chrome/browser/chromeos/policy/user_cloud_policy_token_forwarder.cc

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/policy/user_cloud_policy_token_forwarder.h"
   6
   7 #include "chrome/browser/chrome_notification_types.h"
   8 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"
   9 #include "chrome/browser/signin/profile_oauth2_token_service.h"
  10 #include "components/policy/core/common/cloud/cloud_policy_core.h"
  11 #include "content/public/browser/notification_source.h"
  12 #include "google_apis/gaia/gaia_constants.h"
  13
  14 namespace policy {
  15
  16 UserCloudPolicyTokenForwarder::UserCloudPolicyTokenForwarder(
  17     UserCloudPolicyManagerChromeOS* manager,
  18     ProfileOAuth2TokenService* token_service)
  19     : OAuth2TokenService::Consumer("policy_token_forwarder"),
  20       manager_(manager),
  21       token_service_(token_service) {
  22   // Start by waiting for the CloudPolicyService to be initialized, so that
  23   // we can check if it already has a DMToken or not.
  24   if (manager_->core()->service()->IsInitializationComplete()) {
  25     Initialize();
  26   } else {
  27     manager_->core()->service()->AddObserver(this);
  28   }
  29 }
  30
  31 UserCloudPolicyTokenForwarder::~UserCloudPolicyTokenForwarder() {}
  32
  33 void UserCloudPolicyTokenForwarder::Shutdown() {
  34   request_.reset();
  35   token_service_->RemoveObserver(this);
  36   manager_->core()->service()->RemoveObserver(this);
  37 }
  38
  39 void UserCloudPolicyTokenForwarder::OnRefreshTokenAvailable(
  40     const std::string& account_id) {
  41   RequestAccessToken();
  42 }
  43
  44 void UserCloudPolicyTokenForwarder::OnGetTokenSuccess(
  45     const OAuth2TokenService::Request* request,
  46     const std::string& access_token,
  47     const base::Time& expiration_time) {
  48   manager_->OnAccessTokenAvailable(access_token);
  49   // All done here.
  50   Shutdown();
  51 }
  52
  53 void UserCloudPolicyTokenForwarder::OnGetTokenFailure(
  54     const OAuth2TokenService::Request* request,
  55     const GoogleServiceAuthError& error) {
  56   // This should seldom happen: if the user is signing in for the first time
  57   // then this was an online signin and network errors are unlikely; if the
  58   // user had already signed in before then he should have policy cached, and
  59   // RequestAccessToken() wouldn't have been invoked.
  60   // Still, something just went wrong (server 500, or something). Currently
  61   // we don't recover in this case, and we'll just try to register for policy
  62   // again on the next signin.
  63   // TODO(joaodasilva, atwilson): consider blocking signin when this happens,
  64   // so that the user has to try again before getting into the session. That
  65   // would guarantee that a session always has fresh policy, or at least
  66   // enforces a cached policy.
  67   Shutdown();
  68 }
  69
  70 void UserCloudPolicyTokenForwarder::OnInitializationCompleted(
  71     CloudPolicyService* service) {
  72   Initialize();
  73 }
  74
  75 void UserCloudPolicyTokenForwarder::Initialize() {
  76   if (manager_->IsClientRegistered()) {
  77     // We already have a DMToken, so no need to ask for an access token.
  78     // All done here.
  79     Shutdown();
  80     return;
  81   }
  82
  83   if (token_service_->RefreshTokenIsAvailable(
  84           token_service_->GetPrimaryAccountId()))
  85     RequestAccessToken();
  86   else
  87     token_service_->AddObserver(this);
  88 }
  89
  90 void UserCloudPolicyTokenForwarder::RequestAccessToken() {
  91   OAuth2TokenService::ScopeSet scopes;
  92   scopes.insert(GaiaConstants::kDeviceManagementServiceOAuth);
  93   request_ = token_service_->StartRequest(
  94       token_service_->GetPrimaryAccountId(), scopes, this);
  95 }
  96
  97 }  // namespace policy