OAuth2LoginManager+MergeSessionThrottle hardening, multi-profle support

chrome/browser/chromeos/login/login_utils.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/login_utils.h"
 
 #include <algorithm>
 #include <vector>
 
 #include "base/chromeos/chromeos_version.h"
@@ skipping 19 matching lines @@
 #include "chrome/browser/about_flags.h"
 #include "chrome/browser/app_mode/app_mode_utils.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/browser_shutdown.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/chromeos/boot_times_loader.h"
 #include "chrome/browser/chromeos/input_method/input_method_util.h"
 #include "chrome/browser/chromeos/login/chrome_restart_request.h"
 #include "chrome/browser/chromeos/login/language_switch_menu.h"
 #include "chrome/browser/chromeos/login/login_display_host.h"
-#include "chrome/browser/chromeos/login/oauth_login_manager.h"
+#include "chrome/browser/chromeos/login/oauth2_login_manager.h"
+#include "chrome/browser/chromeos/login/oauth2_login_manager_factory.h"
 #include "chrome/browser/chromeos/login/parallel_authenticator.h"
 #include "chrome/browser/chromeos/login/profile_auth_data.h"
 #include "chrome/browser/chromeos/login/screen_locker.h"
 #include "chrome/browser/chromeos/login/user_manager.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chrome/browser/chromeos/settings/cros_settings_names.h"
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/first_run/first_run.h"
 #include "chrome/browser/google/google_util_chromeos.h"
 #include "chrome/browser/lifetime/application_lifetime.h"
@@ skipping 38 matching lines @@
 
 base::FilePath GetRlzDisabledFlagPath() {
   return file_util::GetHomeDir().Append(kRLZDisabledFlagName);
 }
 #endif
 
 }  // namespace
 
 class LoginUtilsImpl
     : public LoginUtils,
-      public OAuthLoginManager::Delegate,
+      public OAuth2LoginManager::Observer,
       public net::NetworkChangeNotifier::ConnectionTypeObserver,
       public base::SupportsWeakPtr<LoginUtilsImpl> {
  public:
   LoginUtilsImpl()
       : using_oauth_(false),
         has_web_auth_cookies_(false),
-        login_manager_(OAuthLoginManager::Create(this)),
         delegate_(NULL),
         should_restore_auth_session_(false),
         session_restore_strategy_(
-            OAuthLoginManager::RESTORE_FROM_SAVED_OAUTH2_REFRESH_TOKEN) {
+            OAuth2LoginManager::RESTORE_FROM_SAVED_OAUTH2_REFRESH_TOKEN) {
     net::NetworkChangeNotifier::AddConnectionTypeObserver(this);
   }
 
   virtual ~LoginUtilsImpl() {
     net::NetworkChangeNotifier::RemoveConnectionTypeObserver(this);
   }
 
   // LoginUtils implementation:
   virtual void DoBrowserLaunch(Profile* profile,
                                LoginDisplayHost* login_host) OVERRIDE;
   virtual void PrepareProfile(
       const UserContext& user_context,
       const std::string& display_email,
       bool using_oauth,
       bool has_cookies,
       bool has_active_session,
       LoginUtils::Delegate* delegate) OVERRIDE;
   virtual void DelegateDeleted(LoginUtils::Delegate* delegate) OVERRIDE;
   virtual void CompleteOffTheRecordLogin(const GURL& start_url) OVERRIDE;
   virtual void SetFirstLoginPrefs(PrefService* prefs) OVERRIDE;
   virtual scoped_refptr<Authenticator> CreateAuthenticator(
       LoginStatusConsumer* consumer) OVERRIDE;
   virtual void RestoreAuthenticationSession(Profile* profile) OVERRIDE;
-  virtual void StopBackgroundFetchers() OVERRIDE;
   virtual void InitRlzDelayed(Profile* user_profile) OVERRIDE;
 
-  // OAuthLoginManager::Delegate overrides.
-  virtual void OnCompletedMergeSession() OVERRIDE;
-  virtual void OnCompletedAuthentication(Profile* user_profile) OVERRIDE;
-  virtual void OnFoundStoredTokens() OVERRIDE;
+  // OAuth2LoginManager::Delegate overrides.
+  virtual void OnSessionRestoreStateChanged(
+      Profile* user_profile,
+      OAuth2LoginManager::SessionRestoreState state) OVERRIDE;
+  virtual void OnSessionAuthenticated(Profile* user_profile) OVERRIDE;
 
   // net::NetworkChangeNotifier::ConnectionTypeObserver overrides.
   virtual void OnConnectionTypeChanged(
       net::NetworkChangeNotifier::ConnectionType type) OVERRIDE;
 
  private:
   // Restarts OAuth session authentication check.
   void KickStartAuthentication(Profile* profile);
 
   // Check user's profile for kApplicationLocale setting.
@@ skipping 29 matching lines @@
                           bool restore_from_auth_cookies);
 
   // Initializes RLZ. If |disabled| is true, RLZ pings are disabled.
   void InitRlz(Profile* user_profile, bool disabled);
 
   // Starts signing related services. Initiates TokenService token retrieval.
   void StartSignedInServices(Profile* profile);
 
   UserContext user_context_;
   bool using_oauth_;
+
   // True if the authentication profile's cookie jar should contain
   // authentication cookies from the authentication extension log in flow.
   bool has_web_auth_cookies_;
   // Has to be scoped_refptr, see comment for CreateAuthenticator(...).
   scoped_refptr<Authenticator> authenticator_;
-  scoped_ptr<OAuthLoginManager> login_manager_;
 
   // Delegate to be fired when the profile will be prepared.
   LoginUtils::Delegate* delegate_;
 
   // True if should restore authentication session when notified about
   // online state change.
   bool should_restore_auth_session_;
 
   // Sesion restore strategy.
-  OAuthLoginManager::SessionRestoreStrategy session_restore_strategy_;
+  OAuth2LoginManager::SessionRestoreStrategy session_restore_strategy_;
   // OAuth2 refresh token for session restore.
   std::string oauth2_refresh_token_;
 
   DISALLOW_COPY_AND_ASSIGN(LoginUtilsImpl);
 };
 
 class LoginUtilsWrapper {
  public:
   static LoginUtilsWrapper* GetInstance() {
     return Singleton<LoginUtilsWrapper>::get();
@@ skipping 171 matching lines @@
           ::switches::kAppModeOAuth2Token);
     }
 
     if (command_line->HasSwitch(::switches::kAppModeAuthCode)) {
       user_context_.auth_code = command_line->GetSwitchValueASCII(
           ::switches::kAppModeAuthCode);
     }
 
     DCHECK(!has_web_auth_cookies_);
     if (!user_context_.auth_code.empty()) {
-      session_restore_strategy_ = OAuthLoginManager::RESTORE_FROM_AUTH_CODE;
+      session_restore_strategy_ = OAuth2LoginManager::RESTORE_FROM_AUTH_CODE;
     } else if (!oauth2_refresh_token_.empty()) {
       session_restore_strategy_ =
-          OAuthLoginManager::RESTORE_FROM_PASSED_OAUTH2_REFRESH_TOKEN;
+          OAuth2LoginManager::RESTORE_FROM_PASSED_OAUTH2_REFRESH_TOKEN;
     } else {
       session_restore_strategy_ =
-          OAuthLoginManager::RESTORE_FROM_SAVED_OAUTH2_REFRESH_TOKEN;
+          OAuth2LoginManager::RESTORE_FROM_SAVED_OAUTH2_REFRESH_TOKEN;
     }
     return;
   }
 
   if (has_web_auth_cookies_) {
-    session_restore_strategy_ = OAuthLoginManager::RESTORE_FROM_COOKIE_JAR;
+    session_restore_strategy_ = OAuth2LoginManager::RESTORE_FROM_COOKIE_JAR;
   } else if (!user_context_.auth_code.empty()) {
-    session_restore_strategy_ = OAuthLoginManager::RESTORE_FROM_AUTH_CODE;
+    session_restore_strategy_ = OAuth2LoginManager::RESTORE_FROM_AUTH_CODE;
   } else {
     session_restore_strategy_ =
-        OAuthLoginManager::RESTORE_FROM_SAVED_OAUTH2_REFRESH_TOKEN;
+        OAuth2LoginManager::RESTORE_FROM_SAVED_OAUTH2_REFRESH_TOKEN;
   }
 }
 
 
 void LoginUtilsImpl::OnProfileCreated(
     Profile* user_profile,
     Profile::CreateStatus status) {
   CHECK(user_profile);
 
   switch (status) {
@@ skipping 37 matching lines @@
 
 void LoginUtilsImpl::CompleteProfileCreate(Profile* user_profile) {
   RestoreAuthSession(user_profile, has_web_auth_cookies_);
   FinalizePrepareProfile(user_profile);
 }
 
 void LoginUtilsImpl::RestoreAuthSession(Profile* user_profile,
                                         bool restore_from_auth_cookies) {
   CHECK((authenticator_.get() && authenticator_->authentication_profile()) ||
         !restore_from_auth_cookies);
-  if (!login_manager_.get())
-    return;
 
   if (chrome::IsRunningInForcedAppMode() ||
       CommandLine::ForCurrentProcess()->HasSwitch(
           chromeos::switches::kOobeSkipPostLogin))
     return;
 
-  UserManager::Get()->SetMergeSessionState(
-      UserManager::MERGE_STATUS_IN_PROCESS);
-
   // Remove legacy OAuth1 token if we have one. If it's valid, we should already
   // have OAuth2 refresh token in TokenService that could be used to retrieve
   // all other tokens and user_context.
-  login_manager_->RestoreSession(
-      user_profile,
+  OAuth2LoginManager* login_manager =
+      OAuth2LoginManagerFactory::GetInstance()->GetForProfile(user_profile);
+  login_manager->AddObserver(this);
+  login_manager->RestoreSession(
       authenticator_.get() && authenticator_->authentication_profile()
           ? authenticator_->authentication_profile()->GetRequestContext()
           : NULL,
       session_restore_strategy_,
       oauth2_refresh_token_,
       user_context_.auth_code);
 }
 
 void LoginUtilsImpl::FinalizePrepareProfile(Profile* user_profile) {
   BootTimesLoader* btl = BootTimesLoader::Get();
@@ skipping 218 matching lines @@
       UserManager::Get()->IsLoggedInAsStub()) {
     return;
   }
 
   if (!net::NetworkChangeNotifier::IsOffline()) {
     should_restore_auth_session_ = false;
     RestoreAuthSession(user_profile, false);
   } else {
     // Even if we're online we should wait till initial
     // OnConnectionTypeChanged() call. Otherwise starting fetchers too early may
-    // end up cancelling all request when initial network connection type is
+    // end up canceling all request when initial network connection type is
     // processed. See http://crbug.com/121643.
     should_restore_auth_session_ = true;
   }
 }
 
-void LoginUtilsImpl::StopBackgroundFetchers() {
-  login_manager_.reset();
+void LoginUtilsImpl::OnSessionRestoreStateChanged(
+    Profile* user_profile,
+    OAuth2LoginManager::SessionRestoreState state) {
+  OAuth2LoginManager* login_manager =
+      OAuth2LoginManagerFactory::GetInstance()->GetForProfile(user_profile);
+  switch (state) {
+    case OAuth2LoginManager::SESSION_RESTORE_NOT_STARTED:
+      break;
+    case OAuth2LoginManager::SESSION_RESTORE_PREPARING:
+      break;
+    case OAuth2LoginManager::SESSION_RESTORE_IN_PROGRESS:
+      break;
+    case OAuth2LoginManager::SESSION_RESTORE_DONE:
+      UserManager::Get()->SaveUserOAuthStatus(
+          UserManager::Get()->GetLoggedInUser()->email(),
+          User::OAUTH2_TOKEN_STATUS_VALID);
+      login_manager->RemoveObserver(this);
+      break;
+    case OAuth2LoginManager::SESSION_RESTORE_FAILED:
+      UserManager::Get()->SaveUserOAuthStatus(
+          UserManager::Get()->GetLoggedInUser()->email(),
+          User::OAUTH2_TOKEN_STATUS_INVALID);
+      login_manager->RemoveObserver(this);
+      break;
+  }
 }
 
-void LoginUtilsImpl::OnCompletedAuthentication(Profile* user_profile) {
+void LoginUtilsImpl::OnSessionAuthenticated(Profile* user_profile) {
   StartSignedInServices(user_profile);
 }
 
-void LoginUtilsImpl::OnCompletedMergeSession() {
-  UserManager::Get()->SetMergeSessionState(UserManager::MERGE_STATUS_DONE);
-}
-
-void LoginUtilsImpl::OnFoundStoredTokens() {
-  // We don't need authenticator instance any more since its cookie jar
-  // is not going to needed to mint OAuth tokens. Reset it so that
-  // ScreenLocker would create a separate instance.
-  authenticator_ = NULL;
-}
-
 void LoginUtilsImpl::OnConnectionTypeChanged(
     net::NetworkChangeNotifier::ConnectionType type) {
-  if (!login_manager_.get())
-    return;
+  Profile* user_profile = ProfileManager::GetDefaultProfile();
+  OAuth2LoginManager* login_manager =
+      OAuth2LoginManagerFactory::GetInstance()->GetForProfile(user_profile);
 
   if (type != net::NetworkChangeNotifier::CONNECTION_NONE &&
       UserManager::Get()->IsUserLoggedIn()) {
-    if (login_manager_->state() ==
-            OAuthLoginManager::SESSION_RESTORE_IN_PROGRESS) {
+    if (login_manager->state() ==
+            OAuth2LoginManager::SESSION_RESTORE_IN_PROGRESS) {
       // If we come online for the first time after successful offline login,
       // we need to kick off OAuth token verification process again.
-      login_manager_->ContinueSessionRestore();
+      login_manager->ContinueSessionRestore();
     } else if (should_restore_auth_session_) {
       should_restore_auth_session_ = false;
-      Profile* user_profile = ProfileManager::GetDefaultProfile();
       RestoreAuthSession(user_profile, has_web_auth_cookies_);
     }
   }
 }
 
 // static
 void LoginUtils::RegisterPrefs(PrefRegistrySimple* registry) {
   registry->RegisterBooleanPref(prefs::kFactoryResetRequested, false);
   registry->RegisterStringPref(prefs::kRLZBrand, std::string());
   registry->RegisterBooleanPref(prefs::kRLZDisabled, false);
@@ skipping 13 matching lines @@
 bool LoginUtils::IsWhitelisted(const std::string& username) {
   CrosSettings* cros_settings = CrosSettings::Get();
   bool allow_new_user = false;
   cros_settings->GetBoolean(kAccountsPrefAllowNewUser, &allow_new_user);
   if (allow_new_user)
     return true;
   return cros_settings->FindEmailInList(kAccountsPrefUsers, username);
 }
 
 }  // namespace chromeos