Chromium Code Reviews| Index: remoting/host/gaia_oauth_client.cc |
| diff --git a/remoting/host/gaia_oauth_client.cc b/remoting/host/gaia_oauth_client.cc |
| index db7d449faef1b1d741520f8e8b53a41ec961886c..fb26c86f0c541e5e65c440bd85cd51bfa162163a 100644 |
| --- a/remoting/host/gaia_oauth_client.cc |
| +++ b/remoting/host/gaia_oauth_client.cc |
| @@ -5,6 +5,7 @@ |
| #include "remoting/host/gaia_oauth_client.h" |
| #include "base/bind.h" |
| +#include "base/compiler_specific.h" |
| #include "base/json/json_reader.h" |
| #include "base/logging.h" |
| #include "base/memory/scoped_ptr.h" |
| @@ -12,9 +13,10 @@ |
| #include "googleurl/src/gurl.h" |
| #include "net/base/escape.h" |
| #include "net/http/http_status_code.h" |
| +#include "net/url_request/url_fetcher.h" |
| +#include "net/url_request/url_fetcher_delegate.h" |
| #include "net/url_request/url_request_context_getter.h" |
| #include "net/url_request/url_request_status.h" |
| -#include "remoting/host/url_fetcher.h" |
| namespace { |
| @@ -44,19 +46,24 @@ OAuthProviderInfo OAuthProviderInfo::GetDefault() { |
| } |
| class GaiaOAuthClient::Core |
| - : public base::RefCountedThreadSafe<GaiaOAuthClient::Core> { |
| + : public base::RefCountedThreadSafe<GaiaOAuthClient::Core>, |
| + public net::URLFetcherDelegate { |
| public: |
| Core(const OAuthProviderInfo& info, |
| net::URLRequestContextGetter* request_context_getter) |
| : provider_info_(info), |
| request_context_getter_(request_context_getter), |
| - delegate_(NULL) { |
| + delegate_(NULL), |
| + request_is_oauth_refresh_(false) { |
| } |
| void RefreshToken(const OAuthClientInfo& oauth_client_info, |
| const std::string& refresh_token, |
| GaiaOAuthClient::Delegate* delegate); |
| + // net::URLFetcherDelegate interface |
| + virtual void OnURLFetchComplete(const net::URLFetcher* source) OVERRIDE; |
| + |
| private: |
| friend class base::RefCountedThreadSafe<Core>; |
| virtual ~Core() {} |
| @@ -73,7 +80,8 @@ class GaiaOAuthClient::Core |
| scoped_refptr<net::URLRequestContextGetter> request_context_getter_; |
| GaiaOAuthClient::Delegate* delegate_; |
| - scoped_ptr<UrlFetcher> request_; |
| + scoped_ptr<net::URLFetcher> request_; |
| + bool request_is_oauth_refresh_; |
| std::string access_token_; |
| int expires_in_seconds_; |
| @@ -97,12 +105,27 @@ void GaiaOAuthClient::Core::RefreshToken( |
| "&client_secret=" + |
| net::EscapeUrlEncodedData(oauth_client_info.client_secret, true) + |
| "&grant_type=refresh_token"; |
| - request_.reset(new UrlFetcher(GURL(provider_info_.access_token_url), |
| - UrlFetcher::POST)); |
| + request_.reset(net::URLFetcher::Create( |
| + GURL(provider_info_.access_token_url), net::URLFetcher::POST, this)); |
| request_->SetRequestContext(request_context_getter_); |
| request_->SetUploadData("application/x-www-form-urlencoded", post_body); |
| - request_->Start( |
| - base::Bind(&GaiaOAuthClient::Core::OnAuthTokenFetchComplete, this)); |
| + request_is_oauth_refresh_ = true; |
| + request_->Start(); |
| +} |
| + |
| +void GaiaOAuthClient::Core::OnURLFetchComplete( |
| + const net::URLFetcher* source) { |
| + std::string response_string; |
| + source->GetResponseAsString(&response_string); |
| + if (request_is_oauth_refresh_) { |
| + OnAuthTokenFetchComplete(source->GetStatus(), |
| + source->GetResponseCode(), |
| + response_string); |
| + } else { |
| + OnUserInfoFetchComplete(source->GetStatus(), |
| + source->GetResponseCode(), |
| + response_string); |
| + } |
| } |
| void GaiaOAuthClient::Core::OnAuthTokenFetchComplete( |
| @@ -129,7 +152,14 @@ void GaiaOAuthClient::Core::OnAuthTokenFetchComplete( |
| message_value->IsType(Value::TYPE_DICTIONARY)) { |
| scoped_ptr<DictionaryValue> response_dict( |
| static_cast<DictionaryValue*>(message_value.release())); |
| - response_dict->GetString(kAccessTokenValue, &access_token_); |
| + std::string access_token; |
| + response_dict->GetString(kAccessTokenValue, &access_token); |
| + if (access_token.find("\r\n") != std::string::npos) { |
|
Wez
2012/06/22 23:58:35
Is there any more stringent check we can make, e.g
Jamie
2012/06/23 00:20:23
I think an embedded CRLF is the only thing that wo
|
| + LOG(ERROR) << "Gaia response: access token include CRLF"; |
| + delegate_->OnOAuthError(); |
| + return; |
| + } |
| + access_token_ = access_token; |
| response_dict->GetInteger(kExpiresInValue, &expires_in_seconds_); |
| } |
| VLOG(1) << "Gaia response: acess_token='" << access_token_ |
| @@ -146,18 +176,19 @@ void GaiaOAuthClient::Core::OnAuthTokenFetchComplete( |
| } |
| void GaiaOAuthClient::Core::FetchUserInfoAndInvokeCallback() { |
| - request_.reset(new UrlFetcher( |
| - GURL(provider_info_.user_info_url), UrlFetcher::GET)); |
| + request_.reset(net::URLFetcher::Create( |
| + GURL(provider_info_.user_info_url), net::URLFetcher::GET, this)); |
| request_->SetRequestContext(request_context_getter_); |
| - request_->SetHeader("Authorization", "Bearer " + access_token_); |
| - request_->Start( |
| - base::Bind(&GaiaOAuthClient::Core::OnUserInfoFetchComplete, this)); |
| + request_->AddExtraRequestHeader("Authorization: Bearer " + access_token_); |
| + request_is_oauth_refresh_ = false; |
| + request_->Start(); |
| } |
| void GaiaOAuthClient::Core::OnUserInfoFetchComplete( |
| const net::URLRequestStatus& status, |
| int response_code, |
| const std::string& response) { |
| + request_.reset(); |
| std::string email; |
| if (response_code == net::HTTP_OK) { |
| scoped_ptr<Value> message_value(base::JSONReader::Read(response)); |