components/signin/ios/browser/profile_oauth2_token_service_ios.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_
   6 #define COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_
   7
   8 #include <string>
   9
  10 #include "base/threading/thread_checker.h"
  11 #include "components/signin/core/browser/profile_oauth2_token_service.h"
  12 #include "components/signin/core/browser/signin_error_controller.h"
  13
  14 class OAuth2AccessTokenFetcher;
  15
  16 namespace ios{
  17 class ProfileOAuth2TokenServiceIOSProvider;
  18 }
  19
  20 // A specialization of ProfileOAuth2TokenService that will be returned by
  21 // ProfileOAuth2TokenServiceFactory for OS_IOS when iOS authentication service
  22 // is used to lookup OAuth2 tokens.
  23 //
  24 // See |ProfileOAuth2TokenService| for usage details.
  25 //
  26 // Note: Requests should be started from the UI thread. To start a
  27 // request from aother thread, please use OAuth2TokenServiceRequest.
  28 class ProfileOAuth2TokenServiceIOS : public ProfileOAuth2TokenService {
  29  public:
  30   // KeyedService
  31   void Shutdown() override;
  32
  33   // OAuth2TokenService
  34   bool RefreshTokenIsAvailable(const std::string& account_id) const override;
  35
  36   void InvalidateOAuth2Token(const std::string& account_id,
  37                              const std::string& client_id,
  38                              const ScopeSet& scopes,
  39                              const std::string& access_token) override;
  40
  41   // ProfileOAuth2TokenService
  42   void Initialize(SigninClient* client,
  43                   SigninErrorController* signin_error_controller) override;
  44   void LoadCredentials(const std::string& primary_account_id) override;
  45   std::vector<std::string> GetAccounts() override;
  46   void UpdateAuthError(const std::string& account_id,
  47                        const GoogleServiceAuthError& error) override;
  48
  49   // This method should not be called when using shared authentication.
  50   void UpdateCredentials(const std::string& account_id,
  51                          const std::string& refresh_token) override;
  52
  53   // Removes all credentials from this instance of |ProfileOAuth2TokenService|,
  54   // however, it does not revoke the identities from the device.
  55   // Subsequent calls to |RefreshTokenIsAvailable| will return |false|.
  56   void RevokeAllCredentials() override;
  57
  58   // Reloads accounts from the provider. Fires |OnRefreshTokenAvailable| for
  59   // each new account. Fires |OnRefreshTokenRevoked| for each account that was
  60   // removed.
  61   // It expects that there is already a primary account id.
  62   void ReloadCredentials();
  63
  64   // Sets the primary account and then reloads the accounts from the provider.
  65   // Should be called when the user signs in to a new account.
  66   // |primary_account_id| must not be an empty string.
  67   void ReloadCredentials(const std::string& primary_account_id);
  68
  69   // Sets the account that should be ignored by this token service.
  70   // |ReloadCredentials| needs to be called for this change to be effective.
  71   void ExcludeSecondaryAccount(const std::string& account_id);
  72   void IncludeSecondaryAccount(const std::string& account_id);
  73   void ExcludeSecondaryAccounts(const std::vector<std::string>& account_ids);
  74
  75   // Excludes all secondary accounts. |ReloadCredentials| needs to be called for
  76   // this change to be effective.
  77   void ExcludeAllSecondaryAccounts();
  78
  79  protected:
  80   friend class ProfileOAuth2TokenServiceFactory;
  81   friend class ProfileOAuth2TokenServiceIOSTest;
  82   FRIEND_TEST_ALL_PREFIXES(ProfileOAuth2TokenServiceIOSTest,
  83                            ExcludeSecondaryAccounts);
  84   FRIEND_TEST_ALL_PREFIXES(ProfileOAuth2TokenServiceIOSTest,
  85                            LoadRevokeCredentialsClearsExcludedAccounts);
  86
  87   ProfileOAuth2TokenServiceIOS();
  88   ~ProfileOAuth2TokenServiceIOS() override;
  89
  90   OAuth2AccessTokenFetcher* CreateAccessTokenFetcher(
  91       const std::string& account_id,
  92       net::URLRequestContextGetter* getter,
  93       OAuth2AccessTokenConsumer* consumer) override;
  94
  95   // Protected and virtual to be overriden by fake for testing.
  96
  97   // Adds |account_id| to |accounts_| if it does not exist or udpates
  98   // the auth error state of |account_id| if it exists. Fires
  99   // |OnRefreshTokenAvailable| if the account info is updated.
 100   virtual void AddOrUpdateAccount(const std::string& account_id);
 101
 102   // Removes |account_id| from |accounts_|. Fires |OnRefreshTokenRevoked|
 103   // if the account info is removed.
 104   virtual void RemoveAccount(const std::string& account_id);
 105
 106  private:
 107   class AccountInfo : public SigninErrorController::AuthStatusProvider {
 108    public:
 109     AccountInfo(SigninErrorController* signin_error_controller,
 110                 const std::string& account_id);
 111     ~AccountInfo() override;
 112
 113     void SetLastAuthError(const GoogleServiceAuthError& error);
 114
 115     // SigninErrorController::AuthStatusProvider implementation.
 116     std::string GetAccountId() const override;
 117     std::string GetUsername() const override;
 118     GoogleServiceAuthError GetAuthStatus() const override;
 119
 120     bool marked_for_removal() const { return marked_for_removal_; }
 121     void set_marked_for_removal(bool marked_for_removal) {
 122       marked_for_removal_ = marked_for_removal;
 123     }
 124
 125    private:
 126     SigninErrorController* signin_error_controller_;
 127     std::string account_id_;
 128     GoogleServiceAuthError last_auth_error_;
 129     bool marked_for_removal_;
 130
 131     DISALLOW_COPY_AND_ASSIGN(AccountInfo);
 132   };
 133
 134   // Maps the |account_id| of accounts known to ProfileOAuth2TokenService
 135   // to information about the account.
 136   typedef std::map<std::string, linked_ptr<AccountInfo> > AccountInfoMap;
 137
 138   // Returns the iOS provider;
 139   ios::ProfileOAuth2TokenServiceIOSProvider* GetProvider();
 140
 141   // Returns the account ids that should be ignored by this token service.
 142   std::set<std::string> GetExcludedSecondaryAccounts();
 143
 144   // Returns true if this token service should exclude all secondary accounts.
 145   bool GetExcludeAllSecondaryAccounts();
 146
 147   // Clears exclude secondary accounts preferences.
 148   void ClearExcludedSecondaryAccounts();
 149
 150   // The primary account id.
 151   std::string primary_account_id_;
 152
 153   // Info about the existing accounts.
 154   AccountInfoMap accounts_;
 155
 156   // Calls to this class are expected to be made from the browser UI thread.
 157   // The purpose of this checker is to detect access to
 158   // ProfileOAuth2TokenService from multiple threads in upstream code.
 159   base::ThreadChecker thread_checker_;
 160
 161   DISALLOW_COPY_AND_ASSIGN(ProfileOAuth2TokenServiceIOS);
 162 };
 163
 164 #endif  // COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_