user_cloud_policy_token_forwarder.cc revision 5d1f7b1de12d16ceb2c938c56701a3e8bfa558f7
1// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/user_cloud_policy_token_forwarder.h" 6 7#include "chrome/browser/chrome_notification_types.h" 8#include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h" 9#include "chrome/browser/signin/profile_oauth2_token_service.h" 10#include "components/policy/core/common/cloud/cloud_policy_core.h" 11#include "content/public/browser/notification_source.h" 12#include "google_apis/gaia/gaia_constants.h" 13#include "google_apis/gaia/gaia_urls.h" 14 15namespace policy { 16 17UserCloudPolicyTokenForwarder::UserCloudPolicyTokenForwarder( 18 UserCloudPolicyManagerChromeOS* manager, 19 ProfileOAuth2TokenService* token_service) 20 : OAuth2TokenService::Consumer("policy_token_forwarder"), 21 manager_(manager), 22 token_service_(token_service) { 23 // Start by waiting for the CloudPolicyService to be initialized, so that 24 // we can check if it already has a DMToken or not. 25 if (manager_->core()->service()->IsInitializationComplete()) { 26 Initialize(); 27 } else { 28 manager_->core()->service()->AddObserver(this); 29 } 30} 31 32UserCloudPolicyTokenForwarder::~UserCloudPolicyTokenForwarder() {} 33 34void UserCloudPolicyTokenForwarder::Shutdown() { 35 request_.reset(); 36 token_service_->RemoveObserver(this); 37 manager_->core()->service()->RemoveObserver(this); 38} 39 40void UserCloudPolicyTokenForwarder::OnRefreshTokenAvailable( 41 const std::string& account_id) { 42 RequestAccessToken(); 43} 44 45void UserCloudPolicyTokenForwarder::OnGetTokenSuccess( 46 const OAuth2TokenService::Request* request, 47 const std::string& access_token, 48 const base::Time& expiration_time) { 49 manager_->OnAccessTokenAvailable(access_token); 50 // All done here. 51 Shutdown(); 52} 53 54void UserCloudPolicyTokenForwarder::OnGetTokenFailure( 55 const OAuth2TokenService::Request* request, 56 const GoogleServiceAuthError& error) { 57 // This should seldom happen: if the user is signing in for the first time 58 // then this was an online signin and network errors are unlikely; if the 59 // user had already signed in before then he should have policy cached, and 60 // RequestAccessToken() wouldn't have been invoked. 61 // Still, something just went wrong (server 500, or something). Currently 62 // we don't recover in this case, and we'll just try to register for policy 63 // again on the next signin. 64 // TODO(joaodasilva, atwilson): consider blocking signin when this happens, 65 // so that the user has to try again before getting into the session. That 66 // would guarantee that a session always has fresh policy, or at least 67 // enforces a cached policy. 68 Shutdown(); 69} 70 71void UserCloudPolicyTokenForwarder::OnInitializationCompleted( 72 CloudPolicyService* service) { 73 Initialize(); 74} 75 76void UserCloudPolicyTokenForwarder::Initialize() { 77 // TODO(mnissler): Once a better way to reconfirm whether a user is on the 78 // login whitelist is available, there is no reason to fetch the OAuth2 token 79 // here if the client is already registered, so check and bail out here. 80 81 if (token_service_->RefreshTokenIsAvailable( 82 token_service_->GetPrimaryAccountId())) 83 RequestAccessToken(); 84 else 85 token_service_->AddObserver(this); 86} 87 88void UserCloudPolicyTokenForwarder::RequestAccessToken() { 89 OAuth2TokenService::ScopeSet scopes; 90 scopes.insert(GaiaConstants::kDeviceManagementServiceOAuth); 91 scopes.insert(GaiaUrls::GetInstance()->oauth_wrap_bridge_user_info_scope()); 92 request_ = token_service_->StartRequest( 93 token_service_->GetPrimaryAccountId(), scopes, this); 94} 95 96} // namespace policy 97