Upstream iOS implementation of ProfileOAuth2TokenService

This CL adds the iOS implementation of the ProfileOAuth2TokenService.

BUG=NONE

Review URL: https://codereview.chromium.org/226643012

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@263008 0039d316-1c4b-4281-b951-d872f2087c98

components/signin.gypi

@@ -103,4 +103,25 @@
       ],
     },
   ],
+  'conditions': [
+    ['OS == "ios"', {
+      'targets': [
+        {
+          'target_name': 'signin_ios_browser',
+          'type': 'static_library',
+          'dependencies': [
+            'signin_core_browser',
+            '../ios/provider/ios_components.gyp:ios_components',
+          ],
+          'include_dirs': [
+            '..',
+          ],
+          'sources': [
+            'signin/ios/browser/profile_oauth2_token_service_ios.h',
+            'signin/ios/browser/profile_oauth2_token_service_ios.mm',
+          ],
+        },
+      ],
+    }],
+  ],
 }

components/signin/core/browser/signin_client.h

@@ -17,6 +17,14 @@ class CanonicalCookie;
 class URLRequestContextGetter;
 }
 
+#if defined(OS_IOS)
+namespace ios {
+// TODO(msarda): http://crbug.com/358544 Remove this iOS specific code from the
+// core SigninClient.
+class ProfileOAuth2TokenServiceIOSProvider;
+}
+#endif
+
 // An interface that needs to be supplied to the Signin component by its
 // embedder.
 class SigninClient {
@@ -57,6 +65,12 @@ class SigninClient {
   // Called when Google signin has succeeded.
   virtual void GoogleSigninSucceeded(const std::string& username,
                                      const std::string& password) {}
+
+#if defined(OS_IOS)
+  // TODO(msarda): http://crbug.com/358544 Remove this iOS specific code from
+  // the core SigninClient.
+  virtual ios::ProfileOAuth2TokenServiceIOSProvider* GetIOSProvider() = 0;
+#endif
 };
 
 #endif  // COMPONENTS_SIGNIN_CORE_BROWSER_SIGNIN_CLIENT_H_

components/signin/core/browser/test_signin_client.cc

@@ -53,3 +53,11 @@ bool TestSigninClient::ShouldMergeSigninCredentialsIntoCookieJar() {
 
 void TestSigninClient::SetCookieChangedCallback(
     const CookieChangedCallback& callback) {}
+
+#if defined(OS_IOS)
+ios::ProfileOAuth2TokenServiceIOSProvider* TestSigninClient::GetIOSProvider() {
+  // Just returns NULL for now. It should be changed to return an
+  // |ios::FakeProfileOAuth2TokenServiceIOSProvider|.
+  return NULL;
+}
+#endif

components/signin/core/browser/test_signin_client.h

@@ -39,6 +39,10 @@ class TestSigninClient : public SigninClient {
   // Returns a TestURLRequestContextGetter.
   virtual net::URLRequestContextGetter* GetURLRequestContext() OVERRIDE;
 
+#if defined(OS_IOS)
+  virtual ios::ProfileOAuth2TokenServiceIOSProvider* GetIOSProvider() OVERRIDE;
+#endif
+
   // Returns true.
   virtual bool ShouldMergeSigninCredentialsIntoCookieJar() OVERRIDE;
 

components/signin/ios/DEPS

+include_rules = [
+  "+ios/public/provider/components/signin",
+]

components/signin/ios/browser/profile_oauth2_token_service_ios.h

+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_
+#define COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_
+
+#include <string>
+
+#include "base/threading/thread_checker.h"
+#include "components/signin/core/browser/mutable_profile_oauth2_token_service.h"
+
+class OAuth2AccessTokenFetcher;
+
+namespace ios{
+class ProfileOAuth2TokenServiceIOSProvider;
+}
+
+// A specialization of ProfileOAuth2TokenService for OS_IOS. It fetches access
+// tokens from the SSOAuth library if the user is signed in using shared
+// authentication or defaults to the parent class
+// |MutableProfileOAuth2TokenService| for pre-SSO signed in users.
+//
+// See |ProfileOAuth2TokenService| for usage details.
+class ProfileOAuth2TokenServiceIOS : public MutableProfileOAuth2TokenService {
+ public:
+  virtual ~ProfileOAuth2TokenServiceIOS();
+
+  // KeyedService
+  virtual void Shutdown() OVERRIDE;
+
+  // OAuth2TokenService
+  virtual bool RefreshTokenIsAvailable(
+      const std::string& account_id) const OVERRIDE;
+
+  virtual void InvalidateOAuth2Token(const std::string& account_id,
+                                     const std::string& client_id,
+                                     const ScopeSet& scopes,
+                                     const std::string& access_token) OVERRIDE;
+
+  // ProfileOAuth2TokenService
+  virtual void Initialize(SigninClient* client) OVERRIDE;
+  virtual void LoadCredentials(const std::string& primary_account_id) OVERRIDE;
+  virtual std::vector<std::string> GetAccounts() OVERRIDE;
+  virtual void UpdateAuthError(const std::string& account_id,
+                               const GoogleServiceAuthError& error) OVERRIDE;
+
+  // This method should not be called when using shared authentication.
+  virtual void UpdateCredentials(const std::string& account_id,
+                                 const std::string& refresh_token) OVERRIDE;
+
+  // Removes all credentials from this instance of |ProfileOAuth2TokenService|,
+  // however, it does not revoke the identities from the device.
+  // Subsequent calls to |RefreshTokenIsAvailable| will return |false|.
+  virtual void RevokeAllCredentials() OVERRIDE;
+
+  // Returns the refresh token for |account_id| .
+  // Must only be called when |ShouldUseIOSSharedAuthentication| returns false.
+  std::string GetRefreshTokenWhenNotUsingSharedAuthentication(
+      const std::string& account_id);
+
+  // Reloads accounts from the provider. Fires |OnRefreshTokenAvailable| for
+  // each new account. Fires |OnRefreshTokenRevoked| for each account that was
+  // removed.
+  void ReloadCredentials();
+
+  // Upgrades to using shared authentication token service.
+  //
+  // Note: If this |ProfileOAuth2TokenServiceIOS| was using the legacy token
+  // service, then this call also revokes all tokens from the parent
+  // |MutableProfileOAuth2TokenService|.
+  void StartUsingSharedAuthentication();
+
+  // Sets |use_legacy_token_service_| to |use_legacy_token_service|.
+  //
+  // Should only be called for testing.
+  void SetUseLegacyTokenServiceForTesting(bool use_legacy_token_service);
+
+  // Revokes the OAuth2 refresh tokens for all accounts from the parent
+  // |MutableProfileOAuth2TokenService|.
+  //
+  // Note: This method should only be called if the legacy pre-SSOAuth token
+  // service is used.
+  void ForceInvalidGrantResponses();
+
+ protected:
+  friend class ProfileOAuth2TokenServiceFactory;
+
+  ProfileOAuth2TokenServiceIOS();
+
+  virtual OAuth2AccessTokenFetcher* CreateAccessTokenFetcher(
+      const std::string& account_id,
+      net::URLRequestContextGetter* getter,
+      OAuth2AccessTokenConsumer* consumer) OVERRIDE;
+
+  // Protected and virtual to be overriden by fake for testing.
+
+  // Adds |account_id| to |accounts_| if it does not exist or udpates
+  // the auth error state of |account_id| if it exists. Fires
+  // |OnRefreshTokenAvailable| if the account info is updated.
+  virtual void AddOrUpdateAccount(const std::string& account_id);
+
+  // Removes |account_id| from |accounts_|. Fires |OnRefreshTokenRevoked|
+  // if the account info is removed.
+  virtual void RemoveAccount(const std::string& account_id);
+
+ private:
+  class AccountInfo : public SigninErrorController::AuthStatusProvider {
+   public:
+    AccountInfo(ProfileOAuth2TokenService* token_service,
+                const std::string& account_id);
+    virtual ~AccountInfo();
+
+    void SetLastAuthError(const GoogleServiceAuthError& error);
+
+    // SigninErrorController::AuthStatusProvider implementation.
+    virtual std::string GetAccountId() const OVERRIDE;
+    virtual GoogleServiceAuthError GetAuthStatus() const OVERRIDE;
+
+   private:
+    ProfileOAuth2TokenService* token_service_;
+    std::string account_id_;
+    GoogleServiceAuthError last_auth_error_;
+
+    DISALLOW_COPY_AND_ASSIGN(AccountInfo);
+  };
+
+  // Maps the |account_id| of accounts known to ProfileOAuth2TokenService
+  // to information about the account.
+  typedef std::map<std::string, linked_ptr<AccountInfo> > AccountInfoMap;
+
+  // MutableProfileOAuth2TokenService
+  virtual std::string GetRefreshToken(
+      const std::string& account_id) const OVERRIDE;
+
+  // Returns the iOS provider;
+  ios::ProfileOAuth2TokenServiceIOSProvider* GetProvider();
+
+  // Info about the existing accounts.
+  AccountInfoMap accounts_;
+
+  // Calls to this class are expected to be made from the browser UI thread.
+  // The purpose of this  this checker is to warn us if the upstream usage of
+  // ProfileOAuth2TokenService ever gets changed to have it be used across
+  // multiple threads.
+  base::ThreadChecker thread_checker_;
+
+  // Whether to use the legacy pre-SSOAuth token service.
+  //
+  // |use_legacy_token_service_| is true iff the provider is not using shared
+  // authentication during |LoadCredentials|. Note that |LoadCredentials| is
+  // called exactly once after the PO2TS initialization iff the user is signed
+  // in.
+  //
+  // If |use_legacy_token_service_| is true, then this
+  // |ProfileOAuth2TokenServiceIOS| delegates all calls to the parent
+  // |MutableProfileOAuth2TokenService|.
+  bool use_legacy_token_service_;
+
+  DISALLOW_COPY_AND_ASSIGN(ProfileOAuth2TokenServiceIOS);
+};
+
+#endif  // COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_

ios/provider/ios_components.gyp

+# Copyright 2014 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+{
+  'variables': {
+    'chromium_code': 1,
+   },
+  'targets': [
+    {
+      'target_name': 'ios_components',
+      'type': 'none',
+      'include_dirs': [
+        '../..',
+      ],
+      'sources': [
+        '../public/provider/components/signin/browser/profile_oauth2_token_service_ios_provider.h',
+      ] 
+    },
+  ],
+}

ios/public/DEPS

-include_rules = [
-  # The public interfaces cannot reference Chromium code, so all allowances
-  # that the top-level DEPS file introduces are removed here. This list should
-  # be kept in sync with src/DEPS.
-  "-base",
-  "-build",
-  "-library_loaders",
-  "-testing",
-  "-third_party/icu/source/common/unicode",
-  "-third_party/icu/source/i18n/unicode",
-  "-url",
-]

ios/public/provider/components/signin/browser/profile_oauth2_token_service_ios_provider.h

+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_PUBLIC_PROVIDER_COMPONENTS_SIGNIN_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_PROVIDER_H_
+#define IOS_PUBLIC_PROVIDER_COMPONENTS_SIGNIN_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_PROVIDER_H_
+
+#if defined(__OBJC__)
+@class NSDate;
+@class NSError;
+@class NSString;
+#else
+class NSDate;
+class NSError;
+class NSString;
+#endif  // defined(__OBJC__)
+
+#include <set>
+#include <string>
+#include <vector>
+
+#include "base/callback.h"
+
+namespace ios {
+
+enum AuthenticationErrorCategory {
+  // Unknown errors.
+  kAuthenticationErrorCategoryUnknownErrors,
+  // Authorization errors.
+  kAuthenticationErrorCategoryAuthorizationErrors,
+  // Authorization errors with HTTP_FORBIDDEN (403) error code.
+  kAuthenticationErrorCategoryAuthorizationForbiddenErrors,
+  // Network server errors includes parsing error and should be treated as
+  // transient/offline errors.
+  kAuthenticationErrorCategoryNetworkServerErrors,
+  // User cancellation errors should be handled by treating them as a no-op.
+  kAuthenticationErrorCategoryUserCancellationErrors,
+  // User identity not found errors.
+  kAuthenticationErrorCategoryUnknownIdentityErrors,
+};
+
+// Interface that provides support for ProfileOAuth2TokenServiceIOS.
+class ProfileOAuth2TokenServiceIOSProvider {
+ public:
+  typedef base::Callback<void(NSString* token,
+                              NSDate* expiration,
+                              NSError* error)> AccessTokenCallback;
+
+  ProfileOAuth2TokenServiceIOSProvider() {};
+  virtual ~ProfileOAuth2TokenServiceIOSProvider() {};
+
+  // Returns whether authentication is using the shared authentication library.
+  virtual bool IsUsingSharedAuthentication() const = 0;
+
+  // Initializes the shared authentication library. This method should be called
+  // when loading credentials if the user is signed in to Chrome via the shared
+  // authentication library.
+  virtual void InitializeSharedAuthentication() = 0;
+
+  // Returns the ids of all accounts.
+  virtual std::vector<std::string> GetAllAccountIds() = 0;
+
+  // Starts fetching an access token for the account with id |account_id| with
+  // the given |scopes|. Once the token is obtained, |callback| is called.
+  virtual void GetAccessToken(const std::string& account_id,
+                              const std::string& client_id,
+                              const std::string& client_secret,
+                              const std::set<std::string>& scopes,
+                              const AccessTokenCallback& callback) = 0;
+
+  // Returns the authentication error category of |error|.
+  virtual AuthenticationErrorCategory GetAuthenticationErrorCategory(
+      NSError* error) const = 0;
+};
+
+}  // namespace ios
+
+#endif  // IOS_PUBLIC_PROVIDER_COMPONENTS_SIGNIN_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_PROVIDER_H_