Move the token validation from DeviceO2TSDelegate to DeviceO2TS

This CL is a part of moving access token management to
OAuth2AccessTokenManager.

It is specifically a step toward folding
DeviceO2TSDelegate into DeviceO2TS now that the latter
is no longer an O2TS subclass.

It moves the code for the token validation including
StartValidation() and RequestValidation(). DeviceO2TS
inherits from gaia::GaiaOAuthClient::Delegate and
implements methods. When StartValidation() is called,
it creates |gaia_oauth_client_| with |this| and gets
errors or responses.

Bug: 967598
Change-Id: I268e1a7f2909f77170279e178c95c354a45ca1a9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1697126
Commit-Queue: Julie Jeongeun Kim <jkim@igalia.com>
Reviewed-by: Colin Blundell <blundell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#676368}

chrome/browser/chromeos/settings/device_oauth2_token_service.h

@@ -14,6 +14,7 @@
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chrome/browser/chromeos/settings/device_oauth2_token_service_delegate.h"
 #include "google_apis/gaia/core_account_id.h"
+#include "google_apis/gaia/gaia_oauth_client.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "google_apis/gaia/oauth2_access_token_consumer.h"
 #include "google_apis/gaia/oauth2_access_token_manager.h"
@@ -36,6 +37,7 @@ namespace chromeos {
 // Note that requests must be made from the UI thread.
 class DeviceOAuth2TokenService
     : public OAuth2AccessTokenManager::Delegate,
+      public gaia::GaiaOAuthClient::Delegate,
       public DeviceOAuth2TokenServiceDelegate::ValidationStatusDelegate {
  public:
   typedef base::RepeatingCallback<void(const CoreAccountId& /* account_id */)>
@@ -94,6 +96,14 @@ class DeviceOAuth2TokenService
 
   OAuth2AccessTokenManager* GetAccessTokenManager();
 
+  // gaia::GaiaOAuthClient::Delegate implementation.
+  void OnRefreshTokenResponse(const std::string& access_token,
+                              int expires_in_seconds) override;
+  void OnGetTokenInfoResponse(
+      std::unique_ptr<base::DictionaryValue> token_info) override;
+  void OnOAuthError() override;
+  void OnNetworkError(int response_code) override;
+
  private:
   // TODO(https://crbug.com/967598): Merge DeviceOAuth2TokenServiceDelegate
   // into DeviceOAuth2TokenService.
@@ -102,6 +112,22 @@ class DeviceOAuth2TokenService
   friend class DeviceOAuth2TokenServiceTest;
   struct PendingRequest;
 
+  // Describes the operational state of this object.
+  enum State {
+    // Pending system salt / refresh token load.
+    STATE_LOADING,
+    // No token available.
+    STATE_NO_TOKEN,
+    // System salt loaded, validation not started yet.
+    STATE_VALIDATION_PENDING,
+    // Refresh token validation underway.
+    STATE_VALIDATION_STARTED,
+    // Token validation failed.
+    STATE_TOKEN_INVALID,
+    // Refresh token is valid.
+    STATE_TOKEN_VALID,
+  };
+
   // OAuth2AccessTokenManager::Delegate:
   std::unique_ptr<OAuth2AccessTokenFetcher> CreateAccessTokenFetcher(
       const CoreAccountId& account_id,
@@ -121,6 +147,9 @@ class DeviceOAuth2TokenService
   void FireRefreshTokenAvailable(const CoreAccountId& account_id);
   void FireRefreshTokenRevoked(const CoreAccountId& account_id);
 
+  void InitializeWithValidationStatusDelegate(
+      ValidationStatusDelegate* delegate);
+  void ClearValidationStatusDelegate();
   // Implementation of
   // DeviceOAuth2TokenServiceDelegate::ValidationStatusDelegate.
   void OnValidationCompleted(GoogleServiceAuthError::State error) override;
@@ -142,6 +171,11 @@ class DeviceOAuth2TokenService
   // Returns a list of accounts based on |state_|.
   std::vector<CoreAccountId> GetAccounts() const;
 
+  // Starts the token validation flow, i.e. token info fetch.
+  void StartValidation();
+
+  void RequestValidation();
+
   // Invoked by CrosSettings when the robot account ID becomes available.
   void OnServiceAccountIdentityChanged();
 
@@ -162,6 +196,8 @@ class DeviceOAuth2TokenService
   // Flushes |token_save_callbacks_|, indicating the specified result.
   void FlushTokenSaveCallbacks(bool result);
 
+  void ReportServiceError(GoogleServiceAuthError::State error);
+
   // TODO(https://crbug.com/967598): Merge DeviceOAuth2TokenServiceDelegate
   // into DeviceOAuth2TokenService.
   std::unique_ptr<DeviceOAuth2TokenServiceDelegate> delegate_;
@@ -177,10 +213,8 @@ class DeviceOAuth2TokenService
 
   PrefService* local_state_;
 
-  std::unique_ptr<CrosSettings::ObserverSubscription>
-      service_account_identity_subscription_;
-
-  CoreAccountId robot_account_id_for_testing_;
+  // Current operational state.
+  State state_;
 
   // Token save callbacks waiting to be completed.
   std::vector<StatusCallback> token_save_callbacks_;
@@ -188,9 +222,24 @@ class DeviceOAuth2TokenService
   // The system salt for encrypting and decrypting the refresh token.
   std::string system_salt_;
 
+  int max_refresh_token_validation_retries_;
+
+  // Flag to indicate whether there are pending requests.
+  bool validation_requested_;
+
+  // Validation status delegate
+  ValidationStatusDelegate* validation_status_delegate_;
+
   // Cache the decrypted refresh token, so we only decrypt once.
   std::string refresh_token_;
 
+  std::unique_ptr<gaia::GaiaOAuthClient> gaia_oauth_client_;
+
+  std::unique_ptr<CrosSettings::ObserverSubscription>
+      service_account_identity_subscription_;
+
+  CoreAccountId robot_account_id_for_testing_;
+
   base::WeakPtrFactory<DeviceOAuth2TokenService> weak_ptr_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(DeviceOAuth2TokenService);

chrome/browser/chromeos/settings/device_oauth2_token_service_delegate.cc

@@ -8,8 +8,6 @@
 
 #include "base/values.h"
 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h"
-#include "google_apis/gaia/gaia_constants.h"
-#include "google_apis/gaia/gaia_urls.h"
 #include "google_apis/gaia/oauth2_access_token_fetcher_impl.h"
 #include "services/network/public/cpp/shared_url_loader_factory.h"
 
@@ -19,46 +17,10 @@ DeviceOAuth2TokenServiceDelegate::DeviceOAuth2TokenServiceDelegate(
     scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory,
     DeviceOAuth2TokenService* service)
     : url_loader_factory_(url_loader_factory),
-      state_(STATE_LOADING),
-      max_refresh_token_validation_retries_(3),
-      validation_requested_(false),
-      validation_status_delegate_(nullptr),
       service_(service) {}
 
 DeviceOAuth2TokenServiceDelegate::~DeviceOAuth2TokenServiceDelegate() = default;
 
-void DeviceOAuth2TokenServiceDelegate::OnRefreshTokenResponse(
-    const std::string& access_token,
-    int expires_in_seconds) {
-  gaia_oauth_client_->GetTokenInfo(access_token,
-                                   max_refresh_token_validation_retries_, this);
-}
-
-void DeviceOAuth2TokenServiceDelegate::OnGetTokenInfoResponse(
-    std::unique_ptr<base::DictionaryValue> token_info) {
-  std::string gaia_robot_id;
-  // For robot accounts email id is the account id.
-  token_info->GetString("email", &gaia_robot_id);
-  gaia_oauth_client_.reset();
-
-  service_->CheckRobotAccountId(CoreAccountId(gaia_robot_id));
-}
-
-void DeviceOAuth2TokenServiceDelegate::OnOAuthError() {
-  gaia_oauth_client_.reset();
-  state_ = STATE_TOKEN_INVALID;
-  ReportServiceError(GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);
-}
-
-void DeviceOAuth2TokenServiceDelegate::OnNetworkError(int response_code) {
-  gaia_oauth_client_.reset();
-
-  // Go back to pending validation state. That'll allow a retry on subsequent
-  // token minting requests.
-  state_ = STATE_VALIDATION_PENDING;
-  ReportServiceError(GoogleServiceAuthError::CONNECTION_FAILED);
-}
-
 scoped_refptr<network::SharedURLLoaderFactory>
 DeviceOAuth2TokenServiceDelegate::GetURLLoaderFactory() const {
   return url_loader_factory_;
@@ -75,44 +37,4 @@ DeviceOAuth2TokenServiceDelegate::CreateAccessTokenFetcher(
       consumer, url_loader_factory, refresh_token);
 }
 
-void DeviceOAuth2TokenServiceDelegate::StartValidation() {
-  DCHECK_EQ(state_, STATE_VALIDATION_PENDING);
-  DCHECK(!gaia_oauth_client_);
-
-  state_ = STATE_VALIDATION_STARTED;
-
-  gaia_oauth_client_ =
-      std::make_unique<gaia::GaiaOAuthClient>(url_loader_factory_);
-
-  GaiaUrls* gaia_urls = GaiaUrls::GetInstance();
-  gaia::OAuthClientInfo client_info;
-  client_info.client_id = gaia_urls->oauth2_chrome_client_id();
-  client_info.client_secret = gaia_urls->oauth2_chrome_client_secret();
-
-  gaia_oauth_client_->RefreshToken(
-      client_info, service_->refresh_token_,
-      std::vector<std::string>(1, GaiaConstants::kOAuthWrapBridgeUserInfoScope),
-      max_refresh_token_validation_retries_, this);
-}
-
-void DeviceOAuth2TokenServiceDelegate::RequestValidation() {
-  validation_requested_ = true;
-}
-
-void DeviceOAuth2TokenServiceDelegate::InitializeWithValidationStatusDelegate(
-    ValidationStatusDelegate* delegate) {
-  validation_status_delegate_ = delegate;
-}
-
-void DeviceOAuth2TokenServiceDelegate::ClearValidationStatusDelegate() {
-  validation_status_delegate_ = nullptr;
-}
-
-void DeviceOAuth2TokenServiceDelegate::ReportServiceError(
-    GoogleServiceAuthError::State error) {
-  if (validation_status_delegate_) {
-    validation_status_delegate_->OnValidationCompleted(error);
-  }
-}
-
 }  // namespace chromeos

chrome/browser/chromeos/settings/device_oauth2_token_service_delegate.h

@@ -11,13 +11,8 @@
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "google_apis/gaia/core_account_id.h"
-#include "google_apis/gaia/gaia_oauth_client.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 
-namespace gaia {
-class GaiaOAuthClient;
-}
-
 namespace network {
 class SharedURLLoaderFactory;
 }
@@ -29,13 +24,12 @@ namespace chromeos {
 
 class DeviceOAuth2TokenService;
 
-class DeviceOAuth2TokenServiceDelegate
-    : public gaia::GaiaOAuthClient::Delegate {
+class DeviceOAuth2TokenServiceDelegate {
  public:
   DeviceOAuth2TokenServiceDelegate(
       scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory,
       DeviceOAuth2TokenService* service);
-  ~DeviceOAuth2TokenServiceDelegate() override;
+  ~DeviceOAuth2TokenServiceDelegate();
 
   scoped_refptr<network::SharedURLLoaderFactory> GetURLLoaderFactory() const;
   std::unique_ptr<OAuth2AccessTokenFetcher> CreateAccessTokenFetcher(
@@ -43,14 +37,6 @@ class DeviceOAuth2TokenServiceDelegate
       scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory,
       OAuth2AccessTokenConsumer* consumer);
 
-  // gaia::GaiaOAuthClient::Delegate implementation.
-  void OnRefreshTokenResponse(const std::string& access_token,
-                              int expires_in_seconds) override;
-  void OnGetTokenInfoResponse(
-      std::unique_ptr<base::DictionaryValue> token_info) override;
-  void OnOAuthError() override;
-  void OnNetworkError(int response_code) override;
-
   class ValidationStatusDelegate {
    public:
     virtual void OnValidationCompleted(GoogleServiceAuthError::State error) {}
@@ -60,49 +46,9 @@ class DeviceOAuth2TokenServiceDelegate
   friend class DeviceOAuth2TokenService;
   friend class DeviceOAuth2TokenServiceTest;
 
-  // Describes the operational state of this object.
-  enum State {
-    // Pending system salt / refresh token load.
-    STATE_LOADING,
-    // No token available.
-    STATE_NO_TOKEN,
-    // System salt loaded, validation not started yet.
-    STATE_VALIDATION_PENDING,
-    // Refresh token validation underway.
-    STATE_VALIDATION_STARTED,
-    // Token validation failed.
-    STATE_TOKEN_INVALID,
-    // Refresh token is valid.
-    STATE_TOKEN_VALID,
-  };
-
-  // Starts the token validation flow, i.e. token info fetch.
-  void StartValidation();
-
-  void RequestValidation();
-
-  void InitializeWithValidationStatusDelegate(
-      ValidationStatusDelegate* delegate);
-  void ClearValidationStatusDelegate();
-
-  void ReportServiceError(GoogleServiceAuthError::State error);
-
   // Dependencies.
   scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory_;
 
-  // Current operational state.
-  State state_;
-
-  int max_refresh_token_validation_retries_;
-
-  // Flag to indicate whether there are pending requests.
-  bool validation_requested_;
-
-  // Validation status delegate
-  ValidationStatusDelegate* validation_status_delegate_;
-
-  std::unique_ptr<gaia::GaiaOAuthClient> gaia_oauth_client_;
-
   // TODO(https://crbug.com/967598): Completely merge this class into
   // DeviceOAuth2TokenService.
   DeviceOAuth2TokenService* service_;

chrome/browser/chromeos/settings/device_oauth2_token_service_unittest.cc

@@ -108,7 +108,7 @@ class DeviceOAuth2TokenServiceTest : public testing::Test {
     oauth2_service_.reset(new DeviceOAuth2TokenService(
         test_url_loader_factory_.GetSafeWeakWrapper(),
         scoped_testing_local_state_.Get()));
-    oauth2_service_->delegate_->max_refresh_token_validation_retries_ = 0;
+    oauth2_service_->max_refresh_token_validation_retries_ = 0;
     oauth2_service_->GetAccessTokenManager()
         ->set_max_authorization_token_fetch_retries_for_testing(0);
   }