Don't revoke tokens on logout.

It's no longer possible to revoke individual tokens, which means that signing out of the web-app will cause all of user's hosts to drop off-line. This CL "fixes" this by not revoking tokens at all. Note that users can still hit the OAuth token limit, in which case hosts will start dropping off-line one at a time; this will be addressed by migrating hosts to use robot accounts. BUG=222527 R=rmsousa@chromium.org Review URL: https://codereview.chromium.org/149863002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@247762 0039d316-1c4b-4281-b951-d872f2087c98

Don't revoke tokens on logout.
It's no longer possible to revoke individual tokens, which means that signing out of the web-app will cause all of user's hosts to drop off-line. This CL "fixes" this by not revoking tokens at all. Note that users can still hit the OAuth token limit, in which case hosts will start dropping off-line one at a time; this will be addressed by migrating hosts to use robot accounts. BUG=222527 R=rmsousa@chromium.org Review URL: https://codereview.chromium.org/149863002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@247762 0039d316-1c4b-4281-b951-d872f2087c98
0b2f8f1f · jamiewalch@chromium.org · bfb9e9ab · 0b2f8f1f · 0b2f8f1f · 0b2f8f1f
Commit 0b2f8f1f authored Jan 29, 2014 by jamiewalch@chromium.org
Showing with 4 additions and 80 deletions

remoting/webapp/host_controller.js remoting/webapp/host_controller.js +1 -1

remoting/webapp/oauth2.js remoting/webapp/oauth2.js +3 -45

remoting/webapp/oauth2_api.js remoting/webapp/oauth2_api.js +0 -34

No files found.
--- a/remoting/webapp/host_controller.js
+++ b/remoting/webapp/host_controller.js
@@ -209,7 +209,7 @@ remoting.HostController.prototype.start = function(hostPin, consent, onDone,
            newHostId, hostPin, startHostWithHash.bind(
                null, hostName, publicKey, privateKey,
                remoting.identity.getCachedEmail(),
-                remoting.oauth2.exportRefreshToken()),
+                remoting.oauth2.getRefreshToken()),
          onError);
      }
    } else {

--- a/remoting/webapp/oauth2.js
+++ b/remoting/webapp/oauth2.js
@@ -31,9 +31,6 @@ remoting.OAuth2 = function() {
 /** @private */
 remoting.OAuth2.prototype.KEY_REFRESH_TOKEN_ = 'oauth2-refresh-token';
 /** @private */
-remoting.OAuth2.prototype.KEY_REFRESH_TOKEN_REVOKABLE_ =
-    'oauth2-refresh-token-revokable';
-/** @private */
 remoting.OAuth2.prototype.KEY_ACCESS_TOKEN_ = 'oauth2-access-token';
 /** @private */
 remoting.OAuth2.prototype.KEY_XSRF_TOKEN_ = 'oauth2-xsrf-token';
@@ -78,7 +75,7 @@ remoting.OAuth2.prototype.getOAuth2AuthEndpoint_ = function() {

 /** @return {boolean} True if the app is already authenticated. */
 remoting.OAuth2.prototype.isAuthenticated = function() {
-  if (this.getRefreshToken_()) {
+  if (this.getRefreshToken()) {
    return true;
  }
  return false;
@@ -98,40 +95,20 @@ remoting.OAuth2.prototype.clear = function() {
 /**
 * Sets the refresh token.
 *
- * This method also marks the token as revokable, so that this object will
- * revoke the token when it no longer needs it.
- *
 * @param {string} token The new refresh token.
 * @return {void} Nothing.
 * @private
 */
 remoting.OAuth2.prototype.setRefreshToken_ = function(token) {
  window.localStorage.setItem(this.KEY_REFRESH_TOKEN_, escape(token));
-  window.localStorage.setItem(this.KEY_REFRESH_TOKEN_REVOKABLE_, true);
  window.localStorage.removeItem(this.KEY_EMAIL_);
  this.clearAccessToken_();
 };

 /**
- * Gets the refresh token.
- *
- * This method also marks the refresh token as not revokable, so that this
- * object will not revoke the token when it no longer needs it. After this
- * object has exported the token, it cannot know whether it is still in use
- * when this object no longer needs it.
- *
 * @return {?string} The refresh token, if authenticated, or NULL.
 */
-remoting.OAuth2.prototype.exportRefreshToken = function() {
-  window.localStorage.removeItem(this.KEY_REFRESH_TOKEN_REVOKABLE_);
-  return this.getRefreshToken_();
-};
-
-/**
- * @return {?string} The refresh token, if authenticated, or NULL.
- * @private
- */
-remoting.OAuth2.prototype.getRefreshToken_ = function() {
+remoting.OAuth2.prototype.getRefreshToken = function() {
  var value = window.localStorage.getItem(this.KEY_REFRESH_TOKEN_);
  if (typeof value == 'string') {
    return unescape(value);
@@ -146,11 +123,7 @@ remoting.OAuth2.prototype.getRefreshToken_ = function() {
 * @private
 */
 remoting.OAuth2.prototype.clearRefreshToken_ = function() {
-  if (window.localStorage.getItem(this.KEY_REFRESH_TOKEN_REVOKABLE_)) {
-    this.revokeToken_(this.getRefreshToken_());
-  }
  window.localStorage.removeItem(this.KEY_REFRESH_TOKEN_);
-  window.localStorage.removeItem(this.KEY_REFRESH_TOKEN_REVOKABLE_);
 };

 /**
@@ -337,21 +310,6 @@ remoting.OAuth2.prototype.exchangeCodeForToken = function(code, state, onDone) {
      this.getRedirectUri_());
 };

-/**
- * Revokes a refresh or an access token.
- *
- * @param {string?} token An access or refresh token.
- * @return {void} Nothing.
- * @private
- */
-remoting.OAuth2.prototype.revokeToken_ = function(token) {
-  if (!token || (token.length == 0)) {
-    return;
-  }
-
-  remoting.OAuth2Api.revokeToken(function() {}, function() {}, token);
-};
-
 /**
 * Call a function with an access token, refreshing it first if necessary.
 * The access token will remain valid for at least 2 minutes.
@@ -363,7 +321,7 @@ remoting.OAuth2.prototype.revokeToken_ = function(token) {
 * @return {void} Nothing.
 */
 remoting.OAuth2.prototype.callWithToken = function(onOk, onError) {
-  var refreshToken = this.getRefreshToken_();
+  var refreshToken = this.getRefreshToken();
  if (refreshToken) {
    if (this.needsNewAccessToken_()) {
      remoting.OAuth2Api.refreshAccessToken(

--- a/remoting/webapp/oauth2_api.js
+++ b/remoting/webapp/oauth2_api.js
@@ -23,13 +23,6 @@ remoting.OAuth2Api.getOAuth2TokenEndpoint_ = function() {
  return remoting.settings.OAUTH2_BASE_URL + '/token';
 };

-/** @private
- *  @return {string} OAuth token revocation URL.
- */
-remoting.OAuth2Api.getOAuth2RevokeTokenEndpoint_ = function() {
-  return remoting.settings.OAUTH2_BASE_URL + '/revoke';
-};
-
 /** @private
 *  @return {string} OAuth2 userinfo API URL.
 */
@@ -190,30 +183,3 @@ remoting.OAuth2Api.getEmail = function(onDone, onError, token) {
  remoting.xhr.get(remoting.OAuth2Api.getOAuth2ApiUserInfoEndpoint_(),
                   onResponse, '', headers);
 };
-
-/**
- * Revokes a refresh or an access token.
- *
- * @param {function():void} onDone Callback invoked when the token is
- *     revoked.
- * @param {function(remoting.Error):void} onError Callback invoked if an
- *     error occurs.
- * @param {string} token An access or refresh token.
- * @return {void} Nothing.
- */
-remoting.OAuth2Api.revokeToken = function(onDone, onError, token) {
-  /** @param {XMLHttpRequest} xhr */
-  var onResponse = function(xhr) {
-    if (xhr.status == 200) {
-      onDone();
-    } else {
-      console.error('Failed to revoke token. Status: ' + xhr.status +
-                    ' response: ' + xhr.responseText);
-      onError(remoting.OAuth2Api.interpretXhrStatus_(xhr.status));
-    }
-  };
-
-  var parameters = { 'token': token };
-  remoting.xhr.post(remoting.OAuth2Api.getOAuth2RevokeTokenEndpoint_(),
-                    onResponse, parameters);
-};