Retry fetching OAuth1 request token on failure

chrome/browser/chromeos/login/login_utils.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/login_utils.h"
 
 #include <algorithm>
 #include <vector>
 
 #include "ash/ash_switches.h"
@@ skipping 77 matching lines @@
 #include "ui/compositor/compositor_switches.h"
 #include "ui/gl/gl_switches.h"
 #include "webkit/plugins/plugin_switches.h"
 
 using content::BrowserThread;
 
 namespace chromeos {
 
 namespace {
 
-// OAuth token verification retry count.
+// OAuth token verification max retry count.
 const int kMaxOAuthTokenVerificationAttemptCount = 5;
-// OAuth token verification retry delay.
-const int kOAuthVerificationRestartDelay = 10000;  // ms
+// OAuth token verification retry delay in milliseconds.
+const int kOAuthVerificationRestartDelay = 10000;
+
+// OAuth token request max retry count.
+const int kMaxOAuth1TokenRequestAttemptCount = 5;
+// OAuth token request retry delay in milliseconds.
+const int kOAuth1TokenRequestRestartDelay = 3000;
 
 // Affixes for Auth token received from ClientLogin request.
 const char kAuthPrefix[] = "Auth=";
 const char kAuthSuffix[] = "\n";
 
 // Increase logging level for Guest mode to avoid LOG(INFO) messages in logs.
 const char kGuestModeLoggingLevel[] = "1";
 
 // Format of command line switch.
 const char kSwitchFormatString[] = " --%s=\"%s\"";
@@ skipping 67 matching lines @@
   net::HttpAuthCache* new_cache = new_context->GetURLRequestContext()->
       http_transaction_factory()->GetSession()->http_auth_cache();
   new_cache->UpdateAllFrom(*auth_context->GetURLRequestContext()->
       http_transaction_factory()->GetSession()->http_auth_cache());
 }
 
 }  // namespace
 
 // Verifies OAuth1 access token by performing OAuthLogin. Fetches user cookies
 // on successful OAuth authentication.
+// TODO(kochi): Split this class into another file after M20 merge.
 class OAuthLoginVerifier : public base::SupportsWeakPtr<OAuthLoginVerifier>,
                            public GaiaOAuthConsumer,
                            public GaiaAuthConsumer {
  public:
   class Delegate {
    public:
     virtual ~Delegate() {}
     virtual void OnOAuthVerificationSucceeded(const std::string& user_name,
                                               const std::string& sid,
                                               const std::string& lsid,
@@ skipping 129 matching lines @@
 
   virtual void OnOAuthLoginFailure(
       const GoogleServiceAuthError& error) OVERRIDE {
     DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
     LOG(WARNING) << "Failed to verify OAuth1 access tokens,"
                  << " error.state=" << error.state();
     if (!RetryOnError(error))
       delegate_->OnOAuthVerificationFailed(username_);
   }
 
-  void OnCookueFetchFailed(const GoogleServiceAuthError& error) {
+  void OnCookieFetchFailed(const GoogleServiceAuthError& error) {
     DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
     if (!RetryOnError(error))
       delegate_->OnUserCookiesFetchFailed(username_);
   }
 
   // GaiaAuthConsumer overrides.
   virtual void OnIssueAuthTokenSuccess(const std::string& service,
                                        const std::string& auth_token) OVERRIDE {
     gaia_fetcher_.StartMergeSession(auth_token);
   }
 
   virtual void OnIssueAuthTokenFailure(const std::string& service,
       const GoogleServiceAuthError& error) OVERRIDE {
     DVLOG(1) << "Failed IssueAuthToken request,"
              << " error.state=" << error.state();
-    OnCookueFetchFailed(error);
+    OnCookieFetchFailed(error);
   }
 
   virtual void OnMergeSessionSuccess(const std::string& data) OVERRIDE {
     DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
     DVLOG(1) << "MergeSession successful.";
     step_ = VERIFICATION_STEP_COOKIES_FETCHED;
     delegate_->OnUserCookiesFetchSucceeded(username_);
   }
 
   virtual void OnMergeSessionFailure(
       const GoogleServiceAuthError& error) OVERRIDE {
     DVLOG(1) << "Failed MergeSession request,"
              << " error.state=" << error.state();
-    OnCookueFetchFailed(error);
+    OnCookieFetchFailed(error);
   }
 
   OAuthLoginVerifier::Delegate* delegate_;
   GaiaOAuthFetcher oauth_fetcher_;
   GaiaAuthFetcher gaia_fetcher_;
   std::string oauth1_token_;
   std::string oauth1_secret_;
   std::string sid_;
   std::string lsid_;
   std::string username_;
   Profile* user_profile_;
   int verification_count_;
   VerificationStep step_;
 
   DISALLOW_COPY_AND_ASSIGN(OAuthLoginVerifier);
 };
 
 // Fetches the oauth token for the device management service. Since Profile
 // creation might be blocking on a user policy fetch, this fetcher must always
 // send a (possibly empty) token to the BrowserPolicyConnector, which will then
 // let the policy subsystem proceed and resume Profile creation.
 // Sending the token even when no Profile is pending is also OK.
+// TODO(kochi): Split this class into another file after M20 merge.
 class PolicyOAuthFetcher : public GaiaOAuthConsumer {
  public:
   // Fetches the device management service's oauth token using |oauth1_token|
   // and |oauth1_secret| as access tokens.
   PolicyOAuthFetcher(Profile* profile,
                      const std::string& oauth1_token,
                      const std::string& oauth1_secret)
       : oauth_fetcher_(this,
                        profile->GetRequestContext(),
                        profile,
@@ skipping 128 matching lines @@
       MessageLoop::current()->AssertIdle();
     }
   }
 
   int pid_;
   std::string command_line_;
   PrefService* local_state_;
   base::OneShotTimer<JobRestartRequest> timer_;
 };
 
+// Given the authenticated credentials from the cookie jar, try to exchange
+// fetch OAuth1 token and secret. Automatically retries until max retry count is
+// reached.
+// TODO(kochi): Split this class into another file after M20 merge.
+class OAuth1TokenFetcher
+    : public base::SupportsWeakPtr<OAuth1TokenFetcher>,
+      public GaiaOAuthConsumer {
+ public:
+  class Delegate {
+   public:
+    virtual ~Delegate() {}
+    virtual void OnOAuth1AccessTokenAvailable(const std::string& token,
+                                              const std::string& secret) = 0;
+    virtual void OnOAuth1AccessTokenFetchFailed() = 0;
+  };
+
+  OAuth1TokenFetcher(OAuth1TokenFetcher::Delegate* delegate,
+                     Profile* auth_profile)
+      : delegate_(delegate),
+        auth_profile_(auth_profile),
+        oauth_fetcher_(this,
+                       auth_profile_->GetRequestContext(),
+                       auth_profile_,
+                       kServiceScopeChromeOS),
+        retry_count_(0) {
+    DCHECK(delegate);
+  }
+  virtual ~OAuth1TokenFetcher() {}
+
+  void Start() {
+    DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+    if (CrosLibrary::Get()->libcros_loaded()) {
+      // Delay the verification if the network is not connected or on a captive
+      // portal.
+      const Network* network =
+          CrosLibrary::Get()->GetNetworkLibrary()->active_network();
+      if (!network || !network->connected() || network->restricted_pool()) {
+        // If network is offline, defer the token fetching until online.
+        VLOG(1) << "Network is offline.  Deferring OAuth1 token fetch.";
+        BrowserThread::PostDelayedTask(
+            BrowserThread::UI, FROM_HERE,
+            base::Bind(&OAuth1TokenFetcher::Start, AsWeakPtr()),
+            base::TimeDelta::FromMilliseconds(kOAuth1TokenRequestRestartDelay));
+        return;
+      }
+    }
+    oauth_fetcher_.SetAutoFetchLimit(GaiaOAuthFetcher::OAUTH1_ALL_ACCESS_TOKEN);
+    oauth_fetcher_.StartGetOAuthTokenRequest();
+  }
+
+ private:
+  // Decides how to proceed on GAIA response and other errors. If the error
+  // looks temporary, retries token fetching until max retry count is reached.
+  // If retry count runs out, or error condition is unrecoverable, returns
+  // false.
+  bool RetryOnError(const GoogleServiceAuthError& error) {
+    if ((error.state() == GoogleServiceAuthError::CONNECTION_FAILED ||
+         error.state() == GoogleServiceAuthError::SERVICE_UNAVAILABLE ||
+         error.state() == GoogleServiceAuthError::REQUEST_CANCELED) &&
+        retry_count_++ < kMaxOAuth1TokenRequestAttemptCount) {
+      BrowserThread::PostDelayedTask(
+          BrowserThread::UI, FROM_HERE,
+          base::Bind(&OAuth1TokenFetcher::Start, AsWeakPtr()),
+          base::TimeDelta::FromMilliseconds(kOAuth1TokenRequestRestartDelay));
+      return true;
+    }
+    LOG(WARNING) << "Unrecoverable error or retry count max reached.";
+    return false;
+  }
+
+  // GaiaOAuthConsumer implementation:
+  virtual void OnGetOAuthTokenSuccess(const std::string& oauth_token) OVERRIDE {
+    VLOG(1) << "Got OAuth request token!";
+  }
+
+  virtual void OnGetOAuthTokenFailure(
+      const GoogleServiceAuthError& error) OVERRIDE {
+    LOG(WARNING) << "Failed to get OAuth1 request token, error: "
+                 << error.state();
+    if (!RetryOnError(error))
+      delegate_->OnOAuth1AccessTokenFetchFailed();
+  }
+
+  virtual void OnOAuthGetAccessTokenSuccess(
+      const std::string& token,
+      const std::string& secret) OVERRIDE {
+    VLOG(1) << "Got OAuth v1 token!";
+    retry_count_ = 0;
+    delegate_->OnOAuth1AccessTokenAvailable(token, secret);
+  }
+
+  virtual void OnOAuthGetAccessTokenFailure(
+      const GoogleServiceAuthError& error) OVERRIDE {
+    LOG(WARNING) << "Failed fetching OAuth1 access token, error: "
+                 << error.state();
+    if (!RetryOnError(error))
+      delegate_->OnOAuth1AccessTokenFetchFailed();
+  }
+
+  OAuth1TokenFetcher::Delegate* delegate_;
+  Profile* auth_profile_;
+  GaiaOAuthFetcher oauth_fetcher_;
+
+  // The retry counter.  Increment this only when failure happened.
+  int retry_count_;
+
+  DISALLOW_COPY_AND_ASSIGN(OAuth1TokenFetcher);
+};
+
 class LoginUtilsImpl
     : public LoginUtils,
-      public GaiaOAuthConsumer,
+      public OAuth1TokenFetcher::Delegate,
       public OAuthLoginVerifier::Delegate,
       public net::NetworkChangeNotifier::ConnectionTypeObserver,
       public base::SupportsWeakPtr<LoginUtilsImpl> {
  public:
   LoginUtilsImpl()
       : pending_requests_(false),
         using_oauth_(false),
         has_cookies_(false),
         delegate_(NULL),
         job_restart_request_(NULL),
@@ skipping 26 matching lines @@
   virtual void StartTokenServices(Profile* user_profile) OVERRIDE;
   virtual void StartSignedInServices(
       Profile* profile,
       const GaiaAuthConsumer::ClientLoginResult& credentials) OVERRIDE;
   virtual void TransferDefaultCookies(Profile* default_profile,
                                       Profile* new_profile) OVERRIDE;
   virtual void TransferDefaultAuthCache(Profile* default_profile,
                                         Profile* new_profile) OVERRIDE;
   virtual void StopBackgroundFetchers() OVERRIDE;
 
-  // GaiaOAuthConsumer overrides.
-  virtual void OnGetOAuthTokenSuccess(const std::string& oauth_token) OVERRIDE;
-  virtual void OnGetOAuthTokenFailure(
-      const GoogleServiceAuthError& error) OVERRIDE;
-  virtual void OnOAuthGetAccessTokenSuccess(const std::string& token,
-                                            const std::string& secret) OVERRIDE;
-  virtual void OnOAuthGetAccessTokenFailure(
-      const GoogleServiceAuthError& error) OVERRIDE;
+  // OAuth1TokenFetcher::Delegate overrides.
+  void OnOAuth1AccessTokenAvailable(const std::string& token,
+                                    const std::string& secret) OVERRIDE;
+  void OnOAuth1AccessTokenFetchFailed() OVERRIDE;
 
   // OAuthLoginVerifier::Delegate overrides.
   virtual void OnOAuthVerificationSucceeded(const std::string& user_name,
                                             const std::string& sid,
                                             const std::string& lsid,
                                             const std::string& auth) OVERRIDE;
   virtual void OnOAuthVerificationFailed(const std::string& user_name) OVERRIDE;
 
   // net::NetworkChangeNotifier::ConnectionTypeObserver overrides.
   virtual void OnConnectionTypeChanged(
       net::NetworkChangeNotifier::ConnectionType type) OVERRIDE;
 
-  // Given the authenticated credentials from the cookie jar, try to exchange
-  // fetch OAuth request, v1 and v2 tokens.
-  void FetchOAuth1AccessToken(Profile* auth_profile);
-
  protected:
   virtual std::string GetOffTheRecordCommandLine(
       const GURL& start_url,
       const CommandLine& base_command_line,
       CommandLine *command_line);
 
  private:
   // Restarts OAuth session authentication check.
   void KickStartAuthentication(Profile* profile);
 
@@ skipping 34 matching lines @@
   // Callback for asynchronous profile creation.
   void OnProfileCreated(Profile* profile,
                         Profile::CreateStatus status);
 
   std::string password_;
   bool pending_requests_;
   bool using_oauth_;
   bool has_cookies_;
   // Has to be scoped_refptr, see comment for CreateAuthenticator(...).
   scoped_refptr<Authenticator> authenticator_;
-  scoped_ptr<GaiaOAuthFetcher> oauth_fetcher_;
   scoped_ptr<PolicyOAuthFetcher> policy_oauth_fetcher_;
+  scoped_ptr<OAuth1TokenFetcher> oauth1_token_fetcher_;
   scoped_ptr<OAuthLoginVerifier> oauth_login_verifier_;
 
   // Delegate to be fired when the profile will be prepared.
   LoginUtils::Delegate* delegate_;
 
   // Used to restart Chrome to switch to the guest mode.
   JobRestartRequest* job_restart_request_;
 
   // True if should restore authentication session when notified about
   // online state change.
@@ skipping 201 matching lines @@
     std::string oauth1_secret;
     if (ReadOAuth1AccessToken(user_profile, &oauth1_token, &oauth1_secret) ||
         !has_cookies_) {
       // Verify OAuth access token when we find it in the profile and always if
       // if we don't have cookies.
       // TODO(xiyuan): Change back to use authenticator to verify token when
       // we support Gaia in lock screen.
       VerifyOAuth1AccessToken(user_profile, oauth1_token, oauth1_secret);
     } else {
       // If we don't have it, fetch OAuth1 access token.
+      // Once we get that, we will kick off individual requests for OAuth2
+      // tokens for all our services.
       // Use off-the-record profile that was used for this step. It should
       // already contain all needed cookies that will let us skip GAIA's user
       // authentication UI.
       //
       // TODO(rickcam) We should use an isolated App here.
-      FetchOAuth1AccessToken(authenticator_->authentication_profile());
+      oauth1_token_fetcher_.reset(
+          new OAuth1TokenFetcher(this,
+                                 authenticator_->authentication_profile()));
+      oauth1_token_fetcher_->Start();
     }
   }
 
   // Own TPM device if, for any reason, it has not been done in EULA
   // wizard screen.
   CryptohomeLibrary* cryptohome = CrosLibrary::Get()->GetCryptohomeLibrary();
   btl->AddLoginTimeMarker("TPMOwn-Start", false);
   if (cryptohome->TpmIsEnabled() && !cryptohome->TpmIsBeingOwned()) {
     if (cryptohome->TpmIsOwned()) {
       cryptohome->TpmClearStoredPassword();
@@ skipping 15 matching lines @@
   // TODO(altimofeev): This pointer should probably never be NULL, but it looks
   // like LoginUtilsImpl::OnProfileCreated() may be getting called before
   // LoginUtilsImpl::PrepareProfile() has set |delegate_| when Chrome is killed
   // during shutdown in tests -- see http://crosbug.com/18269.  Replace this
   // 'if' statement with a CHECK(delegate_) once the underlying issue is
   // resolved.
   if (delegate_)
     delegate_->OnProfilePrepared(user_profile);
 }
 
-void LoginUtilsImpl::FetchOAuth1AccessToken(Profile* auth_profile) {
-  oauth_fetcher_.reset(new GaiaOAuthFetcher(this,
-                                            auth_profile->GetRequestContext(),
-                                            auth_profile,
-                                            kServiceScopeChromeOS));
-  // Let's first get the Oauth request token and OAuth1 token+secret.
-  // Once we get that, we will kick off individual requests for OAuth2 tokens
-  // for all our services.
-  oauth_fetcher_->SetAutoFetchLimit(GaiaOAuthFetcher::OAUTH1_ALL_ACCESS_TOKEN);
-  oauth_fetcher_->StartGetOAuthTokenRequest();
-}
-
 void LoginUtilsImpl::StartTokenServices(Profile* user_profile) {
   std::string oauth1_token;
   std::string oauth1_secret;
   if (!ReadOAuth1AccessToken(user_profile, &oauth1_token, &oauth1_secret))
     return;
 
   FetchSecondaryTokens(user_profile->GetOffTheRecordProfile(),
                        oauth1_token, oauth1_secret);
 }
 
@@ skipping 311 matching lines @@
 void LoginUtilsImpl::TransferDefaultAuthCache(Profile* default_profile,
                                               Profile* profile) {
   BrowserThread::PostTask(
       BrowserThread::IO, FROM_HERE,
       base::Bind(&TransferDefaultAuthCacheOnIOThread,
                  make_scoped_refptr(default_profile->GetRequestContext()),
                  make_scoped_refptr(profile->GetRequestContext())));
 }
 
 void LoginUtilsImpl::StopBackgroundFetchers() {
-  oauth_fetcher_.reset();
   policy_oauth_fetcher_.reset();
+  oauth1_token_fetcher_.reset();
   oauth_login_verifier_.reset();
 }
 
-void LoginUtilsImpl::OnGetOAuthTokenSuccess(const std::string& oauth_token) {
-  VLOG(1) << "Got OAuth request token!";
-}
-
-void LoginUtilsImpl::OnGetOAuthTokenFailure(
-    const GoogleServiceAuthError& error) {
-  // TODO(zelidrag): Pop up sync setup UI here?
-  LOG(WARNING) << "Failed fetching OAuth request token, error: "
-               << error.state();
-}
-
-void LoginUtilsImpl::OnOAuthGetAccessTokenSuccess(const std::string& token,
-                                                  const std::string& secret) {
-  VLOG(1) << "Got OAuth v1 token!";
-  Profile* user_profile = ProfileManager::GetDefaultProfile();
-  StoreOAuth1AccessToken(user_profile, token, secret);
-
-  // Verify OAuth1 token by doing OAuthLogin and fetching credentials.
-  VerifyOAuth1AccessToken(user_profile, token, secret);
-}
-
-void LoginUtilsImpl::OnOAuthGetAccessTokenFailure(
-    const GoogleServiceAuthError& error) {
-  // TODO(zelidrag): Pop up sync setup UI here?
-  LOG(WARNING) << "Failed fetching OAuth request token, error: "
-               << error.state();
-}
-
 void LoginUtilsImpl::FetchSecondaryTokens(Profile* offrecord_profile,
                                           const std::string& token,
                                           const std::string& secret) {
   FetchPolicyToken(offrecord_profile, token, secret);
   // TODO(rickcam, zelidrag): Wire TokenService there when it becomes
   // capable of handling OAuth1 tokens directly.
 }
 
 bool LoginUtilsImpl::ReadOAuth1AccessToken(Profile* user_profile,
                                            std::string* token,
@@ skipping 94 matching lines @@
   // TODO(nkostylev): There's a potential race if SL would be created before
   // OAuth tokens are fetched. It would use incorrect Authenticator instance.
   authenticator_ = NULL;
 }
 
 void LoginUtilsImpl::OnOAuthVerificationFailed(const std::string& user_name) {
   UserManager::Get()->SaveUserOAuthStatus(user_name,
                                           User::OAUTH_TOKEN_STATUS_INVALID);
 }
 
+void LoginUtilsImpl::OnOAuth1AccessTokenAvailable(const std::string& token,
+                                                  const std::string& secret) {
+  Profile* user_profile = ProfileManager::GetDefaultProfile();
+  StoreOAuth1AccessToken(user_profile, token, secret);
+
+  // Verify OAuth1 token by doing OAuthLogin and fetching credentials.
+  VerifyOAuth1AccessToken(user_profile, token, secret);
+}
+
+void LoginUtilsImpl::OnOAuth1AccessTokenFetchFailed() {
+  // TODO(kochi): Show failure notification UI here?
+  LOG(ERROR) << "Failed to fetch OAuth1 access token.";
+}
+
 void LoginUtilsImpl::OnOAuthVerificationSucceeded(
     const std::string& user_name, const std::string& sid,
     const std::string& lsid, const std::string& auth) {
   // Kick off sync engine.
   GaiaAuthConsumer::ClientLoginResult credentials(sid, lsid, auth,
                                                   std::string());
   StartSignedInServices(ProfileManager::GetDefaultProfile(), credentials);
 }
 
 
 void LoginUtilsImpl::OnConnectionTypeChanged(
     net::NetworkChangeNotifier::ConnectionType type) {
   if (type != net::NetworkChangeNotifier::CONNECTION_NONE &&
       UserManager::Get()->IsUserLoggedIn()) {
     if (oauth_login_verifier_.get() &&
         !oauth_login_verifier_->is_done()) {
       // If we come online for the first time after successful offline login,
-      // we need to kick of OAuth token verification process again.
+      // we need to kick off OAuth token verification process again.
       oauth_login_verifier_->ContinueVerification();
     } else if (should_restore_auth_session_) {
       should_restore_auth_session_ = false;
       Profile* user_profile = ProfileManager::GetDefaultProfile();
       KickStartAuthentication(user_profile);
     }
   }
 }
 
 // static
@@ skipping 10 matching lines @@
 bool LoginUtils::IsWhitelisted(const std::string& username) {
   CrosSettings* cros_settings = CrosSettings::Get();
   bool allow_new_user = false;
   cros_settings->GetBoolean(kAccountsPrefAllowNewUser, &allow_new_user);
   if (allow_new_user)
     return true;
   return cros_settings->FindEmailInList(kAccountsPrefUsers, username);
 }
 
 }  // namespace chromeos