Merge Chromium + Blink git repositories

[chromium-blink-merge.git] / remoting / webapp / base / js / identity.js

// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

/**
 * @fileoverview
 * Wrapper class for Chrome's identity API.
 */
/** @suppress {duplicate} */
var remoting = remoting || {};

(function(){

'use strict';

/**
 * @type {remoting.Identity}
 */
remoting.identity = null;

var USER_CANCELLED = 'The user did not approve access.';

/**
 * @param {remoting.Identity.ConsentDialog=} opt_consentDialog
 * @constructor
 */
remoting.Identity = function(opt_consentDialog) {
  /** @private */
  this.consentDialog_ = opt_consentDialog;
  /** @private {string} */
  this.email_ = '';
  /** @private {string} */
  this.fullName_ = '';
  /** @private {Object<base.Deferred<string>>} */
  this.authTokensDeferred_ = {};
  /** @private {boolean} */
  this.interactive_ = false;
};

/**
 * chrome.identity.getAuthToken should be initiated from user interactions if
 * called with interactive equals true.  This interface prompts a dialog for
 * the user's consent.
 *
 * @interface
 */
remoting.Identity.ConsentDialog = function() {};

/**
 * @return {Promise} A Promise that resolves when permission to start an
 *   interactive flow is granted.
 */
remoting.Identity.ConsentDialog.prototype.show = function() {};

/**
 * Gets an access token.
 *
 * @param {Array<string>=} opt_scopes Optional OAuth2 scopes to request. If not
 *     specified, the scopes specified in the manifest will be used. No consent
 *     prompt will be needed as long as the requested scopes are a subset of
 *     those already granted (in most cases, the remoting.Application framework
 *     ensures that the scopes specified in the manifest are already authorized
 *     before any application code is executed). Callers can request scopes not
 *     specified in the manifest, but a consent prompt will be shown.
 *
 * @return {!Promise<string>} A promise resolved with an access token
 *     or rejected with a remoting.Error.
 */
remoting.Identity.prototype.getToken = function(opt_scopes) {
  var key = getScopesKey(opt_scopes);
  if (!this.authTokensDeferred_[key]) {
    this.authTokensDeferred_[key] = new base.Deferred();
    var options = {
      'interactive': this.interactive_,
      'scopes': opt_scopes
    };
    chrome.identity.getAuthToken(options,
                                 this.onAuthComplete_.bind(this, opt_scopes));
  }
  return this.authTokensDeferred_[key].promise();
};

/**
 * Gets a fresh access token.
 *
 * @param {Array<string>=} opt_scopes Optional OAuth2 scopes to request, as
 *     documented in getToken().
 * @return {!Promise<string>} A promise resolved with an access token
 *     or rejected with a remoting.Error.
 */
remoting.Identity.prototype.getNewToken = function(opt_scopes) {
  /** @type {remoting.Identity} */
  var that = this;

  return this.getToken(opt_scopes).then(function(/** string */ token) {
    return new Promise(function(resolve, reject) {
      chrome.identity.removeCachedAuthToken({'token': token }, function() {
        resolve(that.getToken(opt_scopes));
      });
    });
  });
};

/**
 * Removes the cached auth token, if any.
 *
 * @return {!Promise<null>} A promise resolved with the operation completes.
 */
remoting.Identity.prototype.removeCachedAuthToken = function() {
  return new Promise(function(resolve, reject) {
    /** @param {string=} token */
    var onToken = function(token) {
      if (token) {
        chrome.identity.removeCachedAuthToken(
            {'token': token}, resolve.bind(null, null));
      } else {
        resolve(null);
      }
    };
    chrome.identity.getAuthToken({'interactive': false}, onToken);
  });
};

/**
 * Gets the user's email address and full name.  The full name will be
 * null unless the webapp has requested and been granted the
 * userinfo.profile permission.
 *
 * TODO(jrw): Type declarations say the name can't be null.  Are the
 * types wrong, or is the documentation wrong?
 *
 * @return {!Promise<{email:string, name:string}>} Promise
 *     resolved with the user's email address and full name, or rejected
 *     with a remoting.Error.
 */
remoting.Identity.prototype.getUserInfo = function() {
  if (this.isAuthenticated()) {
    /**
     * The temp variable is needed to work around a compiler bug.
     * @type {{email: string, name: string}}
     */
    var result = {email: this.email_, name: this.fullName_};
    return Promise.resolve(result);
  }

  /** @type {remoting.Identity} */
  var that = this;

  return this.getToken().then(function(token) {
    return new Promise(function(resolve, reject) {
      /**
       * @param {string} email
       * @param {string} name
       */
      var onResponse = function(email, name) {
        that.email_ = email;
        that.fullName_ = name;
        resolve({email: email, name: name});
      };

      remoting.oauth2Api.getUserInfo(onResponse, reject, token);
    });
  });
};

/**
 * Gets the user's email address.
 *
 * @return {!Promise<string>} Promise resolved with the user's email
 *     address or rejected with a remoting.Error.
 */
remoting.Identity.prototype.getEmail = function() {
  return this.getUserInfo().then(function(userInfo) {
    return userInfo.email;
  });
};

/**
 * Callback for the getAuthToken API.
 *
 * @param {Array<string>|undefined} scopes The explicit scopes passed to
 *     getToken, or undefined if no scopes were specified.
 * @param {string=} token The auth token, or null if the request failed.
 * @private
 */
remoting.Identity.prototype.onAuthComplete_ = function(scopes, token) {
  var key = getScopesKey(scopes);

  // Pass the token to the callback(s) if it was retrieved successfully.
  if (token) {
    var promise = this.authTokensDeferred_[key];
    delete this.authTokensDeferred_[key];
    promise.resolve(token);
    return;
  }

  // If not, pass an error back to the callback(s) if we've already prompted the
  // user for permission.
  if (this.interactive_) {
    var error_message =
        chrome.runtime.lastError ? chrome.runtime.lastError.message
                                 : 'Unknown error.';
    console.error(error_message);
    var error = (error_message == USER_CANCELLED) ?
        new remoting.Error(remoting.Error.Tag.CANCELLED) :
        new remoting.Error(remoting.Error.Tag.NOT_AUTHENTICATED);
    this.authTokensDeferred_[key].reject(error);
    delete this.authTokensDeferred_[key];
    return;
  }

  // If there's no token, but we haven't yet prompted for permission, do so
  // now.
  var that = this;
  var showConsentDialog =
      (this.consentDialog_) ? this.consentDialog_.show() : Promise.resolve();
  showConsentDialog.then(function() {
    that.interactive_ = true;
    var options = {
      'interactive': that.interactive_,
      'scopes': scopes
    };
    chrome.identity.getAuthToken(options,
                                 that.onAuthComplete_.bind(that, scopes));
  });
};

/**
 * Returns whether the web app has authenticated with the Google services.
 *
 * @return {boolean}
 */
remoting.Identity.prototype.isAuthenticated = function() {
  return remoting.identity.email_ !== '';
};


/**
 * @param {Array<string>=} opt_scopes
 * @return {string}
 */
function getScopesKey(opt_scopes) {
  return opt_scopes ? JSON.stringify(opt_scopes) : '';
}

})();