1// Copyright (c) 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/common/extensions/api/identity/oauth2_manifest_handler.h"
6
7#include "base/lazy_instance.h"
8#include "base/memory/scoped_ptr.h"
9#include "base/strings/utf_string_conversions.h"
10#include "base/values.h"
11#include "extensions/common/error_utils.h"
12#include "extensions/common/manifest_constants.h"
13
14namespace {
15
16// Manifest keys.
17const char kClientId[] = "client_id";
18const char kScopes[] = "scopes";
19const char kAutoApprove[] = "auto_approve";
20
21}  // namespace
22
23namespace extensions {
24
25namespace keys = manifest_keys;
26namespace errors = manifest_errors;
27
28OAuth2Info::OAuth2Info() : auto_approve(false) {}
29OAuth2Info::~OAuth2Info() {}
30
31static base::LazyInstance<OAuth2Info> g_empty_oauth2_info =
32    LAZY_INSTANCE_INITIALIZER;
33
34// static
35const OAuth2Info& OAuth2Info::GetOAuth2Info(const Extension* extension) {
36  OAuth2Info* info = static_cast<OAuth2Info*>(
37      extension->GetManifestData(keys::kOAuth2));
38  return info ? *info : g_empty_oauth2_info.Get();
39}
40
41OAuth2ManifestHandler::OAuth2ManifestHandler() {
42}
43
44OAuth2ManifestHandler::~OAuth2ManifestHandler() {
45}
46
47bool OAuth2ManifestHandler::Parse(Extension* extension,
48                                  base::string16* error) {
49  scoped_ptr<OAuth2Info> info(new OAuth2Info);
50  const base::DictionaryValue* dict = NULL;
51  if (!extension->manifest()->GetDictionary(keys::kOAuth2, &dict)) {
52    *error = base::ASCIIToUTF16(errors::kInvalidOAuth2ClientId);
53    return false;
54  }
55
56  // HasPath checks for whether the manifest is allowed to have
57  // oauth2.auto_approve based on whitelist, and if it is present.
58  // GetBoolean reads the value of auto_approve directly from dict to prevent
59  // duplicate checking.
60  if (extension->manifest()->HasPath(keys::kOAuth2AutoApprove) &&
61      !dict->GetBoolean(kAutoApprove, &info->auto_approve)) {
62    *error = base::ASCIIToUTF16(errors::kInvalidOAuth2AutoApprove);
63    return false;
64  }
65
66  // Component apps using auto_approve may use Chrome's client ID by
67  // omitting the field.
68  if ((!dict->GetString(kClientId, &info->client_id) ||
69       info->client_id.empty()) &&
70      (extension->location() != Manifest::COMPONENT || !info->auto_approve)) {
71    *error = base::ASCIIToUTF16(errors::kInvalidOAuth2ClientId);
72    return false;
73  }
74
75  const base::ListValue* list = NULL;
76  if (!dict->GetList(kScopes, &list)) {
77    *error = base::ASCIIToUTF16(errors::kInvalidOAuth2Scopes);
78    return false;
79  }
80
81  for (size_t i = 0; i < list->GetSize(); ++i) {
82    std::string scope;
83    if (!list->GetString(i, &scope)) {
84      *error = base::ASCIIToUTF16(errors::kInvalidOAuth2Scopes);
85      return false;
86    }
87    info->scopes.push_back(scope);
88  }
89
90  extension->SetManifestData(keys::kOAuth2, info.release());
91  return true;
92}
93
94const std::vector<std::string> OAuth2ManifestHandler::Keys() const {
95  return SingleKey(keys::kOAuth2);
96}
97
98}  // namespace extensions
99