components/signin/ios/browser/profile_oauth2_token_service_ios_delegate.h

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4 #ifndef COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_DELEGATE_H_
   5 #define COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_DELEGATE_H_
   6
   7 #include <string>
   8
   9 #include "base/memory/linked_ptr.h"
  10 #include "base/threading/thread_checker.h"
  11 #include "components/signin/core/browser/signin_error_controller.h"
  12 #include "google_apis/gaia/oauth2_token_service_delegate.h"
  13
  14 class AccountTrackerService;
  15 class ProfileOAuth2TokenServiceIOSProvider;
  16
  17 class ProfileOAuth2TokenServiceIOSDelegate : public OAuth2TokenServiceDelegate {
  18  public:
  19   ProfileOAuth2TokenServiceIOSDelegate(
  20       SigninClient* client,
  21       ProfileOAuth2TokenServiceIOSProvider* provider,
  22       AccountTrackerService* account_tracker_service,
  23       SigninErrorController* signin_error_controller);
  24   ~ProfileOAuth2TokenServiceIOSDelegate() override;
  25
  26   OAuth2AccessTokenFetcher* CreateAccessTokenFetcher(
  27       const std::string& account_id,
  28       net::URLRequestContextGetter* getter,
  29       OAuth2AccessTokenConsumer* consumer) override;
  30
  31   // KeyedService
  32   void Shutdown() override;
  33
  34   bool RefreshTokenIsAvailable(const std::string& account_id) const override;
  35   bool RefreshTokenHasError(const std::string& account_id) const override;
  36   void UpdateAuthError(const std::string& account_id,
  37                        const GoogleServiceAuthError& error) override;
  38
  39   void LoadCredentials(const std::string& primary_account_id) override;
  40   std::vector<std::string> GetAccounts() override;
  41
  42   // This method should not be called when using shared authentication.
  43   void UpdateCredentials(const std::string& account_id,
  44                          const std::string& refresh_token) override;
  45
  46   // Removes all credentials from this instance of |ProfileOAuth2TokenService|,
  47   // however, it does not revoke the identities from the device.
  48   // Subsequent calls to |RefreshTokenIsAvailable| will return |false|.
  49   void RevokeAllCredentials() override;
  50
  51   // Reloads accounts from the provider. Fires |OnRefreshTokenAvailable| for
  52   // each new account. Fires |OnRefreshTokenRevoked| for each account that was
  53   // removed.
  54   // It expects that there is already a primary account id.
  55   void ReloadCredentials();
  56
  57   // Sets the primary account and then reloads the accounts from the provider.
  58   // Should be called when the user signs in to a new account.
  59   // |primary_account_id| must not be an empty string.
  60   void ReloadCredentials(const std::string& primary_account_id);
  61
  62   // Sets the account that should be ignored by this token service.
  63   // |ReloadCredentials| needs to be called for this change to be effective.
  64   void ExcludeSecondaryAccount(const std::string& account_id);
  65   void IncludeSecondaryAccount(const std::string& account_id);
  66   void ExcludeSecondaryAccounts(const std::vector<std::string>& account_ids);
  67
  68   // Excludes all secondary accounts. |ReloadCredentials| needs to be called for
  69   // this change to be effective.
  70   void ExcludeAllSecondaryAccounts();
  71
  72  protected:
  73   // Adds |account_id| to |accounts_| if it does not exist or udpates
  74   // the auth error state of |account_id| if it exists. Fires
  75   // |OnRefreshTokenAvailable| if the account info is updated.
  76   virtual void AddOrUpdateAccount(const std::string& account_id);
  77
  78   // Removes |account_id| from |accounts_|. Fires |OnRefreshTokenRevoked|
  79   // if the account info is removed.
  80   virtual void RemoveAccount(const std::string& account_id);
  81
  82  private:
  83   friend class ProfileOAuth2TokenServiceIOSDelegateTest;
  84   FRIEND_TEST_ALL_PREFIXES(ProfileOAuth2TokenServiceIOSDelegateTest,
  85                            LoadRevokeCredentialsClearsExcludedAccounts);
  86
  87   class AccountStatus : public SigninErrorController::AuthStatusProvider {
  88    public:
  89     AccountStatus(SigninErrorController* signin_error_controller,
  90                   const std::string& account_id);
  91     ~AccountStatus() override;
  92
  93     void SetLastAuthError(const GoogleServiceAuthError& error);
  94
  95     // SigninErrorController::AuthStatusProvider implementation.
  96     std::string GetAccountId() const override;
  97     GoogleServiceAuthError GetAuthStatus() const override;
  98
  99    private:
 100     SigninErrorController* signin_error_controller_;
 101     std::string account_id_;
 102     GoogleServiceAuthError last_auth_error_;
 103
 104     DISALLOW_COPY_AND_ASSIGN(AccountStatus);
 105   };
 106
 107   // Maps the |account_id| of accounts known to ProfileOAuth2TokenService
 108   // to information about the account.
 109   typedef std::map<std::string, linked_ptr<AccountStatus>> AccountStatusMap;
 110
 111   // Returns the account ids that should be ignored by this token service.
 112   std::set<std::string> GetExcludedSecondaryAccounts();
 113
 114   // Returns true if this token service should exclude all secondary accounts.
 115   bool GetExcludeAllSecondaryAccounts();
 116
 117   // Clears exclude secondary accounts preferences.
 118   void ClearExcludedSecondaryAccounts();
 119
 120   // Returns true if the account having GAIA id |gaia| and email |email| is
 121   // excluded.
 122   bool IsAccountExcluded(const std::string& gaia,
 123                          const std::string& email,
 124                          const std::set<std::string>& excluded_account_ids);
 125
 126   // Migrates the excluded secondary accounts from emails to account ids.
 127   void MigrateExcludedSecondaryAccountIds();
 128
 129   // The primary account id.
 130   std::string primary_account_id_;
 131
 132   // Info about the existing accounts.
 133   AccountStatusMap accounts_;
 134
 135   // Calls to this class are expected to be made from the browser UI thread.
 136   // The purpose of this checker is to detect access to
 137   // ProfileOAuth2TokenService from multiple threads in upstream code.
 138   base::ThreadChecker thread_checker_;
 139
 140   // The client with which this instance was initialied, or NULL.
 141   SigninClient* client_;
 142   ProfileOAuth2TokenServiceIOSProvider* provider_;
 143   AccountTrackerService* account_tracker_service_;
 144
 145   // The error controller with which this instance was initialized, or NULL.
 146   SigninErrorController* signin_error_controller_;
 147
 148   DISALLOW_COPY_AND_ASSIGN(ProfileOAuth2TokenServiceIOSDelegate);
 149 };
 150 #endif  // COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_DELEGATE_H_