Network traffic annotation added to google_apis/gaia.

Network traffic annotation is added to network requests of google_apis/gaia/gaia_oauth_client.cc google_apis/gaia/oauth2_access_token_fetcher_impl.cc BUG=656607 Review-Url: https://codereview.chromium.org/2796293003 Cr-Commit-Position: refs/heads/master@{#476214}

Network traffic annotation added to google_apis/gaia.
Network traffic annotation is added to network requests of google_apis/gaia/gaia_oauth_client.cc google_apis/gaia/oauth2_access_token_fetcher_impl.cc BUG=656607 Review-Url: https://codereview.chromium.org/2796293003 Cr-Commit-Position: refs/heads/master@{#476214}
147280e2 · rhalavati · Commit Bot · 8c2a1a92 · 147280e2 · 147280e2
Commit 147280e2 authored May 31, 2017 by rhalavati Committed by Commit Bot Jun 01, 2017
Showing with 164 additions and 16 deletions

google_apis/gaia/gaia_oauth_client.cc google_apis/gaia/gaia_oauth_client.cc +134 -15

google_apis/gaia/oauth2_access_token_fetcher_impl.cc google_apis/gaia/oauth2_access_token_fetcher_impl.cc +30 -1

No files found.
--- a/google_apis/gaia/gaia_oauth_client.cc
+++ b/google_apis/gaia/gaia_oauth_client.cc
@@ -16,6 +16,7 @@
 #include "net/base/escape.h"
 #include "net/base/load_flags.h"
 #include "net/http/http_status_code.h"
+#include "net/traffic_annotation/network_traffic_annotation.h"
 #include "net/url_request/url_fetcher.h"
 #include "net/url_request/url_fetcher_delegate.h"
 #include "net/url_request/url_request_context_getter.h"
@@ -89,10 +90,12 @@ class GaiaOAuthClient::Core
                       const std::string& oauth_access_token,
                       int max_retries,
                       Delegate* delegate);
-  void MakeGaiaRequest(const GURL& url,
+  void MakeGaiaRequest(
-                       const std::string& post_body,
+      const GURL& url,
-                       int max_retries,
+      const std::string& post_body,
-                       GaiaOAuthClient::Delegate* delegate);
+      int max_retries,
+      GaiaOAuthClient::Delegate* delegate,
+      const net::NetworkTrafficAnnotationTag& traffic_annotation);
  void HandleResponse(const net::URLFetcher* source,
                      bool* should_retry_request);
@@ -119,8 +122,38 @@ void GaiaOAuthClient::Core::GetTokensFromAuthCode(
      "&redirect_uri=" +
      net::EscapeUrlEncodedData(oauth_client_info.redirect_uri, true) +
      "&grant_type=authorization_code";
-  MakeGaiaRequest(GURL(GaiaUrls::GetInstance()->oauth2_token_url()),
+  net::NetworkTrafficAnnotationTag traffic_annotation =
-                  post_body, max_retries, delegate);
+      net::DefineNetworkTrafficAnnotation("gaia_oauth_client_get_tokens", R"(
+        semantics {
+          sender: "OAuth 2.0 calls"
+          description:
+            "This request exchanges an authorization code for an OAuth 2.0 "
+            "refresh token and an OAuth 2.0 access token."
+          trigger:
+            "This request is triggered when a Chrome service requires an "
+            "access token and a refresh token (e.g. Cloud Print, Chrome Remote "
+            "Desktop etc.) See https://developers.google.com/identity/protocols"
+            "/OAuth2 for more information about the Google implementation of "
+            "the OAuth 2.0 protocol."
+          data:
+            "The Google console client ID and client secret of the caller, the "
+            "OAuth authorization code and the redirect URI."
+          destination: GOOGLE_OWNED_SERVICE
+        }
+        policy {
+          cookies_allowed: false
+          setting:
+            "This feature cannot be disabled in settings, but if the user "
+            "signs out of Chrome, this request would not be made."
+          chrome_policy {
+            SigninAllowed {
+              policy_options {mode: MANDATORY}
+              SigninAllowed: false
+            }
+          }
+        })");
+  MakeGaiaRequest(GURL(GaiaUrls::GetInstance()->oauth2_token_url()), post_body,
+                  max_retries, delegate, traffic_annotation);
 }
 void GaiaOAuthClient::Core::RefreshToken(
@@ -144,8 +177,36 @@ void GaiaOAuthClient::Core::RefreshToken(
    post_body += "&scope=" + net::EscapeUrlEncodedData(scopes_string, true);
  }
-  MakeGaiaRequest(GURL(GaiaUrls::GetInstance()->oauth2_token_url()),
+  net::NetworkTrafficAnnotationTag traffic_annotation =
-                  post_body, max_retries, delegate);
+      net::DefineNetworkTrafficAnnotation("gaia_oauth_client_refresh_token", R"(
+        semantics {
+          sender: "OAuth 2.0 calls"
+          description:
+            "This request fetches a fresh access token that can be used to "
+            "authenticate an API call to a Google web endpoint."
+          trigger:
+            "This is called whenever the caller needs a fresh OAuth 2.0 access "
+            "token."
+          data:
+            "The OAuth 2.0 refresh token, the Google console client ID and "
+            "client secret of the caller, and optionally the scopes of the API "
+            "for which the access token should be authorized."
+          destination: GOOGLE_OWNED_SERVICE
+        }
+        policy {
+          cookies_allowed: false
+          setting:
+            "This feature cannot be disabled in settings, but if the user "
+            "signs out of Chrome, this request would not be made."
+          chrome_policy {
+            SigninAllowed {
+              policy_options {mode: MANDATORY}
+              SigninAllowed: false
+            }
+          }
+        })");
+  MakeGaiaRequest(GURL(GaiaUrls::GetInstance()->oauth2_token_url()), post_body,
+                  max_retries, delegate, traffic_annotation);
 }
 void GaiaOAuthClient::Core::GetUserEmail(const std::string& oauth_access_token,
@@ -176,9 +237,36 @@ void GaiaOAuthClient::Core::GetUserInfoImpl(
  request_type_ = type;
  delegate_ = delegate;
  num_retries_ = 0;
+  net::NetworkTrafficAnnotationTag traffic_annotation =
+      net::DefineNetworkTrafficAnnotation("gaia_core_get_user_info", R"(
+        semantics {
+          sender: "OAuth 2.0 calls"
+          description:
+            "This request is used to fetch profile information about the user, "
+            "like the email, the ID of the account, the full name, and the "
+            "profile picture."
+          trigger:
+            "The main trigger for this request is in the AccountTrackerService "
+            "that fetches the user info soon after the user signs in."
+          data:
+            "The OAuth 2.0 access token of the account."
+          destination: GOOGLE_OWNED_SERVICE
+        }
+        policy {
+          cookies_allowed: false
+          setting:
+            "This feature cannot be disabled in settings, but if the user "
+            "signs out of Chrome, this request would not be made."
+          chrome_policy {
+            SigninAllowed {
+              policy_options {mode: MANDATORY}
+              SigninAllowed: false
+            }
+          }
+        })");
  request_ = net::URLFetcher::Create(
      kUrlFetcherId, GURL(GaiaUrls::GetInstance()->oauth_user_info_url()),
-      net::URLFetcher::GET, this);
+      net::URLFetcher::GET, this, traffic_annotation);
  request_->SetRequestContext(request_context_getter_.get());
  request_->AddExtraRequestHeader("Authorization: OAuth " + oauth_access_token);
  request_->SetMaxRetriesOn5xx(max_retries);
@@ -203,22 +291,53 @@ void GaiaOAuthClient::Core::GetTokenInfo(const std::string& qualifier,
  request_type_ = TOKEN_INFO;
  std::string post_body =
      qualifier + "=" + net::EscapeUrlEncodedData(query, true);
+  net::NetworkTrafficAnnotationTag traffic_annotation =
+      net::DefineNetworkTrafficAnnotation("...", R"(
+        semantics {
+          sender: "OAuth 2.0 calls"
+          description:
+            "This request fetches information about an OAuth 2.0 access token. "
+            "The response is a dictionary of response values. The provided "
+            "access token may have any scope, and basic results will be "
+            "returned: issued_to, audience, scope, expires_in, access_type. In "
+            "addition, if the https://www.googleapis.com/auth/userinfo.email "
+            "scope is present, the email and verified_email fields will be "
+            "returned. If the https://www.googleapis.com/auth/userinfo.profile "
+            "scope is present, the user_id field will be returned."
+          trigger:
+            "This is triggered after a Google account is added to the browser. "
+            "It it also triggered after each successful fetch of an OAuth 2.0 "
+            "access token."
+          data: "The OAuth 2.0 access token."
+          destination: GOOGLE_OWNED_SERVICE
+        }
+        policy {
+          cookies_allowed: false
+          setting:
+            "This feature cannot be disabled in settings, but if the user "
+            "signs out of Chrome, this request would not be made."
+          chrome_policy {
+            SigninAllowed {
+              policy_options {mode: MANDATORY}
+              SigninAllowed: false
+            }
+          }
+        })");
  MakeGaiaRequest(GURL(GaiaUrls::GetInstance()->oauth2_token_info_url()),
-                  post_body,
+                  post_body, max_retries, delegate, traffic_annotation);
-                  max_retries,
-                  delegate);
 }
 void GaiaOAuthClient::Core::MakeGaiaRequest(
    const GURL& url,
    const std::string& post_body,
    int max_retries,
-    GaiaOAuthClient::Delegate* delegate) {
+    GaiaOAuthClient::Delegate* delegate,
+    const net::NetworkTrafficAnnotationTag& traffic_annotation) {
  DCHECK(!request_.get()) << "Tried to fetch two things at once!";
  delegate_ = delegate;
  num_retries_ = 0;
-  request_ =
+  request_ = net::URLFetcher::Create(kUrlFetcherId, url, net::URLFetcher::POST,
-      net::URLFetcher::Create(kUrlFetcherId, url, net::URLFetcher::POST, this);
+                                     this, traffic_annotation);
  request_->SetRequestContext(request_context_getter_.get());
  request_->SetUploadData("application/x-www-form-urlencoded", post_body);
  request_->SetMaxRetriesOn5xx(max_retries);

--- a/google_apis/gaia/oauth2_access_token_fetcher_impl.cc
+++ b/google_apis/gaia/oauth2_access_token_fetcher_impl.cc
@@ -21,6 +21,7 @@
 #include "net/base/escape.h"
 #include "net/base/load_flags.h"
 #include "net/http/http_status_code.h"
+#include "net/traffic_annotation/network_traffic_annotation.h"
 #include "net/url_request/url_fetcher.h"
 #include "net/url_request/url_request_context_getter.h"
 #include "net/url_request/url_request_status.h"
@@ -96,8 +97,36 @@ static std::unique_ptr<URLFetcher> CreateFetcher(
    const std::string& body,
    URLFetcherDelegate* delegate) {
  bool empty_body = body.empty();
+  net::NetworkTrafficAnnotationTag traffic_annotation =
+      net::DefineNetworkTrafficAnnotation("oauth2_access_token_fetcher", R"(
+        semantics {
+          sender: "OAuth 2.0 Access Token Fetcher"
+          description:
+            "This request is used by the Token Service to fetch an OAuth 2.0 "
+            "access token for a known Google account."
+          trigger:
+            "This request can be triggered at any moment when any service "
+            "requests an OAuth 2.0 access token from the Token Service."
+          data:
+            "Chrome OAuth 2.0 client id and secret, the set of OAuth 2.0 "
+            "scopes and the OAuth 2.0 refresh token."
+          destination: GOOGLE_OWNED_SERVICE
+        }
+        policy {
+          cookies_allowed: false
+          setting:
+            "This feature cannot be disabled in settings, but if user signs "
+            "out of Chrome, this request would not be made."
+          chrome_policy {
+            SigninAllowed {
+              policy_options {mode: MANDATORY}
+              SigninAllowed: false
+            }
+          }
+        })");
  std::unique_ptr<URLFetcher> result = net::URLFetcher::Create(
-      0, url, empty_body ? URLFetcher::GET : URLFetcher::POST, delegate);
+      0, url, empty_body ? URLFetcher::GET : URLFetcher::POST, delegate,
+      traffic_annotation);
  gaia::MarkURLFetcherAsGaia(result.get());
  result->SetRequestContext(getter);