrorType { 73 // Errors to display to users ---------------------------------------------- 74 BUYER_ACCOUNT_ERROR, // Risk deny, unsupported country, or 75 // account closed. 76 BUYER_LEGAL_ADDRESS_NOT_SUPPORTED, // User's Buyer Legal Address is 77 // unsupported by Online Wallet. 78 UNVERIFIED_KNOW_YOUR_CUSTOMER_STATUS, // User's "know your customer" KYC 79 // state is not verified (either 80 // KYC_REFER or KYC_FAIL). 81 UNSUPPORTED_MERCHANT, // Merchant is blacklisted due to 82 // compliance violation. 83 84 // API errors -------------------------------------------------------------- 85 // Request was very malformed or sent to the wrong endpoint. 86 BAD_REQUEST, 87 // API call had missing or invalid parameters. 88 INVALID_PARAMS, 89 // The server API version of the request is no longer supported. 90 UNSUPPORTED_API_VERSION, 91 // The user agent is not supported or a bad Google API key was provided. 92 UNSUPPORTED_USER_AGENT_OR_API_KEY, 93 94 // Server errors ----------------------------------------------------------- 95 INTERNAL_ERROR, // Unknown server side error. 96 SERVICE_UNAVAILABLE, // Online Wallet is down. 97 98 // Other errors ------------------------------------------------------------ 99 MALFORMED_RESPONSE, // The response from Wallet was malformed. 100 NETWORK_ERROR, // The response code of the server was something 101 // other than a 200 or 400. 102 103 UNKNOWN_ERROR, // Catch all error type. 104 }; 105 106 struct FullWalletRequest { 107 public: 108 FullWalletRequest(const std::string& instrument_id, 109 const std::string& address_id, 110 const std::string& google_transaction_id, 111 const std::vector<RiskCapability> risk_capabilities, 112 bool new_wallet_user); 113 ~FullWalletRequest(); 114 115 // The ID of the backing instrument. Should have been selected by the user 116 // in some UI. 117 std::string instrument_id; 118 119 // The ID of the shipping address. Should have been selected by the user 120 // in some UI. 121 std::string address_id; 122 123 // The transaction ID from GetWalletItems. 124 std::string google_transaction_id; 125 126 // The Risk challenges supported by the user of WalletClient 127 std::vector<RiskCapability> risk_capabilities; 128 129 // True if the user does not have Wallet profile. 130 bool new_wallet_user; 131 132 private: 133 DISALLOW_ASSIGN(FullWalletRequest); 134 }; 135 136 // |context_getter| is reference counted so it has no lifetime or ownership 137 // requirements. |delegate| must outlive |this|. |source_url| is the url 138 // of the merchant page. 139 WalletClient(net::URLRequestContextGetter* context_getter, 140 WalletClientDelegate* delegate, 141 const GURL& source_url); 142 143 virtual ~WalletClient(); 144 145 // GetWalletItems retrieves the user's online wallet. The WalletItems 146 // returned may require additional action such as presenting legal documents 147 // to the user to be accepted. 148 virtual void GetWalletItems(); 149 150 // The GetWalletItems call to the Online Wallet backend may require the user 151 // to accept various legal documents before a FullWallet can be generated. 152 // The |google_transaction_id| is provided in the response to the 153 // GetWalletItems call. If |documents| are empty, |delegate_| will not receive 154 // a corresponding |OnDidAcceptLegalDocuments()| call. 155 virtual void AcceptLegalDocuments( 156 const std::vector<WalletItems::LegalDocument*>& documents, 157 const std::string& google_transaction_id); 158 159 // Authenticates that |card_verification_number| is for the backing instrument 160 // with |instrument_id|. |obfuscated_gaia_id| is used as a key when escrowing 161 // |card_verification_number|. |delegate_| is notified when the request is 162 // complete. Used to respond to Risk challenges. 163 virtual void AuthenticateInstrument( 164 const std::string& instrument_id, 165 const std::string& card_verification_number); 166 167 // GetFullWallet retrieves the a FullWallet for the user. 168 virtual void GetFullWallet(const FullWalletRequest& full_wallet_request); 169 170 // Saves the data in |instrument| and/or |address| to Wallet. |instrument| 171 // does not have to be complete if it's being used to update an existing 172 // instrument, like in the case of expiration date or address only updates. 173 // |reference_instrument| and |reference_address| are the original instrument 174 // and address to be updated on the server (and should be NULL if |instrument| 175 // or |address| are new data). 176 virtual void SaveToWallet( 177 scoped_ptr<Instrument> instrument, 178 scoped_ptr<Address> address, 179 const WalletItems::MaskedInstrument* reference_instrument, 180 const Address* reference_address); 181 182 bool HasRequestInProgress() const; 183 184 // Cancels and clears the current |request_|. 185 void CancelRequest(); 186 187 // Sets the user index and cancels any pending requests. 188 void SetUserIndex(size_t user_index); 189 size_t user_index() const { return user_index_; } 190 191 private: 192 FRIEND_TEST_ALL_PREFIXES(WalletClientTest, PendingRequest); 193 FRIEND_TEST_ALL_PREFIXES(WalletClientTest, CancelRequests); 194 195 enum RequestType { 196 NO_REQUEST, 197 ACCEPT_LEGAL_DOCUMENTS, 198 AUTHENTICATE_INSTRUMENT, 199 GET_FULL_WALLET, 200 GET_WALLET_ITEMS, 201 SAVE_TO_WALLET, 202 }; 203 204 // Like AcceptLegalDocuments, but takes a vector of document ids. 205 void DoAcceptLegalDocuments( 206 const std::vector<std::string>& document_ids, 207 const std::string& google_transaction_id); 208 209 // Posts |post_body| to |url| with content type |mime_type| and notifies 210 // |delegate_| when the request is complete. 211 void MakeWalletRequest(const GURL& url, 212 const std::string& post_body, 213 const std::string& mime_type, 214 RequestType request_type); 215 216 // Performs bookkeeping tasks for any invalid requests. 217 void HandleMalformedResponse(RequestType request_type, 218 net::URLFetcher* request); 219 void HandleNetworkError(int response_code); 220 void HandleWalletError(ErrorType error_type); 221 222 // net::URLFetcherDelegate: 223 virtual void OnURLFetchComplete(const net::URLFetcher* source) OVERRIDE; 224 225 // Logs an UMA metric for each of the |required_actions|. 226 void LogRequiredActions( 227 const std::vector<RequiredAction>& required_actions) const; 228 229 // Converts |request_type| to an UMA metric. 230 AutofillMetrics::WalletApiCallMetric RequestTypeToUmaMetric( 231 RequestType request_type) const; 232 233 // The context for the request. Ensures the gdToken cookie is set as a header 234 // in the requests to Online Wallet if it is present. 235 scoped_refptr<net::URLRequestContextGetter> context_getter_; 236 237 // Observer class that has its various On* methods called based on the results 238 // of a request to Online Wallet. 239 WalletClientDelegate* const delegate_; // must outlive |this|. 240 241 // The index of the user account we're making requests for. The index is into 242 // GAIA's list of signed in users. 243 size_t user_index_; 244 245 // The URL of the page we're making requests on behalf of. 246 GURL source_url_; 247 248 // The current request object. 249 scoped_ptr<net::URLFetcher> request_; 250 251 // The type of the current request. Must be NO_REQUEST for a request 252 // to be initiated as only one request may be running at a given time. 253 RequestType request_type_; 254 255 // The one time pad used for GetFullWallet encryption. 256 std::vector<uint8> one_time_pad_; 257 258 // When the current request started. Used to track client side latency. 259 base::Time request_started_timestamp_; 260 261 base::WeakPtrFactory<WalletClient> weak_ptr_factory_; 262 263 DISALLOW_COPY_AND_ASSIGN(WalletClient); 264 }; 265 266 } // namespace wallet 267 } // namespace autofill 268 269 #endif // COMPONENTS_AUTOFILL_CONTENT_BROWSER_WALLET_WALLET_CLIENT_H_ 270