user_cloud_policy_token_forwarder.cc revision 23730a6e56a168d1879203e4b3819bb36e3d8f1f
1// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/user_cloud_policy_token_forwarder.h" 6 7#include "chrome/browser/chrome_notification_types.h" 8#include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h" 9#include "chrome/browser/signin/signin_manager.h" 10#include "components/policy/core/common/cloud/cloud_policy_core.h" 11#include "components/signin/core/profile_oauth2_token_service.h" 12#include "content/public/browser/notification_source.h" 13#include "google_apis/gaia/gaia_constants.h" 14 15namespace policy { 16 17UserCloudPolicyTokenForwarder::UserCloudPolicyTokenForwarder( 18 UserCloudPolicyManagerChromeOS* manager, 19 ProfileOAuth2TokenService* token_service, 20 SigninManagerBase* signin_manager) 21 : OAuth2TokenService::Consumer("policy_token_forwarder"), 22 manager_(manager), 23 token_service_(token_service), 24 signin_manager_(signin_manager) { 25 // Start by waiting for the CloudPolicyService to be initialized, so that 26 // we can check if it already has a DMToken or not. 27 if (manager_->core()->service()->IsInitializationComplete()) { 28 Initialize(); 29 } else { 30 manager_->core()->service()->AddObserver(this); 31 } 32} 33 34UserCloudPolicyTokenForwarder::~UserCloudPolicyTokenForwarder() {} 35 36void UserCloudPolicyTokenForwarder::Shutdown() { 37 request_.reset(); 38 token_service_->RemoveObserver(this); 39 manager_->core()->service()->RemoveObserver(this); 40} 41 42void UserCloudPolicyTokenForwarder::OnRefreshTokenAvailable( 43 const std::string& account_id) { 44 RequestAccessToken(); 45} 46 47void UserCloudPolicyTokenForwarder::OnGetTokenSuccess( 48 const OAuth2TokenService::Request* request, 49 const std::string& access_token, 50 const base::Time& expiration_time) { 51 manager_->OnAccessTokenAvailable(access_token); 52 // All done here. 53 Shutdown(); 54} 55 56void UserCloudPolicyTokenForwarder::OnGetTokenFailure( 57 const OAuth2TokenService::Request* request, 58 const GoogleServiceAuthError& error) { 59 // This should seldom happen: if the user is signing in for the first time 60 // then this was an online signin and network errors are unlikely; if the 61 // user had already signed in before then he should have policy cached, and 62 // RequestAccessToken() wouldn't have been invoked. 63 // Still, something just went wrong (server 500, or something). Currently 64 // we don't recover in this case, and we'll just try to register for policy 65 // again on the next signin. 66 // TODO(joaodasilva, atwilson): consider blocking signin when this happens, 67 // so that the user has to try again before getting into the session. That 68 // would guarantee that a session always has fresh policy, or at least 69 // enforces a cached policy. 70 Shutdown(); 71} 72 73void UserCloudPolicyTokenForwarder::OnInitializationCompleted( 74 CloudPolicyService* service) { 75 Initialize(); 76} 77 78void UserCloudPolicyTokenForwarder::Initialize() { 79 // TODO(mnissler): Once a better way to reconfirm whether a user is on the 80 // login whitelist is available, there is no reason to fetch the OAuth2 token 81 // here if the client is already registered, so check and bail out here. 82 83 if (token_service_->RefreshTokenIsAvailable( 84 signin_manager_->GetAuthenticatedAccountId())) 85 RequestAccessToken(); 86 else 87 token_service_->AddObserver(this); 88} 89 90void UserCloudPolicyTokenForwarder::RequestAccessToken() { 91 OAuth2TokenService::ScopeSet scopes; 92 scopes.insert(GaiaConstants::kDeviceManagementServiceOAuth); 93 scopes.insert(GaiaConstants::kOAuthWrapBridgeUserInfoScope); 94 request_ = token_service_->StartRequest( 95 signin_manager_->GetAuthenticatedAccountId(), scopes, this); 96} 97 98} // namespace policy 99