| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/api/identity/identity_api.h" | 5 #include "chrome/browser/extensions/api/identity/identity_api.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <utility> | 9 #include <utility> |
| 10 #include <vector> | 10 #include <vector> |
| 11 | 11 |
| 12 #include "base/lazy_instance.h" | 12 #include "base/lazy_instance.h" |
| 13 #include "base/prefs/pref_service.h" | 13 #include "base/prefs/pref_service.h" |
| 14 #include "base/strings/string_number_conversions.h" | 14 #include "base/strings/string_number_conversions.h" |
| 15 #include "base/strings/stringprintf.h" | 15 #include "base/strings/stringprintf.h" |
| 16 #include "base/values.h" | 16 #include "base/values.h" |
| 17 #include "chrome/browser/app_mode/app_mode_utils.h" | 17 #include "chrome/browser/app_mode/app_mode_utils.h" |
| 18 #include "chrome/browser/browser_process.h" | 18 #include "chrome/browser/browser_process.h" |
| 19 #include "chrome/browser/extensions/extension_function_dispatcher.h" | 19 #include "chrome/browser/extensions/extension_function_dispatcher.h" |
| 20 #include "chrome/browser/extensions/extension_service.h" | 20 #include "chrome/browser/extensions/extension_service.h" |
| 21 #include "chrome/browser/policy/browser_policy_connector.h" |
| 21 #include "chrome/browser/profiles/profile.h" | 22 #include "chrome/browser/profiles/profile.h" |
| 22 #include "chrome/browser/signin/signin_manager.h" | 23 #include "chrome/browser/signin/signin_manager.h" |
| 23 #include "chrome/browser/signin/signin_manager_factory.h" | 24 #include "chrome/browser/signin/signin_manager_factory.h" |
| 24 #include "chrome/browser/signin/token_service.h" | 25 #include "chrome/browser/signin/token_service.h" |
| 25 #include "chrome/browser/signin/token_service_factory.h" | 26 #include "chrome/browser/signin/token_service_factory.h" |
| 26 #include "chrome/common/chrome_notification_types.h" | 27 #include "chrome/common/chrome_notification_types.h" |
| 27 #include "chrome/common/extensions/api/identity.h" | 28 #include "chrome/common/extensions/api/identity.h" |
| 28 #include "chrome/common/extensions/api/identity/oauth2_manifest_handler.h" | 29 #include "chrome/common/extensions/api/identity/oauth2_manifest_handler.h" |
| 29 #include "chrome/common/extensions/extension.h" | 30 #include "chrome/common/extensions/extension.h" |
| 30 #include "chrome/common/extensions/extension_manifest_constants.h" | 31 #include "chrome/common/extensions/extension_manifest_constants.h" |
| 31 #include "chrome/common/pref_names.h" | 32 #include "chrome/common/pref_names.h" |
| 32 #include "chrome/common/url_constants.h" | 33 #include "chrome/common/url_constants.h" |
| 33 #include "google_apis/gaia/gaia_constants.h" | 34 #include "google_apis/gaia/gaia_constants.h" |
| 34 #include "google_apis/gaia/gaia_urls.h" | 35 #include "google_apis/gaia/gaia_urls.h" |
| 35 #include "googleurl/src/gurl.h" | 36 #include "googleurl/src/gurl.h" |
| 36 | 37 |
| 37 #if defined(OS_CHROMEOS) | 38 #if defined(OS_CHROMEOS) |
| 38 #include "chrome/browser/chromeos/login/user_manager.h" | 39 #include "chrome/browser/chromeos/login/user_manager.h" |
| 40 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" |
| 41 #include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h
" |
| 39 #endif | 42 #endif |
| 40 | 43 |
| 41 namespace extensions { | 44 namespace extensions { |
| 42 | 45 |
| 43 namespace identity_constants { | 46 namespace identity_constants { |
| 44 const char kInvalidClientId[] = "Invalid OAuth2 Client ID."; | 47 const char kInvalidClientId[] = "Invalid OAuth2 Client ID."; |
| 45 const char kInvalidScopes[] = "Invalid OAuth2 scopes."; | 48 const char kInvalidScopes[] = "Invalid OAuth2 scopes."; |
| 46 const char kAuthFailure[] = "OAuth2 request failed: "; | 49 const char kAuthFailure[] = "OAuth2 request failed: "; |
| 47 const char kNoGrant[] = "OAuth2 not granted or revoked."; | 50 const char kNoGrant[] = "OAuth2 not granted or revoked."; |
| 48 const char kUserRejected[] = "The user did not approve access."; | 51 const char kUserRejected[] = "The user did not approve access."; |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 96 } | 99 } |
| 97 | 100 |
| 98 if (oauth2_info.scopes.size() == 0) { | 101 if (oauth2_info.scopes.size() == 0) { |
| 99 error_ = identity_constants::kInvalidScopes; | 102 error_ = identity_constants::kInvalidScopes; |
| 100 return false; | 103 return false; |
| 101 } | 104 } |
| 102 | 105 |
| 103 // Balanced in CompleteFunctionWithResult|CompleteFunctionWithError | 106 // Balanced in CompleteFunctionWithResult|CompleteFunctionWithError |
| 104 AddRef(); | 107 AddRef(); |
| 105 | 108 |
| 109 #if defined(OS_CHROMEOS) |
| 110 if (chromeos::UserManager::Get()->IsLoggedInAsKioskApp() && |
| 111 g_browser_process->browser_policy_connector()->IsEnterpriseManaged()) { |
| 112 StartMintTokenFlow(IdentityMintRequestQueue::MINT_TYPE_NONINTERACTIVE); |
| 113 return true; |
| 114 } |
| 115 #endif |
| 116 |
| 106 if (!HasLoginToken()) { | 117 if (!HasLoginToken()) { |
| 107 if (!should_prompt_for_signin_) { | 118 if (!should_prompt_for_signin_) { |
| 108 error_ = identity_constants::kUserNotSignedIn; | 119 error_ = identity_constants::kUserNotSignedIn; |
| 109 Release(); | 120 Release(); |
| 110 return false; | 121 return false; |
| 111 } | 122 } |
| 112 // Display a login prompt. | 123 // Display a login prompt. |
| 113 StartSigninFlow(); | 124 StartSigninFlow(); |
| 114 } else { | 125 } else { |
| 115 TokenService* token_service = TokenServiceFactory::GetForProfile(profile()); | 126 TokenService* token_service = TokenServiceFactory::GetForProfile(profile()); |
| (...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 201 IdentityTokenCacheValue cache_entry = id_api->GetCachedToken( | 212 IdentityTokenCacheValue cache_entry = id_api->GetCachedToken( |
| 202 GetExtension()->id(), oauth2_info.scopes); | 213 GetExtension()->id(), oauth2_info.scopes); |
| 203 IdentityTokenCacheValue::CacheValueStatus cache_status = | 214 IdentityTokenCacheValue::CacheValueStatus cache_status = |
| 204 cache_entry.status(); | 215 cache_entry.status(); |
| 205 | 216 |
| 206 if (type == IdentityMintRequestQueue::MINT_TYPE_NONINTERACTIVE) { | 217 if (type == IdentityMintRequestQueue::MINT_TYPE_NONINTERACTIVE) { |
| 207 switch (cache_status) { | 218 switch (cache_status) { |
| 208 case IdentityTokenCacheValue::CACHE_STATUS_NOTFOUND: | 219 case IdentityTokenCacheValue::CACHE_STATUS_NOTFOUND: |
| 209 #if defined(OS_CHROMEOS) | 220 #if defined(OS_CHROMEOS) |
| 210 // Always force minting token for ChromeOS kiosk app. | 221 // Always force minting token for ChromeOS kiosk app. |
| 211 if (chrome::IsRunningInForcedAppMode()) { | 222 if (chromeos::UserManager::Get()->IsLoggedInAsKioskApp()) { |
| 212 StartGaiaRequest(OAuth2MintTokenFlow::MODE_MINT_TOKEN_FORCE); | 223 if (g_browser_process->browser_policy_connector()-> |
| 224 IsEnterpriseManaged()) { |
| 225 OAuth2TokenService::ScopeSet scope_set(oauth2_info.scopes.begin(), |
| 226 oauth2_info.scopes.end()); |
| 227 device_token_request_ = |
| 228 chromeos::DeviceOAuth2TokenServiceFactory::Get()->StartRequest( |
| 229 scope_set, this); |
| 230 } else { |
| 231 StartGaiaRequest(OAuth2MintTokenFlow::MODE_MINT_TOKEN_FORCE); |
| 232 } |
| 213 return; | 233 return; |
| 214 } | 234 } |
| 215 #endif | 235 #endif |
| 236 |
| 216 if (oauth2_info.auto_approve) | 237 if (oauth2_info.auto_approve) |
| 217 // oauth2_info.auto_approve is protected by a whitelist in | 238 // oauth2_info.auto_approve is protected by a whitelist in |
| 218 // _manifest_features.json hence only selected extensions take | 239 // _manifest_features.json hence only selected extensions take |
| 219 // advantage of forcefully minting the token. | 240 // advantage of forcefully minting the token. |
| 220 StartGaiaRequest(OAuth2MintTokenFlow::MODE_MINT_TOKEN_FORCE); | 241 StartGaiaRequest(OAuth2MintTokenFlow::MODE_MINT_TOKEN_FORCE); |
| 221 else | 242 else |
| 222 StartGaiaRequest(OAuth2MintTokenFlow::MODE_MINT_TOKEN_NO_FORCE); | 243 StartGaiaRequest(OAuth2MintTokenFlow::MODE_MINT_TOKEN_NO_FORCE); |
| 223 break; | 244 break; |
| 224 | 245 |
| 225 case IdentityTokenCacheValue::CACHE_STATUS_TOKEN: | 246 case IdentityTokenCacheValue::CACHE_STATUS_TOKEN: |
| (...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 355 IdentityTokenCacheValue token_value( | 376 IdentityTokenCacheValue token_value( |
| 356 access_token, base::TimeDelta::FromSeconds(time_to_live)); | 377 access_token, base::TimeDelta::FromSeconds(time_to_live)); |
| 357 IdentityAPI::GetFactoryInstance()->GetForProfile(profile()) | 378 IdentityAPI::GetFactoryInstance()->GetForProfile(profile()) |
| 358 ->SetCachedToken(GetExtension()->id(), oauth2_info.scopes, token_value); | 379 ->SetCachedToken(GetExtension()->id(), oauth2_info.scopes, token_value); |
| 359 } | 380 } |
| 360 | 381 |
| 361 CompleteMintTokenFlow(); | 382 CompleteMintTokenFlow(); |
| 362 CompleteFunctionWithResult(access_token); | 383 CompleteFunctionWithResult(access_token); |
| 363 } | 384 } |
| 364 | 385 |
| 386 void IdentityGetAuthTokenFunction::OnGetTokenSuccess( |
| 387 const OAuth2TokenService::Request* request, |
| 388 const std::string& access_token, |
| 389 const base::Time& expiration_time) { |
| 390 DCHECK_EQ(device_token_request_.get(), request); |
| 391 device_token_request_.reset(); |
| 392 |
| 393 const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(GetExtension()); |
| 394 IdentityTokenCacheValue token(access_token, |
| 395 expiration_time - base::Time::Now()); |
| 396 IdentityAPI::GetFactoryInstance()->GetForProfile(profile())->SetCachedToken( |
| 397 GetExtension()->id(), oauth2_info.scopes, token); |
| 398 |
| 399 CompleteMintTokenFlow(); |
| 400 CompleteFunctionWithResult(access_token); |
| 401 } |
| 402 |
| 403 void IdentityGetAuthTokenFunction::OnGetTokenFailure( |
| 404 const OAuth2TokenService::Request* request, |
| 405 const GoogleServiceAuthError& error) { |
| 406 DCHECK_EQ(device_token_request_.get(), request); |
| 407 device_token_request_.reset(); |
| 408 |
| 409 OnGaiaFlowFailure(GaiaWebAuthFlow::SERVICE_AUTH_ERROR, error, std::string()); |
| 410 } |
| 411 |
| 365 void IdentityGetAuthTokenFunction::StartGaiaRequest( | 412 void IdentityGetAuthTokenFunction::StartGaiaRequest( |
| 366 OAuth2MintTokenFlow::Mode mode) { | 413 OAuth2MintTokenFlow::Mode mode) { |
| 367 mint_token_flow_.reset(CreateMintTokenFlow(mode)); | 414 mint_token_flow_.reset(CreateMintTokenFlow(mode)); |
| 368 mint_token_flow_->Start(); | 415 mint_token_flow_->Start(); |
| 369 } | 416 } |
| 370 | 417 |
| 371 void IdentityGetAuthTokenFunction::ShowLoginPopup() { | 418 void IdentityGetAuthTokenFunction::ShowLoginPopup() { |
| 372 signin_flow_.reset(new IdentitySigninFlow(this, profile())); | 419 signin_flow_.reset(new IdentitySigninFlow(this, profile())); |
| 373 signin_flow_->Start(); | 420 signin_flow_->Start(); |
| 374 } | 421 } |
| (...skipping 337 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 712 const IdentityAPI::TokenCacheKey& rhs) const { | 759 const IdentityAPI::TokenCacheKey& rhs) const { |
| 713 if (extension_id < rhs.extension_id) | 760 if (extension_id < rhs.extension_id) |
| 714 return true; | 761 return true; |
| 715 else if (rhs.extension_id < extension_id) | 762 else if (rhs.extension_id < extension_id) |
| 716 return false; | 763 return false; |
| 717 | 764 |
| 718 return scopes < rhs.scopes; | 765 return scopes < rhs.scopes; |
| 719 } | 766 } |
| 720 | 767 |
| 721 } // namespace extensions | 768 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 17009016:
Wire up the identity API for enterprise Kiosk Apps. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src