Password sync token fetcher implementation.

A new type of token API is introduced to sync password between multiple ChromeOS devices. On a password change event createToken operation will invalidate the old token, create and fetch a new one. CrOS devices will monitor the state of a global token by sending verifyToken requests and, when local token copy will be identfied as invalid, initiate online re-auth flow to sync the credentials. This cl implements basic interactions with the backend service. Bug: 1090341 Change-Id: I5b2a0d66775e8fd9d5f36eb3c7788241cb76bc1c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2299352 Commit-Queue: Maciek Slusarczyk <mslus@chromium.org> Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org> Reviewed-by: Denis Kuznetsov [CET] <antrim@chromium.org> Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Reviewed-by: Maksim Ivanov <emaxx@chromium.org> Cr-Commit-Position: refs/heads/master@{#795909}

Password sync token fetcher implementation.
A new type of token API is introduced to sync password between multiple ChromeOS devices. On a password change event createToken operation will invalidate the old token, create and fetch a new one. CrOS devices will monitor the state of a global token by sending verifyToken requests and, when local token copy will be identfied as invalid, initiate online re-auth flow to sync the credentials. This cl implements basic interactions with the backend service. Bug: 1090341 Change-Id: I5b2a0d66775e8fd9d5f36eb3c7788241cb76bc1c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2299352 Commit-Queue: Maciek Slusarczyk <mslus@chromium.org> Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org> Reviewed-by: Denis Kuznetsov [CET] <antrim@chromium.org> Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Reviewed-by: Maksim Ivanov <emaxx@chromium.org> Cr-Commit-Position: refs/heads/master@{#795909}
eaf8ba96 · Maciek Slusarczyk · Commit Bot · 9ed8a90f · eaf8ba96 · eaf8ba96
Commit eaf8ba96 authored Aug 07, 2020 by Maciek Slusarczyk Committed by Commit Bot Aug 07, 2020
3 changed files
--- a/chrome/browser/chromeos/BUILD.gn
+++ b/chrome/browser/chromeos/BUILD.gn
@@ -1559,6 +1559,8 @@ source_set("chromeos") {
    "login/saml/in_session_password_sync_manager_factory.h",
    "login/saml/password_expiry_notification.cc",
    "login/saml/password_expiry_notification.h",
+    "login/saml/password_sync_token_fetcher.cc",
+    "login/saml/password_sync_token_fetcher.h",
    "login/saml/public_saml_url_fetcher.cc",
    "login/saml/public_saml_url_fetcher.h",
    "login/saml/saml_metric_utils.cc",

--- a/chrome/browser/chromeos/login/saml/password_sync_token_fetcher.cc
+++ b/chrome/browser/chromeos/login/saml/password_sync_token_fetcher.cc
--- a/chrome/browser/chromeos/login/saml/password_sync_token_fetcher.h
+++ b/chrome/browser/chromeos/login/saml/password_sync_token_fetcher.h
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_SAML_PASSWORD_SYNC_TOKEN_FETCHER_H_
+#define CHROME_BROWSER_CHROMEOS_LOGIN_SAML_PASSWORD_SYNC_TOKEN_FETCHER_H_
+
+#include <memory>
+#include <string>
+
+#include "base/callback.h"
+#include "base/macros.h"
+#include "base/memory/weak_ptr.h"
+#include "base/values.h"
+#include "components/signin/public/identity_manager/access_token_info.h"
+#include "google_apis/gaia/google_service_auth_error.h"
+
+class Profile;
+
+namespace network {
+class SimpleURLLoader;
+class SharedURLLoaderFactory;
+}  // namespace network
+
+namespace signin {
+class PrimaryAccountAccessTokenFetcher;
+}  // namespace signin
+
+namespace chromeos {
+
+// A simple fetcher object that interacts with the sync token API in order to
+// create a new token, get one or verify validity of its local copy.
+// The instance is not reusable, so for each StartToken(), the instance must be
+// re-created. Deleting the instance cancels inflight operation.
+class PasswordSyncTokenFetcher final {
+ public:
+  enum class RequestType { kNone, kCreateToken, kGetToken, kVerifyToken };
+
+  // Error types will be tracked by UMA histograms.
+  // TODO(crbug.com/1112896)
+  enum class ErrorType {
+    kMissingAccessToken,
+    kRequestBodyNotSerialized,
+    kServerError,
+    kInvalidJson,
+    kNotJsonDict,
+    kCreateNoToken,
+    kGetNoList,
+    kGetNoToken
+  };
+
+  class Consumer {
+   public:
+    Consumer();
+    virtual ~Consumer();
+
+    virtual void OnTokenCreated(const std::string& sync_token) = 0;
+    virtual void OnTokenFetched(const std::string& sync_token) = 0;
+    virtual void OnTokenVerified(bool is_valid) = 0;
+    virtual void OnApiCallFailed(ErrorType error_type) = 0;
+  };
+
+  PasswordSyncTokenFetcher(
+      scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory,
+      Profile* profile,
+      Consumer* consumer);
+  ~PasswordSyncTokenFetcher();
+
+  void StartTokenCreate();
+  void StartTokenGet();
+  void StartTokenVerify(const std::string& sync_token);
+
+ private:
+  void StartAccessTokenFetch();
+  void OnAccessTokenFetchComplete(GoogleServiceAuthError error,
+                                  signin::AccessTokenInfo token_info);
+  void FetchSyncToken(const std::string& access_token);
+  void OnSimpleLoaderComplete(std::unique_ptr<std::string> response_body);
+  void ProcessValidTokenResponse(std::unique_ptr<base::Value> json_response);
+
+  scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory_;
+  Profile* const profile_;
+  // |consumer_| to call back when this request completes.
+  Consumer* const consumer_;
+
+  std::unique_ptr<network::SimpleURLLoader> simple_url_loader_;
+  std::unique_ptr<signin::PrimaryAccountAccessTokenFetcher>
+      access_token_fetcher_;
+  RequestType request_type_;
+  // Sync token for verification request.
+  std::string sync_token_;
+
+  base::WeakPtrFactory<PasswordSyncTokenFetcher> weak_ptr_factory_{this};
+};
+
+}  // namespace chromeos
+
+#endif  // CHROME_BROWSER_CHROMEOS_LOGIN_SAML_PASSWORD_SYNC_TOKEN_FETCHER_H_